Commit Graph

740 Commits

Author SHA1 Message Date
jkim
f769253e9e Remove an obsolete compiler option. 2018-09-20 00:17:41 +00:00
jkim
0ead16e624 Build openssl(1). 2018-09-19 06:29:06 +00:00
jkim
49d1372bde Build libssl for amd64. 2018-09-19 00:24:00 +00:00
jkim
6968bfa714 Build libcrypto for amd64. 2018-09-19 00:07:09 +00:00
jkim
07d8f615a6 Do not build engines for now. 2018-09-19 00:06:48 +00:00
jkim
5f24065324 Do not generate unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:51:28 +00:00
jkim
34ea45b69d Remove unused AVX2 and AVX-512 assembly files for amd64. 2018-09-18 01:47:01 +00:00
jkim
a34aeaad0e Add OpenSSL symbol version maps.
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
jkim
589babcc1f Catch up with manual page removal from secure/lib/libssl. 2018-09-13 23:46:27 +00:00
jkim
e47d66a07a Update initial opensslconf.h for amd64. 2018-09-13 23:31:56 +00:00
jkim
db0d326ed6 Regen manual pages.
Note the manual pages are not automatically generated for now.
2018-09-13 23:14:57 +00:00
jkim
bd1b5d2a7f Regen amd64 assembly files for OpenSSL 1.1.1. 2018-09-13 21:07:09 +00:00
jkim
8ea5e5a891 Update shlib version to 9. 2018-09-13 20:53:51 +00:00
jkim
5f960f9938 Update OpenSSL version number. 2018-09-13 20:51:19 +00:00
des
0a47c58bdd Upgrade to OpenSSH 7.8p1.
Approved by:	re (kib@)
2018-09-10 16:20:12 +00:00
bdrewery
0e72f30a06 Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c
Reported by:	many, delphij (moduli.c issue)
2018-08-16 19:48:07 +00:00
brd
faf44dcf0d Move ssh config file handling into the ssh Makefiles.
This helps with pkgbase by using CONFS and tagging these as config files.

Approved by:	allanjude (mentor), des
Differential Revision:	https://reviews.freebsd.org/D16678
2018-08-15 14:53:42 +00:00
jkim
58e331e535 Merge OpenSSL 1.0.2p. 2018-08-14 17:48:02 +00:00
des
13e42418d1 Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
des
271dcc6a42 Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11.  For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
2018-05-08 23:13:11 +00:00
jkim
28f14cb177 Merge OpenSSL 1.0.2o. 2018-03-27 17:17:58 +00:00
jkim
508afdc65f Remove c_rehash(1) to not confuse users. We do not install the Perl script.
MFC after:	3 days
2018-02-08 19:55:03 +00:00
jkim
2aa41898b2 Merge OpenSSL 1.0.2n. 2017-12-07 18:02:57 +00:00
eadler
dd7fc76e27 secure: chase removal of pkg_install 2017-11-11 07:21:49 +00:00
jkim
9d098cf136 Merge OpenSSL 1.0.2m. 2017-11-02 18:04:29 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
ngie
d810089ddf Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after:	1 weeks
2017-08-02 08:35:51 +00:00
jkim
986f17341f Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
bdrewery
665c851e6b Fix invalid .o SRCS from r314527.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:02 +00:00
des
c995370269 Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
ngie
0632f8bb8d crypto: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:35:30 +00:00
des
dc519490bb Upgrade to OpenSSH 7.3p1. 2017-03-02 00:11:32 +00:00
allanjude
9eb72f4508 Remove bdes(1)
The use of DES for anything is discouraged, especially with a static IV of 0

If you still need bdes(1) to decrypt Kirk's video lectures, see
security/bdes in ports.

