qca2{,-qt5}{,-gnupg,-ossl}: update to 2.1.0
New in 2.1.0 - Ported to Qt5 (Qt4 also supported) - New building system. CMake instead of qmake - Added CTR symetric cipher support to qca core - Added no padding encryption algorithm to qca core - qcatool2 renamed to qcatool - fixed crash in qcatool when only options provided on command line without any commands - Use plugins installation path as hard-coded runtime plugins search path - Added new functiion pluginPaths - Added functions to get runtime QCA version - Fixed 'no watch file' warnings in FileWatch - Added EME_PKCS1v15_SSL Encryption Algorithm - New implementation of SafeTimer to prevent crashes - Updated certificates for unittests - RSA Keys are permutable, can encrypt with private and decrypt with public - Add unloadProvider() function for symmetry with insertProvider() - Overloaded "makeKey" to derive a password depending on a time factor - Remove pointer to deinit() routine from QCoreApplication at deinitialization - Fix a couple of crashes where all plugins might not be available - Fix operating on keys with unrelated expired subkeys - Fixed timers in Synchronizer class - Dropped randomunittest - Fixed many unittests - qca-gnupg: internal refactoring - qca-gnupg: try both gpg and gpg2 to find gnupg executable - qca-gnupg: fixed some encodings problem - qca-ossl: no DSA_* dl groups in FIPS specification - qca-ossl: added missed signatures to CRLContext - qca-ossl: fixed certs time zone - qca-nss: fixed KeyLenght for Cipher - qca-botan: fixed getting result size for ciphers
This commit is contained in:
parent
0d9feeba04
commit
774f5d18f0
30 changed files with 2274 additions and 459 deletions
|
@ -1,29 +1,25 @@
|
|||
# $NetBSD: Makefile,v 1.21 2017/08/29 12:23:25 wiz Exp $
|
||||
# $NetBSD: Makefile,v 1.22 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
DISTNAME= qca-gnupg-2.0.0-beta3
|
||||
PKGNAME= qca2-gnupg-${DISTNAME:S/-beta/beta/:C/.*-//}
|
||||
PKGREVISION= 18
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://delta.affinix.com/download/qca/2.0/plugins/
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
PKGNAME= qca2-gnupg-${DISTNAME:C/.*-//}
|
||||
|
||||
MAINTAINER= jfranz@bsdprojects.net
|
||||
HOMEPAGE= http://delta.affinix.com/qca/
|
||||
COMMENT= Cross-platform crypto API for QT - GnuPG plugin
|
||||
LICENSE= gnu-lgpl-v2.1
|
||||
|
||||
.include "../../security/qca2/Makefile.common"
|
||||
|
||||
DEPENDS+= gnupg2-[0-9]*:../../security/gnupg2
|
||||
|
||||
USE_TOOLS+= gmake
|
||||
USE_LIBTOOL= yes
|
||||
HAS_CONFIGURE= yes
|
||||
USE_LANGUAGES= c c++
|
||||
BUILD_DIRS= plugins/qca-gnupg
|
||||
|
||||
CONFIGURE_ARGS+= --qtdir=${QTDIR}
|
||||
CONFIGURE_ARGS+= --with-qca=${QTDIR}
|
||||
CONFIGURE_ARGS+= --plugins-path=${DESTDIR}${QTDIR}/plugins
|
||||
#CONFIGURE_ARGS+= --with-openssl-inc=${SSLBASE}/include
|
||||
#CONFIGURE_ARGS+= --with-openssl-lib=${SSLBASE}/lib
|
||||
CMAKE_ARGS+= -DQT4_BUILD=ON
|
||||
CMAKE_ARGS+= -DBUILD_PLUGINS=gnupg
|
||||
CMAKE_ARGS+= -DBUILD_TOOLS=OFF
|
||||
CMAKE_ARGS+= -DINST_QCA_LIB_NAME=-lqca
|
||||
|
||||
SUBST_CLASSES+= libname
|
||||
SUBST_STAGE.libname= post-patch
|
||||
SUBST_MESSAGE.libname= Use installed lib.
|
||||
SUBST_FILES.libname= plugins/qca-gnupg/CMakeLists.txt
|
||||
SUBST_SED.libname= -e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
|
||||
|
||||
.include "../../security/qca2/buildlink3.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
@comment $NetBSD: PLIST,v 1.1.1.1 2011/10/18 00:46:58 schnoebe Exp $
|
||||
qt4/plugins/crypto/libqca-gnupg.la
|
||||
@comment $NetBSD: PLIST,v 1.2 2018/01/31 09:14:55 markd Exp $
|
||||
qt4/plugins/crypto/libqca-gnupg.so
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
$NetBSD: distinfo,v 1.2 2015/11/04 01:18:06 agc Exp $
|
||||
|
||||
SHA1 (qca-gnupg-2.0.0-beta3.tar.bz2) = 77e3874b9ed427e281b23b9bf41ecc95e74f7053
|
||||
RMD160 (qca-gnupg-2.0.0-beta3.tar.bz2) = 2531d81179e0b78cc3689c7891b4c6c60d56a422
|
||||
SHA512 (qca-gnupg-2.0.0-beta3.tar.bz2) = b9e0591e861a57c10accbdf91ba6ff5f3cd272254bcd1425a44cdce2689cb626fbf9d62f2657724f293f5ca60dfb4bc5aa7ada850b768f6cba6bb388b97bbdc7
|
||||
Size (qca-gnupg-2.0.0-beta3.tar.bz2) = 38177 bytes
|
|
@ -1,27 +1,23 @@
|
|||
# $NetBSD: Makefile,v 1.34 2016/03/29 23:04:01 khorben Exp $
|
||||
# $NetBSD: Makefile,v 1.35 2018/01/31 09:14:56 markd Exp $
|
||||
|
||||
DISTNAME= qca-ossl-2.0.0-beta3
|
||||
PKGNAME= qca2-ossl-${DISTNAME:S/-beta/beta/:C/.*-//}
|
||||
PKGREVISION= 30
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://delta.affinix.com/download/qca/2.0/plugins/
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
PKGNAME= qca2-ossl-${DISTNAME:C/.*-//}
|
||||
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
HOMEPAGE= http://delta.affinix.com/qca/
|
||||
COMMENT= Cross-platform crypto API for QT - OpenSSL plugin
|
||||
|
||||
USE_TOOLS+= gmake
|
||||
USE_LIBTOOL= yes
|
||||
HAS_CONFIGURE= yes
|
||||
USE_LANGUAGES= c c++
|
||||
.include "../../security/qca2/Makefile.common"
|
||||
|
||||
CONFIGURE_ARGS+= --qtdir=${QTDIR}
|
||||
CONFIGURE_ARGS+= --with-qca=${QTDIR}
|
||||
CONFIGURE_ARGS+= --with-openssl-inc=${SSLBASE}/include
|
||||
CONFIGURE_ARGS+= --with-openssl-lib=${SSLBASE}/lib
|
||||
BUILD_DIRS= plugins/qca-ossl
|
||||
|
||||
INSTALL_MAKE_FLAGS+= INSTALL_ROOT=${DESTDIR}
|
||||
CMAKE_ARGS+= -DQT4_BUILD=ON
|
||||
CMAKE_ARGS+= -DBUILD_PLUGINS=ossl
|
||||
CMAKE_ARGS+= -DBUILD_TOOLS=OFF
|
||||
CMAKE_ARGS+= -DINST_QCA_LIB_NAME=-lqca
|
||||
|
||||
SUBST_CLASSES+= libname
|
||||
SUBST_STAGE.libname= post-patch
|
||||
SUBST_MESSAGE.libname= Use installed lib.
