On Fri, Apr 28, 2023 at 05:46:03PM +0100, Stuart Henderson wrote:
> Haven't checked (I'm away for the weekend) but I don't think "+@conflict
> boringssl-2*" will work, it should follow packages-specs(7) syntax. Probably
> just "@conflict boringssl-*" or alternatively just call the package for head
> "boringssl" as before and don't bother with the @conflict or quirks just the
> @pkgpath.
>
> Would it be worth installing fips under a different dir/filenames so the two
> don't conflict?
>
Yes, the agreement is this is fine, which makes things much simpler
this keeps the head named boringssl-foo and makes fips named
boringssl-fips-foo
ok?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/boringssl/Makefile,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 Makefile
--- Makefile 26 Apr 2023 15:10:07 -0000 1.5
+++ Makefile 28 Apr 2023 16:00:04 -0000
@@ -1,52 +1,5 @@
-NOT_FOR_ARCHS = ${BE_ARCHS}
+SUBDIR =
+SUBDIR += fips
+SUBDIR += head
-COMMENT = fork of OpenSSL that is designed to meet Google's needs
-
-GH_ACCOUNT = google
-GH_PROJECT = boringssl
-GH_COMMIT = de2d610a341f5a4b8c222425890537cb84c91400
-DISTNAME = boringssl-20230425
-
-MASTER_SITES0 = https://proxy.golang.org/
-
-DISTFILES += ${GH_DISTFILE}
-# can't use GH_DISTFILE because EXTRACT_ONLY does not understand DISTFILES {}
-EXTRACT_ONLY = ${DISTNAME}-${GH_COMMIT:C/(........).*/\1/}${EXTRACT_SUFX}
-
-BORING_GOMOD += golang.org/x/crypto v0.6.0
-BORING_GOMOD += golang.org/x/net v0.7.0
-BORING_GOMOD += golang.org/x/sys v0.5.0
-BORING_GOMOD += golang.org/x/term v0.5.0
-
-.for _modpath _modver in ${BORING_GOMOD}
-DISTFILES += go_modules/{}${_modpath}/@v/${_modver}.zip:0
-DISTFILES += go_modules/{}${_modpath}/@v/${_modver}.mod:0
-.endfor
-
-CATEGORIES = security
-
-MAINTAINER = Bob Beck <b...@openbsd.org>, \
- Theo Buehler <t...@openbsd.org>
-
-# ISC
-PERMIT_PACKAGE = Yes
-
-WANTLIB += ${COMPILER_LIBCXX} c m
-
-# C++14
-COMPILER = base-clang ports-gcc
-
-MODULES = devel/cmake
-CONFIGURE_ARGS += -DCMAKE_INSTALL_PREFIX=${PREFIX}/eboringssl
-
-BUILD_DEPENDS = lang/go
-
-PORTHOME = ${WRKDIR}
-TEST_ENV = GOPROXY=file://${FULLDISTDIR}/go_modules
-
-FIX_CLEANUP_PERMISSIONS = Yes
-
-do-test:
- ${SETENV} ${ALL_TEST_ENV} ninja -C ${WRKBUILD} -j ${MAKE_JOBS} run_tests
-
-.include <bsd.port.mk>
+.include <bsd.port.subdir.mk>
Index: distinfo
===================================================================
RCS file: distinfo
diff -N distinfo
--- distinfo 26 Apr 2023 14:55:23 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,18 +0,0 @@
-SHA256 (boringssl-20230425-de2d610a.tar.gz) =
2Bu5eOgBxqNUcTDevIpOjPGgJ/GBatu1ZtbVDTCDppQ=
-SHA256 (go_modules/golang.org/x/crypto/@v/v0.6.0.mod) =
G2poNFWjuIK2rFPyJ1KWDoe9kQQKlNbyxcthJh4jidg=
-SHA256 (go_modules/golang.org/x/crypto/@v/v0.6.0.zip) =
gcqIrzcc/1qERCuijiPY9CzME4fI/hUuVeh7pK+eGsc=
-SHA256 (go_modules/golang.org/x/net/@v/v0.7.0.mod) =
Qex26iFy8+4wMeOPmlNZOaWE1rs170gIVP3LjCAmcBs=
-SHA256 (go_modules/golang.org/x/net/@v/v0.7.0.zip) =
BgVSBkUmqQrJsL3OK6CrNFkt7MlCjRRBw8lyL4U80pA=
-SHA256 (go_modules/golang.org/x/sys/@v/v0.5.0.mod) =
8DMzMJb+GY8xUd7tk/LeunTlC7/nc5E0BFvDt85KUCQ=
-SHA256 (go_modules/golang.org/x/sys/@v/v0.5.0.zip) =
z0czasG/Z1+m1t1axTmbAUPFE0BMRJ+j8zgKWBI8eQg=
-SHA256 (go_modules/golang.org/x/term/@v/v0.5.0.mod) =
DW9YIoqtwaZSjmdV2gGFFlZuOuXFIB963hdz9W+o2TQ=
-SHA256 (go_modules/golang.org/x/term/@v/v0.5.0.zip) =
fYnEmrQTBpUBKKD0t8Z/uOLS9jfs6OAk5s840XozGTs=
-SIZE (boringssl-20230425-de2d610a.tar.gz) = 32281549
-SIZE (go_modules/golang.org/x/crypto/@v/v0.6.0.mod) = 171
-SIZE (go_modules/golang.org/x/crypto/@v/v0.6.0.zip) = 1761232
-SIZE (go_modules/golang.org/x/net/@v/v0.7.0.mod) = 123
-SIZE (go_modules/golang.org/x/net/@v/v0.7.0.zip) = 1559354
-SIZE (go_modules/golang.org/x/sys/@v/v0.5.0.mod) = 33
-SIZE (go_modules/golang.org/x/sys/@v/v0.5.0.zip) = 1886681
-SIZE (go_modules/golang.org/x/term/@v/v0.5.0.mod) = 67
-SIZE (go_modules/golang.org/x/term/@v/v0.5.0.zip) = 19924
Index: fips/Makefile
===================================================================
RCS file: fips/Makefile
diff -N fips/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/Makefile 28 Apr 2023 16:59:05 -0000
@@ -0,0 +1,31 @@
+NOT_FOR_ARCHS = ${BE_ARCHS}
+
+COMMENT = fork of OpenSSL that is designed to meet Google's needs
+
+GH_ACCOUNT = google
+GH_PROJECT = boringssl
+GH_COMMIT = 0c6f40132b828e92ba365c6b7680e32820c63fa7
+DISTNAME = boringssl-fips-20220613
+
+CATEGORIES = security
+
+MAINTAINER = Bob Beck <b...@openbsd.org>, \
+ Theo Buehler <t...@openbsd.org>
+
+# ISC
+PERMIT_PACKAGE = Yes
+
+WANTLIB += ${COMPILER_LIBCXX} c m
+
+# C++14
+COMPILER = base-clang ports-gcc
+
+MODULES = devel/cmake
+CONFIGURE_ARGS += -DCMAKE_INSTALL_PREFIX=${PREFIX}/eboringssl-fips
+
+# XXX picked up for tests, needs more love
+BUILD_DEPENDS = lang/go
+
+PORTHOME = ${WRKSRC}
+
+.include <bsd.port.mk>
Index: fips/distinfo
===================================================================
RCS file: fips/distinfo
diff -N fips/distinfo
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/distinfo 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,2 @@
+SHA256 (boringssl-fips-20220613-0c6f4013.tar.gz) =
74Cpfr7wVFH9ONvafKkwSW+uetEI8yA/iAXwjCXJSlE=
+SIZE (boringssl-fips-20220613-0c6f4013.tar.gz) = 30902288
Index: fips/patches/patch-CMakeLists_txt
===================================================================
RCS file: fips/patches/patch-CMakeLists_txt
diff -N fips/patches/patch-CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-CMakeLists_txt 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,12 @@
+Index: CMakeLists.txt
+--- CMakeLists.txt.orig
++++ CMakeLists.txt
+@@ -132,7 +132,7 @@ endif()
+ if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
+ # Note clang-cl is odd and sets both CLANG and MSVC. We base our
configuration
+ # primarily on our normal Clang one.
