Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (annotate) |
| Sticky Revision: |
Move generated OpenSSL assembly routines into the kernel sources. Sponsored by: Netflix
Install man5 and man7 for OpenSSL. Note config.5 and crypto.7 are not installed because we have conflicts. Requested by: phk MFC after: 1 month
Merge OpenSSL 1.1.1d.
pkgbase: Put a lot of binaries and lib in FreeBSD-runtime All of them are needed to be able to boot to single user and be able to repair a existing FreeBSD installation so put them directly into FreeBSD-runtime. Reviewed by: bapt, gjb Differential Revision: https://reviews.freebsd.org/D21503
Enable devcryptoeng for OpenSSL. Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been deprecated in favor of this new engine. However, this engine is not throughly tested on FreeBSD because it was originally written for Linux. http://cryptodev-linux.org/ Also, the author actually meant to enable it by default on BSD platforms but he failed to do so because there was a bug in the Configure script. https://github.com/openssl/openssl/pull/7882 Now they found that it was more generic issue. https://github.com/openssl/openssl/pull/7885 Therefore, we need to enable this engine on head to give it more exposure.
Merge OpenSSL 1.1.1a.
Bump base OpenSSL libraries versions to avoid conflict with port's libraries. Reported by: many Reviewed by: gjb Sponsored by: The FreeBSD Foundation MFC after: 3 hours
Merge the remainder of the projects/openssl111 branch to head. - Update OpenSSL to version 1.1.1. - Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility. - Bump __FreeBSD_version. Approved by: re (kib) Sponsored by: The FreeBSD Foundation
Prefer ACFLAGS over CFLAGS for compiling aarch64 assembly files.
Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew.
Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B. MFC after: 1 week
Disable assembly sources when compiler/assembler cannot compile certain instructions. For example, GCC 4.2.1 + binutils 2.17.50 does not support AVX instructions. Reported by: bde MFC after: 2 weeks
Enable linker error if libcrypto.so contains a relocation against text. It is position independent on all platforms since r299389. Submitted by: kib
Make libcrypto.so position independent on i386.
Revert r299139: these are generated files We'll need to properly generate PIC/non-PIC from the source .pl files. Reported by: jkim
Make libcrypto position independent on i386 Prior to this change libcrypto ended up with a .text relocation. Submitted by: Rafael EspĂndola (earlier version) Reviewed by: kib Approved by: so (glebius) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D6164
Fix a typo. I did not mean it, really.
Clean up OpenSSL makefiles.
Merge OpenSSL 1.0.2d.
Replace afterinstall: hack from r111083 with 'make delete-old' functionality. Sponsored by: EMC / Isilon Storage Division
Revert r284417 it is not necessary anymore
Enforce overwritting SHLIBDIR Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere. This makes /lib being populated again. Reported by: many
Update buildinf.h to make SSLeay_version(3) little bit more useful. MFC after: 1 week
Add a ${CP} alias for copying files in the build.
Some users build FreeBSD as non-root in Perforce workspaces. By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories. Bare use of
'cp' should be avoided in the future.
Update all current users of 'cp' in the src tree.
Reviewed by: emaste
MFC after: 1 week
Sponsored by: Spectra Logic
Remove references to MK_IDEA. As of r249959, we want to build with IDEA support enabled unconditionally. As this change removed the MK_IDEA flag, update these Makefiles accordingly.
Merge OpenSSL 1.0.1e. Approved by: secteam (simon), benl (silence)
Merge OpenSSL 1.0.1c. Approved by: benl (maintainer)
Force linker error when created shared library contains a relocation against text. Provide the override switch to turn off the strict behaviour. Apparently, openssl libcrypto needs it due to assembler code not being PIC. Discussed with: bf MFC after: 2 weeks
Fix some leftover binaries and shared libraries in the system that still have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections: RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5 These were found using scanelf, from the sysutils/pax-utils port. Reviewed by: kib
Repair some build breakage introduced in r211725 and garbage collect some code made obsolete in the same commit.
MFtbemd: Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want to test of all the CPUs of a given family conform.
Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as read-only by default, meaning files copied can't be overwritten next time. Reviewed by: imp Approved by: ken (mentor)
Bump the version of all non-symbol-versioned shared libraries in preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version. Reviewed by: kib Approved by: re (rwatson)
Remove build timestamps from the following files: /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt. After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files). Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
Update build infrastructure for OpenSSL 0.9.8k.
Integrate the Camellia Block Cipher. For more information see RFC 4132 and its bibliography. Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
Upgrade to OpenSSL 0.9.8e.
Upgrade to OpenSSL 0.9.8d.
Upgrade to OpenSSL 0.9.8b.
Clean generated headers.
Provide alternate default for SHLIBDIR before bsd.own.mk does this. Reported by: phk
Reimplementation of world/kernel build options. For details, see: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
Bump the shared library version number of all libraries that have not been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
Update OpenSSL 0.9.7d -> 0.9.7e.
Define PLATFORM correctly when cross-building.
NODOCCOMPRESS -> NO_DOCCOMPRESS NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
For variables that are only checked with defined(), don't provide any fake value.
Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
Turn MAKE_IDEA into a true "bool" type variable, as documented in the make.conf(5) manpage. PR: conf/65738 OK'ed by: markm
Turn on the amd64-specific bignum code in openssl. This is actually a variant of the C code but with some scattered asm and things laid out more optimally for the platform. This means that we need to the asm directory to the search path for the amd64 case so that make can find the source.
Re-add the hand-optimised assembler versions of some of the ciphers to the build. Should have done this ages ago: markm Reminded above to do this: peter
Stage 3 of dynamic root support. Make all the libraries needed to run binaries in /bin and /sbin installed in /lib. Only the versioned files reside in /lib, the .so symlink continues to live /usr/lib so the toolchain doesn't need to be modified.
Ugg, wrong version. CSTD=gnu89, c89 wont do.
This isn't C99 clean.
Silence `make -s' (echo -> ${ECHO}).
Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f' doesn't need to be prefixed with '-'. Keep the pointy hat for myself for not reading the code closely.
Don't error out the build if removing a "stale" symlink fails. Pointy hat for breaking my installworld: nectar
Handle includes the normal way. Reviewed by: markm Approved by: nectar
LIBDIR/INCLUDEDIR do not include DESTDIR. Reported by: Andrzej Tobola <san@iem.pw.edu.pl>
Follow-up to previous commit: we had a des.h symlink, too. Remove that.
Previously, libcrypto contained symbols that were identical to EAY libdes, and functionally close enough so that we created symlinks (libdes -> libcrypto) to help older applications. With the import of OpenSSL 0.9.7, this is no longer true and we no longer install these symlinks. However, systems that are upgraded may have these symlinks, which could cause non-obvious breakage at build-time. Therefore, blow any old symlinks away in the `afterinstall' target.
Install the OpenSSL man pages in /usr/share/openssl/man and remove the WANT_OPENSSL_MANPAGES knob.
Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).
Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:
des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.
des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.
Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.
Re-add WANT_OPENSSL_MANPAGES knob.
Update for OpenSSL 0.9.7. No assembler code at the moment. This will follow.
Remove myself as maintainer of openssl; I no longer have enough time to devote to it.
Style sync with rest of FreeBSD.
Don't lint contrib'ed sources, even if the builder has asked for linting. Its Just Too Noisy.
Update list of installed manual pages after regenerating them.
s,/usr/include,${INCLUDEDIR},
Build using pregenerated manpages; don't use perl to translate .pod's. The translated .pod's have already been committed.
Added new bsd.incs.mk which handles installing of header files via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to handle symlinking include files. Allow for multiple groups of include files to be installed, with the powerful INCSGROUPS knob. Documentation to follow. Added standard `includes' and `incsinstall' targets, use them in Makefile.inc1. Headers from the following makefiles were not installed before (during `includes' in Makefile.inc1): kerberos5/lib/libtelnet/Makefile lib/libbz2/Makefile lib/libdevinfo/Makefile lib/libform/Makefile lib/libisc/Makefile lib/libmenu/Makefile lib/libmilter/Makefile lib/libpanel/Makefile Replaced all `beforeinstall' targets for installing includes with the INCS stuff. Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS, and for compatibility with NetBSD. Similarly for INCOWN, INCGRP, and INCMODE. Consistently use INCLUDEDIR instead of /usr/include. gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes were only lightly tested due to the missing contrib/libstdc++-v3. I fully tested the pre-WIP_GCC31 version of this patch with the contrib/libstdc++.295 stuff. These changes have been tested on i386 with the -DNO_WERROR "make world" and "make release".
