qca2{,-qt5}{,-gnupg,-ossl}: update to 2.1.0

 New in 2.1.0
  - Ported to Qt5 (Qt4 also supported)
  - New building system. CMake instead of qmake
  - Added CTR symetric cipher support to qca core
  - Added no padding encryption algorithm to qca core
  - qcatool2 renamed to qcatool
  - fixed crash in qcatool when only options provided on command line without
    any commands
  - Use plugins installation path as hard-coded runtime plugins search path
  - Added new functiion pluginPaths
  - Added functions to get runtime QCA version
  - Fixed 'no watch file' warnings in FileWatch
  - Added EME_PKCS1v15_SSL Encryption Algorithm
  - New implementation of SafeTimer to prevent crashes
  - Updated certificates for unittests
  - RSA Keys are permutable, can encrypt with private and decrypt with public
  - Add unloadProvider() function for symmetry with insertProvider()
  - Overloaded "makeKey" to derive a password depending on a time factor
  - Remove pointer to deinit() routine from QCoreApplication at deinitialization
  - Fix a couple of crashes where all plugins might not be available
  - Fix operating on keys with unrelated expired subkeys
  - Fixed timers in Synchronizer class
  - Dropped randomunittest
  - Fixed many unittests
  - qca-gnupg: internal refactoring
  - qca-gnupg: try both gpg and gpg2 to find gnupg executable
  - qca-gnupg: fixed some encodings problem
  - qca-ossl: no DSA_* dl groups in FIPS specification
  - qca-ossl: added missed signatures to CRLContext
  - qca-ossl: fixed certs time zone
  - qca-nss: fixed KeyLenght for Cipher
  - qca-botan: fixed getting result size for ciphers

4 files changed, 16 insertions, 330 deletions

diff --git a/security/qca2-ossl/Makefile b/security/qca2-ossl/Makefile
index cf78ea2a59e..971d3043a4e 100644
--- a/security/qca2-ossl/Makefile
+++ b/security/qca2-ossl/Makefile
@@ -1,27 +1,23 @@
-# $NetBSD: Makefile,v 1.34 2016/03/29 23:04:01 khorben Exp $
+# $NetBSD: Makefile,v 1.35 2018/01/31 09:14:56 markd Exp $
 
-DISTNAME=	qca-ossl-2.0.0-beta3
-PKGNAME=	qca2-ossl-${DISTNAME:S/-beta/beta/:C/.*-//}
-PKGREVISION=	30
-CATEGORIES=	security
-MASTER_SITES=	http://delta.affinix.com/download/qca/2.0/plugins/
-EXTRACT_SUFX=	.tar.bz2
+PKGNAME=	qca2-ossl-${DISTNAME:C/.*-//}
 
-MAINTAINER=	pkgsrc-users@NetBSD.org
-HOMEPAGE=	http://delta.affinix.com/qca/
 COMMENT=	Cross-platform crypto API for QT - OpenSSL plugin
 
-USE_TOOLS+=	gmake
-USE_LIBTOOL=	yes
-HAS_CONFIGURE=	yes
-USE_LANGUAGES=	c c++
+.include "../../security/qca2/Makefile.common"
 
-CONFIGURE_ARGS+=	--qtdir=${QTDIR}
-CONFIGURE_ARGS+=	--with-qca=${QTDIR}
-CONFIGURE_ARGS+=	--with-openssl-inc=${SSLBASE}/include
-CONFIGURE_ARGS+=	--with-openssl-lib=${SSLBASE}/lib
+BUILD_DIRS=	plugins/qca-ossl
 
-INSTALL_MAKE_FLAGS+=	INSTALL_ROOT=${DESTDIR}
+CMAKE_ARGS+=	-DQT4_BUILD=ON
+CMAKE_ARGS+=	-DBUILD_PLUGINS=ossl
+CMAKE_ARGS+=	-DBUILD_TOOLS=OFF
+CMAKE_ARGS+=	-DINST_QCA_LIB_NAME=-lqca
+
+SUBST_CLASSES+=		libname
+SUBST_STAGE.libname=	post-patch
+SUBST_MESSAGE.libname=	Use installed lib.
+SUBST_FILES.libname=	plugins/qca-ossl/CMakeLists.txt
+SUBST_SED.libname=	-e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
 