+- set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare
-Wmissing-field-initializers -Wwrite-strings -Wvla -Wshadow")
++ set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare
-Wmissing-field-initializers -Wwrite-strings -Wshadow")
+ if(MSVC)
+ # clang-cl sets different default warnings than clang. It also treats
-Wall
+ # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall.
Index: fips/patches/patch-crypto_CMakeLists_txt
===================================================================
RCS file: fips/patches/patch-crypto_CMakeLists_txt
diff -N fips/patches/patch-crypto_CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-crypto_CMakeLists_txt 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,14 @@
+Index: crypto/CMakeLists.txt
+--- crypto/CMakeLists.txt.orig
++++ crypto/CMakeLists.txt
+@@ -266,8 +266,10 @@ add_library(
+ cpu_aarch64_apple.c
+ cpu_aarch64_fuchsia.c
+ cpu_aarch64_linux.c
++ cpu_aarch64_openbsd.c
+ cpu_aarch64_win.c
+ cpu_arm_linux.c
++ cpu_arm_openbsd.c
+ cpu_arm.c
+ cpu_intel.c
+ cpu_ppc64le.c
Index: fips/patches/patch-crypto_cpu_aarch64_openbsd_c
===================================================================
RCS file: fips/patches/patch-crypto_cpu_aarch64_openbsd_c
diff -N fips/patches/patch-crypto_cpu_aarch64_openbsd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-crypto_cpu_aarch64_openbsd_c 28 Apr 2023 15:59:02
-0000
@@ -0,0 +1,61 @@
+Index: crypto/cpu_aarch64_openbsd.c
+--- crypto/cpu_aarch64_openbsd.c.orig
++++ crypto/cpu_aarch64_openbsd.c
+@@ -0,0 +1,57 @@
++/* Copyright (c) 2022, Robert Nagy <rob...@openbsd.org>
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
++ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION
++ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
++ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
++
++#include <openssl/cpu.h>
++
++#if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \
++ !defined(OPENSSL_STATIC_ARMCAP)
++
++#include <sys/sysctl.h>
++#include <machine/cpu.h>
++#include <machine/armreg.h>
++#include <stdio.h>
++
++#include <openssl/arm_arch.h>
++
++#include "internal.h"
++
++extern uint32_t OPENSSL_armcap_P;
++
++void OPENSSL_cpuid_setup(void) {
++ int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 };
++ size_t len = sizeof(uint64_t);
++ uint64_t cpu_id = 0;
++
++ if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0)
++ return;
++
++ OPENSSL_armcap_P |= ARMV7_NEON;
++
++ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE)
++ OPENSSL_armcap_P |= ARMV8_AES;
++
++ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL)
++ OPENSSL_armcap_P |= ARMV8_PMULL;
++
++ if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE)
++ OPENSSL_armcap_P |= ARMV8_SHA1;
++
++ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE)
++ OPENSSL_armcap_P |= ARMV8_SHA256;
++
++ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512)
++ OPENSSL_armcap_P |= ARMV8_SHA512;
++}
++
++#endif // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
Index: fips/patches/patch-crypto_cpu_arm_openbsd_c
===================================================================
RCS file: fips/patches/patch-crypto_cpu_arm_openbsd_c
diff -N fips/patches/patch-crypto_cpu_arm_openbsd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-crypto_cpu_arm_openbsd_c 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,38 @@
+Index: crypto/cpu_arm_openbsd.c
+--- crypto/cpu_arm_openbsd.c.orig
++++ crypto/cpu_arm_openbsd.c
+@@ -0,0 +1,34 @@
++/* Copyright (c) 2023, Google Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
++ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION
++ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
++ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
++
++#include "internal.h"
++
++#if defined(OPENSSL_ARM) && defined(OPENSSL_OPENBSD) && \
++ !defined(OPENSSL_STATIC_ARMCAP)
++#include <stdio.h>
++
++#include <openssl/arm_arch.h>
++
++extern uint32_t OPENSSL_armcap_P;
++
++void OPENSSL_cpuid_setup(void) {
++ unsigned long hwcap = 0, hwcap2 = 0;
++
++ // OpenBSD does not support arm32 machines without NEON
++ OPENSSL_armcap_P |= ARMV7_NEON;
++
++ // OpenBSD does not support v8 features on non aarch64
++}
++
++#endif // OPENSSL_ARM && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
Index: fips/patches/patch-crypto_fipsmodule_rand_urandom_c
===================================================================
RCS file: fips/patches/patch-crypto_fipsmodule_rand_urandom_c
diff -N fips/patches/patch-crypto_fipsmodule_rand_urandom_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-crypto_fipsmodule_rand_urandom_c 28 Apr 2023 15:59:02
-0000
@@ -0,0 +1,28 @@
+Index: crypto/fipsmodule/rand/urandom.c
+--- crypto/fipsmodule/rand/urandom.c.orig
++++ crypto/fipsmodule/rand/urandom.c
+@@ -71,6 +71,12 @@
+ #endif
+ #endif
+
++#if defined(OPENSSL_OPENBSD)
++// getentropy exists in any supported version of OpenBSD
++#define OPENBSD_GETENTROPY
++#include <unistd.h>
++#endif
++
+ #include <openssl/thread.h>
+ #include <openssl/mem.h>
+
+@@ -334,6 +340,11 @@ static int fill_with_entropy(uint8_t *out, size_t len,
+ r = boringssl_getrandom(out, len, getrandom_flags);
+ #elif defined(FREEBSD_GETRANDOM)
+ r = getrandom(out, len, getrandom_flags);
++#elif defined(OPENBSD_GETENTROPY)
++ {
++ size_t todo = len <= 256 ? len : 256;
++ return getentropy(out, todo) != 0 ? -1 : (ssize_t)todo;
++ }
+ #elif defined(OPENSSL_MACOS)
+ if (__builtin_available(macos 10.12, *)) {
+ // |getentropy| can only request 256 bytes at a time.
