From cda3ea1b7283448d3116212a377b79c45569352c Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Sun, 21 Mar 2021 19:46:20 +0100
Subject: [PATCH] bearssl: init at 0.6

---
 .../development/libraries/bearssl/default.nix | 61 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  2 +
 2 files changed, 63 insertions(+)
 create mode 100644 pkgs/development/libraries/bearssl/default.nix

diff --git a/pkgs/development/libraries/bearssl/default.nix b/pkgs/development/libraries/bearssl/default.nix
new file mode 100644
index 00000000000..de9c182df14
--- /dev/null
+++ b/pkgs/development/libraries/bearssl/default.nix
@@ -0,0 +1,61 @@
+{ lib, stdenv, fetchurl }:
+
+let
+  version = "0.6";
+  sha256 = "057zhgy9w4y8z2996r0pq5k2k39lpvmmvz4df8db8qa9f6hvn1b7";
+
+in
+stdenv.mkDerivation {
+  pname = "bearssl";
+  inherit version;
+
+  src = fetchurl {
+    url = "https://www.bearssl.org/bearssl-${version}.tar.gz";
+    inherit sha256;
+  };
+
+  outputs = [ "bin" "lib" "dev" "out" ];
+
+  enableParallelBuilding = true;
+
+  installPhase = ''
+    runHook preInstall
+    install -D build/brssl $bin/brssl
+    install -D build/testcrypto $bin/testcrypto
+    install -Dm644 build/libbearssl.so $lib/lib/libbearssl.so
+    install -Dm644 build/libbearssl.a $lib/lib/libbearssl.a
+    install -Dm644 -t $dev/include inc/*.h
+    touch $out
+    runHook postInstall
+  '';
+
+  meta = {
+    homepage = "https://www.bearssl.org/";
+    description = "An implementation of the SSL/TLS protocol written in C";
+    longDescription = ''
+      BearSSL is an implementation of the SSL/TLS protocol (RFC 5246)
+      written in C. It aims at offering the following features:
+
+      * Be correct and secure. In particular, insecure protocol versions and
+        choices of algorithms are not supported, by design; cryptographic
+        algorithm implementations are constant-time by default.
+
+      * Be small, both in RAM and code footprint. For instance, a minimal
+        server implementation may fit in about 20 kilobytes of compiled code
+        and 25 kilobytes of RAM.
+
+      * Be highly portable. BearSSL targets not only “big” operating systems
+        like Linux and Windows, but also small embedded systems and even
+        special contexts like bootstrap code.
+
+      * Be feature-rich and extensible. SSL/TLS has many defined cipher
+        suites and extensions; BearSSL should implement most of them, and
+        allow extra algorithm implementations to be added afterwards,
+        possibly from third parties.
+    '';
+    license = lib.licenses.mit;
+    platforms = lib.platforms.all;
+    maintainers = [ lib.maintainers.Profpatsch ];
+  };
+
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9d084dfc973..ac8dfdb4126 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13505,6 +13505,8 @@ in
 
   bctoolbox = callPackage ../development/libraries/bctoolbox { };
 
+  bearssl = callPackage ../development/libraries/bearssl { };
+
   beecrypt = callPackage ../development/libraries/beecrypt { };
 
   belcard = callPackage ../development/libraries/belcard { };