The axTLS project is an SSL client/server library using the TLSv1

protocol.  It is designed to be small and fast, and is suited to
embedded projects.  A web server is included.

WWW: http://http://axtls.sourceforge.net/

PR:		ports/177790
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp>

8 files changed, 408 insertions, 0 deletions

diff --git a/security/axTLS/Makefile b/security/axTLS/Makefile
new file mode 100644
index 000000000000..0e12a423f80d
--- /dev/null
+++ b/security/axTLS/Makefile
@@ -0,0 +1,204 @@
+# Created by: Hirohisa Yamaguchi <umq@ueo.co.jp>
+# $FreeBSD$
+
+PORTNAME=	axTLS
+PORTVERSION=	1.4.9
+CATEGORIES=	security devel net
+MASTER_SITES=	SF
+MASTER_SITE_SUBDIR=	${PORTNAME:L}/${PORTVERSION}
+
+MAINTAINER=	umq@ueo.co.jp
+COMMENT=	SSL/TLS client/server library implementation
+
+LICENSE=	BSD
+
+OPTIONS_DEFINE=	COMPAT_OPENSSL HTTPD TLSWRAP X509 PERL DOCS DEBUG TEST
+OPTIONS_SINGLE=	MODE PROT
+OPTIONS_SINGLE_MODE=	SERVER_ONLY CERT_VERIFICATION ENABLE_CLIENT \
+			FULL_MODE SKELETON_MODE
+OPTIONS_SINGLE_PROT=	LOW MEDIUM HIGH
+OPTIONS_DEFAULT=	FULL_MODE MEDIUM
+COMPAT_OPENSSL_DESC=	OpenSSL compatible API
+TLSWRAP_DESC=		Build TLS wrapper like sslwrap
+X509_DESC=		Generate X.509 Certificate
+PERL_DESC=		Perl bindings or support
+DOCS_DESC=		Build and/or install documentation (require doxygen)
+TEST_DESC=		Build test suite when available
+MODE_DESC=		SSL Library mode
+PROT_DESC=		Protocol Preference
+SERVER_ONLY_DESC=	Server only (no verification)
+CERT_VERIFICATION_DESC=	Server only (with verification)
+ENABLE_CLIENT_DESC=	Client/Server enabled
+FULL_MODE_DESC=		Client/Server enabled with diagnostics
+SKELETON_MODE_DESC=	The smallest library with least performance (experimental)
+LOW_DESC=		Use the fastest cipher(s) but at the expense of security
+MEDIUM_DESC=		Balance between speed and security
+HIGH_DESC=		Use the strongest cipher(s) at the cost of speed
+
+CONFIG_SUB=	PREFIX=\"${PREFIX}\" WWWDIR=\"${WWWDIR}\" \
+		HTTP_PORT=${WITH_HTTP_PORT} SSL_PORT=${WITH_SSL_PORT}
+NO_OPTIONS_SORT=yes
+USE_GMAKE=	yes
+USE_LDCONFIG=	yes
+WRKSRC=		${WRKDIR}/${PORTNAME}
+STAGE=		${WRKSRC}/_stage
+
+WITH_HTTP_PORT?=	80
+WITH_SSL_PORT?=		443
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MSERVER_ONLY}
+CONFIG_SUB+=	SERVER_ONLY=""
+.else
+CONFIG_SUB+=	SERVER_ONLY="\# "
+.endif
+.if ${PORT_OPTIONS:MCERT_VERIFICATION}
+CONFIG_SUB+=	CERT_VERIFICATION=""
+.else
+CONFIG_SUB+=	CERT_VERIFICATION="\# "
+.endif
+.if ${PORT_OPTIONS:MENABLE_CLIENT}
+CONFIG_SUB+=	ENABLE_CLIENT=""
+.else
+CONFIG_SUB+=	ENABLE_CLIENT="\# "
+.endif
+.if ${PORT_OPTIONS:MFULL_MODE}
+CONFIG_SUB+=	FULL_MODE=""
+.else
+CONFIG_SUB+=	FULL_MODE="\# "
+.endif
