Commit Graph

730 Commits

Author SHA1 Message Date
kevans
3f9110bf50 caroot: commit initial bundle
Interested users can blacklist any/all of these with certctl(8), examples:

- mv /usr/share/certs/trusted/... /usr/share/certs/blacklisted/...; \
    certctl rehash
- certctl blacklist /usr/share/certs/trusted/*; \
    certctl rehash

Certs can be easily examined after installation with `certctl list`, and
certctl blacklist will accept the hashed filename as output by list or as
seen in /etc/ssl/certs

No objection from:	secteam
Relnotes:	Definite maybe
2019-10-04 02:34:20 +00:00
kevans
c13136b1b6 caroot: add @generated tags to extracted .pem
As is the current trend; while these files are manually curated, they are
still generated.  If they end up in a review, it would be helpful to also
take the hint and hide them.
2019-10-02 01:27:50 +00:00
kevans
4ed49b4dcb [1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions

A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.

This work was done primarily by allanjude@, with minor contributions by
myself.

No objection from:	secteam
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16856
2019-10-02 01:05:29 +00:00
jkim
556ce8d8d3 Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
manu
5fc62085dd pkgbase: Put a lot of binaries and lib in FreeBSD-runtime
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.

Reviewed by:    bapt, gjb
Differential Revision:  https://reviews.freebsd.org/D21503
2019-09-05 14:13:08 +00:00
jkim
5b4ef83c65 Merge OpenSSL 1.1.1c. 2019-05-28 21:54:12 +00:00
des
cf475d661f Add workaround for a QoS-related bug in VMWare Workstation.
Submitted by:	yuripv
Differential Revision:	https://reviews.freebsd.org/D18636
2019-03-27 15:17:29 +00:00
jkim
d6ebbcc6a2 Merge OpenSSL 1.1.1b. 2019-02-26 19:31:33 +00:00
jkim
53c4fca8e5 Enable devcryptoeng for OpenSSL.
Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been
deprecated in favor of this new engine.  However, this engine is not
throughly tested on FreeBSD because it was originally written for Linux.

http://cryptodev-linux.org/

Also, the author actually meant to enable it by default on BSD platforms but
he failed to do so because there was a bug in the Configure script.

https://github.com/openssl/openssl/pull/7882

Now they found that it was more generic issue.

https://github.com/openssl/openssl/pull/7885

Therefore, we need to enable this engine on head to give it more exposure.
2018-12-12 21:56:47 +00:00
jkim
af5a2716ea Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
kib
f37256a01f Bump base OpenSSL libraries versions to avoid conflict with port's libraries.
Reported by:	many
Reviewed by:	gjb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 hours
2018-10-25 13:37:57 +00:00
emaste
5f7be1f9c7 libcrypto: have buildinf.h depend on Makefile
So that it will be regenerated after Makefile changes affecting the
file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
macro which did not exist previously.

Sponsored by:	The FreeBSD Foundation
2018-10-05 20:49:54 +00:00
gjb
fcf5119e83 MFH r338661 through r339200.
Sponsored by:	The FreeBSD Foundation
2018-10-05 17:53:47 +00:00
emaste
e0d48e3a14 openssh: connect libressl-api-compat.c and regen config.h
Differential Revision:	https://reviews.freebsd.org/D17390
2018-10-03 16:38:36 +00:00
jkim
683d164a60 Drop pre-AVX toolchain for amd64 and i386 to simplify the makefile.
Especially, head does not support old toolchains because of ifunc support.
2018-10-01 18:16:36 +00:00
jkim
a178e72a82 Remove MD dirdeps from Makefile.depend.
It can't be right. :-(
2018-09-25 22:21:36 +00:00
jkim
e4b73ece31 Make it more meta mode friendly. 2018-09-25 22:15:47 +00:00
jkim
6ac49d7d55 Fix CLEANFILES. 2018-09-25 22:14:52 +00:00
jkim
2ef0b644bd Regen Makefile.depend. 2018-09-25 21:12:36 +00:00
jkim
ace1a9b008 Connect an assembly file for aarch64 to build. 2018-09-22 23:02:45 +00:00
jkim
6ffe902342 Add missing ACFLAGS for aarch64. 2018-09-22 06:50:56 +00:00
jkim
f77ce519bc Fix typos in the previous commit. 2018-09-22 05:59:43 +00:00
jkim
501d69edde Add a missing source file for SHA. 2018-09-22 05:30:55 +00:00
jkim
4764c18aca Add CFLAGS for aarch64/arm assembly files. 2018-09-22 05:16:06 +00:00
jkim
bbc4f61dae Add another include directory for aarch64 and arm. 2018-09-22 04:32:44 +00:00
jkim
9568d517c9 Regen cpuid assembly files for aarch64 and arm. 2018-09-22 03:54:40 +00:00
jkim
0d413d4bb4 Connect assembly files for arm to build. 2018-09-22 02:43:24 +00:00
jkim
18c5ff13a8 Regen assembly files for arm. 2018-09-22 02:42:51 +00:00
jkim
3d40891a01 Connect assembly files for aarch64 to build. 2018-09-22 02:23:42 +00:00
jkim
2a49205fa1 Regen assemply files for aarch64. 2018-09-22 02:23:03 +00:00
jkim
3fe75bf103 Unify opensslconf.h templates.
There is no MD macro in this file any more.
2018-09-21 22:26:00 +00:00
jkim
ff19ff81cc Remove pthread from LIBADD for openssl(1).
libcrypto is linked with pthread since r338816.
2018-09-20 23:06:59 +00:00
jkim
29fa2db5f4 Regen assembly files for i386 after r338846. 2018-09-20 22:48:34 +00:00
jkim
6245169c78 Add CFLAGS for i386 assembly files. 2018-09-20 22:47:55 +00:00
jkim
514285f2cf Sort assembly source files for i386. 2018-09-20 22:45:42 +00:00
jkim
10114566c4 Connect engines to the build. 2018-09-20 21:59:47 +00:00
jkim
d82903cd41 Connect i386 assembly files to build. 2018-09-20 21:36:52 +00:00
jkim
14a0b99c50 Regen assembly files for i386. 2018-09-20 21:34:05 +00:00
brd
1e1d8c5438 Move the openssl.cnf install to secure/usr.bin/openssl/
This leverages CONFS to do the install

Approved by:	re (pkgbase, blanket), bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D17245
2018-09-20 09:34:55 +00:00
jkim
db9c2bdeb5 Link libcrypto with pthread. 2018-09-20 00:20:04 +00:00
jkim
f769253e9e Remove an obsolete compiler option. 2018-09-20 00:17:41 +00:00
jkim
0ead16e624 Build openssl(1). 2018-09-19 06:29:06 +00:00
jkim
49d1372bde Build libssl for amd64. 2018-09-19 00:24:00 +00:00
jkim
6968bfa714 Build libcrypto for amd64. 2018-09-19 00:07:09 +00:00
jkim
07d8f615a6 Do not build engines for now. 2018-09-19 00:06:48 +00:00
jkim
5f24065324 Do not generate unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:51:28 +00:00
jkim
34ea45b69d Remove unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:47:01 +00:00
jkim
a34aeaad0e Add OpenSSL symbol version maps.
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
jkim
589babcc1f Catch up with manual page removal from secure/lib/libssl. 2018-09-13 23:46:27 +00:00
jkim
e47d66a07a Update initial opensslconf.h for amd64. 2018-09-13 23:31:56 +00:00