Commit Graph

51 Commits

Author SHA1 Message Date
christos 3c5f3e21af PR/38728: Tomoyuki Okazaki: add support Camellia for openssl 2008-05-26 16:51:07 +00:00
christos 4c514b977f add assembly stubs for amd64. 2008-05-10 20:14:20 +00:00
christos 8a6a174d43 new openssl 2008-05-09 21:52:18 +00:00
adrianp d905c3e71c OpenSSL switched to using Makefile (as opposed to Makefile.ssl) a little
while ago now.
2007-12-09 21:57:35 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 10891a6668 compile alloca using code -Wno-stack-protector 2006-11-09 20:45:01 +00:00
christos fb6dad779a move all pqueue.h headers to libcrypto. 2005-12-31 00:14:35 +00:00
christos 616f676cc7 Add another include file. bump version for hardware cryptodev addition. 2005-12-31 00:04:51 +00:00
christos 051fcc4890 put ENGINESDIR define in Makefile.openssl 2005-11-25 20:34:31 +00:00
christos 9ea9ccfcc6 Adjust to the new openssl-0.9.8a. Notable changes:
- no more fips
    - new algorithms
Bump version to 3.0
2005-11-25 19:15:08 +00:00
simonb 2c43674831 Remove fips_standalone_sha1.c - fixes problem mentioned by Hubert Feyrer
on current-users.

OK'd by christos.
2005-06-29 14:41:16 +00:00
christos 1adff5028c enable FIPS. 2005-03-26 02:21:34 +00:00
christos 4d2554560d Add fips include files, needed for compilation only. FIPS is not enabled
right now, but we will enable it later (adding -DOPENSSL_FIPS).
2005-03-25 20:14:40 +00:00
lukem 1e6ef7af3f remove unnecessary (and possibly incorrect for non-ELF) duplicate LIBDPLIBS 2005-03-09 01:55:51 +00:00
christos 0713fcd141 Make at least the ELF version work. crypt was broken because it was
compiled against the wrong headers. Now we just depend on libcrypt.
2005-03-02 01:04:21 +00:00
sjg 3a0c68edfd Add support for SHA1 hashed passwords.
The algorithm used is essentially PBKDF1 from RFC 2898 but using
hmac_sha1 rather than SHA1 directly (suggested by smb@research.att.com).

 * The format of the encrypted password is:
 * $<tag>$<iterations>$<salt>$<digest>
 *
 * where:
 *      <tag>           is "sha1"
 *      <iterations>    is an unsigned int identifying how many rounds
 *                      have been applied to <digest>.  The number
 *                      should vary slightly for each password to make
 *                      it harder to generate a dictionary of
 *                      pre-computed hashes.  See crypt_sha1_iterations.
 *      <salt>          up to 64 bytes of random data, 8 bytes is
 *                      currently considered more than enough.
 *      <digest>        the hashed password.

hmac.c implementes HMAC as defined in RFC 2104 and includes a unit
test for both hmac_sha1 and hmac_sha1 using a selection of the Known
Answer Tests from RFC 2202.

It is worth noting that to be FIPS compliant the hmac key (password)
should be 10-20 chars.
2004-07-02 00:05:23 +00:00
lukem f85d2d1c14 Use ${HOST_SH} instead of `sh'.
If necessary, pull in <bsd.sys.mk> to get the definition of HOST_SH;
Makefiles that pull in one of (most of) <bsd.*.mk> will get this anyway.
2003-10-26 07:25:33 +00:00
itojun f4401cd869 upgrade openssl to 0.9.7b. (AES is now supported)
alter des.h to be friendly with openssl/des.h (you can include both in the
same file)
make libkrb to depend on libdes.  bump major.
massage various portioin of heimdal to be friendly with openssl 0.9.7b.
2003-07-24 14:16:30 +00:00
itojun 9f89c3577c split libdes from libcrypto. libdes bumps shlib major.
(no dependency in libraries)

