qca2{,-qt5}{,-gnupg,-ossl}: update to 2.1.0

New in 2.1.0
  - Ported to Qt5 (Qt4 also supported)
  - New building system. CMake instead of qmake
  - Added CTR symetric cipher support to qca core
  - Added no padding encryption algorithm to qca core
  - qcatool2 renamed to qcatool
  - fixed crash in qcatool when only options provided on command line without
    any commands
  - Use plugins installation path as hard-coded runtime plugins search path
  - Added new functiion pluginPaths
  - Added functions to get runtime QCA version
  - Fixed 'no watch file' warnings in FileWatch
  - Added EME_PKCS1v15_SSL Encryption Algorithm
  - New implementation of SafeTimer to prevent crashes
  - Updated certificates for unittests
  - RSA Keys are permutable, can encrypt with private and decrypt with public
  - Add unloadProvider() function for symmetry with insertProvider()
  - Overloaded "makeKey" to derive a password depending on a time factor
  - Remove pointer to deinit() routine from QCoreApplication at deinitialization
  - Fix a couple of crashes where all plugins might not be available
  - Fix operating on keys with unrelated expired subkeys
  - Fixed timers in Synchronizer class
  - Dropped randomunittest
  - Fixed many unittests
  - qca-gnupg: internal refactoring
  - qca-gnupg: try both gpg and gpg2 to find gnupg executable
  - qca-gnupg: fixed some encodings problem
  - qca-ossl: no DSA_* dl groups in FIPS specification
  - qca-ossl: added missed signatures to CRLContext
  - qca-ossl: fixed certs time zone
  - qca-nss: fixed KeyLenght for Cipher
  - qca-botan: fixed getting result size for ciphers

security/qca2-gnupg/Makefile

@@ -1,29 +1,25 @@
-# $NetBSD: Makefile,v 1.21 2017/08/29 12:23:25 wiz Exp $
+# $NetBSD: Makefile,v 1.22 2018/01/31 09:14:55 markd Exp $
 
-DISTNAME=	qca-gnupg-2.0.0-beta3
-PKGNAME=	qca2-gnupg-${DISTNAME:S/-beta/beta/:C/.*-//}
-PKGREVISION=	18
-CATEGORIES=	security
-MASTER_SITES=	http://delta.affinix.com/download/qca/2.0/plugins/
-EXTRACT_SUFX=	.tar.bz2
+PKGNAME=	qca2-gnupg-${DISTNAME:C/.*-//}
 
-MAINTAINER=	jfranz@bsdprojects.net
-HOMEPAGE=	http://delta.affinix.com/qca/
 COMMENT=	Cross-platform crypto API for QT - GnuPG plugin
-LICENSE=	gnu-lgpl-v2.1
+
+.include "../../security/qca2/Makefile.common"
 
 DEPENDS+=	gnupg2-[0-9]*:../../security/gnupg2
 
-USE_TOOLS+=	gmake
-USE_LIBTOOL=	yes
-HAS_CONFIGURE=	yes
-USE_LANGUAGES=	c c++
+BUILD_DIRS=	plugins/qca-gnupg
 
-CONFIGURE_ARGS+=	--qtdir=${QTDIR}
-CONFIGURE_ARGS+=	--with-qca=${QTDIR}
-CONFIGURE_ARGS+=	--plugins-path=${DESTDIR}${QTDIR}/plugins
-#CONFIGURE_ARGS+=	--with-openssl-inc=${SSLBASE}/include
-#CONFIGURE_ARGS+=	--with-openssl-lib=${SSLBASE}/lib
+CMAKE_ARGS+=	-DQT4_BUILD=ON
+CMAKE_ARGS+=	-DBUILD_PLUGINS=gnupg
+CMAKE_ARGS+=	-DBUILD_TOOLS=OFF
+CMAKE_ARGS+=	-DINST_QCA_LIB_NAME=-lqca
+
+SUBST_CLASSES+=		libname
+SUBST_STAGE.libname=	post-patch
+SUBST_MESSAGE.libname=	Use installed lib.
+SUBST_FILES.libname=	plugins/qca-gnupg/CMakeLists.txt
+SUBST_SED.libname=	-e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
 
 .include "../../security/qca2/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

security/qca2-gnupg/PLIST

@@ -1,2 +1,2 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2011/10/18 00:46:58 schnoebe Exp $
-qt4/plugins/crypto/libqca-gnupg.la
+@comment $NetBSD: PLIST,v 1.2 2018/01/31 09:14:55 markd Exp $
+qt4/plugins/crypto/libqca-gnupg.so

security/qca2-gnupg/distinfo

@@ -1,6 +0,0 @@
-$NetBSD: distinfo,v 1.2 2015/11/04 01:18:06 agc Exp $
-
-SHA1 (qca-gnupg-2.0.0-beta3.tar.bz2) = 77e3874b9ed427e281b23b9bf41ecc95e74f7053
-RMD160 (qca-gnupg-2.0.0-beta3.tar.bz2) = 2531d81179e0b78cc3689c7891b4c6c60d56a422
-SHA512 (qca-gnupg-2.0.0-beta3.tar.bz2) = b9e0591e861a57c10accbdf91ba6ff5f3cd272254bcd1425a44cdce2689cb626fbf9d62f2657724f293f5ca60dfb4bc5aa7ada850b768f6cba6bb388b97bbdc7
-Size (qca-gnupg-2.0.0-beta3.tar.bz2) = 38177 bytes

security/qca2-ossl/Makefile

@@ -1,27 +1,23 @@
-# $NetBSD: Makefile,v 1.34 2016/03/29 23:04:01 khorben Exp $
+# $NetBSD: Makefile,v 1.35 2018/01/31 09:14:56 markd Exp $
 
-DISTNAME=	qca-ossl-2.0.0-beta3
-PKGNAME=	qca2-ossl-${DISTNAME:S/-beta/beta/:C/.*-//}
-PKGREVISION=	30
-CATEGORIES=	security
-MASTER_SITES=	http://delta.affinix.com/download/qca/2.0/plugins/
-EXTRACT_SUFX=	.tar.bz2
+PKGNAME=	qca2-ossl-${DISTNAME:C/.*-//}
 
-MAINTAINER=	pkgsrc-users@NetBSD.org
-HOMEPAGE=	http://delta.affinix.com/qca/
 COMMENT=	Cross-platform crypto API for QT - OpenSSL plugin
 
-USE_TOOLS+=	gmake
-USE_LIBTOOL=	yes
-HAS_CONFIGURE=	yes
-USE_LANGUAGES=	c c++
+.include "../../security/qca2/Makefile.common"
 