+.if ${PORT_OPTIONS:MSKELETON_MODE}
+CONFIG_SUB+=	SKELETON_MODE=""
+.else
+CONFIG_SUB+=	SKELETON_MODE="\# "
+.endif
+
+.if ${PORT_OPTIONS:MHIGH}
+CONFIG_SUB+=	PROT_HIGH=""
+.else
+CONFIG_SUB+=	PROT_HIGH="\# "
+.endif
+.if ${PORT_OPTIONS:MMEDIUM}
+CONFIG_SUB+=	PROT_MEDIUM=""
+.else
+CONFIG_SUB+=	PROT_MEDIUM="\# "
+.endif
+.if ${PORT_OPTIONS:MLOW}
+CONFIG_SUB+=	PROT_LOW=""
+.else
+CONFIG_SUB+=	PROT_LOW="\# "
+.endif
+
+.if ${PORT_OPTIONS:MCOMPAT_OPENSSL}
+CONFIG_SUB+=	COMPAT_OPENSSL=""
+.else
+CONFIG_SUB+=	COMPAT_OPENSSL="\# "
+.endif
+
+.if ${PORT_OPTIONS:MHTTPD}
+CONFIG_SUB+=	HTTPD=""
+PLIST_SUB+=	HTTPD=""
+.else
+CONFIG_SUB+=	HTTPD="\# "
+PLIST_SUB+=	HTTPD="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MTLSWRAP}
+CONFIG_SUB+=	TLSWRAP=""
+PLIST_SUB+=	TLSWRAP=""
+.else
+CONFIG_SUB+=	TLSWRAP="\# "
+PLIST_SUB+=	TLSWRAP="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MX509}
+CONFIG_SUB+=	X509=""
+.else
+CONFIG_SUB+=	X509="\# "
+.endif
+
+.if ${PORT_OPTIONS:MPERL}
+BUILD_DEPENDS+=	swig:${PORTSDIR}/devel/swig13
+CONFIG_SUB+=	PERL=""
+PLIST_SUB+=	PERL=""
+USE_PERL5=	yes
+.else
+CONFIG_SUB+=	PERL="\# "
+PLIST_SUB+=	PERL="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MDOCS}
+BUILD_DEPENDS+=	doxygen:${PORTSDIR}/devel/doxygen
+PORTDOCS=	*
+.endif
+
+.if ${PORT_OPTIONS:MDEBUG}
+CONFIG_SUB+=	DEBUG=""
+.else
+CONFIG_SUB+=	DEBUG="\# "
+.endif
+
+.if ${PORT_OPTIONS:MTEST}
+. if ${PORT_OPTIONS:MCERT_VERIFICATION} || \
+	${PORT_OPTIONS:MENABLE_CLIENT} || \
+	${PORT_OPTIONS:MFULL_MODE}
+CONFIG_SUB+=	TEST_PERF=""
+. else
+CONFIG_SUB+=	TEST_PERF="\# "
+. endif
+. if ${PORT_OPTIONS:MFULL_MODE} && empty(PORT_OPTIONS:MX509)
+CONFIG_SUB+=	TEST_SSL=""
+. else
+CONFIG_SUB+=	TEST_SSL="\# "
+. endif
+.else
+CONFIG_SUB+=	TEST_PERF="\# " \
+		TEST_SSL="\# "
+.endif
+
+_CONFIG_SUB_TEMP=	${CONFIG_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/}
+
+do-configure:
+	@${SED} ${_CONFIG_SUB_TEMP} \
+	-e '/^\([^#]*\) is not set$$/s//\1=y/' \
+	${FILESDIR}/data-.config.in > ${WRKSRC}/config/.config
+	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${GMAKE} ${MAKE_FLAGS} \
+	${MAKEFILE} ${_MAKE_JOBS} ${MAKE_ARGS} oldconfig
+
+do-install:
+	${INSTALL_LIB} ${STAGE}/libaxtls.a ${PREFIX}/lib/
+	${INSTALL_LIB} ${STAGE}/libaxtls.so.1.2 ${PREFIX}/lib/
+	${LN} -fs ${PREFIX}/lib/libaxtls.so.1.2 ${PREFIX}/lib/libaxtls.so.1
+	${LN} -fs ${PREFIX}/lib/libaxtls.so.1 ${PREFIX}/lib/libaxtls.so
+	${INSTALL_PROGRAM} ${STAGE}/axssl ${PREFIX}/bin/
+.if ${PORT_OPTIONS:MHTTPD}
+	${INSTALL_PROGRAM} ${STAGE}/htpasswd ${PREFIX}/bin/axhtpasswd
+	${INSTALL_PROGRAM} ${STAGE}/axhttpd ${PREFIX}/bin/
+.endif
+.if ${PORT_OPTIONS:MTLSWRAP}
+	${INSTALL_PROGRAM} ${STAGE}/axtlswrap ${PREFIX}/bin/