 .include "../../security/qca2/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
diff --git a/security/qca2-ossl/PLIST b/security/qca2-ossl/PLIST
index 3cf80bd1fba..d6978d1301e 100644
--- a/security/qca2-ossl/PLIST
+++ b/security/qca2-ossl/PLIST
@@ -1,2 +1,2 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2007/12/20 20:20:17 jdolecek Exp $
-qt4/plugins/crypto/libqca-ossl.la
+@comment $NetBSD: PLIST,v 1.2 2018/01/31 09:14:56 markd Exp $
+qt4/plugins/crypto/libqca-ossl.so
diff --git a/security/qca2-ossl/distinfo b/security/qca2-ossl/distinfo
deleted file mode 100644
index 99ec70241ec..00000000000
--- a/security/qca2-ossl/distinfo
+++ /dev/null
@@ -1,7 +0,0 @@
-$NetBSD: distinfo,v 1.5 2016/03/29 23:04:01 khorben Exp $
-
-SHA1 (qca-ossl-2.0.0-beta3.tar.bz2) = dd925e8732ff76f24f9f90f4094abaf2f0ac27bf
-RMD160 (qca-ossl-2.0.0-beta3.tar.bz2) = c979c3c3427eb45e8866e28746f83966e8bcf3c2
-SHA512 (qca-ossl-2.0.0-beta3.tar.bz2) = 17b30099c1bc8650757d71fd9e7824831b132cedc920f59832cb5a8096b90932834e05f3f77ed34e213fdadf881625710e1311ae4fcc4c0919a1684adb4525b8
-Size (qca-ossl-2.0.0-beta3.tar.bz2) = 49188 bytes
-SHA1 (patch-aa) = 186e34288e91383a3a13a5bfbde109f80d9d71e3
diff --git a/security/qca2-ossl/patches/patch-aa b/security/qca2-ossl/patches/patch-aa
deleted file mode 100644
index 4d21ef6add6..00000000000
--- a/security/qca2-ossl/patches/patch-aa
+++ /dev/null
@@ -1,303 +0,0 @@
-$NetBSD: patch-aa,v 1.3 2016/03/29 23:04:01 khorben Exp $
-
-Remove support for SSLv2
-
---- qca-ossl.cpp.orig	2007-12-11 06:34:57.000000000 +0000
-+++ qca-ossl.cpp
-@@ -42,6 +42,15 @@
- #define OSSL_097
- #endif
- 
-+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
-+// OpenSSL 1.0.0 makes a few changes that aren't very C++ friendly...
-+// Among other things, CHECKED_PTR_OF returns a void*, but is used in
-+// contexts requiring STACK pointers.
-+#undef CHECKED_PTR_OF
-+#define CHECKED_PTR_OF(type, p) \
-+	            ((_STACK*) (1 ? p : (type*)0))
-+#endif
-+
- using namespace QCA;
- 
- namespace opensslQCAPlugin {
-@@ -327,7 +336,7 @@ static X509_EXTENSION *new_subject_key_i
- 	X509V3_CTX ctx;
- 	X509V3_set_ctx_nodb(&ctx);
- 	X509V3_set_ctx(&ctx, NULL, cert, NULL, NULL, 0);
--	X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
-+	X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, (char *)"hash");
- 	return ex;
- }
- 
-@@ -1182,6 +1191,7 @@ public:
- 	{
- 		pkey = from.pkey;
- 		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-+		raw_type = false;
- 		state = Idle;
- 	}
- 
-@@ -1226,6 +1236,7 @@ public:
- 		}
- 		else
- 		{
-+			raw_type = false;
- 			EVP_MD_CTX_init(&mdctx);
- 			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
- 				state = VerifyError;
-@@ -1771,8 +1782,10 @@ public:
- 			md = EVP_sha1();
- 		else if(alg == EMSA3_MD5)
- 			md = EVP_md5();
-+#ifdef HAVE_OPENSSL_MD2
- 		else if(alg == EMSA3_MD2)
- 			md = EVP_md2();
-+#endif
- 		else if(alg == EMSA3_RIPEMD160)
- 			md = EVP_ripemd160();
- 		else if(alg == EMSA3_Raw)
-@@ -1789,8 +1802,10 @@ public:
- 			md = EVP_sha1();
- 		else if(alg == EMSA3_MD5)
- 			md = EVP_md5();