-CONFIGURE_ARGS+=	--qtdir=${QTDIR}
-CONFIGURE_ARGS+=	--with-qca=${QTDIR}
-CONFIGURE_ARGS+=	--with-openssl-inc=${SSLBASE}/include
-CONFIGURE_ARGS+=	--with-openssl-lib=${SSLBASE}/lib
+BUILD_DIRS=	plugins/qca-ossl
 
-INSTALL_MAKE_FLAGS+=	INSTALL_ROOT=${DESTDIR}
+CMAKE_ARGS+=	-DQT4_BUILD=ON
+CMAKE_ARGS+=	-DBUILD_PLUGINS=ossl
+CMAKE_ARGS+=	-DBUILD_TOOLS=OFF
+CMAKE_ARGS+=	-DINST_QCA_LIB_NAME=-lqca
+
+SUBST_CLASSES+=		libname
+SUBST_STAGE.libname=	post-patch
+SUBST_MESSAGE.libname=	Use installed lib.
+SUBST_FILES.libname=	plugins/qca-ossl/CMakeLists.txt
+SUBST_SED.libname=	-e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
 
 .include "../../security/qca2/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"

security/qca2-ossl/PLIST

@@ -1,2 +1,2 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2007/12/20 20:20:17 jdolecek Exp $
-qt4/plugins/crypto/libqca-ossl.la
+@comment $NetBSD: PLIST,v 1.2 2018/01/31 09:14:56 markd Exp $
+qt4/plugins/crypto/libqca-ossl.so

security/qca2-ossl/distinfo

@@ -1,7 +0,0 @@
-$NetBSD: distinfo,v 1.5 2016/03/29 23:04:01 khorben Exp $
-
-SHA1 (qca-ossl-2.0.0-beta3.tar.bz2) = dd925e8732ff76f24f9f90f4094abaf2f0ac27bf
-RMD160 (qca-ossl-2.0.0-beta3.tar.bz2) = c979c3c3427eb45e8866e28746f83966e8bcf3c2
-SHA512 (qca-ossl-2.0.0-beta3.tar.bz2) = 17b30099c1bc8650757d71fd9e7824831b132cedc920f59832cb5a8096b90932834e05f3f77ed34e213fdadf881625710e1311ae4fcc4c0919a1684adb4525b8
-Size (qca-ossl-2.0.0-beta3.tar.bz2) = 49188 bytes
-SHA1 (patch-aa) = 186e34288e91383a3a13a5bfbde109f80d9d71e3

