Import of wolfssl v4.3.0 as security/woflssl

WolfSSL is an embedded SSL Library for programmers building security
functionality into their applications and devices.

7 files changed, 331 insertions, 0 deletions

diff --git a/security/wolfssl/DESCR b/security/wolfssl/DESCR
new file mode 100644
index 00000000000..37aa3d10f7c
--- /dev/null
+++ b/security/wolfssl/DESCR
@@ -0,0 +1,2 @@
+WolfSSL is an embedded SSL Library for programmers building security
+functionality into their applications and devices.
diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile
new file mode 100644
index 00000000000..3552c81affc
--- /dev/null
+++ b/security/wolfssl/Makefile
@@ -0,0 +1,42 @@
+# $NetBSD: Makefile,v 1.1 2020/02/03 23:04:09 fox Exp $
+
+DISTNAME=	wolfssl-4.3.0
+CATEGORIES=	security
+MASTER_SITES=	https://www.wolfssl.com/
+EXTRACT_SUFX=	.zip
+
+MAINTAINER=	fox@NetBSD.org
+HOMEPAGE=	https://www.wolfssl.com/
+COMMENT=	Embedded SSL C-Library
+LICENSE=	gnu-gpl-v2
+
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--disable-dependency-tracking
+CONFIGURE_ARGS+=	--enable-dh
+CONFIGURE_ARGS+=	--enable-dsa
+CONFIGURE_ARGS+=	--enable-dtls
+CONFIGURE_ARGS+=	--enable-ecc
+CONFIGURE_ARGS+=	--enable-ipv6
+CONFIGURE_ARGS+=	--enable-keygen
+CONFIGURE_ARGS+=	--enable-opensslextra
+CONFIGURE_ARGS+=	--enable-ripemd
+CONFIGURE_ARGS+=	--enable-sha512
+CONFIGURE_ARGS+=	--enable-shared
+CONFIGURE_ARGS+=	--enable-sni
+CONFIGURE_ARGS+=	--enable-ssh
+CONFIGURE_ARGS+=	--enable-static
+CONFIGURE_ARGS+=	--enable-tls13
+CONFIGURE_ARGS+=	--enable-tls13-draft18
+CONFIGURE_ARGS+=	--enable-tls13-draft22
+CONFIGURE_ARGS+=	--enable-tls13-draft23
+CONFIGURE_ARGS+=	--enable-tls13-draft26
+CONFIGURE_ARGS+=	--enable-tls13-draft28
+
+PKGCONFIG_OVERRIDE+=	support/wolfssl.pc.in
+
+USE_LIBTOOL=	yes
+
+# XXX: Tests fail in NetBSD 7/8/9 but this has been fixed in -current
+TEST_TARGET=	check
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/wolfssl/PLIST b/security/wolfssl/PLIST
new file mode 100644
index 00000000000..06992cc1b09
--- /dev/null
+++ b/security/wolfssl/PLIST
@@ -0,0 +1,222 @@
+@comment $NetBSD: PLIST,v 1.1 2020/02/03 23:04:09 fox Exp $
+bin/wolfssl-config
+include/cyassl/callbacks.h
+include/cyassl/certs_test.h
+include/cyassl/crl.h
+include/cyassl/ctaocrypt/aes.h
+include/cyassl/ctaocrypt/arc4.h
+include/cyassl/ctaocrypt/asn.h
+include/cyassl/ctaocrypt/asn_public.h
+include/cyassl/ctaocrypt/blake2-impl.h
+include/cyassl/ctaocrypt/blake2-int.h
+include/cyassl/ctaocrypt/blake2.h
+include/cyassl/ctaocrypt/camellia.h
+include/cyassl/ctaocrypt/chacha.h
+include/cyassl/ctaocrypt/coding.h
+include/cyassl/ctaocrypt/compress.h
+include/cyassl/ctaocrypt/des3.h
+include/cyassl/ctaocrypt/dh.h
+include/cyassl/ctaocrypt/dsa.h
+include/cyassl/ctaocrypt/ecc.h
+include/cyassl/ctaocrypt/error-crypt.h
+include/cyassl/ctaocrypt/fips_test.h
+include/cyassl/ctaocrypt/hc128.h
+include/cyassl/ctaocrypt/hmac.h
+include/cyassl/ctaocrypt/integer.h
+include/cyassl/ctaocrypt/logging.h
+include/cyassl/ctaocrypt/md2.h
+include/cyassl/ctaocrypt/md4.h
+include/cyassl/ctaocrypt/md5.h
+include/cyassl/ctaocrypt/memory.h
+include/cyassl/ctaocrypt/misc.h
+include/cyassl/ctaocrypt/mpi_class.h
