PolarSSL has been updated, bringing some additional functionality. This release rolls in our patches, using arc4random_buf() #ifdef __OpenBSD__. I have removed our patches, and I have not added patches for the two test programs that started using rand() (let me know if that would be appreciated; this is about benchmark and ssl_test.)
The PolarSSL maintainers believe that they have fixed the problem that we saw on sparc64, and would especially appreciate a re-test there. (Florian?) As always, thanks for taking a look! Joachim Index: Makefile =================================================================== RCS file: /cvs/ports/security/polarssl/Makefile,v retrieving revision 1.2 diff -u -p -r1.2 Makefile --- Makefile 18 Apr 2014 20:51:48 -0000 1.2 +++ Makefile 3 May 2014 10:06:53 -0000 @@ -4,11 +4,10 @@ BROKEN-sparc64= problems with mpi_mul_hl COMMENT= SSL library with an intuitive API and readable source code -DISTNAME= polarssl-1.3.6 -REVISION= 0 +DISTNAME= polarssl-1.3.7 EXTRACT_SUFX= -gpl.tgz -SHARED_LIBS += polarssl 0.0 # 1.3 +SHARED_LIBS += polarssl 0.1 # 1.3 CATEGORIES= security Index: distinfo =================================================================== RCS file: /cvs/ports/security/polarssl/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo 18 Apr 2014 11:37:02 -0000 1.1.1.1 +++ distinfo 3 May 2014 10:06:53 -0000 @@ -1,2 +1,2 @@ -SHA256 (polarssl-1.3.6-gpl.tgz) = uXllwaBS30EgHTXgH5HErAvyjkQ6Vt30Yb5jsgyFrgk= -SIZE (polarssl-1.3.6-gpl.tgz) = 1596728 +SHA256 (polarssl-1.3.7-gpl.tgz) = a+7wKBFgvwf+/v1rQS3Rzkw5Jhz1MAg1rvRCJT8EAOU= +SIZE (polarssl-1.3.7-gpl.tgz) = 1610166 Index: patches/patch-library_rsa_c =================================================================== RCS file: patches/patch-library_rsa_c diff -N patches/patch-library_rsa_c --- patches/patch-library_rsa_c 18 Apr 2014 11:37:02 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,22 +0,0 @@ -$OpenBSD: patch-library_rsa_c,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $ - -Avoid triggering APIWARN (though using rand() for this self-test is -actually harmless). - ---- library/rsa.c.orig Fri Apr 18 12:01:57 2014 -+++ library/rsa.c Fri Apr 18 12:02:07 2014 -@@ -1469,13 +1469,10 @@ void rsa_free( rsa_context *ctx ) - #if defined(POLARSSL_PKCS1_V15) - static int myrand( void *rng_state, unsigned char *output, size_t len ) - { -- size_t i; -- - if( rng_state != NULL ) - rng_state = NULL; - -- for( i = 0; i < len; ++i ) -- output[i] = rand(); -+ arc4random_buf(output, len); - - return( 0 ); - } Index: patches/patch-tests_suites_helpers_function =================================================================== RCS file: patches/patch-tests_suites_helpers_function diff -N patches/patch-tests_suites_helpers_function --- patches/patch-tests_suites_helpers_function 18 Apr 2014 11:37:02 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,21 +0,0 @@ -$OpenBSD: patch-tests_suites_helpers_function,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $ - -Stops test_suite_pk from looping forever. - ---- tests/suites/helpers.function.orig Fri Apr 18 11:59:32 2014 -+++ tests/suites/helpers.function Fri Apr 18 11:59:54 2014 -@@ -105,13 +105,10 @@ static void hexify(unsigned char *obuf, const unsigned - */ - static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) - { -- size_t i; -- - if( rng_state != NULL ) - rng_state = NULL; - -- for( i = 0; i < len; ++i ) -- output[i] = rand(); -+ arc4random_buf(output, len); - - return( 0 ); - }