MFH: r513505
net/qt5-network: readd support for LibreSSL - as with every Qt5 upgrade, we dropped LibreSSL support - this readds it PR: 240962 Submitted by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at> Approved by: ports-secteam (joneum)
This commit is contained in:
parent
9d137681ca
commit
62f7c6598a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2019Q4/; revision=513592
|
@ -2,6 +2,7 @@
|
|||
|
||||
PORTNAME= network
|
||||
DISTVERSION= ${QT5_VERSION}
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= net ipv6
|
||||
PKGNAMEPREFIX= qt5-
|
||||
|
||||
|
|
71
net/qt5-network/files/patch-qsslsocket_openssl11_symbols_p.h
Normal file
71
net/qt5-network/files/patch-qsslsocket_openssl11_symbols_p.h
Normal file
|
@ -0,0 +1,71 @@
|
|||
--- src/network/ssl/qsslsocket_openssl11_symbols_p.h.orig 2019-10-01 07:47:24 UTC
|
||||
+++ src/network/ssl/qsslsocket_openssl11_symbols_p.h
|
||||
@@ -77,19 +77,48 @@
|
||||
|
||||
const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
|
||||
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
|
||||
+// LibreSSL 2.7 has stack_st but not OPENSSL_STACK
|
||||
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
|
||||
+// From the signature in LibreSSL
|
||||
+#define OPENSSL_INIT_SETTINGS void
|
||||
+// https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63
|
||||
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
|
||||
Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
|
||||
|
||||
-int q_DSA_bits(DSA *a);
|
||||
+#ifdef LIBRESSL_VERSION_NUMBER
|
||||
+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
|
||||
+#else
|
||||
+ int q_DSA_bits(DSA *a);
|
||||
+#endif
|
||||
int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
|
||||
int q_EVP_PKEY_base_id(EVP_PKEY *a);
|
||||
int q_RSA_bits(RSA *a);
|
||||
+#ifdef LIBRESSL_VERSION_NUMBER
|
||||
+int q_sk_num(OPENSSL_STACK *a);
|
||||
+void q_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
|
||||
+OPENSSL_STACK *q_sk_new_null();
|
||||
+void q_sk_push(OPENSSL_STACK *st, void *data);
|
||||
+void q_sk_free(OPENSSL_STACK *a);
|
||||
+void * q_sk_value(OPENSSL_STACK *a, int b);
|
||||
+#define q_OPENSSL_sk_num(a) q_sk_num(a)
|
||||
+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
|
||||
+#define q_OPENSSL_sk_new_null() q_sk_new_null()
|
||||
+#define q_OPENSSL_sk_push(a, b) q_sk_push(a, b)
|
||||
+#define q_OPENSSL_sk_free q_sk_free
|
||||
+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
|
||||
+#else
|
||||
Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a);
|
||||
Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
|
||||
Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null();
|
||||
Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
|
||||
Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a);
|
||||
Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
|
||||
+#endif
|
||||
int q_SSL_session_reused(SSL *a);
|
||||
unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
|
||||
int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
|
||||
@@ -110,12 +139,15 @@ STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE
|
||||
void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
||||
int q_DH_bits(DH *dh);
|
||||
|
||||
-# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
|
||||
+#define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
|
||||
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
|
||||
-
|
||||
+#ifdef LIBRESSL_VERSION_NUMBER
|
||||
+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
|
||||
+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
|
||||
+#else
|
||||
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
|
||||
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
|
||||
-
|
||||
+#endif
|
||||
#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
|
||||
| OPENSSL_INIT_ADD_ALL_DIGESTS \
|
||||
| OPENSSL_INIT_LOAD_CONFIG, NULL)
|
|
@ -0,0 +1,11 @@
|
|||
--- src/network/ssl/qsslcontext_openssl.cpp.orig 2019-10-01 08:05:51 UTC
|
||||
+++ src/network/ssl/qsslcontext_openssl.cpp
|
||||
@@ -265,7 +265,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC
|
||||
}
|
||||
#endif // ocsp
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) {
|
||||
QSharedPointer<SSL_CONF_CTX> cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free);
|
||||
if (cctx) {
|
|
@ -0,0 +1,11 @@
|
|||
--- src/network/ssl/qsslsocket_openssl.cpp.orig 2019-10-01 08:09:52 UTC
|
||||
+++ src/network/ssl/qsslsocket_openssl.cpp
|
||||
@@ -604,7 +604,7 @@ bool QSslSocketBackendPrivate::initSslContext()
|
||||
q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
|
||||
}
|
||||
#endif
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10101006L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
// Set the client callback for TLSv1.3 PSK
|
||||
if (mode == QSslSocket::SslClientMode
|
||||
&& QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
|
|
@ -0,0 +1,106 @@
|
|||
Redefine SSL stack functions to their proper symbols in LibreSSL.
|
||||
Also reference a redefined DSA_bits() that does not natively exist
|
||||
in LibreSSL.
|
||||
|
||||
Ensure that we link to the correct ssl library selected in
|
||||
DEFAULT_VERSIONS.
|
||||
|
||||
Do not define SSL_CONF_CTX symbols absent from LibreSSL.