|
||||
SUBST_FILES.libname= plugins/qca-ossl/CMakeLists.txt
|
||||
SUBST_SED.libname= -e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
|
||||
|
||||
.include "../../security/qca2/buildlink3.mk"
|
||||
.include "../../security/openssl/buildlink3.mk"
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
@comment $NetBSD: PLIST,v 1.1.1.1 2007/12/20 20:20:17 jdolecek Exp $
|
||||
qt4/plugins/crypto/libqca-ossl.la
|
||||
@comment $NetBSD: PLIST,v 1.2 2018/01/31 09:14:56 markd Exp $
|
||||
qt4/plugins/crypto/libqca-ossl.so
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
$NetBSD: distinfo,v 1.5 2016/03/29 23:04:01 khorben Exp $
|
||||
|
||||
SHA1 (qca-ossl-2.0.0-beta3.tar.bz2) = dd925e8732ff76f24f9f90f4094abaf2f0ac27bf
|
||||
RMD160 (qca-ossl-2.0.0-beta3.tar.bz2) = c979c3c3427eb45e8866e28746f83966e8bcf3c2
|
||||
SHA512 (qca-ossl-2.0.0-beta3.tar.bz2) = 17b30099c1bc8650757d71fd9e7824831b132cedc920f59832cb5a8096b90932834e05f3f77ed34e213fdadf881625710e1311ae4fcc4c0919a1684adb4525b8
|
||||
Size (qca-ossl-2.0.0-beta3.tar.bz2) = 49188 bytes
|
||||
SHA1 (patch-aa) = 186e34288e91383a3a13a5bfbde109f80d9d71e3
|
|
@ -1,303 +0,0 @@
|
|||
$NetBSD: patch-aa,v 1.3 2016/03/29 23:04:01 khorben Exp $
|
||||
|
||||
Remove support for SSLv2
|
||||
|
||||
--- qca-ossl.cpp.orig 2007-12-11 06:34:57.000000000 +0000
|
||||
+++ qca-ossl.cpp
|
||||
@@ -42,6 +42,15 @@
|
||||
#define OSSL_097
|
||||
#endif
|
||||
|
||||
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
+// OpenSSL 1.0.0 makes a few changes that aren't very C++ friendly...
|
||||
+// Among other things, CHECKED_PTR_OF returns a void*, but is used in
|
||||
+// contexts requiring STACK pointers.
|
||||
+#undef CHECKED_PTR_OF
|
||||
+#define CHECKED_PTR_OF(type, p) \
|
||||
+ ((_STACK*) (1 ? p : (type*)0))
|
||||
+#endif
|
||||
+
|
||||
using namespace QCA;
|
||||
|
||||
namespace opensslQCAPlugin {
|
||||
@@ -327,7 +336,7 @@ static X509_EXTENSION *new_subject_key_i
|
||||
X509V3_CTX ctx;
|
||||
X509V3_set_ctx_nodb(&ctx);
|
||||
X509V3_set_ctx(&ctx, NULL, cert, NULL, NULL, 0);
|
||||
- X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
|
||||
+ X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, (char *)"hash");
|
||||
return ex;
|
||||
}
|
||||
|
||||
@@ -1182,6 +1191,7 @@ public:
|
||||
{
|
||||
pkey = from.pkey;
|
||||
CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
||||
+ raw_type = false;
|
||||
state = Idle;
|
||||
}
|
||||
|
||||
@@ -1226,6 +1236,7 @@ public:
|
||||
}
|
||||
else
|
||||
{
|
||||
+ raw_type = false;
|
||||
EVP_MD_CTX_init(&mdctx);
|
||||
if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
|
||||
state = VerifyError;
|
||||
@@ -1771,8 +1782,10 @@ public:
|
||||
md = EVP_sha1();
|
||||
else if(alg == EMSA3_MD5)
|
||||
md = EVP_md5();
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
else if(alg == EMSA3_MD2)
|
||||
md = EVP_md2();
|
||||
+#endif
|
||||
else if(alg == EMSA3_RIPEMD160)
|
||||
md = EVP_ripemd160();
|
||||
else if(alg == EMSA3_Raw)
|
||||
@@ -1789,8 +1802,10 @@ public:
|
||||
md = EVP_sha1();
|
||||
else if(alg == EMSA3_MD5)
|
||||
md = EVP_md5();
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
else if(alg == EMSA3_MD2)
|
||||
md = EVP_md2();
|
||||
+#endif
|
||||
else if(alg == EMSA3_RIPEMD160)
|
||||
md = EVP_ripemd160();
|
||||
else if(alg == EMSA3_Raw)
|
||||
@@ -3385,9 +3400,11 @@ public:
|
||||
case NID_md5WithRSAEncryption:
|
||||
p.sigalgo = QCA::EMSA3_MD5;
|
||||
break;
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
case NID_md2WithRSAEncryption:
|
||||
p.sigalgo = QCA::EMSA3_MD2;
|
||||
break;
|
||||
+#endif
|
||||
case NID_ripemd160WithRSA:
|
||||
p.sigalgo = QCA::EMSA3_RIPEMD160;
|
||||
break;
|
||||
@@ -3871,9 +3888,11 @@ public:
|
||||
case NID_md5WithRSAEncryption:
|
||||
p.sigalgo = QCA::EMSA3_MD5;
|
||||
break;
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
case NID_md2WithRSAEncryption:
|
||||
p.sigalgo = QCA::EMSA3_MD2;
|
||||
break;
|
||||
+#endif
|
||||
case NID_ripemd160WithRSA:
|
||||
p.sigalgo = QCA::EMSA3_RIPEMD160;
|
||||
break;
|
||||
@@ -4061,9 +4080,11 @@ public:
|
||||
case NID_md5WithRSAEncryption:
|
||||
p.sigalgo = QCA::EMSA3_MD5;
|
||||
break;
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
case NID_md2WithRSAEncryption:
|
||||
p.sigalgo = QCA::EMSA3_MD2;
|
||||
break;
|
||||
+#endif
|
||||
case NID_ripemd160WithRSA:
|
||||
p.sigalgo = QCA::EMSA3_RIPEMD160;
|
||||
break;
|
||||
@@ -5128,14 +5149,21 @@ public:
|
||||
v_eof = false;
|
||||
}
|
||||
|
||||
+ // dummy verification function for SSL_set_verify()
|
||||
+ static int ssl_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||
+ {
|
||||
+ Q_UNUSED(preverify_ok);
|
||||
+ Q_UNUSED(x509_ctx);
|
||||
+
|
||||
+ // don't terminate handshake in case of verification failure
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
virtual QStringList supportedCipherSuites(const TLS::Version &version) const
|
||||
{
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
SSL_CTX *ctx = 0;
|
||||
switch (version) {
|
||||
- case TLS::SSL_v2:
|
||||
- ctx = SSL_CTX_new(SSLv2_client_method());
|
||||
- break;
|
||||
case TLS::SSL_v3:
|
||||
ctx = SSL_CTX_new(SSLv3_client_method());
|
||||
break;
|
||||
@@ -5151,6 +5179,8 @@ public:
|
||||
if (NULL == ctx)
|
||||
return QStringList();
|
||||
|
||||
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
|
||||
+
|
||||
SSL *ssl = SSL_new(ctx);
|
||||
if (NULL == ssl) {
|
||||
SSL_CTX_free(ctx);
|
||||
@@ -5692,6 +5722,14 @@ public:
|
||||
}
|
||||
}
|
||||
|
||||
+ // request a certificate from the client, if in server mode
|
||||
+ if(serv)
|
||||
+ {
|
||||
+ SSL_set_verify(ssl,
|
||||
+ SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
