Commit Graph

721 Commits

Author SHA1 Message Date
Kyle Evans
b25bf676f0 caroot: commit initial bundle
Interested users can blacklist any/all of these with certctl(8), examples:

- mv /usr/share/certs/trusted/... /usr/share/certs/blacklisted/...; \
    certctl rehash
- certctl blacklist /usr/share/certs/trusted/*; \
    certctl rehash

Certs can be easily examined after installation with `certctl list`, and
certctl blacklist will accept the hashed filename as output by list or as
seen in /etc/ssl/certs

No objection from:	secteam
Relnotes:	Definite maybe
2019-10-04 02:34:20 +00:00
Kyle Evans
a9fe8c68aa caroot: add @generated tags to extracted .pem
As is the current trend; while these files are manually curated, they are
still generated.  If they end up in a review, it would be helpful to also
take the hint and hide them.
2019-10-02 01:27:50 +00:00
Kyle Evans
f27f39db77 [1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions

A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.

This work was done primarily by allanjude@, with minor contributions by
myself.

No objection from:	secteam
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16856
2019-10-02 01:05:29 +00:00
Jung-uk Kim
da327cd22e Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
Emmanuel Vadot
a7b5a3d486 pkgbase: Put a lot of binaries and lib in FreeBSD-runtime
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.

Reviewed by:    bapt, gjb
Differential Revision:  https://reviews.freebsd.org/D21503
2019-09-05 14:13:08 +00:00
Jung-uk Kim
610a21fd82 Merge OpenSSL 1.1.1c. 2019-05-28 21:54:12 +00:00
Dag-Erling Smørgrav
77c2fe20df Add workaround for a QoS-related bug in VMWare Workstation.
Submitted by:	yuripv
Differential Revision:	https://reviews.freebsd.org/D18636
2019-03-27 15:17:29 +00:00
Jung-uk Kim
6935a639f0 Merge OpenSSL 1.1.1b. 2019-02-26 19:31:33 +00:00
Jung-uk Kim
f622545b79 Enable devcryptoeng for OpenSSL.
Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been
deprecated in favor of this new engine.  However, this engine is not
throughly tested on FreeBSD because it was originally written for Linux.

http://cryptodev-linux.org/

Also, the author actually meant to enable it by default on BSD platforms but
he failed to do so because there was a bug in the Configure script.

https://github.com/openssl/openssl/pull/7882

Now they found that it was more generic issue.

https://github.com/openssl/openssl/pull/7885

Therefore, we need to enable this engine on head to give it more exposure.
2018-12-12 21:56:47 +00:00
Jung-uk Kim
c9cf7b5cb1 Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
Konstantin Belousov
89250cff0c Bump base OpenSSL libraries versions to avoid conflict with port's libraries.
Reported by:	many
Reviewed by:	gjb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 hours
2018-10-25 13:37:57 +00:00
Ed Maste
c4cff94134 libcrypto: have buildinf.h depend on Makefile
So that it will be regenerated after Makefile changes affecting the
file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
macro which did not exist previously.