|
||||
|
||||
--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2018-12-03 11:15:26 UTC
|
||||
+++ src/network/ssl/qsslsocket_openssl_symbols.cpp
|
||||
@@ -152,6 +152,14 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w,
|
||||
DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
|
||||
DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
|
||||
DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
|
||||
+#ifdef LIBRESSL_VERSION_NUMBER
|
||||
+DEFINEFUNC(int, sk_num, OPENSSL_STACK *a, a, return -1, return)
|
||||
+DEFINEFUNC2(void, sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
|
||||
+DEFINEFUNC(OPENSSL_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
|
||||
+DEFINEFUNC2(void, sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
|
||||
+DEFINEFUNC(void, sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
|
||||
+DEFINEFUNC2(void *, sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
|
||||
+#else
|
||||
DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
|
||||
DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
|
||||
DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
|
||||
@@ -159,6 +167,7 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMY
|
||||
DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
|
||||
DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
|
||||
DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
|
||||
+#endif
|
||||
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
|
||||
DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
|
||||
#ifdef TLS1_3_VERSION
|
||||
@@ -443,7 +452,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a
|
||||
DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
|
||||
DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
|
||||
DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
|
||||
DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
|
||||
DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
|
||||
@@ -846,8 +855,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
|
||||
#endif
|
||||
#if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
|
||||
// first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
|
||||
- libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
|
||||
- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
|
||||
+ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
|
||||
+ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
|
||||
if (libcrypto->load() && libssl->load()) {
|
||||
// libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
|
||||
return pair;
|
||||
@@ -876,8 +885,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
|
||||
// macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
|
||||
// attempt, _after_ <bundle>/Contents/Frameworks has been searched.
|
||||
// iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
|
||||
- libssl->setFileNameAndVersion(QLatin1String("ssl"), -1);
|
||||
- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1);
|
||||
+ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1);
|
||||
+ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1);
|
||||
if (libcrypto->load() && libssl->load()) {
|
||||
// libssl.so.0 and libcrypto.so.0 found
|
||||
return pair;
|
||||
@@ -961,12 +970,21 @@ bool q_resolveOpenSslSymbols()
|
||||
RESOLVEFUNC(EVP_CIPHER_CTX_reset)
|
||||
RESOLVEFUNC(EVP_PKEY_base_id)
|
||||
RESOLVEFUNC(RSA_bits)
|
||||
+#ifdef LIBRESSL_VERSION_NUMBER
|
||||
+ RESOLVEFUNC(sk_new_null)
|
||||
+ RESOLVEFUNC(sk_push)
|
||||
+ RESOLVEFUNC(sk_free)
|
||||
+ RESOLVEFUNC(sk_num)
|
||||
+ RESOLVEFUNC(sk_pop_free)
|
||||
+ RESOLVEFUNC(sk_value)
|
||||
+#else
|
||||
RESOLVEFUNC(OPENSSL_sk_new_null)
|
||||
RESOLVEFUNC(OPENSSL_sk_push)
|
||||
RESOLVEFUNC(OPENSSL_sk_free)
|
||||
RESOLVEFUNC(OPENSSL_sk_num)
|
||||
RESOLVEFUNC(OPENSSL_sk_pop_free)
|
||||
RESOLVEFUNC(OPENSSL_sk_value)
|
||||
+#endif
|
||||
RESOLVEFUNC(DH_get0_pqg)
|
||||
RESOLVEFUNC(SSL_CTX_set_options)
|
||||
#ifdef TLS1_3_VERSION
|
||||
@@ -1001,7 +1019,9 @@ bool q_resolveOpenSslSymbols()
|
||||
|
||||
RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
|
||||
RESOLVEFUNC(DH_bits)
|
||||
+#ifndef LIBRESSL_VERSION_NUMBER
|
||||
RESOLVEFUNC(DSA_bits)
|
||||
+#endif
|
||||
|
||||
#if QT_CONFIG(dtls)
|
||||
RESOLVEFUNC(DTLSv1_listen)
|
||||
@@ -1237,7 +1257,7 @@ bool q_resolveOpenSslSymbols()
|
||||
RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
|
||||
RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
|
||||
RESOLVEFUNC(SSL_CTX_get_cert_store);
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
RESOLVEFUNC(SSL_CONF_CTX_new);
|
||||
RESOLVEFUNC(SSL_CONF_CTX_free);
|
||||
RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
|
|
@ -0,0 +1,24 @@
|
|||
--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2019-10-01 07:47:06 UTC
|
||||
+++ src/network/ssl/qsslsocket_openssl_symbols_p.h
|
||||
@@ -72,6 +72,12 @@
|
||||
#include "qsslsocket_openssl_p.h"
|
||||
#include <QtCore/qglobal.h>
|
||||
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
|
||||
+# define TLS1_2_VERSION 0x0303
|
||||
+# define TLS_MAX_VERSION TLS1_2_VERSION
|
||||
+# define TLS_ANY_VERSION 0x10000
|
||||
+#endif
|
||||
+
|
||||
#if QT_CONFIG(ocsp)
|
||||
#include "qocsp_p.h"
|
||||
#endif
|
||||
@@ -372,7 +378,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
|
||||
int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
|
||||
int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
|
||||
X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSL_CONF_CTX *q_SSL_CONF_CTX_new();
|
||||
void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
|
||||
void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
|
Loading…
Reference in New Issue
Block a user