Index: fips/patches/patch-include_openssl_base_h
===================================================================
RCS file: fips/patches/patch-include_openssl_base_h
diff -N fips/patches/patch-include_openssl_base_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-include_openssl_base_h 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,14 @@
+Index: include/openssl/base.h
+--- include/openssl/base.h.orig
++++ include/openssl/base.h
+@@ -166,6 +166,10 @@ extern "C" {
+ #define OPENSSL_FREEBSD
+ #endif
+
++#if defined(__OpenBSD__)
++#define OPENSSL_OPENBSD
++#endif
++
+ // BoringSSL requires platform's locking APIs to make internal global state
+ // thread-safe, including the PRNG. On some single-threaded embedded
platforms,
+ // locking APIs may not exist, so this dependency may be disabled with the
Index: fips/patches/patch-include_openssl_thread_h
===================================================================
RCS file: fips/patches/patch-include_openssl_thread_h
diff -N fips/patches/patch-include_openssl_thread_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/patches/patch-include_openssl_thread_h 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,11 @@
+Index: include/openssl/thread.h
+--- include/openssl/thread.h.orig
++++ include/openssl/thread.h
+@@ -78,6 +78,7 @@ typedef union crypto_mutex_st {
+ void *handle;
+ } CRYPTO_MUTEX;
+ #elif !defined(__GLIBC__)
++#include <pthread.h>
+ typedef pthread_rwlock_t CRYPTO_MUTEX;
+ #else
+ // On glibc, |pthread_rwlock_t| is hidden under feature flags, and we can't
Index: fips/pkg/DESCR
===================================================================
RCS file: fips/pkg/DESCR
diff -N fips/pkg/DESCR
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/pkg/DESCR 28 Apr 2023 15:59:02 -0000
@@ -0,0 +1,7 @@
+Although BoringSSL is an open source project, it is not intended for
+general use, as OpenSSL is. We don't recommend that third parties
+depend upon it. Doing so is likely to be frustrating because there are
+no guarantees of API or ABI stability.
+
+This is the FIPS branch of boringssl used by Google where FIPS
+certification is required.
Index: fips/pkg/PLIST
===================================================================
RCS file: fips/pkg/PLIST
diff -N fips/pkg/PLIST
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ fips/pkg/PLIST 28 Apr 2023 17:08:06 -0000
@@ -0,0 +1,95 @@
+@option is-branch
+eboringssl-fips/
+eboringssl-fips/bin/
+@bin eboringssl-fips/bin/bssl
+eboringssl-fips/include/
+eboringssl-fips/include/openssl/
+eboringssl-fips/include/openssl/aead.h
+eboringssl-fips/include/openssl/aes.h
+eboringssl-fips/include/openssl/arm_arch.h
+eboringssl-fips/include/openssl/asn1.h
+eboringssl-fips/include/openssl/asn1_mac.h
+eboringssl-fips/include/openssl/asn1t.h
+eboringssl-fips/include/openssl/base.h
+eboringssl-fips/include/openssl/base64.h
+eboringssl-fips/include/openssl/bio.h
+eboringssl-fips/include/openssl/blake2.h
+eboringssl-fips/include/openssl/blowfish.h
+eboringssl-fips/include/openssl/bn.h
+eboringssl-fips/include/openssl/buf.h
+eboringssl-fips/include/openssl/buffer.h
+eboringssl-fips/include/openssl/bytestring.h
+eboringssl-fips/include/openssl/cast.h
+eboringssl-fips/include/openssl/chacha.h
+eboringssl-fips/include/openssl/cipher.h
+eboringssl-fips/include/openssl/cmac.h
+eboringssl-fips/include/openssl/conf.h
+eboringssl-fips/include/openssl/cpu.h
+eboringssl-fips/include/openssl/crypto.h
+eboringssl-fips/include/openssl/ctrdrbg.h
+eboringssl-fips/include/openssl/curve25519.h
+eboringssl-fips/include/openssl/des.h
+eboringssl-fips/include/openssl/dh.h
+eboringssl-fips/include/openssl/digest.h
+eboringssl-fips/include/openssl/dsa.h
+eboringssl-fips/include/openssl/dtls1.h
+eboringssl-fips/include/openssl/e_os2.h
+eboringssl-fips/include/openssl/ec.h
+eboringssl-fips/include/openssl/ec_key.h
+eboringssl-fips/include/openssl/ecdh.h
+eboringssl-fips/include/openssl/ecdsa.h
+eboringssl-fips/include/openssl/engine.h
+eboringssl-fips/include/openssl/err.h
+eboringssl-fips/include/openssl/evp.h
+eboringssl-fips/include/openssl/evp_errors.h
+eboringssl-fips/include/openssl/ex_data.h
+eboringssl-fips/include/openssl/hkdf.h
+eboringssl-fips/include/openssl/hmac.h
+eboringssl-fips/include/openssl/hpke.h
