security/mbedtls4: New port 4.0.0

Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.0.0

PR:	293527

4 files changed, 73 insertions, 86 deletions

diff --git a/security/Makefile b/security/Makefile
index 04dabdc272f3..b1f800e12537 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -385,6 +385,7 @@
     SUBDIR += masscan
     SUBDIR += mate-pam-helper
     SUBDIR += mbedtls3
+    SUBDIR += mbedtls4
     SUBDIR += mcrypt
     SUBDIR += md5deep
     SUBDIR += medusa
diff --git a/security/mbedtls4/Makefile b/security/mbedtls4/Makefile
index c1a224f14f6f..615048be44ed 100644
--- a/security/mbedtls4/Makefile
+++ b/security/mbedtls4/Makefile
@@ -1,11 +1,11 @@
 PORTNAME=	mbedtls
-DISTVERSION=	3.6.5
+DISTVERSION=	4.0.0
 CATEGORIES=	security devel
 MASTER_SITES=	https://github.com/Mbed-TLS/${PORTNAME}/releases/download/${DISTNAME}/
-PKGNAMESUFFIX=	3
+PKGNAMESUFFIX=	4
 
-MAINTAINER=	tijl@FreeBSD.org
-COMMENT=	SSL/TLS and cryptography library
+MAINTAINER=	pkaipila@gmail.com
+COMMENT=	Embedded SSL/TLS and cryptography library
 WWW=		https://www.trustedfirmware.org/projects/mbed-tls/
 
 LICENSE=	APACHE20 GPLv2+
@@ -25,16 +25,12 @@ CMAKE_OFF=	ENABLE_TESTING
 CMAKE_TESTING_ON=	ENABLE_TESTING
 CMAKE_TESTING_JOBS=	1
 
-CONFLICTS_INSTALL=	mbedtls4
+CONFLICTS_INSTALL=	mbedtls3
 
 PORTSCOUT=	limit:^${DISTVERSION:R:S/./\./g}\.
 
