Attachment #190664 for bug #225920




# $FreeBSD$

PORTNAME=	qca
PORTVERSION=	2.1.3
PORTREVISION=	1
CATEGORIES=	devel
MASTER_SITES=	KDE/stable/qca/${PORTVERSION}/src


MAINTAINER=	kde@FreeBSD.org
COMMENT?=	Cross-platform crypto API for Qt 4

LICENSE=	LGPL21

BUILD_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss


Lines 1-2 Link Here

(-)devel/qca/distinfo (-2 / +3 lines)
1	SHA256 (qca-2.1.1.tar.xz) = 95de3e7910b5f9ec7084169989c9d98bfb527e6a4865fe17269c3b24308be983	1	TIMESTAMP = 1518721004
2	SIZE (qca-2.1.1.tar.xz) = 688460	2	SHA256 (qca-2.1.3.tar.xz) = 003fd86a32421057a03b18a8168db52e2940978f9db5ebbb6a08882f8ab1e353
		3	SIZE (qca-2.1.3.tar.xz) = 686340

From 601fd3a05141c614ae48a3ddac44194d669eaae1 Mon Sep 17 00:00:00 2001
From: Rolf Eike Beer <eb@emlix.com>
Date: Mon, 27 Jun 2016 12:55:51 +0200
Subject: fix base64 decoding on ARM

This code was broken on ARM and other architectures where "char" is unsigned by
default.

First, it breaks with newer compilers with errors like:

  .../src/qca_textfilter.cpp:314:2: error: narrowing conversion of '-1' from 'int' to 'char' inside { } [-Wnarrowing]

Second, if the compiler would just allow this conversion then the unsigned char
would hold 255, which would not be sign extended when cast to an int later, so
all the checks "< 0" will never trigger, and so invalid input characters cannot
be detected.

REVIEW:128295
BUG:364495
---
 src/qca_textfilter.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qca_textfilter.cpp b/src/qca_textfilter.cpp
index 9889a24..3baf511 100644
--- src/qca_textfilter.cpp
+++ src/qca_textfilter.cpp
@@ -293,7 +293,7 @@ static QByteArray b64decode(const QByteArray &s, bool *ok)
 	// 64 specifies eof
 	// everything else specifies data

-	static char tbl[] =
+	static signed char tbl[] =
 	{
 		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
 		-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-- 
cgit v0.11.2




From d58e20ee652038dc4ec4fe4765dc3639ed735526 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Sat, 16 Dec 2017 22:29:40 +0100
Subject: Add support for OpenSSL 1.1.0

Test Plan:
Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
Using this code with kdeconnect and okteta successfully on my system now.

