7 files changed, 112 insertions, 0 deletions

diff --git a/security/s2n/Makefile b/security/s2n/Makefile
new file mode 100644
index 000000000000..545513a21f16
--- /dev/null
+++ b/security/s2n/Makefile
@@ -0,0 +1,56 @@
+# Created by: Danilo Egea Gondolfo <danilo@FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	s2n
+PORTVERSION=	20150909
+CATEGORIES=	security
+
+MAINTAINER=	danilo@FreeBSD.org
+COMMENT=	C99 implementation of the TLS/SSL protocols
+
+LICENSE=	APACHE20
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	awslabs
+GH_PROJECT=	s2n
+GH_TAGNAME=	674df33
+
+OPTIONS_DEFINE=	DOCS EXAMPLES
+
+USES=		gmake
+USE_LDCONFIG=	yes
+NO_CONFIGURE=	yes
+
+SUB_FILES=	pkg-message Makefile
+ALL_TARGET=	bin
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 1000015
+WITH_OPENSSL_PORT=	yes
+.include "${PORTSDIR}/Mk/bsd.openssl.mk"
+CFLAGS+=		-I${LOCALBASE}/include -L${LOCALBASE}/lib
+# Actually used on 9 to build with gcc
+EXTRA_PATCHES=		${FILESDIR}/extra-patch-tls_s2n__connection.c
+.endif
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|CFLAGS |&+|' ${WRKSRC}/s2n.mk
+	@${REINPLACE_CMD} -e 's|CRYPTO_LDFLAGS |&+|' \
+		${WRKSRC}/tests/testlib/Makefile \
+		${WRKSRC}/tests/unit/Makefile
+
+do-install:
+	${INSTALL_LIB} ${WRKSRC}/lib/libs2n.so* ${STAGEDIR}${LOCALBASE}/lib
+	${LN} -s libs2n.so ${STAGEDIR}${LOCALBASE}/lib/libs2n.so.0
+	${INSTALL_DATA} ${WRKSRC}/api/s2n* ${STAGEDIR}${LOCALBASE}/include
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${CP} -r ${WRKSRC}/docs/* ${STAGEDIR}${DOCSDIR}
+	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/bin/*.c ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKDIR}/Makefile ${STAGEDIR}${EXAMPLESDIR}
+
+tests: build
+	${GMAKE} PLATFORM=FreeBSD CRYPTO_LDFLAGS=-L${LOCALBASE}/lib -C ${WRKSRC}/tests
+
+.include <bsd.port.post.mk>
diff --git a/security/s2n/distinfo b/security/s2n/distinfo
new file mode 100644
index 000000000000..d11d8381beaf
--- /dev/null
+++ b/security/s2n/distinfo
@@ -0,0 +1,2 @@
+SHA256 (awslabs-s2n-20150909-674df33_GH0.tar.gz) = 25bf788ab8fee9e364bf52a1ab03ff809c3706eaff54f4586ccff405f4ce0788
+SIZE (awslabs-s2n-20150909-674df33_GH0.tar.gz) = 460084
diff --git a/security/s2n/files/Makefile.in b/security/s2n/files/Makefile.in
new file mode 100644
index 000000000000..dad5438166f8
--- /dev/null
+++ b/security/s2n/files/Makefile.in
@@ -0,0 +1,5 @@
+CFLAGS+=	-I%%PREFIX%%/include
+LDFLAGS+=	-L%%PREFIX%%/lib -ls2n -lcrypto
+all:
+	${CC} -o s2nd echo.c s2nd.c ${CFLAGS} ${LDFLAGS}
+	${CC} -o s2nc echo.c s2nc.c ${CFLAGS} ${LDFLAGS}
diff --git a/security/s2n/files/extra-patch-tls_s2n__connection.c b/security/s2n/files/extra-patch-tls_s2n__connection.c
new file mode 100644
index 000000000000..f942e47075c5
--- /dev/null
+++ b/security/s2n/files/extra-patch-tls_s2n__connection.c
@@ -0,0 +1,22 @@
+--- tls/s2n_connection.c.orig	2015-10-22 22:11:14 UTC
++++ tls/s2n_connection.c
+@@ -192,8 +192,8 @@ int s2n_connection_wipe(struct s2n_conne
+ 
+     /* Clone the stuffers */
+     /* ignore gcc 4.7 address warnings because dest is allocated on the stack */
+-#pragma GCC diagnostic push
+-#pragma GCC diagnostic ignored "-Waddress"
++//#pragma GCC diagnostic push
++//#pragma GCC diagnostic ignored "-Waddress"
+     memcpy_check(&alert_in, &conn->alert_in, sizeof(struct s2n_stuffer));
+     memcpy_check(&reader_alert_out, &conn->reader_alert_out, sizeof(struct s2n_stuffer));
+     memcpy_check(&writer_alert_out, &conn->writer_alert_out, sizeof(struct s2n_stuffer));
+@@ -201,7 +201,7 @@ int s2n_connection_wipe(struct s2n_conne
+     memcpy_check(&header_in, &conn->header_in, sizeof(struct s2n_stuffer));
+     memcpy_check(&in, &conn->in, sizeof(struct s2n_stuffer));
+     memcpy_check(&out, &conn->out, sizeof(struct s2n_stuffer));
+-#pragma GCC diagnostic pop
++//#pragma GCC diagnostic pop
+ 
+     /* Zero the whole connection structure */
+     memset_check(conn, 0, sizeof(struct s2n_connection));
diff --git a/security/s2n/files/pkg-message.in b/security/s2n/files/pkg-message.in
new file mode 100644
index 000000000000..a9b05fb84945
--- /dev/null
+++ b/security/s2n/files/pkg-message.in
@@ -0,0 +1,7 @@
+======================================================================
+
+If s2n fails due mlock(2) syscall try to increase vm.max_wired.
+Example:
+ - sysctl vm.max_wired=1572864
+
+======================================================================
diff --git a/security/s2n/pkg-descr b/security/s2n/pkg-descr
new file mode 100644
index 000000000000..5ad9e96db4cf
--- /dev/null
+++ b/security/s2n/pkg-descr
@@ -0,0 +1,5 @@
+s2n is a C99 implementation of the TLS/SSL protocols that
+is designed to be simple, small, fast, and with security as
+a priority. It is released and licensed under the Apache Software License 2.0.
+
+WWW: https://github.com/awslabs/s2n
diff --git a/security/s2n/pkg-plist b/security/s2n/pkg-plist
new file mode 100644
index 000000000000..7ff4d528e904
--- /dev/null
+++ b/security/s2n/pkg-plist
@@ -0,0 +1,15 @@
+include/s2n.h
+lib/libs2n.so
+lib/libs2n.so.0
+%%PORTDOCS%%%%DOCSDIR%%/BINDINGS.md
+%%PORTDOCS%%%%DOCSDIR%%/DEVELOPMENT-GUIDE.md
+%%PORTDOCS%%%%DOCSDIR%%/READING-LIST.md
+%%PORTDOCS%%%%DOCSDIR%%/USAGE-GUIDE.md
+%%PORTDOCS%%%%DOCSDIR%%/images/s2n_lambda.png
+%%PORTDOCS%%%%DOCSDIR%%/images/s2n_logo_github.png
+%%PORTDOCS%%%%DOCSDIR%%/images/s2n_stuffer_layout.png
+%%PORTDOCS%%%%DOCSDIR%%/images/s2n_tls_layers.png
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/Makefile
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/echo.c
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/s2nc.c
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/s2nd.c