This commit brought to you by the FOSDEM DevSummit and the
"remove unneeded dependancies on openssl in base" working group

Reviewed by:	bapt, brnrd
Relnotes:	yes
Sponsored by:	FOSDEM DevSummit
Differential Revision:	https://reviews.freebsd.org/D9424
2017-02-06 08:27:19 +00:00
jkim
4834c2f7b9 Merge OpenSSL 1.0.2k. 2017-01-26 19:10:29 +00:00
ngie
078b533dd4 Conditionalize building libwrap support into sshd
Only build libwrap support into sshd if MK_TCP_WRAPPERS != no

This will unbreak the build if libwrap has been removed from the system

MFC after:	2 weeks
PR:		210141
Submitted by:	kpect@protonmail.com
Differential Revision:	D9049
2017-01-07 08:08:35 +00:00
ngie
094b6c64d0 Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and
MK_KERBEROS_SUPPORT != no

This fixes the odd case where someone specified MK_GSSAPI=no and
MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense,
but the build system doesn't prevent this case today, and it didn't when
I filed the bug back in 2011 either).

MFC after:	2 weeks
PR:		159745
2017-01-02 20:29:50 +00:00
jkim
817e926f2d Prefer ACFLAGS over CFLAGS for compiling aarch64 assembly files. 2016-10-26 20:12:30 +00:00
jkim
8fe6e36c80 Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew. 2016-10-26 20:02:22 +00:00
jkim
665faf046c Merge OpenSSL 1.0.2j. 2016-09-26 14:22:17 +00:00
jkim
97091e1369 Merge OpenSSL 1.0.2i. 2016-09-22 13:27:44 +00:00
bdrewery
621419c360 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-08-31 19:30:46 +00:00
lidl
7235884959 Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file.  This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by:	des
Approved by:	des
MFC after:		1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D7051
2016-08-30 14:09:24 +00:00
jkim
cf8c9ca0f9 Prefer C-style comments in assembly sources. 2016-08-22 21:49:17 +00:00
jkim
780c77452a Fix white spaces in assembly sources. 2016-08-22 21:30:59 +00:00
jkim
690cff5182 Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
MFC after:	1 week
2016-08-22 20:59:34 +00:00
jkim
0ce5ec8324 Disable assembly sources when compiler/assembler cannot compile certain
instructions.  For example, GCC 4.2.1 + binutils 2.17.50 does not support
AVX instructions.

Reported by:	bde
MFC after:	2 weeks
2016-08-17 22:13:39 +00:00
ed
b7ac6522e5 Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision:	https://reviews.freebsd.org/D7306
2016-08-10 15:16:28 +00:00
gjb
7095173950 Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by:	des
PR:		210479 (related)
Approved by:	re (marius)
Sponsored by:	The FreeBSD Foundation
2016-06-24 23:22:42 +00:00
bdrewery
62a131ca62 DIRDEPS_BUILD: Update dependencies
Approved by:	re (gjb)
Sponsored by:	EMC / Isilon Storage Division
2016-06-14 16:55:05 +00:00
lidl
9b5f176b51 Add blacklist support to sshd
Reviewed by:	rpaulo
Approved by:	rpaulo (earlier version of changes)
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5915
2016-06-07 16:18:09 +00:00
jkim
d433e59a4d Regen x86 assembly files for r299480. 2016-05-11 20:11:21 +00:00
jkim
36da606d58 Set CC environment variable for Perl scripts. This is for detecting
assembler/compiler capabilities, e.g., AVX instructions.
2016-05-11 20:06:23 +00:00
jkim
7ff185b500 Refine comments to add its origin. 2016-05-11 19:59:05 +00:00
emaste
a49d3e4c43 libcrypto: add "Do not modify" comment to generated source files
Reviewed by:	jkim
Differential Revision:	https://reviews.freebsd.org/D6237
2016-05-11 16:53:56 +00:00
jkim
027fd46f7c Enable linker error if libcrypto.so contains a relocation against text. It
is position independent on all platforms since r299389.

Submitted by:	kib
2016-05-11 16:45:58 +00:00
jkim
37810c099e Make libcrypto.so position independent on i386. 2016-05-10 20:31:09 +00:00
emaste
c5ae2cf039 Revert r299139: these are generated files
We'll need to properly generate PIC/non-PIC from the source .pl files.