security/qca2-ossl/patches/patch-aa

@@ -1,303 +0,0 @@
-$NetBSD: patch-aa,v 1.3 2016/03/29 23:04:01 khorben Exp $
-
-Remove support for SSLv2
-
---- qca-ossl.cpp.orig	2007-12-11 06:34:57.000000000 +0000
-+++ qca-ossl.cpp
-@@ -42,6 +42,15 @@
- #define OSSL_097
- #endif
- 
-+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
-+// OpenSSL 1.0.0 makes a few changes that aren't very C++ friendly...
-+// Among other things, CHECKED_PTR_OF returns a void*, but is used in
-+// contexts requiring STACK pointers.
-+#undef CHECKED_PTR_OF
-+#define CHECKED_PTR_OF(type, p) \
-+	            ((_STACK*) (1 ? p : (type*)0))
-+#endif
-+
- using namespace QCA;
- 
- namespace opensslQCAPlugin {
-@@ -327,7 +336,7 @@ static X509_EXTENSION *new_subject_key_i
- 	X509V3_CTX ctx;
- 	X509V3_set_ctx_nodb(&ctx);
- 	X509V3_set_ctx(&ctx, NULL, cert, NULL, NULL, 0);
--	X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
-+	X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, (char *)"hash");
- 	return ex;
- }
- 
-@@ -1182,6 +1191,7 @@ public:
- 	{
- 		pkey = from.pkey;
- 		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-+		raw_type = false;
- 		state = Idle;
- 	}
- 
-@@ -1226,6 +1236,7 @@ public:
- 		}
- 		else
- 		{
-+			raw_type = false;
- 			EVP_MD_CTX_init(&mdctx);
- 			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
- 				state = VerifyError;
-@@ -1771,8 +1782,10 @@ public:
- 			md = EVP_sha1();
- 		else if(alg == EMSA3_MD5)
- 			md = EVP_md5();
-+#ifdef HAVE_OPENSSL_MD2
- 		else if(alg == EMSA3_MD2)
- 			md = EVP_md2();
-+#endif
- 		else if(alg == EMSA3_RIPEMD160)
- 			md = EVP_ripemd160();
- 		else if(alg == EMSA3_Raw)
-@@ -1789,8 +1802,10 @@ public:
- 			md = EVP_sha1();
- 		else if(alg == EMSA3_MD5)
- 			md = EVP_md5();
-+#ifdef HAVE_OPENSSL_MD2
- 		else if(alg == EMSA3_MD2)
- 			md = EVP_md2();
-+#endif
- 		else if(alg == EMSA3_RIPEMD160)
- 			md = EVP_ripemd160();
- 		else if(alg == EMSA3_Raw)
-@@ -3385,9 +3400,11 @@ public:
- 		case NID_md5WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD5;
- 		    break;
-+#ifdef HAVE_OPENSSL_MD2
- 		case NID_md2WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD2;
- 		    break;
-+#endif
- 		case NID_ripemd160WithRSA:
- 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
- 		    break;
-@@ -3871,9 +3888,11 @@ public:
- 		case NID_md5WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD5;
- 		    break;
-+#ifdef HAVE_OPENSSL_MD2
- 		case NID_md2WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD2;
- 		    break;
-+#endif
- 		case NID_ripemd160WithRSA:
- 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
- 		    break;
-@@ -4061,9 +4080,11 @@ public:
- 		case NID_md5WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD5;
- 		    break;
-+#ifdef HAVE_OPENSSL_MD2
- 		case NID_md2WithRSAEncryption:
- 		    p.sigalgo = QCA::EMSA3_MD2;
- 		    break;
-+#endif
- 		case NID_ripemd160WithRSA:
- 		    p.sigalgo = QCA::EMSA3_RIPEMD160;
- 		    break;
-@@ -5128,14 +5149,21 @@ public:
- 		v_eof = false;
- 	}
- 
-+	// dummy verification function for SSL_set_verify()
-+	static int ssl_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
-+	{
-+		Q_UNUSED(preverify_ok);
-+		Q_UNUSED(x509_ctx);
-+
-+		// don't terminate handshake in case of verification failure
-+		return 1;
-+	}
-+
- 	virtual QStringList supportedCipherSuites(const TLS::Version &version) const
- 	{
- 		OpenSSL_add_ssl_algorithms();
- 		SSL_CTX *ctx = 0;
- 		switch (version) {
--		case TLS::SSL_v2:
--			ctx = SSL_CTX_new(SSLv2_client_method());
--			break;
- 		case TLS::SSL_v3:
- 			ctx = SSL_CTX_new(SSLv3_client_method());
- 			break;
-@@ -5151,6 +5179,8 @@ public:
- 		if (NULL == ctx)
- 			return QStringList();
- 
-+		SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-+
- 		SSL *ssl = SSL_new(ctx);
- 		if (NULL == ssl) {
- 			SSL_CTX_free(ctx);
-@@ -5692,6 +5722,14 @@ public:
- 			}
- 		}
- 
-+		// request a certificate from the client, if in server mode
-+		if(serv)
-+		{
-+			SSL_set_verify(ssl,
-+				SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
-+				ssl_verify_callback);
-+		}
-+
- 		return true;
- 	}
- 
-@@ -6155,6 +6193,7 @@ public:
- 				i2d_PKCS7_bio(bo, p7);
- 				//PEM_write_bio_PKCS7(bo, p7);
- 				out = bio2ba(bo);
-+				PKCS7_free(p7);
- 			}
- 			else
- 			{
-@@ -6582,7 +6621,9 @@ static QStringList all_hash_types()
- 	list += "sha1";
- 	list += "sha0";
- 	list += "ripemd160";
-+#ifdef HAVE_OPENSSL_MD2
- 	list += "md2";
-+#endif
- 	list += "md4";
- 	list += "md5";
- #ifdef SHA224_DIGEST_LENGTH
-@@ -6597,9 +6638,11 @@ static QStringList all_hash_types()
- #ifdef SHA512_DIGEST_LENGTH
- 	list += "sha512";
- #endif
-+/*
- #ifdef OBJ_whirlpool
- 	list += "whirlpool";
- #endif
-+*/
- 	return list;
- }
- 
-@@ -6671,7 +6714,7 @@ public:
- 	{
- 	}
- 
--	Context *clone() const
-+	Provider::Context *clone() const
- 	{
- 		return new opensslInfoContext(*this);
- 	}
-@@ -6692,6 +6735,34 @@ public:
- 	}
- };
- 
-+class opensslRandomContext : public RandomContext
-+{
-+public:
-+	opensslRandomContext(QCA::Provider *p) : RandomContext(p)
-+	{
-+	}
-+
-+	Context *clone() const
-+	{
-+		return new opensslRandomContext(*this);
-+	}
-+
-+	QCA::SecureArray nextBytes(int size)
-+	{
-+		QCA::SecureArray buf(size);
-+		int r;
-+		// FIXME: loop while we don't have enough random bytes.
-+		while (true) {
-+			r = RAND_bytes((unsigned char*)(buf.data()), size);
-+			if (r == 1) break; // success
-+			r = RAND_pseudo_bytes((unsigned char*)(buf.data()),
-+						size);
-+			if (r >= 0) break; // accept insecure random numbers
-+		}
-+		return buf;
-+	}
-+};
-+
- }
- 
- using namespace opensslQCAPlugin;
-@@ -6711,11 +6782,14 @@ public:
- 		OpenSSL_add_all_algorithms();
- 		ERR_load_crypto_strings();
- 
--		srand(time(NULL));
--		char buf[128];
--		for(int n = 0; n < 128; ++n)
--			buf[n] = rand();
--		RAND_seed(buf, 128);
-+		// seed the RNG if it's not seeded yet
-+		if (RAND_status() == 0) {
-+			qsrand(time(NULL));
-+			char buf[128];
-+			for(int n = 0; n < 128; ++n)
-+				buf[n] = qrand();
-+			RAND_seed(buf, 128);
-+		}
- 
- 		openssl_initted = true;
- 	}
-@@ -6754,10 +6828,13 @@ public:
- 	QStringList features() const
- 	{
- 		QStringList list;
-+		list += "random";
- 		list += all_hash_types();
- 		list += all_mac_types();
- 		list += all_cipher_types();
-+#ifdef HAVE_OPENSSL_MD2
- 		list += "pbkdf1(md2)";
-+#endif
- 		list += "pbkdf1(sha1)";
- 		list += "pbkdf2(sha1)";
- 		list += "pkey";
-@@ -6780,7 +6857,9 @@ public:
- 	Context *createContext(const QString &type)
- 	{
- 		//OpenSSL_add_all_digests();
--		if ( type == "info" )
-+		if ( type == "random" )
-+			return new opensslRandomContext(this);
-+		else if ( type == "info" )
- 			return new opensslInfoContext(this);
- 		else if ( type == "sha1" )
- 			return new opensslHashContext( EVP_sha1(), this, type);
-@@ -6788,8 +6867,10 @@ public:
- 			return new opensslHashContext( EVP_sha(), this, type);
- 		else if ( type == "ripemd160" )
- 			return new opensslHashContext( EVP_ripemd160(), this, type);
-+#ifdef HAVE_OPENSSL_MD2
- 		else if ( type == "md2" )
- 			return new opensslHashContext( EVP_md2(), this, type);
-+#endif
- 		else if ( type == "md4" )
- 			return new opensslHashContext( EVP_md4(), this, type);
- 		else if ( type == "md5" )
-@@ -6810,14 +6891,18 @@ public:
- 		else if ( type == "sha512" )
- 			return new opensslHashContext( EVP_sha512(), this, type);
- #endif
-+/*
- #ifdef OBJ_whirlpool
- 		else if ( type == "whirlpool" )
- 			return new opensslHashContext( EVP_whirlpool(), this, type);
- #endif
-+*/
- 		else if ( type == "pbkdf1(sha1)" )
- 			return new opensslPbkdf1Context( EVP_sha1(), this, type );
-+#ifdef HAVE_OPENSSL_MD2
- 		else if ( type == "pbkdf1(md2)" )
- 			return new opensslPbkdf1Context( EVP_md2(), this, type );
-+#endif
- 		else if ( type == "pbkdf2(sha1)" )
- 			return new opensslPbkdf2Context( this, type );
- 		else if ( type == "hmac(md5)" )

security/qca2-qt5-gnupg/DESCR

@@ -0,0 +1,17 @@
+Taking a hint from the similarly-named Java Cryptography Architecture,
+QCA aims to provide a straightforward and cross-platform crypto
+API, using Qt datatypes and conventions. QCA separates the API from
+the implementation, using plugins known as Providers. The advantage
+of this model is to allow applications to avoid linking to or
+explicitly depending on any particular cryptographic library. This
+allows one to easily change or upgrade crypto implementations
+without even needing to recompile the application. QCA should work
+everywhere Qt does, including Windows/Unix/MacOSX.
+
+Capabilities:
+TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
+SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
+Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
+RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
+
+This is the GnuPG plugin.

