Download raw body.
Remove openssl dep from kde-applications/messagelib
On Wed Jul 09, 2025 at 10:42:09AM +0200, Theo Buehler wrote:
> messagelib only does DKIM verification and uses OPENSSL_DECODER_CTX
> for deserializing an RSA public key and another bit of trivially
> replaceable API to get the RSA e.
>
> The below diff replaces this with "legacy" API, bumps the major of
> KPim6MessageViewer and links it against libcrypto - no ssl in sight
> here.
>
> It's slightly more intrusive than I would like it to be, but so be it.
> I disabled the test but it could be patched in a similar way.
Will do it.
>
> I'll of course happily help if this gets in the way of updates.
>
> I only build tested this, but I did verify that the code successfully
> parses the test key in an equivalent C program.
Tested with a pile of KDE PAM apps without any issues. I'm not
sure if I've hit this exact use-case but it doesn't make the PAM
situation any better or worse.
Thanks a lot, OK rsadowski
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/kde-applications/messagelib/Makefile,v
> diff -u -p -r1.31 Makefile
> --- Makefile 13 Mar 2025 16:15:21 -0000 1.31
> +++ Makefile 9 Jul 2025 08:06:57 -0000
> @@ -2,10 +2,12 @@ COMMENT = KDE PIM messaging library
> DISTNAME = messagelib-${VERSION}
> CATEGORIES = devel
>
> +REVISION = 0
> +
> SHARED_LIBS += KPim6MessageComposer 2.0 # 0.0
> SHARED_LIBS += KPim6MessageCore 2.0 # 0.0
> SHARED_LIBS += KPim6MessageList 2.0 # 0.0
> -SHARED_LIBS += KPim6MessageViewer 2.0 # 0.0
> +SHARED_LIBS += KPim6MessageViewer 3.0 # 0.0
> SHARED_LIBS += KPim6MimeTreeParser 2.0 # 0.0
> SHARED_LIBS += KPim6TemplateParser 1.0 # 0.0
> SHARED_LIBS += KPim6WebEngineViewer 2.0 # 0.0
> @@ -29,10 +31,9 @@ WANTLIB += KPim6Mime KPim6PimCommon KPim
> WANTLIB += Qt6Core Qt6DBus Qt6Gui Qt6Network Qt6OpenGL Qt6Positioning
> WANTLIB += Qt6PrintSupport Qt6Qml Qt6QmlMeta Qt6QmlModels Qt6QmlWorkerScript
> WANTLIB += Qt6Quick Qt6WebChannel Qt6WebEngineCore Qt6WebEngineWidgets
> -WANTLIB += Qt6Widgets Qt6Xml assuan gpgme gpgmepp m qgpgmeqt6
> +WANTLIB += Qt6Widgets Qt6Xml assuan crypto gpgme gpgmepp m qgpgmeqt6
>
> WANTLIB += lib/inotify/inotify
> -WANTLIB += lib/eopenssl33/crypto lib/eopenssl33/ssl
>
> MODKDE_TRANSLATIONS = yes
> MODKF5_L10N_CONFLICT = yes
> @@ -91,13 +92,8 @@ LIB_DEPENDS = devel/kf6/karchive \
> x11/qt6/qtwebchannel \
> x11/qt6/qtwebengine
>
> -LIB_DEPENDS += security/openssl/3.3
> -
> TEST_IS_INTERACTIVE = X11
>
> -CONFIGURE_ENV = OPENSSL_ROOT_DIR=${LOCALBASE}/lib/eopenssl33
> -
> -CXXFLAGS = -I${LOCALBASE}/include/inotify/ -I${LOCALBASE}/include/eopenssl33
> -LDFLAGS = -L${LOCALBASE}/lib/eopenssl33 -Wl,-rpath,${LOCALBASE}/lib/eopenssl33
> +CXXFLAGS = -I${LOCALBASE}/include/inotify/
>
> .include <bsd.port.mk>
> Index: patches/patch-messageviewer_src_CMakeLists_txt
> ===================================================================
> RCS file: patches/patch-messageviewer_src_CMakeLists_txt
> diff -N patches/patch-messageviewer_src_CMakeLists_txt
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-messageviewer_src_CMakeLists_txt 9 Jul 2025 07:55:10 -0000
> @@ -0,0 +1,12 @@
> +Index: messageviewer/src/CMakeLists.txt
> +--- messageviewer/src/CMakeLists.txt.orig
> ++++ messageviewer/src/CMakeLists.txt
> +@@ -425,7 +425,7 @@ target_link_libraries(KPim6MessageViewer
> + Qt::PrintSupport
> + KF6::Notifications
> + KF6::TextAddonsWidgets
> +- OpenSSL::SSL
> ++ crypto
> + )
> +
> + if(TARGET KF6::TextEditTextToSpeech)
