Commit Graph

26 Commits

Author SHA1 Message Date
riastradh
ef315f7931 Remove MKCRYPTO option.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export.  The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.

In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated.  I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.

The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.

My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.

As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:

https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html
https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html
https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html

P.S.  Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet...  That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
2017-05-21 15:28:36 +00:00
christos
75efea6592 bump libcrypto and friends; OpenSSL abi change: do_cipher last argument
changed from u_int to size_t. Affects _LP64 only.
2009-07-20 17:30:52 +00:00
skrll
8d8039fe60 libcrypto moved. 2009-07-20 12:16:37 +00:00
jmmv
d1a11f39cd Fix build by making split return a size_t:
src/lib/libradius/radlib.c(1053): warning: conversion from 'unsigned long'
  to 'int' may lose accuracy [132]
2009-01-19 09:43:11 +00:00
lukem
b5c21fe2ab fix -Wsign-compare issues 2009-01-19 07:21:59 +00:00
christos
46edb91e9f bump shared libraries. 2009-01-11 03:07:47 +00:00
he
d1eb8042a4 Recursively bump the major version number of the shared libraries
which use libcrypto (and those which use those libraries again),
as libcrypto's major number was recently bumped.  The pam modules
share a major with libpam, so they are all bumped as well.
2008-05-11 19:17:06 +00:00
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos
6ce0a263c4 no point in using alloca here. 2006-11-09 17:02:52 +00:00
perry
fd18408b9a u_intN_t -> uintN_t 2005-12-26 19:40:14 +00:00
christos
23168589be use LIBDPLIBS for libcrypto. 2005-11-26 16:09:30 +00:00
christos
85fdc9d1a1 add more casts. 2005-11-25 23:20:00 +00:00
christos
c1cfec6562 Adjust to the new openssl build; bump version. Also if we are compiling
with SSL, link against libcrypto to pick up the proper versions of the
symbols needed.
2005-11-25 21:07:11 +00:00
christos
99ab3bdfc8 Fix compilation both with and without SSL. The buffer argument is different
type, not just the length.
2005-03-31 14:29:32 +00:00
christos
049130f10b change some ints to size_t 2005-03-26 04:38:21 +00:00
he
733ba3e3bd GCC 2.95.3 doesn't like macros to be called with no argument when
the definition has an argument.  Cheesily add a 0 argument to the
srandomdev() invocation (which gets defined as null on NetBSD).
Restores our vax port to a buildable state.
2005-03-16 10:34:25 +00:00
he
738be40c8f Make conversions from unsigned long to int explicit via casts,
rather than imiplicit, which causes lint heart burn ("conversion
from 'unsigned long' to 'int' may lose accuracy).
2005-02-20 23:59:31 +00:00
christos
03b16f4fe5 Put back exit on warning for lint. 2005-02-20 17:06:33 +00:00
christos
595789382e Fix lint on 64 bit machines. 2005-02-20 17:06:16 +00:00
martin
bf9e950197 This needs work to pass lint - whic I'm not going to invest.
Make lint not treat warnings as errors.
2005-02-20 16:20:36 +00:00
wiz
fb1b5900a0 Remove duplicate .Pp. XXX: References non-existing rad_config(3). 2005-02-20 01:02:07 +00:00
christos
ccb28c34b3 Get rid of liblibradius; hi manu. 2005-02-20 00:36:47 +00:00
christos
23d6637ce7 Oops, include dir. 2005-02-20 00:32:18 +00:00
christos
28074938ee Add include files. 2005-02-20 00:31:01 +00:00
christos
476ca6e1f0 Pass lint and WARNS=3 2005-02-20 00:28:20 +00:00
manu
8809553739 Import FreeBSD's libradius as of 2005/02/20, plus minor tweaks to build
o nNetBSD and a Makefile for NetBSD.
2005-02-19 23:56:30 +00:00