security/qca2-qt5-gnupg/Makefile

@@ -0,0 +1,24 @@
+# $NetBSD: Makefile,v 1.1 2018/01/31 09:14:56 markd Exp $
+
+PKGNAME=	qca2-qt5-gnupg-${DISTNAME:C/.*-//}
+
+COMMENT=	Cross-platform crypto API for QT5 - GnuPG plugin
+
+.include "../../security/qca2/Makefile.common"
+
+DEPENDS+=	gnupg2-[0-9]*:../../security/gnupg2
+
+BUILD_DIRS=	plugins/qca-gnupg
+
+CMAKE_ARGS+=	-DBUILD_PLUGINS=gnupg
+CMAKE_ARGS+=	-DBUILD_TOOLS=OFF
+CMAKE_ARGS+=	-DINST_QCA_LIB_NAME=-lqca-qt5
+
+SUBST_CLASSES+=		libname
+SUBST_STAGE.libname=	post-patch
+SUBST_MESSAGE.libname=	Use installed lib.
+SUBST_FILES.libname=	plugins/qca-gnupg/CMakeLists.txt
+SUBST_SED.libname=	-e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
+
+.include "../../security/qca2-qt5/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"

security/qca2-qt5-gnupg/PLIST

@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST,v 1.1 2018/01/31 09:14:56 markd Exp $
+qt5/plugins/crypto/libqca-gnupg.so

security/qca2-qt5-ossl/DESCR

@@ -0,0 +1,15 @@
+Taking a hint from the similarly-named Java Cryptography Architecture,
+QCA aims to provide a straightforward and cross-platform crypto
+API, using Qt datatypes and conventions. QCA separates the API from
+the implementation, using plugins known as Providers. The advantage
+of this model is to allow applications to avoid linking to or
+explicitly depending on any particular cryptographic library. This
+allows one to easily change or upgrade crypto implementations
+without even needing to recompile the application. QCA should work
+everywhere Qt does, including Windows/Unix/MacOSX.
+
+Capabilities:
+TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
+SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
+Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
+RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)

security/qca2-qt5-ossl/Makefile

@@ -0,0 +1,23 @@
+# $NetBSD: Makefile,v 1.1 2018/01/31 09:14:56 markd Exp $
+
+PKGNAME=	qca2-qt5-ossl-${DISTNAME:C/.*-//}
+
+COMMENT=	Cross-platform crypto API for QT5 - OpenSSL plugin
+
+.include "../../security/qca2/Makefile.common"
+
+BUILD_DIRS=	plugins/qca-ossl
+
+CMAKE_ARGS+=	-DBUILD_PLUGINS=ossl
+CMAKE_ARGS+=	-DBUILD_TOOLS=OFF
+CMAKE_ARGS+=	-DINST_QCA_LIB_NAME=-lqca-qt5
+
+SUBST_CLASSES+=		libname
+SUBST_STAGE.libname=	post-patch
+SUBST_MESSAGE.libname=	Use installed lib.
+SUBST_FILES.libname=	plugins/qca-ossl/CMakeLists.txt
+SUBST_SED.libname=	-e 's:{QCA_LIB_NAME}:{INST_QCA_LIB_NAME}:'
+
+.include "../../security/qca2-qt5/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"

security/qca2-qt5-ossl/PLIST

@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST,v 1.1 2018/01/31 09:14:56 markd Exp $
+qt5/plugins/crypto/libqca-ossl.so

security/qca2-qt5/DESCR

@@ -0,0 +1,16 @@
+Taking a hint from the similarly-named Java Cryptography Architecture,
+QCA aims to provide a straightforward and cross-platform crypto
+API, using Qt datatypes and conventions. QCA separates the API from
+the implementation, using plugins known as Providers. The advantage
+of this model is to allow applications to avoid linking to or
+explicitly depending on any particular cryptographic library. This
+allows one to easily change or upgrade crypto implementations
+without even needing to recompile the application. QCA should work
+everywhere Qt does, including Windows/Unix/MacOSX.
+
+Features:
+* SSL/TLS
+* X509
+* RSA
+* Hashing (SHA1, MD5)
+* Ciphers (Blowfish, 3DES, AES)

security/qca2-qt5/Makefile

@@ -0,0 +1,23 @@
+# $NetBSD: Makefile,v 1.1 2018/01/31 09:14:56 markd Exp $
+
+PKGNAME=	qca2-qt5-${DISTNAME:C/.*-//}
+
+COMMENT=	Cross-platform crypto API for QT5
+
+.include "../../security/qca2/Makefile.common"
+
+DEPENDS+=	mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
+
+INSTALLATION_DIRS=	lib/pkgconfig
+
+CMAKE_ARGS+=	-DBUILD_PLUGINS=none
+CMAKE_ARGS+=	-DQCA_MAN_INSTALL_DIR=${PREFIX}/${PKGMANDIR}
+
+PKGCONFIG_OVERRIDE=		lib/pkgconfig/qca2-qt5.pc 
+PKGCONFIG_OVERRIDE_STAGE=	post-configure
+
+post-install:
+	${INSTALL_DATA} ${DESTDIR}${QTDIR}/lib/pkgconfig/qca2-qt5.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/qca2-qt5.pc
+
+.include "../../x11/qt5-qtbase/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"

