From nobody Wed Jun 28 13:15:35 2023
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QrhsM6Gwfz4k1mn;
	Wed, 28 Jun 2023 13:15:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QrhsM5qQKz4S8v;
	Wed, 28 Jun 2023 13:15:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1687958135;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=6q3mM3CD7a7BURJ60wtta9znKMa3+h7H+cr129HdpP8=;
	b=A091RKV7bDs2TKfgWGqGyfBKshk2sbHgKBqOXqURPkaUkTYzuUgY0Ih16wTwCvPVoslWGB
	GDszoYOlbXeV2ZAu8tBYKp0++zjer+Nvwq5yQ7fUQzwAqhp4WeWSMEXsuVRQOIVLu/BIgF
	ae6U2dORn2JpdUAcAtSvMy+xsAbYwdNJPm3s6QlOPHgAoCnG295p0yqOMUz8CEJkVQHDi7
	8UYA5dI+DyofJtA6ec4cvrl8w1Bi3WH5ZTtiPp3Ljm+BJi8B3MqfD+G5niiyCcVOAUdbEJ
	+4a4Ek3yQiggdoydMxJqKLxdx8RSpUm2iWAwBHmAUuaOHkufhoCXYAOSWkJ26A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1687958135;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=6q3mM3CD7a7BURJ60wtta9znKMa3+h7H+cr129HdpP8=;
	b=xYQuCrhNSojuq/eqmHhRdqiJz26siQRFRYcp5zTcSlHptkYm4bKeVgOWbgLIy6PxpU4Jkm
	+i0dIOFCfpEdnKuGVVLEbRuVWxEtTijZ614xEOuZ934CHR36pSWVyKd5j39/PA/Wv5d+QZ
	x4jN2OSp4KT6i8v2nqUvoNVFhxnzwS2Ma/z8zLzox6DdEHpJXkEvAtrY/Z5Xe1M5Cy5ZqQ
	dRoZLSO2gDB7ySqsxAcJZ3jaPTrnKgBc2KylZOqzWE9bmBBtFokkueiadnOUtRe/i6m+Fd
	ACRVY7nCb7gGBq7mcDC16TjJgn8aCzRiDPmK8mam0Xhcw8eQieRxbjhyvT2dmA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687958135; a=rsa-sha256; cv=none;
	b=a9VS//g0rkrlOmCgEA0wGKTx/gYko6hiIghzoFnNjazAfxfMTTbaj0poT09FYXwwdma1Kr
	MYAxLx5i0T5E6xpDzyztmROdUKv+vHudv7HGolaxbTuVIwusdIljXdvC2jFmPcOwQT4WoC
	rosmiThybyBAoFAIdaYC3tMbETDmGZX8ay85T7EL34BseQ+ICqpuBk7r9AF5IDYU6Kwksp
	fFzpY+/BVaBCHWmRZQCW/o392HzPbktYOi8m4ty5lB93OWVTghx2KlX5E9sR+l6CrGqLOm
	GbliaumCBEUPCEQhIPlJUUgCdVBvBmFWrzUTx5bUxF92XFf0/9l7hM7JV52Z+g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QrhsM4tZ4zZp0;
	Wed, 28 Jun 2023 13:15:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35SDFZdx010281;
	Wed, 28 Jun 2023 13:15:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35SDFZ3P010280;
	Wed, 28 Jun 2023 13:15:35 GMT
	(envelope-from git)
Date: Wed, 28 Jun 2023 13:15:35 GMT
Message-Id: <202306281315.35SDFZ3P010280@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Guido Falsi <madpilot@FreeBSD.org>
Subject: git: f5a90d3138c8 - main - security/xca: Fix with OpenSSL 3 in head.
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: madpilot
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: f5a90d3138c8d98e85003c0c54459a8a947ed5bc
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by madpilot:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f5a90d3138c8d98e85003c0c54459a8a947ed5bc

commit f5a90d3138c8d98e85003c0c54459a8a947ed5bc
Author:     Guido Falsi <madpilot@FreeBSD.org>
AuthorDate: 2023-06-28 13:15:01 +0000
Commit:     Guido Falsi <madpilot@FreeBSD.org>
CommitDate: 2023-06-28 13:15:01 +0000

    security/xca: Fix with OpenSSL 3 in head.
