PolarSSL has been updated, bringing some additional functionality.
This release rolls in our patches, using arc4random_buf() #ifdef
__OpenBSD__. I have removed our patches, and I have not added patches
for the two test programs that started using rand() (let me know if that
would be appreciated; this is about benchmark and ssl_test.)
The PolarSSL maintainers believe that they have fixed the problem that
we saw on sparc64, and would especially appreciate a re-test there.
(Florian?)
As always, thanks for taking a look!
Joachim
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/polarssl/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- Makefile 18 Apr 2014 20:51:48 -0000 1.2
+++ Makefile 3 May 2014 10:06:53 -0000
@@ -4,11 +4,10 @@ BROKEN-sparc64= problems with mpi_mul_hl
COMMENT= SSL library with an intuitive API and readable source code
-DISTNAME= polarssl-1.3.6
-REVISION= 0
+DISTNAME= polarssl-1.3.7
EXTRACT_SUFX= -gpl.tgz
-SHARED_LIBS += polarssl 0.0 # 1.3
+SHARED_LIBS += polarssl 0.1 # 1.3
CATEGORIES= security
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/polarssl/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ distinfo 3 May 2014 10:06:53 -0000
@@ -1,2 +1,2 @@
-SHA256 (polarssl-1.3.6-gpl.tgz) = uXllwaBS30EgHTXgH5HErAvyjkQ6Vt30Yb5jsgyFrgk=
-SIZE (polarssl-1.3.6-gpl.tgz) = 1596728
+SHA256 (polarssl-1.3.7-gpl.tgz) = a+7wKBFgvwf+/v1rQS3Rzkw5Jhz1MAg1rvRCJT8EAOU=
+SIZE (polarssl-1.3.7-gpl.tgz) = 1610166
Index: patches/patch-library_rsa_c
===================================================================
RCS file: patches/patch-library_rsa_c
diff -N patches/patch-library_rsa_c
--- patches/patch-library_rsa_c 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,22 +0,0 @@
-$OpenBSD: patch-library_rsa_c,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
-
-Avoid triggering APIWARN (though using rand() for this self-test is
-actually harmless).
-
---- library/rsa.c.orig Fri Apr 18 12:01:57 2014
-+++ library/rsa.c Fri Apr 18 12:02:07 2014
-@@ -1469,13 +1469,10 @@ void rsa_free( rsa_context *ctx )
- #if defined(POLARSSL_PKCS1_V15)
- static int myrand( void *rng_state, unsigned char *output, size_t len )
- {
-- size_t i;
--
- if( rng_state != NULL )
- rng_state = NULL;
-
-- for( i = 0; i < len; ++i )
-- output[i] = rand();
-+ arc4random_buf(output, len);
-
- return( 0 );
- }
Index: patches/patch-tests_suites_helpers_function
===================================================================
RCS file: patches/patch-tests_suites_helpers_function
diff -N patches/patch-tests_suites_helpers_function
--- patches/patch-tests_suites_helpers_function 18 Apr 2014 11:37:02 -0000
1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-tests_suites_helpers_function,v 1.1.1.1 2014/04/18 11:37:02
sthen Exp $
-
-Stops test_suite_pk from looping forever.
-
---- tests/suites/helpers.function.orig Fri Apr 18 11:59:32 2014
-+++ tests/suites/helpers.function Fri Apr 18 11:59:54 2014
-@@ -105,13 +105,10 @@ static void hexify(unsigned char *obuf, const unsigned
- */
- static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
- {
-- size_t i;
--
- if( rng_state != NULL )
- rng_state = NULL;
-
-- for( i = 0; i < len; ++i )
-- output[i] = rand();
-+ arc4random_buf(output, len);
-
- return( 0 );
- }