security/qca2-qt5/PLIST

@@ -0,0 +1,31 @@
+@comment $NetBSD: PLIST,v 1.1 2018/01/31 09:14:56 markd Exp $
+lib/pkgconfig/qca2-qt5.pc
+man/man1/qcatool-qt5.1
+qt5/bin/mozcerts-qt5
+qt5/bin/qcatool-qt5
+qt5/include/Qca-qt5/QtCrypto/QtCrypto
+qt5/include/Qca-qt5/QtCrypto/qca.h
+qt5/include/Qca-qt5/QtCrypto/qca_basic.h
+qt5/include/Qca-qt5/QtCrypto/qca_cert.h
+qt5/include/Qca-qt5/QtCrypto/qca_core.h
+qt5/include/Qca-qt5/QtCrypto/qca_export.h
+qt5/include/Qca-qt5/QtCrypto/qca_keystore.h
+qt5/include/Qca-qt5/QtCrypto/qca_publickey.h
+qt5/include/Qca-qt5/QtCrypto/qca_safetimer.h
+qt5/include/Qca-qt5/QtCrypto/qca_securelayer.h
+qt5/include/Qca-qt5/QtCrypto/qca_securemessage.h
+qt5/include/Qca-qt5/QtCrypto/qca_support.h
+qt5/include/Qca-qt5/QtCrypto/qca_textfilter.h
+qt5/include/Qca-qt5/QtCrypto/qca_tools.h
+qt5/include/Qca-qt5/QtCrypto/qca_version.h
+qt5/include/Qca-qt5/QtCrypto/qcaprovider.h
+qt5/include/Qca-qt5/QtCrypto/qpipe.h
+qt5/lib/cmake/Qca-qt5/Qca-qt5Config.cmake
+qt5/lib/cmake/Qca-qt5/Qca-qt5ConfigVersion.cmake
+qt5/lib/cmake/Qca-qt5/Qca-qt5Targets-noconfig.cmake
+qt5/lib/cmake/Qca-qt5/Qca-qt5Targets.cmake
+qt5/lib/libqca-qt5.so
+qt5/lib/libqca-qt5.so.2
+qt5/lib/libqca-qt5.so.${PKGVERSION}
+qt5/lib/pkgconfig/qca2-qt5.pc
+qt5/mkspecs/features/crypto.prf

security/qca2-qt5/buildlink3.mk

@@ -0,0 +1,14 @@
+# $NetBSD: buildlink3.mk,v 1.1 2018/01/31 09:14:56 markd Exp $
+
+BUILDLINK_TREE+=	qca2-qt5
+
+.if !defined(QCA2_QT5_BUILDLINK3_MK)
+QCA2_QT5_BUILDLINK3_MK:=
+
+BUILDLINK_API_DEPENDS.qca2-qt5+=	qca2-qt5>=2.1.3
+BUILDLINK_PKGSRCDIR.qca2-qt5?=	../../security/qca2-qt5
+
+.include "../../x11/qt5-qtbase/buildlink3.mk"
+.endif	# QCA2_QT5_BUILDLINK3_MK
+
+BUILDLINK_TREE+=	-qca2-qt5

security/qca2/Makefile

@@ -1,31 +1,21 @@
-# $NetBSD: Makefile,v 1.38 2016/03/05 11:27:55 jperkin Exp $
+# $NetBSD: Makefile,v 1.39 2018/01/31 09:14:55 markd Exp $
 
-DISTNAME=	qca-2.0.3
 PKGNAME=	qca2-${DISTNAME:C/.*-//}
-PKGREVISION=	20
-CATEGORIES=	security
-MASTER_SITES=	http://delta.affinix.com/download/qca/2.0/
-EXTRACT_SUFX=	.tar.bz2
 
-MAINTAINER=	pkgsrc-users@NetBSD.org
-HOMEPAGE=	http://delta.affinix.com/qca/
 COMMENT=	Cross-platform crypto API for QT
-LICENSE=	gnu-lgpl-v2.1
 
-USE_TOOLS+=	gmake
-USE_LIBTOOL=	yes
-HAS_CONFIGURE=	yes
-USE_LANGUAGES=	c++
-INSTALL_MAKE_FLAGS+=	INSTALL_ROOT=${DESTDIR:Q}
+.include "Makefile.common"
 
-INSTALLATION_DIRS=	qt4/include qt4/lib qt4/plugins/crypto lib/pkgconfig
+DEPENDS+=	mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
 
-# install under qt4 prefix to not clash with qca 1.x
-CONFIGURE_ARGS+=	--prefix=${QTDIR}
-CONFIGURE_ARGS+=	--qtdir=${QTDIR}
-CONFIGURE_ARGS+=	--disable-tests
-CONFIGURE_ARGS+=	--certstore-internal
-CONFIGURE_ARGS+=	--no-framework
+INSTALLATION_DIRS=	lib/pkgconfig
+
+CMAKE_ARGS+=	-DBUILD_PLUGINS=none
+CMAKE_ARGS+=	-DQT4_BUILD=ON
+CMAKE_ARGS+=	-DQCA_MAN_INSTALL_DIR=${PREFIX}/${PKGMANDIR} 
+
+PKGCONFIG_OVERRIDE=		lib/pkgconfig/qca2.pc 
+PKGCONFIG_OVERRIDE_STAGE=	post-configure
 
 post-install:
 	${INSTALL_DATA} ${DESTDIR}${QTDIR}/lib/pkgconfig/qca2.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/qca2.pc

security/qca2/Makefile.common

@@ -0,0 +1,27 @@
+# $NetBSD: Makefile.common,v 1.1 2018/01/31 09:14:55 markd Exp $
+
+DISTNAME=	qca-2.1.3
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_KDE:=qca/2.1.3/src/}
+EXTRACT_SUFX=	.tar.xz
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	http://delta.affinix.com/qca/
+LICENSE=	gnu-lgpl-v2.1
+
+PATCHDIR=	${.CURDIR}/../../security/qca2/patches
+DISTINFO_FILE=	${.CURDIR}/../../security/qca2/distinfo
+
+USE_TOOLS+=	gmake
+USE_CMAKE=	yes
+USE_LANGUAGES=	c c++
+
+# install under qt4 prefix to not clash with qca 1.x
+CMAKE_ARGS+=	-DQCA_INSTALL_IN_QT_PREFIX=ON
+CMAKE_ARGS+=	-DOSX_FRAMEWORK=OFF
+CMAKE_ARGS+=	-DBUILD_TESTS=OFF
+
+SUBST_CLASSES+=		certs 
+SUBST_STAGE.certs=	post-patch
+SUBST_FILES.certs=	CMakeLists.txt
+SUBST_VARS.certs=	PREFIX

