summaryrefslogtreecommitdiffstats
path: root/secure/lib
Commit message (Collapse)AuthorAgeFilesLines
* MFS r273149 (jkim): MFC: r273144, r273146delphij2014-10-21290-375/+372
| | | | | | | | Merge OpenSSL 1.0.1j. This is part of an upcoming FreeBSD security advisory. Approved by: re (so@ blanket)
* MFC: r269682jkim2014-08-07290-345/+719
| | | | Merge OpenSSL 1.0.1i.
* MFC: r267256jkim2014-06-09288-302/+321
| | | | | | Merge OpenSSL 1.0.1h. Approved by: so (delphij)
* MFC r265995:delphij2014-05-281-1/+1
| | | | | | Switch using the new $2b$ format by default, when bcrypt is used. Relnotes: default Blowfish crypt(3) format have been changed to $2b$.
* MFC r264741: Add placeholder Kyuafiles for various top-level hierarchies.jmmv2014-04-282-0/+14
| | | | This is "make tinderbox" clean.
* MFH (r263712): upgrade openssh to 6.6p1des2014-04-121-4/+4
| | | | MFH (r264308): restore p level in debugging output
* MFC: r261037, r264278jkim2014-04-10291-815/+701
| | | | Merge OpenSSL 1.0.1f and 1.0.1g.
* MFC r262501:delphij2014-03-271-33/+52
| | | | | | | | | | | | | | | | | | Refresh our implementation of OpenBSD's Blowfish password format. Notable changes: - Support of $2b$ password format to address a problem where very long passwords (more than 256 characters, when an integer overflow would happen and cause the length to wrap at 256). - Updated pseudo code in comments to reflect the reality. - Removed our local shortcut of processing magic string and rely on the centralized and tigntened validation. - Diff reduction from upstream. For now we are still generating the older $2a$ format of password but we will migrate to the new format once the format is formally finalized.
* MFH (r261320): upgrade openssh to 6.5p1des2014-02-271-4/+7
| | | | MFH (r261340): enable sandboxing by default
* Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of ades2013-09-231-1/+4
| | | | | | | | | repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
* Clean up the OpenSSH build. It is now possible to build most componentsdes2013-09-101-7/+12
| | | | | | | | | | as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket)
* Make libldns and libssh private.des2013-09-081-0/+1
| | | | Approved by: re (blanket)
* Remove references to MK_IDEA.ed2013-04-272-17/+1
| | | | | | As of r249959, we want to build with IDEA support enabled unconditionally. As this change removed the MK_IDEA flag, update these Makefiles accordingly.
* Upgrade to OpenSSH 6.2p1. The most important new features are supportdes2013-03-221-4/+4
| | | | for a key revocation list and more fine-grained authentication control.
* Merge OpenSSL 1.0.1e.jkim2013-02-13291-607/+607
| | | | Approved by: secteam (simon), benl (silence)
* Add a src.conf(5) option to allow users to compile in the "NONE cipher",bz2013-01-171-0/+4
| | | | | | | | | which, only after authentication, disables crypto, and only for sessions without a terminal. Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
* Upgrade OpenSSH to 6.1p1.des2012-09-031-2/+0
|
* Sort ASM definitions by crypto module for slightly easier maintenance.jkim2012-07-121-2/+4
| | | | Specifically, GHASH_ASM belongs to crypto/modes.
