Commit Graph

25 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
simonb bee087d4cc libcompat isn't needed any more here. 2006-02-25 12:00:24 +00:00
christos 7cde8ec265 add new files. 2005-11-26 00:36:40 +00:00
christos 375c0a113d der_chop is gone. 2005-03-26 00:32:35 +00:00
christos 9b98663df7 add prime.c 2005-03-25 22:36:54 +00:00
christos 192c2eccf6 Add -lcrypt where -lcrypto is specified. 2005-03-09 03:11:22 +00:00
thorpej 922a27ed29 NO_* have been changed to OPENSSL_NO_* in more recent OpenSSL releases,
including the one now in our tree.
2003-08-27 20:18:41 +00:00
itojun 906834fadf sync w/ openssl 0.9.7b 2003-07-24 14:20:59 +00:00
itojun 3ce9d85c2d sort 2002-09-27 07:08:29 +00:00
itojun d24389cf67 MDC2 is a patented algorithm; don't ship it in default libcrypto.
MKCRYPTO_MDC2 will build a separate library, libcrypto_mdc2.
2002-09-26 13:05:54 +00:00
lukem 5d4973fe97 makefile delint. use NETBSDSRCDIR as appropriate 2002-09-18 14:00:33 +00:00
itojun 50d422c24f e_os.h is not part of exported openssl interface, so don't install it into
/usr/include/openssl (e_os.h has an explicit comment about it).  it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
2002-08-31 10:46:36 +00:00
lukem 2c1cfc8e8c - in <bsd.files.mk>, don't clear FILES after using it, as that prevents
make -V FILES
  from being useful (and given that every other variable can be
  extracted using make -V, the behaviour was unusually inconsistent
  given that the original reason for clearing it doesn't seem to be
  relevant anymore)
- use <bsd.prog.mk> instead of directly including <bsd.files.mk>
  (and possibly <bsd.man.mk> or <bsd.own.mk>)
- remove obsolete NOPROG
2002-04-24 08:18:45 +00:00
lukem b0b0a32ad7 Set NOxxx= before <bsd.own.mk> is pulled in (even indirectly).
Otherwise the appropriate MKxxx=no won't be defined .
2001-12-12 12:24:19 +00:00
tv 8e6f7afb5b MKfoo=no -> NOfoo 2001-12-12 01:48:43 +00:00
itojun 35a07da1df use openssl 0.9.6a. shlib major # is bumped for libcrypto, libssl and
all kerberos libraries.
2001-04-12 07:48:03 +00:00
mrg 2ae6017367 link openssl with -lcrypto_rc5 and/or -lcrypto_idea (before -lcrypto) if
those ciphers are asked for with MKCRYPTO_RC5/MKCRYPTO_IDEA.  avoids building
rc5/idea support with missing libcrypto support.
2001-01-08 07:49:01 +00:00
itojun 1a0a03b824 add missing DPADD 2001-01-08 07:38:00 +00:00
itojun e08dea46c9 cope with no idea/rc5 cases. 2000-10-01 22:13:37 +00:00
itojun f15517916a MKCRYPTO_RSA is gone. TODO: idea/rc5 handling 2000-10-01 10:24:57 +00:00
mrg b64bf9c5ef update to openssl 0.9.5a 2000-07-16 11:32:07 +00:00
thorpej df83a2a3cd Add MK... variables to enable/disable various aspects of building
crypto support into the system.  See share/mk/bsd.README for more
a full description.
2000-06-23 06:01:10 +00:00
thorpej 4e2363b75f Put the example openssl.cnf into /usr/share/examples/openssl, not
/etc/openssl.
2000-06-20 21:57:12 +00:00
thorpej e9cea5fba8 Fixup the `openssl' build. 2000-06-16 06:37:17 +00:00
thorpej 792757fca5 Monolithic `openssl' program build glue, from cryptosrc-intl. 2000-06-16 06:29:40 +00:00