security/qca2/PLIST

@@ -1,6 +1,8 @@
-@comment $NetBSD: PLIST,v 1.6 2014/08/26 20:59:40 joerg Exp $
+@comment $NetBSD: PLIST,v 1.7 2018/01/31 09:14:55 markd Exp $
 lib/pkgconfig/qca2.pc
-qt4/bin/qcatool2
+man/man1/qcatool.1
+qt4/bin/mozcerts
+qt4/bin/qcatool
 qt4/include/QtCrypto/QtCrypto
 qt4/include/QtCrypto/qca.h
 qt4/include/QtCrypto/qca_basic.h
@@ -9,16 +11,21 @@ qt4/include/QtCrypto/qca_core.h
 qt4/include/QtCrypto/qca_export.h
 qt4/include/QtCrypto/qca_keystore.h
 qt4/include/QtCrypto/qca_publickey.h
+qt4/include/QtCrypto/qca_safetimer.h
 qt4/include/QtCrypto/qca_securelayer.h
 qt4/include/QtCrypto/qca_securemessage.h
 qt4/include/QtCrypto/qca_support.h
 qt4/include/QtCrypto/qca_textfilter.h
 qt4/include/QtCrypto/qca_tools.h
+qt4/include/QtCrypto/qca_version.h
 qt4/include/QtCrypto/qcaprovider.h
 qt4/include/QtCrypto/qpipe.h
-qt4/lib/libqca.la
-qt4/lib/libqca.prl
+qt4/lib/cmake/Qca/QcaConfig.cmake
+qt4/lib/cmake/Qca/QcaConfigVersion.cmake
+qt4/lib/cmake/Qca/QcaTargets-noconfig.cmake
+qt4/lib/cmake/Qca/QcaTargets.cmake
+qt4/lib/libqca.so
+qt4/lib/libqca.so.2
+qt4/lib/libqca.so.${PKGVERSION}
 qt4/lib/pkgconfig/qca2.pc
 qt4/mkspecs/features/crypto.prf
-qt4/share/qca/certs/README
-qt4/share/qca/certs/rootcerts.pem

security/qca2/distinfo

@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.8 2018/01/23 12:57:04 jperkin Exp $
+$NetBSD: distinfo,v 1.9 2018/01/31 09:14:55 markd Exp $
 
-SHA1 (qca-2.0.3.tar.bz2) = 9c868b05b81dce172c41b813de4de68554154c60
-RMD160 (qca-2.0.3.tar.bz2) = 333cfdce91fedfaec09c205528de52d7b569c521
-SHA512 (qca-2.0.3.tar.bz2) = c1120ffb373e294fbcc76e21dc2f503ebd3398b26d0ffa7ab7ee3a3e1a4228159358b59c2673ac4a1c2363771e61da54a5080b201c65d586ceda2e3b2facc1bb
-Size (qca-2.0.3.tar.bz2) = 4530731 bytes
-SHA1 (patch-aa) = e2e9544eafec8020e8758736aa48ab87b014bf10
-SHA1 (patch-app.pri) = 48f3842f49cd0bebc6e944a689e4d89f99990057
-SHA1 (patch-configure) = c114e4f6c2982f8293d37b332a44781fd884412b
-SHA1 (patch-src_botantools_botan_botan_secmem.h) = 4cb74801291dadb4d2c15c741bbb3b836135fcd9
+SHA1 (qca-2.1.3.tar.xz) = b5426f9b0c0cdaec4a069091bb9fc476ef363289
+RMD160 (qca-2.1.3.tar.xz) = 3577bd164bdf41147cfa0e8b4c5db01bde7d20de
+SHA512 (qca-2.1.3.tar.xz) = 0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a
+Size (qca-2.1.3.tar.xz) = 686340 bytes
+SHA1 (patch-CMakeLists.txt) = 4867c54f8bff523233a11201bdb021e6e81a10ed
+SHA1 (patch-plugins_qca-ossl_CMakeLists.txt) = a03e1c2e2d6c89b36060795f6f47c9b513dbf395
+SHA1 (patch-plugins_qca-ossl_libcrypto-compat.c) = 965e4db85e12df55057b3d030c568977b83fb708
+SHA1 (patch-plugins_qca-ossl_libcrypto-compat.h) = 957641557f6767e7c559d3cafba61060029d4e46
+SHA1 (patch-plugins_qca-ossl_qca-ossl.cpp) = bc1ed58f69b1a1c27f7e71b6d5c00a25a49cb37c

security/qca2/patches/patch-CMakeLists.txt

@@ -0,0 +1,14 @@
+$NetBSD: patch-CMakeLists.txt,v 1.1 2018/01/31 09:14:55 markd Exp $
+
+Add mozilla-rootcerts certstore to list
+
+--- CMakeLists.txt.orig	2018-01-31 20:15:27.000000000 +0000
++++ CMakeLists.txt
+@@ -304,6 +304,7 @@ else ( WIN32 )
+       "/etc/pki/tls/cert.pem"
+       "/etc/ssl/ca-bundle.pem"
+       "/usr/share/curl/curl-ca-bundle.crt"
++      "@PREFIX@/share/mozilla-rootcerts/cacert.pem"
+     )
+     foreach (_current_try ${toTry})
+       if(EXISTS ${_current_try})

security/qca2/patches/patch-aa

@@ -1,26 +0,0 @@
-$NetBSD: patch-aa,v 1.3 2018/01/23 12:57:05 jperkin Exp $
-
-Don't override QMAKE_MACOSX_DEPLOYMENT_TARGET.
-
---- src/src.pro.orig	2010-11-27 21:14:12.000000000 +0000
-+++ src/src.pro
-@@ -81,8 +81,6 @@ mac: {
- 	SOURCES += $$QCA_CPP/qca_systemstore_mac.cpp
- 	LIBS += -framework Carbon -framework Security
- 	QMAKE_LFLAGS_SONAME = -Wl,-install_name,"$$LIBDIR/"
--
--	QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.3
- }
- 
- mac:lib_bundle: {
-@@ -108,10 +106,6 @@ unix: {
- 	incfiles.files = $$PUBLIC_HEADERS
- 	incfiles.files += $$QCA_INC/qca.h $$QCA_INC/QtCrypto
- 	!lib_bundle:INSTALLS += incfiles
--
--	manfiles.path = $$DATADIR/man/man1
--	manfiles.files = $$QCA_BASE/man/qcatool2.1
--	INSTALLS += manfiles
- }
- 
- !debug_and_release|build_pass {

security/qca2/patches/patch-app.pri

@@ -1,14 +0,0 @@
-$NetBSD: patch-app.pri,v 1.1 2018/01/23 12:57:05 jperkin Exp $
-
-Don't override QMAKE_MACOSX_DEPLOYMENT_TARGET.
-
---- app.pri.orig	2009-04-24 21:12:15.000000000 +0000
-+++ app.pri
-@@ -1,7 +1,5 @@
- include(confapp.pri)
- 
--mac:QMAKE_MACOSX_DEPLOYMENT_TARGET = 10.3
--
- exists(crypto.prf) {
- 	# our apps should build against the qca in this tree
- 	include(crypto.prf)