Pre-generate the optimized x86 crypto code and check it in rather than depending on perl at build time. Makefile.asm is a helper for after the next import. With my cvs@ hat on, the relatively small repo cost of this is acceptable, especially given that we have other (much bigger) things like lib*.so.gz.uu checked in under src/lib/compat/*. Reviewed by: kris (maintainer)
Install headers with -C. Ideally, these Makefiles should not need to override the beforeinstall target at all, but this has proven difficult to achieve.
Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules.
This change should have been in rev.1.37.
Use NO_PERL as well as NOPERL. The latter is going to (eventually) go.
Update list of manpages
Update for OpenSSL 0.9.6a MFC after: 2 weeks
secure/ build fixes:
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a
in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
New LIBSSH is introduced for libssh.a (an internal static lib).
Previously, build without prior `obj' was broken; SSH modules
always looked for libssh.a in ${.OBJDIR}. Also, the dependancies
on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into
/usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
Attempt to fix the problem with -j builds, and du-uglify the asm code generation and assembly targets. Help from: bde, obrien
MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6
Install the des.h link under ${DESTDIR}. Fixes buildworld.
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
Clean up the installation of the compatibility libdes header/library symlinks Pointed out by: bde
Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of CPUTYPE, and I forgot I used it here already) Pointed out by: bde
Update the list of OpenSSL manpages (now contains many more describing libssl, for example), and hide it behind a make.conf option, WANT_OPENSSL_MANPAGES, instead of having it commented out. We still can't install these by default because of clobbering of a number of system manpages with the same name, but they're there for people who want them.
Add back a missing file from the no-asm case Submitted by: gallatin
Remove a remnant of my attempt to get alpha asm code working. OpenSSL does include code for the alpha, but as far as I can tell, it is non-functional (e.g. it's not even compiled by the native openssl build on the alpha). Noticed by: gallatin
Introduce support for using OpenSSL ASM optimizations. This is done through the use of a new build directive, MACHINE_CPU, which contains a list of the CPU generations/features for which optimizations are desired. This feature will be extended to cover the ports tree in the future. Currently OpenSSL provides optimizations for i386, i586 and i686-class CPUs. Currently it has not been tested on an i386 or i486. Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not defined (namely, the lowest common denominator CPU we support for each architecture). Currently this is i386 for the i386 architecture and ev4 for the alpha. sys.mk also sets the variable as a last resort for consistency with MACHINE_ARCH and bootstrapping from very old versions of make. Benchmarks show a significant speed increase even in the i386 case, with additional improvements for i586 and i686 systems. For maximum performance define MACHINE_CPU=i686 i586 i386 in /etc/make.conf. Based on a patch submitted by: Mike Silbersack <silby@silby.com> Reviewed by: current
Fixed a typo from the last commit. Submitted by: Mike Heffner <mheffner@vt.edu>
Correct some fallout from the semi-automated way I updated the makefile. Submitted by: roberto
Update for OpenSSL 0.9.6
Overhaul of the build-time include file generation. Don't break in evp.h if bootstrapping from a system on which the openssl headers are not already present.
Nuke RSAREF support from orbit. It's the only way to be sure.
Make the temporary file _evp.h instead of evp.h to not conflict with the real evp.h. Reported by: markm
Generate a new evp.h at build-time instead of install-time to properly support NFS(ro) installworlds.
Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by getting rid of the check for NO_IDEA (in evp.h) completely if it's installed without MAKE_IDEA=YES.
Forced commit. This is to try and help folks that used the international crypto repo and have slightly different files but with the same version. cvsup in 'checkout mode' has no trouble with this, but cvs can get really silly about it.
Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to confuse myself last time and made make.conf different to the code. ;-( Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
MFI. This is a documentation-only, diffreducing patch, that if invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.
Update for OpenSSL 0.9.5a and clean up a bit.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.27 |