Commit graph

47 commits

Author SHA1 Message Date
Dirk Meyer
ed1fb92b15 - update to 0.9.7f 2005-04-02 20:11:10 +00:00
Dirk Meyer
f3d9a33c70 - extended API for hw-crypto
Submitted by:	phk
2005-01-24 13:56:35 +00:00
Dirk Meyer
9aa92d206d - drop objects for win and vms 2004-11-06 05:13:56 +00:00
Dirk Meyer
8d0380392d - cleanup fips
- remove harmfull -Wl,-Bsymbolic

  strcmp did not work correctly,
  and the initialisation of internal hashs was defunct.
  Therefor serveral applications failed to find some of the ciphers.
  e.G. openvpn, jabberd
2004-11-06 05:12:46 +00:00
Dirk Meyer
8af65f3ae1 - Bugfix update to 0.9.7e
- md5 verfied with website
2004-10-26 21:32:19 +00:00
Dirk Meyer
47a5694889 - add patch to support AES-192-CBC and AES-256-CBC
to the crypto engine (assuming your card supports them).
This make the Hifn cards much more useful as AES-256 is
the default encryption for many client applications.

Submitted by:	Spike Ilacqua
Obtained from:	OpenBSD
2004-10-12 04:19:11 +00:00
Dirk Meyer
3bb1ec678a - installs pkgconfig data in $(prefix)/libdata
PR:		69150
Submitted by:	Konstantin Oznobihin
2004-07-19 04:36:14 +00:00
Dirk Meyer
130313c7d4 - Security update to 0.9.7d
http://www.openssl.org/news/secadv_20040317.txt
2004-03-17 13:51:00 +00:00
Dirk Meyer
baa90b8ff0 - Security Fix, Update to 0.9.7c
- Fix manpages
2003-09-30 17:48:20 +00:00
Dirk Meyer
3c0cc81cb8 - Fix: FreeBSD 470101 don't has a crytodevice.
Problem noted by: jarnold@knightridder.com
2003-08-04 18:22:34 +00:00
Dirk Meyer
2d1407f8f6 - Support amd64 2003-07-06 03:03:29 +00:00
Dirk Meyer
7d2f60a86e - Udpate to 0.9.7b 2003-04-11 18:29:17 +00:00
Dirk Meyer
605d36542b - enable threads on ia64
- OPENSSL_OVERWRITE_BASE
  defaults to STABLE/CURRENT shared lib version
  This solves problems when the share lib is deinstalled.
  ports/50292
PR:		50292
2003-04-07 05:50:39 +00:00
Dirk Meyer
2e88b8ec35 - honor CC and use PTHREAD_LIBS and PTHREAD_FLAGS
marius@alchemy.franken.de
2003-04-03 18:24:52 +00:00
Dirk Meyer
018fc2c474 - Security Fix:
http://www.openssl.org/news/secadv_20030319.txt
2003-03-23 04:49:53 +00:00
Dirk Meyer
1f094f8114 - switch to USE_PERL5_BUILD
- add security patch
Approved by:	kris
Obtained from:	http://www.openssl.org/news/secadv_20030317.txt
2003-03-19 06:28:03 +00:00
Dirk Meyer
b8dd3b052d - merged some patches in distribution
- added thread support on alpha, sparc64
- Update to 0.9.7a (with security fix)
- defaults openssl to port
2003-02-19 21:12:51 +00:00
Dirk Meyer
d8de079d43 - Update to 0.9.7
- rnd_keys.c now in distribution
- drop lib/libRSAglue.a
- build on i386, alpha, sparc64, ia64
- build on 2.2.8 with the gas-patch as noted in FAQ
2003-01-29 20:00:43 +00:00
Dirk Meyer
fcc315c342 - Update to 0.9.6h
- md5 verified
- add test target
- make build on sparc64
2003-01-02 04:17:19 +00:00
Dirk Meyer
1f8692d63c - add rnd_keys.c for compatibilty with base. (patch by: jtraub@isilon.com)
- OPENSSL_OVERWRITE_BASE: fix package building
- Fix install of manpages for 3.x
2002-10-25 20:41:47 +00:00
Dirk Meyer
ed97522b83 Install openssl's man pages in standard manpath
PR:		43658
2002-10-12 20:27:59 +00:00
Dirk Meyer
183c3e7862 Security Update to: 0.9.6g 2002-08-10 08:30:39 +00:00
Dirk Meyer
6120fd5185 Sync Bugfix from CURRENT 2002-08-06 05:46:17 +00:00
Dirk Meyer
6beb927cde Security Update to 0.9.6e 2002-07-30 17:38:18 +00:00
Dirk Meyer
227e98a413 Update to: 0.9.6d
See:
http://www.openssl.org/source/exp/CHANGES

