[kde-freebsd] ports/146615: /security/qca-ossl build failure prevents /net/kdenetwork4 from building

Max Brazhnikov makc at issp.ac.ru
Sat May 15 18:40:09 CEST 2010


The following reply was made to PR ports/146615; it has been noted by GNATS.

From: Max Brazhnikov <makc at issp.ac.ru>
To: bug-followup at freebsd.org, gerard at seibercom.net
Cc:  
Subject: Re: ports/146615: /security/qca-ossl build failure prevents /net/kdenetwork4 from building
Date: Sat, 15 May 2010 20:30:57 +0400

 --Boundary-00=_Cxs7L7okvYtQ3+0
 Content-Type: Text/Plain;
   charset="us-ascii"
 Content-Transfer-Encoding: 7bit
 
 Please, test the patch.
 
 --Boundary-00=_Cxs7L7okvYtQ3+0
 Content-Type: text/x-patch;
   charset="UTF-8";
   name="qca-ossl.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename="qca-ossl.diff"
 
 Index: Makefile
 ===================================================================
 RCS file: /home/pcvs/ports/security/qca-ossl/Makefile,v
 retrieving revision 1.5
 diff -u -r1.5 Makefile
 --- Makefile	8 Jul 2009 20:43:02 -0000	1.5
 +++ Makefile	15 May 2010 15:51:25 -0000
 @@ -6,7 +6,7 @@
  
  PORTNAME=	qca-ossl
  DISTVERSION=	2.0.0-beta3
 -PORTREVISION=	3
 +PORTREVISION=	4
  CATEGORIES=	security
  MASTER_SITES=	http://delta.affinix.com/download/qca/2.0/plugins/
  