    
    Obtained from:  upstream commits
---
 security/xca/files/patch-lib_pkcs11.cpp     | 32 ++++++++++++++
 security/xca/files/patch-lib_pki__evp.cpp   | 33 +++++++++++++++
 security/xca/files/patch-lib_pki__key.cpp   | 65 +++++++++++++++++++++++++++++
 security/xca/files/patch-lib_pki__scard.cpp | 30 +++++++++++++
 4 files changed, 160 insertions(+)

diff --git a/security/xca/files/patch-lib_pkcs11.cpp b/security/xca/files/patch-lib_pkcs11.cpp
new file mode 100644
index 000000000000..caba1dcc1f47
--- /dev/null
+++ b/security/xca/files/patch-lib_pkcs11.cpp
@@ -0,0 +1,32 @@
+--- lib/pkcs11.cpp.orig	2021-05-07 20:40:29 UTC
++++ lib/pkcs11.cpp
+@@ -840,8 +840,7 @@ EVP_PKEY *pkcs11::getPrivateKey(EVP_PKEY *pub, CK_OBJE
+ 
+ 	switch (EVP_PKEY_type(keytype)) {
+ 	case EVP_PKEY_RSA:
+-		rsa = EVP_PKEY_get0_RSA(pub);
+-		rsa = RSAPublicKey_dup(rsa);
++		rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pub));
+ 		openssl_error();
+ 		if (!rsa_meth) {
+ #if OPENSSL_VERSION_NUMBER >= 0x1010000L
+@@ -865,8 +864,7 @@ EVP_PKEY *pkcs11::getPrivateKey(EVP_PKEY *pub, CK_OBJE
+ 		EVP_PKEY_assign_RSA(evp, rsa);
+ 		break;
+ 	case EVP_PKEY_DSA:
+-		dsa = EVP_PKEY_get0_DSA(pub);
+-		dsa = DSAparams_dup(dsa);
++		dsa = DSAparams_dup(EVP_PKEY_get0_DSA(pub));
+ 		openssl_error();
+ 		if (!dsa_meth) {
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+@@ -889,8 +887,7 @@ EVP_PKEY *pkcs11::getPrivateKey(EVP_PKEY *pub, CK_OBJE
+ 		break;
+ #if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+ 	case EVP_PKEY_EC:
+-		ec = EVP_PKEY_get0_EC_KEY(pub);
+-		ec = EC_KEY_dup(ec);
++		ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pub));
+ 		openssl_error();
+ 		if (!ec_key_meth) {
+ 			ec_key_meth = setup_ec_key_meth();
diff --git a/security/xca/files/patch-lib_pki__evp.cpp b/security/xca/files/patch-lib_pki__evp.cpp
new file mode 100644
index 000000000000..28fdc74c6690
--- /dev/null
+++ b/security/xca/files/patch-lib_pki__evp.cpp
@@ -0,0 +1,33 @@
+--- lib/pki_evp.cpp.orig	2021-05-07 20:40:29 UTC
++++ lib/pki_evp.cpp
+@@ -282,8 +282,8 @@ static void search_ec_oid(EVP_PKEY *pkey)
+ static void search_ec_oid(EVP_PKEY *pkey)
+ {
+ #ifndef OPENSSL_NO_EC
+-	EC_KEY *ec;
+ 	EC_GROUP *builtin;
++	const EC_KEY *ec;
+ 	const EC_GROUP *ec_group;
+ 
+ 	int keytype = EVP_PKEY_id(pkey);
+@@ -621,8 +621,10 @@ EVP_PKEY *pki_evp::legacyDecryptKey(QByteArray &myencK
+ 
+ 	pki_openssl_error();
+ 	if (EVP_PKEY_type(getKeyType()) == EVP_PKEY_RSA) {
+-		RSA *rsa = EVP_PKEY_get0_RSA(tmpkey);
++		RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(tmpkey);
++#if OPENSSL_VERSION_MAJOR < 3
+ 		RSA_blinding_on(rsa, NULL);
++#endif
+ 	}
+ 	myencKey.fill(0);
+ 	return tmpkey;
+@@ -930,7 +932,7 @@ bool pki_evp::verify_priv(EVP_PKEY *pkey) const
+ 		EVP_MD_CTX_free(ctx);
+ #endif
+ 	if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA && EVP_PKEY_isPrivKey(pkey)) {
+-		RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++		const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ 		if (RSA_check_key(rsa) != 1)
+ 			verify = false;
+ 	}
diff --git a/security/xca/files/patch-lib_pki__key.cpp b/security/xca/files/patch-lib_pki__key.cpp
new file mode 100644
index 000000000000..a7a834548ca6
--- /dev/null
+++ b/security/xca/files/patch-lib_pki__key.cpp
