From nobody Mon Dec 09 08:03:56 2024
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Y6Ds91Qysz5gQb5;
	Mon, 09 Dec 2024 08:03:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Y6Ds90hK0z4VB7;
	Mon,  9 Dec 2024 08:03:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1733731437;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=TjfDPcSjjBhUAuog8k+Nj7NQoNOGdQuyo0LSjD2hZu8=;
	b=kQlo7fv8HHwsiHQQnmUzpjDQOJLriqNABeLges7RBo3F+/0HwJPD+HItHsu5oY/EbUrv8P
	+joCYGNGBTci/mx1B3IPJ7v60Ku3VeDHyf+Noui++KBTDO9GCgiaamDPuU0Kj9F8dgRF3M
	0v9gjC35GJKMv4i+xSWUmSfd2dlCWSeSbJk9nO+/+Xk1ekibwbnTPdtCt46jPVsbtM8ClP
	ooYx5Ex9Zs0daho8/x6u37AxEc9xodUNMBo/yRG0IacwuzbAMI0uvGaPXQxmT97EU8Upnp
	QhOSiou/wyAkogwOxc2VTRKZaRyDIk0JbFTxxb5NxAa5zTHtgzhmRWRcypO7qg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1733731437;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=TjfDPcSjjBhUAuog8k+Nj7NQoNOGdQuyo0LSjD2hZu8=;
	b=t+XPU+j6TGWM6P3gSPYZj0p7aEgmDDc5Yf5gDe1dqw2TrXYh7p9ylfakVvTmzOmLwKpERE
	IO0hV4cCiaAabficLJmCiH9lZ+3U4J3dM/wpdc7ql+3CJJ3237PuxwW5ewIQuAD2Xmi+cn
	3KC+QThZGcV0l2OG1sf+1bK2aIYvEOcoOg/QxvzEUIhgT3W+W2I2F063dJ54yamXJjT9g0
	0MuchdYqXbvpmDfOXOPL9t5qZYPugYqzUybEyIbeoRRGSTY9KKIH4sP/nwadW2kB0zjmCF
	hCa1te9/wOpdXXtWT492fpFHt/AA4bh8+ghKrjUZk0SNCMS3NSM+vT37LUKsUw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1733731437; a=rsa-sha256; cv=none;
	b=Bha8MwXwj7yb3jhyvNm00oaNBeLqxHToQ4Bcr5vmaIP3NtxSTCtBmFAtvxm8NNIi1/CrgJ
	lG38EdSIOd5k8WJTh0qDGNi5AOcDjNwHlfPv7gZbzEI4Fuu+M3FjZra3fbAeO6oxI3R2Ao
	OWFLREFpFyfoTqSPN2nl0jhZZOcd2I2+PHsjc8oewj5V9UajrXJ0R/USNJ8XXY7WQqTBLF
	cCLhjsIegRcfsyju3pWLufXeZnNaaDsPGBTxAupWyn9NqPs0NsBS37+Owhxh3L7qSB7Z31
	i1Ed5Px5yRrbHAqPSQfk1Pcbu8dkZy9EmPVzVKTAx+K1AxhhQ+iGlaBWrH3OEw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Y6Ds90Hg2zVMR;
	Mon,  9 Dec 2024 08:03:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4B983uiQ004264;
	Mon, 9 Dec 2024 08:03:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4B983udO004261;
	Mon, 9 Dec 2024 08:03:56 GMT
	(envelope-from git)
Date: Mon, 9 Dec 2024 08:03:56 GMT
Message-Id: <202412090803.4B983udO004261@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Bernard Spil <brnrd@FreeBSD.org>
Subject: git: 8f95f033ea06 - main - security/openssl-oqsprovider:
  Add new port
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: brnrd
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 8f95f033ea062cccf0d3a7c2f2c17f5ba71096de
Auto-Submitted: auto-generated

The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8f95f033ea062cccf0d3a7c2f2c17f5ba71096de

commit 8f95f033ea062cccf0d3a7c2f2c17f5ba71096de
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2024-12-08 18:13:25 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2024-12-09 08:03:28 +0000