Port improvements:
proccessor type is now detected

Add option: OPENSSL_WITH_386
This set as default for package generation on bento
2002-05-13 18:54:03 +00:00
Dirk Meyer
cd87949d28 - Update to 0.9.6c
- more manpages
- shift FORBIDDEN

 Excerpt of Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
  *) Only add signing time to PKCS7 structures if it is not already present.
  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce
     should be OBJ_id_ce.  Also some ip-pda OIDs in crypto/objects/objects.txt
     were incorrect (cf. RFC 3039).
  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
     returns early because it has nothing to do.
  *) Fix mutex callback return values in crypto/engine/hw_ncipher.c.
  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
     messages are stored in a single piece (fixed-length part and
     variable-length part combined) and fix various bugs found on the way.
  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
     instead.  BIO_gethostbyname() does not know what timeouts are
     appropriate, so entries would stay in cache even when they have
     become invalid.
  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
     faced with a pathologically small ClientHello fragment that does
     not contain client_version: Instead of aborting with an error,
     simply choose the highest available protocol version (i.e.,
     TLS 1.0 unless it is disabled).
  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
     never resets s->method to s->ctx->method when called from within
     one of the SSL handshake functions.
  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
     (sent using the client's version number) if client_version is
     smaller than the protocol version in use.  Also change
     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
     the client will at least see that alert.
  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
     correctly.
  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
     client receives HelloRequest while in a handshake.
  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
     should end in 'break', not 'goto end' which circuments various
     cleanups done in state SSL_ST_OK.   But session related stuff
     must be disabled for SSL_ST_OK in the case that we just sent a
     HelloRequest.  Also avoid some overhead by not calling
     ssl_init_wbio_buffer() before just sending a HelloRequest.
  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
     reveal whether illegal block cipher padding was found or a MAC
     verification error occured.  (Neither SSLerr() codes nor alerts
     are directly visible to potential attackers, but the information
     may leak via logfiles.) ssl/s2_pkt.c failed to verify that the
     purported number of padding bytes is in the legal range.
  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
     'wristwatch attack' using huge encoding parameters (cf.
     James H. Manger's CRYPTO 2001 paper).  Note that the
     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
     encoding parameters and hence was not vulnerable.
  *) BN_sqr() bug fix.
  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
     followed by modular reduction.
  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
     equivalent based on BN_pseudo_rand() instead of BN_rand().
  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
     This function was broken, as the check for a new client hello message
     to handle SGC did not allow these large messages.
  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
     with the same message size as in ssl3_get_certificate_request().
     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
     messages might inadvertently be reject as too long.
  *) Modified SSL library such that the verify_callback that has been set
     specificly for an SSL object with SSL_set_verify() is actually being
     used. Before the change, a verify_callback set with this function was
     ignored and the verify_callback() set in the SSL_CTX at the time of
     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
     to allow the necessary settings.
  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
     dh->length and always used
          BN_rand_range(priv_key, dh->p).
     So switch back to
          BN_rand(priv_key, l, ...)
     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
     otherwise.
  *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt
     RSA_eay_public_decrypt always reject numbers >= n.
  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
     to synchronize access to 'locking_thread'.
  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
     *before* setting the 'crypto_lock_rand' flag.  The previous code had
     a race condition if 0 is a valid thread ID.
2002-04-21 13:02:08 +00:00
Doug Barton
44e687d0d7 Upgrade openssl to 0.9.6a and bump the shlib version in the process
due to non-backwards compatible changes. The shlib bump necessitates
a corresponding bump in bsd.port.mk for the automagic openssl
dependency. Mistakes in the port are my responsibility. Approval for
the bsd.port.mk commit comes through asami -> kkenn -> me. Kris is
a little busy at the moment, so he asked me to lob it in.

