Commit Graph

71 Commits

Author SHA1 Message Date
Dirk Meyer
227e98a413 Update to: 0.9.6d
See:
http://www.openssl.org/source/exp/CHANGES

Port improvements:
proccessor type is now detected

Add option: OPENSSL_WITH_386
This set as default for package generation on bento
2002-05-13 18:54:03 +00:00
Dirk Meyer
dd32b25a29 openssl:
- some configure scripts check the version of the lib
  so we need to update SHLIBVER
- bump PORTREVISION

openssh:
- build ports with local openssl, if it exists
2002-05-04 04:38:12 +00:00
Dirk Meyer
cd87949d28 - Update to 0.9.6c
- more manpages
- shift FORBIDDEN

 Excerpt of Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
  *) Only add signing time to PKCS7 structures if it is not already present.
  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce
     should be OBJ_id_ce.  Also some ip-pda OIDs in crypto/objects/objects.txt
     were incorrect (cf. RFC 3039).
  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
     returns early because it has nothing to do.
  *) Fix mutex callback return values in crypto/engine/hw_ncipher.c.
  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
     messages are stored in a single piece (fixed-length part and
     variable-length part combined) and fix various bugs found on the way.
  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
     instead.  BIO_gethostbyname() does not know what timeouts are
     appropriate, so entries would stay in cache even when they have
     become invalid.
  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
     faced with a pathologically small ClientHello fragment that does
     not contain client_version: Instead of aborting with an error,
     simply choose the highest available protocol version (i.e.,
     TLS 1.0 unless it is disabled).
  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
     never resets s->method to s->ctx->method when called from within
     one of the SSL handshake functions.
  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
     (sent using the client's version number) if client_version is
     smaller than the protocol version in use.  Also change
     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
     the client will at least see that alert.
  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
     correctly.
  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
     client receives HelloRequest while in a handshake.
  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
     should end in 'break', not 'goto end' which circuments various
     cleanups done in state SSL_ST_OK.   But session related stuff
     must be disabled for SSL_ST_OK in the case that we just sent a
     HelloRequest.  Also avoid some overhead by not calling
     ssl_init_wbio_buffer() before just sending a HelloRequest.
  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
     reveal whether illegal block cipher padding was found or a MAC
     verification error occured.  (Neither SSLerr() codes nor alerts
     are directly visible to potential attackers, but the information
     may leak via logfiles.) ssl/s2_pkt.c failed to verify that the
     purported number of padding bytes is in the legal range.
  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
     'wristwatch attack' using huge encoding parameters (cf.
     James H. Manger's CRYPTO 2001 paper).  Note that the
     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
     encoding parameters and hence was not vulnerable.
  *) BN_sqr() bug fix.
  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
     followed by modular reduction.
  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
     equivalent based on BN_pseudo_rand() instead of BN_rand().
  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
     This function was broken, as the check for a new client hello message
     to handle SGC did not allow these large messages.
  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
     with the same message size as in ssl3_get_certificate_request().
     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
     messages might inadvertently be reject as too long.
  *) Modified SSL library such that the verify_callback that has been set
     specificly for an SSL object with SSL_set_verify() is actually being
     used. Before the change, a verify_callback set with this function was
     ignored and the verify_callback() set in the SSL_CTX at the time of
     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
     to allow the necessary settings.
  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
     dh->length and always used
          BN_rand_range(priv_key, dh->p).
     So switch back to
          BN_rand(priv_key, l, ...)
     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
     otherwise.
  *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt
     RSA_eay_public_decrypt always reject numbers >= n.
  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
     to synchronize access to 'locking_thread'.
  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
     *before* setting the 'crypto_lock_rand' flag.  The previous code had
     a race condition if 0 is a valid thread ID.
2002-04-21 13:02:08 +00:00
Dirk Meyer
2025ba84ee - make portlint happier
- use DOCSDIR or EXAMPLESDIR
- get rid of some INTERACTIVE scrips in news/ifmail
2002-01-05 23:43:13 +00:00
Patrick Li
b666502afd - PORTDOCS police
- DOCSDIR support to some
- Brush out some lint
2001-12-24 02:17:17 +00:00
Mario Sergio Fujikawa Ferreira
75ad5febcb Style police: WWW tags should either end in a file/script or TRAILING /; Fix the later case 2001-11-20 23:29:38 +00:00
Dirk Meyer
fe7b81b2eb Allow to build libcrypto.so.2 for 4.0, 4,1 and 4.2 RELEASE
so dependent ports can build correctly.
2001-09-03 18:53:44 +00:00
OKAZAKI Tetsurou
2e730301a1 Upgrade openssl to 0.9.6b. 2001-07-20 14:24:10 +00:00
OKAZAKI Tetsurou
2d0a1eee6a Make it buildable on 2.2-STABLE again. 2001-07-07 23:34:36 +00:00
Doug Barton
44e687d0d7 Upgrade openssl to 0.9.6a and bump the shlib version in the process
due to non-backwards compatible changes. The shlib bump necessitates
a corresponding bump in bsd.port.mk for the automagic openssl
dependency. Mistakes in the port are my responsibility. Approval for
the bsd.port.mk commit comes through asami -> kkenn -> me. Kris is
a little busy at the moment, so he asked me to lob it in.

