head 1.9; access; symbols pkgsrc-2023Q4:1.9.0.26 pkgsrc-2023Q4-base:1.9 pkgsrc-2023Q3:1.9.0.24 pkgsrc-2023Q3-base:1.9 pkgsrc-2023Q2:1.9.0.22 pkgsrc-2023Q2-base:1.9 pkgsrc-2023Q1:1.9.0.20 pkgsrc-2023Q1-base:1.9 pkgsrc-2022Q4:1.9.0.18 pkgsrc-2022Q4-base:1.9 pkgsrc-2022Q3:1.9.0.16 pkgsrc-2022Q3-base:1.9 pkgsrc-2022Q2:1.9.0.14 pkgsrc-2022Q2-base:1.9 pkgsrc-2022Q1:1.9.0.12 pkgsrc-2022Q1-base:1.9 pkgsrc-2021Q4:1.9.0.10 pkgsrc-2021Q4-base:1.9 pkgsrc-2021Q3:1.9.0.8 pkgsrc-2021Q3-base:1.9 pkgsrc-2021Q2:1.9.0.6 pkgsrc-2021Q2-base:1.9 pkgsrc-2021Q1:1.9.0.4 pkgsrc-2021Q1-base:1.9 pkgsrc-2020Q4:1.9.0.2 pkgsrc-2020Q4-base:1.9 pkgsrc-2020Q3:1.7.0.2 pkgsrc-2020Q3-base:1.7 pkgsrc-2020Q2:1.6.0.12 pkgsrc-2020Q2-base:1.6 pkgsrc-2020Q1:1.6.0.8 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.6.0.10 pkgsrc-2019Q4-base:1.6 pkgsrc-2019Q3:1.6.0.6 pkgsrc-2019Q3-base:1.6 pkgsrc-2019Q2:1.6.0.4 pkgsrc-2019Q2-base:1.6 pkgsrc-2019Q1:1.6.0.2 pkgsrc-2019Q1-base:1.6 pkgsrc-2018Q4:1.5.0.8 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.6 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.4 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.2 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.4.0.6 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.4 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.3.0.2 pkgsrc-2017Q2-base:1.3; locks; strict; comment @# @; 1.9 date 2020.11.27.19.52.11; author schmonz; state Exp; branches; next 1.8; commitid IdqnWniG9aa0XyxC; 1.8 date 2020.11.16.07.43.25; author schmonz; state Exp; branches; next 1.7; commitid nwNermYlLHOUg5wC; 1.7 date 2020.07.28.08.49.54; author wiz; state Exp; branches; next 1.6; commitid V2Rb2gnEYxDUcPhC; 1.6 date 2019.01.21.06.59.58; author agc; state Exp; branches; next 1.5; commitid UR5oBk17dE3JoC8B; 1.5 date 2018.02.07.11.52.56; author maya; state Exp; branches; next 1.4; commitid Yq757nNkP2LYcVpA; 1.4 date 2017.09.22.22.00.57; author wiedi; state Exp; branches; next 1.3; commitid QAsHb2Sh1zyV0f8A; 1.3 date 2017.06.14.01.14.30; author agc; state Exp; branches; next 1.2; commitid tmtz5gMibNNOjhVz; 1.2 date 2017.04.01.17.32.47; author agc; state Exp; branches; next 1.1; commitid xRMMbq47bEGz7RLz; 1.1 date 2017.04.01.17.01.51; author wiz; state Exp; branches; next ; commitid MQA6ovbHo2A5XQLz; desc @@ 1.9 log @Quell packaging warning by installing the shlib with ${INSTALL_LIB}. @ text @# $NetBSD: Makefile,v 1.8 2020/11/16 07:43:25 schmonz Exp $ DISTNAME= bearssl-0.6 PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${HOMEPAGE} MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://bearssl.org/ COMMENT= Implementation of the SSL/TLS protocol (RFC 5246) LICENSE= mit INSTALLATION_DIRS= bin include lib LDFLAGS.SunOS+= -lsocket -lnsl OPSYSVARS+= SOEXT SOEXT.Darwin= dylib SOEXT.*= so PLIST_SUBST+= SOEXT=${SOEXT} pre-build: ${MKDIR} ${WRKSRC}/build/obj do-install: cd ${WRKSRC}/build && \ ${INSTALL_PROGRAM} brssl ${DESTDIR}${PREFIX}/bin cd ${WRKSRC}/inc && \ ${INSTALL_DATA} *.h ${DESTDIR}${PREFIX}/include cd ${WRKSRC}/build && \ ${INSTALL_DATA} libbearssl.a ${DESTDIR}${PREFIX}/lib && \ ${INSTALL_LIB} libbearssl.${SOEXT} ${DESTDIR}${PREFIX}/lib do-test: cd ${WRKSRC} && \ ./build/testcrypto all && \ ./build/testspeed all && \ ./build/testx509 .include "../../mk/bsd.prefs.mk" .if ${OPSYS} == "Darwin" SUBST_CLASSES+= dylib SUBST_STAGE.dylib= pre-configure SUBST_FILES.dylib= conf/Unix.mk SUBST_SED.dylib= -e 's|\.so|.dylib|g' .PHONY: fix-darwin-install-name post-install: fix-darwin-install-name fix-darwin-install-name: for f in ${DESTDIR}${PREFIX}/lib/lib*.dylib; do \ install_name_tool -id `${ECHO} $$f | ${SED} -e 's,${DESTDIR},,g'` $$f; \ done .endif .include "../../mk/bsd.pkg.mk" @ 1.8 log @Pre-create the build's OBJDIR, to be MAKE_JOBS_SAFE on at least Darwin. (Otherwise a few objects fail pretty early in the build.) Install the shared library as .dylib on Darwin. Set MASTER_SITES=${HOMEPAGE}. Sort PLIST and chmod -x libbearssl.a to quell pkglint warnings. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2020/07/28 08:49:54 wiz Exp $ d3 9 a11 9 DISTNAME= bearssl-0.6 PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${HOMEPAGE} MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://bearssl.org/ COMMENT= Implementation of the SSL/TLS protocol (RFC 5246) LICENSE= mit d15 6 a20 1 LDFLAGS.SunOS+= -lsocket -lnsl d31 2 a32 1 ${INSTALL_DATA} libbearssl.* ${DESTDIR}${PREFIX}/lib @ 1.7 log @bearssl: honor CFLAGS and LDFLAGS @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2019/01/21 06:59:58 agc Exp $ d6 1 a6 1 MASTER_SITES= https://bearssl.org/ d17 3 d26 1 a26 1 ${INSTALL_LIB} libbearssl.