Commit Graph

141 Commits

Author SHA1 Message Date
christos 9cd4e8de4b Bump minor for thread support. 2007-07-18 20:16:01 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 74d38ec395 sort. 2007-03-10 16:30:45 +00:00
skrll 0cc210063b Add in new source files.
From Henning Petersen in PR 35967.
2007-03-10 12:50:09 +00:00
mjf 0e981a1e1c - Fix man pages for openssl upgrade
- Add myself to list of maintainers for openssl
- Note the openssl upgrade in CHANGES
2007-03-07 20:43:10 +00:00
hubertf 55ac93d329 Remove more duplicate #includes, and a few spurious whitespaces at EOL
From Slava Semushin <slava.semushin@gmail.com>
2007-01-17 23:24:22 +00:00
christos c0179c282a spell precede; from Zafer 2006-11-25 16:48:31 +00:00
wiz 6919c6578c s/independant/independent/, from Zafer. 2006-11-24 22:04:21 +00:00
christos 7f29b88c81 regen 2006-11-13 22:01:59 +00:00
christos 10891a6668 compile alloca using code -Wno-stack-protector 2006-11-09 20:45:01 +00:00
oster 4f500646a9 Add a missing ')' to fix the example code. Already fixed in openssl upstream. 2006-05-24 16:44:34 +00:00
dsl c3e43200eb A couple of the xxx.inc files are non-standard.
My sed script didn't update them properly!
Also man.inc isn't a source make file.
2006-03-17 23:10:48 +00:00
dsl 0ab764f9ff Don't add every source directory to the -I path.
Instead use CPPFLAGS.file to add the relevant directory for each file.
Removes about 4000000 failed open() system calls from the libcrypto build,
and reduces the compile time (on my system) from 154 seconds to 115 seconds.
The arch/*/*.inc files need similar treatment.
2006-03-17 20:47:45 +00:00
christos fb6dad779a move all pqueue.h headers to libcrypto. 2005-12-31 00:14:35 +00:00
christos 616f676cc7 Add another include file. bump version for hardware cryptodev addition. 2005-12-31 00:04:51 +00:00
martin c236b4a2eb Sync sparc64 compile time options with the pkgsrc version. 2005-12-13 09:52:20 +00:00
christos 8f90380d42 Add the last of the deprecated functions. 2005-11-27 02:00:46 +00:00
christos 66dedf6e69 add new man pages. 2005-11-26 22:39:15 +00:00
christos f849a69336 Add some more files needed by openssl 2005-11-26 00:35:58 +00:00
christos 2b723133ba add o_dir.c 2005-11-25 23:18:13 +00:00
christos a298f73e51 Regenerate man pages. 2005-11-25 21:09:33 +00:00
christos 684a3fe509 Add deprecated functions that openssh still uses. 2005-11-25 20:34:58 +00:00
christos 051fcc4890 put ENGINESDIR define in Makefile.openssl 2005-11-25 20:34:31 +00:00
christos 9ea9ccfcc6 Adjust to the new openssl-0.9.8a. Notable changes:
- no more fips
    - new algorithms
Bump version to 3.0
2005-11-25 19:15:08 +00:00
rpaulo 2f7f9ca516 Regen (PR security/13953). 2005-10-05 23:51:53 +00:00
simonb 2c43674831 Remove fips_standalone_sha1.c - fixes problem mentioned by Hubert Feyrer
on current-users.

OK'd by christos.
2005-06-29 14:41:16 +00:00
wiz 4878707c24 Oops, openssl_errstr(1), not (3). 2005-04-24 00:13:50 +00:00
wiz d3e15626be Add openssl_errstr(1). 2005-04-24 00:12:07 +00:00
wiz e19d039592 regen (sync with 0.9.7g). 2005-04-24 00:10:02 +00:00
christos c20fe9e615 add new files. 2005-04-23 20:32:17 +00:00
christos b97f63a242 Regen for OpenSSL 0.9.7f 2005-03-26 03:26:46 +00:00
christos 039caef355 bump minor. 2005-03-26 02:22:01 +00:00
christos 1adff5028c enable FIPS. 2005-03-26 02:21:34 +00:00
christos 4d2554560d Add fips include files, needed for compilation only. FIPS is not enabled
right now, but we will enable it later (adding -DOPENSSL_FIPS).
2005-03-25 20:14:40 +00:00
lukem 1e6ef7af3f remove unnecessary (and possibly incorrect for non-ELF) duplicate LIBDPLIBS 2005-03-09 01:55:51 +00:00
christos 0713fcd141 Make at least the ELF version work. crypt was broken because it was
compiled against the wrong headers. Now we just depend on libcrypt.
2005-03-02 01:04:21 +00:00
jmc 693535a5d9 Spelling errors 'dependant' vs 'dependent' from PR#27345 2004-10-22 18:35:41 +00:00
sjg 3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
groo 19aa054c0d Actually install the new man pages. 2004-03-22 00:48:04 +00:00
groo 80ddfc8cb9 update documentation from 0.9.7b to 0.9.7d 2004-03-20 21:48:44 +00:00
wiz 73e1501b98 parameter with two es. From Peter Postma. 2004-02-24 15:22:01 +00:00
itojun 08cbee504f avoid bswapl, which is post-i486 (including i486) insn. markus@openbsd 2003-11-13 19:36:31 +00:00
itojun 015dc7875b accelerate sha1 by using asm (i386). markus@openbsd.
there's internal symbol name changes, but it does not warrant shlib minor
bump as the symbol is totally internal.
2003-11-13 02:10:00 +00:00
itojun b6743615c4 correction made in 0.9.7c; from markus@openbsd 2003-11-12 16:20:27 +00:00
itojun aec01dda91 sync w/ openssl 0.9.7c. shlib minor bump for libcrypto.
(ERR_release_err_state_table() added)
2003-11-04 23:54:26 +00:00
itojun 87abfaaaff resurrect assembly version of bignum operation; pointed out by perry 2003-11-04 21:06:32 +00:00
ragge 2fc6066af3 Add assembly routines for some of the bignum functions. Most comes from VMS,
a few written by me.  This speeds up ssh 2-3 times.
2003-11-03 10:22:28 +00:00
lukem f85d2d1c14 Use ${HOST_SH} instead of `sh'.
If necessary, pull in <bsd.sys.mk> to get the definition of HOST_SH;
Makefiles that pull in one of (most of) <bsd.*.mk> will get this anyway.
2003-10-26 07:25:33 +00:00
itojun f4401cd869 upgrade openssl to 0.9.7b. (AES is now supported)
alter des.h to be friendly with openssl/des.h (you can include both in the
same file)
make libkrb to depend on libdes.  bump major.
massage various portioin of heimdal to be friendly with openssl 0.9.7b.
2003-07-24 14:16:30 +00:00
itojun df738798b1 install des_modes(7) from libdes, not from libcrypto 2003-07-23 05:46:00 +00:00