+eboringssl-fips/include/openssl/hrss.h
+eboringssl-fips/include/openssl/is_boringssl.h
+eboringssl-fips/include/openssl/lhash.h
+eboringssl-fips/include/openssl/md4.h
+eboringssl-fips/include/openssl/md5.h
+eboringssl-fips/include/openssl/mem.h
+eboringssl-fips/include/openssl/nid.h
+eboringssl-fips/include/openssl/obj.h
+eboringssl-fips/include/openssl/obj_mac.h
+eboringssl-fips/include/openssl/objects.h
+eboringssl-fips/include/openssl/opensslconf.h
+eboringssl-fips/include/openssl/opensslv.h
+eboringssl-fips/include/openssl/ossl_typ.h
+eboringssl-fips/include/openssl/pem.h
+eboringssl-fips/include/openssl/pkcs12.h
+eboringssl-fips/include/openssl/pkcs7.h
+eboringssl-fips/include/openssl/pkcs8.h
+eboringssl-fips/include/openssl/poly1305.h
+eboringssl-fips/include/openssl/pool.h
+eboringssl-fips/include/openssl/rand.h
+eboringssl-fips/include/openssl/rc4.h
+eboringssl-fips/include/openssl/ripemd.h
+eboringssl-fips/include/openssl/rsa.h
+eboringssl-fips/include/openssl/safestack.h
+eboringssl-fips/include/openssl/service_indicator.h
+eboringssl-fips/include/openssl/sha.h
+eboringssl-fips/include/openssl/siphash.h
+eboringssl-fips/include/openssl/span.h
+eboringssl-fips/include/openssl/srtp.h
+eboringssl-fips/include/openssl/ssl.h
+eboringssl-fips/include/openssl/ssl3.h
+eboringssl-fips/include/openssl/stack.h
+eboringssl-fips/include/openssl/thread.h
+eboringssl-fips/include/openssl/tls1.h
+eboringssl-fips/include/openssl/trust_token.h
+eboringssl-fips/include/openssl/type_check.h
+eboringssl-fips/include/openssl/x509.h
+eboringssl-fips/include/openssl/x509_vfy.h
+eboringssl-fips/include/openssl/x509v3.h
+eboringssl-fips/lib/
+eboringssl-fips/lib/cmake/
+eboringssl-fips/lib/cmake/OpenSSL/
+eboringssl-fips/lib/cmake/OpenSSL/OpenSSLConfig.cmake
+eboringssl-fips/lib/cmake/OpenSSL/OpenSSLTargets${MODCMAKE_BUILD_SUFFIX}
+eboringssl-fips/lib/cmake/OpenSSL/OpenSSLTargets.cmake
+@static-lib eboringssl-fips/lib/libcrypto.a
+@static-lib eboringssl-fips/lib/libssl.a
Index: head/Makefile
===================================================================
RCS file: head/Makefile
diff -N head/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/Makefile 28 Apr 2023 16:59:33 -0000
@@ -0,0 +1,31 @@
+NOT_FOR_ARCHS = ${BE_ARCHS}
+
+COMMENT = fork of OpenSSL that is designed to meet Google's needs
+
+GH_ACCOUNT = google
+GH_PROJECT = boringssl
+GH_COMMIT = de2d610a341f5a4b8c222425890537cb84c91400
+DISTNAME = boringssl-20230425
+
+CATEGORIES = security
+
+MAINTAINER = Bob Beck <b...@openbsd.org>, \
+ Theo Buehler <t...@openbsd.org>
+
+# ISC
+PERMIT_PACKAGE = Yes
+
+WANTLIB += ${COMPILER_LIBCXX} c m
+
+# C++14
+COMPILER = base-clang ports-gcc
+
+MODULES = devel/cmake
+CONFIGURE_ARGS += -DCMAKE_INSTALL_PREFIX=${PREFIX}/eboringssl
+
+# XXX picked up for tests, needs more love
+BUILD_DEPENDS = lang/go
+
+PORTHOME = ${WRKSRC}
+
+.include <bsd.port.mk>
Index: head/distinfo
===================================================================
RCS file: head/distinfo
diff -N head/distinfo
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/distinfo 28 Apr 2023 17:02:04 -0000
@@ -0,0 +1,2 @@
+SHA256 (boringssl-20230425-de2d610a.tar.gz) =
2Bu5eOgBxqNUcTDevIpOjPGgJ/GBatu1ZtbVDTCDppQ=
+SIZE (boringssl-20230425-de2d610a.tar.gz) = 32281549
Index: head/patches/patch-CMakeLists_txt
===================================================================
RCS file: head/patches/patch-CMakeLists_txt
diff -N head/patches/patch-CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-CMakeLists_txt 28 Apr 2023 15:59:06 -0000
@@ -0,0 +1,12 @@
+Index: CMakeLists.txt
+--- CMakeLists.txt.orig
++++ CMakeLists.txt
+@@ -139,7 +139,7 @@ set(CMAKE_C_STANDARD_REQUIRED ON)
+ if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
+ # Note clang-cl is odd and sets both CLANG and MSVC. We base our
configuration
+ # primarily on our normal Clang one.
+- set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare
-Wmissing-field-initializers -Wwrite-strings -Wvla -Wshadow -Wtype-limits")
++ set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare
-Wmissing-field-initializers -Wwrite-strings -Wshadow -Wtype-limits")
+ if(MSVC)
+ # clang-cl sets different default warnings than clang. It also treats
-Wall
+ # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall.