Reviewers: iromanov

Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter

Differential Revision: https://phabricator.kde.org/D9416
--- plugins/qca-ossl/ossl110-compat.h.orig	2018-02-14 20:19:15 UTC
+++ plugins/qca-ossl/ossl110-compat.h
@@ -0,0 +1,283 @@
+/*
+ * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ *
+ */
+
+#ifndef OSSL110COMPAT_H
+#define OSSL110COMPAT_H
+
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define RSA_F_RSA_METH_DUP 161
+
+static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr)
+        *pr = sig->r;
+    if (ps)
+        *ps = sig->s;
+}
+
+static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (!sig) return 0;
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p)
+        *p = dsa->p;
+    if (q)
+        *q = dsa->q;
+    if (g)
+        *g = dsa->g;
+}
+
+static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    if (!dsa) return 0;
+    dsa->p = p;
+    dsa->q = q;
+    dsa->g = g;
+    return 1;
+}
+
+static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+    if (n)
+        *n = rsa->n;
+    if (e)
+        *e = rsa->e;
+    if (d)
+        *d = rsa->d;
+}
+
+static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+    if (!rsa) return 0;
+    rsa->n = n;
+    rsa->e = e;
+    rsa->d = d;
+    return 1;
+}
+
+static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
+{
+    if (p)
+        *p = rsa->p;
+    if (q)
+        *q = rsa->q;
+}
+
+static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
+{
+    if (!rsa) return 0;
+    rsa->p = p;
+    rsa->q = q;
+    return 1;
+}
+
+static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p)
+        *p = dh->p;
+    if (q)
+        *q = dh->q;
+    if (g)
+        *g = dh->g;
+}
+
+static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    if (!dh) return 0;
+    dh->p = p;
+    dh->q = q;
+    dh->g = g;
+    return 1;
+}
+
+static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key)
+        *pub_key = dh->pub_key;
+    if (priv_key)
+        *priv_key = dh->priv_key;
+}
+
+static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    if (!dh) return 0;
+    dh->pub_key = pub_key;
+    dh->priv_key = priv_key;
+    return 1;
+}
+
+static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key)
+        *pub_key = dsa->pub_key;
+    if (priv_key)
+        *priv_key = dsa->priv_key;
+}
+
+static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    if (!dsa) return 0;
+    dsa->pub_key = pub_key;
+    dsa->priv_key = priv_key;
+    return 1;
+}
+
+static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
+
+static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
+{
+    if (psig)
+        *psig = req->signature;
+    if (palg)
+        *palg = req->sig_alg;
+}
+
+static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
+{
+    if (psig)
+        *psig = crl->signature;
+    if (palg)
+        *palg = crl->sig_alg;
+}
+
+static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+    if (!meth)
+        return NULL;
+
+    RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth));
+
+    if (!_meth)
+    {
+        RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    memcpy(_meth, meth, sizeof(*_meth));
+    _meth->name = strdup(meth->name);
+    if (!_meth->name) {
+        OPENSSL_free(_meth);
+        RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return _meth;
+}
+
+static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding))
+{
+    if (!rsa) return 0;
+    rsa->rsa_priv_enc = priv_enc;
+    return 1;
+}
+
+static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding))
+{
+    if (!rsa) return 0;
+    rsa->rsa_priv_dec = priv_dec;
+    return 1;
+}
+
+static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
+    unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
+{
+    if (!meth) return 0;
+    meth->rsa_sign = sign;
+    return 1;
+}
+
+static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
+    unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
+{
+    if (!meth) return 0;
+    meth->rsa_verify = verify;
+    return 1;
+}
+
+static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+    if (!meth) return 0;
+    meth->finish = finish;
+    return 1;
+}
+
+static HMAC_CTX *HMAC_CTX_new()
+{
+    HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
+    if (ctx)
+        HMAC_CTX_init(ctx);
+    return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (!ctx)
+        return;
+    HMAC_CTX_cleanup(ctx);
+    EVP_MD_CTX_cleanup(&ctx->i_ctx);
+    EVP_MD_CTX_cleanup(&ctx->o_ctx);
+    EVP_MD_CTX_cleanup(&ctx->md_ctx);
+    OPENSSL_free(ctx);
+}
+
+#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
+
+#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
+#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
+
+#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
+#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
+#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
+
+#define EVP_PKEY_id(pky) (pky)->type
+#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
+#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
+#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
+
+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
+
+#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
+#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
+
+#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
+#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#endif // OSSL110COMPAT_H




qca-ossl: Fix build without support for SHA-0 
https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156

LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha 
anymore. 
Wikipedia says about SHA-0: "160-bit hash function published in 1993 
under the name SHA. It was withdrawn shortly after publication due to 
an undisclosed "significant flaw" and replaced by the slightly revised 
version SHA-1.' 

REVIEW: 125387 

--- plugins/qca-ossl/CMakeLists.txt.orig
+++ plugins/qca-ossl/CMakeLists.txt
@@ -24,6 +24,13 @@
   else(HAVE_OPENSSL_AES_CTR)
     message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
   endif(HAVE_OPENSSL_AES_CTR)
+
+  check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
+  if(HAVE_OPENSSL_SHA0)
+    add_definitions(-DHAVE_OPENSSL_SHA0)
+  else(HAVE_OPENSSL_SHA0)
+    message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
+  endif(HAVE_OPENSSL_SHA0)
 
   set(QCA_OSSL_SOURCES qca-ossl.cpp)
 




qca-ossl: Fix build without SSLv3
http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232

This fixes building with LibreSSL >= 2.3.0 which has removed support
for SSLv3 completely. As far as I know OpenSSL can be configured to
build without it, so it might be helpful there as well.