|
||||
+ ssl_verify_callback);
|
||||
+ }
|
||||
+
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -6155,6 +6193,7 @@ public:
|
||||
i2d_PKCS7_bio(bo, p7);
|
||||
//PEM_write_bio_PKCS7(bo, p7);
|
||||
out = bio2ba(bo);
|
||||
+ PKCS7_free(p7);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -6582,7 +6621,9 @@ static QStringList all_hash_types()
|
||||
list += "sha1";
|
||||
list += "sha0";
|
||||
list += "ripemd160";
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
list += "md2";
|
||||
+#endif
|
||||
list += "md4";
|
||||
list += "md5";
|
||||
#ifdef SHA224_DIGEST_LENGTH
|
||||
@@ -6597,9 +6638,11 @@ static QStringList all_hash_types()
|
||||
#ifdef SHA512_DIGEST_LENGTH
|
||||
list += "sha512";
|
||||
#endif
|
||||
+/*
|
||||
#ifdef OBJ_whirlpool
|
||||
list += "whirlpool";
|
||||
#endif
|
||||
+*/
|
||||
return list;
|
||||
}
|
||||
|
||||
@@ -6671,7 +6714,7 @@ public:
|
||||
{
|
||||
}
|
||||
|
||||
- Context *clone() const
|
||||
+ Provider::Context *clone() const
|
||||
{
|
||||
return new opensslInfoContext(*this);
|
||||
}
|
||||
@@ -6692,6 +6735,34 @@ public:
|
||||
}
|
||||
};
|
||||
|
||||
+class opensslRandomContext : public RandomContext
|
||||
+{
|
||||
+public:
|
||||
+ opensslRandomContext(QCA::Provider *p) : RandomContext(p)
|
||||
+ {
|
||||
+ }
|
||||
+
|
||||
+ Context *clone() const
|
||||
+ {
|
||||
+ return new opensslRandomContext(*this);
|
||||
+ }
|
||||
+
|
||||
+ QCA::SecureArray nextBytes(int size)
|
||||
+ {
|
||||
+ QCA::SecureArray buf(size);
|
||||
+ int r;
|
||||
+ // FIXME: loop while we don't have enough random bytes.
|
||||
+ while (true) {
|
||||
+ r = RAND_bytes((unsigned char*)(buf.data()), size);
|
||||
+ if (r == 1) break; // success
|
||||
+ r = RAND_pseudo_bytes((unsigned char*)(buf.data()),
|
||||
+ size);
|
||||
+ if (r >= 0) break; // accept insecure random numbers
|
||||
+ }
|
||||
+ return buf;
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
}
|
||||
|
||||
using namespace opensslQCAPlugin;
|
||||
@@ -6711,11 +6782,14 @@ public:
|
||||
OpenSSL_add_all_algorithms();
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
- srand(time(NULL));
|
||||
- char buf[128];
|
||||
- for(int n = 0; n < 128; ++n)
|
||||
- buf[n] = rand();
|
||||
- RAND_seed(buf, 128);
|
||||
+ // seed the RNG if it's not seeded yet
|
||||
+ if (RAND_status() == 0) {
|
||||
+ qsrand(time(NULL));
|
||||
+ char buf[128];
|
||||
+ for(int n = 0; n < 128; ++n)
|
||||
+ buf[n] = qrand();
|
||||
+ RAND_seed(buf, 128);
|
||||
+ }
|
||||
|
||||
openssl_initted = true;
|
||||
}
|
||||
@@ -6754,10 +6828,13 @@ public:
|
||||
QStringList features() const
|
||||
{
|
||||
QStringList list;
|
||||
+ list += "random";
|
||||
list += all_hash_types();
|
||||
list += all_mac_types();
|
||||
list += all_cipher_types();
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
list += "pbkdf1(md2)";
|
||||
+#endif
|
||||
list += "pbkdf1(sha1)";
|
||||
list += "pbkdf2(sha1)";
|
||||
list += "pkey";
|
||||
@@ -6780,7 +6857,9 @@ public:
|
||||
Context *createContext(const QString &type)
|
||||
{
|
||||
//OpenSSL_add_all_digests();
|
||||
- if ( type == "info" )
|
||||
+ if ( type == "random" )
|
||||
+ return new opensslRandomContext(this);
|
||||
+ else if ( type == "info" )
|
||||
return new opensslInfoContext(this);
|
||||
else if ( type == "sha1" )
|
||||
return new opensslHashContext( EVP_sha1(), this, type);
|
||||
@@ -6788,8 +6867,10 @@ public:
|
||||
return new opensslHashContext( EVP_sha(), this, type);
|
||||
else if ( type == "ripemd160" )
|
||||
return new opensslHashContext( EVP_ripemd160(), this, type);
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
else if ( type == "md2" )
|
||||
return new opensslHashContext( EVP_md2(), this, type);
|
||||
+#endif
|
||||
else if ( type == "md4" )
|
||||
return new opensslHashContext( EVP_md4(), this, type);
|
||||
else if ( type == "md5" )
|
||||
@@ -6810,14 +6891,18 @@ public:
|
||||
else if ( type == "sha512" )
|
||||
return new opensslHashContext( EVP_sha512(), this, type);
|
||||
#endif
|
||||
+/*
|
||||
#ifdef OBJ_whirlpool
|
||||
else if ( type == "whirlpool" )
|
||||
return new opensslHashContext( EVP_whirlpool(), this, type);
|
||||
#endif
|
||||
+*/
|
||||
else if ( type == "pbkdf1(sha1)" )
|
||||
return new opensslPbkdf1Context( EVP_sha1(), this, type );
|
||||
+#ifdef HAVE_OPENSSL_MD2
|
||||
else if ( type == "pbkdf1(md2)" )
|
||||
return new opensslPbkdf1Context( EVP_md2(), this, type );
|
||||
+#endif
|
||||
else if ( type == "pbkdf2(sha1)" )
|
||||
return new opensslPbkdf2Context( this, type );
|
||||
else if ( type == "hmac(md5)" )
|
17
security/qca2-qt5-gnupg/DESCR
Normal file
17
security/qca2-qt5-gnupg/DESCR
Normal file
|
@ -0,0 +1,17 @@
|
|||
Taking a hint from the similarly-named Java Cryptography Architecture,
|
||||
QCA aims to provide a straightforward and cross-platform crypto
|
||||
API, using Qt datatypes and conventions. QCA separates the API from
|
||||
the implementation, using plugins known as Providers. The advantage
|
||||
of this model is to allow applications to avoid linking to or
|
||||
explicitly depending on any particular cryptographic library. This
|
||||
allows one to easily change or upgrade crypto implementations
|
||||
without even needing to recompile the application. QCA should work
|
||||
everywhere Qt does, including Windows/Unix/MacOSX.
|
||||
|
||||
Capabilities:
|
||||
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
|
||||
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
|
||||
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
|
||||
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
|
||||
|
||||
This is the GnuPG plugin.
