tjh.dev
1{ lib, stdenv, fetchurl }:
2
3stdenv.mkDerivation rec {
4 pname = "bearssl";
5 version = "0.6";
6
7 src = fetchurl {
8 url = "https://www.bearssl.org/bearssl-${version}.tar.gz";
9 sha256 = "057zhgy9w4y8z2996r0pq5k2k39lpvmmvz4df8db8qa9f6hvn1b7";
10 };
11
12 outputs = [ "bin" "lib" "dev" "out" ];
13
14 enableParallelBuilding = true;
15
16 makeFlags = [
17 "AR=${stdenv.cc.targetPrefix}ar"
18 "CC=${stdenv.cc.targetPrefix}cc"
19 "LD=${stdenv.cc.targetPrefix}cc"
20 "LDDLL=${stdenv.cc.targetPrefix}cc"
21 ] ++ lib.optional stdenv.hostPlatform.isStatic "DLL=no";
22
23 installPhase = ''
24 runHook preInstall
25 install -D build/brssl $bin/brssl
26 install -D build/testcrypto $bin/testcrypto
27 install -Dm644 -t $lib/lib build/libbearssl.*
28 install -Dm644 -t $dev/include inc/*.h
29 touch $out
30 runHook postInstall
31 '';
32
33 meta = {
34 homepage = "https://www.bearssl.org/";
35 description = "Implementation of the SSL/TLS protocol written in C";
36 longDescription = ''
37 BearSSL is an implementation of the SSL/TLS protocol (RFC 5246)
38 written in C. It aims at offering the following features:
39
40 * Be correct and secure. In particular, insecure protocol versions and
41 choices of algorithms are not supported, by design; cryptographic
42 algorithm implementations are constant-time by default.
43
44 * Be small, both in RAM and code footprint. For instance, a minimal
45 server implementation may fit in about 20 kilobytes of compiled code
46 and 25 kilobytes of RAM.
47
48 * Be highly portable. BearSSL targets not only “big” operating systems
49 like Linux and Windows, but also small embedded systems and even
50 special contexts like bootstrap code.
51
52 * Be feature-rich and extensible. SSL/TLS has many defined cipher
53 suites and extensions; BearSSL should implement most of them, and
54 allow extra algorithm implementations to be added afterwards,
55 possibly from third parties.
56 '';
57 license = lib.licenses.mit;
58 platforms = lib.platforms.all;
59 maintainers = [ ];
60 };
61
62}