REVIEW: 125386

qca-ossl: Fix build without support for SHA-0
https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156

LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha
anymore.
Wikipedia says about SHA-0: "160-bit hash function published in 1993
under the name SHA. It was withdrawn shortly after publication due to
an undisclosed "significant flaw" and replaced by the slightly revised
version SHA-1.'

REVIEW: 125387

Also includes:
qca-ossl: Remove SHA0 from all_hash_types() when it is not available.
https://git.reviewboard.kde.org/r/128700/

--- plugins/qca-ossl/qca-ossl.cpp.orig	2015-10-02 09:39:21 UTC
+++ plugins/qca-ossl/qca-ossl.cpp
@@ -5403,9 +5403,11 @@ public:
 			ctx = SSL_CTX_new(SSLv2_client_method());
 			break;
 #endif
+#ifndef OPENSSL_NO_SSL3_METHOD
 		case TLS::SSL_v3:
 			ctx = SSL_CTX_new(SSLv3_client_method());
 			break;
+#endif
 		case TLS::TLS_v1:
 			ctx = SSL_CTX_new(TLSv1_client_method());
 			break;
@@ -5805,7 +5807,11 @@ public:
 	{
 		SessionInfo sessInfo;
 
-		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
+#ifndef OPENSSL_NO_COMP
+		sessInfo.isCompressed = (0 != ssl->session->compress_meth);
+#else
+		sessInfo.isCompressed = 0;
+#endif
 
 		if (ssl->version == TLS1_VERSION)
 			sessInfo.version = TLS::TLS_v1;
@@ -6880,7 +6886,9 @@ static QStringList all_hash_types()
 {
 	QStringList list;
 	list += "sha1";
+#ifdef HAVE_OPENSSL_SHA0
 	list += "sha0";
+#endif
 	list += "ripemd160";
 #ifdef HAVE_OPENSSL_MD2
 	list += "md2";
@@ -7133,8 +7141,10 @@ public:
 			return new opensslInfoContext(this);
 		else if ( type == "sha1" )
 			return new opensslHashContext( EVP_sha1(), this, type);
+#ifdef HAVE_OPENSSL_SHA0
 		else if ( type == "sha0" )
 			return new opensslHashContext( EVP_sha(), this, type);
+#endif
 		else if ( type == "ripemd160" )
 			return new opensslHashContext( EVP_ripemd160(), this, type);
 #ifdef HAVE_OPENSSL_MD2

Return to bug 225920

Lines 2-9 Link Here

(-)devel/qca/Makefile (-2 / +3 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= qca	4	PORTNAME= qca
5	PORTVERSION= 2.1.1	5	PORTVERSION= 2.1.3
6	PORTREVISION= 1
7	CATEGORIES= devel	6	CATEGORIES= devel
8	MASTER_SITES= KDE/stable/qca/${PORTVERSION}/src	7	MASTER_SITES= KDE/stable/qca/${PORTVERSION}/src
9		8
Lines 10-15 Link Here
10	MAINTAINER= kde@FreeBSD.org	9	MAINTAINER= kde@FreeBSD.org
11	COMMENT?= Cross-platform crypto API for Qt 4	10	COMMENT?= Cross-platform crypto API for Qt 4
12		11
		12	LICENSE= LGPL21
		13
13	BUILD_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss	14	BUILD_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
14	RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss	15	RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
15		16