Approved by:	kris
2001-05-23 02:47:02 +00:00
Maxim Sobolev
34462bb3fa 1. In addition to OSVERSION test, check for existence of /usr/lib/libssl.a
and don't mark BROKEN if it doesn't exist.
2. Provide a workaround for inability of recent gcc to link shared library
when -Wl,-whole-archive ld(1) option is used. This should make possible to
build the port on recent -stable or -current.
2001-04-22 18:42:35 +00:00
Dirk Froemberg
36ad4ecd0a Hand out maintainership to ports@FreeBSD.org.
I don't use any 3.x system any longer.
2001-02-18 13:35:14 +00:00
Alfred Perlstein
1f27b851f6 give aout machines shared libraries as well 2001-02-10 01:30:47 +00:00
Satoshi Asami
7acef1cd7a Change PKGDIR from pkg/ to . Also fix places where ${PKGDIR} is
spelled out (many of which are ${PKGDIR}/MESSAGE -> ${PKGMESSAGE} type
fixes that shouldn't have been necessary) and the string "/pkg/"
appear.
2000-10-08 10:23:48 +00:00
Satoshi Asami
bf5cbf6733 Rename PLIST.noshared to pkg-plist.noshared. 2000-10-08 05:59:12 +00:00
Dirk Froemberg
87402eb7e0 Rip off rsaref (and thus USA_RESIDENT).
Submitted by:	kris
2000-09-17 11:06:30 +00:00
Dirk Froemberg
90c2f5fac6 Set INSTALLS_SHLIB.
Submitted by:	Dmitry Grigorovich <odip@bionet.nsc.ru>
Forgotten by:	sobomax
2000-07-16 09:18:40 +00:00
Maxim Sobolev
dc1177a9a5 Fourth round of INSTALLS_SHLIBS conversion. 2000-06-16 08:48:22 +00:00
Dirk Froemberg
fc492bd038 Disable shared libraries for a.out systems in order to make it build
on such systems.

(I know we aren't supporting a.out systems any more, but this was
requested by some people. And the change is trivial.)

Tested by:	nate
2000-04-25 22:16:24 +00:00
Michael Haro
4cf4ab0a2f Correct whitespace introduced during PORTNAME conversion and portlint 2000-04-21 08:19:33 +00:00
Dirk Froemberg
db75493bbf Add missing ldconfig. 2000-04-16 22:02:47 +00:00
Dirk Froemberg
e9294f8161 Upgrade to 0.9.5a. 2000-04-16 12:24:45 +00:00
Chris Piazza
3df86a88a9 Update with the new PORTNAME/PORTVERSION variables 2000-04-09 18:34:06 +00:00
Dirk Froemberg
db54ed8188 Check against ${OSVERSION} instead of the existence of the library files
whether openssl should be build or not.
2000-01-28 22:05:15 +00:00
Dirk Froemberg
7a034920be Check wheather OpenSSL is installed in the base system already and
skip openssl port if so.

