Kyle Evans
f27f39db77
[1/3] Initial infrastructure for SSL root bundle in base
...
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.
This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions
A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16856
2019-10-02 01:05:29 +00:00
Jung-uk Kim
da327cd22e
Merge OpenSSL 1.1.1d.
2019-09-10 21:08:17 +00:00
Emmanuel Vadot
a7b5a3d486
pkgbase: Put a lot of binaries and lib in FreeBSD-runtime
...
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21503
2019-09-05 14:13:08 +00:00
Jung-uk Kim
610a21fd82
Merge OpenSSL 1.1.1c.
2019-05-28 21:54:12 +00:00
Dag-Erling Smørgrav
77c2fe20df
Add workaround for a QoS-related bug in VMWare Workstation.
...
Submitted by: yuripv
Differential Revision: https://reviews.freebsd.org/D18636
2019-03-27 15:17:29 +00:00
Jung-uk Kim
6935a639f0
Merge OpenSSL 1.1.1b.
2019-02-26 19:31:33 +00:00
Jung-uk Kim
f622545b79
Enable devcryptoeng for OpenSSL.
...
Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been
deprecated in favor of this new engine. However, this engine is not
throughly tested on FreeBSD because it was originally written for Linux.
http://cryptodev-linux.org/
Also, the author actually meant to enable it by default on BSD platforms but
he failed to do so because there was a bug in the Configure script.
https://github.com/openssl/openssl/pull/7882
Now they found that it was more generic issue.
https://github.com/openssl/openssl/pull/7885
Therefore, we need to enable this engine on head to give it more exposure.
2018-12-12 21:56:47 +00:00
Jung-uk Kim
c9cf7b5cb1
Merge OpenSSL 1.1.1a.
2018-11-20 21:10:04 +00:00
Konstantin Belousov
89250cff0c
Bump base OpenSSL libraries versions to avoid conflict with port's libraries.
...
Reported by: many
Reviewed by: gjb
Sponsored by: The FreeBSD Foundation
MFC after: 3 hours
2018-10-25 13:37:57 +00:00
Ed Maste
c4cff94134
libcrypto: have buildinf.h depend on Makefile
...
So that it will be regenerated after Makefile changes affecting the
file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
macro which did not exist previously.
Sponsored by: The FreeBSD Foundation
2018-10-05 20:49:54 +00:00
Glen Barber
01d4e2149e
MFH r338661 through r339200.
...
Sponsored by: The FreeBSD Foundation
2018-10-05 17:53:47 +00:00
Ed Maste
4b6d416b32
openssh: connect libressl-api-compat.c and regen config.h
...
Differential Revision: https://reviews.freebsd.org/D17390
2018-10-03 16:38:36 +00:00
Jung-uk Kim
2f0b51ed02
Drop pre-AVX toolchain for amd64 and i386 to simplify the makefile.
...
Especially, head does not support old toolchains because of ifunc support.
2018-10-01 18:16:36 +00:00
Jung-uk Kim
8fef2de1fc
Remove MD dirdeps from Makefile.depend.
...
It can't be right. :-(
2018-09-25 22:21:36 +00:00
Jung-uk Kim
8f1d871786
Make it more meta mode friendly.
2018-09-25 22:15:47 +00:00
Jung-uk Kim
4552330800
Fix CLEANFILES.
2018-09-25 22:14:52 +00:00
Jung-uk Kim
c66de03c60
Regen Makefile.depend.
2018-09-25 21:12:36 +00:00
Jung-uk Kim
024217024c
Connect an assembly file for aarch64 to build.
2018-09-22 23:02:45 +00:00
Jung-uk Kim
8072609dd0
Add missing ACFLAGS for aarch64.
2018-09-22 06:50:56 +00:00
Jung-uk Kim
f294b00a88
Fix typos in the previous commit.
2018-09-22 05:59:43 +00:00
Jung-uk Kim
4f4ab23a54
Add a missing source file for SHA.
2018-09-22 05:30:55 +00:00
Jung-uk Kim
604871c9df
Add CFLAGS for aarch64/arm assembly files.