    security/openssl-oqsprovider: Add new port
    
    Quantum-safe algorithms provider for OpenSSL 3.x
---
 security/Makefile                                  |  1 +
 security/openssl-oqsprovider/Makefile              | 47 ++++++++++++++++++++++
 security/openssl-oqsprovider/distinfo              |  3 ++
 .../openssl-oqsprovider/files/oqsprovider.cnf.in   | 14 +++++++
 security/openssl-oqsprovider/files/pkg-message.in  | 11 +++++
 security/openssl-oqsprovider/pkg-descr             |  6 +++
 6 files changed, 82 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index ca4b1cde0936..fb9b5bf8957e 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -445,6 +445,7 @@
     SUBDIR += openssh-portable
     SUBDIR += openssl
     SUBDIR += openssl-agent
+    SUBDIR += openssl-oqsprovider
     SUBDIR += openssl-quictls
     SUBDIR += openssl-unsafe
     SUBDIR += openssl111
diff --git a/security/openssl-oqsprovider/Makefile b/security/openssl-oqsprovider/Makefile
new file mode 100644
index 000000000000..d8a6276c3ea9
--- /dev/null
+++ b/security/openssl-oqsprovider/Makefile
@@ -0,0 +1,47 @@
+PORTNAME=	oqsprovider
+DISTVERSION=	0.7.0
+CATEGORIES=	security
+PKGNAMEPREFIX=	openssl-
+
+MAINTAINER=	brnrd@FreeBSD.org
+COMMENT=	quantum-resistant cryptography provider for OpenSSL
+WWW=		https://openquantumsafe.org/applications/tls.html#oqs-openssl-provider
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+LIB_DEPENDS=	liboqs.so:security/liboqs
+TEST_ENVIRONMENT=	OPENSSL_INSTALL=${LOCALBASE}/bin/openssl
+
+USES=		cmake:testing ssl
+USE_LDCONFIG=	yes
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	open-quantum-safe
+GH_PROJECT=	oqs-provider
+
+CMAKE_ARGS=	-DCMAKE_BUILD_TYPE=Debug\
+		-DOPENSSL_ROOT_DIR=${OPENSSLBASE} \
+		-DCMAKE_PREFIX_PATH=${OPENSSL_PATH} 
+
+SUB_FILES=	oqsprovider.cnf pkg-message
+
+PLIST_FILES=	include/oqs-provider/oqs_prov.h \
+		lib/ossl-modules/oqsprovider.so \
+		openssl/oqsprovider.cnf
+
+.include <bsd.port.pre.mk>
+
+.if !defined(OPENSSL_PORT) && ${OSVERSION} < 1400000
+BROKEN=	Requires OpenSSL 3.0+, preferably 3.2+
+.endif
+
+post-install:
+.if ${OPENSSLLIB} == "/usr/lib"
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/ossl-modules
+	${MV} ${STAGEDIR}/usr/lib/ossl-modules/oqsprovider.so ${STAGEDIR}${PREFIX}/lib/ossl-modules
+.endif
+	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
+	${INSTALL_DATA} ${WRKDIR}/oqsprovider.cnf ${STAGEDIR}${PREFIX}/openssl/
+
+.include <bsd.port.post.mk>
diff --git a/security/openssl-oqsprovider/distinfo b/security/openssl-oqsprovider/distinfo
new file mode 100644
index 000000000000..70d8d7e71a26
--- /dev/null
+++ b/security/openssl-oqsprovider/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1732696794
+SHA256 (open-quantum-safe-oqs-provider-0.7.0_GH0.tar.gz) = dd7abda5aab2408672ca886baac7bceb629f918df2bca203038fb23949e3323f
+SIZE (open-quantum-safe-oqs-provider-0.7.0_GH0.tar.gz) = 208082
diff --git a/security/openssl-oqsprovider/files/oqsprovider.cnf.in b/security/openssl-oqsprovider/files/oqsprovider.cnf.in
new file mode 100644
index 000000000000..fbe7366354f9
--- /dev/null
+++ b/security/openssl-oqsprovider/files/oqsprovider.cnf.in
@@ -0,0 +1,14 @@
+# Replace the existing [provider_sect] and [default_provider] sections
+# with this config
+
+[provider_sect]
+default = default_sect
+oqsprovider = oqsprovider_sect
+
+[default_sect]
+activate = 1
+
+[oqsprovider_sect]
+activate = 1
+module = %%PREFIX%%/lib/ossl-modules/openssl-oqsprovider.so
+
diff --git a/security/openssl-oqsprovider/files/pkg-message.in b/security/openssl-oqsprovider/files/pkg-message.in
new file mode 100644
index 000000000000..ef1a76cd7d99
--- /dev/null
+++ b/security/openssl-oqsprovider/files/pkg-message.in
@@ -0,0 +1,11 @@
+[
+{ type:install
+  message: <<EOM
+To enable oqs-provider in OpenSSL, merge contents of the configuration file
+%%PREFIX%%/openssl/oqsprovider.cnf with %%PREFIX%%/openssl/openssl.cnf.
+
+Expect issues if you're using OpenSSL < 3.2
+See https://github.com/open-quantum-safe/oqs-provider/blob/main/README.md#building-and-testing
+EOM
+}
+]
diff --git a/security/openssl-oqsprovider/pkg-descr b/security/openssl-oqsprovider/pkg-descr
new file mode 100644
index 000000000000..84d9aa164883
--- /dev/null
+++ b/security/openssl-oqsprovider/pkg-descr
@@ -0,0 +1,6 @@
+Open Quantum Safe provider for OpenSSL
+
+
+This port enables quantum-safe cryptography (QSC) in a standard OpenSSL
+(3.x) distribution by way of implementing a single shared library, the
+OpenSSL OQS provider.