 PLIST_SUB=	DISTVERSION=${DISTVERSION}
 
-post-patch:
-	@${REINPLACE_CMD} '/(everest)/d;/(p256-m)/d' \
-		${WRKSRC}/3rdparty/CMakeLists.txt
-
 pre-configure:
 	@${WRKSRC}/scripts/config.py set MBEDTLS_SSL_DTLS_SRTP
 	@${WRKSRC}/scripts/config.py set MBEDTLS_THREADING_C
diff --git a/security/mbedtls4/distinfo b/security/mbedtls4/distinfo
index 47aadbcf865a..bfb94dde4eaa 100644
--- a/security/mbedtls4/distinfo
+++ b/security/mbedtls4/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1760661467
-SHA256 (mbedtls-3.6.5.tar.bz2) = 4a11f1777bb95bf4ad96721cac945a26e04bf19f57d905f241fe77ebeddf46d8
-SIZE (mbedtls-3.6.5.tar.bz2) = 5367178
+TIMESTAMP = 1772372393
+SHA256 (mbedtls-4.0.0.tar.bz2) = 2f3a47f7b3a541ddef450e4867eeecb7ce2ef7776093f3a11d6d43ead6bf2827
+SIZE (mbedtls-4.0.0.tar.bz2) = 6342607
diff --git a/security/mbedtls4/pkg-plist b/security/mbedtls4/pkg-plist
index 04a7e1658026..b59df397ee02 100644
--- a/security/mbedtls4/pkg-plist
+++ b/security/mbedtls4/pkg-plist
@@ -1,51 +1,23 @@
 bin/mbedtls_aead_demo
-bin/mbedtls_benchmark
 bin/mbedtls_cert_app
 bin/mbedtls_cert_req
 bin/mbedtls_cert_write
-bin/mbedtls_cipher_aead_demo
 bin/mbedtls_crl_app
-bin/mbedtls_crypt_and_hash
 bin/mbedtls_crypto_examples
-bin/mbedtls_dh_client
-bin/mbedtls_dh_genprime
-bin/mbedtls_dh_server
 bin/mbedtls_dtls_client
 bin/mbedtls_dtls_server
-bin/mbedtls_ecdh_curve25519
-bin/mbedtls_ecdsa
-bin/mbedtls_gen_entropy
-bin/mbedtls_gen_key
-bin/mbedtls_gen_random_ctr_drbg
-bin/mbedtls_generic_sum
-bin/mbedtls_hello
 bin/mbedtls_hmac_demo
-bin/mbedtls_key_app
-bin/mbedtls_key_app_writer
 bin/mbedtls_key_ladder_demo
 bin/mbedtls_key_ladder_demo.sh
 bin/mbedtls_load_roots
-bin/mbedtls_md_hmac_demo
 bin/mbedtls_metatest
 bin/mbedtls_mini_client
-bin/mbedtls_mpi_demo
 bin/mbedtls_pem2der
-bin/mbedtls_pk_decrypt
-bin/mbedtls_pk_encrypt
-bin/mbedtls_pk_sign
-bin/mbedtls_pk_verify
 bin/mbedtls_psa_constant_names
 bin/mbedtls_psa_hash
 bin/mbedtls_query_compile_time_config
 bin/mbedtls_query_included_headers
 bin/mbedtls_req_app
-bin/mbedtls_rsa_decrypt
-bin/mbedtls_rsa_encrypt
-bin/mbedtls_rsa_genkey
-bin/mbedtls_rsa_sign
-bin/mbedtls_rsa_sign_pss
-bin/mbedtls_rsa_verify
-bin/mbedtls_rsa_verify_pss
 bin/mbedtls_selftest
 bin/mbedtls_ssl_client1
 bin/mbedtls_ssl_client2
@@ -58,68 +30,63 @@ bin/mbedtls_ssl_server2
 bin/mbedtls_strerror
 bin/mbedtls_udp_proxy
 bin/mbedtls_zeroize
-include/mbedtls/aes.h
-include/mbedtls/aria.h
+include/mbedtls/compat-3-crypto.h
+include/mbedtls/private/aes.h
+include/mbedtls/private/aria.h
+include/mbedtls/private/bignum.h
+include/mbedtls/private/block_cipher.h
+include/mbedtls/private/camellia.h
+include/mbedtls/private/ccm.h
+include/mbedtls/private/chacha20.h
+include/mbedtls/private/chachapoly.h
+include/mbedtls/private/cipher.h
+include/mbedtls/private/cmac.h
+include/mbedtls/private/config_adjust_legacy_from_psa.h
+include/mbedtls/private/config_adjust_ssl.h
+include/mbedtls/private/config_adjust_test_accelerators.h
+include/mbedtls/private/config_adjust_x509.h
+include/mbedtls/private/config_psa.h
+include/mbedtls/private/ctr_drbg.h
+include/mbedtls/private/ecdh.h
+include/mbedtls/private/ecdsa.h
+include/mbedtls/private/ecjpake.h
+include/mbedtls/private/ecp.h
+include/mbedtls/private/entropy.h
+include/mbedtls/private/error_common.h
+include/mbedtls/private/gcm.h
+include/mbedtls/private/hmac_drbg.h
+include/mbedtls/private/md5.h
+include/mbedtls/private/pkcs5.h
+include/mbedtls/private/poly1305.h
+include/mbedtls/private/ripemd160.h
+include/mbedtls/private/rsa.h
+include/mbedtls/private/sha1.h
+include/mbedtls/private/sha256.h
+include/mbedtls/private/sha3.h
+include/mbedtls/private/sha512.h
 include/mbedtls/asn1.h
 include/mbedtls/asn1write.h
 include/mbedtls/base64.h
-include/mbedtls/bignum.h
-include/mbedtls/block_cipher.h
 include/mbedtls/build_info.h
-include/mbedtls/camellia.h
-include/mbedtls/ccm.h
-include/mbedtls/chacha20.h
-include/mbedtls/chachapoly.h
-include/mbedtls/check_config.h
-include/mbedtls/cipher.h
-include/mbedtls/cmac.h
-include/mbedtls/compat-2.x.h
 include/mbedtls/config_adjust_legacy_crypto.h
-include/mbedtls/config_adjust_legacy_from_psa.h