+include/cyassl/ctaocrypt/mpi_superclass.h
+include/cyassl/ctaocrypt/pkcs7.h
+include/cyassl/ctaocrypt/poly1305.h
+include/cyassl/ctaocrypt/pwdbased.h
+include/cyassl/ctaocrypt/rabbit.h
+include/cyassl/ctaocrypt/random.h
+include/cyassl/ctaocrypt/ripemd.h
+include/cyassl/ctaocrypt/rsa.h
+include/cyassl/ctaocrypt/settings.h
+include/cyassl/ctaocrypt/settings_comp.h
+include/cyassl/ctaocrypt/sha.h
+include/cyassl/ctaocrypt/sha256.h
+include/cyassl/ctaocrypt/sha512.h
+include/cyassl/ctaocrypt/tfm.h
+include/cyassl/ctaocrypt/types.h
+include/cyassl/ctaocrypt/visibility.h
+include/cyassl/ctaocrypt/wc_port.h
+include/cyassl/error-ssl.h
+include/cyassl/ocsp.h
+include/cyassl/openssl/asn1.h
+include/cyassl/openssl/bio.h
+include/cyassl/openssl/bn.h
+include/cyassl/openssl/conf.h
+include/cyassl/openssl/crypto.h
+include/cyassl/openssl/des.h
+include/cyassl/openssl/dh.h
+include/cyassl/openssl/dsa.h
+include/cyassl/openssl/ec.h
+include/cyassl/openssl/ec25519.h
+include/cyassl/openssl/ecdh.h
+include/cyassl/openssl/ecdsa.h
+include/cyassl/openssl/ed25519.h
+include/cyassl/openssl/engine.h
+include/cyassl/openssl/err.h
+include/cyassl/openssl/evp.h
+include/cyassl/openssl/hmac.h
+include/cyassl/openssl/lhash.h
+include/cyassl/openssl/md4.h
+include/cyassl/openssl/md5.h
+include/cyassl/openssl/ocsp.h
+include/cyassl/openssl/opensslconf.h
+include/cyassl/openssl/opensslv.h
+include/cyassl/openssl/ossl_typ.h
+include/cyassl/openssl/pem.h
+include/cyassl/openssl/pkcs12.h
+include/cyassl/openssl/rand.h
+include/cyassl/openssl/ripemd.h
+include/cyassl/openssl/rsa.h
+include/cyassl/openssl/sha.h
+include/cyassl/openssl/ssl.h
+include/cyassl/openssl/ssl23.h
+include/cyassl/openssl/stack.h
+include/cyassl/openssl/ui.h
+include/cyassl/openssl/x509.h
+include/cyassl/openssl/x509v3.h
+include/cyassl/options.h
+include/cyassl/sniffer.h
+include/cyassl/sniffer_error.h
+include/cyassl/ssl.h
+include/cyassl/test.h
+include/cyassl/version.h
+include/wolfssl/callbacks.h
+include/wolfssl/certs_test.h
+include/wolfssl/crl.h
+include/wolfssl/error-ssl.h
+include/wolfssl/ocsp.h
+include/wolfssl/openssl/aes.h
+include/wolfssl/openssl/asn1.h
+include/wolfssl/openssl/bio.h
+include/wolfssl/openssl/bn.h
+include/wolfssl/openssl/buffer.h
+include/wolfssl/openssl/conf.h
+include/wolfssl/openssl/crypto.h
+include/wolfssl/openssl/des.h
+include/wolfssl/openssl/dh.h
+include/wolfssl/openssl/dsa.h
+include/wolfssl/openssl/ec.h
+include/wolfssl/openssl/ec25519.h
+include/wolfssl/openssl/ecdh.h
+include/wolfssl/openssl/ecdsa.h
+include/wolfssl/openssl/ed25519.h
+include/wolfssl/openssl/engine.h
+include/wolfssl/openssl/err.h
+include/wolfssl/openssl/evp.h
+include/wolfssl/openssl/hmac.h
+include/wolfssl/openssl/lhash.h
+include/wolfssl/openssl/md4.h
+include/wolfssl/openssl/md5.h
+include/wolfssl/openssl/objects.h
+include/wolfssl/openssl/ocsp.h
+include/wolfssl/openssl/opensslconf.h
+include/wolfssl/openssl/opensslv.h
+include/wolfssl/openssl/ossl_typ.h
+include/wolfssl/openssl/pem.h
+include/wolfssl/openssl/pkcs12.h
+include/wolfssl/openssl/pkcs7.h
+include/wolfssl/openssl/rand.h
+include/wolfssl/openssl/rc4.h
+include/wolfssl/openssl/ripemd.h
