Update net/qt5-network to build against LibreSSL.

Patches by Charlie Li / ml_vishwin, with explanation in the patches.
Builds on 11.2 (ssl=unset, base, openssl) and 12.0 (ssl=unset, base,
libressl). Tested with otter-browser on 12.0 (ssl=unset, libressl).

PR:		234078
Submitted by:	Charlie Li
Reported by:	W. Schwarzenfeld
Differential Revision:	https://reviews.freebsd.org/D18582

4 files changed, 208 insertions, 1 deletions

diff --git a/net/qt5-network/Makefile b/net/qt5-network/Makefile
index 517295725671..9adc70b8f005 100644
--- a/net/qt5-network/Makefile
+++ b/net/qt5-network/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	network
 DISTVERSION=	${QT5_VERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	net ipv6
 PKGNAMEPREFIX=	qt5-
 
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl11__symbols__p.h b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl11__symbols__p.h
new file mode 100644
index 000000000000..7e5db51ed696
--- /dev/null
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl11__symbols__p.h
@@ -0,0 +1,71 @@
+For LibreSSL, redefine OPENSSL_STACK to use the native stack_st.
+Also redefine DSA_bits() to a LibreSSL-native routine.
+
+Redefine SSL stack functions to their proper symbols in LibreSSL.
+
+--- src/network/ssl/qsslsocket_openssl11_symbols_p.h.orig	2018-12-03 11:15:26 UTC
++++ src/network/ssl/qsslsocket_openssl11_symbols_p.h
+@@ -75,21 +75,49 @@
+ #error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead"
+ #endif
+ 
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++// LibreSSL 2.7 has stack_st but not OPENSSL_STACK
++typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
++// From the signature in LibreSSL
++#define OPENSSL_INIT_SETTINGS void
++// https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63
++typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
++#endif
++
+ const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x);
+ 
+ Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a);
+ Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem();
+ 
++#ifdef LIBRESSL_VERSION_NUMBER
++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p)
++#else
+ int q_DSA_bits(DSA *a);
++#endif
+ int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+ int q_EVP_PKEY_base_id(EVP_PKEY *a);
+ int q_RSA_bits(RSA *a);
++#ifdef LIBRESSL_VERSION_NUMBER
++int q_sk_num(OPENSSL_STACK *a);
++void q_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
++OPENSSL_STACK *q_sk_new_null();
++void q_sk_push(OPENSSL_STACK *st, void *data);
++void q_sk_free(OPENSSL_STACK *a);
++void * q_sk_value(OPENSSL_STACK *a, int b);
++#define q_OPENSSL_sk_num(a) q_sk_num(a)
++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b)
++#define q_OPENSSL_sk_new_null() q_sk_new_null()
++#define q_OPENSSL_sk_push(a, b) q_sk_push(a, b)
++#define q_OPENSSL_sk_free q_sk_free
++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b)
++#else
+ int q_OPENSSL_sk_num(OPENSSL_STACK *a);
+ void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *));
+ OPENSSL_STACK *q_OPENSSL_sk_new_null();
+ void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data);
+ void q_OPENSSL_sk_free(OPENSSL_STACK *a);
+ void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b);
++#endif
+ int q_SSL_session_reused(SSL *a);
+ unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+ int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+@@ -112,8 +140,13 @@ int q_DH_bits(DH *dh);
+ # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                                                        | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+ 
++#ifdef LIBRESSL_VERSION_NUMBER
++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
++#else
+ #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st)
+ #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i)
++#endif
+ 
+ #define q_OPENSSL_add_all_algorithms_conf()  q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                                                                    | OPENSSL_INIT_ADD_ALL_DIGESTS \
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp
new file mode 100644
index 000000000000..c09b2b96c983
--- /dev/null
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp
@@ -0,0 +1,106 @@
+Redefine SSL stack functions to their proper symbols in LibreSSL.
+Also reference a redefined DSA_bits() that does not natively exist
+in LibreSSL.
+
+Ensure that we link to the correct ssl library selected in
+DEFAULT_VERSIONS.
+
+Do not define SSL_CONF_CTX symbols absent from LibreSSL.
+
+--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig	2018-12-03 11:15:26 UTC
++++ src/network/ssl/qsslsocket_openssl_symbols.cpp
+@@ -152,6 +152,14 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w,
+ DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
+ DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
+ DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
++#ifdef LIBRESSL_VERSION_NUMBER
++DEFINEFUNC(int, sk_num, OPENSSL_STACK *a, a, return -1, return)