-include/mbedtls/config_adjust_psa_from_legacy.h
-include/mbedtls/config_adjust_psa_superset_legacy.h
-include/mbedtls/config_adjust_ssl.h
-include/mbedtls/config_adjust_x509.h
-include/mbedtls/config_psa.h
 include/mbedtls/constant_time.h
-include/mbedtls/ctr_drbg.h
 include/mbedtls/debug.h
-include/mbedtls/des.h
-include/mbedtls/dhm.h
-include/mbedtls/ecdh.h
-include/mbedtls/ecdsa.h
-include/mbedtls/ecjpake.h
-include/mbedtls/ecp.h
-include/mbedtls/entropy.h
 include/mbedtls/error.h
-include/mbedtls/gcm.h
-include/mbedtls/hkdf.h
-include/mbedtls/hmac_drbg.h
 include/mbedtls/lms.h
 include/mbedtls/mbedtls_config.h
 include/mbedtls/md.h
-include/mbedtls/md5.h
 include/mbedtls/memory_buffer_alloc.h
 include/mbedtls/net_sockets.h
 include/mbedtls/nist_kw.h
 include/mbedtls/oid.h
 include/mbedtls/pem.h
 include/mbedtls/pk.h
-include/mbedtls/pkcs12.h
-include/mbedtls/pkcs5.h
 include/mbedtls/pkcs7.h
 include/mbedtls/platform.h
 include/mbedtls/platform_time.h
 include/mbedtls/platform_util.h
-include/mbedtls/poly1305.h
 include/mbedtls/private_access.h
 include/mbedtls/psa_util.h
-include/mbedtls/ripemd160.h
-include/mbedtls/rsa.h
-include/mbedtls/sha1.h
-include/mbedtls/sha256.h
-include/mbedtls/sha3.h
-include/mbedtls/sha512.h
 include/mbedtls/ssl.h
 include/mbedtls/ssl_cache.h
 include/mbedtls/ssl_ciphersuites.h
@@ -132,7 +99,6 @@ include/mbedtls/x509.h
 include/mbedtls/x509_crl.h
 include/mbedtls/x509_crt.h
 include/mbedtls/x509_csr.h
-include/psa/build_info.h
 include/psa/crypto.h
 include/psa/crypto_adjust_auto_enabled.h
 include/psa/crypto_adjust_config_dependencies.h
@@ -148,29 +114,53 @@ include/psa/crypto_driver_contexts_composites.h
 include/psa/crypto_driver_contexts_key_derivation.h
 include/psa/crypto_driver_contexts_primitives.h
 include/psa/crypto_extra.h
-include/psa/crypto_legacy.h
 include/psa/crypto_platform.h
-include/psa/crypto_se_driver.h
 include/psa/crypto_sizes.h
 include/psa/crypto_struct.h
 include/psa/crypto_types.h
 include/psa/crypto_values.h
+include/psa/crypto_adjust_config_derived.h
+include/psa/crypto_driver_random.h
+include/tf-psa-crypto/build_info.h
+include/tf-psa-crypto/private/everest/everest/Hacl_Curve25519.h
+include/tf-psa-crypto/private/everest/everest/everest.h
+include/tf-psa-crypto/private/everest/everest/kremlib.h
+include/tf-psa-crypto/private/everest/everest/kremlib/FStar_UInt128.h
+include/tf-psa-crypto/private/everest/everest/kremlib/FStar_UInt64_FStar_UInt32_FStar_UInt16_FStar_UInt8.h
+include/tf-psa-crypto/private/everest/everest/kremlin/c_endianness.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/builtin.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/callconv.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/compat.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/debug.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/target.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/types.h
+include/tf-psa-crypto/private/everest/everest/kremlin/internal/wasmsupport.h
+include/tf-psa-crypto/private/everest/everest/vs2013/Hacl_Curve25519.h
+include/tf-psa-crypto/private/everest/everest/x25519.h
+include/tf-psa-crypto/version.h
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoConfig.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoConfigVersion.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoTargets-%%CMAKE_BUILD_TYPE%%.cmake
+lib/cmake/TF-PSA-Crypto/TF-PSA-CryptoTargets.cmake
+lib/libmbedtls.so.22
+lib/libmbedx509.so.8
+lib/libtfpsacrypto.a
+lib/libtfpsacrypto.so
+lib/libtfpsacrypto.so.1
+lib/libtfpsacrypto.so.1.0.0
 lib/cmake/MbedTLS/MbedTLSConfig.cmake
 lib/cmake/MbedTLS/MbedTLSConfigVersion.cmake
 lib/cmake/MbedTLS/MbedTLSTargets-%%CMAKE_BUILD_TYPE%%.cmake
 lib/cmake/MbedTLS/MbedTLSTargets.cmake
 lib/libmbedcrypto.a
-lib/libmbedcrypto.so
-lib/libmbedcrypto.so.16
 lib/libmbedcrypto.so.%%DISTVERSION%%
 lib/libmbedtls.a
 lib/libmbedtls.so
-lib/libmbedtls.so.21
 lib/libmbedtls.so.%%DISTVERSION%%
 lib/libmbedx509.a
 lib/libmbedx509.so
 lib/libmbedx509.so.%%DISTVERSION%%
-lib/libmbedx509.so.7
 libdata/pkgconfig/mbedcrypto.pc
 libdata/pkgconfig/mbedtls.pc
 libdata/pkgconfig/mbedx509.pc
+libdata/pkgconfig/tfpsacrypto.pc