Index: head/patches/patch-crypto_CMakeLists_txt
===================================================================
RCS file: head/patches/patch-crypto_CMakeLists_txt
diff -N head/patches/patch-crypto_CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-crypto_CMakeLists_txt 28 Apr 2023 15:59:06 -0000
@@ -0,0 +1,16 @@
+Index: crypto/CMakeLists.txt
+--- crypto/CMakeLists.txt.orig
++++ crypto/CMakeLists.txt
+@@ -126,10 +126,12 @@ add_library(
+ conf/conf.c
+ cpu_aarch64_apple.c
+ cpu_aarch64_freebsd.c
++ cpu_aarch64_openbsd.c
+ cpu_aarch64_fuchsia.c
+ cpu_aarch64_linux.c
+ cpu_aarch64_win.c
+ cpu_arm_freebsd.c
++ cpu_arm_openbsd.c
+ cpu_arm_linux.c
+ cpu_arm.c
+ cpu_intel.c
Index: head/patches/patch-crypto_cpu_aarch64_openbsd_c
===================================================================
RCS file: head/patches/patch-crypto_cpu_aarch64_openbsd_c
diff -N head/patches/patch-crypto_cpu_aarch64_openbsd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-crypto_cpu_aarch64_openbsd_c 28 Apr 2023 15:59:06
-0000
@@ -0,0 +1,61 @@
+Index: crypto/cpu_aarch64_openbsd.c
+--- crypto/cpu_aarch64_openbsd.c.orig
++++ crypto/cpu_aarch64_openbsd.c
+@@ -0,0 +1,57 @@
++/* Copyright (c) 2022, Robert Nagy <rob...@openbsd.org>
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
++ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION
++ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
++ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
++
++#include <openssl/cpu.h>
++
++#if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \
++ !defined(OPENSSL_STATIC_ARMCAP)
++
++#include <sys/sysctl.h>
++#include <machine/cpu.h>
++#include <machine/armreg.h>
++#include <stdio.h>
++
++#include <openssl/arm_arch.h>
++
++#include "internal.h"
++
++extern uint32_t OPENSSL_armcap_P;
++
++void OPENSSL_cpuid_setup(void) {
++ int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 };
++ size_t len = sizeof(uint64_t);
++ uint64_t cpu_id = 0;
++
++ if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0)
++ return;
++
++ OPENSSL_armcap_P |= ARMV7_NEON;
++
++ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE)
++ OPENSSL_armcap_P |= ARMV8_AES;
++
++ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL)
++ OPENSSL_armcap_P |= ARMV8_PMULL;
++
++ if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE)
++ OPENSSL_armcap_P |= ARMV8_SHA1;
++
++ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE)
++ OPENSSL_armcap_P |= ARMV8_SHA256;
++
++ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512)
++ OPENSSL_armcap_P |= ARMV8_SHA512;
++}
++
++#endif // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
Index: head/patches/patch-crypto_cpu_arm_openbsd_c
===================================================================
RCS file: head/patches/patch-crypto_cpu_arm_openbsd_c
diff -N head/patches/patch-crypto_cpu_arm_openbsd_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-crypto_cpu_arm_openbsd_c 28 Apr 2023 15:59:06 -0000
@@ -0,0 +1,38 @@
+Index: crypto/cpu_arm_openbsd.c
+--- crypto/cpu_arm_openbsd.c.orig
++++ crypto/cpu_arm_openbsd.c
+@@ -0,0 +1,34 @@
++/* Copyright (c) 2023, Google Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
++ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION
++ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
++ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
++
++#include "internal.h"
++
++#if defined(OPENSSL_ARM) && defined(OPENSSL_OPENBSD) && \
++ !defined(OPENSSL_STATIC_ARMCAP)
++#include <stdio.h>
++
++#include <openssl/arm_arch.h>
++
++extern uint32_t OPENSSL_armcap_P;
++
++void OPENSSL_cpuid_setup(void) {
++ unsigned long hwcap = 0, hwcap2 = 0;
++
++ // OpenBSD does not support arm32 machines without NEON
++ OPENSSL_armcap_P |= ARMV7_NEON;
++
++ // OpenBSD does not support v8 features on non aarch64
++}
++
++#endif // OPENSSL_ARM && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
Index: head/patches/patch-crypto_fipsmodule_rand_urandom_c
===================================================================
RCS file: head/patches/patch-crypto_fipsmodule_rand_urandom_c
diff -N head/patches/patch-crypto_fipsmodule_rand_urandom_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-crypto_fipsmodule_rand_urandom_c 28 Apr 2023 15:59:06
-0000
@@ -0,0 +1,28 @@
+Index: crypto/fipsmodule/rand/urandom.c
+--- crypto/fipsmodule/rand/urandom.c.orig
++++ crypto/fipsmodule/rand/urandom.c
+@@ -68,6 +68,12 @@
+ #include <sys/random.h>
+ #endif
+
++#if defined(OPENSSL_OPENBSD)
++// getentropy exists in any supported version of OpenBSD
++#define OPENBSD_GETENTROPY
++#include <unistd.h>
++#endif
++
+ #include <openssl/thread.h>
+ #include <openssl/mem.h>
+
+@@ -300,6 +306,11 @@ static int fill_with_entropy(uint8_t *out, size_t len,
+ r = boringssl_getrandom(out, len, getrandom_flags);
+ #elif defined(FREEBSD_GETRANDOM)
+ r = getrandom(out, len, getrandom_flags);
++#elif defined(OPENBSD_GETENTROPY)
++ {
++ size_t todo = len <= 256 ? len : 256;
++ return getentropy(out, todo) != 0 ? -1 : (ssize_t)todo;
++ }
+ #elif defined(OPENSSL_MACOS)
+ if (__builtin_available(macos 10.12, *)) {
+ // |getentropy| can only request 256 bytes at a time.
Index: head/patches/patch-include_openssl_base_h
===================================================================
RCS file: head/patches/patch-include_openssl_base_h
diff -N head/patches/patch-include_openssl_base_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-include_openssl_base_h 28 Apr 2023 15:59:06 -0000
@@ -0,0 +1,14 @@
+Index: include/openssl/base.h
+--- include/openssl/base.h.orig
++++ include/openssl/base.h
+@@ -164,6 +164,10 @@ extern "C" {
+ #define OPENSSL_FREEBSD
+ #endif
+
++#if defined(__OpenBSD__)
++#define OPENSSL_OPENBSD
++#endif
++
+ // BoringSSL requires platform's locking APIs to make internal global state
+ // thread-safe, including the PRNG. On some single-threaded embedded
platforms,
+ // locking APIs may not exist, so this dependency may be disabled with the
Index: head/patches/patch-include_openssl_thread_h
===================================================================
RCS file: head/patches/patch-include_openssl_thread_h
diff -N head/patches/patch-include_openssl_thread_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/patches/patch-include_openssl_thread_h 28 Apr 2023 15:59:06 -0000
@@ -0,0 +1,11 @@
+Index: include/openssl/thread.h
+--- include/openssl/thread.h.orig
++++ include/openssl/thread.h
+@@ -78,6 +78,7 @@ typedef union crypto_mutex_st {
+ void *handle;
+ } CRYPTO_MUTEX;
+ #elif !defined(__GLIBC__)
++#include <pthread.h>
+ typedef pthread_rwlock_t CRYPTO_MUTEX;
+ #else
+ // On glibc, |pthread_rwlock_t| is hidden under feature flags, and we can't
Index: head/pkg/DESCR
===================================================================
RCS file: head/pkg/DESCR
diff -N head/pkg/DESCR
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/pkg/DESCR 28 Apr 2023 15:59:06 -0000
@@ -0,0 +1,4 @@
+Although BoringSSL is an open source project, it is not intended for
+general use, as OpenSSL is. We don't recommend that third parties
+depend upon it. Doing so is likely to be frustrating because there are
+no guarantees of API or ABI stability.
