svn commit: r564849 - in head/devel/qca: . files
Adriaan de Groot
adridg at FreeBSD.org
Wed Feb 10 10:46:36 UTC 2021
Author: adridg
Date: Wed Feb 10 10:46:35 2021
New Revision: 564849
URL: https://svnweb.freebsd.org/changeset/ports/564849
Log:
Update devel/qca to latest upstream release
QCA is the Qt Cryptographic Architecture - straightforward cross-
platform crypto API. This release has:
* Add macOS framework major version
* qca-gcrypt: Add support for HKDF
* Minimum Qt updated to 5.9
* Fixed compilation with gcc 11
While updating, I have added the patch for LibreSSL compatibility (and
tried to upsteam it). The patch comes via Gentoo and OpenBSD and has
been adjusted by lbartoletti@ and tjlegg at gmail.com and myself,
so I'm filling in something generic-ish in "Obtained from" since it
is collaborative. The PR: entry is for this patch, not for the update
to the recent release.
PR: 248590
Reported by: portscout, tjlegg at gmail.com
Obtained from: Gentoo/OpenBSD
Modified:
head/devel/qca/Makefile
head/devel/qca/distinfo
head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
Modified: head/devel/qca/Makefile
==============================================================================
--- head/devel/qca/Makefile Wed Feb 10 09:57:19 2021 (r564848)
+++ head/devel/qca/Makefile Wed Feb 10 10:46:35 2021 (r564849)
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= qca
-DISTVERSION= 2.3.1
-PORTREVISION= 1
+DISTVERSION= 2.3.2
CATEGORIES= devel
MASTER_SITES= KDE/stable/qca/${PORTVERSION}
PKGNAMESUFFIX= -qt5
Modified: head/devel/qca/distinfo
==============================================================================
--- head/devel/qca/distinfo Wed Feb 10 09:57:19 2021 (r564848)
+++ head/devel/qca/distinfo Wed Feb 10 10:46:35 2021 (r564849)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1596038214
-SHA256 (qca-2.3.1.tar.xz) = c13851109abefc4623370989fae3a745bf6b1acb3c2a13a8958539823e974e4b
-SIZE (qca-2.3.1.tar.xz) = 725984
+TIMESTAMP = 1612914386
+SHA256 (qca-2.3.2.tar.xz) = 4697600237c4bc3a979e87d2cc80624f27b06280e635f5d90ec7dd4d2a9f606d
+SIZE (qca-2.3.2.tar.xz) = 735500
Modified: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
==============================================================================
--- head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Wed Feb 10 09:57:19 2021 (r564848)
+++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Wed Feb 10 10:46:35 2021 (r564849)
@@ -1,58 +1,94 @@
---- plugins/qca-ossl/qca-ossl.cpp.orig 2020-02-25 09:08:01 UTC
+Patch from OpenBSD rsadowski@
+
+LibreSSL 3.0.x support from Stefan Strogin <steils at gentoo.org>
+
+Index: plugins/qca-ossl/qca-ossl.cpp
+--- plugins/qca-ossl/qca-ossl.cpp.orig 2021-02-04 10:29:44 UTC
+++ plugins/qca-ossl/qca-ossl.cpp
-@@ -43,6 +43,10 @@
+@@ -41,7 +41,13 @@
+ #include <openssl/ssl.h>
+ #include <openssl/x509v3.h>
- #include <openssl/kdf.h>
-
+#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT
+#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT
+#endif
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ #include <openssl/kdf.h>
++#endif
+
using namespace QCA;
- namespace opensslQCAPlugin {
-@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public)
- const InitializationVector &info, unsigned int keyLength) override
- {
- SecureArray out(keyLength);
-+#ifdef EVP_PKEY_HKDF
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr);
- EVP_PKEY_derive_init(pctx);
- EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
-@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public)
- size_t outlen = out.size();
- EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen);
- EVP_PKEY_CTX_free(pctx);
+@@ -1239,6 +1245,7 @@ class opensslPbkdf2Context : public KDFContext (public
+ protected:
+ };
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ class opensslHkdfContext : public HKDFContext
+ {
+ Q_OBJECT
+@@ -1271,6 +1278,7 @@ class opensslHkdfContext : public HKDFContext (public)
+ return out;
+ }
+ };
++#endif // LIBRESSL_VERSION_NUMBER
+
+ class opensslHMACContext : public MACContext
+ {
+@@ -4951,7 +4959,11 @@ class MyTLSContext : public TLSContext (public)
+ case TLS::TLS_v1:
+ ctx = SSL_CTX_new(TLS_client_method());
+ SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
++#ifdef TLS1_3_VERSION
+ SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
+#else
-+ unsigned char prk[EVP_MAX_MD_SIZE];
-+ unsigned char *ret;
-+ unsigned int prk_len;
-+ HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), prk, &prk_len);
-+ HMAC_CTX hmac;
-+ unsigned char prev[EVP_MAX_MD_SIZE];
-+ size_t done_len = 0;
-+ size_t dig_len = EVP_MD_size(EVP_sha256());
-+ size_t n = out.size() / dig_len;
-+ if (out.size() % dig_len) ++n;
-+ HMAC_CTX_init(&hmac);
-+ HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr);
-+ for (unsigned int i = 1; i <= n; ++i) {
-+ const unsigned char ctr = i;
-+ if (i > 1) {
-+ HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr);
-+ HMAC_Update(&hmac, prev, dig_len);
-+ }
-+ HMAC_Update(&hmac, reinterpret_cast<const unsigned char*>(info.data()), info.size());
-+ HMAC_Update(&hmac, &ctr, 1);
-+ HMAC_Final(&hmac, prev, nullptr);
-+ size_t copy_len = (done_len + dig_len > out.size()) ?
-+ out.size() - done_len : dig_len;
-+ memcpy(reinterpret_cast<unsigned char *>(out.data()) + done_len, prev, copy_len);
-+ done_len += copy_len;
-+ }
-+ HMAC_CTX_cleanup(&hmac);
-+ OPENSSL_cleanse(prk, sizeof prk);
++ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
+#endif
- return out;
- }
- };
+ break;
+ case TLS::DTLS_v1:
+ default:
+@@ -4972,7 +4984,11 @@ class MyTLSContext : public TLSContext (public)
+ QStringList cipherList;
+ for (int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
++#ifndef LIBRESSL_VERSION_NUMBER
+ cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher));
++#else
++ cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher));
++#endif
+ }
+ sk_SSL_CIPHER_free(sk);
+
+@@ -5345,7 +5361,11 @@ class MyTLSContext : public TLSContext (public)
+ sessInfo.version = TLS::TLS_v1;
+ }
+
++#ifndef LIBRESSL_VERSION_NUMBER
+ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl)));
++#else
++ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
++#endif
+
+ sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
+
+@@ -6629,7 +6649,9 @@ class opensslProvider : public Provider (public)
+ #endif
+ list += QStringLiteral("pbkdf1(sha1)");
+ list += QStringLiteral("pbkdf2(sha1)");
++#ifndef LIBRESSL_VERSION_NUMBER
+ list += QStringLiteral("hkdf(sha256)");
++#endif
+ list += QStringLiteral("pkey");
+ list += QStringLiteral("dlgroup");
+ list += QStringLiteral("rsa");
+@@ -6698,8 +6720,10 @@ class opensslProvider : public Provider (public)
+ #endif
+ else if (type == QLatin1String("pbkdf2(sha1)"))
+ return new opensslPbkdf2Context(this, type);
++#ifndef LIBRESSL_VERSION_NUMBER
+ else if (type == QLatin1String("hkdf(sha256)"))
+ return new opensslHkdfContext(this, type);
++#endif
+ else if (type == QLatin1String("hmac(md5)"))
+ return new opensslHMACContext(EVP_md5(), this, type);
+ else if (type == QLatin1String("hmac(sha1)"))
More information about the svn-ports-all
mailing list