> Index: patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt
> ===================================================================
> RCS file: patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt
> diff -N patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt 9 Jul 2025 07:21:49 -0000
> @@ -0,0 +1,10 @@
> +Index: messageviewer/src/dkim-verify/CMakeLists.txt
> +--- messageviewer/src/dkim-verify/CMakeLists.txt.orig
> ++++ messageviewer/src/dkim-verify/CMakeLists.txt
> +@@ -1,5 +1,5 @@
> + # SPDX-License-Identifier: CC0-1.0
> + # SPDX-FileCopyrightText: none
> + if(BUILD_TESTING)
> +- add_subdirectory(autotests)
> ++ #add_subdirectory(autotests)
> + endif()
> Index: patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp
> ===================================================================
> RCS file: patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp
> diff -N patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp 9 Jul 2025 08:33:43 -0000
> @@ -0,0 +1,58 @@
> +Index: messageviewer/src/dkim-verify/dkimchecksignaturejob.cpp
> +--- messageviewer/src/dkim-verify/dkimchecksignaturejob.cpp.orig
> ++++ messageviewer/src/dkim-verify/dkimchecksignaturejob.cpp
> +@@ -19,8 +19,12 @@
> + #include <QRegularExpression>
> +
> + #include <openssl/bn.h>
> ++#ifdef LIBRESSL_VERSION_NUMBER
> ++#include <openssl/x509.h>
> ++#else
> + #include <openssl/core_names.h>
> + #include <openssl/decoder.h>
> ++#endif
> + #include <openssl/err.h>
> + #include <openssl/evp.h>
> + #include <openssl/rsa.h>
> +@@ -510,6 +514,7 @@ using EVPPKeyPtr = std::unique_ptr<EVP_PKEY, decltype(
> + EVPPKeyPtr loadRSAPublicKey(const QByteArray &der)
> + {
> + EVP_PKEY *pubKey = nullptr;
> ++#ifndef LIBRESSL_VERSION_NUMBER
> + std::unique_ptr<OSSL_DECODER_CTX, decltype(&OSSL_DECODER_CTX_free)> decoderCtx(
> + OSSL_DECODER_CTX_new_for_pkey(&pubKey, "DER", nullptr, "RSA", EVP_PKEY_PUBLIC_KEY, nullptr, nullptr),
> + OSSL_DECODER_CTX_free);
> +@@ -517,10 +522,16 @@ EVPPKeyPtr loadRSAPublicKey(const QByteArray &der)
> + qCWarning(MESSAGEVIEWER_DKIMCHECKER_LOG) << "Failed to create OSSL_DECODER_CTX";
> + return {nullptr, EVP_PKEY_free};
> + }
> ++#endif
> +
> + const auto rawDer = QByteArray::fromBase64(der);
> ++#ifdef LIBRESSL_VERSION_NUMBER
> ++ const unsigned char *p = reinterpret_cast<const unsigned char *>(rawDer.constData());
> ++ if ((pubKey = d2i_PUBKEY(nullptr, &p, rawDer.size())) == nullptr) {
> ++#else
> + std::unique_ptr<BIO, decltype(&BIO_free)> pubKeyBio(BIO_new_mem_buf(rawDer.constData(), rawDer.size()), BIO_free);
> + if (!OSSL_DECODER_from_bio(decoderCtx.get(), pubKeyBio.get())) {
> ++#endif
> + // No need to free pubKey, it's initialized by this function only on success
> + qCWarning(MESSAGEVIEWER_DKIMCHECKER_LOG) << "Failed to decode public key:" << ERR_error_string(ERR_get_error(), nullptr);
> + return {nullptr, EVP_PKEY_free};
> +@@ -575,11 +586,16 @@ std::optional<bool> doVerifySignature(EVP_PKEY *key, c
> +
> + uint64_t getKeyE(EVP_PKEY *key)
> + {
> ++#ifdef LIBRESSL_VERSION_NUMBER
> ++ const RSA *rsa = EVP_PKEY_get0_RSA(key);
> ++ return BN_get_word(RSA_get0_e(rsa));
> ++#else
> + BIGNUM *bne = nullptr;
> + EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_E, &bne);
> + const uint64_t size = BN_get_word(bne);
> + BN_free(bne);
> + return size;
> ++#endif
> + }
> +
> + void DKIMCheckSignatureJob::verifyRSASignature()
>
Remove openssl dep from kde-applications/messagelib