import polarssl to ports, joint work with me, Joachim Schipper, dcoppa, benoit,

testing also from florian@

security/polarssl/Makefile

@@ -0,0 +1,38 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
+
+BROKEN-sparc64=	problems with mpi_mul_hlp()
+
+COMMENT=	SSL library with an intuitive API and readable source code
+
+DISTNAME=	polarssl-1.3.6
+EXTRACT_SUFX=	-gpl.tgz
+
+SHARED_LIBS +=	polarssl                  0.0 # 1.3
+
+CATEGORIES=	security
+
+HOMEPAGE=	https://polarssl.org/
+
+# Dual licensed: GPLv2+/Commercial
+PERMIT_PACKAGE_CDROM=	Yes
+
+# libssl/libcrypto are used for polarssl_o_p_test only
+WANTLIB += c crypto pthread ssl
+
+MASTER_SITES=	https://polarssl.org/download/
+
+MODULES=	devel/cmake
+
+.include <bsd.port.arch.mk>
+
+.if ${NO_SHARED_LIBS:L} != "yes"
+CONFIGURE_ARGS=	-DUSE_SHARED_POLARSSL_LIBRARY=ON
+.endif
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/polarssl
+	cd ${WRKSRC}; ${INSTALL_DATA} README.rst ChangeLog \
+	    ${PREFIX}/share/doc/polarssl
+	find ${PREFIX}/bin -type f -execdir mv {} polarssl_{} \;
+
+.include <bsd.port.mk>

security/polarssl/distinfo

@@ -0,0 +1,2 @@
+SHA256 (polarssl-1.3.6-gpl.tgz) = uXllwaBS30EgHTXgH5HErAvyjkQ6Vt30Yb5jsgyFrgk=
+SIZE (polarssl-1.3.6-gpl.tgz) = 1596728

security/polarssl/patches/patch-library_rsa_c

@@ -0,0 +1,22 @@
+$OpenBSD: patch-library_rsa_c,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
+
+Avoid triggering APIWARN (though using rand() for this self-test is
+actually harmless).
+
+--- library/rsa.c.orig	Fri Apr 18 12:01:57 2014
++++ library/rsa.c	Fri Apr 18 12:02:07 2014
+@@ -1469,13 +1469,10 @@ void rsa_free( rsa_context *ctx )
+ #if defined(POLARSSL_PKCS1_V15)
+ static int myrand( void *rng_state, unsigned char *output, size_t len )
+ {
+-    size_t i;
+-
+     if( rng_state != NULL )
+         rng_state  = NULL;
+ 
+-    for( i = 0; i < len; ++i )
+-        output[i] = rand();
++    arc4random_buf(output, len);
+ 
+     return( 0 );
+ }

security/polarssl/patches/patch-tests_suites_helpers_function

@@ -0,0 +1,21 @@
+$OpenBSD: patch-tests_suites_helpers_function,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
+
+Stops test_suite_pk from looping forever.
+
+--- tests/suites/helpers.function.orig	Fri Apr 18 11:59:32 2014
++++ tests/suites/helpers.function	Fri Apr 18 11:59:54 2014
+@@ -105,13 +105,10 @@ static void hexify(unsigned char *obuf, const unsigned
+  */
+ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
+ {
+-    size_t i;
+-
+     if( rng_state != NULL )
+         rng_state  = NULL;
+ 
+-    for( i = 0; i < len; ++i )
+-        output[i] = rand();
++    arc4random_buf(output, len);
+ 
+     return( 0 );
+ }

security/polarssl/pkg/DESCR

@@ -0,0 +1,19 @@
+PolarSSL is a fully featured and standards compliant SSL library offering
+server and client functionality (SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2) with
+an intuitive API and readable source code. Dual license (GPLv2+/commercial).
+
+Non-standard extensions include: SSL Session Tickets (RFC 5077), Server
+Name Indication (SNI) (RFC 6066), Truncated HMAC (RFC 6066), Max Fragment
+Length (RFC 6066), and Secure Renegotiation (RFC 5746).
+
+Symmetric algorithms: AES, Blowfish, 3DES, DES, ARC4, Camellia, XTEA
+Modes: ECB, CBC, CFB, CTR, GCM
+Hashes: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160
+
+PolarSSL has its own big number library. Its RSA implementation supports both
+PKCS#1 v1.5 and PKCS#1 v2.1 padding. Its ECC implementation supports ECDHE
+and ECDSA with various NIST/Koblitz/Brainpool curves and Curve25519.
+
+PolarSSL includes extensive testing (over 6600 validation, regression and
+code coverage tests) and uses a continuous integration system to check all
+committed code. Automated tests are also done against GnuTLS and OpenSSL.