+include/wolfssl/openssl/rsa.h
+include/wolfssl/openssl/sha.h
+include/wolfssl/openssl/ssl.h
+include/wolfssl/openssl/ssl23.h
+include/wolfssl/openssl/stack.h
+include/wolfssl/openssl/tls1.h
+include/wolfssl/openssl/ui.h
+include/wolfssl/openssl/x509.h
+include/wolfssl/openssl/x509_vfy.h
+include/wolfssl/openssl/x509v3.h
+include/wolfssl/options.h
+include/wolfssl/sniffer.h
+include/wolfssl/sniffer_error.h
+include/wolfssl/ssl.h
+include/wolfssl/test.h
+include/wolfssl/version.h
+include/wolfssl/wolfcrypt/aes.h
+include/wolfssl/wolfcrypt/arc4.h
+include/wolfssl/wolfcrypt/asn.h
+include/wolfssl/wolfcrypt/asn_public.h
+include/wolfssl/wolfcrypt/blake2-impl.h
+include/wolfssl/wolfcrypt/blake2-int.h
+include/wolfssl/wolfcrypt/blake2.h
+include/wolfssl/wolfcrypt/camellia.h
+include/wolfssl/wolfcrypt/chacha.h
+include/wolfssl/wolfcrypt/chacha20_poly1305.h
+include/wolfssl/wolfcrypt/cmac.h
+include/wolfssl/wolfcrypt/coding.h
+include/wolfssl/wolfcrypt/compress.h
+include/wolfssl/wolfcrypt/cpuid.h
+include/wolfssl/wolfcrypt/cryptocb.h
+include/wolfssl/wolfcrypt/curve25519.h
+include/wolfssl/wolfcrypt/des3.h
+include/wolfssl/wolfcrypt/dh.h
+include/wolfssl/wolfcrypt/dsa.h
+include/wolfssl/wolfcrypt/ecc.h
+include/wolfssl/wolfcrypt/ed25519.h
+include/wolfssl/wolfcrypt/error-crypt.h
+include/wolfssl/wolfcrypt/fe_operations.h
+include/wolfssl/wolfcrypt/fips_test.h
+include/wolfssl/wolfcrypt/ge_operations.h
+include/wolfssl/wolfcrypt/hash.h
+include/wolfssl/wolfcrypt/hc128.h
+include/wolfssl/wolfcrypt/hmac.h
+include/wolfssl/wolfcrypt/idea.h
+include/wolfssl/wolfcrypt/integer.h
+include/wolfssl/wolfcrypt/logging.h
+include/wolfssl/wolfcrypt/md2.h
+include/wolfssl/wolfcrypt/md4.h
+include/wolfssl/wolfcrypt/md5.h
+include/wolfssl/wolfcrypt/mem_track.h
+include/wolfssl/wolfcrypt/memory.h
+include/wolfssl/wolfcrypt/misc.h
+include/wolfssl/wolfcrypt/mpi_class.h
+include/wolfssl/wolfcrypt/mpi_superclass.h
+include/wolfssl/wolfcrypt/pkcs12.h
+include/wolfssl/wolfcrypt/pkcs7.h
+include/wolfssl/wolfcrypt/poly1305.h
+include/wolfssl/wolfcrypt/pwdbased.h
+include/wolfssl/wolfcrypt/rabbit.h
+include/wolfssl/wolfcrypt/random.h
+include/wolfssl/wolfcrypt/ripemd.h
+include/wolfssl/wolfcrypt/rsa.h
+include/wolfssl/wolfcrypt/settings.h
+include/wolfssl/wolfcrypt/sha.h
+include/wolfssl/wolfcrypt/sha256.h
+include/wolfssl/wolfcrypt/sha3.h
+include/wolfssl/wolfcrypt/sha512.h
+include/wolfssl/wolfcrypt/signature.h
+include/wolfssl/wolfcrypt/srp.h
+include/wolfssl/wolfcrypt/tfm.h
+include/wolfssl/wolfcrypt/types.h
+include/wolfssl/wolfcrypt/visibility.h
+include/wolfssl/wolfcrypt/wc_encrypt.h
+include/wolfssl/wolfcrypt/wc_port.h
+include/wolfssl/wolfcrypt/wolfevent.h
+include/wolfssl/wolfcrypt/wolfmath.h
+include/wolfssl/wolfio.h
+lib/libwolfssl.la
+lib/pkgconfig/wolfssl.pc
+share/doc/wolfssl/README.txt
+share/doc/wolfssl/example/client.c
+share/doc/wolfssl/example/echoclient.c
+share/doc/wolfssl/example/echoserver.c
+share/doc/wolfssl/example/sctp-client-dtls.c
+share/doc/wolfssl/example/sctp-client.c
+share/doc/wolfssl/example/sctp-server-dtls.c
+share/doc/wolfssl/example/sctp-server.c
+share/doc/wolfssl/example/server.c
