Commit Graph

263 Commits

Author SHA1 Message Date
Jung-uk Kim
3971092e11 Regen X86 assembly files after r364822. 2020-08-26 16:56:44 +00:00
Conrad Meyer
80a315ffb6 Replace OPENSSL_NO_SSL3_METHODs with dummies
SSLv3 has been deprecated since 2015 (and broken since 2014: "POODLE"); it
should not have shipped in FreeBSD 11 (2016) or 12 (2018).  No one should use
it, and if they must, they can use some implementation outside of base.

There are three symbols removed with OPENSSL_NO_SSL3_METHOD:

SSLv3_client_method
SSLv3_method
SSLv3_server_method

These symbols exist to request an explicit SSLv3 connection to a server.
There is no good reason for an application to link or invoke these symbols
instead of TLS_method(), et al (née SSLv23_method, et al).  Applications
that do so have broken cryptography.

Define these symbols for some pedantic definition of ABI stability, but
remove the functionality again (r361392) after r362620.

Reviewed by:	gordon, jhb (earlier-but-equivalent version both)
Discussed with:	bjk, kib
Differential Revision:	https://reviews.freebsd.org/D25493
2020-07-01 00:59:28 +00:00
Gordon Tetlow
e398139415 Revert OPENSSL_NO_SSL3_METHOD to keep ABI compatibility.
This define caused a couple of symbols to disappear. To keep ABI
compatibility, we are going to keep the symbols exposed, but leave SSLv3 as
not in the default config (this is what OPENSSL_NO_SSL3 achieves). The
ramifications of this is an application can still use SSLv3 if it
specifically calls the SSLv3_method family of APIs.

Reported by:	kib, others
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D25451
2020-06-25 19:35:37 +00:00
Tijl Coosemans
82c3a6548f Install 32-bit libcrypto engines in /usr/lib32/engines instead of
/usr/lib32 and let 32-bit libcrypto search that location instead of
/usr/lib/engines.

Reviewed by:	jkim
2020-06-01 18:58:09 +00:00
Gordon Tetlow
f7732201a2 Remove support for SSLv3 from the OpenSSL build.
This is the default configuration in OpenSSL 1.1.1 already. This moves
to align with that default.

Reported by:	jmg
Approved by:	jkim, cem, emaste, philip
Differential Revision:	https://reviews.freebsd.org/D24945
2020-05-22 16:53:39 +00:00
Jung-uk Kim
cfac584b60 Merge OpenSSL 1.1.1g. 2020-04-21 19:38:32 +00:00
Jung-uk Kim
11c7efe3a4 Merge OpenSSL 1.1.1f. 2020-03-31 15:47:55 +00:00
Jung-uk Kim
0a70e97c94 Reduce diff with the vendor version. No functional change. 2020-03-18 02:20:03 +00:00
Jung-uk Kim
17f01e9963 Merge OpenSSL 1.1.1e. 2020-03-18 02:13:12 +00:00
Jung-uk Kim
a9e3baa562 Install man5 and man7 for OpenSSL.
Note config.5 and crypto.7 are not installed because we have conflicts.

Requested by:	phk
MFC after:	1 month
2020-01-22 01:15:57 +00:00
Simon J. Gerraty
2c9a9dfc18 Update Makefile.depend files
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files

Reviewed by:	 bdrewery
MFC after:	1 week
Sponsored by:   Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D22494
2019-12-11 17:37:53 +00:00
Jung-uk Kim
da327cd22e Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
Emmanuel Vadot
a7b5a3d486 pkgbase: Put a lot of binaries and lib in FreeBSD-runtime
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.

Reviewed by:    bapt, gjb
Differential Revision:  https://reviews.freebsd.org/D21503
2019-09-05 14:13:08 +00:00
Jung-uk Kim
610a21fd82 Merge OpenSSL 1.1.1c. 2019-05-28 21:54:12 +00:00
Jung-uk Kim
6935a639f0 Merge OpenSSL 1.1.1b. 2019-02-26 19:31:33 +00:00
Jung-uk Kim
f622545b79 Enable devcryptoeng for OpenSSL.
Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been
deprecated in favor of this new engine.  However, this engine is not
throughly tested on FreeBSD because it was originally written for Linux.

http://cryptodev-linux.org/

Also, the author actually meant to enable it by default on BSD platforms but
he failed to do so because there was a bug in the Configure script.

https://github.com/openssl/openssl/pull/7882

Now they found that it was more generic issue.

https://github.com/openssl/openssl/pull/7885

Therefore, we need to enable this engine on head to give it more exposure.
2018-12-12 21:56:47 +00:00
Jung-uk Kim
c9cf7b5cb1 Merge OpenSSL 1.1.1a. 2018-11-20 21:10:04 +00:00
Konstantin Belousov
89250cff0c Bump base OpenSSL libraries versions to avoid conflict with port's libraries.
Reported by:	many
Reviewed by:	gjb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 hours
2018-10-25 13:37:57 +00:00
Ed Maste
c4cff94134 libcrypto: have buildinf.h depend on Makefile
So that it will be regenerated after Makefile changes affecting the
file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
macro which did not exist previously.