+.endif
+.if ${PORT_OPTIONS:MPERL}
+	@${MKDIR} ${PREFIX}/${SITE_PERL_REL}/${PERL_ARCH}/auto
+	${INSTALL_SCRIPT} ${STAGE}/axssl.pl ${PREFIX}/bin/
+	${INSTALL_SCRIPT} ${STAGE}/axtlsp.pm ${PREFIX}/${SITE_PERL_REL}/${PERL_ARCH}/
+	${INSTALL_LIB} ${STAGE}/libaxtlsp.so ${PREFIX}/${SITE_PERL_REL}/${PERL_ARCH}/auto/
+.endif
+	@${MKDIR} ${PREFIX}/include/axTLS
+	${INSTALL_DATA} ${WRKSRC}/crypto/*.h ${PREFIX}/include/axTLS/
+	${INSTALL_DATA} ${WRKSRC}/ssl/*.h ${PREFIX}/include/axTLS/
+	${RM} ${PREFIX}/include/axTLS/cert.h
+	${RM} ${PREFIX}/include/axTLS/private_key.h
+	${RM} ${PREFIX}/include/axTLS/os_port.h
+	${INSTALL_DATA} ${WRKSRC}/config/config.h ${PREFIX}/include/axTLS/
+.if ${PORT_OPTIONS:MDOCS}
+	cd ${WRKSRC} && ${GMAKE} docs
+	@${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC}/docsrc/html && ${COPYTREE_SHARE} . ${DOCSDIR}
+.endif
+
+regression-test: build
+	cd ${WRKSRC} && ${GMAKE} test
+
+.include <bsd.port.mk>
diff --git a/security/axTLS/distinfo b/security/axTLS/distinfo
new file mode 100644
index 000000000000..21c9b9cb6d67
--- /dev/null
+++ b/security/axTLS/distinfo
@@ -0,0 +1,2 @@
+SHA256 (axTLS-1.4.9.tar.gz) = 9bc08f4c7a6bda3079af8e3f5ceee6b2ee92af34e8efbc9acfeee6c27b1f7cc3
+SIZE (axTLS-1.4.9.tar.gz) = 1300593
diff --git a/security/axTLS/files/data-.config.in b/security/axTLS/files/data-.config.in
new file mode 100644
index 000000000000..80ab237ee964
--- /dev/null
+++ b/security/axTLS/files/data-.config.in
@@ -0,0 +1,126 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+CONFIG_PLATFORM_LINUX=y
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_WIN32 is not set
+
+#
+# General Configuration
+#
+PREFIX=%%PREFIX%%
+%%DEBUG%%CONFIG_DEBUG is not set
+# CONFIG_STRIP_UNWANTED_SECTIONS is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+# CONFIG_VISUAL_STUDIO_10_0 is not set
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_VISUAL_STUDIO_10_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+%%SERVER_ONLY%%CONFIG_SSL_SERVER_ONLY is not set
+%%CERT_VERIFICATION%%CONFIG_SSL_CERT_VERIFICATION is not set
+%%ENABLE_CLIENT%%CONFIG_SSL_ENABLE_CLIENT is not set
+%%FULL_MODE%%CONFIG_SSL_FULL_MODE is not set
+%%SKELETON_MODE%%CONFIG_SSL_SKELETON_MODE is not set
+%%PROT_LOW%%CONFIG_SSL_PROT_LOW is not set
+%%PROT_MEDIUM%%CONFIG_SSL_PROT_MEDIUM is not set
+%%PROT_HIGH%%CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_PRIVATE_KEY_LOCATION=""
+CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
+CONFIG_SSL_X509_CERT_LOCATION=""
+%%X509%%CONFIG_SSL_GENERATE_X509_CERT is not set
+CONFIG_SSL_X509_COMMON_NAME=""
+CONFIG_SSL_X509_ORGANIZATION_NAME=""
+CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