security/qca2/patches/patch-configure

@@ -1,13 +0,0 @@
-$NetBSD: patch-configure,v 1.1 2012/01/16 20:36:08 adam Exp $
-
---- configure.orig	2012-01-16 20:32:17.000000000 +0000
-+++ configure
-@@ -977,7 +977,7 @@ public:
- 	{
- 		bundled = false;
- 
--#if defined(Q_OS_WIN) || defined(Q_OS_MAC)
-+#if defined(Q_OS_WIN)
- 		// use built-in
- 		return true;
- #else

security/qca2/patches/patch-plugins_qca-ossl_CMakeLists.txt

@@ -0,0 +1,15 @@
+$NetBSD: patch-plugins_qca-ossl_CMakeLists.txt,v 1.1 2018/01/31 09:14:55 markd Exp $
+
+openssl 1.1 support
+
+--- plugins/qca-ossl/CMakeLists.txt.orig	2018-01-30 20:26:20.512731852 +0000
++++ plugins/qca-ossl/CMakeLists.txt
+@@ -32,7 +32,7 @@ if(OPENSSL_FOUND)
+     message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
+   endif(HAVE_OPENSSL_SHA0)
+ 
+-  set(QCA_OSSL_SOURCES qca-ossl.cpp)
++  set(QCA_OSSL_SOURCES libcrypto-compat.c qca-ossl.cpp)
+ 
+   my_automoc( QCA_OSSL_SOURCES )
+ 

security/qca2/patches/patch-plugins_qca-ossl_libcrypto-compat.c

@@ -0,0 +1,417 @@
+$NetBSD: patch-plugins_qca-ossl_libcrypto-compat.c,v 1.1 2018/01/31 09:14:55 markd Exp $
+
+openssl 1.1 support
+
+--- plugins/qca-ossl/libcrypto-compat.c.orig	2018-01-30 20:34:52.547356534 +0000
++++ plugins/qca-ossl/libcrypto-compat.c
+@@ -0,0 +1,410 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <openssl/evp.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <string.h>
++#include <openssl/engine.h>
++
++static void *OPENSSL_zalloc(size_t num)
++{
++    void *ret = OPENSSL_malloc(num);
++
++    if (ret != NULL)
++        memset(ret, 0, num);
++    return ret;
++}
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++    /* If the fields n and e in r are NULL, the corresponding input
++     * parameters MUST be non-NULL for n and e.  d may be
++     * left NULL (in case only the public key is used).
++     */
++    if ((r->n == NULL && n == NULL)
++        || (r->e == NULL && e == NULL))
++        return 0;
++
++    if (n != NULL) {
++        BN_free(r->n);
++        r->n = n;
++    }
++    if (e != NULL) {
++        BN_free(r->e);
++        r->e = e;
++    }
++    if (d != NULL) {
++        BN_free(r->d);
++        r->d = d;
++    }
++
++    return 1;
++}
++
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
++{
++    /* If the fields p and q in r are NULL, the corresponding input
++     * parameters MUST be non-NULL.
++     */
++    if ((r->p == NULL && p == NULL)
++        || (r->q == NULL && q == NULL))
++        return 0;
++
++    if (p != NULL) {
++        BN_free(r->p);
++        r->p = p;
++    }
++    if (q != NULL) {
++        BN_free(r->q);
++        r->q = q;
++    }
++
++    return 1;
++}
++
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
++{
++    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
++     * parameters MUST be non-NULL.
++     */
++    if ((r->dmp1 == NULL && dmp1 == NULL)
++        || (r->dmq1 == NULL && dmq1 == NULL)
++        || (r->iqmp == NULL && iqmp == NULL))
++        return 0;
++
++    if (dmp1 != NULL) {
++        BN_free(r->dmp1);
++        r->dmp1 = dmp1;
++    }
++    if (dmq1 != NULL) {
++        BN_free(r->dmq1);
++        r->dmq1 = dmq1;
++    }
++    if (iqmp != NULL) {
++        BN_free(r->iqmp);
++        r->iqmp = iqmp;
++    }
++
++    return 1;
++}
++
++void RSA_get0_key(const RSA *r,
++                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++    if (n != NULL)
++        *n = r->n;
++    if (e != NULL)
++        *e = r->e;
++    if (d != NULL)
++        *d = r->d;
++}
++
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
++{
++    if (p != NULL)
++        *p = r->p;
++    if (q != NULL)
++        *q = r->q;
++}
++
++void RSA_get0_crt_params(const RSA *r,
++                         const BIGNUM **dmp1, const BIGNUM **dmq1,
++                         const BIGNUM **iqmp)
++{
++    if (dmp1 != NULL)
++        *dmp1 = r->dmp1;
++    if (dmq1 != NULL)
++        *dmq1 = r->dmq1;
++    if (iqmp != NULL)
++        *iqmp = r->iqmp;
++}
++
++void DSA_get0_pqg(const DSA *d,
++                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++    if (p != NULL)
++        *p = d->p;
++    if (q != NULL)
++        *q = d->q;
++    if (g != NULL)
++        *g = d->g;
++}
++
++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++    /* If the fields p, q and g in d are NULL, the corresponding input
++     * parameters MUST be non-NULL.
++     */
++    if ((d->p == NULL && p == NULL)
++        || (d->q == NULL && q == NULL)
++        || (d->g == NULL && g == NULL))
++        return 0;
++
++    if (p != NULL) {
++        BN_free(d->p);
++        d->p = p;
++    }
++    if (q != NULL) {
++        BN_free(d->q);
++        d->q = q;
++    }
++    if (g != NULL) {
++        BN_free(d->g);
++        d->g = g;
++    }
++
++    return 1;
++}
++
++void DSA_get0_key(const DSA *d,
++                  const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++    if (pub_key != NULL)
++        *pub_key = d->pub_key;
++    if (priv_key != NULL)
++        *priv_key = d->priv_key;
++}
++
++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++    /* If the field pub_key in d is NULL, the corresponding input
++     * parameters MUST be non-NULL.  The priv_key field may
++     * be left NULL.
++     */
++    if (d->pub_key == NULL && pub_key == NULL)
++        return 0;
++
++    if (pub_key != NULL) {
++        BN_free(d->pub_key);
++        d->pub_key = pub_key;
++    }
++    if (priv_key != NULL) {
++        BN_free(d->priv_key);
++        d->priv_key = priv_key;
++    }
++
++    return 1;
++}
++
++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++    if (pr != NULL)
++        *pr = sig->r;
++    if (ps != NULL)
++        *ps = sig->s;
++}
++
++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++    if (r == NULL || s == NULL)
++        return 0;
++    BN_clear_free(sig->r);
++    BN_clear_free(sig->s);
++    sig->r = r;
++    sig->s = s;
++    return 1;
++}
++
++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++    if (pr != NULL)
++        *pr = sig->r;
++    if (ps != NULL)
++        *ps = sig->s;
++}
++
++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++    if (r == NULL || s == NULL)
++        return 0;
++    BN_clear_free(sig->r);
++    BN_clear_free(sig->s);
++    sig->r = r;
++    sig->s = s;
++    return 1;
++}
++
++void DH_get0_pqg(const DH *dh,
++                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++    if (p != NULL)
++        *p = dh->p;
++    if (q != NULL)
++        *q = dh->q;
++    if (g != NULL)
++        *g = dh->g;
++}
++
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++    /* If the fields p and g in d are NULL, the corresponding input
++     * parameters MUST be non-NULL.  q may remain NULL.
++     */
++    if ((dh->p == NULL && p == NULL)
++        || (dh->g == NULL && g == NULL))
++        return 0;
++
++    if (p != NULL) {
++        BN_free(dh->p);
++        dh->p = p;
++    }
++    if (q != NULL) {
++        BN_free(dh->q);
++        dh->q = q;
++    }
++    if (g != NULL) {
++        BN_free(dh->g);
++        dh->g = g;
++    }
++
++    if (q != NULL) {
++        dh->length = BN_num_bits(q);
++    }
++
++    return 1;
++}
++
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++    if (pub_key != NULL)
++        *pub_key = dh->pub_key;
++    if (priv_key != NULL)
++        *priv_key = dh->priv_key;
++}
++
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++    /* If the field pub_key in dh is NULL, the corresponding input
++     * parameters MUST be non-NULL.  The priv_key field may
++     * be left NULL.
++     */
++    if (dh->pub_key == NULL && pub_key == NULL)
++        return 0;
++
++    if (pub_key != NULL) {
++        BN_free(dh->pub_key);
++        dh->pub_key = pub_key;
++    }
++    if (priv_key != NULL) {
++        BN_free(dh->priv_key);
++        dh->priv_key = priv_key;
++    }
++
++    return 1;
++}
++
++int DH_set_length(DH *dh, long length)
++{
++    dh->length = length;
++    return 1;
++}
++
++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
++{
++    return ctx->iv;
++}
++
++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
++{
++    return ctx->iv;
++}
++
++EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
++}
++
++void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++    EVP_MD_CTX_cleanup(ctx);
++    OPENSSL_free(ctx);
++}
++
++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
++{
++    RSA_METHOD *ret;
++
++    ret = OPENSSL_malloc(sizeof(RSA_METHOD));
++
++    if (ret != NULL) {
++        memcpy(ret, meth, sizeof(*meth));
++        ret->name = OPENSSL_strdup(meth->name);
++        if (ret->name == NULL) {
++            OPENSSL_free(ret);
++            return NULL;
++        }
++    }
++
++    return ret;
++}
++
++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
++{
++    char *tmpname;
++
++    tmpname = OPENSSL_strdup(name);
++    if (tmpname == NULL) {
++        return 0;
++    }
++
++    OPENSSL_free((char *)meth->name);
++    meth->name = tmpname;
++
++    return 1;
++}
++
++int RSA_meth_set_priv_enc(RSA_METHOD *meth,
++                          int (*priv_enc) (int flen, const unsigned char *from,
++                                           unsigned char *to, RSA *rsa,
++                                           int padding))
++{
++    meth->rsa_priv_enc = priv_enc;
++    return 1;
++}
++
++int RSA_meth_set_priv_dec(RSA_METHOD *meth,
++                          int (*priv_dec) (int flen, const unsigned char *from,
++                                           unsigned char *to, RSA *rsa,
++                                           int padding))
++{
++    meth->rsa_priv_dec = priv_dec;
++    return 1;
++}
++
++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
++{
++    meth->finish = finish;
++    return 1;
++}
++
++void RSA_meth_free(RSA_METHOD *meth)
++{
++    if (meth != NULL) {
++        OPENSSL_free((char *)meth->name);
++        OPENSSL_free(meth);
++    }
++}
++
++int RSA_bits(const RSA *r)
++{
++    return (BN_num_bits(r->n));
++}
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++    if (pkey->type != EVP_PKEY_RSA) {
++        return NULL;
++    }
++    return pkey->pkey.rsa;
++}
++
++
++#endif /* OPENSSL_VERSION_NUMBER */

