FreeBSD Bugzilla – Attachment 219086 Details for
Bug 248590
devel/qca: Fails to build with libressl
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch from openbsd/gentoo
qca_libressl.diff (text/plain), 6.01 KB, created by
Loïc Bartoletti
on 2020-10-25 22:18:04 UTC
(
hide
)
Description:
Patch from openbsd/gentoo
Filename:
MIME Type:
Creator:
Loïc Bartoletti
Created:
2020-10-25 22:18:04 UTC
Size:
6.01 KB
patch
obsolete
>Index: devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp >=================================================================== >--- devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp (revision 553292) >+++ devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp (working copy) >@@ -1,58 +1,94 @@ >---- plugins/qca-ossl/qca-ossl.cpp.orig 2020-02-25 09:08:01 UTC >+Patch from OpenBSD rsadowski@ >+ >+LibreSSL 3.0.x support from Stefan Strogin <steils@gentoo.org> >+ >+Index: plugins/qca-ossl/qca-ossl.cpp >+--- plugins/qca-ossl/qca-ossl.cpp.orig > +++ plugins/qca-ossl/qca-ossl.cpp >-@@ -43,6 +43,10 @@ >+@@ -41,7 +41,13 @@ >+ #include <openssl/pkcs12.h> >+ #include <openssl/ssl.h> > >- #include <openssl/kdf.h> >- > +#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT > +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT > +#endif > + >++#ifndef LIBRESSL_VERSION_NUMBER >+ #include <openssl/kdf.h> >++#endif >+ > using namespace QCA; > >- namespace opensslQCAPlugin { >-@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public) >- const InitializationVector &info, unsigned int keyLength) override >- { >- SecureArray out(keyLength); >-+#ifdef EVP_PKEY_HKDF >- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr); >- EVP_PKEY_derive_init(pctx); >- EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()); >-@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public) >- size_t outlen = out.size(); >- EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen); >- EVP_PKEY_CTX_free(pctx); >-+#else >-+ unsigned char prk[EVP_MAX_MD_SIZE]; >-+ unsigned char *ret; >-+ unsigned int prk_len; >-+ HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), prk, &prk_len); >-+ HMAC_CTX hmac; >-+ unsigned char prev[EVP_MAX_MD_SIZE]; >-+ size_t done_len = 0; >-+ size_t dig_len = EVP_MD_size(EVP_sha256()); >-+ size_t n = out.size() / dig_len; >-+ if (out.size() % dig_len) ++n; >-+ HMAC_CTX_init(&hmac); >-+ HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr); >-+ for (unsigned int i = 1; i <= n; ++i) { >-+ const unsigned char ctr = i; >-+ if (i > 1) { >-+ HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr); >-+ HMAC_Update(&hmac, prev, dig_len); >-+ } >-+ HMAC_Update(&hmac, reinterpret_cast<const unsigned char*>(info.data()), info.size()); >-+ HMAC_Update(&hmac, &ctr, 1); >-+ HMAC_Final(&hmac, prev, nullptr); >-+ size_t copy_len = (done_len + dig_len > out.size()) ? >-+ out.size() - done_len : dig_len; >-+ memcpy(reinterpret_cast<unsigned char *>(out.data()) + done_len, prev, copy_len); >-+ done_len += copy_len; >-+ } >-+ HMAC_CTX_cleanup(&hmac); >-+ OPENSSL_cleanse(prk, sizeof prk); >-+#endif >+@@ -1262,6 +1268,7 @@ class opensslPbkdf2Context : public KDFContext (public >+ protected: >+ }; >+ >++#ifndef LIBRESSL_VERSION_NUMBER >+ class opensslHkdfContext : public HKDFContext >+ { >+ Q_OBJECT >+@@ -1291,6 +1298,7 @@ class opensslHkdfContext : public HKDFContext (public) > return out; > } > }; >++#endif // LIBRESSL_VERSION_NUMBER >+ >+ class opensslHMACContext : public MACContext >+ { >+@@ -4990,7 +4998,11 @@ class MyTLSContext : public TLSContext (public) >+ case TLS::TLS_v1: >+ ctx = SSL_CTX_new(TLS_client_method()); >+ SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); >++#ifdef TLS1_3_VERSION >+ SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); >++#else >++ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); >++#endif >+ break; >+ case TLS::DTLS_v1: >+ default: >+@@ -5011,7 +5023,11 @@ class MyTLSContext : public TLSContext (public) >+ QStringList cipherList; >+ for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { >+ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); >++#ifndef LIBRESSL_VERSION_NUMBER >+ cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); >++#else >++ cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher)); >++#endif >+ } >+ sk_SSL_CIPHER_free(sk); >+ >+@@ -5404,7 +5420,11 @@ class MyTLSContext : public TLSContext (public) >+ sessInfo.version = TLS::TLS_v1; >+ } >+ >++#ifndef LIBRESSL_VERSION_NUMBER >+ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); >++#else >++ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))); >++#endif >+ >+ sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); >+ >+@@ -6751,7 +6771,9 @@ class opensslProvider : public Provider (public) >+ #endif >+ list += QStringLiteral("pbkdf1(sha1)"); >+ list += QStringLiteral("pbkdf2(sha1)"); >++#ifndef LIBRESSL_VERSION_NUMBER >+ list += QStringLiteral("hkdf(sha256)"); >++#endif >+ list += QStringLiteral("pkey"); >+ list += QStringLiteral("dlgroup"); >+ list += QStringLiteral("rsa"); >+@@ -6820,8 +6842,10 @@ class opensslProvider : public Provider (public) >+ #endif >+ else if ( type == QLatin1String("pbkdf2(sha1)") ) >+ return new opensslPbkdf2Context( this, type ); >++#ifndef LIBRESSL_VERSION_NUMBER >+ else if ( type == QLatin1String("hkdf(sha256)") ) >+ return new opensslHkdfContext( this, type ); >++#endif >+ else if ( type == QLatin1String("hmac(md5)") ) >+ return new opensslHMACContext( EVP_md5(), this, type ); >+ else if ( type == QLatin1String("hmac(sha1)") ) >Index: ftp/curl/Makefile >=================================================================== >--- ftp/curl/Makefile (revision 553292) >+++ ftp/curl/Makefile (working copy) >@@ -143,9 +143,9 @@ > CONFIGURE_ARGS+=--with-ca-fallback > .endif > >-.if ((!${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MOPENSSL}) || (${PORT_OPTIONS:MOPENSSL} && ${SSL_DEFAULT:Mlibressl*})) && ${PORT_OPTIONS:MTLS_SRP} >-IGNORE= only supports TLS-SRP with either OpenSSL or GnuTLS >-.endif >+#.if ((!${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MOPENSSL}) || (${PORT_OPTIONS:MOPENSSL} && ${SSL_DEFAULT:Mlibressl*})) && ${PORT_OPTIONS:MTLS_SRP} >+#IGNORE= only supports TLS-SRP with either OpenSSL or GnuTLS >+#.endif > > .if ${PORT_OPTIONS:MLDAPS} && !${PORT_OPTIONS:MGNUTLS} && !${PORT_OPTIONS:MNSS} && !${PORT_OPTIONS:MOPENSSL} && !${PORT_OPTIONS:MWOLFSSL} > IGNORE= only supports LDAPS with SSL
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=219086">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 248590
:
217830
| 219086