+# CONFIG_SSL_ENABLE_V23_HANDSHAKE is not set
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=150
+CONFIG_SSL_MAX_CERTS=3
+# CONFIG_SSL_CTX_MUTEXING is not set
+CONFIG_USE_DEV_URANDOM=y
+# CONFIG_WIN32_USE_CRYPTO_LIB is not set
+%%COMPAT_OPENSSL%%CONFIG_OPENSSL_COMPATIBLE is not set
+%%TEST_PERF%%CONFIG_PERFORMANCE_TESTING is not set
+%%TEST_SSL%%CONFIG_SSL_TEST is not set
+%%TLSWRAP%%CONFIG_AXTLSWRAP is not set
+%%HTTPD%%CONFIG_AXHTTPD is not set
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=%%HTTP_PORT%%
+CONFIG_HTTP_HTTPS_PORT=%%SSL_PORT%%
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT=%%WWWDIR%%
+CONFIG_HTTP_TIMEOUT=300
+
+#
+# CGI
+#
+CONFIG_HTTP_HAS_CGI=y
+CONFIG_HTTP_CGI_EXTENSIONS=".lua,.pl,.php"
+# CONFIG_HTTP_ENABLE_LUA is not set
+CONFIG_HTTP_LUA_PREFIX="/usr"
+# CONFIG_HTTP_BUILD_LUA is not set
+CONFIG_HTTP_CGI_LAUNCHER="/usr/bin/cgi"
+CONFIG_HTTP_DIRECTORIES=y
+CONFIG_HTTP_HAS_AUTHORIZATION=y
+CONFIG_HTTP_HAS_IPV6=y
+CONFIG_HTTP_ENABLE_DIFFERENT_USER=y
+CONFIG_HTTP_USER="www"
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+# CONFIG_CSHARP_BINDINGS is not set
+# CONFIG_VBNET_BINDINGS is not set
+CONFIG_DOT_NET_FRAMEWORK_BASE=""
+# CONFIG_JAVA_BINDINGS is not set
+CONFIG_JAVA_HOME=""
+%%PERL%%CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE="/usr/local"
+CONFIG_PERL_LIB=""
+# CONFIG_LUA_BINDINGS is not set
+CONFIG_LUA_CORE=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+# CONFIG_CSHARP_SAMPLES is not set
+# CONFIG_VBNET_SAMPLES is not set
+# CONFIG_JAVA_SAMPLES is not set
+%%PERL%%CONFIG_PERL_SAMPLES is not set
+# CONFIG_LUA_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+%%DEBUG%%CONFIG_BIGINT_CHECK_ON is not set
+CONFIG_INTEGER_32BIT=y
+# CONFIG_INTEGER_16BIT is not set
+# CONFIG_INTEGER_8BIT is not set
diff --git a/security/axTLS/files/patch-Makefile b/security/axTLS/files/patch-Makefile
new file mode 100644
index 000000000000..159bc7336543
--- /dev/null
+++ b/security/axTLS/files/patch-Makefile
@@ -0,0 +1,13 @@
+--- ./Makefile.orig	2011-01-07 22:16:40.000000000 +0900
++++ ./Makefile	2013-04-11 08:38:38.000000000 +0900
+@@ -118,7 +118,9 @@
+ 	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm > /dev/null 2>&1
+ 
+ test:
+-	cd $(STAGE); ssltest; ../ssl/test/test_axssl.sh; cd -;
++	cd $(STAGE); [ -e ./ssltest ] && LD_LIBRARY_PATH=".:$${LD_LIBRARY_PATH}" ./ssltest ;\
++		[ -e ./perf_bigint ] && LD_LIBRARY_PATH=".:$${LD_LIBRARY_PATH}" ./perf_bigint ;\
++		../ssl/test/test_axssl.sh; cd -;
+ 
+ # tidy up things
+ clean::
diff --git a/security/axTLS/files/patch-samples__c__axssl.c b/security/axTLS/files/patch-samples__c__axssl.c
new file mode 100644