Index: head/pkg/PLIST
===================================================================
RCS file: head/pkg/PLIST
diff -N head/pkg/PLIST
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ head/pkg/PLIST 28 Apr 2023 17:08:07 -0000
@@ -0,0 +1,99 @@
+@option is-branch
+@pkgpath security/boringssl
+eboringssl/
+eboringssl/bin/
+@bin eboringssl/bin/bssl
+eboringssl/include/
+eboringssl/include/openssl/
+eboringssl/include/openssl/aead.h
+eboringssl/include/openssl/aes.h
+eboringssl/include/openssl/arm_arch.h
+eboringssl/include/openssl/asn1.h
+eboringssl/include/openssl/asn1_mac.h
+eboringssl/include/openssl/asn1t.h
+eboringssl/include/openssl/base.h
+eboringssl/include/openssl/base64.h
+eboringssl/include/openssl/bio.h
+eboringssl/include/openssl/blake2.h
+eboringssl/include/openssl/blowfish.h
+eboringssl/include/openssl/bn.h
+eboringssl/include/openssl/buf.h
+eboringssl/include/openssl/buffer.h
+eboringssl/include/openssl/bytestring.h
+eboringssl/include/openssl/cast.h
+eboringssl/include/openssl/chacha.h
+eboringssl/include/openssl/cipher.h
+eboringssl/include/openssl/cmac.h
+eboringssl/include/openssl/conf.h
+eboringssl/include/openssl/cpu.h
+eboringssl/include/openssl/crypto.h
+eboringssl/include/openssl/ctrdrbg.h
+eboringssl/include/openssl/curve25519.h
+eboringssl/include/openssl/des.h
+eboringssl/include/openssl/dh.h
+eboringssl/include/openssl/digest.h
+eboringssl/include/openssl/dsa.h
+eboringssl/include/openssl/dtls1.h
+eboringssl/include/openssl/e_os2.h
+eboringssl/include/openssl/ec.h
+eboringssl/include/openssl/ec_key.h
+eboringssl/include/openssl/ecdh.h
+eboringssl/include/openssl/ecdsa.h
+eboringssl/include/openssl/engine.h
+eboringssl/include/openssl/err.h
+eboringssl/include/openssl/evp.h
+eboringssl/include/openssl/evp_errors.h
+eboringssl/include/openssl/ex_data.h
+eboringssl/include/openssl/hkdf.h
+eboringssl/include/openssl/hmac.h
+eboringssl/include/openssl/hpke.h
+eboringssl/include/openssl/hrss.h
+eboringssl/include/openssl/is_boringssl.h
+eboringssl/include/openssl/kdf.h
+eboringssl/include/openssl/kyber.h
+eboringssl/include/openssl/lhash.h
+eboringssl/include/openssl/md4.h
+eboringssl/include/openssl/md5.h
+eboringssl/include/openssl/mem.h
+eboringssl/include/openssl/nid.h
+eboringssl/include/openssl/obj.h
+eboringssl/include/openssl/obj_mac.h
+eboringssl/include/openssl/objects.h
+eboringssl/include/openssl/opensslconf.h
+eboringssl/include/openssl/opensslv.h
+eboringssl/include/openssl/ossl_typ.h
+eboringssl/include/openssl/pem.h
+eboringssl/include/openssl/pkcs12.h
+eboringssl/include/openssl/pkcs7.h
+eboringssl/include/openssl/pkcs8.h
+eboringssl/include/openssl/poly1305.h
+eboringssl/include/openssl/pool.h
+eboringssl/include/openssl/rand.h
+eboringssl/include/openssl/rc4.h
+eboringssl/include/openssl/ripemd.h
+eboringssl/include/openssl/rsa.h
+eboringssl/include/openssl/safestack.h
+eboringssl/include/openssl/service_indicator.h
+eboringssl/include/openssl/sha.h
+eboringssl/include/openssl/siphash.h
+eboringssl/include/openssl/span.h
+eboringssl/include/openssl/srtp.h
+eboringssl/include/openssl/ssl.h
+eboringssl/include/openssl/ssl3.h
+eboringssl/include/openssl/stack.h
+eboringssl/include/openssl/thread.h
+eboringssl/include/openssl/time.h
+eboringssl/include/openssl/tls1.h
+eboringssl/include/openssl/trust_token.h
+eboringssl/include/openssl/type_check.h
+eboringssl/include/openssl/x509.h
+eboringssl/include/openssl/x509_vfy.h
+eboringssl/include/openssl/x509v3.h
+eboringssl/lib/
+eboringssl/lib/cmake/
+eboringssl/lib/cmake/OpenSSL/
+eboringssl/lib/cmake/OpenSSL/OpenSSLConfig.cmake
+eboringssl/lib/cmake/OpenSSL/OpenSSLTargets${MODCMAKE_BUILD_SUFFIX}
+eboringssl/lib/cmake/OpenSSL/OpenSSLTargets.cmake
+@static-lib eboringssl/lib/libcrypto.a
+@static-lib eboringssl/lib/libssl.a
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: patches/patch-CMakeLists_txt
diff -N patches/patch-CMakeLists_txt
--- patches/patch-CMakeLists_txt 25 Apr 2023 19:16:30 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-Index: CMakeLists.txt
---- CMakeLists.txt.orig
-+++ CMakeLists.txt
-@@ -139,7 +139,7 @@ set(CMAKE_C_STANDARD_REQUIRED ON)
- if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
- # Note clang-cl is odd and sets both CLANG and MSVC. We base our
configuration
- # primarily on our normal Clang one.
-- set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare
-Wmissing-field-initializers -Wwrite-strings -Wvla -Wshadow -Wtype-limits")
-+ set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare
-Wmissing-field-initializers -Wwrite-strings -Wshadow -Wtype-limits")
- if(MSVC)
- # clang-cl sets different default warnings than clang. It also treats
-Wall
- # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall.