|
24
security/qca2-qt5-gnupg/Makefile
Normal file
24
security/qca2-qt5-gnupg/Makefile
Normal file
|
@ -0,0 +1,24 @@
|
|||
# $NetBSD: Makefile,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
|
||||
PKGNAME= qca2-qt5-gnupg-${DISTNAME:C/.*-//}
|
||||
|
||||
COMMENT= Cross-platform crypto API for QT5 - GnuPG plugin
|
||||
|
||||
.include "../../security/qca2/Makefile.common"
|
||||
|
||||
DEPENDS+= gnupg2-[0-9]*:../../security/gnupg2
|
||||
|
||||
BUILD_DIRS= plugins/qca-gnupg
|
||||
|
||||
CMAKE_ARGS+= -DBUILD_PLUGINS=gnupg
|
||||
CMAKE_ARGS+= -DBUILD_TOOLS=OFF
|
||||
CMAKE_ARGS+= -DINST_QCA_LIB_NAME=-lqca-qt5
|
||||
|
||||
SUBST_CLASSES+= libname
|
||||
SUBST_STAGE.libname= post-patch
|
||||
SUBST_MESSAGE.libname= Use installed lib.
|
||||
SUBST_FILES.libname= plugins/qca-gnupg/CMakeLists.txt
|
||||
SUBST_SED.libname= -e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
|
||||
|
||||
.include "../../security/qca2-qt5/buildlink3.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
2
security/qca2-qt5-gnupg/PLIST
Normal file
2
security/qca2-qt5-gnupg/PLIST
Normal file
|
@ -0,0 +1,2 @@
|
|||
@comment $NetBSD: PLIST,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
qt5/plugins/crypto/libqca-gnupg.so
|
15
security/qca2-qt5-ossl/DESCR
Normal file
15
security/qca2-qt5-ossl/DESCR
Normal file
|
@ -0,0 +1,15 @@
|
|||
Taking a hint from the similarly-named Java Cryptography Architecture,
|
||||
QCA aims to provide a straightforward and cross-platform crypto
|
||||
API, using Qt datatypes and conventions. QCA separates the API from
|
||||
the implementation, using plugins known as Providers. The advantage
|
||||
of this model is to allow applications to avoid linking to or
|
||||
explicitly depending on any particular cryptographic library. This
|
||||
allows one to easily change or upgrade crypto implementations
|
||||
without even needing to recompile the application. QCA should work
|
||||
everywhere Qt does, including Windows/Unix/MacOSX.
|
||||
|
||||
Capabilities:
|
||||
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
|
||||
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
|
||||
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
|
||||
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
|
23
security/qca2-qt5-ossl/Makefile
Normal file
23
security/qca2-qt5-ossl/Makefile
Normal file
|
@ -0,0 +1,23 @@
|
|||
# $NetBSD: Makefile,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
|
||||
PKGNAME= qca2-qt5-ossl-${DISTNAME:C/.*-//}
|
||||
|
||||
COMMENT= Cross-platform crypto API for QT5 - OpenSSL plugin
|
||||
|
||||
.include "../../security/qca2/Makefile.common"
|
||||
|
||||
BUILD_DIRS= plugins/qca-ossl
|
||||
|
||||
CMAKE_ARGS+= -DBUILD_PLUGINS=ossl
|
||||
CMAKE_ARGS+= -DBUILD_TOOLS=OFF
|
||||
CMAKE_ARGS+= -DINST_QCA_LIB_NAME=-lqca-qt5
|
||||
|
||||
SUBST_CLASSES+= libname
|
||||
SUBST_STAGE.libname= post-patch
|
||||
SUBST_MESSAGE.libname= Use installed lib.
|
||||
SUBST_FILES.libname= plugins/qca-ossl/CMakeLists.txt
|
||||
SUBST_SED.libname= -e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
|
||||
|
||||
.include "../../security/qca2-qt5/buildlink3.mk"
|
||||
.include "../../security/openssl/buildlink3.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
2
security/qca2-qt5-ossl/PLIST
Normal file
2
security/qca2-qt5-ossl/PLIST
Normal file
|
@ -0,0 +1,2 @@
|
|||
@comment $NetBSD: PLIST,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
qt5/plugins/crypto/libqca-ossl.so
|
16
security/qca2-qt5/DESCR
Normal file
16
security/qca2-qt5/DESCR
Normal file
|
@ -0,0 +1,16 @@
|
|||
Taking a hint from the similarly-named Java Cryptography Architecture,
|
||||
QCA aims to provide a straightforward and cross-platform crypto
|
||||
API, using Qt datatypes and conventions. QCA separates the API from
|
||||
the implementation, using plugins known as Providers. The advantage
|
||||
of this model is to allow applications to avoid linking to or
|
||||
explicitly depending on any particular cryptographic library. This
|
||||
allows one to easily change or upgrade crypto implementations
|
||||
without even needing to recompile the application. QCA should work
|
||||
everywhere Qt does, including Windows/Unix/MacOSX.
|
||||
|
||||
Features:
|
||||
* SSL/TLS
|
||||
* X509
|
||||
* RSA
|
||||
* Hashing (SHA1, MD5)
|
||||
* Ciphers (Blowfish, 3DES, AES)
|
23
security/qca2-qt5/Makefile
Normal file
23
security/qca2-qt5/Makefile
Normal file
|
@ -0,0 +1,23 @@
|
|||
# $NetBSD: Makefile,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
|
||||
PKGNAME= qca2-qt5-${DISTNAME:C/.*-//}
|
||||
|
||||
COMMENT= Cross-platform crypto API for QT5
|
||||
|
||||
.include "../../security/qca2/Makefile.common"
|
||||
|
||||
DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
|
||||
|
||||
INSTALLATION_DIRS= lib/pkgconfig
|
||||
|
||||
CMAKE_ARGS+= -DBUILD_PLUGINS=none
|
||||
CMAKE_ARGS+= -DQCA_MAN_INSTALL_DIR=${PREFIX}/${PKGMANDIR}
|
||||
|
||||
PKGCONFIG_OVERRIDE= lib/pkgconfig/qca2-qt5.pc
|
||||
PKGCONFIG_OVERRIDE_STAGE= post-configure
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA} ${DESTDIR}${QTDIR}/lib/pkgconfig/qca2-qt5.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/qca2-qt5.pc
|
||||
|
||||
.include "../../x11/qt5-qtbase/buildlink3.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
31
security/qca2-qt5/PLIST
Normal file
31
security/qca2-qt5/PLIST
Normal file
|
@ -0,0 +1,31 @@
|
|||
@comment $NetBSD: PLIST,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
lib/pkgconfig/qca2-qt5.pc
|
||||
man/man1/qcatool-qt5.1
|
||||
qt5/bin/mozcerts-qt5
|
||||
qt5/bin/qcatool-qt5
|
||||
qt5/include/Qca-qt5/QtCrypto/QtCrypto
|
||||