Sponsored by:	The FreeBSD Foundation
2018-10-05 20:49:54 +00:00
Jung-uk Kim
2f0b51ed02 Drop pre-AVX toolchain for amd64 and i386 to simplify the makefile.
Especially, head does not support old toolchains because of ifunc support.
2018-10-01 18:16:36 +00:00
Jung-uk Kim
8f1d871786 Make it more meta mode friendly. 2018-09-25 22:15:47 +00:00
Jung-uk Kim
4552330800 Fix CLEANFILES. 2018-09-25 22:14:52 +00:00
Jung-uk Kim
c66de03c60 Regen Makefile.depend. 2018-09-25 21:12:36 +00:00
Jung-uk Kim
024217024c Connect an assembly file for aarch64 to build. 2018-09-22 23:02:45 +00:00
Jung-uk Kim
8072609dd0 Add missing ACFLAGS for aarch64. 2018-09-22 06:50:56 +00:00
Jung-uk Kim
f294b00a88 Fix typos in the previous commit. 2018-09-22 05:59:43 +00:00
Jung-uk Kim
4f4ab23a54 Add a missing source file for SHA. 2018-09-22 05:30:55 +00:00
Jung-uk Kim
604871c9df Add CFLAGS for aarch64/arm assembly files. 2018-09-22 05:16:06 +00:00
Jung-uk Kim
d55590888d Add another include directory for aarch64 and arm. 2018-09-22 04:32:44 +00:00
Jung-uk Kim
61fab32360 Regen cpuid assembly files for aarch64 and arm. 2018-09-22 03:54:40 +00:00
Jung-uk Kim
ea19bcde21 Connect assembly files for arm to build. 2018-09-22 02:43:24 +00:00
Jung-uk Kim
2c17169a65 Regen assembly files for arm. 2018-09-22 02:42:51 +00:00
Jung-uk Kim
4b7c498f1f Connect assembly files for aarch64 to build. 2018-09-22 02:23:42 +00:00
Jung-uk Kim
bde62812ae Regen assemply files for aarch64. 2018-09-22 02:23:03 +00:00
Jung-uk Kim
0633b14ba1 Unify opensslconf.h templates.
There is no MD macro in this file any more.
2018-09-21 22:26:00 +00:00
Jung-uk Kim
63ffbd00fc Regen assembly files for i386 after r338846. 2018-09-20 22:48:34 +00:00
Jung-uk Kim
4cd58f1ace Add CFLAGS for i386 assembly files. 2018-09-20 22:47:55 +00:00
Jung-uk Kim
fde4ab539f Sort assembly source files for i386. 2018-09-20 22:45:42 +00:00
Jung-uk Kim
b023ea8a2e Connect engines to the build. 2018-09-20 21:59:47 +00:00
Jung-uk Kim
e5631d6f60 Connect i386 assembly files to build. 2018-09-20 21:36:52 +00:00
Jung-uk Kim
d0f1d030b3 Regen assembly files for i386. 2018-09-20 21:34:05 +00:00
Jung-uk Kim
acd3ae1266 Link libcrypto with pthread. 2018-09-20 00:20:04 +00:00
Jung-uk Kim
2aeec0c46f Remove an obsolete compiler option. 2018-09-20 00:17:41 +00:00
Jung-uk Kim
6cc2d4a4da Build libcrypto for amd64. 2018-09-19 00:07:09 +00:00
Jung-uk Kim
9cd2ada182 Do not build engines for now. 2018-09-19 00:06:48 +00:00
Jung-uk Kim
c28e4d8488 Do not generate unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:51:28 +00:00
Jung-uk Kim
015dcc7906 Remove unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:47:01 +00:00
Jung-uk Kim
cec27dca41 Add OpenSSL symbol version maps.
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
Jung-uk Kim
23bb9f3ae1 Update initial opensslconf.h for amd64. 2018-09-13 23:31:56 +00:00
Jung-uk Kim
54967a4e95 Regen manual pages.
Note the manual pages are not automatically generated for now.
2018-09-13 23:14:57 +00:00