 Index: files/patch-qca-oss.cpp
 ===================================================================
 RCS file: files/patch-qca-oss.cpp
 diff -N files/patch-qca-oss.cpp
 --- files/patch-qca-oss.cpp	2 Mar 2009 18:55:39 -0000	1.1
 +++ /dev/null	1 Jan 1970 00:00:00 -0000
 @@ -1,27 +0,0 @@
 ---- qca-ossl.cpp.orig	2007-12-11 07:34:57.000000000 +0100
 -+++ qca-ossl.cpp	2009-02-26 06:41:17.000000000 +0100
 -@@ -6597,9 +6597,11 @@
 - #ifdef SHA512_DIGEST_LENGTH
 - 	list += "sha512";
 - #endif
 -+#if 0
 - #ifdef OBJ_whirlpool
 - 	list += "whirlpool";
 - #endif
 -+#endif
 - 	return list;
 - }
 - 
 -@@ -6810,10 +6812,12 @@
 - 		else if ( type == "sha512" )
 - 			return new opensslHashContext( EVP_sha512(), this, type);
 - #endif
 -+#if 0
 - #ifdef OBJ_whirlpool
 - 		else if ( type == "whirlpool" )
 - 			return new opensslHashContext( EVP_whirlpool(), this, type);
 - #endif
 -+#endif
 - 		else if ( type == "pbkdf1(sha1)" )
 - 			return new opensslPbkdf1Context( EVP_sha1(), this, type );
 - 		else if ( type == "pbkdf1(md2)" )
 Index: files/patch-qca-ossl.cpp
 ===================================================================
 RCS file: files/patch-qca-ossl.cpp
 diff -N files/patch-qca-ossl.cpp
 --- /dev/null	1 Jan 1970 00:00:00 -0000
 +++ files/patch-qca-ossl.cpp	15 May 2010 16:12:14 -0000
 @@ -0,0 +1,282 @@
 +--- ./qca-ossl.cpp.orig	2007-12-11 09:34:57.000000000 +0300
 ++++ ./qca-ossl.cpp	2010-05-15 20:12:08.151288762 +0400
 +@@ -42,6 +42,15 @@
 + #define OSSL_097
 + #endif
 + 
 ++#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
 ++// OpenSSL 1.0.0 makes a few changes that aren't very C++ friendly...
 ++// Among other things, CHECKED_PTR_OF returns a void*, but is used in
 ++// contexts requiring STACK pointers.
 ++#undef CHECKED_PTR_OF
 ++#define CHECKED_PTR_OF(type, p) \
 ++	            ((_STACK*) (1 ? p : (type*)0))
 ++#endif
 ++
 + using namespace QCA;
 + 
 + namespace opensslQCAPlugin {
 +@@ -327,7 +336,7 @@
 + 	X509V3_CTX ctx;
 + 	X509V3_set_ctx_nodb(&ctx);
 + 	X509V3_set_ctx(&ctx, NULL, cert, NULL, NULL, 0);
 +-	X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
 ++	X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, (char *)"hash");
 + 	return ex;
 + }
 + 
 +@@ -1182,6 +1191,7 @@
 + 	{
 + 		pkey = from.pkey;
 + 		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
 ++		raw_type = false;
 + 		state = Idle;
 + 	}
 + 
 +@@ -1226,6 +1236,7 @@
 + 		}
 + 		else
 + 		{
 ++			raw_type = false;
 + 			EVP_MD_CTX_init(&mdctx);
 + 			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
 + 				state = VerifyError;
 +@@ -1771,8 +1782,10 @@
 + 			md = EVP_sha1();
 + 		else if(alg == EMSA3_MD5)
 + 			md = EVP_md5();
 ++#ifdef HAVE_OPENSSL_MD2
 + 		else if(alg == EMSA3_MD2)
 + 			md = EVP_md2();
 ++#endif
 + 		else if(alg == EMSA3_RIPEMD160)
 + 			md = EVP_ripemd160();
 + 		else if(alg == EMSA3_Raw)
 +@@ -1789,8 +1802,10 @@
 + 			md = EVP_sha1();
 + 		else if(alg == EMSA3_MD5)
 + 			md = EVP_md5();
 ++#ifdef HAVE_OPENSSL_MD2
 + 		else if(alg == EMSA3_MD2)
 + 			md = EVP_md2();
 ++#endif
 + 		else if(alg == EMSA3_RIPEMD160)
 + 			md = EVP_ripemd160();
 + 		else if(alg == EMSA3_Raw)
 +@@ -3385,9 +3400,11 @@
 + 		case NID_md5WithRSAEncryption:
 + 		    p.sigalgo = QCA::EMSA3_MD5;
 + 		    break;
 ++#ifdef HAVE_OPENSSL_MD2
 + 		case NID_md2WithRSAEncryption:
 + 		    p.sigalgo = QCA::EMSA3_MD2;
 + 		    break;
 ++#endif
 + 		case NID_ripemd160WithRSA:
 + 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
 + 		    break;
 +@@ -3871,9 +3888,11 @@
 + 		case NID_md5WithRSAEncryption:
 + 		    p.sigalgo = QCA::EMSA3_MD5;
 + 		    break;
 ++#ifdef HAVE_OPENSSL_MD2
 + 		case NID_md2WithRSAEncryption:
 + 		    p.sigalgo = QCA::EMSA3_MD2;
 + 		    break;
 ++#endif
 + 		case NID_ripemd160WithRSA:
 + 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
 + 		    break;
 +@@ -4061,9 +4080,11 @@
 + 		case NID_md5WithRSAEncryption:
 + 		    p.sigalgo = QCA::EMSA3_MD5;
 + 		    break;
 ++#ifdef HAVE_OPENSSL_MD2
 + 		case NID_md2WithRSAEncryption:
 + 		    p.sigalgo = QCA::EMSA3_MD2;
 + 		    break;
 ++#endif
 + 		case NID_ripemd160WithRSA:
 + 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
 + 		    break;
 +@@ -5128,6 +5149,16 @@
 + 		v_eof = false;
 + 	}
 + 
 ++	// dummy verification function for SSL_set_verify()
 ++	static int ssl_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 ++	{
 ++		Q_UNUSED(preverify_ok);
 ++		Q_UNUSED(x509_ctx);