* Merge OpenSSL 1.0.1c.jkim2012-07-12346-13350/+63673
| | | | Approved by: benl (maintainer)
* Merge OpenSSL 0.9.8x.jkim2012-06-27240-484/+490
| | | | | | Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
* Update the previous openssl fix. [12:01]bz2012-05-301-1/+1
| | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
* Return NULL on error rather than ":", per the crypt(3) man page.kevlo2012-02-221-6/+5
| | | | Discussed in: http://www.openwall.com/lists/oss-security/2011/11/15/3
* Force linker error when created shared library contains a relocationkib2011-12-061-0/+1
| | | | | | | | | against text. Provide the override switch to turn off the strict behaviour. Apparently, openssl libcrypto needs it due to assembler code not being PIC. Discussed with: bf MFC after: 2 weeks
* - change "is is" to "is" or "it is"eadler2011-10-161-1/+1
| | | | | | | | - change "the the" to "the" Approved by: lstewart Approved by: sahil (mentor) MFC after: 3 days
* Upgrade to OpenSSH 5.8p2.des2011-05-041-5/+6
|
* Fix some leftover binaries and shared libraries in the system that stilldim2011-02-151-0/+4
| | | | | | | | | | | | | | | have an executable stack, due to linking in hand-assembled .S or .s files, that have no .GNU-stack sections: RWX --- --- /lib/libcrypto.so.6 RWX --- --- /lib/libmd.so.5 RWX --- --- /lib/libz.so.6 RWX --- --- /lib/libzpool.so.2 RWX --- --- /usr/lib/liblzma.so.5 These were found using scanelf, from the sysutils/pax-utils port. Reviewed by: kib
* Regenerate manual pages for OpenSSL 0.9.8q.simon2010-12-03240-253/+242
|
* Regenerate manual pages for OpenSSL 0.9.8p.simon2010-11-22240-8165/+6319
|
* Revert changes of 'assure' to 'ensure' made in r211936.brucec2010-09-111-1/+1
| | | | Approved by: rrs (mentor)
* Fix incorrect usage of 'assure' and 'insure'.brucec2010-08-281-1/+1
| | | | Approved by: rrs (mentor)
* Repair some build breakage introduced in r211725 and garbage collect somenwhitehorn2010-08-283-220/+12
| | | | code made obsolete in the same commit.
* MFtbemd:imp2010-08-231-15/+15
| | | | | Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want to test of all the CPUs of a given family conform.
* Fix buildworld -DNO_CLEAN when using with Perforce, which marks files aswill2010-08-121-2/+2
| | | | | | | read-only by default, meaning files copied can't be overwritten next time. Reviewed by: imp Approved by: ken (mentor)
* Whitespace fix for last check-in, move empty line to below endif.jchandra2010-08-041-1/+1
|
* MIPS 64 bit support.jchandra2010-08-041-0/+14
| | | | | | | When compiled for MIPS n64 ABI - DES_LONG should be 'unsigned int' - BN_LLONG should be undefined - SIXTY_FOUR_BIT_LONG should be defined.
* OpenSSL configuration for powerpc64nwhitehorn2010-07-101-0/+217
| | | | Obtained from: projects/ppc64
* Regenerate manual pages for OpenSSL 0.9.8n.simon2010-04-01239-239/+239
|
* - Make it slightly simpler to update OpenSSL version informationsimon2010-04-011-1/+6
| | | | | | | | for regenerating OpenSSL manual pages. - Explicitly set the OpenSSL release date so manual pages contain the date OpenSSL was released and not just the date OpenSSL was imported into the FreeBSD base system. - Update for Makefile for OpenSSL 0.9.8n.
* Regenerate manual pages for OpenSSL 0.9.8m.simon2010-03-13242-283/+479
| | | | MFC after: 3 weeks
* Merge OpenSSL 0.9.8m into head.simon2010-03-131-1/+1
| | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks
* Upgrade to OpenSSH 5.4p1.des2010-03-091-2/+3
| | | | MFC after: 1 month
* Fix globbingdes2009-11-101-1/+1
| | | | | Noticed by: delphij, David Cornejo <dave@dogwood.com> Forgotten by: des
* Bump the version of all non-symbol-versioned shared libraries inkensmith2009-07-193-3/+3
| | | | | | | | preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version. Reviewed by: kib Approved by: re (rwatson)
* Remove build timestamps from the following files:cperciva2009-07-111-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt. After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files). Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
* Use the closefrom(2) system call.jhb2009-06-161-1/+1
| | | | Reviewed by: des
* Regenerate manual pages for OpenSSL 0.9.8k.simon2009-06-14239-524/+563
|
* Update build infrastructure for OpenSSL 0.9.8k.simon2009-06-149-16/+118
|
* Upgrade to OpenSSH 5.2p1.des2009-05-221-1/+1
| | | | MFC after: 3 months
* Upgrade to OpenSSH 5.1p1.des2008-08-011-4/+4
| | | | | | | | | | I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
* Merge from p4:imp2008-07-231-0/+205
| | | | | | | Implement openssl config needed for mips. Submitted by: gonzo@ Reviewed by: simon@
OpenPOWER on IntegriCloud