(I. e. check the existence of /usr/bin/openssl, /usr/lib/libcrypto.so
and /usr/lib/libssl.so. If they exist set FORBIDDEN.)
1999-12-30 11:13:37 +00:00
Dirk Froemberg
bd8d8600c4 Build and install shared libraries libcrypto.so.1 and libssl.so.1, too.
Submitted by:	Issei Suzuki <issei@jp.freebsd.org>
1999-11-07 22:19:49 +00:00
Dirk Froemberg
52dfef8707 Don't use ${PREFIX} in pkg/MESSAGE but /usr/local and substitute
/usr/local accordingly via Makefile.

Submitted by:	Bill Fumerola <billf@FreeBSD.org>
1999-09-17 19:16:59 +00:00
Peter Wemm
a53421230c $Id$ -> $FreeBSD$ 1999-08-31 01:53:22 +00:00
Tim Vanderhoek
cae3003efc Make it clear(er) that RSAREF is a port that must be installed, not, perhaps,
some piece of the base system (a-la crypto).  I wrote "rsaref port" instead
of "security/rsaref" since on the remote chance that rsaref switches
categories, I don't want the message to become wrong.
1999-08-18 00:02:55 +00:00
Dirk Froemberg
1c26d9497a Upgrade to 0.9.4. 1999-08-09 18:48:15 +00:00
Dirk Froemberg
88775d5e8e Upgrade to 0.9.3a. 1999-06-06 09:56:03 +00:00
Dirk Froemberg
7282254b71 Upgrade to OpenSSL 0.9.3:
- some changes of the directory layout:
  e. g. ${PREFIX}/lib/openssl.cnf -> ${PREFIX}/openssl/openssl.cnf
1999-06-02 07:30:52 +00:00
Marc G. Fournier
a05c0a07b8 this should finish cleaning up the WWW_SITE -> DESCR/WWW: mess ... 1999-04-22 00:17:18 +00:00
Dirk Froemberg
8dba5f2277 openssl-0.9.2b-rsaoaep.patch supersedes patch-aj.
Obtained from:	http://www.openssl.org/
1999-04-13 22:37:02 +00:00
Dirk Froemberg
edce2a8b07 Fix build error on FreeBSD-4.0-CURRENT.
Reported by:	Andrzej Tobola <san@tmp.iem.pw.edu.pl>
1999-03-30 22:39:28 +00:00
Dirk Froemberg
5bd84f9d98 - patch-ab needs to patch Makefile.org and not Makefile.ssl. Otherwise
the diffs are trashed because Makefile.org is used as a basis for
  Makefile.ssl during configuration. Now that patch-ab is applied correctly
  libRSAglue.a is installed.

- add patch-aj obtained from the OpenSSL CVS repository:
  "Make sure the RSA OAEP test is skipped under -DRSAref because
   OAEP isn't supported when OpenSSL is built with RSAref."
1999-03-29 14:43:49 +00:00
Dirk Froemberg
0d16fe8fa8 Upgrade to 0.9.2b.
According to the OpenSSL-core-team you are strongly encouraged to upgrade
any old version. The new version has a lot of bug fixes.

- ${PREFIX}/bin/ssleay was renamed to ${PREFIX}/bin/openssl and
  ${PREFIX}/etc/ssleay.cnf to ${PREFIX}/lib/openssl.cnf

- there are no links from e. g. ${PREFIX}/bin/md5 to ${PREFIX}/bin/ssleay
  any longer, instead you have to call "openssl md5" now

- replaced HAS_CONFIGURE, CONFIGURE_SCRIPT and CONFIGURE_ENV with a
  do-configure target and changed the indention level

- some perl scripts need perl5 now, so set USE_PERL5 and replace perl
  with ${PERL5} where neccessary.