Approved by:	kris
2001-05-23 02:47:02 +00:00
Maxim Sobolev
34462bb3fa 1. In addition to OSVERSION test, check for existence of /usr/lib/libssl.a
and don't mark BROKEN if it doesn't exist.
2. Provide a workaround for inability of recent gcc to link shared library
when -Wl,-whole-archive ld(1) option is used. This should make possible to
build the port on recent -stable or -current.
2001-04-22 18:42:35 +00:00
Alfred Perlstein
1f27b851f6 give aout machines shared libraries as well 2001-02-10 01:30:47 +00:00
Dirk Froemberg
e9294f8161 Upgrade to 0.9.5a. 2000-04-16 12:24:45 +00:00
Dirk Froemberg
bd8d8600c4 Build and install shared libraries libcrypto.so.1 and libssl.so.1, too.
Submitted by:	Issei Suzuki <issei@jp.freebsd.org>
1999-11-07 22:19:49 +00:00
Dirk Froemberg
1c26d9497a Upgrade to 0.9.4. 1999-08-09 18:48:15 +00:00
Dirk Froemberg
7282254b71 Upgrade to OpenSSL 0.9.3:
- some changes of the directory layout:
  e. g. ${PREFIX}/lib/openssl.cnf -> ${PREFIX}/openssl/openssl.cnf
1999-06-02 07:30:52 +00:00
Dirk Froemberg
edce2a8b07 Fix build error on FreeBSD-4.0-CURRENT.
Reported by:	Andrzej Tobola <san@tmp.iem.pw.edu.pl>
1999-03-30 22:39:28 +00:00
Dirk Froemberg
5bd84f9d98 - patch-ab needs to patch Makefile.org and not Makefile.ssl. Otherwise
the diffs are trashed because Makefile.org is used as a basis for
  Makefile.ssl during configuration. Now that patch-ab is applied correctly
  libRSAglue.a is installed.

- add patch-aj obtained from the OpenSSL CVS repository:
  "Make sure the RSA OAEP test is skipped under -DRSAref because
   OAEP isn't supported when OpenSSL is built with RSAref."
1999-03-29 14:43:49 +00:00
Dirk Froemberg
0d16fe8fa8 Upgrade to 0.9.2b.
According to the OpenSSL-core-team you are strongly encouraged to upgrade
any old version. The new version has a lot of bug fixes.

- ${PREFIX}/bin/ssleay was renamed to ${PREFIX}/bin/openssl and
  ${PREFIX}/etc/ssleay.cnf to ${PREFIX}/lib/openssl.cnf

- there are no links from e. g. ${PREFIX}/bin/md5 to ${PREFIX}/bin/ssleay
  any longer, instead you have to call "openssl md5" now

- replaced HAS_CONFIGURE, CONFIGURE_SCRIPT and CONFIGURE_ENV with a
  do-configure target and changed the indention level

- some perl scripts need perl5 now, so set USE_PERL5 and replace perl
  with ${PERL5} where neccessary.

- honour ${CFLAGS}
1999-03-26 08:42:49 +00:00
Dirk Froemberg
8ee28cc021 Modify ${PREFIX}/bin/md5 (= ${PREFIX}/bin/ssleay) output string.
PR:		ports/9563
Submitted by:	Shigeyuki FUKUSHIMA <shige@kuis.kyoto-u.ac.jp>
1999-01-20 12:44:04 +00:00
Dirk Froemberg
6364110638 Remove empty patch-ac and add patch-a[ef] which got lost during last commit. 1999-01-10 15:46:01 +00:00
Dirk Froemberg
fb85680370 Bring this port up to openssl-0.9.1c after a repository copy from SSLeay.
OpenSSL is a successor of SSLeay (see http://www.openssl.org/).

This port uses almost the same files as SSLeay. So they can't be
installed both.

- make the port ${PREFIX} clean
- reorganize PLIST (list links as normal files, which makes the PLIST
  shorter and easier to maintain)
- reference ${PREFIX}/etc/ssleay.cnf only (there was a reference to
  ${PREFIX}/lib/ssleay.cnf somewhere)
- some other minor portlint changes
1999-01-09 12:55:50 +00:00
Dirk Froemberg
8d930fd37b Correct pathname.
PR:		ports/9258
Submitted by:	Seigo TANIMURA <tanimura@naklab.dnj.ynu.ac.jp>
1999-01-02 20:38:55 +00:00
Bill Fumerola
32d85fd270 Update incorrect md5 printout.
PR:		ports/9198
Submitted by:	Shigeyuki FUKUSHIMA shige@kuis.kyoto-u.ac.jp
1998-12-27 23:57:40 +00:00
Scott Mace
71c938c5ab Compile Under ELF
PR:		ports/8336 ports/8255
1998-10-19 12:46:24 +00:00
Mark Murray
58337fe7a8 Upgrade to version 0.9.0b 1998-08-27 16:38:03 +00:00
Mark Murray
f8e3fd6b64 Fix this port for RSAref, fix the config files location according to
BSD religion.
1998-02-17 21:14:40 +00:00
Mark Murray
1dc43e3194 Upgrade to 0.6.6 1997-01-13 21:39:44 +00:00
Mark Murray
53cc1b610c Update to 0.6.5 1996-12-11 20:54:57 +00:00
Mark Murray
890f946482 Move to version 0.6.3 1996-08-10 19:15:44 +00:00