Commit Graph

674 Commits

Author SHA1 Message Date
Jung-uk Kim
cec27dca41 Add OpenSSL symbol version maps.
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
Jung-uk Kim
0ea17a70ce Catch up with manual page removal from secure/lib/libssl. 2018-09-13 23:46:27 +00:00
Jung-uk Kim
23bb9f3ae1 Update initial opensslconf.h for amd64. 2018-09-13 23:31:56 +00:00
Jung-uk Kim
54967a4e95 Regen manual pages.
Note the manual pages are not automatically generated for now.
2018-09-13 23:14:57 +00:00
Jung-uk Kim
9b21da0ecb Regen amd64 assembly files for OpenSSL 1.1.1. 2018-09-13 21:07:09 +00:00
Jung-uk Kim
6b090f69cd Update shlib version to 9. 2018-09-13 20:53:51 +00:00
Jung-uk Kim
e4c7e8068f Update OpenSSL version number. 2018-09-13 20:51:19 +00:00
Dag-Erling Smørgrav
190cef3d52 Upgrade to OpenSSH 7.8p1.
Approved by:	re (kib@)
2018-09-10 16:20:12 +00:00
Bryan Drewery
b749a1b999 Fix build after r337852: Don't rebuild moduli based on unrelated moduli.c
Reported by:	many, delphij (moduli.c issue)
2018-08-16 19:48:07 +00:00
Brad Davis
f0a51d9df4 Move ssh config file handling into the ssh Makefiles.
This helps with pkgbase by using CONFS and tagging these as config files.

Approved by:	allanjude (mentor), des
Differential Revision:	https://reviews.freebsd.org/D16678
2018-08-15 14:53:42 +00:00
Jung-uk Kim
dea77ea6fc Merge OpenSSL 1.0.2p. 2018-08-14 17:48:02 +00:00
Dag-Erling Smørgrav
47dd1d1b61 Upgrade to OpenSSH 7.7p1. 2018-05-11 13:22:43 +00:00
Dag-Erling Smørgrav
4f52dfbb8d Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11.  For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
2018-05-08 23:13:11 +00:00
Jung-uk Kim
dee36b4f92 Merge OpenSSL 1.0.2o. 2018-03-27 17:17:58 +00:00
Jung-uk Kim
56b4f63142 Remove c_rehash(1) to not confuse users. We do not install the Perl script.
MFC after:	3 days
2018-02-08 19:55:03 +00:00
Jung-uk Kim
c4ad4dffb3 Merge OpenSSL 1.0.2n. 2017-12-07 18:02:57 +00:00
Eitan Adler
7a9e3b169f secure: chase removal of pkg_install 2017-11-11 07:21:49 +00:00
Jung-uk Kim
47902a71f3 Merge OpenSSL 1.0.2m. 2017-11-02 18:04:29 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Enji Cooper
4b330699f8 Convert traditional ${MK_TESTS} conditional idiom for including test
directories to SUBDIR.${MK_TESTS} idiom

This is being done to pave the way for future work (and homogenity) in
^/projects/make-check-sandbox .

No functional change intended.

MFC after:	1 weeks
2017-08-02 08:35:51 +00:00
Jung-uk Kim
ed7112f094 Merge OpenSSL 1.0.2l. 2017-05-25 20:52:16 +00:00
Bryan Drewery
ad5b34a247 Fix invalid .o SRCS from r314527.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-05-09 01:48:02 +00:00
Dag-Erling Smørgrav
ca86bcf253 Upgrade to OpenSSH 7.4p1. 2017-03-06 01:37:05 +00:00
Enji Cooper
b71fb1a4aa crypto: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:35:30 +00:00
Dag-Erling Smørgrav
076ad2f836 Upgrade to OpenSSH 7.3p1. 2017-03-02 00:11:32 +00:00
Allan Jude
39f8282b48 Remove bdes(1)
The use of DES for anything is discouraged, especially with a static IV of 0

If you still need bdes(1) to decrypt Kirk's video lectures, see
security/bdes in ports.

This commit brought to you by the FOSDEM DevSummit and the
"remove unneeded dependancies on openssl in base" working group

Reviewed by:	bapt, brnrd
Relnotes:	yes
Sponsored by:	FOSDEM DevSummit
Differential Revision:	https://reviews.freebsd.org/D9424
2017-02-06 08:27:19 +00:00
Jung-uk Kim
6cf8931a2f Merge OpenSSL 1.0.2k. 2017-01-26 19:10:29 +00:00
Enji Cooper
233932cc2a Conditionalize building libwrap support into sshd
Only build libwrap support into sshd if MK_TCP_WRAPPERS != no

This will unbreak the build if libwrap has been removed from the system

MFC after:	2 weeks
PR:		210141
Submitted by:	kpect@protonmail.com
Differential Revision:	D9049
2017-01-07 08:08:35 +00:00
Enji Cooper
94ef145e6b Only bake krb5_config.h support in to ssh(3), etc if both MK_GSSAPI and
MK_KERBEROS_SUPPORT != no

This fixes the odd case where someone specified MK_GSSAPI=no and
MK_KERBEROS_SUPPORT=yes (which admittedly, probably doesn't make sense,
but the build system doesn't prevent this case today, and it didn't when
I filed the bug back in 2011 either).