 ++
 ++		// don't terminate handshake in case of verification failure
 ++		return 1;
 ++	}
 ++
 + 	virtual QStringList supportedCipherSuites(const TLS::Version &version) const
 + 	{
 + 		OpenSSL_add_ssl_algorithms();
 +@@ -5692,6 +5723,14 @@
 + 			}
 + 		}
 + 
 ++		// request a certificate from the client, if in server mode
 ++		if(serv)
 ++		{
 ++			SSL_set_verify(ssl,
 ++				SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
 ++				ssl_verify_callback);
 ++		}
 ++
 + 		return true;
 + 	}
 + 
 +@@ -6155,6 +6194,7 @@
 + 				i2d_PKCS7_bio(bo, p7);
 + 				//PEM_write_bio_PKCS7(bo, p7);
 + 				out = bio2ba(bo);
 ++				PKCS7_free(p7);
 + 			}
 + 			else
 + 			{
 +@@ -6582,7 +6622,9 @@
 + 	list += "sha1";
 + 	list += "sha0";
 + 	list += "ripemd160";
 ++#ifdef HAVE_OPENSSL_MD2
 + 	list += "md2";
 ++#endif
 + 	list += "md4";
 + 	list += "md5";
 + #ifdef SHA224_DIGEST_LENGTH
 +@@ -6597,9 +6639,11 @@
 + #ifdef SHA512_DIGEST_LENGTH
 + 	list += "sha512";
 + #endif
 ++/*
 + #ifdef OBJ_whirlpool
 + 	list += "whirlpool";
 + #endif
 ++*/
 + 	return list;
 + }
 + 
 +@@ -6671,7 +6715,7 @@
 + 	{
 + 	}
 + 
 +-	Context *clone() const
 ++	Provider::Context *clone() const
 + 	{
 + 		return new opensslInfoContext(*this);
 + 	}
 +@@ -6692,6 +6736,34 @@
 + 	}
 + };
 + 
 ++class opensslRandomContext : public RandomContext
 ++{
 ++public:
 ++	opensslRandomContext(QCA::Provider *p) : RandomContext(p)
 ++	{
 ++	}
 ++
 ++	Context *clone() const
 ++	{
 ++		return new opensslRandomContext(*this);
 ++	}
 ++
 ++	QCA::SecureArray nextBytes(int size)
 ++	{
 ++		QCA::SecureArray buf(size);
 ++		int r;
 ++		// FIXME: loop while we don't have enough random bytes.
 ++		while (true) {
 ++			r = RAND_bytes((unsigned char*)(buf.data()), size);
 ++			if (r == 1) break; // success
 ++			r = RAND_pseudo_bytes((unsigned char*)(buf.data()),
 ++						size);
 ++			if (r >= 0) break; // accept insecure random numbers
 ++		}
 ++		return buf;
 ++	}
 ++};
 ++
 + }
 + 
 + using namespace opensslQCAPlugin;
 +@@ -6711,11 +6783,14 @@
 + 		OpenSSL_add_all_algorithms();
 + 		ERR_load_crypto_strings();
 + 
 +-		srand(time(NULL));
 +-		char buf[128];
 +-		for(int n = 0; n < 128; ++n)
 +-			buf[n] = rand();
 +-		RAND_seed(buf, 128);
 ++		// seed the RNG if it's not seeded yet
 ++		if (RAND_status() == 0) {
 ++			qsrand(time(NULL));
 ++			char buf[128];
 ++			for(int n = 0; n < 128; ++n)
 ++				buf[n] = qrand();
 ++			RAND_seed(buf, 128);
 ++		}
 + 
 + 		openssl_initted = true;
 + 	}
 +@@ -6754,10 +6829,13 @@
 + 	QStringList features() const
 + 	{
 + 		QStringList list;
 ++		list += "random";
 + 		list += all_hash_types();
 + 		list += all_mac_types();
 + 		list += all_cipher_types();
 ++#ifdef HAVE_OPENSSL_MD2
 + 		list += "pbkdf1(md2)";
 ++#endif
 + 		list += "pbkdf1(sha1)";
 + 		list += "pbkdf2(sha1)";
 + 		list += "pkey";
 +@@ -6780,7 +6858,9 @@
 + 	Context *createContext(const QString &type)
 + 	{
 + 		//OpenSSL_add_all_digests();
 +-		if ( type == "info" )
 ++		if ( type == "random" )
 ++			return new opensslRandomContext(this);
 ++		else if ( type == "info" )
 + 			return new opensslInfoContext(this);
 + 		else if ( type == "sha1" )
 + 			return new opensslHashContext( EVP_sha1(), this, type);
 +@@ -6788,8 +6868,10 @@
 + 			return new opensslHashContext( EVP_sha(), this, type);
 + 		else if ( type == "ripemd160" )
 + 			return new opensslHashContext( EVP_ripemd160(), this, type);
 ++#ifdef HAVE_OPENSSL_MD2
 + 		else if ( type == "md2" )
 + 			return new opensslHashContext( EVP_md2(), this, type);
 ++#endif
 + 		else if ( type == "md4" )
 + 			return new opensslHashContext( EVP_md4(), this, type);
 + 		else if ( type == "md5" )
 +@@ -6810,14 +6892,18 @@
 + 		else if ( type == "sha512" )
 + 			return new opensslHashContext( EVP_sha512(), this, type);
 + #endif
 ++/*
 + #ifdef OBJ_whirlpool
 + 		else if ( type == "whirlpool" )
 + 			return new opensslHashContext( EVP_whirlpool(), this, type);
 + #endif
 ++*/
 + 		else if ( type == "pbkdf1(sha1)" )
 + 			return new opensslPbkdf1Context( EVP_sha1(), this, type );
 ++#ifdef HAVE_OPENSSL_MD2
 + 		else if ( type == "pbkdf1(md2)" )
 + 			return new opensslPbkdf1Context( EVP_md2(), this, type );
 ++#endif
 + 		else if ( type == "pbkdf2(sha1)" )
 + 			return new opensslPbkdf2Context( this, type );
 + 		else if ( type == "hmac(md5)" )
 
 --Boundary-00=_Cxs7L7okvYtQ3+0--


More information about the kde-freebsd mailing list