index 000000000000..9dfb5f2c8473
--- /dev/null
+++ b/security/axTLS/files/patch-samples__c__axssl.c
@@ -0,0 +1,25 @@
+--- ./samples/c/axssl.c.orig	2012-07-01 09:49:36.000000000 +0900
++++ ./samples/c/axssl.c	2013-04-10 16:59:23.000000000 +0900
+@@ -45,6 +45,7 @@
+  */
+ #include <string.h>
+ #include <stdio.h>
++#include <signal.h>
+ #include <stdlib.h>
+ #include "os_port.h"
+ #include "ssl.h"
+@@ -54,6 +55,14 @@
+ #define STDIN_FILENO        0
+ #endif
+ 
++/* enable features based on a 'super-set' capbaility. */
++#if defined(CONFIG_SSL_FULL_MODE) 
++#define CONFIG_SSL_ENABLE_CLIENT
++#define CONFIG_SSL_CERT_VERIFICATION
++#elif defined(CONFIG_SSL_ENABLE_CLIENT)
++#define CONFIG_SSL_CERT_VERIFICATION
++#endif
++
+ static void do_server(int argc, char *argv[]);
+ static void print_options(char *option);
+ static void print_server_options(char *option);
diff --git a/security/axTLS/files/patch-ssl__Config.in b/security/axTLS/files/patch-ssl__Config.in
new file mode 100644
index 000000000000..28c7aa6154ef
--- /dev/null
+++ b/security/axTLS/files/patch-ssl__Config.in
@@ -0,0 +1,11 @@
+--- ./ssl/Config.in.orig	2011-06-25 06:12:07.000000000 +0900
++++ ./ssl/Config.in	2013-04-11 08:38:38.000000000 +0900
+@@ -318,7 +318,7 @@
+ config CONFIG_PERFORMANCE_TESTING
+     bool "Build the bigint performance test tool"
+     default n
+-    depends on CONFIG_SSL_CERT_VERIFICATION
++    depends on CONFIG_SSL_CERT_VERIFICATION || CONFIG_SSL_ENABLE_CLIENT || CONFIG_SSL_FULL_MODE
+     help
+         Used for performance testing of bigint.
+ 
diff --git a/security/axTLS/pkg-descr b/security/axTLS/pkg-descr
new file mode 100644
index 000000000000..b56a3f2ff309
--- /dev/null
+++ b/security/axTLS/pkg-descr
@@ -0,0 +1,5 @@
+The axTLS project is an SSL client/server library using the TLSv1
+protocol.  It is designed to be small and fast, and is suited to
+embedded projects.  A web server is included.
+
+WWW: http://http://axtls.sourceforge.net/
diff --git a/security/axTLS/pkg-plist b/security/axTLS/pkg-plist
new file mode 100644
index 000000000000..feb87f623cc9
--- /dev/null
+++ b/security/axTLS/pkg-plist
@@ -0,0 +1,22 @@
+@comment $FreeBSD$
+%%HTTPD%%bin/axhtpasswd
+%%HTTPD%%bin/axhttpd
+bin/axssl
+%%PERL%%bin/axssl.pl
+%%TLSWRAP%%bin/axtlswrap
+include/axTLS/bigint.h
+include/axTLS/bigint_impl.h
+include/axTLS/config.h
+include/axTLS/crypto.h
+include/axTLS/crypto_misc.h
+include/axTLS/os_int.h
+include/axTLS/ssl.h
+include/axTLS/tls1.h
+include/axTLS/version.h
+lib/libaxtls.a
+lib/libaxtls.so
+lib/libaxtls.so.1
+lib/libaxtls.so.1.2
+%%PERL%%%%SITE_PERL%%/%%PERL_ARCH%%/auto/libaxtlsp.so
+%%PERL%%%%SITE_PERL%%/%%PERL_ARCH%%/axtlsp.pm
+@dirrm include/axTLS