Lines 1-39 Link Here

(-)devel/qca/files/patch-git_601fd3 (-39 lines)
1	From 601fd3a05141c614ae48a3ddac44194d669eaae1 Mon Sep 17 00:00:00 2001
2	From: Rolf Eike Beer <eb@emlix.com>
3	Date: Mon, 27 Jun 2016 12:55:51 +0200
4	Subject: fix base64 decoding on ARM
5
6	This code was broken on ARM and other architectures where "char" is unsigned by
7	default.
8
9	First, it breaks with newer compilers with errors like:
10
11	.../src/qca_textfilter.cpp:314:2: error: narrowing conversion of '-1' from 'int' to 'char' inside { } [-Wnarrowing]
12
13	Second, if the compiler would just allow this conversion then the unsigned char
14	would hold 255, which would not be sign extended when cast to an int later, so
15	all the checks "< 0" will never trigger, and so invalid input characters cannot
16	be detected.
17
18	REVIEW:128295
19	BUG:364495
20	---
21	src/qca_textfilter.cpp \| 2 +-
22	1 file changed, 1 insertion(+), 1 deletion(-)
23
24	diff --git a/src/qca_textfilter.cpp b/src/qca_textfilter.cpp
25	index 9889a24..3baf511 100644
26	--- src/qca_textfilter.cpp
27	+++ src/qca_textfilter.cpp
28	@@ -293,7 +293,7 @@ static QByteArray b64decode(const QByteArray &s, bool *ok)
29	// 64 specifies eof
30	// everything else specifies data
31
32	- static char tbl[] =
33	+ static signed char tbl[] =
34	{
35	-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
36	-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
37	--
38	cgit v0.11.2
39