qt5/include/Qca-qt5/QtCrypto/qca.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_basic.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_cert.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_core.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_export.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_keystore.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_publickey.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_safetimer.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_securelayer.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_securemessage.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_support.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_textfilter.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_tools.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qca_version.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qcaprovider.h
|
||||
qt5/include/Qca-qt5/QtCrypto/qpipe.h
|
||||
qt5/lib/cmake/Qca-qt5/Qca-qt5Config.cmake
|
||||
qt5/lib/cmake/Qca-qt5/Qca-qt5ConfigVersion.cmake
|
||||
qt5/lib/cmake/Qca-qt5/Qca-qt5Targets-noconfig.cmake
|
||||
qt5/lib/cmake/Qca-qt5/Qca-qt5Targets.cmake
|
||||
qt5/lib/libqca-qt5.so
|
||||
qt5/lib/libqca-qt5.so.2
|
||||
qt5/lib/libqca-qt5.so.${PKGVERSION}
|
||||
qt5/lib/pkgconfig/qca2-qt5.pc
|
||||
qt5/mkspecs/features/crypto.prf
|
14
security/qca2-qt5/buildlink3.mk
Normal file
14
security/qca2-qt5/buildlink3.mk
Normal file
|
@ -0,0 +1,14 @@
|
|||
# $NetBSD: buildlink3.mk,v 1.1 2018/01/31 09:14:56 markd Exp $
|
||||
|
||||
BUILDLINK_TREE+= qca2-qt5
|
||||
|
||||
.if !defined(QCA2_QT5_BUILDLINK3_MK)
|
||||
QCA2_QT5_BUILDLINK3_MK:=
|
||||
|
||||
BUILDLINK_API_DEPENDS.qca2-qt5+= qca2-qt5>=2.1.3
|
||||
BUILDLINK_PKGSRCDIR.qca2-qt5?= ../../security/qca2-qt5
|
||||
|
||||
.include "../../x11/qt5-qtbase/buildlink3.mk"
|
||||
.endif # QCA2_QT5_BUILDLINK3_MK
|
||||
|
||||
BUILDLINK_TREE+= -qca2-qt5
|
|
@ -1,31 +1,21 @@
|
|||
# $NetBSD: Makefile,v 1.38 2016/03/05 11:27:55 jperkin Exp $
|
||||
# $NetBSD: Makefile,v 1.39 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
DISTNAME= qca-2.0.3
|
||||
PKGNAME= qca2-${DISTNAME:C/.*-//}
|
||||
PKGREVISION= 20
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://delta.affinix.com/download/qca/2.0/
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
HOMEPAGE= http://delta.affinix.com/qca/
|
||||
COMMENT= Cross-platform crypto API for QT
|
||||
LICENSE= gnu-lgpl-v2.1
|
||||
|
||||
USE_TOOLS+= gmake
|
||||
USE_LIBTOOL= yes
|
||||
HAS_CONFIGURE= yes
|
||||
USE_LANGUAGES= c++
|
||||
INSTALL_MAKE_FLAGS+= INSTALL_ROOT=${DESTDIR:Q}
|
||||
.include "Makefile.common"
|
||||
|
||||
INSTALLATION_DIRS= qt4/include qt4/lib qt4/plugins/crypto lib/pkgconfig
|
||||
DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
|
||||
|
||||
# install under qt4 prefix to not clash with qca 1.x
|
||||
CONFIGURE_ARGS+= --prefix=${QTDIR}
|
||||
CONFIGURE_ARGS+= --qtdir=${QTDIR}
|
||||
CONFIGURE_ARGS+= --disable-tests
|
||||
CONFIGURE_ARGS+= --certstore-internal
|
||||
CONFIGURE_ARGS+= --no-framework
|
||||
INSTALLATION_DIRS= lib/pkgconfig
|
||||
|
||||
CMAKE_ARGS+= -DBUILD_PLUGINS=none
|
||||
CMAKE_ARGS+= -DQT4_BUILD=ON
|
||||
CMAKE_ARGS+= -DQCA_MAN_INSTALL_DIR=${PREFIX}/${PKGMANDIR}
|
||||
|
||||
PKGCONFIG_OVERRIDE= lib/pkgconfig/qca2.pc
|
||||
PKGCONFIG_OVERRIDE_STAGE= post-configure
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA} ${DESTDIR}${QTDIR}/lib/pkgconfig/qca2.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/qca2.pc
|
||||
|
|
27
security/qca2/Makefile.common
Normal file
27
security/qca2/Makefile.common
Normal file
|
@ -0,0 +1,27 @@
|
|||
# $NetBSD: Makefile.common,v 1.1 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
DISTNAME= qca-2.1.3
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= ${MASTER_SITE_KDE:=qca/2.1.3/src/}
|
||||
EXTRACT_SUFX= .tar.xz
|
||||
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
HOMEPAGE= http://delta.affinix.com/qca/
|
||||
LICENSE= gnu-lgpl-v2.1
|
||||
|
||||
PATCHDIR= ${.CURDIR}/../../security/qca2/patches
|
||||
DISTINFO_FILE= ${.CURDIR}/../../security/qca2/distinfo
|
||||
|
||||
USE_TOOLS+= gmake
|
||||
USE_CMAKE= yes
|
||||
USE_LANGUAGES= c c++
|
||||
|
||||
# install under qt4 prefix to not clash with qca 1.x
|
||||
CMAKE_ARGS+= -DQCA_INSTALL_IN_QT_PREFIX=ON
|
||||
CMAKE_ARGS+= -DOSX_FRAMEWORK=OFF
|
||||
CMAKE_ARGS+= -DBUILD_TESTS=OFF
|
||||
|
||||
SUBST_CLASSES+= certs
|
||||
SUBST_STAGE.certs= post-patch
|
||||
SUBST_FILES.certs= CMakeLists.txt
|
||||
SUBST_VARS.certs= PREFIX
|
|
@ -1,6 +1,8 @@
|
|||
@comment $NetBSD: PLIST,v 1.6 2014/08/26 20:59:40 joerg Exp $
|
||||
@comment $NetBSD: PLIST,v 1.7 2018/01/31 09:14:55 markd Exp $
|
||||
lib/pkgconfig/qca2.pc
|
||||
qt4/bin/qcatool2
|
||||
man/man1/qcatool.1
|
||||
qt4/bin/mozcerts
|
||||
qt4/bin/qcatool
|
||||
qt4/include/QtCrypto/QtCrypto
|
||||
qt4/include/QtCrypto/qca.h
|
||||
qt4/include/QtCrypto/qca_basic.h
|
||||
|
@ -9,16 +11,21 @@ qt4/include/QtCrypto/qca_core.h
|
|||
qt4/include/QtCrypto/qca_export.h
|
||||
qt4/include/QtCrypto/qca_keystore.h
|
||||
qt4/include/QtCrypto/qca_publickey.h
|
||||
qt4/include/QtCrypto/qca_safetimer.h
|
||||
qt4/include/QtCrypto/qca_securelayer.h
|
||||
qt4/include/QtCrypto/qca_securemessage.h
|
||||
qt4/include/QtCrypto/qca_support.h
|
||||
qt4/include/QtCrypto/qca_textfilter.h
|
||||
qt4/include/QtCrypto/qca_tools.h
|
||||
qt4/include/QtCrypto/qca_version.h
|
||||
qt4/include/QtCrypto/qcaprovider.h
|
||||
qt4/include/QtCrypto/qpipe.h
|
||||
qt4/lib/libqca.la
|
||||
qt4/lib/libqca.prl
|
||||
qt4/lib/cmake/Qca/QcaConfig.cmake
|
||||
qt4/lib/cmake/Qca/QcaConfigVersion.cmake
|
||||
qt4/lib/cmake/Qca/QcaTargets-noconfig.cmake
|
||||
qt4/lib/cmake/Qca/QcaTargets.cmake
|
||||
qt4/lib/libqca.so
|
||||
qt4/lib/libqca.so.2
|
||||
qt4/lib/libqca.so.${PKGVERSION}
|
||||
qt4/lib/pkgconfig/qca2.pc
|
||||
qt4/mkspecs/features/crypto.prf
|
||||
qt4/share/qca/certs/README
|
||||
qt4/share/qca/certs/rootcerts.pem
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
