summaryrefslogtreecommitdiffstats
path: root/secure
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove a remnant of my attempt to get alpha asm code working. OpenSSLkris2001-02-191-2/+0
| | | | | | | | does include code for the alpha, but as far as I can tell, it is non-functional (e.g. it's not even compiled by the native openssl build on the alpha). Noticed by: gallatin
* Introduce support for using OpenSSL ASM optimizations. This is donekris2001-02-192-10/+91
| | | | | | | | | | | | | | | | | | | | | | | through the use of a new build directive, MACHINE_CPU, which contains a list of the CPU generations/features for which optimizations are desired. This feature will be extended to cover the ports tree in the future. Currently OpenSSL provides optimizations for i386, i586 and i686-class CPUs. Currently it has not been tested on an i386 or i486. Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not defined (namely, the lowest common denominator CPU we support for each architecture). Currently this is i386 for the i386 architecture and ev4 for the alpha. sys.mk also sets the variable as a last resort for consistency with MACHINE_ARCH and bootstrapping from very old versions of make. Benchmarks show a significant speed increase even in the i386 case, with additional improvements for i586 and i686 systems. For maximum performance define MACHINE_CPU=i686 i586 i386 in /etc/make.conf. Based on a patch submitted by: Mike Silbersack <silby@silby.com> Reviewed by: current
* Define HAVE_PAM_GETENVLIST for build. Now environmental variables setnectar2001-02-081-1/+1
| | | | by PAM modules will be exported (correctly).
* Fixed missing include of <unistd.h> and wrong prototype for setkey().bde2001-02-061-1/+2
|
* Add .Lb libcipherben2001-01-241-1/+3
| | | | | PR: 24434 Submitted by: Bill Cheswick <ches@bell-labs.com>
* man(7) -> mdoc(7).ru2001-01-161-140/+173
|
* Merge into a single US-exportable libcrypt, which only providespeter2000-12-281-73/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | one-way hash functions for authentication purposes. There is no more "set the libcrypt->libXXXcrypt" nightmare. - Undo the libmd.so hack, use -D to hide the md5c.c internals. - Remove the symlink hacks in release/Makefile - the algorthm is set by set_crypt_format() as before. If this is not called, it tries to heuristically figure out the hash format, and if all else fails, it uses the optional auth.conf entry to chose the overall default hash. - Since source has non-hidden crypto in it there may be some issues with having the source it in some countries, so preserve the "secure/*" division. You can still build a des-free libcrypt library if you want to badly enough. This should not be a problem in the US or exporting from the US as freebsd.org had notified BXA some time ago. That makes this stuff re-exportable by anyone. - For consistancy, the default in absence of any other clues is md5. This is to try and minimize POLA across buildworld where folk may suddenly be activating des-crypt()-hash support. Since the des hash may not always be present, it seemed sensible to make the stronger md5 algorithm the default. All things being equal, no functionality is lost. Reviewed-by: jkh (flame-proof suit on)
* Update for OpenSSH 2.3.0.green2000-12-052-6/+9
|
* Fixed a typo from the last commit.ru2000-11-151-1/+1
| | | | Submitted by: Mike Heffner <mheffner@vt.edu>
* Correct some fallout from the semi-automated way I updated the makefile.kris2000-11-141-4/+4
| | | | Submitted by: roberto
* Disable /usr/bin/ssh being setuid root by default. Let the variablegreen2000-11-141-0/+2
| | | | | | | | | | ENABLE_SUID_SSH being defined reenable it for those that want it. This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example). Submitted by: jedgar
* Update for OpenSSL 0.9.6kris2000-11-134-61/+69
|
* Fix up the build for the STARTTLS version of sendmail (again). This methodgshapiro2000-10-242-78/+0
| | | | | | | | | | mimics that of tcpdump in that for normal builds, sendmail will only be built once. For 'make release', it is built once for the bin dist and once for the crypto dist. This method also removes the need for two separate Makefiles (which could become out of sync). Suggested by: bde Assisted by: kris
* Do not override BINDIR settings from subdirectory Makefiles.gshapiro2000-10-131-1/+1
| | | | Submitted by: bde
* ../Makefile.inc was clobbering BINDIR so sendmail was being installed ingshapiro2000-10-131-1/+1
| | | | | | /usr/sbin/ instead of /usr/libexec/sendmail/ Submitted by: bde
* Activate the 'secure' (TLS) version of sendmail if !NO_SENDMAIL && !NO_OPENSSLgshapiro2000-10-131-0/+4
|
* Given that sendmail's STARTTLS support requires OpenSSL and the bootstrapgshapiro2000-10-131-4/+11
| | | | | | | issues that brings, build the non-TLS version of sendmail in src/usr.sbin/sendmail and the TLS version in src/secure/usr.sbin/sendmail. This allows the TLS version to be part of the secure distribution when building a release.
* Remove STARTTLS support as it breaks builds without crypto installed.gshapiro2000-10-121-7/+0
| | | | Waiting to hear back regarding the best way to do this.
* With apoligies to Greg Shapiro, fix the world. The previous commitpeter2000-10-111-2/+2
| | | | | lost -lutil and -lwrap by replacing $LDADD and $DPADD rather than appending to them with +=.