Reported by:	jkim
2016-05-06 13:04:45 +00:00
emaste
f05973c5ec Make libcrypto position independent on i386
Prior to this change libcrypto ended up with a .text relocation.

Submitted by:	Rafael Espíndola (earlier version)
Reviewed by:	kib
Approved by:	so (glebius)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6164
2016-05-05 21:25:41 +00:00
ngie
92100036c8 Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed
after r298107

Summary of changes:

- Replace all instances of FILES/TESTS with ${PACKAGE}FILES. This ensures that
  namespacing is kept with FILES appropriately, and that this shouldn't need
  to be repeated if the namespace changes -- only the definition of PACKAGE
  needs to be changed
- Allow PACKAGE to be overridden by callers instead of forcing it to always be
  `tests`. In the event we get to the point where things can be split up
  enough in the base system, it would make more sense to group the tests
  with the blocks they're a part of, e.g. byacc with byacc-tests, etc
- Remove PACKAGE definitions where possible, i.e. where FILES wasn't used
  previously.
- Remove unnecessary TESTSPACKAGE definitions; this has been elided into
  bsd.tests.mk
- Remove unnecessary BINDIRs used previously with ${PACKAGE}FILES;
  ${PACKAGE}FILESDIR is now automatically defined in bsd.test.mk.
- Fix installation of files under data/ subdirectories in lib/libc/tests/hash
  and lib/libc/tests/net/getaddrinfo
- Remove unnecessary .include <bsd.own.mk>s (some opportunistic cleanup)

Document the proposed changes in share/examples/tests/tests/... via examples
so it's clear that ${PACKAGES}FILES is the suggested way forward in terms of
replacing FILES. share/mk/bsd.README didn't seem like the appropriate method
of communicating that info.

MFC after: never probably
X-MFC with: r298107
PR: 209114
Relnotes: yes
Tested with: buildworld, installworld, checkworld; buildworld, packageworld
Sponsored by: EMC / Isilon Storage Division
2016-05-04 23:20:53 +00:00
jkim
00a878d06e Merge OpenSSL 1.0.2h.
Relnotes:	yes
2016-05-03 18:50:10 +00:00
gjb
06b209e9f5 Fix including Kyuafile in packaged base system.
Fix a related typo while here.

Note, this change results in the Kyuafile inclusion in the runtime
package, which needs to be fixed, however addresses the PR as far
as I can tell in my tests.

PR:		209114
Submitted by:	ngie
Sponsored by:	The FreeBSD Foundation
2016-04-29 05:28:40 +00:00
gjb
1dc4c40e3b MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
bdrewery
59f4cb814d Remove the old depend (mkdep) code and make FAST_DEPEND the one true way.
Reviewed by:	emaste, hselasky (partial), brooks (brief)
Discussed on:	arch@
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D5742
2016-03-30 23:50:23 +00:00
gjb
086e6f562f MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
des
bb6f58c772 Upgrade to OpenSSH 7.2p2. 2016-03-11 00:15:29 +00:00
gjb
1c7e318a9a MFH
Sponsored by:	The FreeBSD Foundation
2016-03-10 21:16:01 +00:00
bdrewery
aab40fdc3d DIRDEPS_BUILD: Connect MK_TESTS.
Sponsored by:	EMC / Isilon Storage Division
2016-03-09 22:46:01 +00:00
gjb
955ce29ea3 MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
jkim
de2249f81c Merge OpenSSL 1.0.2g.
Relnotes:	yes
2016-03-01 22:08:28 +00:00
bdrewery
2a891f1feb DIRDEPS_BUILD: Regenerate without local dependencies.
These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.