Index: patches/patch-crypto_CMakeLists_txt
===================================================================
RCS file: patches/patch-crypto_CMakeLists_txt
diff -N patches/patch-crypto_CMakeLists_txt
--- patches/patch-crypto_CMakeLists_txt 25 Apr 2023 19:16:30 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,16 +0,0 @@
-Index: crypto/CMakeLists.txt
---- crypto/CMakeLists.txt.orig
-+++ crypto/CMakeLists.txt
-@@ -126,10 +126,12 @@ add_library(
- conf/conf.c
- cpu_aarch64_apple.c
- cpu_aarch64_freebsd.c
-+ cpu_aarch64_openbsd.c
- cpu_aarch64_fuchsia.c
- cpu_aarch64_linux.c
- cpu_aarch64_win.c
- cpu_arm_freebsd.c
-+ cpu_arm_openbsd.c
- cpu_arm_linux.c
- cpu_arm.c
- cpu_intel.c
Index: patches/patch-crypto_cpu_aarch64_openbsd_c
===================================================================
RCS file: patches/patch-crypto_cpu_aarch64_openbsd_c
diff -N patches/patch-crypto_cpu_aarch64_openbsd_c
--- patches/patch-crypto_cpu_aarch64_openbsd_c 25 Apr 2023 19:16:30 -0000
1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,61 +0,0 @@
-Index: crypto/cpu_aarch64_openbsd.c
---- crypto/cpu_aarch64_openbsd.c.orig
-+++ crypto/cpu_aarch64_openbsd.c
-@@ -0,0 +1,57 @@
-+/* Copyright (c) 2022, Robert Nagy <rob...@openbsd.org>
-+ *
-+ * Permission to use, copy, modify, and/or distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION
-+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-+
-+#include <openssl/cpu.h>
-+
-+#if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \
-+ !defined(OPENSSL_STATIC_ARMCAP)
-+
-+#include <sys/sysctl.h>
-+#include <machine/cpu.h>
-+#include <machine/armreg.h>
-+#include <stdio.h>
-+
-+#include <openssl/arm_arch.h>
-+
-+#include "internal.h"
-+
-+extern uint32_t OPENSSL_armcap_P;
-+
-+void OPENSSL_cpuid_setup(void) {
-+ int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 };
-+ size_t len = sizeof(uint64_t);
-+ uint64_t cpu_id = 0;
-+
-+ if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0)
-+ return;
-+
-+ OPENSSL_armcap_P |= ARMV7_NEON;
-+
-+ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE)
-+ OPENSSL_armcap_P |= ARMV8_AES;
-+
-+ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL)
-+ OPENSSL_armcap_P |= ARMV8_PMULL;
-+
-+ if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE)
-+ OPENSSL_armcap_P |= ARMV8_SHA1;
-+
-+ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE)
-+ OPENSSL_armcap_P |= ARMV8_SHA256;
-+
-+ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512)
-+ OPENSSL_armcap_P |= ARMV8_SHA512;
-+}
-+
-+#endif // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
Index: patches/patch-crypto_cpu_arm_openbsd_c
===================================================================
RCS file: patches/patch-crypto_cpu_arm_openbsd_c
diff -N patches/patch-crypto_cpu_arm_openbsd_c
--- patches/patch-crypto_cpu_arm_openbsd_c 25 Apr 2023 19:16:30 -0000
1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,38 +0,0 @@
-Index: crypto/cpu_arm_openbsd.c
---- crypto/cpu_arm_openbsd.c.orig
-+++ crypto/cpu_arm_openbsd.c
-@@ -0,0 +1,34 @@
-+/* Copyright (c) 2023, Google Inc.
-+ *
-+ * Permission to use, copy, modify, and/or distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION
-+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-+
-+#include "internal.h"
-+
-+#if defined(OPENSSL_ARM) && defined(OPENSSL_OPENBSD) && \
-+ !defined(OPENSSL_STATIC_ARMCAP)
-+#include <stdio.h>
-+
-+#include <openssl/arm_arch.h>
-+
-+extern uint32_t OPENSSL_armcap_P;
-+
-+void OPENSSL_cpuid_setup(void) {
-+ unsigned long hwcap = 0, hwcap2 = 0;
-+
-+ // OpenBSD does not support arm32 machines without NEON
-+ OPENSSL_armcap_P |= ARMV7_NEON;
-+
-+ // OpenBSD does not support v8 features on non aarch64
-+}
-+
-+#endif // OPENSSL_ARM && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
Index: patches/patch-crypto_fipsmodule_rand_urandom_c
===================================================================
RCS file: patches/patch-crypto_fipsmodule_rand_urandom_c
diff -N patches/patch-crypto_fipsmodule_rand_urandom_c
--- patches/patch-crypto_fipsmodule_rand_urandom_c 25 Apr 2023 19:16:30
-0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,28 +0,0 @@
-Index: crypto/fipsmodule/rand/urandom.c
---- crypto/fipsmodule/rand/urandom.c.orig
-+++ crypto/fipsmodule/rand/urandom.c
-@@ -68,6 +68,12 @@
- #include <sys/random.h>
- #endif
-
-+#if defined(OPENSSL_OPENBSD)
-+// getentropy exists in any supported version of OpenBSD
-+#define OPENBSD_GETENTROPY
-+#include <unistd.h>
-+#endif
-+
- #include <openssl/thread.h>
- #include <openssl/mem.h>
-
-@@ -300,6 +306,11 @@ static int fill_with_entropy(uint8_t *out, size_t len,
- r = boringssl_getrandom(out, len, getrandom_flags);
- #elif defined(FREEBSD_GETRANDOM)
- r = getrandom(out, len, getrandom_flags);
-+#elif defined(OPENBSD_GETENTROPY)
-+ {
-+ size_t todo = len <= 256 ? len : 256;
-+ return getentropy(out, todo) != 0 ? -1 : (ssize_t)todo;
-+ }
- #elif defined(OPENSSL_MACOS)
- if (__builtin_available(macos 10.12, *)) {
- // |getentropy| can only request 256 bytes at a time.