2018-09-22 05:16:06 +00:00
Jung-uk Kim
d55590888d
Add another include directory for aarch64 and arm.
2018-09-22 04:32:44 +00:00
Jung-uk Kim
61fab32360
Regen cpuid assembly files for aarch64 and arm.
2018-09-22 03:54:40 +00:00
Jung-uk Kim
ea19bcde21
Connect assembly files for arm to build.
2018-09-22 02:43:24 +00:00
Jung-uk Kim
2c17169a65
Regen assembly files for arm.
2018-09-22 02:42:51 +00:00
Jung-uk Kim
4b7c498f1f
Connect assembly files for aarch64 to build.
2018-09-22 02:23:42 +00:00
Jung-uk Kim
bde62812ae
Regen assemply files for aarch64.
2018-09-22 02:23:03 +00:00
Jung-uk Kim
0633b14ba1
Unify opensslconf.h templates.
...
There is no MD macro in this file any more.
2018-09-21 22:26:00 +00:00
Jung-uk Kim
7c1dfe5b38
Remove pthread from LIBADD for openssl(1).
...
libcrypto is linked with pthread since r338816.
2018-09-20 23:06:59 +00:00
Jung-uk Kim
63ffbd00fc
Regen assembly files for i386 after r338846.
2018-09-20 22:48:34 +00:00
Jung-uk Kim
4cd58f1ace
Add CFLAGS for i386 assembly files.
2018-09-20 22:47:55 +00:00
Jung-uk Kim
fde4ab539f
Sort assembly source files for i386.
2018-09-20 22:45:42 +00:00
Jung-uk Kim
b023ea8a2e
Connect engines to the build.
2018-09-20 21:59:47 +00:00
Jung-uk Kim
e5631d6f60
Connect i386 assembly files to build.
2018-09-20 21:36:52 +00:00
Jung-uk Kim
d0f1d030b3
Regen assembly files for i386.
2018-09-20 21:34:05 +00:00
Brad Davis
d465a4b0b3
Move the openssl.cnf install to secure/usr.bin/openssl/
...
This leverages CONFS to do the install
Approved by: re (pkgbase, blanket), bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D17245
2018-09-20 09:34:55 +00:00
Jung-uk Kim
acd3ae1266
Link libcrypto with pthread.
2018-09-20 00:20:04 +00:00
Jung-uk Kim
2aeec0c46f
Remove an obsolete compiler option.
2018-09-20 00:17:41 +00:00
Jung-uk Kim
ff73837b94
Build openssl(1).
2018-09-19 06:29:06 +00:00
Jung-uk Kim
85a025545f
Build libssl for amd64.
2018-09-19 00:24:00 +00:00
Jung-uk Kim
6cc2d4a4da
Build libcrypto for amd64.
2018-09-19 00:07:09 +00:00
Jung-uk Kim
9cd2ada182
Do not build engines for now.
2018-09-19 00:06:48 +00:00
Jung-uk Kim
c28e4d8488
Do not generate unused AVX2 and AVX-512 assembly files for amd64.
2018-09-18 01:51:28 +00:00
Jung-uk Kim
015dcc7906
Remove unused AVX2 and AVX-512 assembly files for amd64.
2018-09-18 01:47:01 +00:00
Jung-uk Kim
cec27dca41
Add OpenSSL symbol version maps.
...
Note the files are not automatically generated for now.
2018-09-13 23:51:54 +00:00
Jung-uk Kim
0ea17a70ce
Catch up with manual page removal from secure/lib/libssl.
2018-09-13 23:46:27 +00:00
Jung-uk Kim
23bb9f3ae1
Update initial opensslconf.h for amd64.
2018-09-13 23:31:56 +00:00
Jung-uk Kim
54967a4e95
Regen manual pages.
...
Note the manual pages are not automatically generated for now.
2018-09-13 23:14:57 +00:00
Jung-uk Kim
9b21da0ecb
Regen amd64 assembly files for OpenSSL 1.1.1.
2018-09-13 21:07:09 +00:00