Sponsored by:	EMC / Isilon Storage Division
2016-02-24 17:20:11 +00:00
gjb
adbdbd2fff MFH
Sponsored by:	The FreeBSD Foundation
2016-02-18 00:37:58 +00:00
bdrewery
ed99ba5f08 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-02-16 02:14:30 +00:00
gjb
ae6f203603 More 'tests' packaging fixes.
Sponsored by:	The FreeBSD Foundation
2016-02-03 19:08:45 +00:00
gjb
a6998ad84f First pass to fix the 'tests' packages.
Sponsored by:	The FreeBSD Foundation
2016-02-02 22:26:49 +00:00
gjb
f0d70cb387 MFH
Sponsored by:	The FreeBSD Foundation
2016-01-29 14:52:54 +00:00
jkim
f91c9c2798 Merge OpenSSL 1.0.2f.
Relnotes:	yes
2016-01-28 20:15:22 +00:00
gjb
589dc73d2e MFH
Sponsored by:	The FreeBSD Foundation
2016-01-27 14:16:13 +00:00
br
ee391c56ca Add the openssl header for RISC-V.
Copied from aarch64 as we can't generate it yet.
2016-01-26 14:17:39 +00:00
gjb
ead3a2f824 MFH
Sponsored by:	The FreeBSD Foundation
2016-01-25 14:13:28 +00:00
des
9b2207f860 Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
gjb
37e4197e4f MFH
Sponsored by:	The FreeBSD Foundation
2016-01-20 09:50:54 +00:00
jhb
eef4b2b8aa List source files (foo.c) instead of object files in SRCS.
Reviewed by:	bdrewery
2016-01-20 00:03:28 +00:00
des
7a7bc643b5 Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
des
14172c52f8 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
gjb
ccde53b74b MFH r289384-r293170
Sponsored by:	The FreeBSD Foundation
2016-01-04 19:19:48 +00:00
bdrewery
e78f816787 Build engines in parallel.
Sponsored by:	EMC / Isilon Storage Division
2015-12-15 19:57:56 +00:00
bdrewery
b044b9943f Replace unneeded manual dependency on header by adding it to SRCS.
bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if
there is not yet a depend file.  The headers in SRCS are never built or
installed.  After 'make depend' the header was already added as a proper
dependency on the objects where needed.

MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-12-07 16:08:09 +00:00
jkim
8d77ecefb7 Merge OpenSSL 1.0.2e. 2015-12-03 21:13:35 +00:00
bdrewery
fe1ef27d4a META MODE: Update dependencies with 'the-lot' and add missing directories.
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so.  A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR.  These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package.  The current implementation of targets/ is
very unmaintainable.

Currently rescue/rescue and sys/modules are still not connected.

Sponsored by:	EMC / Isilon Storage Division
2015-12-01 05:23:19 +00:00
bdrewery
e13d6f8b3f META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.
This both avoids some dependencies on xinstall.host and allows
bootstrapping on older releases to work due to lack of at least 'install -l'
support.

Sponsored by:	EMC / Isilon Storage Division
2015-11-25 19:10:28 +00:00
des
24641fd80b Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
jkim
195994e5fb Simplify man-makefile-update target. 2015-11-17 20:47:16 +00:00
jkim
4a83aa80d5 Remove duplicate manual pages.
Reported by:	brd
2015-11-16 21:36:15 +00:00
jkim
05f60ecd0c Fix a typo. I did not mean it, really. 2015-11-06 18:24:49 +00:00
jkim
6b8d903c12 Clean up OpenSSL makefiles. 2015-11-06 17:39:17 +00:00
jkim
6b741bee15 Merge OpenSSL 1.0.2d. 2015-10-30 20:51:33 +00:00
ngie
49fb8f66e2 Fix GOST engine cipher linkage by adding e_gost_err.c to SRCS so it
picks up undefined symbols, like "ERR_load_GOST_strings"

MFC after: 3 days
PR: 184805
Submitted by: Ivan IvanZhdanov <ivan.zhdanov@gmail.com>
Sponsored by: EMC / Isilon Storage Division
2015-10-30 05:33:38 +00:00
jkim
4515ede9ab Define endianness for non-x86 platforms.
MFC after:	3 days
2015-10-28 22:49:37 +00:00
bdrewery
153205e33f Add more SUBDIR_PARALLEL.
MFC after:	3 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-10-15 22:55:08 +00:00
gjb
2cc61d484b MFH r289372-r289382
Sponsored by:	The FreeBSD Foundation
2015-10-15 19:57:13 +00:00