Line 0 Link Here

(-)devel/qca/files/patch-git_d58e20 (+300 lines)
		1	From d58e20ee652038dc4ec4fe4765dc3639ed735526 Mon Sep 17 00:00:00 2001
		2	From: Fabian Vogt <fabian@ritter-vogt.de>
		3	Date: Sat, 16 Dec 2017 22:29:40 +0100
		4	Subject: Add support for OpenSSL 1.1.0
		5
		6	Test Plan:
		7	Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
		8	Using this code with kdeconnect and okteta successfully on my system now.
		9
		10	Reviewers: iromanov
		11
		12	Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter
		13
		14	Differential Revision: https://phabricator.kde.org/D9416
		15	--- plugins/qca-ossl/ossl110-compat.h.orig 2018-02-14 20:19:15 UTC
		16	+++ plugins/qca-ossl/ossl110-compat.h
		17	@@ -0,0 +1,283 @@
		18	+/*
		19	+ * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
		20	+ *
		21	+ * This library is free software; you can redistribute it and/or
		22	+ * modify it under the terms of the GNU Lesser General Public
		23	+ * License as published by the Free Software Foundation; either
		24	+ * version 2.1 of the License, or (at your option) any later version.
		25	+ *
		26	+ * This library is distributed in the hope that it will be useful,
		27	+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
		28	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		29	+ * Lesser General Public License for more details.
		30	+ *
		31	+ * You should have received a copy of the GNU Lesser General Public
		32	+ * License along with this library; if not, write to the Free Software
		33	+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
		34	+ *
		35	+ */
		36	+
		37	+#ifndef OSSL110COMPAT_H
		38	+#define OSSL110COMPAT_H
		39	+
		40	+#include <openssl/evp.h>
		41	+#include <openssl/hmac.h>
		42	+#include <openssl/rsa.h>
		43	+#include <openssl/dsa.h>
		44	+
		45	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		46	+#define RSA_F_RSA_METH_DUP 161
		47	+
		48	+static void DSA_SIG_get0(const DSA_SIG sig, const BIGNUM pr, const BIGNUM *ps)
		49	+{
		50	+ if (pr)
		51	+ *pr = sig->r;
		52	+ if (ps)
		53	+ *ps = sig->s;
		54	+}
		55	+
		56	+static int DSA_SIG_set0(DSA_SIG sig, BIGNUM r, BIGNUM *s)
		57	+{
		58	+ if (!sig) return 0;
		59	+ sig->r = r;
		60	+ sig->s = s;
		61	+ return 1;
		62	+}
		63	+
		64	+static void DSA_get0_pqg(const DSA dsa, const BIGNUM p, const BIGNUM q, const BIGNUM *g)
65	+{
66	+ if (p)
67	+ *p = dsa->p;
68	+ if (q)
69	+ *q = dsa->q;
70	+ if (g)
71	+ *g = dsa->g;
72	+}
73	+
74	+static int DSA_set0_pqg(DSA dsa, BIGNUM p, BIGNUM q, BIGNUM g)
75	+{
76	+ if (!dsa) return 0;
77	+ dsa->p = p;
78	+ dsa->q = q;
79	+ dsa->g = g;
80	+ return 1;
81	+}
82	+
83	+static void RSA_get0_key(const RSA rsa, const BIGNUM n, const BIGNUM e, const BIGNUM *d)
84	+{
85	+ if (n)
86	+ *n = rsa->n;
87	+ if (e)
88	+ *e = rsa->e;
89	+ if (d)
90	+ *d = rsa->d;
91	+}
92	+
93	+static int RSA_set0_key(RSA rsa, BIGNUM n, BIGNUM e, BIGNUM d)
94	+{
95	+ if (!rsa) return 0;
96	+ rsa->n = n;
97	+ rsa->e = e;
98	+ rsa->d = d;
99	+ return 1;
100	+}
101	+
102	+static void RSA_get0_factors(const RSA rsa, const BIGNUM p, const BIGNUM *q)
103	+{
104	+ if (p)
105	+ *p = rsa->p;
106	+ if (q)
107	+ *q = rsa->q;
108	+}
109	+
110	+static int RSA_set0_factors(RSA rsa, BIGNUM p, BIGNUM *q)
111	+{
112	+ if (!rsa) return 0;
113	+ rsa->p = p;
114	+ rsa->q = q;
115	+ return 1;
116	+}
117	+
118	+static void DH_get0_pqg(const DH dh, const BIGNUM p, const BIGNUM q, const BIGNUM *g)
119	+{
120	+ if (p)
121	+ *p = dh->p;
122	+ if (q)
123	+ *q = dh->q;
124	+ if (g)
125	+ *g = dh->g;
126	+}
127	+
128	+static int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)
129	+{
130	+ if (!dh) return 0;
131	+ dh->p = p;
132	+ dh->q = q;
133	+ dh->g = g;
134	+ return 1;
135	+}
136	+
137	+static void DH_get0_key(const DH dh, const BIGNUM pub_key, const BIGNUM *priv_key)
138	+{
139	+ if (pub_key)
140	+ *pub_key = dh->pub_key;
141	+ if (priv_key)
142	+ *priv_key = dh->priv_key;
143	+}
144	+
145	+static int DH_set0_key(DH dh, BIGNUM pub_key, BIGNUM *priv_key)
146	+{
147	+ if (!dh) return 0;
148	+ dh->pub_key = pub_key;
149	+ dh->priv_key = priv_key;
150	+ return 1;
151	+}
152	+
153	+static void DSA_get0_key(const DSA dsa, const BIGNUM pub_key, const BIGNUM *priv_key)
154	+{
155	+ if (pub_key)
156	+ *pub_key = dsa->pub_key;
157	+ if (priv_key)