Index: patches/patch-include_openssl_base_h
===================================================================
RCS file: patches/patch-include_openssl_base_h
diff -N patches/patch-include_openssl_base_h
--- patches/patch-include_openssl_base_h 25 Apr 2023 19:16:30 -0000
1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-Index: include/openssl/base.h
---- include/openssl/base.h.orig
-+++ include/openssl/base.h
-@@ -164,6 +164,10 @@ extern "C" {
- #define OPENSSL_FREEBSD
- #endif
-
-+#if defined(__OpenBSD__)
-+#define OPENSSL_OPENBSD
-+#endif
-+
- // BoringSSL requires platform's locking APIs to make internal global state
- // thread-safe, including the PRNG. On some single-threaded embedded
platforms,
- // locking APIs may not exist, so this dependency may be disabled with the
Index: patches/patch-include_openssl_thread_h
===================================================================
RCS file: patches/patch-include_openssl_thread_h
diff -N patches/patch-include_openssl_thread_h
--- patches/patch-include_openssl_thread_h 25 Apr 2023 19:16:30 -0000
1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,11 +0,0 @@
-Index: include/openssl/thread.h
---- include/openssl/thread.h.orig
-+++ include/openssl/thread.h
-@@ -78,6 +78,7 @@ typedef union crypto_mutex_st {
- void *handle;
- } CRYPTO_MUTEX;
- #elif !defined(__GLIBC__)
-+#include <pthread.h>
- typedef pthread_rwlock_t CRYPTO_MUTEX;
- #else
- // On glibc, |pthread_rwlock_t| is hidden under feature flags, and we can't
Index: pkg/DESCR
===================================================================
RCS file: pkg/DESCR
diff -N pkg/DESCR
--- pkg/DESCR 25 Apr 2023 19:16:30 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,4 +0,0 @@
-Although BoringSSL is an open source project, it is not intended for
-general use, as OpenSSL is. We don't recommend that third parties
-depend upon it. Doing so is likely to be frustrating because there are
-no guarantees of API or ABI stability.
Index: pkg/PLIST
===================================================================
RCS file: pkg/PLIST
diff -N pkg/PLIST
--- pkg/PLIST 25 Apr 2023 19:16:30 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,97 +0,0 @@
-eboringssl/
-eboringssl/bin/
-@bin eboringssl/bin/bssl
-eboringssl/include/
-eboringssl/include/openssl/
-eboringssl/include/openssl/aead.h
-eboringssl/include/openssl/aes.h
-eboringssl/include/openssl/arm_arch.h
-eboringssl/include/openssl/asn1.h
-eboringssl/include/openssl/asn1_mac.h
-eboringssl/include/openssl/asn1t.h
-eboringssl/include/openssl/base.h
-eboringssl/include/openssl/base64.h
-eboringssl/include/openssl/bio.h
-eboringssl/include/openssl/blake2.h
-eboringssl/include/openssl/blowfish.h
-eboringssl/include/openssl/bn.h
-eboringssl/include/openssl/buf.h
-eboringssl/include/openssl/buffer.h
-eboringssl/include/openssl/bytestring.h
-eboringssl/include/openssl/cast.h
-eboringssl/include/openssl/chacha.h
-eboringssl/include/openssl/cipher.h
-eboringssl/include/openssl/cmac.h
-eboringssl/include/openssl/conf.h
-eboringssl/include/openssl/cpu.h
-eboringssl/include/openssl/crypto.h
-eboringssl/include/openssl/ctrdrbg.h
-eboringssl/include/openssl/curve25519.h
-eboringssl/include/openssl/des.h
-eboringssl/include/openssl/dh.h
-eboringssl/include/openssl/digest.h
-eboringssl/include/openssl/dsa.h
-eboringssl/include/openssl/dtls1.h
-eboringssl/include/openssl/e_os2.h
-eboringssl/include/openssl/ec.h
-eboringssl/include/openssl/ec_key.h
-eboringssl/include/openssl/ecdh.h
-eboringssl/include/openssl/ecdsa.h
-eboringssl/include/openssl/engine.h
-eboringssl/include/openssl/err.h
-eboringssl/include/openssl/evp.h
-eboringssl/include/openssl/evp_errors.h
-eboringssl/include/openssl/ex_data.h
-eboringssl/include/openssl/hkdf.h
-eboringssl/include/openssl/hmac.h
-eboringssl/include/openssl/hpke.h
-eboringssl/include/openssl/hrss.h
-eboringssl/include/openssl/is_boringssl.h
-eboringssl/include/openssl/kdf.h
-eboringssl/include/openssl/kyber.h
-eboringssl/include/openssl/lhash.h
-eboringssl/include/openssl/md4.h
-eboringssl/include/openssl/md5.h
-eboringssl/include/openssl/mem.h
-eboringssl/include/openssl/nid.h
-eboringssl/include/openssl/obj.h
-eboringssl/include/openssl/obj_mac.h
-eboringssl/include/openssl/objects.h
-eboringssl/include/openssl/opensslconf.h
-eboringssl/include/openssl/opensslv.h
-eboringssl/include/openssl/ossl_typ.h
-eboringssl/include/openssl/pem.h
-eboringssl/include/openssl/pkcs12.h
-eboringssl/include/openssl/pkcs7.h
-eboringssl/include/openssl/pkcs8.h
-eboringssl/include/openssl/poly1305.h
-eboringssl/include/openssl/pool.h
-eboringssl/include/openssl/rand.h
-eboringssl/include/openssl/rc4.h
-eboringssl/include/openssl/ripemd.h
-eboringssl/include/openssl/rsa.h
-eboringssl/include/openssl/safestack.h
-eboringssl/include/openssl/service_indicator.h
-eboringssl/include/openssl/sha.h
-eboringssl/include/openssl/siphash.h
-eboringssl/include/openssl/span.h
-eboringssl/include/openssl/srtp.h
-eboringssl/include/openssl/ssl.h
-eboringssl/include/openssl/ssl3.h
-eboringssl/include/openssl/stack.h
-eboringssl/include/openssl/thread.h
-eboringssl/include/openssl/time.h
-eboringssl/include/openssl/tls1.h
-eboringssl/include/openssl/trust_token.h
-eboringssl/include/openssl/type_check.h
-eboringssl/include/openssl/x509.h
-eboringssl/include/openssl/x509_vfy.h
-eboringssl/include/openssl/x509v3.h
-eboringssl/lib/
-eboringssl/lib/cmake/
-eboringssl/lib/cmake/OpenSSL/
-eboringssl/lib/cmake/OpenSSL/OpenSSLConfig.cmake
-eboringssl/lib/cmake/OpenSSL/OpenSSLTargets${MODCMAKE_BUILD_SUFFIX}
-eboringssl/lib/cmake/OpenSSL/OpenSSLTargets.cmake
-@static-lib eboringssl/lib/libcrypto.a
-@static-lib eboringssl/lib/libssl.a