$NetBSD: distinfo,v 1.8 2018/01/23 12:57:04 jperkin Exp $
|
||||
$NetBSD: distinfo,v 1.9 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
SHA1 (qca-2.0.3.tar.bz2) = 9c868b05b81dce172c41b813de4de68554154c60
|
||||
RMD160 (qca-2.0.3.tar.bz2) = 333cfdce91fedfaec09c205528de52d7b569c521
|
||||
SHA512 (qca-2.0.3.tar.bz2) = c1120ffb373e294fbcc76e21dc2f503ebd3398b26d0ffa7ab7ee3a3e1a4228159358b59c2673ac4a1c2363771e61da54a5080b201c65d586ceda2e3b2facc1bb
|
||||
Size (qca-2.0.3.tar.bz2) = 4530731 bytes
|
||||
SHA1 (patch-aa) = e2e9544eafec8020e8758736aa48ab87b014bf10
|
||||
SHA1 (patch-app.pri) = 48f3842f49cd0bebc6e944a689e4d89f99990057
|
||||
SHA1 (patch-configure) = c114e4f6c2982f8293d37b332a44781fd884412b
|
||||
SHA1 (patch-src_botantools_botan_botan_secmem.h) = 4cb74801291dadb4d2c15c741bbb3b836135fcd9
|
||||
SHA1 (qca-2.1.3.tar.xz) = b5426f9b0c0cdaec4a069091bb9fc476ef363289
|
||||
RMD160 (qca-2.1.3.tar.xz) = 3577bd164bdf41147cfa0e8b4c5db01bde7d20de
|
||||
SHA512 (qca-2.1.3.tar.xz) = 0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a
|
||||
Size (qca-2.1.3.tar.xz) = 686340 bytes
|
||||
SHA1 (patch-CMakeLists.txt) = 4867c54f8bff523233a11201bdb021e6e81a10ed
|
||||
SHA1 (patch-plugins_qca-ossl_CMakeLists.txt) = a03e1c2e2d6c89b36060795f6f47c9b513dbf395
|
||||
SHA1 (patch-plugins_qca-ossl_libcrypto-compat.c) = 965e4db85e12df55057b3d030c568977b83fb708
|
||||
SHA1 (patch-plugins_qca-ossl_libcrypto-compat.h) = 957641557f6767e7c559d3cafba61060029d4e46
|
||||
SHA1 (patch-plugins_qca-ossl_qca-ossl.cpp) = bc1ed58f69b1a1c27f7e71b6d5c00a25a49cb37c
|
||||
|
|
14
security/qca2/patches/patch-CMakeLists.txt
Normal file
14
security/qca2/patches/patch-CMakeLists.txt
Normal file
|
@ -0,0 +1,14 @@
|
|||
$NetBSD: patch-CMakeLists.txt,v 1.1 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
Add mozilla-rootcerts certstore to list
|
||||
|
||||
--- CMakeLists.txt.orig 2018-01-31 20:15:27.000000000 +0000
|
||||
+++ CMakeLists.txt
|
||||
@@ -304,6 +304,7 @@ else ( WIN32 )
|
||||
"/etc/pki/tls/cert.pem"
|
||||
"/etc/ssl/ca-bundle.pem"
|
||||
"/usr/share/curl/curl-ca-bundle.crt"
|
||||
+ "@PREFIX@/share/mozilla-rootcerts/cacert.pem"
|
||||
)
|
||||
foreach (_current_try ${toTry})
|
||||
if(EXISTS ${_current_try})
|
|
@ -1,26 +0,0 @@
|
|||
$NetBSD: patch-aa,v 1.3 2018/01/23 12:57:05 jperkin Exp $
|
||||
|
||||
Don't override QMAKE_MACOSX_DEPLOYMENT_TARGET.
|
||||
|
||||
--- src/src.pro.orig 2010-11-27 21:14:12.000000000 +0000
|
||||
+++ src/src.pro
|
||||
@@ -81,8 +81,6 @@ mac: {
|
||||
SOURCES += $$QCA_CPP/qca_systemstore_mac.cpp
|
||||
LIBS += -framework Carbon -framework Security
|
||||
QMAKE_LFLAGS_SONAME = -Wl,-install_name,"$$LIBDIR/"
|
||||
-
|
||||
- QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.3
|
||||
}
|
||||
|
||||
mac:lib_bundle: {
|
||||
@@ -108,10 +106,6 @@ unix: {
|
||||
incfiles.files = $$PUBLIC_HEADERS
|
||||
incfiles.files += $$QCA_INC/qca.h $$QCA_INC/QtCrypto
|
||||
!lib_bundle:INSTALLS += incfiles
|
||||
-
|
||||
- manfiles.path = $$DATADIR/man/man1
|
||||
- manfiles.files = $$QCA_BASE/man/qcatool2.1
|
||||
- INSTALLS += manfiles
|
||||
}
|
||||
|
||||
!debug_and_release|build_pass {
|
|
@ -1,14 +0,0 @@
|
|||
$NetBSD: patch-app.pri,v 1.1 2018/01/23 12:57:05 jperkin Exp $
|
||||
|
||||
Don't override QMAKE_MACOSX_DEPLOYMENT_TARGET.
|
||||
|
||||
--- app.pri.orig 2009-04-24 21:12:15.000000000 +0000
|
||||
+++ app.pri
|
||||
@@ -1,7 +1,5 @@
|
||||
include(confapp.pri)
|
||||
|
||||
-mac:QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.3
|
||||
-
|
||||
exists(crypto.prf) {
|
||||
# our apps should build against the qca in this tree
|
||||
include(crypto.prf)
|
|
@ -1,13 +0,0 @@
|
|||
$NetBSD: patch-configure,v 1.1 2012/01/16 20:36:08 adam Exp $
|
||||
|
||||
--- configure.orig 2012-01-16 20:32:17.000000000 +0000
|
||||
+++ configure
|
||||
@@ -977,7 +977,7 @@ public:
|
||||
{
|
||||
bundled = false;
|
||||
|
||||
-#if defined(Q_OS_WIN) || defined(Q_OS_MAC)
|
||||
+#if defined(Q_OS_WIN)
|
||||
// use built-in
|
||||
return true;
|
||||
#else
|
15
security/qca2/patches/patch-plugins_qca-ossl_CMakeLists.txt
Normal file
15
security/qca2/patches/patch-plugins_qca-ossl_CMakeLists.txt
Normal file
|
@ -0,0 +1,15 @@
|
|||
$NetBSD: patch-plugins_qca-ossl_CMakeLists.txt,v 1.1 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
openssl 1.1 support
|
||||
|
||||
--- plugins/qca-ossl/CMakeLists.txt.orig 2018-01-30 20:26:20.512731852 +0000
|
||||
+++ plugins/qca-ossl/CMakeLists.txt
|
||||
@@ -32,7 +32,7 @@ if(OPENSSL_FOUND)
|
||||
message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
|
||||
endif(HAVE_OPENSSL_SHA0)
|
||||
|
||||
- set(QCA_OSSL_SOURCES qca-ossl.cpp)
|
||||
+ set(QCA_OSSL_SOURCES libcrypto-compat.c qca-ossl.cpp)
|
||||
|
||||
my_automoc( QCA_OSSL_SOURCES )
|
||||
|
417
security/qca2/patches/patch-plugins_qca-ossl_libcrypto-compat.c
Normal file
417
security/qca2/patches/patch-plugins_qca-ossl_libcrypto-compat.c
Normal file
|
@ -0,0 +1,417 @@
|
|||
$NetBSD: patch-plugins_qca-ossl_libcrypto-compat.c,v 1.1 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
openssl 1.1 support
|
||||
|
||||
--- plugins/qca-ossl/libcrypto-compat.c.orig 2018-01-30 20:34:52.547356534 +0000
|
||||
+++ plugins/qca-ossl/libcrypto-compat.c
|
||||
@@ -0,0 +1,410 @@
|
||||
+/*
|
||||
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <openssl/evp.h>
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/engine.h>
|
||||
+
|
||||
+static void *OPENSSL_zalloc(size_t num)
|
||||
+{
|
||||
+ void *ret = OPENSSL_malloc(num);
|
||||
+
|
||||
+ if (ret != NULL)
|
||||
+ memset(ret, 0, num);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
|
||||
+{
|
||||
+ /* If the fields n and e in r are NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL for n and e. d may be
|
||||
+ * left NULL (in case only the public key is used).