158	+ *priv_key = dsa->priv_key;
159	+}
160	+
161	+static int DSA_set0_key(DSA dsa, BIGNUM pub_key, BIGNUM *priv_key)
162	+{
163	+ if (!dsa) return 0;
164	+ dsa->pub_key = pub_key;
165	+ dsa->priv_key = priv_key;
166	+ return 1;
167	+}
168	+
169	+static void X509_SIG_getm(const X509_SIG sig, X509_ALGOR palg, ASN1_OCTET_STRING *pdigest)
170	+{
171	+ if (palg)
172	+ *palg = sig->algor;
173	+ if (pdigest)
174	+ *pdigest = sig->digest;
175	+}
176	+
177	+static void X509_REQ_get0_signature(const X509_REQ req, const ASN1_BIT_STRING psig, const X509_ALGOR *palg)
178	+{
179	+ if (psig)
180	+ *psig = req->signature;
181	+ if (palg)
182	+ *palg = req->sig_alg;
183	+}
184	+
185	+static void X509_CRL_get0_signature(const X509_CRL crl, const ASN1_BIT_STRING psig, const X509_ALGOR *palg)
186	+{
187	+ if (psig)
188	+ *psig = crl->signature;
189	+ if (palg)
190	+ *palg = crl->sig_alg;
191	+}
192	+
193	+static RSA_METHOD RSA_meth_dup(const RSA_METHOD meth)
194	+{
195	+ if (!meth)
196	+ return NULL;
197	+
198	+ RSA_METHOD _meth = (RSA_METHOD ) OPENSSL_malloc(sizeof(*_meth));
199	+
200	+ if (!_meth)
201	+ {
202	+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
203	+ return NULL;
204	+ }
205	+
206	+ memcpy(_meth, meth, sizeof(*_meth));
207	+ _meth->name = strdup(meth->name);
208	+ if (!_meth->name) {
209	+ OPENSSL_free(_meth);
210	+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
211	+ return NULL;
212	+ }
213	+
214	+ return _meth;
215	+}
216	+
217	+static int RSA_meth_set_priv_enc(RSA_METHOD rsa, int (priv_enc) (int flen, const unsigned char *from,
218	+ unsigned char to, RSA rsa, int padding))
219	+{
220	+ if (!rsa) return 0;
221	+ rsa->rsa_priv_enc = priv_enc;
222	+ return 1;
223	+}
224	+
225	+static int RSA_meth_set_priv_dec(RSA_METHOD rsa, int (priv_dec) (int flen, const unsigned char *from,
226	+ unsigned char to, RSA rsa, int padding))
227	+{
228	+ if (!rsa) return 0;
229	+ rsa->rsa_priv_dec = priv_dec;
230	+ return 1;
231	+}
232	+
233	+static int RSA_meth_set_sign(RSA_METHOD meth, int (sign) (int type, const unsigned char *m,
234	+ unsigned int m_length, unsigned char sigret, unsigned int siglen, const RSA *rsa))
235	+{
236	+ if (!meth) return 0;
237	+ meth->rsa_sign = sign;
238	+ return 1;
239	+}
240	+
241	+static int RSA_meth_set_verify(RSA_METHOD meth, int (verify) (int dtype, const unsigned char *m,
242	+ unsigned int m_length, const unsigned char sigbuf, unsigned int siglen, const RSA rsa))
243	+{
244	+ if (!meth) return 0;
245	+ meth->rsa_verify = verify;
246	+ return 1;
247	+}
248	+
249	+static int RSA_meth_set_finish(RSA_METHOD meth, int (finish) (RSA *rsa))
250	+{
251	+ if (!meth) return 0;
252	+ meth->finish = finish;
253	+ return 1;
254	+}
255	+
256	+static HMAC_CTX *HMAC_CTX_new()
257	+{
258	+ HMAC_CTX ctx = (HMAC_CTX ) OPENSSL_malloc(sizeof(HMAC_CTX));
259	+ if (ctx)
260	+ HMAC_CTX_init(ctx);
261	+ return ctx;
262	+}
263	+
264	+static void HMAC_CTX_free(HMAC_CTX *ctx)
265	+{
266	+ if (!ctx)
267	+ return;
268	+ HMAC_CTX_cleanup(ctx);
269	+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
270	+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
271	+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
272	+ OPENSSL_free(ctx);
273	+}
274	+
275	+#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
276	+
277	+#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
278	+#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
279	+
280	+#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
281	+#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
282	+#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
283	+
284	+#define EVP_PKEY_id(pky) (pky)->type
285	+#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
286	+#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
287	+#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
288	+
289	+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
290	+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
291	+
292	+#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
293	+#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
294	+
295	+#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
296	+#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
297	+
298	+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
299	+
300	+#endif // OSSL110COMPAT_H