* Style fixesgshapiro2000-10-111-4/+4
|
* NOCRYPT imples NO_OPENSSL.gshapiro2000-10-111-1/+1
| | | | | | Still need to solve the distribution problem. Submitted by: kris
* Build sendmail with STARTTLS support unless NO_OPENSSL is set.gshapiro2000-10-101-0/+7
|
* Overhaul of the build-time include file generation. Don't break in evp.hkris2000-09-173-47/+32
| | | | | if bootstrapping from a system on which the openssl headers are not already present.
* Give users a way to alter the sendmail (and related utilities) buildgshapiro2000-09-171-1/+7
| | | | environment so they can enable functionality such as SASL, LDAP, Hesiod.
* Only build sftp-server conditionallykris2000-09-161-1/+3
|
* Add sftp-serverache2000-09-151-0/+1
|
* Allow users to add libraries for sendmail (e.g. Cyrus SASL)gshapiro2000-09-131-1/+1
| | | | Obtained from: Sergei Vyshenski <svysh@pn.sinp.msu.ru>
* Update for OpenSSH 2.2.0kris2000-09-104-7/+33
|
* Nuke RSAREF support from orbit.kris2000-09-104-75/+3
| | | | It's the only way to be sure.
* ``Anyone is now free to rub two primes together for their own gratification''kris2000-09-061-1/+1
| | | | | | | | | | -- Unknown Now that the RSA algorithm is released into the public domain, build librsaintl by default unless NO_RSAINTL is set in make.conf. The native OpenSSL implementation of RSA is much faster, doesn't have an artificial keysize limitation, has 30% fewer calories and tastes great!
* Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobodykris2000-09-021-1/+1
| | | | was using this feature.
* Make the temporary file _evp.h instead of evp.h to not conflict withgreen2000-08-242-5/+7
| | | | | | the real evp.h. Reported by: markm
* Add missing quotes around xauth pathache2000-08-231-1/+1
|
* Generate a new evp.h at build-time instead of install-time to properlygreen2000-08-232-6/+7
| | | | support NFS(ro) installworlds.
* Respect X11BASE to derive the location of xauth(1)kris2000-08-231-0/+4
| | | | | PR: 17818 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
* Add working and easy crypt(3)-switching. Yes, we need a whole new APIgreen2000-08-221-0/+1
| | | | | | | | | | | | | | for crypt(3) by now. In any case: Add crypt_set_format(3) + documentation to -lcrypt. Add login_setcryptfmt(3) + documentation to -lutil. Support for switching crypt formats in passwd(8). Support for switching crypt formats in pw(8). The simple synopsis is: edit login.conf; add a passwd_format field set to "des" or "md5"; go nuts :) Reviewed by: peter
* Turn on support for IPv6gshapiro2000-08-141-1/+1
|
* Get rid of the /etc/aliases -> /etc/mail/aliases hack. /etc/mail/aliasesgshapiro2000-08-131-6/+0
| | | | now exists in the distribution.
* The rest of the changes needed to support the new version of sendmail (8.11.0).gshapiro2000-08-121-11/+28
| | | | | | Beyond changes to the build system, this includes fixing up the sample freebsd.mc configuration for changes in defaults and syntax, removing outdated documentation, and updating the release notes.
* Unbreak the OpenSSL headers for those of us who don't/can't use IDEA bygreen2000-08-041-1/+10
| | | | | getting rid of the check for NO_IDEA (in evp.h) completely if it's installed without MAKE_IDEA=YES.
* Install the openssl(1) manpage with an MLINK from ssl(8) to at least putkris2000-08-031-6/+12
| | | | something in the location where OpenSSH likes to point.
* Don't build sshd if NO_OPENSSL defined.kris2000-07-301-1/+1
| | | | Submitted by: stephen@math.missouri.edu
* Don't build crypto-enabled telnetd if NO_OPENSSL is defined, since itkris2000-07-251-1/+1
| | | | attempts to link against libcrypto.
* WITH_IDEA --> MAKE_IDEA fix.markm2000-07-161-1/+1
|
* Add missing $FreeBSD$ to files that are NOT still on vendor a branch.peter2000-07-162-0/+6
|
* Be consistant about WITH_ vs MAKE_ flags. We have a precedent of usingpeter2000-07-142-4/+4
| | | | | | | MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to confuse myself last time and made make.conf different to the code. ;-( Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>
* Argh. Cut/paste transcription error. Fix syntax of previous commit.peter2000-07-031-1/+1
|
* USA_RESIDENT is forced to YES or NO at the start of Makefile.inc1peter2000-07-031-1/+2
| | | | | | Use that to be the final arbiter of whether or not to build the librsaintl.so plugin for openssl/openssh. Add a magic WANT_RSAINTL flag to force building even if USA_RESIDENT=YES.
* MFI. This is a documentation-only, diffreducing patch, that ifmarkm2000-06-244-2/+23
| | | | | invoked will cause breakage. US Users - DO NOT try to turn on IDEA - the sources are not included.
* Link explicitly against -lmd. I'm not sure what was pulling this inkris2000-06-111-2/+2
| | | | on -current, but it doesnt do it on -stable.
OpenPOWER on IntegriCloud