Sponsored by:	The FreeBSD Foundation
2018-10-05 20:49:54 +00:00
Glen Barber
01d4e2149e MFH r338661 through r339200.
Sponsored by:	The FreeBSD Foundation
2018-10-05 17:53:47 +00:00
Ed Maste
4b6d416b32 openssh: connect libressl-api-compat.c and regen config.h
Differential Revision:	https://reviews.freebsd.org/D17390
2018-10-03 16:38:36 +00:00
Jung-uk Kim
2f0b51ed02 Drop pre-AVX toolchain for amd64 and i386 to simplify the makefile.
Especially, head does not support old toolchains because of ifunc support.
2018-10-01 18:16:36 +00:00
Jung-uk Kim
8fef2de1fc Remove MD dirdeps from Makefile.depend.
It can't be right. :-(
2018-09-25 22:21:36 +00:00
Jung-uk Kim
8f1d871786 Make it more meta mode friendly. 2018-09-25 22:15:47 +00:00
Jung-uk Kim
4552330800 Fix CLEANFILES. 2018-09-25 22:14:52 +00:00
Jung-uk Kim
c66de03c60 Regen Makefile.depend. 2018-09-25 21:12:36 +00:00
Jung-uk Kim
024217024c Connect an assembly file for aarch64 to build. 2018-09-22 23:02:45 +00:00
Jung-uk Kim
8072609dd0 Add missing ACFLAGS for aarch64. 2018-09-22 06:50:56 +00:00
Jung-uk Kim
f294b00a88 Fix typos in the previous commit. 2018-09-22 05:59:43 +00:00
Jung-uk Kim
4f4ab23a54 Add a missing source file for SHA. 2018-09-22 05:30:55 +00:00
Jung-uk Kim
604871c9df Add CFLAGS for aarch64/arm assembly files. 2018-09-22 05:16:06 +00:00
Jung-uk Kim
d55590888d Add another include directory for aarch64 and arm. 2018-09-22 04:32:44 +00:00
Jung-uk Kim
61fab32360 Regen cpuid assembly files for aarch64 and arm. 2018-09-22 03:54:40 +00:00
Jung-uk Kim
ea19bcde21 Connect assembly files for arm to build. 2018-09-22 02:43:24 +00:00
Jung-uk Kim
2c17169a65 Regen assembly files for arm. 2018-09-22 02:42:51 +00:00
Jung-uk Kim
4b7c498f1f Connect assembly files for aarch64 to build. 2018-09-22 02:23:42 +00:00
Jung-uk Kim
bde62812ae Regen assemply files for aarch64. 2018-09-22 02:23:03 +00:00
Jung-uk Kim
0633b14ba1 Unify opensslconf.h templates.
There is no MD macro in this file any more.
2018-09-21 22:26:00 +00:00
Jung-uk Kim
7c1dfe5b38 Remove pthread from LIBADD for openssl(1).
libcrypto is linked with pthread since r338816.
2018-09-20 23:06:59 +00:00
Jung-uk Kim
63ffbd00fc Regen assembly files for i386 after r338846. 2018-09-20 22:48:34 +00:00
Jung-uk Kim
4cd58f1ace Add CFLAGS for i386 assembly files. 2018-09-20 22:47:55 +00:00
Jung-uk Kim
fde4ab539f Sort assembly source files for i386. 2018-09-20 22:45:42 +00:00
Jung-uk Kim
b023ea8a2e Connect engines to the build. 2018-09-20 21:59:47 +00:00
Jung-uk Kim
e5631d6f60 Connect i386 assembly files to build. 2018-09-20 21:36:52 +00:00
Jung-uk Kim
d0f1d030b3 Regen assembly files for i386. 2018-09-20 21:34:05 +00:00
Brad Davis
d465a4b0b3 Move the openssl.cnf install to secure/usr.bin/openssl/
This leverages CONFS to do the install

Approved by:	re (pkgbase, blanket), bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D17245
2018-09-20 09:34:55 +00:00
Jung-uk Kim
acd3ae1266 Link libcrypto with pthread. 2018-09-20 00:20:04 +00:00
Jung-uk Kim
2aeec0c46f Remove an obsolete compiler option. 2018-09-20 00:17:41 +00:00
Jung-uk Kim
ff73837b94 Build openssl(1). 2018-09-19 06:29:06 +00:00
Jung-uk Kim
85a025545f Build libssl for amd64. 2018-09-19 00:24:00 +00:00
Jung-uk Kim
6cc2d4a4da Build libcrypto for amd64. 2018-09-19 00:07:09 +00:00
Jung-uk Kim
9cd2ada182 Do not build engines for now. 2018-09-19 00:06:48 +00:00
Jung-uk Kim
c28e4d8488 Do not generate unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:51:28 +00:00
Jung-uk Kim
015dcc7906 Remove unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:47:01 +00:00
Jung-uk Kim
cec27dca41 Add OpenSSL symbol version maps.
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
Jung-uk Kim
0ea17a70ce Catch up with manual page removal from secure/lib/libssl. 2018-09-13 23:46:27 +00:00
Jung-uk Kim
23bb9f3ae1 Update initial opensslconf.h for amd64. 2018-09-13 23:31:56 +00:00