* ${DESTDIR}${PREFIX}/lib d34 18 @ 1.6 log @Update security/bearssl from 0.5 to 0.6 Changes since previous version: + Added general-purpose implementations of EAX and CCM modes (including shared precomputation support for EAX). + Added general-purpose RSA/OAEP implementation. + Added general-purpose HKDF implementation. + Added support for CCM and CCM_8 TLS cipher suites (RFC 6655 and RFC 7251). + Added RSA and EC key generation. + Added private key encoding support ("raw" and PKCS#8 formats, both in DER and PEM, for RSA and EC key pairs). + Made Base64 encoding/decoding constant-time (with regards to the encoded data bytes). + Added a generic API for random seed providers. + Added an extra DRBG based on AES/CTR + Hirose construction for reseeding. + Some cosmetic fixes to avoid warnings with picky compilers. + Makefile fix to achieve compatibility with OpenBSD. + Fixed a bug in bit length computation for big integers (this was breaking RSA signatures with some specific implementations and key lengths). + Made SSL/TLS client stricter in cipher suite selection (to align with server behaviour). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2018/02/07 11:52:56 maya Exp $ d4 1 @ 1.5 log @bearssl: update to 0.5. From Charlotte Koch. Added support for the BoarSSL / Twrch test framework. Header files now include the ritual mantras that make them compatible with C++. Better Makefile behaviour with Clang (FreeBSD compatibility). Worked around a bug of GCC 4.8 and 4.9 in 32-bit x86 mode. Incoming application data after initiating closure is now properly ignored. Some instances of (critical) Certificate Policies extensions are now ignored (when it is safe to do so). Fixed some behavioural bugs with regards to renegotiation (all were failing safe). Added encoded OID for hash functions in the public API, to help with using RSA signatures in non-SSL contexts. Fixed bug in AES/CBC decryption on x86 with AES-NI opcode (this was breaking decryption with AES/CBC cipher suites and TLS 1.0 only). Added an explicit stack buffer initialisation (some provably harmless accesses to uninitialised data were performed, Valgrind was not happy). Fixed bug in the search tree for the cache of SSL sessions (occasional lock-ups). Fixed bug in modular reduction in the special field for P-256 (this was infrequently breaking ECDSA signatures). Added support for exporting keying material (RFC 5705). Added new general-purpose API for AEAD implementations (in non-SSL contexts) and an AES/GCM implementation that follows that API. Added a function to forget saved session parameter in the LRU cache. Added a new ChaCha20 implementation that uses SSE2 on x86 architectures (both 32-bit and 64-bit). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2017/09/22 22:00:57 wiedi Exp $ d3 1 a3 1 DISTNAME= bearssl-0.5 @ 1.4 log @bearssl: fix build on SunOS Needs to link -lsocket -lnsl @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2017/06/14 01:14:30 agc Exp $ d3 1 a3 1 DISTNAME= bearssl-0.4 @ 1.3 log @Update bearssl from version 0.3 to version 0.4 Changes from previous version: + New AES and GHASH implementations for POWER8 processors (provides AES/GCM at more than 2 gigabytes per second!). + Improved GHASH implementation with AES-NI opcodes (pclmulqdq). + New Poly1305 implementation with 64 -> 128 multiplications, available on some 64-bit architectures. + New "i62" big-integer code with 64 -> 128 multiplications, available on some 64-bit architectures (RSA is much faster). + Some mostly cosmetic patches to support very old systems (BearSSL now compiles and run on Debian 2.2 "potato" from 2000, with GCC 2.95). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2017/04/01 17:32:47 agc Exp $ d14 2 @ 1.2 log @Install the brssl utility program as an executable, not data @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2017/04/01 17:01:51 wiz Exp $ d3 1 a3 1 DISTNAME= bearssl-0.3 @ 1.1 log @Import bearssl-0.3 as security/bearssl. BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. It aims at offering the following features: * Be correct and secure. In particular, insecure protocol versions and choices of algorithms are not supported, by design; cryptographic algorithm implementations are constant-time by default. * Be small, both in RAM and code footprint. For instance, a minimal server implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes of RAM. * Be highly portable. BearSSL targets not only "big" operating systems like Linux and Windows, but also small embedded systems and even special contexts like bootstrap code. * Be feature-rich and extensible. SSL/TLS has many defined cipher suites and extensions; BearSSL should implement most of them, and allow extra algorithm implementations to be added afterwards, possibly from third parties. bearssl is considered alpha-quality software, which means that it runs but it probably has bugs, some of which being certainly exploitable vulnerabilities. @ text @d1 1 a1 1 # $NetBSD$ d16 1 a16 1 ${INSTALL_DATA} brssl ${DESTDIR}${PREFIX}/bin @