|
||||
+ */
|
||||
+ if ((r->n == NULL && n == NULL)
|
||||
+ || (r->e == NULL && e == NULL))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (n != NULL) {
|
||||
+ BN_free(r->n);
|
||||
+ r->n = n;
|
||||
+ }
|
||||
+ if (e != NULL) {
|
||||
+ BN_free(r->e);
|
||||
+ r->e = e;
|
||||
+ }
|
||||
+ if (d != NULL) {
|
||||
+ BN_free(r->d);
|
||||
+ r->d = d;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
|
||||
+{
|
||||
+ /* If the fields p and q in r are NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL.
|
||||
+ */
|
||||
+ if ((r->p == NULL && p == NULL)
|
||||
+ || (r->q == NULL && q == NULL))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (p != NULL) {
|
||||
+ BN_free(r->p);
|
||||
+ r->p = p;
|
||||
+ }
|
||||
+ if (q != NULL) {
|
||||
+ BN_free(r->q);
|
||||
+ r->q = q;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
|
||||
+{
|
||||
+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL.
|
||||
+ */
|
||||
+ if ((r->dmp1 == NULL && dmp1 == NULL)
|
||||
+ || (r->dmq1 == NULL && dmq1 == NULL)
|
||||
+ || (r->iqmp == NULL && iqmp == NULL))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (dmp1 != NULL) {
|
||||
+ BN_free(r->dmp1);
|
||||
+ r->dmp1 = dmp1;
|
||||
+ }
|
||||
+ if (dmq1 != NULL) {
|
||||
+ BN_free(r->dmq1);
|
||||
+ r->dmq1 = dmq1;
|
||||
+ }
|
||||
+ if (iqmp != NULL) {
|
||||
+ BN_free(r->iqmp);
|
||||
+ r->iqmp = iqmp;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void RSA_get0_key(const RSA *r,
|
||||
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
||||
+{
|
||||
+ if (n != NULL)
|
||||
+ *n = r->n;
|
||||
+ if (e != NULL)
|
||||
+ *e = r->e;
|
||||
+ if (d != NULL)
|
||||
+ *d = r->d;
|
||||
+}
|
||||
+
|
||||
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
|
||||
+{
|
||||
+ if (p != NULL)
|
||||
+ *p = r->p;
|
||||
+ if (q != NULL)
|
||||
+ *q = r->q;
|
||||
+}
|
||||
+
|
||||
+void RSA_get0_crt_params(const RSA *r,
|
||||
+ const BIGNUM **dmp1, const BIGNUM **dmq1,
|
||||
+ const BIGNUM **iqmp)
|
||||
+{
|
||||
+ if (dmp1 != NULL)
|
||||
+ *dmp1 = r->dmp1;
|
||||
+ if (dmq1 != NULL)
|
||||
+ *dmq1 = r->dmq1;
|
||||
+ if (iqmp != NULL)
|
||||
+ *iqmp = r->iqmp;
|
||||
+}
|
||||
+
|
||||
+void DSA_get0_pqg(const DSA *d,
|
||||
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
|
||||
+{
|
||||
+ if (p != NULL)
|
||||
+ *p = d->p;
|
||||
+ if (q != NULL)
|
||||
+ *q = d->q;
|
||||
+ if (g != NULL)
|
||||
+ *g = d->g;
|
||||
+}
|
||||
+
|
||||
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
||||
+{
|
||||
+ /* If the fields p, q and g in d are NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL.
|
||||
+ */
|
||||
+ if ((d->p == NULL && p == NULL)
|
||||
+ || (d->q == NULL && q == NULL)
|
||||
+ || (d->g == NULL && g == NULL))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (p != NULL) {
|
||||
+ BN_free(d->p);
|
||||
+ d->p = p;
|
||||
+ }
|
||||
+ if (q != NULL) {
|
||||
+ BN_free(d->q);
|
||||
+ d->q = q;
|
||||
+ }
|
||||
+ if (g != NULL) {
|
||||
+ BN_free(d->g);
|
||||
+ d->g = g;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void DSA_get0_key(const DSA *d,
|
||||
+ const BIGNUM **pub_key, const BIGNUM **priv_key)
|
||||
+{
|
||||
+ if (pub_key != NULL)
|
||||
+ *pub_key = d->pub_key;
|
||||
+ if (priv_key != NULL)
|
||||
+ *priv_key = d->priv_key;
|
||||
+}
|
||||
+
|
||||
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
|
||||
+{
|
||||
+ /* If the field pub_key in d is NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL. The priv_key field may
|
||||
+ * be left NULL.
|
||||
+ */
|
||||
+ if (d->pub_key == NULL && pub_key == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (pub_key != NULL) {
|
||||
+ BN_free(d->pub_key);
|
||||
+ d->pub_key = pub_key;
|
||||
+ }
|
||||
+ if (priv_key != NULL) {
|
||||
+ BN_free(d->priv_key);
|
||||
+ d->priv_key = priv_key;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
|
||||
+{
|
||||
+ if (pr != NULL)
|
||||
+ *pr = sig->r;
|
||||
+ if (ps != NULL)
|
||||
+ *ps = sig->s;
|
||||
+}
|
||||
+
|
||||
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
|
||||
+{
|
||||
+ if (r == NULL || s == NULL)
|
||||
+ return 0;
|
||||
+ BN_clear_free(sig->r);
|
||||
+ BN_clear_free(sig->s);
|
||||
+ sig->r = r;
|
||||
+ sig->s = s;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
|
||||
+{
|
||||
+ if (pr != NULL)
|
||||
+ *pr = sig->r;
|
||||
+ if (ps != NULL)
|
||||
+ *ps = sig->s;
|
||||
+}
|
||||
+
|
||||
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
|
||||
+{
|
||||
+ if (r == NULL || s == NULL)
|
||||
+ return 0;
|
||||
+ BN_clear_free(sig->r);
|
||||
+ BN_clear_free(sig->s);
|
||||
+ sig->r = r;
|
||||
+ sig->s = s;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void DH_get0_pqg(const DH *dh,
|
||||
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
|
||||
+{
|
||||
+ if (p != NULL)
|
||||
+ *p = dh->p;
|
||||
+ if (q != NULL)
|
||||
+ *q = dh->q;
|
||||
+ if (g != NULL)
|
||||
+ *g = dh->g;
|
||||
+}
|
||||
+
|
||||
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
||||
+{
|
||||
+ /* If the fields p and g in d are NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL. q may remain NULL.
