Commit Graph

689 Commits

Author SHA1 Message Date
jkim
0ead16e624 Build openssl(1). 2018-09-19 06:29:06 +00:00
jkim
49d1372bde Build libssl for amd64. 2018-09-19 00:24:00 +00:00
jkim
6968bfa714 Build libcrypto for amd64. 2018-09-19 00:07:09 +00:00
jkim
07d8f615a6 Do not build engines for now. 2018-09-19 00:06:48 +00:00
jkim
5f24065324 Do not generate unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:51:28 +00:00
jkim
34ea45b69d Remove unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:47:01 +00:00
jkim
a34aeaad0e Add OpenSSL symbol version maps.
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
jkim
589babcc1f Catch up with manual page removal from secure/lib/libssl. 2018-09-13 23:46:27 +00:00
jkim
e47d66a07a Update initial opensslconf.h for amd64. 2018-09-13 23:31:56 +00:00
jkim
db0d326ed6 Regen manual pages.
Note the manual pages are not automatically generated for now.
2018-09-13 23:14:57 +00:00
jkim
bd1b5d2a7f Regen amd64 assembly files for OpenSSL 1.1.1. 2018-09-13 21:07:09 +00:00
jkim
8ea5e5a891 Update shlib version to 9. 2018-09-13 20:53:51 +00:00
jkim
5f960f9938 Update OpenSSL version number. 2018-09-13 20:51:19 +00:00
des
0a47c58bdd Upgrade to OpenSSH 7.8p1.
Approved by:	re (kib@)
2018-09-10 16:20:12 +00:00
bdrewery
0e72f30a06 Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c
Reported by:	many, delphij (moduli.c issue)
2018-08-16 19:48:07 +00:00
brd
faf44dcf0d Move ssh config file handling into the ssh Makefiles.
This helps with pkgbase by using CONFS and tagging these as config files.

Approved by:	allanjude (mentor), des
Differential Revision:	https://reviews.freebsd.org/D16678
2018-08-15 14:53:42 +00:00
jkim
58e331e535 Merge OpenSSL 1.0.2p. 2018-08-14 17:48:02 +00:00
des
13e42418d1 Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
des
271dcc6a42 Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11.  For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
2018-05-08 23:13:11 +00:00
jkim
28f14cb177 Merge OpenSSL 1.0.2o. 2018-03-27 17:17:58 +00:00
jkim
508afdc65f Remove c_rehash(1) to not confuse users. We do not install the Perl script.
MFC after:	3 days
2018-02-08 19:55:03 +00:00
jkim
2aa41898b2 Merge OpenSSL 1.0.2n. 2017-12-07 18:02:57 +00:00
eadler
dd7fc76e27 secure: chase removal of pkg_install 2017-11-11 07:21:49 +00:00
jkim
9d098cf136 Merge OpenSSL 1.0.2m. 2017-11-02 18:04:29 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
ngie
d810089ddf Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after:	1 weeks
2017-08-02 08:35:51 +00:00
jkim
986f17341f Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
bdrewery
665c851e6b Fix invalid .o SRCS from r314527.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:02 +00:00
des
c995370269 Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
ngie
0632f8bb8d crypto: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:35:30 +00:00
des
dc519490bb Upgrade to OpenSSH 7.3p1. 2017-03-02 00:11:32 +00:00
allanjude
9eb72f4508 Remove bdes(1)
The use of DES for anything is discouraged, especially with a static IV of 0

If you still need bdes(1) to decrypt Kirk's video lectures, see
security/bdes in ports.

This commit brought to you by the FOSDEM DevSummit and the
"remove unneeded dependancies on openssl in base" working group

Reviewed by:	bapt, brnrd
Relnotes:	yes
Sponsored by:	FOSDEM DevSummit
Differential Revision:	https://reviews.freebsd.org/D9424
2017-02-06 08:27:19 +00:00
jkim
4834c2f7b9 Merge OpenSSL 1.0.2k. 2017-01-26 19:10:29 +00:00
ngie
078b533dd4 Conditionalize building libwrap support into sshd
Only build libwrap support into sshd if MK_TCP_WRAPPERS != no

This will unbreak the build if libwrap has been removed from the system

MFC after:	2 weeks
PR:		210141
Submitted by:	kpect@protonmail.com
Differential Revision:	D9049
2017-01-07 08:08:35 +00:00
ngie
094b6c64d0 Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and
MK_KERBEROS_SUPPORT != no

This fixes the odd case where someone specified MK_GSSAPI=no and
MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense,
but the build system doesn't prevent this case today, and it didn't when
I filed the bug back in 2011 either).

MFC after:	2 weeks
PR:		159745
2017-01-02 20:29:50 +00:00
jkim
817e926f2d Prefer ACFLAGS over CFLAGS for compiling aarch64 assembly files. 2016-10-26 20:12:30 +00:00
jkim
8fe6e36c80 Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew. 2016-10-26 20:02:22 +00:00
jkim
665faf046c Merge OpenSSL 1.0.2j. 2016-09-26 14:22:17 +00:00
jkim
97091e1369 Merge OpenSSL 1.0.2i. 2016-09-22 13:27:44 +00:00
bdrewery
621419c360 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-08-31 19:30:46 +00:00
lidl
7235884959 Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file.  This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by:	des
Approved by:	des
MFC after:		1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D7051
2016-08-30 14:09:24 +00:00
jkim
cf8c9ca0f9 Prefer C-style comments in assembly sources. 2016-08-22 21:49:17 +00:00
jkim
780c77452a Fix white spaces in assembly sources. 2016-08-22 21:30:59 +00:00
jkim
690cff5182 Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
MFC after:	1 week
2016-08-22 20:59:34 +00:00
jkim
0ce5ec8324 Disable assembly sources when compiler/assembler cannot compile certain
instructions.  For example, GCC 4.2.1 + binutils 2.17.50 does not support
AVX instructions.

Reported by:	bde
MFC after:	2 weeks
2016-08-17 22:13:39 +00:00
ed
b7ac6522e5 Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision:	https://reviews.freebsd.org/D7306
2016-08-10 15:16:28 +00:00
gjb
7095173950 Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by:	des
PR:		210479 (related)
Approved by:	re (marius)
Sponsored by:	The FreeBSD Foundation
2016-06-24 23:22:42 +00:00
bdrewery
62a131ca62 DIRDEPS_BUILD: Update dependencies
Approved by:	re (gjb)
Sponsored by:	EMC / Isilon Storage Division
2016-06-14 16:55:05 +00:00
lidl
9b5f176b51 Add blacklist support to sshd
Reviewed by:	rpaulo
Approved by:	rpaulo (earlier version of changes)
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5915
2016-06-07 16:18:09 +00:00
jkim
d433e59a4d Regen x86 assembly files for r299480. 2016-05-11 20:11:21 +00:00