-+#ifdef HAVE_OPENSSL_MD2
- 		else if(alg == EMSA3_MD2)
- 			md = EVP_md2();
-+#endif
- 		else if(alg == EMSA3_RIPEMD160)
- 			md = EVP_ripemd160();
- 		else if(alg == EMSA3_Raw)
-@@ -3385,9 +3400,11 @@ public:
- 		case NID_md5WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD5;
- 		    break;
-+#ifdef HAVE_OPENSSL_MD2
- 		case NID_md2WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD2;
- 		    break;
-+#endif
- 		case NID_ripemd160WithRSA:
- 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
- 		    break;
-@@ -3871,9 +3888,11 @@ public:
- 		case NID_md5WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD5;
- 		    break;
-+#ifdef HAVE_OPENSSL_MD2
- 		case NID_md2WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD2;
- 		    break;
-+#endif
- 		case NID_ripemd160WithRSA:
- 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
- 		    break;
-@@ -4061,9 +4080,11 @@ public:
- 		case NID_md5WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD5;
- 		    break;
-+#ifdef HAVE_OPENSSL_MD2
- 		case NID_md2WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD2;
- 		    break;
-+#endif
- 		case NID_ripemd160WithRSA:
- 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
- 		    break;
-@@ -5128,14 +5149,21 @@ public:
- 		v_eof = false;
- 	}
- 
-+	// dummy verification function for SSL_set_verify()
-+	static int ssl_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
-+	{
-+		Q_UNUSED(preverify_ok);
-+		Q_UNUSED(x509_ctx);
-+
-+		// don't terminate handshake in case of verification failure
-+		return 1;
-+	}
-+
- 	virtual QStringList supportedCipherSuites(const TLS::Version &version) const
- 	{
- 		OpenSSL_add_ssl_algorithms();
- 		SSL_CTX *ctx = 0;
- 		switch (version) {
--		case TLS::SSL_v2:
--			ctx = SSL_CTX_new(SSLv2_client_method());
--			break;
- 		case TLS::SSL_v3:
- 			ctx = SSL_CTX_new(SSLv3_client_method());
- 			break;
-@@ -5151,6 +5179,8 @@ public:
- 		if (NULL == ctx)
- 			return QStringList();
- 
-+		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-+
- 		SSL *ssl = SSL_new(ctx);
- 		if (NULL == ssl) {
- 			SSL_CTX_free(ctx);
-@@ -5692,6 +5722,14 @@ public:
- 			}
- 		}
- 
-+		// request a certificate from the client, if in server mode
-+		if(serv)
-+		{
-+			SSL_set_verify(ssl,
-+				SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
-+				ssl_verify_callback);
-+		}
-+
- 		return true;
- 	}
- 
-@@ -6155,6 +6193,7 @@ public:
- 				i2d_PKCS7_bio(bo, p7);
- 				//PEM_write_bio_PKCS7(bo, p7);
- 				out = bio2ba(bo);
-+				PKCS7_free(p7);
- 			}
- 			else
- 			{
-@@ -6582,7 +6621,9 @@ static QStringList all_hash_types()
- 	list += "sha1";
- 	list += "sha0";
- 	list += "ripemd160";
-+#ifdef HAVE_OPENSSL_MD2
- 	list += "md2";
-+#endif
- 	list += "md4";
- 	list += "md5";
- #ifdef SHA224_DIGEST_LENGTH
-@@ -6597,9 +6638,11 @@ static QStringList all_hash_types()
- #ifdef SHA512_DIGEST_LENGTH
- 	list += "sha512";
- #endif
-+/*
- #ifdef OBJ_whirlpool
- 	list += "whirlpool";
- #endif
-+*/
- 	return list;
- }
- 
-@@ -6671,7 +6714,7 @@ public:
- 	{
- 	}
- 
--	Context *clone() const
