Remove openssl dep from kde-applications/messagelib

Wed, 09 Jul 2025 01:42:39 -0700 

messagelib only does DKIM verification and uses OPENSSL_DECODER_CTX
for deserializing an RSA public key and another bit of trivially
replaceable API to get the RSA e.

The below diff replaces this with "legacy" API, bumps the major of
KPim6MessageViewer and links it against libcrypto - no ssl in sight
here.

It's slightly more intrusive than I would like it to be, but so be it.
I disabled the test but it could be patched in a similar way.

I'll of course happily help if this gets in the way of updates.

I only build tested this, but I did verify that the code successfully
parses the test key in an equivalent C program.

Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/kde-applications/messagelib/Makefile,v
diff -u -p -r1.31 Makefile
--- Makefile    13 Mar 2025 16:15:21 -0000      1.31
+++ Makefile    9 Jul 2025 08:06:57 -0000
@@ -2,10 +2,12 @@ COMMENT =     KDE PIM messaging library
 DISTNAME =     messagelib-${VERSION}
 CATEGORIES =   devel
 
+REVISION =     0
+
 SHARED_LIBS += KPim6MessageComposer      2.0 # 0.0
 SHARED_LIBS += KPim6MessageCore          2.0 # 0.0
 SHARED_LIBS += KPim6MessageList          2.0 # 0.0
-SHARED_LIBS += KPim6MessageViewer        2.0 # 0.0
+SHARED_LIBS += KPim6MessageViewer        3.0 # 0.0
 SHARED_LIBS += KPim6MimeTreeParser       2.0 # 0.0
 SHARED_LIBS += KPim6TemplateParser       1.0 # 0.0
 SHARED_LIBS += KPim6WebEngineViewer      2.0 # 0.0
@@ -29,10 +31,9 @@ WANTLIB += KPim6Mime KPim6PimCommon KPim
 WANTLIB += Qt6Core Qt6DBus Qt6Gui Qt6Network Qt6OpenGL Qt6Positioning
 WANTLIB += Qt6PrintSupport Qt6Qml Qt6QmlMeta Qt6QmlModels Qt6QmlWorkerScript
 WANTLIB += Qt6Quick Qt6WebChannel Qt6WebEngineCore Qt6WebEngineWidgets
-WANTLIB += Qt6Widgets Qt6Xml assuan gpgme gpgmepp m qgpgmeqt6
+WANTLIB += Qt6Widgets Qt6Xml assuan crypto gpgme gpgmepp m qgpgmeqt6
 
 WANTLIB += lib/inotify/inotify
-WANTLIB += lib/eopenssl33/crypto lib/eopenssl33/ssl
 
 MODKDE_TRANSLATIONS = yes
 MODKF5_L10N_CONFLICT = yes
@@ -91,13 +92,8 @@ LIB_DEPENDS =        devel/kf6/karchive \
                x11/qt6/qtwebchannel \
                x11/qt6/qtwebengine
 
-LIB_DEPENDS += security/openssl/3.3
-
 TEST_IS_INTERACTIVE =  X11
 
-CONFIGURE_ENV  = OPENSSL_ROOT_DIR=${LOCALBASE}/lib/eopenssl33
-
-CXXFLAGS =     -I${LOCALBASE}/include/inotify/ 
-I${LOCALBASE}/include/eopenssl33
-LDFLAGS =      -L${LOCALBASE}/lib/eopenssl33 
-Wl,-rpath,${LOCALBASE}/lib/eopenssl33
+CXXFLAGS =     -I${LOCALBASE}/include/inotify/
 