@@ -0,0 +1,65 @@
+--- lib/pki_key.cpp.orig	2021-05-07 20:40:29 UTC
++++ lib/pki_key.cpp
+@@ -197,7 +197,7 @@ QString pki_key::length() const
+ 
+ 	if (EVP_PKEY_id(key) == EVP_PKEY_DSA) {
+ 		const BIGNUM *p = NULL;
+-		DSA *dsa = EVP_PKEY_get0_DSA(key);
++		const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 		if (dsa)
+ 			DSA_get0_pqg(dsa, &p, NULL, NULL);
+ 		dsa_unset = p == NULL;
+@@ -299,7 +299,7 @@ QString pki_key::modulus() const
+ 	if (getKeyType() == EVP_PKEY_RSA) {
+ 		const BIGNUM *n = NULL;
+ 
+-		RSA *rsa = EVP_PKEY_get0_RSA(key);
++		const RSA *rsa = EVP_PKEY_get0_RSA(key);
+ 		RSA_get0_key(rsa, &n, NULL, NULL);
+ 		return BN2QString(n);
+ 	}
+@@ -310,7 +310,7 @@ QString pki_key::pubEx() const
+ {
+ 	if (getKeyType() == EVP_PKEY_RSA) {
+ 		const BIGNUM *e = NULL;
+-		RSA *rsa = EVP_PKEY_get0_RSA(key);
++		const RSA *rsa = EVP_PKEY_get0_RSA(key);
+ 		RSA_get0_key(rsa, NULL, &e, NULL);
+ 		return BN2QString(e);
+ 	}
+@@ -321,7 +321,7 @@ QString pki_key::subprime() const
+ {
+ 	if (getKeyType() == EVP_PKEY_DSA) {
+ 		const BIGNUM *q = NULL;
+-		DSA *dsa = EVP_PKEY_get0_DSA(key);
++		const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 		if (dsa)
+ 			DSA_get0_pqg(dsa, NULL, &q, NULL);
+ 		return BN2QString(q);
+@@ -333,7 +333,7 @@ QString pki_key::pubkey() const
+ {
+ 	if (getKeyType() == EVP_PKEY_DSA) {
+ 		const BIGNUM *pubkey = NULL;
+-		DSA *dsa = EVP_PKEY_get0_DSA(key);
++		const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 		if (dsa)
+ 			DSA_get0_key(dsa, &pubkey, NULL);
+ 		return BN2QString(pubkey);
+@@ -766,7 +766,7 @@ QByteArray pki_key::SSH2publicQByteArray(bool raw) con
+ 		txt = "ssh-rsa";
+ 		ssh_key_QBA2data(txt, &data);
+ 		{
+-			RSA *rsa = EVP_PKEY_get0_RSA(key);
++			const RSA *rsa = EVP_PKEY_get0_RSA(key);
+ 			const BIGNUM *n, *e;
+ 			RSA_get0_key(rsa, &n, &e, NULL);
+ 			ssh_key_bn2data(e, &data);
+@@ -777,7 +777,7 @@ QByteArray pki_key::SSH2publicQByteArray(bool raw) con
+ 		txt = "ssh-dss";
+ 		ssh_key_QBA2data(txt, &data);
+ 		{
+-			DSA *dsa = EVP_PKEY_get0_DSA(key);
++			const DSA *dsa = EVP_PKEY_get0_DSA(key);
+ 			const BIGNUM *p, *q, *g, *pubkey;
+ 			DSA_get0_pqg(dsa, &p, &q, &g);
+ 			DSA_get0_key(dsa, &pubkey, NULL);
diff --git a/security/xca/files/patch-lib_pki__scard.cpp b/security/xca/files/patch-lib_pki__scard.cpp
new file mode 100644
index 000000000000..e8335511da7f
--- /dev/null
+++ b/security/xca/files/patch-lib_pki__scard.cpp
@@ -0,0 +1,30 @@
+--- lib/pki_scard.cpp.orig	2021-05-07 20:40:29 UTC
++++ lib/pki_scard.cpp
+@@ -293,10 +293,10 @@ pk11_attlist pki_scard::objectAttributesNoId(EVP_PKEY 
+ pk11_attlist pki_scard::objectAttributesNoId(EVP_PKEY *pk, bool priv) const
+ {
+ 	QByteArray ba;
+-	RSA *rsa;
+-	DSA *dsa;
++	const RSA *rsa;
++	const DSA *dsa;
+ #ifndef OPENSSL_NO_EC
+-	EC_KEY *ec;
++	const EC_KEY *ec;
+ #endif
+ 	const BIGNUM *n = NULL;
+ 	const BIGNUM *e = NULL;
+@@ -401,10 +401,10 @@ void pki_scard::store_token(const slotid &slot, EVP_PK
+ void pki_scard::store_token(const slotid &slot, EVP_PKEY *pkey)
+ {
+ 	QByteArray ba;
+-	RSA *rsa;
+-	DSA *dsa;
++	const RSA *rsa;
++	const DSA *dsa;
+ #ifndef OPENSSL_NO_EC
+-	EC_KEY *ec;
++	const EC_KEY *ec;
+ #endif
+ 	pk11_attlist pub_atts;
+ 	pk11_attlist priv_atts;