summaryrefslogtreecommitdiff
path: root/security/openssl/Makefile
AgeCommit message (Collapse)AuthorFilesLines
2003-03-21* Add patch from http://www.openssl.org/news/secadv_20030317.txt:seb1-2/+2
Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Typically, it will not have been, because it is not easily possible to do so when using OpenSSL to provide SSL or TLS. The enclosed patch switches blinding on by default. Applications that wish to can remove the blinding with RSA_blinding_off(), but this is not generally advised. It is also possible to disable it completely by defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time. The performance impact of blinding appears to be small (a few percent). This problem affects many applications using OpenSSL, in particular, almost all SSL-enabled Apaches. You should rebuild and reinstall OpenSSL, and all affected applications. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0147 to this issue. * Add patch from http://www.openssl.org/news/secadv_20030319.txt: Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. * Bump PKGREVISION.
2003-02-20Add patch from http://www.openssl.org/news/secadv_20030219.txt:wiz1-1/+2
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078) Bump PKGREVISION.
2003-01-28Instead of including bsd.pkg.install.mk directly in a package Makefile,jlam1-2/+2
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
2003-01-23strip leading path from $CC so we don't try to run Configure with argsgrant1-2/+2
eg. 'solaris-sparcv7-/usr/pkg/bin/gcc' :-)
2002-12-07Replace IGNORE with PKG_FAIL_REASON or PKG_SKIP_REASON as appropriate.schmonz1-2/+2
2002-11-30Explicitly specify the path to Perl5 executable for configure script.uebayasi1-2/+2
Reported by Jonathan Perkin in PR19205.
2002-09-07Use buildlink2 and pass an extra flag to the configure script so that ifjlam1-3/+4
RSAref is used, then the library may be found.
2002-08-25Merge changes in packages from the buildlink2 branch that havejlam1-1/+1
buildlink2.mk files back into the main trunk.
2002-08-19Fix a comment, and improve pattern to also work on netbsd-1-4.wiz1-3/+3
2002-08-19Compile no-shared on 1.4.x. This makes the package install and work for mewiz1-1/+6
on 1.4.2/i386. Approved by agc.
2002-08-15Revert Makefile,v.1.56, as the NetBSD patches were causing intractablefredb1-9/+16
problems for Solaris. Instead, handle patch for NetBSD-1.4.2 specially.
2002-08-10It just occurred to me that the ${PATCHDIR} patches developed against thefredb1-4/+4
NetBSD-patched codebase won't apply cleanly (or at all) without the NetBSD patch. Therefore, remove the `.if ${OS}' condition for applying the patch, so Solaris and Darwin start with the same codebase. Fix as needed.
2002-08-10Update to 0.9.6g. The most significant change is this proof againstfredb1-4/+3
a stunning DoS vulnerability, fixed in 0.9.6f: *) Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] Regenerate the netbsd patch. This is now a clean diff against the vendor tag, with version-number-only changes elided. Partially revert "crypto/dist/openssl/crypto/rand/randfile.c", version 1.4 (via additional pkgsrc patch), to give this a shot to compile on NetBSD-1.4.2 and earlier, which had no strlcpy() or strlcat(). Assemble the shared library without "-Bsymbolic", mainly to give this a shot at linking on NetBSD-a.out (untested).
2002-08-09* Change the perl paths in the various build scripts to ${PERL5} and notjlam1-11/+12
${LOCALBASE}/bin/perl. * Refer to the make program used to drive the build and installation as "${MAKE_PROGRAM}". * Instead of explicitly setting PKG_SYSCONFBASE=/etc, use the pkg-specific override PKG_SYSCONFDIR.openssl, and optionally set it so that the user still has the option of overriding its value. * Use bsd.pkg.install.mk to install the default config file (openssl.cnf) and to create and remove the extra config directories. This lets us reemove the extra lines in PLIST that do the same thing.