security/qca2/patches/patch-plugins_qca-ossl_libcrypto-compat.h

@@ -0,0 +1,64 @@
+$NetBSD: patch-plugins_qca-ossl_libcrypto-compat.h,v 1.1 2018/01/31 09:14:55 markd Exp $
+
+openssl 1.1 support
+
+--- plugins/qca-ossl/libcrypto-compat.h.orig	2018-01-30 20:34:52.547356534 +0000
++++ plugins/qca-ossl/libcrypto-compat.h
+@@ -0,0 +1,57 @@
++#ifndef LIBCRYPTO_COMPAT_H
++#define LIBCRYPTO_COMPAT_H
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#include <openssl/ecdsa.h>
++#include <openssl/dh.h>
++#include <openssl/evp.h>
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
++void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
++void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
++
++void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
++
++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
++
++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
++
++void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
++int DH_set_length(DH *dh, long length);
++
++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
++EVP_MD_CTX *EVP_MD_CTX_new(void);
++void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
++#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
++#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
++
++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
++#define RSA_meth_get_finish(meth) meth->finish
++int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
++int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
++void RSA_meth_free(RSA_METHOD *meth);
++
++int RSA_bits(const RSA *r);
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
++
++#endif /* OPENSSL_VERSION_NUMBER */
++
++#endif /* LIBCRYPTO_COMPAT_H */

security/qca2/patches/patch-src_botantools_botan_botan_secmem.h

@@ -1,13 +0,0 @@
-$NetBSD: patch-src_botantools_botan_botan_secmem.h,v 1.1 2012/01/16 20:36:08 adam Exp $
-
---- src/botantools/botan/botan/secmem.h.orig	2012-01-16 18:21:07.000000000 +0000
-+++ src/botantools/botan/botan/secmem.h
-@@ -214,7 +214,7 @@ class SecureVector : public MemoryRegion
- 
-       SecureVector(u32bit n = 0) { MemoryRegion<T>::init(true, n); }
-       SecureVector(const T in[], u32bit n)
--         { MemoryRegion<T>::init(true); set(in, n); }
-+         { MemoryRegion<T>::init(true); this->set(in, n); }
-       SecureVector(const MemoryRegion<T>& in)
-          { MemoryRegion<T>::init(true); set(in); }
-       SecureVector(const MemoryRegion<T>& in1, const MemoryRegion<T>& in2)