-+	Provider::Context *clone() const
- 	{
- 		return new opensslInfoContext(*this);
- 	}
-@@ -6692,6 +6735,34 @@ public:
- 	}
- };
- 
-+class opensslRandomContext : public RandomContext
-+{
-+public:
-+	opensslRandomContext(QCA::Provider *p) : RandomContext(p)
-+	{
-+	}
-+
-+	Context *clone() const
-+	{
-+		return new opensslRandomContext(*this);
-+	}
-+
-+	QCA::SecureArray nextBytes(int size)
-+	{
-+		QCA::SecureArray buf(size);
-+		int r;
-+		// FIXME: loop while we don't have enough random bytes.
-+		while (true) {
-+			r = RAND_bytes((unsigned char*)(buf.data()), size);
-+			if (r == 1) break; // success
-+			r = RAND_pseudo_bytes((unsigned char*)(buf.data()),
-+						size);
-+			if (r >= 0) break; // accept insecure random numbers
-+		}
-+		return buf;
-+	}
-+};
-+
- }
- 
- using namespace opensslQCAPlugin;
-@@ -6711,11 +6782,14 @@ public:
- 		OpenSSL_add_all_algorithms();
- 		ERR_load_crypto_strings();
- 
--		srand(time(NULL));
--		char buf[128];
--		for(int n = 0; n < 128; ++n)
--			buf[n] = rand();
--		RAND_seed(buf, 128);
-+		// seed the RNG if it's not seeded yet
-+		if (RAND_status() == 0) {
-+			qsrand(time(NULL));
-+			char buf[128];
-+			for(int n = 0; n < 128; ++n)
-+				buf[n] = qrand();
-+			RAND_seed(buf, 128);
-+		}
- 
- 		openssl_initted = true;
- 	}
-@@ -6754,10 +6828,13 @@ public:
- 	QStringList features() const
- 	{
- 		QStringList list;
-+		list += "random";
- 		list += all_hash_types();
- 		list += all_mac_types();
- 		list += all_cipher_types();
-+#ifdef HAVE_OPENSSL_MD2
- 		list += "pbkdf1(md2)";
-+#endif
- 		list += "pbkdf1(sha1)";
- 		list += "pbkdf2(sha1)";
- 		list += "pkey";
-@@ -6780,7 +6857,9 @@ public:
- 	Context *createContext(const QString &type)
- 	{
- 		//OpenSSL_add_all_digests();
--		if ( type == "info" )
-+		if ( type == "random" )
-+			return new opensslRandomContext(this);
-+		else if ( type == "info" )
- 			return new opensslInfoContext(this);
- 		else if ( type == "sha1" )
- 			return new opensslHashContext( EVP_sha1(), this, type);
-@@ -6788,8 +6867,10 @@ public:
- 			return new opensslHashContext( EVP_sha(), this, type);
- 		else if ( type == "ripemd160" )
- 			return new opensslHashContext( EVP_ripemd160(), this, type);
-+#ifdef HAVE_OPENSSL_MD2
- 		else if ( type == "md2" )
- 			return new opensslHashContext( EVP_md2(), this, type);
-+#endif
- 		else if ( type == "md4" )
- 			return new opensslHashContext( EVP_md4(), this, type);
- 		else if ( type == "md5" )
-@@ -6810,14 +6891,18 @@ public:
- 		else if ( type == "sha512" )
- 			return new opensslHashContext( EVP_sha512(), this, type);
- #endif
-+/*
- #ifdef OBJ_whirlpool
- 		else if ( type == "whirlpool" )
- 			return new opensslHashContext( EVP_whirlpool(), this, type);
- #endif
-+*/
- 		else if ( type == "pbkdf1(sha1)" )
- 			return new opensslPbkdf1Context( EVP_sha1(), this, type );
-+#ifdef HAVE_OPENSSL_MD2
- 		else if ( type == "pbkdf1(md2)" )
- 			return new opensslPbkdf1Context( EVP_md2(), this, type );
-+#endif
- 		else if ( type == "pbkdf2(sha1)" )
- 			return new opensslPbkdf2Context( this, type );
- 		else if ( type == "hmac(md5)" )