git: 8f95f033ea06 - main - security/openssl-oqsprovider: Add new port

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bernard Spil <brnrd_at_FreeBSD.org>
Date: Mon, 09 Dec 2024 08:03:56 UTC
The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8f95f033ea062cccf0d3a7c2f2c17f5ba71096de

commit 8f95f033ea062cccf0d3a7c2f2c17f5ba71096de
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2024-12-08 18:13:25 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2024-12-09 08:03:28 +0000

    security/openssl-oqsprovider: Add new port
    
    Quantum-safe algorithms provider for OpenSSL 3.x
---
 security/Makefile                                  |  1 +
 security/openssl-oqsprovider/Makefile              | 47 ++++++++++++++++++++++
 security/openssl-oqsprovider/distinfo              |  3 ++
 .../openssl-oqsprovider/files/oqsprovider.cnf.in   | 14 +++++++
 security/openssl-oqsprovider/files/pkg-message.in  | 11 +++++
 security/openssl-oqsprovider/pkg-descr             |  6 +++
 6 files changed, 82 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index ca4b1cde0936..fb9b5bf8957e 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -445,6 +445,7 @@
     SUBDIR += openssh-portable
     SUBDIR += openssl
     SUBDIR += openssl-agent
+    SUBDIR += openssl-oqsprovider
     SUBDIR += openssl-quictls
     SUBDIR += openssl-unsafe
     SUBDIR += openssl111
diff --git a/security/openssl-oqsprovider/Makefile b/security/openssl-oqsprovider/Makefile
new file mode 100644
index 000000000000..d8a6276c3ea9
--- /dev/null
+++ b/security/openssl-oqsprovider/Makefile
@@ -0,0 +1,47 @@
+PORTNAME=	oqsprovider
+DISTVERSION=	0.7.0
+CATEGORIES=	security
+PKGNAMEPREFIX=	openssl-
+
+MAINTAINER=	brnrd@FreeBSD.org
+COMMENT=	quantum-resistant cryptography provider for OpenSSL
+WWW=		https://openquantumsafe.org/applications/tls.html#oqs-openssl-provider
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+LIB_DEPENDS=	liboqs.so:security/liboqs
+TEST_ENVIRONMENT=	OPENSSL_INSTALL=${LOCALBASE}/bin/openssl
+
+USES=		cmake:testing ssl
+USE_LDCONFIG=	yes
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	open-quantum-safe
+GH_PROJECT=	oqs-provider
+
+CMAKE_ARGS=	-DCMAKE_BUILD_TYPE=Debug\
+		-DOPENSSL_ROOT_DIR=${OPENSSLBASE} \
+		-DCMAKE_PREFIX_PATH=${OPENSSL_PATH} 
+
+SUB_FILES=	oqsprovider.cnf pkg-message
+
+PLIST_FILES=	include/oqs-provider/oqs_prov.h \
+		lib/ossl-modules/oqsprovider.so \
+		openssl/oqsprovider.cnf
+
+.include <bsd.port.pre.mk>
+
+.if !defined(OPENSSL_PORT) && ${OSVERSION} < 1400000
+BROKEN=	Requires OpenSSL 3.0+, preferably 3.2+
+.endif
+
+post-install:
+.if ${OPENSSLLIB} == "/usr/lib"
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/ossl-modules
+	${MV} ${STAGEDIR}/usr/lib/ossl-modules/oqsprovider.so ${STAGEDIR}${PREFIX}/lib/ossl-modules
+.endif
+	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
+	${INSTALL_DATA} ${WRKDIR}/oqsprovider.cnf ${STAGEDIR}${PREFIX}/openssl/
+
+.include <bsd.port.post.mk>
diff --git a/security/openssl-oqsprovider/distinfo b/security/openssl-oqsprovider/distinfo
new file mode 100644
index 000000000000..70d8d7e71a26
--- /dev/null
+++ b/security/openssl-oqsprovider/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1732696794
+SHA256 (open-quantum-safe-oqs-provider-0.7.0_GH0.tar.gz) = dd7abda5aab2408672ca886baac7bceb629f918df2bca203038fb23949e3323f
+SIZE (open-quantum-safe-oqs-provider-0.7.0_GH0.tar.gz) = 208082
diff --git a/security/openssl-oqsprovider/files/oqsprovider.cnf.in b/security/openssl-oqsprovider/files/oqsprovider.cnf.in
new file mode 100644
index 000000000000..fbe7366354f9
--- /dev/null
+++ b/security/openssl-oqsprovider/files/oqsprovider.cnf.in
@@ -0,0 +1,14 @@
+# Replace the existing [provider_sect] and [default_provider] sections
+# with this config
+
+[provider_sect]
+default = default_sect
+oqsprovider = oqsprovider_sect
+
+[default_sect]
+activate = 1
+
+[oqsprovider_sect]
+activate = 1
+module = %%PREFIX%%/lib/ossl-modules/openssl-oqsprovider.so
+
diff --git a/security/openssl-oqsprovider/files/pkg-message.in b/security/openssl-oqsprovider/files/pkg-message.in
new file mode 100644
index 000000000000..ef1a76cd7d99
--- /dev/null
+++ b/security/openssl-oqsprovider/files/pkg-message.in
@@ -0,0 +1,11 @@
+[
+{ type:install
+  message: <<EOM
+To enable oqs-provider in OpenSSL, merge contents of the configuration file
+%%PREFIX%%/openssl/oqsprovider.cnf with %%PREFIX%%/openssl/openssl.cnf.
+
+Expect issues if you're using OpenSSL < 3.2
+See https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md#building-and-testing
+EOM
+}
+]
diff --git a/security/openssl-oqsprovider/pkg-descr b/security/openssl-oqsprovider/pkg-descr
new file mode 100644
index 000000000000..84d9aa164883
--- /dev/null
+++ b/security/openssl-oqsprovider/pkg-descr
@@ -0,0 +1,6 @@
+Open Quantum Safe provider for OpenSSL
+
+
+This port enables quantum-safe cryptography (QSC) in a standard OpenSSL
+(3.x) distribution by way of implementing a single shared library, the
+OpenSSL OQS provider.