- honour ${CFLAGS}
1999-03-26 08:42:49 +00:00
Dirk Froemberg
1099b7a228 Set ONLY_FOR_ARCHS to i386.
Apply openssl-0.9.1c-bnrec.patch via PATCHFILES:

"DESCRIPTION:
The Big Number (BN) library in OpenSSL 0.9.1c has some problems when dealing
with very large numbers. Because mostly all other OpenSSL sub-libraries
(including the RSA library) are based on BN, this can cause failures when
doing certificate verification and performing other SSL functions. These BN
bugs are already fixed for OpenSSL 0.9.2. But for OpenSSL 0.9.1c the easiest
workaround to fix the subtle problems is to apply the above patch which mainly
disables the broken Montgomery multiplication algorithm inside BN."
1999-03-06 11:36:23 +00:00
Dirk Froemberg
0e7af78196 Correct MASTER_SITES. 1999-01-26 22:06:04 +00:00
Dirk Froemberg
8ee28cc021 Modify ${PREFIX}/bin/md5 (= ${PREFIX}/bin/ssleay) output string.
PR:		ports/9563
Submitted by:	Shigeyuki FUKUSHIMA <shige@kuis.kyoto-u.ac.jp>
1999-01-20 12:44:04 +00:00
Dirk Froemberg
682100bdab Don't use rsaref if I_HAVE_AN_RSA_LICENSE is defined.
Requested by:	Garrett Wollman <wollman@FreeBSD.ORG>:

"If you have an RSA license, you DON'T want to use rsaref -- it's
slow as hell.  The only reason you would want to use rsaref is:

	1) You are in the US.
	2) The patent hasn't expired yet (600-someodd days and counting).
	3) You wouldn't have the right to use RSA otherwise."
1999-01-12 23:18:59 +00:00
Dirk Froemberg
6364110638 Remove empty patch-ac and add patch-a[ef] which got lost during last commit. 1999-01-10 15:46:01 +00:00
Dirk Froemberg
fb85680370 Bring this port up to openssl-0.9.1c after a repository copy from SSLeay.
OpenSSL is a successor of SSLeay (see http://www.openssl.org/).

This port uses almost the same files as SSLeay. So they can't be
installed both.

- make the port ${PREFIX} clean
- reorganize PLIST (list links as normal files, which makes the PLIST
  shorter and easier to maintain)
- reference ${PREFIX}/etc/ssleay.cnf only (there was a reference to
  ${PREFIX}/lib/ssleay.cnf somewhere)
- some other minor portlint changes
1999-01-09 12:55:50 +00:00
Satoshi Asami
406a9faf9e Mark this broken while Dirk works on it. 1999-01-09 10:36:18 +00:00
Dirk Froemberg
8d930fd37b Correct pathname.
PR:		ports/9258
Submitted by:	Seigo TANIMURA <tanimura@naklab.dnj.ynu.ac.jp>
1999-01-02 20:38:55 +00:00
Bill Fumerola
32d85fd270 Update incorrect md5 printout.
PR:		ports/9198
Submitted by:	Shigeyuki FUKUSHIMA shige@kuis.kyoto-u.ac.jp
1998-12-27 23:57:40 +00:00
David E. O'Brien
db3aa5e9b4 Add more DISTSITES. The single one listed only allowed 10 simulanious anon
connections -- not enough for the demands of the Awesome FreeBSD Ports
Collection(tm).
1998-10-26 05:52:02 +00:00
Scott Mace
71c938c5ab Compile Under ELF
PR:		ports/8336 ports/8255
1998-10-19 12:46:24 +00:00
Satoshi Asami
b4bc06c5bf security/rsaref has been ELFized. 1998-09-25 10:20:21 +00:00
Mark Murray
58337fe7a8 Upgrade to version 0.9.0b 1998-08-27 16:38:03 +00:00