 .include <bsd.port.mk>
Index: patches/patch-messageviewer_src_CMakeLists_txt
===================================================================
RCS file: patches/patch-messageviewer_src_CMakeLists_txt
diff -N patches/patch-messageviewer_src_CMakeLists_txt
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-messageviewer_src_CMakeLists_txt      9 Jul 2025 07:55:10 
-0000
@@ -0,0 +1,12 @@
+Index: messageviewer/src/CMakeLists.txt
+--- messageviewer/src/CMakeLists.txt.orig
++++ messageviewer/src/CMakeLists.txt
+@@ -425,7 +425,7 @@ target_link_libraries(KPim6MessageViewer
+     Qt::PrintSupport
+     KF6::Notifications
+     KF6::TextAddonsWidgets
+-    OpenSSL::SSL
++    crypto
+ )
+ 
+ if(TARGET KF6::TextEditTextToSpeech)
Index: patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt
===================================================================
RCS file: patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt
diff -N patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-messageviewer_src_dkim-verify_CMakeLists_txt  9 Jul 2025 
07:21:49 -0000
@@ -0,0 +1,10 @@
+Index: messageviewer/src/dkim-verify/CMakeLists.txt
+--- messageviewer/src/dkim-verify/CMakeLists.txt.orig
++++ messageviewer/src/dkim-verify/CMakeLists.txt
+@@ -1,5 +1,5 @@
+ # SPDX-License-Identifier: CC0-1.0
+ # SPDX-FileCopyrightText: none
+ if(BUILD_TESTING)
+-    add_subdirectory(autotests)
++    #add_subdirectory(autotests)
+ endif()
Index: patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp
===================================================================
RCS file: patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp
diff -N patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-messageviewer_src_dkim-verify_dkimchecksignaturejob_cpp       
9 Jul 2025 08:33:43 -0000
@@ -0,0 +1,58 @@
+Index: messageviewer/src/dkim-verify/dkimchecksignaturejob.cpp
+--- messageviewer/src/dkim-verify/dkimchecksignaturejob.cpp.orig
++++ messageviewer/src/dkim-verify/dkimchecksignaturejob.cpp
+@@ -19,8 +19,12 @@
+ #include <QRegularExpression>
+ 
+ #include <openssl/bn.h>
++#ifdef LIBRESSL_VERSION_NUMBER
++#include <openssl/x509.h>
++#else
+ #include <openssl/core_names.h>
+ #include <openssl/decoder.h>
++#endif
+ #include <openssl/err.h>
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+@@ -510,6 +514,7 @@ using EVPPKeyPtr = std::unique_ptr<EVP_PKEY, decltype(
+ EVPPKeyPtr loadRSAPublicKey(const QByteArray &der)
+ {
+     EVP_PKEY *pubKey = nullptr;
++#ifndef LIBRESSL_VERSION_NUMBER
+     std::unique_ptr<OSSL_DECODER_CTX, decltype(&OSSL_DECODER_CTX_free)> 
decoderCtx(
+         OSSL_DECODER_CTX_new_for_pkey(&pubKey, "DER", nullptr, "RSA", 
EVP_PKEY_PUBLIC_KEY, nullptr, nullptr),
+         OSSL_DECODER_CTX_free);
+@@ -517,10 +522,16 @@ EVPPKeyPtr loadRSAPublicKey(const QByteArray &der)
+         qCWarning(MESSAGEVIEWER_DKIMCHECKER_LOG) << "Failed to create 
OSSL_DECODER_CTX";
+         return {nullptr, EVP_PKEY_free};
+     }
++#endif
+ 
+     const auto rawDer = QByteArray::fromBase64(der);
++#ifdef LIBRESSL_VERSION_NUMBER
++    const unsigned char *p = reinterpret_cast<const unsigned char 
*>(rawDer.constData());
++    if ((pubKey = d2i_PUBKEY(nullptr, &p, rawDer.size())) == nullptr) {    
++#else
+     std::unique_ptr<BIO, decltype(&BIO_free)> 
pubKeyBio(BIO_new_mem_buf(rawDer.constData(), rawDer.size()), BIO_free);
+     if (!OSSL_DECODER_from_bio(decoderCtx.get(), pubKeyBio.get())) {
++#endif
+         // No need to free pubKey, it's initialized by this function only on 
success
+         qCWarning(MESSAGEVIEWER_DKIMCHECKER_LOG) << "Failed to decode public 
key:" << ERR_error_string(ERR_get_error(), nullptr);
+         return {nullptr, EVP_PKEY_free};
+@@ -575,11 +586,16 @@ std::optional<bool> doVerifySignature(EVP_PKEY *key, c
+ 
+ uint64_t getKeyE(EVP_PKEY *key)
+ {
++#ifdef LIBRESSL_VERSION_NUMBER
++    const RSA *rsa = EVP_PKEY_get0_RSA(key);
++    return BN_get_word(RSA_get0_e(rsa));
++#else
+     BIGNUM *bne = nullptr;
+     EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_RSA_E, &bne);
+     const uint64_t size = BN_get_word(bne);
+     BN_free(bne);
+     return size;
++#endif
+ }
+ 
+ void DKIMCheckSignatureJob::verifyRSASignature()

Reply via email to