Commit Graph

30 Commits

Author SHA1 Message Date
christos 0f0387da88 Oops forgot one openssl version name change 2018-02-07 22:51:31 +00:00
christos 6fec6006f2 pretend we have openssl-1.1 2018-02-05 11:57:28 +00:00
christos 04dc679937 Adjust to openssl 1.1 2018-02-05 00:43:06 +00:00
christos 0c048d5af5 switch everyone to openssl.old 2018-02-04 03:19:51 +00:00
riastradh ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
christos 75efea6592 bump libcrypto and friends; OpenSSL abi change: do_cipher last argument
changed from u_int to size_t. Affects _LP64 only.
2009-07-20 17:30:52 +00:00
skrll 8d8039fe60 libcrypto moved. 2009-07-20 12:16:37 +00:00
jmmv d1a11f39cd Fix build by making split return a size_t:
src/lib/libradius/radlib.c(1053): warning: conversion from 'unsigned long'
  to 'int' may lose accuracy [132]
2009-01-19 09:43:11 +00:00
lukem b5c21fe2ab fix -Wsign-compare issues 2009-01-19 07:21:59 +00:00
christos 46edb91e9f bump shared libraries. 2009-01-11 03:07:47 +00:00
he d1eb8042a4 Recursively bump the major version number of the shared libraries
which use libcrypto (and those which use those libraries again),
as libcrypto's major number was recently bumped.  The pam modules
share a major with libpam, so they are all bumped as well.
2008-05-11 19:17:06 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 6ce0a263c4 no point in using alloca here. 2006-11-09 17:02:52 +00:00
perry fd18408b9a u_intN_t -> uintN_t 2005-12-26 19:40:14 +00:00
christos 23168589be use LIBDPLIBS for libcrypto. 2005-11-26 16:09:30 +00:00
christos 85fdc9d1a1 add more casts. 2005-11-25 23:20:00 +00:00
christos c1cfec6562 Adjust to the new openssl build; bump version. Also if we are compiling
with SSL, link against libcrypto to pick up the proper versions of the
symbols needed.
2005-11-25 21:07:11 +00:00
christos 99ab3bdfc8 Fix compilation both with and without SSL. The buffer argument is different
type, not just the length.
2005-03-31 14:29:32 +00:00
christos 049130f10b change some ints to size_t 2005-03-26 04:38:21 +00:00
he 733ba3e3bd GCC 2.95.3 doesn't like macros to be called with no argument when
the definition has an argument.  Cheesily add a 0 argument to the
srandomdev() invocation (which gets defined as null on NetBSD).
Restores our vax port to a buildable state.
2005-03-16 10:34:25 +00:00
he 738be40c8f Make conversions from unsigned long to int explicit via casts,
rather than imiplicit, which causes lint heart burn ("conversion
from 'unsigned long' to 'int' may lose accuracy).
2005-02-20 23:59:31 +00:00
christos 03b16f4fe5 Put back exit on warning for lint. 2005-02-20 17:06:33 +00:00
christos 595789382e Fix lint on 64 bit machines. 2005-02-20 17:06:16 +00:00
martin bf9e950197 This needs work to pass lint - whic I'm not going to invest.
Make lint not treat warnings as errors.
2005-02-20 16:20:36 +00:00
wiz fb1b5900a0 Remove duplicate .Pp. XXX: References non-existing rad_config(3). 2005-02-20 01:02:07 +00:00
christos ccb28c34b3 Get rid of liblibradius; hi manu. 2005-02-20 00:36:47 +00:00
christos 23d6637ce7 Oops, include dir. 2005-02-20 00:32:18 +00:00
christos 28074938ee Add include files. 2005-02-20 00:31:01 +00:00
christos 476ca6e1f0 Pass lint and WARNS=3 2005-02-20 00:28:20 +00:00
manu 8809553739 Import FreeBSD's libradius as of 2005/02/20, plus minor tweaks to build
o nNetBSD and a Makefile for NetBSD.
2005-02-19 23:56:30 +00:00