libdes provides des_xx functions based on openssl 0.9.6j.
2003-07-23 05:20:17 +00:00
itojun df0916cac9 MDC2 is patented 2003-07-14 13:49:21 +00:00
thorpej 69c5577b0b Make the des.h -> openssl/des.h symlink relative. 2003-04-26 00:53:17 +00:00
thorpej aef8e968bf Don't link libcrypto against libcrypt; that doesn't work on systems
that don't support shared libraries.  Instead, build the NetBSD crypt(3)
library directly into libcrypto.
2003-04-17 00:32:22 +00:00
perry 50f8bf598f symlink /usr/include/des.h to openssl/des.h
This is done in FreeBSD, and OpenBSD apparently also has a des.h
inspired by Greg Woods in PR lib/10528
2003-04-06 18:12:36 +00:00
mycroft 76126365c9 Link libcrypto against libcrypt to make sure crypt() is still there -- and
therefore build it earlier in the build process as well.
2003-04-03 00:41:50 +00:00
lukem 93305911e9 Move libcrypto.so* from /usr/lib to /lib, as /sbin/cgdconfig needs it.
Requested by elric@.
2002-10-07 00:53:31 +00:00
thorpej 09a0767aa9 Only use the MKDYNAMICROOT semantics (i.e. -rpath=/lib,/usr/lib and
-dynamic-linker=/libexec/ld.elf_so) if the BINDIR of the program being
built is /bin or /sbin.

The reason we do this is because now all programs *except* those in
/bin and /sbin (i.e. the "special cases") match the default the compiler
uses, which is what is used for things in e.g. xsrc, pkgsrc, and other
random 3rd party programs.

This is done by decoupling where a shlib is installed from how it
is located.  Two new variables, SHLIBINSTALLDIR and SHLINKINSTALLDIR,
contain the former information, and key off MKDYNAMICROOT only.  SHLIBDIR
and SHLINKDIR contain the latter, and key off MKDYNAMICROOT and BINDIR.

The SHLIBINSTALLDIR, SHLIBDIR, _LIBSODIR, SHLINKINSTALLDIR, and
SHLINKDIR parameters are moved to a new <bsd.shlib.mk>; see bsd.README
for usage details.
2002-09-27 21:37:50 +00:00
itojun 50d422c24f e_os.h is not part of exported openssl interface, so don't install it into
/usr/include/openssl (e_os.h has an explicit comment about it).  it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
2002-08-31 10:46:36 +00:00
lukem 91d06a031b More use of ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path 2002-08-19 13:35:05 +00:00
lukem ebb6fc9eb8 Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path (etc).
(Reduces make output by ~ 20%)
2002-08-19 09:41:27 +00:00
thorpej c029cf4e92 Remove -nostdinc from CPPFLAGS. That should only be used when
bsd.lib.mk wants it to be used.
2002-06-26 16:58:09 +00:00
thorpej 8893ba2f3c Back out rev 1.20. 2002-06-26 16:30:46 +00:00
veego d7a9005d0f Back out rev 1.18:
Remove -I${DESTDIR}/usr/include since it's redundant.

It may be redundant in some environments, but not in all.
2002-06-26 15:21:50 +00:00
thorpej d8a2597f4b * Don't put the pathname to the host-tool compiler into the library.
Instead, inject the compiler version info from ${CC} -v.
* Don't put the date into the library.  Instead, inject the OS version
  info.
2002-06-16 17:57:29 +00:00
matt 1ece0e0c9a Remove -I${DESTDIR}/usr/include since it's redundant. 2002-06-15 02:01:23 +00:00
bjh21 0de3f91b56 Don't try to put the host's /usr/include on the target compiler's include path.
This causes Bad Things to happen.  Instead, use the target's /usr/include.
2002-06-11 22:55:34 +00:00
itojun 7c75b5ec2f sync with 0.9.6d. shlib minor for libssl and libcrypto
is cranked for additional functions.
2002-06-09 16:12:52 +00:00
wiz 56b4d2cb0c Move code that tries to determine shlib major into MKPIC != "no" case. 2002-05-02 16:24:24 +00:00
lukem b7ca7acccf Don't hard link to symlinks, as it's not portable.
Based on [toolchain/14119] from Chris G. Demetriou.
2002-02-26 00:57:12 +00:00
lukem efcc9a4c9d * Add user-controlled mk.conf variables
- SHLIBDIR	Location to install shared libraries if ${USE_SHLIBDIR}
			is "yes".  Defaults to "/usr/lib".