security/polarssl/pkg/PLIST

@@ -0,0 +1,113 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
+@bin bin/polarssl_aescrypt2
+@bin bin/polarssl_benchmark
+@bin bin/polarssl_cert_app
+@bin bin/polarssl_cert_req
+@bin bin/polarssl_cert_write
+@bin bin/polarssl_crl_app
+@bin bin/polarssl_crypt_and_hash
+@bin bin/polarssl_dh_client
+@bin bin/polarssl_dh_genprime
+@bin bin/polarssl_dh_server
+@bin bin/polarssl_gen_entropy
+@bin bin/polarssl_gen_key
+@bin bin/polarssl_gen_random_ctr_drbg
+@bin bin/polarssl_gen_random_havege
+@bin bin/polarssl_generic_sum
+@bin bin/polarssl_hello
+@bin bin/polarssl_key_app
+@bin bin/polarssl_md5sum
+@bin bin/polarssl_mpi_demo
+@bin bin/polarssl_o_p_test
+@bin bin/polarssl_pem2der
+@bin bin/polarssl_pk_decrypt
+@bin bin/polarssl_pk_encrypt
+@bin bin/polarssl_pk_sign
+@bin bin/polarssl_pk_verify
+@bin bin/polarssl_req_app
+@bin bin/polarssl_rsa_decrypt
+@bin bin/polarssl_rsa_encrypt
+@bin bin/polarssl_rsa_genkey
+@bin bin/polarssl_rsa_sign
+@bin bin/polarssl_rsa_verify
+@bin bin/polarssl_selftest
+@bin bin/polarssl_sha1sum
+@bin bin/polarssl_sha2sum
+@bin bin/polarssl_ssl_cert_test
+@bin bin/polarssl_ssl_client1
+@bin bin/polarssl_ssl_client2
+@bin bin/polarssl_ssl_fork_server
+@bin bin/polarssl_ssl_mail_client
+@bin bin/polarssl_ssl_pthread_server
+@bin bin/polarssl_ssl_server
+@bin bin/polarssl_ssl_test
+@bin bin/polarssl_strerror
+include/polarssl/
+include/polarssl/aes.h
+include/polarssl/aesni.h
+include/polarssl/arc4.h
+include/polarssl/asn1.h
+include/polarssl/asn1write.h
+include/polarssl/base64.h
+include/polarssl/bignum.h
+include/polarssl/blowfish.h
+include/polarssl/bn_mul.h
+include/polarssl/camellia.h
+include/polarssl/certs.h
+include/polarssl/cipher.h
+include/polarssl/cipher_wrap.h
+include/polarssl/compat-1.2.h
+include/polarssl/config.h
+include/polarssl/ctr_drbg.h
+include/polarssl/debug.h
+include/polarssl/des.h
+include/polarssl/dhm.h
+include/polarssl/ecdh.h
+include/polarssl/ecdsa.h
+include/polarssl/ecp.h
+include/polarssl/entropy.h
+include/polarssl/entropy_poll.h
+include/polarssl/error.h
+include/polarssl/gcm.h
+include/polarssl/havege.h
+include/polarssl/hmac_drbg.h
+include/polarssl/md.h
+include/polarssl/md2.h
+include/polarssl/md4.h
+include/polarssl/md5.h
+include/polarssl/md_wrap.h
+include/polarssl/memory.h
+include/polarssl/memory_buffer_alloc.h
+include/polarssl/net.h
+include/polarssl/oid.h
+include/polarssl/openssl.h
+include/polarssl/padlock.h
+include/polarssl/pbkdf2.h
+include/polarssl/pem.h
+include/polarssl/pk.h
+include/polarssl/pk_wrap.h
+include/polarssl/pkcs11.h
+include/polarssl/pkcs12.h
+include/polarssl/pkcs5.h
+include/polarssl/platform.h
+include/polarssl/ripemd160.h
+include/polarssl/rsa.h
+include/polarssl/sha1.h
+include/polarssl/sha256.h
+include/polarssl/sha512.h
+include/polarssl/ssl.h
+include/polarssl/ssl_cache.h
+include/polarssl/ssl_ciphersuites.h
+include/polarssl/threading.h
+include/polarssl/timing.h
+include/polarssl/version.h
+include/polarssl/x509.h
+include/polarssl/x509_crl.h
+include/polarssl/x509_crt.h
+include/polarssl/x509_csr.h
+include/polarssl/xtea.h
+lib/libpolarssl.a
+@lib lib/libpolarssl.so.${LIBpolarssl_VERSION}
+share/doc/polarssl/
+share/doc/polarssl/ChangeLog
+share/doc/polarssl/README.rst