++DEFINEFUNC2(void, sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
++DEFINEFUNC(OPENSSL_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
++DEFINEFUNC2(void, sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
++DEFINEFUNC(void, sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
++DEFINEFUNC2(void *, sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
++#else
+ DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
+ DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
+ DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
+@@ -159,6 +167,7 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMY
+ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
+ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
+ DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
++#endif
+ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
+ DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
+ #ifdef TLS1_3_VERSION
+@@ -443,7 +452,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a
+ DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
+ DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
+ DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
+ DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
+ DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
+@@ -846,8 +855,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
+ #endif
+ #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
+     // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
+-    libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
+-    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
++    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER));
++    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER));
+     if (libcrypto->load() && libssl->load()) {
+         // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
+         return pair;
+@@ -876,8 +885,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl()
+     //  macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
+     //    attempt, _after_ <bundle>/Contents/Frameworks has been searched.
+     //  iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
+-    libssl->setFileNameAndVersion(QLatin1String("ssl"), -1);
+-    libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1);
++    libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1);
++    libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1);
+     if (libcrypto->load() && libssl->load()) {
+         // libssl.so.0 and libcrypto.so.0 found
+         return pair;
+@@ -961,12 +970,21 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(EVP_CIPHER_CTX_reset)
+     RESOLVEFUNC(EVP_PKEY_base_id)
+     RESOLVEFUNC(RSA_bits)
++#ifdef LIBRESSL_VERSION_NUMBER
++    RESOLVEFUNC(sk_new_null)
++    RESOLVEFUNC(sk_push)
++    RESOLVEFUNC(sk_free)
++    RESOLVEFUNC(sk_num)
++    RESOLVEFUNC(sk_pop_free)
++    RESOLVEFUNC(sk_value)
++#else
+     RESOLVEFUNC(OPENSSL_sk_new_null)
+     RESOLVEFUNC(OPENSSL_sk_push)
+     RESOLVEFUNC(OPENSSL_sk_free)
+     RESOLVEFUNC(OPENSSL_sk_num)
+     RESOLVEFUNC(OPENSSL_sk_pop_free)
+     RESOLVEFUNC(OPENSSL_sk_value)
++#endif
+     RESOLVEFUNC(DH_get0_pqg)
+     RESOLVEFUNC(SSL_CTX_set_options)
+ #ifdef TLS1_3_VERSION
+@@ -1001,7 +1019,9 @@ bool q_resolveOpenSslSymbols()
+ 
+     RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
+     RESOLVEFUNC(DH_bits)
++#ifndef LIBRESSL_VERSION_NUMBER
+     RESOLVEFUNC(DSA_bits)
++#endif
+ 
+ #if QT_CONFIG(dtls)
+     RESOLVEFUNC(DTLSv1_listen)
+@@ -1237,7 +1257,7 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
+     RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
+     RESOLVEFUNC(SSL_CTX_get_cert_store);
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+     RESOLVEFUNC(SSL_CONF_CTX_new);
+     RESOLVEFUNC(SSL_CONF_CTX_free);
+     RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
new file mode 100644
index 000000000000..75be686a5f8c
--- /dev/null
+++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h
@@ -0,0 +1,30 @@
+Define maximum TLS version as 1.2 so as to not hit any possibly
+unsupported TLS 1.3 symbols.
+
+Also do not define SSL_CONF_CTX symbols absent from LibreSSL.
+
+--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig	2018-12-03 11:15:26 UTC
++++ src/network/ssl/qsslsocket_openssl_symbols_p.h
+@@ -74,6 +74,13 @@
+ 
+ QT_BEGIN_NAMESPACE
+ 
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L
++# define TLS1_2_VERSION 0x0303
++# define TLS_MAX_VERSION TLS1_2_VERSION
++# define TLS_ANY_VERSION 0x10000
++#endif
++
++
+ #define DUMMYARG
+ 
+ #if !defined QT_LINKED_OPENSSL
+@@ -359,7 +366,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b);
+ int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b);
+ int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c);
+ X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a);
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CONF_CTX *q_SSL_CONF_CTX_new();
+ void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a);
+ void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);