	- USE_SHLIBDIR	If "yes", install shared libraries in ${SHLIBDIR}
			instead of ${LIBDIR}.  Defaults to "no".
			Sets ${_LIBSODIR} to the appropriate value.
			This may be set by individual Makefiles as well.

	- SHLINKDIR	Location of shared linker.  Defaults to "/usr/libexec".
			If != "/usr/libexec", change the dynamic-linker
			encoded in shared programs

* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
	libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
	libtermcap libutil libz

* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
  to ${_LIBSODIR}/${LIB}.so* for compatibility.

* Always install /sbin/init statically (for now)


The net effect of these changes depends on how the variables are set:

  1.)	If nothing is set or changed, there is no change from the
	current behaviour:
		- Static /bin, /sbin, and bits of /usr/*
		- Dynamic rest
		- Shared linker is /usr/libexec/ld*so

  2.)	If the following make variables are set:
		LDSTATIC=
		SHLINKDIR=/lib
		SHLIBDIR=/lib
	Then the behaviour becomes:
		- Dynamic tools
		- .so libraries used by /bin and /sbin are installed to /lib,
		  with symlinks from /usr/lib/lib*so to -> /lib/lib*so
		  where appropriate
		- Shared linker is /lib/ld*so

  3.)	As per 2.), but add the following variable:
		USE_SHLIBDIR=yes
	This forces all .so's to be instaleld in /lib (with compat
	symlinks), not just those tagged by their Makefiles to be.
	Again, compat symlinks are installed
2001-12-28 01:32:37 +00:00
sommerfeld 99c2c3dfe8 Fix (work around?) bin/12804.
(idea.h, rc5.h, and rsa.h appeared twice in INCS, confusing make -j)
2001-05-02 13:06:14 +00:00
itojun 35a07da1df use openssl 0.9.6a. shlib major # is bumped for libcrypto, libssl and
all kerberos libraries.
2001-04-12 07:48:03 +00:00
enami b812acc76c Pass -B to the make command used to make print-shlib-{major,minor} so
that make install with -j option works.
2001-02-11 01:21:24 +00:00
itojun 8d26d03189 repair openssl (libcrypto) for non-32bit architecture.
don't use unsigned long where 32bit unsigned variable is asked for.
use u_int32_t.  (not sure if uint32_t is better or not, but anyway,
u_int32_t <-> uint32_t should not raise binary compatibility issue)
PR10921.

TODO: have arch-dependent Makefiles where we supply -DFOO for optimization.
(do not change size of variable though)

XXX: we should actually nuke all other #ifdef in /usr/include/openssl/*.h,
however, that needs a lot of work and will make future openssl upgrade harder.

remove RC5 and IDEA by default.  build them separately as
libcrypto_{rc5,idea}.a.  put dummy function, which is "warning to stderr
and exit(1)".  NOCRYPTO_{RC5,IDEA} are obsoleted.
PR10883.
2000-09-30 00:23:28 +00:00
jhawk a022cf9d37 Use
${MAKE}
instead of
  make
2000-08-30 23:51:46 +00:00
mrg f23f12cbc5 update for openssl 0.9.5a 2000-07-16 07:16:20 +00:00
veego 94a5610765 Add CPPFLAGS+= -DNO_{RSA,IDEA,RC5}. 2000-07-05 14:00:38 +00:00
thorpej df83a2a3cd Add MK... variables to enable/disable various aspects of building
crypto support into the system.  See share/mk/bsd.README for more
a full description.
2000-06-23 06:01:10 +00:00
thorpej e352d2ca43 Fix installing <kerberosIV/des.h> 2000-06-20 21:49:02 +00:00
thorpej e7d6b96938 Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so.  Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
thorpej b50999826e Fixup the OpenSSL library builds. 2000-06-16 06:16:37 +00:00