|
||||
+ */
|
||||
+ if ((dh->p == NULL && p == NULL)
|
||||
+ || (dh->g == NULL && g == NULL))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (p != NULL) {
|
||||
+ BN_free(dh->p);
|
||||
+ dh->p = p;
|
||||
+ }
|
||||
+ if (q != NULL) {
|
||||
+ BN_free(dh->q);
|
||||
+ dh->q = q;
|
||||
+ }
|
||||
+ if (g != NULL) {
|
||||
+ BN_free(dh->g);
|
||||
+ dh->g = g;
|
||||
+ }
|
||||
+
|
||||
+ if (q != NULL) {
|
||||
+ dh->length = BN_num_bits(q);
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
|
||||
+{
|
||||
+ if (pub_key != NULL)
|
||||
+ *pub_key = dh->pub_key;
|
||||
+ if (priv_key != NULL)
|
||||
+ *priv_key = dh->priv_key;
|
||||
+}
|
||||
+
|
||||
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
|
||||
+{
|
||||
+ /* If the field pub_key in dh is NULL, the corresponding input
|
||||
+ * parameters MUST be non-NULL. The priv_key field may
|
||||
+ * be left NULL.
|
||||
+ */
|
||||
+ if (dh->pub_key == NULL && pub_key == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (pub_key != NULL) {
|
||||
+ BN_free(dh->pub_key);
|
||||
+ dh->pub_key = pub_key;
|
||||
+ }
|
||||
+ if (priv_key != NULL) {
|
||||
+ BN_free(dh->priv_key);
|
||||
+ dh->priv_key = priv_key;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int DH_set_length(DH *dh, long length)
|
||||
+{
|
||||
+ dh->length = length;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
|
||||
+{
|
||||
+ return ctx->iv;
|
||||
+}
|
||||
+
|
||||
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
|
||||
+{
|
||||
+ return ctx->iv;
|
||||
+}
|
||||
+
|
||||
+EVP_MD_CTX *EVP_MD_CTX_new(void)
|
||||
+{
|
||||
+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
|
||||
+}
|
||||
+
|
||||
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
|
||||
+{
|
||||
+ EVP_MD_CTX_cleanup(ctx);
|
||||
+ OPENSSL_free(ctx);
|
||||
+}
|
||||
+
|
||||
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
|
||||
+{
|
||||
+ RSA_METHOD *ret;
|
||||
+
|
||||
+ ret = OPENSSL_malloc(sizeof(RSA_METHOD));
|
||||
+
|
||||
+ if (ret != NULL) {
|
||||
+ memcpy(ret, meth, sizeof(*meth));
|
||||
+ ret->name = OPENSSL_strdup(meth->name);
|
||||
+ if (ret->name == NULL) {
|
||||
+ OPENSSL_free(ret);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
|
||||
+{
|
||||
+ char *tmpname;
|
||||
+
|
||||
+ tmpname = OPENSSL_strdup(name);
|
||||
+ if (tmpname == NULL) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ OPENSSL_free((char *)meth->name);
|
||||
+ meth->name = tmpname;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
|
||||
+ int (*priv_enc) (int flen, const unsigned char *from,
|
||||
+ unsigned char *to, RSA *rsa,
|
||||
+ int padding))
|
||||
+{
|
||||
+ meth->rsa_priv_enc = priv_enc;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
|
||||
+ int (*priv_dec) (int flen, const unsigned char *from,
|
||||
+ unsigned char *to, RSA *rsa,
|
||||
+ int padding))
|
||||
+{
|
||||
+ meth->rsa_priv_dec = priv_dec;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
|
||||
+{
|
||||
+ meth->finish = finish;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+void RSA_meth_free(RSA_METHOD *meth)
|
||||
+{
|
||||
+ if (meth != NULL) {
|
||||
+ OPENSSL_free((char *)meth->name);
|
||||
+ OPENSSL_free(meth);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+int RSA_bits(const RSA *r)
|
||||
+{
|
||||
+ return (BN_num_bits(r->n));
|
||||
+}
|
||||
+
|
||||
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
|
||||
+{
|
||||
+ if (pkey->type != EVP_PKEY_RSA) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return pkey->pkey.rsa;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
|
@ -0,0 +1,64 @@
|
|||
$NetBSD: patch-plugins_qca-ossl_libcrypto-compat.h,v 1.1 2018/01/31 09:14:55 markd Exp $
|
||||
|
||||
openssl 1.1 support
|
||||
|
||||
--- plugins/qca-ossl/libcrypto-compat.h.orig 2018-01-30 20:34:52.547356534 +0000
|
||||
+++ plugins/qca-ossl/libcrypto-compat.h
|
||||
@@ -0,0 +1,57 @@
|
||||
+#ifndef LIBCRYPTO_COMPAT_H
|
||||
+#define LIBCRYPTO_COMPAT_H
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+
|
||||
+#include <openssl/rsa.h>
|
||||
+#include <openssl/dsa.h>
|
||||
+#include <openssl/ecdsa.h>
|
||||
+#include <openssl/dh.h>
|
||||
+#include <openssl/evp.h>
|
||||
+
|
||||
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
||||
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
|
||||
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
|
||||
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
|
||||
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
|
||||
+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
|
||||
+
|
||||
+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
||||
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
||||
+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
|
||||
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
|
||||
+
|
||||
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
|
||||
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
||||
+
|
||||
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
|
||||
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
||||
+
|
||||
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
|
||||
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
||||
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
|
||||
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
|
||||
+int DH_set_length(DH *dh, long length);
|
||||
+
|
||||
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
|
||||
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
|
||||
+EVP_MD_CTX *EVP_MD_CTX_new(void);
|
||||
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
|
||||
+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
|
||||
+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
|
||||
+
|
||||
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
|
||||
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
|
||||
+#define RSA_meth_get_finish(meth) meth->finish
|
||||
+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
|
||||
+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
|
||||
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
|
||||
+void RSA_meth_free(RSA_METHOD *meth);
|
||||
+
|
||||
+int RSA_bits(const RSA *r);
|
||||
+
|
||||
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
|
||||
+
|
||||
+#endif /* OPENSSL_VERSION_NUMBER */
|
||||
+
|
||||
+#endif /* LIBCRYPTO_COMPAT_H */
|
1503
security/qca2/patches/patch-plugins_qca-ossl_qca-ossl.cpp
Normal file
1503
security/qca2/patches/patch-plugins_qca-ossl_qca-ossl.cpp
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,13 +0,0 @@
|
|||
$NetBSD: patch-src_botantools_botan_botan_secmem.h,v 1.1 2012/01/16 20:36:08 adam Exp $
|
||||
|
||||
--- src/botantools/botan/botan/secmem.h.orig 2012-01-16 18:21:07.000000000 +0000
|
||||
+++ src/botantools/botan/botan/secmem.h
|
||||
@@ -214,7 +214,7 @@ class SecureVector : public MemoryRegion
|
||||
|
||||
SecureVector(u32bit n = 0) { MemoryRegion<T>::init(true, n); }
|
||||
SecureVector(const T in[], u32bit n)
|
||||
- { MemoryRegion<T>::init(true); set(in, n); }
|
||||
+ { MemoryRegion<T>::init(true); this->set(in, n); }
|
||||
SecureVector(const MemoryRegion<T>& in)
|
||||
{ MemoryRegion<T>::init(true); set(in); }
|
||||
SecureVector(const MemoryRegion<T>& in1, const MemoryRegion<T>& in2)
|
Loading…
Reference in a new issue