+share/doc/wolfssl/example/tls_bench.c
+share/doc/wolfssl/taoCert.txt
diff --git a/security/wolfssl/buildlink3.mk b/security/wolfssl/buildlink3.mk
new file mode 100644
index 00000000000..585f2b27a52
--- /dev/null
+++ b/security/wolfssl/buildlink3.mk
@@ -0,0 +1,13 @@
+# $NetBSD: buildlink3.mk,v 1.1 2020/02/03 23:04:09 fox Exp $
+
+BUILDLINK_TREE+=	wolfssl
+
+.if !defined(WOLFSSL_BUILDLINK3_MK)
+WOLFSSL_BUILDLINK3_MK:=
+
+BUILDLINK_API_DEPENDS.wolfssl+=	wolfssl>=4.3.0
+BUILDLINK_PKGSRCDIR.wolfssl?=	../../security/wolfssl
+
+.endif # WOLFSSL_BUILDLINK3_MK
+
+BUILDLINK_TREE+=	-wolfssl
diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo
new file mode 100644
index 00000000000..ded14836ecf
--- /dev/null
+++ b/security/wolfssl/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2020/02/03 23:04:09 fox Exp $
+
+SHA1 (wolfssl-4.3.0.zip) = 6531ee86d411db0d113b1afab9069ad6bbf6a22a
+RMD160 (wolfssl-4.3.0.zip) = eabf566d1ed80bca0d2188e1194e6569f21821dd
+SHA512 (wolfssl-4.3.0.zip) = ebfe85a5a815ca626e936b4529d6655b9e361bcda551d4bf82b05e1a492a13255705f649224113c587ed2c5249ddfd996b5915bbc6a50fc36da976c581ba9be3
+Size (wolfssl-4.3.0.zip) = 7428521 bytes
+SHA1 (patch-certs_intermediate_genintcerts.sh) = bdcf9a1fd14170aaf780ab9677fd8bc6e4ddc75c
+SHA1 (patch-configure) = 7252cceec28c8f4a1338207429873e0e19ce15d9
diff --git a/security/wolfssl/patches/patch-certs_intermediate_genintcerts.sh b/security/wolfssl/patches/patch-certs_intermediate_genintcerts.sh
new file mode 100644
index 00000000000..37686724d1e
--- /dev/null
+++ b/security/wolfssl/patches/patch-certs_intermediate_genintcerts.sh
@@ -0,0 +1,20 @@
+$NetBSD: patch-certs_intermediate_genintcerts.sh,v 1.1 2020/02/03 23:04:09 fox Exp $
+
+Make the script portable.
+
+--- certs/intermediate/genintcerts.sh.orig	2020-01-27 21:06:17.351863728 +0000
++++ certs/intermediate/genintcerts.sh
+@@ -175,11 +175,11 @@ create_cert() {
+     mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem
+ }
+ 
+-if [ "$1" == "clean" ]; then
++if [ "$1" = "clean" ]; then
+     echo "Cleaning temp files"
+     cleanup_files
+ fi
+-if [ "$1" == "cleanall" ]; then
++if [ "$1" = "cleanall" ]; then
+     echo "Cleaning all files"
+     rm -f ./certs/intermediate/*.pem
+     rm -f ./certs/intermediate/*.der
diff --git a/security/wolfssl/patches/patch-configure b/security/wolfssl/patches/patch-configure
new file mode 100644
index 00000000000..395c9f0c97a
--- /dev/null
+++ b/security/wolfssl/patches/patch-configure
@@ -0,0 +1,24 @@
+$NetBSD: patch-configure,v 1.1 2020/02/03 23:04:09 fox Exp $
+
+Make the scripts portable.
+
+--- configure.orig	2019-12-20 19:59:37.000000000 +0000
++++ configure
+@@ -19214,7 +19214,7 @@ then
+     ENABLED_ENCRYPT_THEN_MAC=yes
+ fi
+ 
+-if test "x$ENABLED_SNIFFER" == "xyes"; then :
++if test "x$ENABLED_SNIFFER" = "xyes"; then :
+   ENABLED_ENCRYPT_THEN_MAC="no"
+ fi
+ 
+@@ -19951,7 +19951,7 @@ fi
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ $as_echo "yes" >&6; }
+ 
+-     if test "x$BUILD_INTEL_QAT_VERSION" == "x1"; then :
++     if test "x$BUILD_INTEL_QAT_VERSION" = "x1"; then :
+   LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"
+ else
+   LIB_ADD="-losal -lrt $LIB_ADD"