Lines 1-28 Link Here

(-)devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt (-28 lines)
1	qca-ossl: Fix build without support for SHA-0
2	https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
3
4	LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha
5	anymore.
6	Wikipedia says about SHA-0: "160-bit hash function published in 1993
7	under the name SHA. It was withdrawn shortly after publication due to
8	an undisclosed "significant flaw" and replaced by the slightly revised
9	version SHA-1.'
10
11	REVIEW: 125387
12
13	--- plugins/qca-ossl/CMakeLists.txt.orig
14	+++ plugins/qca-ossl/CMakeLists.txt
15	@@ -24,6 +24,13 @@
16	else(HAVE_OPENSSL_AES_CTR)
17	message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
18	endif(HAVE_OPENSSL_AES_CTR)
19	+
20	+ check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
21	+ if(HAVE_OPENSSL_SHA0)
22	+ add_definitions(-DHAVE_OPENSSL_SHA0)
23	+ else(HAVE_OPENSSL_SHA0)
24	+ message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
25	+ endif(HAVE_OPENSSL_SHA0)
26
27	set(QCA_OSSL_SOURCES qca-ossl.cpp)
28

Lines 1-73 Link Here

(-)devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp (-73 lines)
1	qca-ossl: Fix build without SSLv3
2	http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232
3
4	This fixes building with LibreSSL >= 2.3.0 which has removed support
5	for SSLv3 completely. As far as I know OpenSSL can be configured to
6	build without it, so it might be helpful there as well.
7
8	REVIEW: 125386
9
10	qca-ossl: Fix build without support for SHA-0
11	https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
12
13	LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha
14	anymore.
15	Wikipedia says about SHA-0: "160-bit hash function published in 1993
16	under the name SHA. It was withdrawn shortly after publication due to
17	an undisclosed "significant flaw" and replaced by the slightly revised
18	version SHA-1.'
19
20	REVIEW: 125387
21
22	Also includes:
23	qca-ossl: Remove SHA0 from all_hash_types() when it is not available.
24	https://git.reviewboard.kde.org/r/128700/
25
26	--- plugins/qca-ossl/qca-ossl.cpp.orig 2015-10-02 09:39:21 UTC
27	+++ plugins/qca-ossl/qca-ossl.cpp
28	@@ -5403,9 +5403,11 @@ public:
29	ctx = SSL_CTX_new(SSLv2_client_method());
30	break;
31	#endif
32	+#ifndef OPENSSL_NO_SSL3_METHOD
33	case TLS::SSL_v3:
34	ctx = SSL_CTX_new(SSLv3_client_method());
35	break;
36	+#endif
37	case TLS::TLS_v1:
38	ctx = SSL_CTX_new(TLSv1_client_method());
39	break;
40	@@ -5805,7 +5807,11 @@ public:
41	{
42	SessionInfo sessInfo;
43
44	- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
45	+#ifndef OPENSSL_NO_COMP
46	+ sessInfo.isCompressed = (0 != ssl->session->compress_meth);
47	+#else
48	+ sessInfo.isCompressed = 0;
49	+#endif
50
51	if (ssl->version == TLS1_VERSION)
52	sessInfo.version = TLS::TLS_v1;
53	@@ -6880,7 +6886,9 @@ static QStringList all_hash_types()
54	{
55	QStringList list;
56	list += "sha1";
57	+#ifdef HAVE_OPENSSL_SHA0
58	list += "sha0";
59	+#endif
60	list += "ripemd160";
61	#ifdef HAVE_OPENSSL_MD2
62	list += "md2";
63	@@ -7133,8 +7141,10 @@ public:
64	return new opensslInfoContext(this);
65	else if ( type == "sha1" )
66	return new opensslHashContext( EVP_sha1(), this, type);
67	+#ifdef HAVE_OPENSSL_SHA0
68	else if ( type == "sha0" )
69	return new opensslHashContext( EVP_sha(), this, type);
70	+#endif
71	else if ( type == "ripemd160" )
72	return new opensslHashContext( EVP_ripemd160(), this, type);
73	#ifdef HAVE_OPENSSL_MD2