MFC after:	2 weeks
PR:		159745
2017-01-02 20:29:50 +00:00
Jung-uk Kim
46f6fa3cba Prefer ACFLAGS over CFLAGS for compiling aarch64 assembly files. 2016-10-26 20:12:30 +00:00
Jung-uk Kim
7518a9bd2b Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew. 2016-10-26 20:02:22 +00:00
Jung-uk Kim
f1fe58d376 Merge OpenSSL 1.0.2j. 2016-09-26 14:22:17 +00:00
Jung-uk Kim
aeb5019c48 Merge OpenSSL 1.0.2i. 2016-09-22 13:27:44 +00:00
Bryan Drewery
776d5e11e9 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-08-31 19:30:46 +00:00
Kurt Lidl
b2af61ec69 Add refactored blacklist support to sshd
Change the calls to of blacklist_init() and blacklist_notify to be
macros defined in the blacklist_client.h file.  This avoids
the need for #ifdef USE_BLACKLIST / #endif except in the
blacklist.c file.

Remove redundent initialization attempts from within
blacklist_notify - everything always goes through
blacklistd_init().

Added UseBlacklist option to sshd, which defaults to off.
To enable the functionality, use '-o UseBlacklist=yes' on
the command line, or uncomment in the sshd_config file.

Reviewed by:	des
Approved by:	des
MFC after:		1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D7051
2016-08-30 14:09:24 +00:00
Jung-uk Kim
69afce5e64 Prefer C-style comments in assembly sources. 2016-08-22 21:49:17 +00:00
Jung-uk Kim
0f7bb790d3 Fix white spaces in assembly sources. 2016-08-22 21:30:59 +00:00
Jung-uk Kim
43e4bca77d Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.
MFC after:	1 week
2016-08-22 20:59:34 +00:00
Jung-uk Kim
d8a16c14cb Disable assembly sources when compiler/assembler cannot compile certain
instructions.  For example, GCC 4.2.1 + binutils 2.17.50 does not support
AVX instructions.

Reported by:	bde
MFC after:	2 weeks
2016-08-17 22:13:39 +00:00
Ed Schouten
5f521d7ba7 Make libcrypt thread-safe. Add crypt_r(3).
glibc has a pretty nice function called crypt_r(3), which is nothing
more than crypt(3), but thread-safe. It accomplishes this by introducing
a 'struct crypt_data' structure that contains a buffer that is large
enough to hold the resulting string.

Let's go ahead and also add this function. It would be a shame if a
useful function like this wouldn't be usable in multithreaded apps.
Refactor crypt.c and all of the backends to no longer declare static
arrays, but write their output in a provided buffer.

There is no need to do any buffer length computation here, as we'll just
need to ensure that 'struct crypt_data' is large enough, which it is.
_PASSWORD_LEN is defined to 128 bytes, but in this case I'm picking 256,
as this is going to be part of the actual ABI.

Differential Revision:	https://reviews.freebsd.org/D7306
2016-08-10 15:16:28 +00:00
Glen Barber
faebc97a1c Revert r301551, which added blacklistd(8) to sshd(8).
This change has functional impact, and other concerns raised
by the OpenSSH maintainer.

Requested by:	des
PR:		210479 (related)
Approved by:	re (marius)
Sponsored by:	The FreeBSD Foundation
2016-06-24 23:22:42 +00:00
Bryan Drewery
8779595527 DIRDEPS_BUILD: Update dependencies
Approved by:	re (gjb)
Sponsored by:	EMC / Isilon Storage Division
2016-06-14 16:55:05 +00:00
Kurt Lidl
c0cc364181 Add blacklist support to sshd
Reviewed by:	rpaulo
Approved by:	rpaulo (earlier version of changes)
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5915
2016-06-07 16:18:09 +00:00
Jung-uk Kim
bbe0cb3df6 Regen x86 assembly files for r299480. 2016-05-11 20:11:21 +00:00
Jung-uk Kim
207be92102 Set CC environment variable for Perl scripts. This is for detecting
assembler/compiler capabilities, e.g., AVX instructions.
2016-05-11 20:06:23 +00:00
Jung-uk Kim
82d668d29c Refine comments to add its origin. 2016-05-11 19:59:05 +00:00
Ed Maste
94e989e75f libcrypto: add "Do not modify" comment to generated source files
Reviewed by:	jkim
Differential Revision:	https://reviews.freebsd.org/D6237
2016-05-11 16:53:56 +00:00
Jung-uk Kim
169235ef8a Enable linker error if libcrypto.so contains a relocation against text. It
is position independent on all platforms since r299389.

Submitted by:	kib
2016-05-11 16:45:58 +00:00
Jung-uk Kim
cdeae6df97 Make libcrypto.so position independent on i386. 2016-05-10 20:31:09 +00:00
Ed Maste
c4ca587a28 Revert r299139: these are generated files
We'll need to properly generate PIC/non-PIC from the source .pl files.

Reported by:	jkim
2016-05-06 13:04:45 +00:00