Update devel/qca to latest upstream release

QCA is the Qt Cryptographic Architecture - straightforward cross- platform crypto API. This release has: * Add macOS framework major version * qca-gcrypt: Add support for HKDF * Minimum Qt updated to 5.9 * Fixed compilation with gcc 11 While updating, I have added the patch for LibreSSL compatibility (and tried to upsteam it). The patch comes via Gentoo and OpenBSD and has been adjusted by lbartoletti@ and tjlegg@gmail.com and myself, so I'm filling in something generic-ish in "Obtained from" since it is collaborative. The PR: entry is for this patch, not for the update to the recent release. PR: 248590 Reported by: portscout, tjlegg@gmail.com Obtained from: Gentoo/OpenBSD
svn path=/head/; revision=564849
2021-02-10 10:46:35 +00:00 · 2021-02-10 10:46:35 +00:00 · d3c48e1b91 · 2021-03-31 03:12:20 +00:00
commit d3c48e1b91
parent 050ac71b9e
3 changed files with 89 additions and 54 deletions
--- a/devel/qca/Makefile
+++ b/devel/qca/Makefile
@ -2,8 +2,7 @@
 # $FreeBSD$

 PORTNAME=	qca
-DISTVERSION=	2.3.1
-PORTREVISION=	1
+DISTVERSION=	2.3.2
 CATEGORIES=	devel
 MASTER_SITES=	KDE/stable/qca/${PORTVERSION}
 PKGNAMESUFFIX=	-qt5
--- a/devel/qca/distinfo
+++ b/devel/qca/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1596038214
-SHA256 (qca-2.3.1.tar.xz) = c13851109abefc4623370989fae3a745bf6b1acb3c2a13a8958539823e974e4b
-SIZE (qca-2.3.1.tar.xz) = 725984
+TIMESTAMP = 1612914386
+SHA256 (qca-2.3.2.tar.xz) = 4697600237c4bc3a979e87d2cc80624f27b06280e635f5d90ec7dd4d2a9f606d
+SIZE (qca-2.3.2.tar.xz) = 735500
--- a/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
+++ b/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
@ -1,58 +1,94 @@
--- plugins/qca-ossl/qca-ossl.cpp.orig	2020-02-25 09:08:01 UTC
+Patch from OpenBSD rsadowski@ 
+
+LibreSSL 3.0.x support from Stefan Strogin <steils@gentoo.org>
+
+Index: plugins/qca-ossl/qca-ossl.cpp
+--- plugins/qca-ossl/qca-ossl.cpp.orig	2021-02-04 10:29:44 UTC
 +++ plugins/qca-ossl/qca-ossl.cpp
-@@ -43,6 +43,10 @@
- 
- #include <openssl/kdf.h>
+@@ -41,7 +41,13 @@
+ #include <openssl/ssl.h>
+ #include <openssl/x509v3.h>
 
 +#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT
 +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT
 +#endif
 +
+#ifndef LIBRESSL_VERSION_NUMBER
+ #include <openssl/kdf.h>
+#endif
+ 
 using namespace QCA;
 
- namespace opensslQCAPlugin {
-@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public)
- 						 const InitializationVector &info, unsigned int keyLength) override
- 	{
- 		SecureArray out(keyLength);
-+#ifdef EVP_PKEY_HKDF
- 		EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr);
- 		EVP_PKEY_derive_init(pctx);
- 		EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
-@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public)
- 		size_t outlen = out.size();
- 		EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen);
- 		EVP_PKEY_CTX_free(pctx);
-+#else
-+		unsigned char prk[EVP_MAX_MD_SIZE];
-+		unsigned char *ret;
-+		unsigned int prk_len;
-+		HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), prk, &prk_len);
-+		HMAC_CTX hmac;
-+		unsigned char prev[EVP_MAX_MD_SIZE];
-+		size_t done_len = 0;
-+		size_t dig_len = EVP_MD_size(EVP_sha256());
-+		size_t n = out.size() / dig_len;
-+		if (out.size() % dig_len) ++n;
-+		HMAC_CTX_init(&hmac);
-+		HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr);
-+		for (unsigned int i = 1; i <= n; ++i) {
-+			const unsigned char ctr = i;
-+			if (i > 1) {
-+				HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr);
-+				HMAC_Update(&hmac, prev, dig_len);
-+			}
-+			HMAC_Update(&hmac, reinterpret_cast<const unsigned char*>(info.data()), info.size());
-+			HMAC_Update(&hmac, &ctr, 1);
-+			HMAC_Final(&hmac, prev, nullptr);
-+			size_t copy_len = (done_len + dig_len > out.size()) ?
-+					out.size() - done_len : dig_len;
-+			memcpy(reinterpret_cast<unsigned char *>(out.data()) + done_len, prev, copy_len);
-+			done_len += copy_len;
-+		}
-+		HMAC_CTX_cleanup(&hmac);
-+		OPENSSL_cleanse(prk, sizeof prk);
-+#endif
- 		return out;
- 	}
+@@ -1239,6 +1245,7 @@ class opensslPbkdf2Context : public KDFContext (public
+ protected:
 };
+ 
+#ifndef LIBRESSL_VERSION_NUMBER
+ class opensslHkdfContext : public HKDFContext
+ {
+     Q_OBJECT
+@@ -1271,6 +1278,7 @@ class opensslHkdfContext : public HKDFContext (public)
+         return out;
+     }
+ };
+#endif // LIBRESSL_VERSION_NUMBER
+ 
+ class opensslHMACContext : public MACContext
+ {
+@@ -4951,7 +4959,11 @@ class MyTLSContext : public TLSContext (public)
+         case TLS::TLS_v1:
+             ctx = SSL_CTX_new(TLS_client_method());
+             SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+#ifdef TLS1_3_VERSION           
+             SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
+#else
+            SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
+#endif
+             break;
+         case TLS::DTLS_v1:
+         default:
+@@ -4972,7 +4984,11 @@ class MyTLSContext : public TLSContext (public)
+         QStringList cipherList;
+         for (int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+             const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
+#ifndef LIBRESSL_VERSION_NUMBER
+             cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher));
+#else
+            cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher));
+#endif
+         }
+         sk_SSL_CIPHER_free(sk);
+ 
+@@ -5345,7 +5361,11 @@ class MyTLSContext : public TLSContext (public)
+             sessInfo.version = TLS::TLS_v1;
+         }
+ 
+#ifndef LIBRESSL_VERSION_NUMBER
+         sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl)));
+#else
+        sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
+#endif
+ 
+         sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
+ 
+@@ -6629,7 +6649,9 @@ class opensslProvider : public Provider (public)
+ #endif
+         list += QStringLiteral("pbkdf1(sha1)");
+         list += QStringLiteral("pbkdf2(sha1)");
+#ifndef LIBRESSL_VERSION_NUMBER
+         list += QStringLiteral("hkdf(sha256)");
+#endif
+         list += QStringLiteral("pkey");
+         list += QStringLiteral("dlgroup");
+         list += QStringLiteral("rsa");
+@@ -6698,8 +6720,10 @@ class opensslProvider : public Provider (public)
+ #endif
+         else if (type == QLatin1String("pbkdf2(sha1)"))
+             return new opensslPbkdf2Context(this, type);
+#ifndef LIBRESSL_VERSION_NUMBER
+         else if (type == QLatin1String("hkdf(sha256)"))
+             return new opensslHkdfContext(this, type);
+#endif
+         else if (type == QLatin1String("hmac(md5)"))
+             return new opensslHMACContext(EVP_md5(), this, type);
+         else if (type == QLatin1String("hmac(sha1)"))