2002-08-04Update openssl to 0.9.6e. This update fixes multiple vulnerabilities,fredb1-107/+33
and also changes the ABI of "libcrypto" and "libssl". (So the shared library majors and buildlink requirements are bumped, too.) The code base is now synced perfectly with NetBSD HEAD and netbsd-1-6 branches as of 2002-08-04, the optimization levels are reduced to "-O2", but I've retained some of the processor optimization flags and different code path #defines in the "Configure" script, just to keep things interesting. The default "certs" directory on NetBSD is now "/etc/openssl/certs", to give continuity to those who find themselves using the package system's "openssl" after upgrading a package that formerly used the base system's. [Suggested by itojun.] The best way to avoid such problems, however, is to upgrade your base system *first*. I'm making use of the new and improved build system as much as possible. This gives us a cleaner way to make shared libraries and real man pages, but loses many of the symlinks to the openssl binary. I've culled items from the "CHANGES" file that appear to have security implications or are particularly interesting for NetBSD users, below. My comments are marked off with '===>'. ===> This is from the netbsd-20020804-patch *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>, Alon Kantor <alonk@checkpoint.com> (and others), Steve Henson] Changes between 0.9.6d and 0.9.6e [30 Jul 2002] *) New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure that was added in OpenSSL 0.9.6d. As the countermeasure turned out to be incompatible with some broken SSL implementations, the new option is part of SSL_OP_ALL. SSL_OP_ALL is usually employed when compatibility with weird SSL implementations is desired (e.g. '-bugs' option to 's_client' and 's_server'), so the new option is automatically set in many applications. [Bodo Moeller] *) Changes in security patch: Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the supplied buffer. [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] *) Assertions for various potential buffer overflows, not known to happen in practice. [Ben Laurie (CHATS)] *) Various temporary buffers to hold ASCII versions of integers were too small for 64 bit platforms. (CAN-2002-0655) [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> *) Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized session ID to a client. (CAN-2002-0656) [Ben Laurie (CHATS)] *) Remote buffer overflow in SSL2 protocol - an attacker could supply an oversized client master key. (CAN-2002-0656) [Ben Laurie (CHATS)] Changes between 0.9.6c and 0.9.6d [9 May 2002] *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs with data potentially chosen by the attacker. [Bodo Moeller] Changes between 0.9.6a and 0.9.6b [9 Jul 2001] *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) to avoid a SSLeay/OpenSSL PRNG weakness pointed out by Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>: PRNG state recovery was possible based on the output of one PRNG request appropriately sized to gain knowledge on 'md' followed by enough consecutive 1-byte PRNG requests to traverse all of 'state'. 1. When updating 'md_local' (the current thread's copy of 'md') during PRNG output generation, hash all of the previous 'md_local' value, not just the half used for PRNG output. 2. Make the number of bytes from 'state' included into the hash independent from the number of PRNG bytes requested. The first measure alone would be sufficient to avoid Markku-Juhani's attack. (Actually it had never occurred to me that the half of 'md_local' used for chaining was the half from which PRNG output bytes were taken -- I had always assumed that the secret half would be used.) The second measure makes sure that additional data from 'state' is never mixed into 'md_local' in small portions; this heuristically further strengthens the PRNG. [Bodo Moeller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 when fixing the server behaviour for backwards-compatible 'client hello' messages. (Note that the attack is impractical against SSL 3.0 and TLS 1.0 anyway because length and version checking means that the probability of guessing a valid ciphertext is around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 paper.) Before 0.9.5, the countermeasure (hide the error by generating a random 'decryption result') did not work properly because ERR_clear_error() was missing, meaning that SSL_get_error() would detect the supposedly ignored error. Both problems are now fixed. [Bodo Moeller] Changes between 0.9.6 and 0.9.6a [5 Apr 2001] ===> This is our ABI change. *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes with des_encrypt() defined on some operating systems, like Solaris and UnixWare. [Richard Levitte] *) Don't use getenv in library functions when run as setuid/setgid. New function OPENSSL_issetugid(). [Ulf Moeller] *) Store verify_result within SSL_SESSION also for client side to avoid potential security hole. (Re-used sessions on the client side always resulted in verify_result==X509_V_OK, not using the original result of the server certificate verification.) [Lutz Jaenicke] ===> package doesn't doesn't do this. We'll bump major versions ===> as necessary. *) Make sure that shared libraries get the internal name engine with the full version number and not just 0. This should mark the shared libraries as not backward compatible. Of course, this should be changed again when we can guarantee backward binary compatibility. [Richard Levitte] *) Rework the system to generate shared libraries: - Make note of the expected extension for the shared libraries and if there is a need for symbolic links from for example libcrypto.so.0 to libcrypto.so.0.9.7. There is extended info in Configure for that. - Make as few rebuilds of the shared libraries as possible. - Still avoid linking the OpenSSL programs with the shared libraries. - When installing, install the shared libraries separately from the static ones.
2002-07-28Build on Darwin using patches from Apple's Darwin source repository,schmonz1-2/+2
via Fink.
2002-07-24Change explicit build dependencies on perl into "USE_PERL5=build". Thisjlam1-2/+2
makes these packages build correctly on Darwin where perl>=5.8.0 is required.
2002-05-08G/c references to ftp.uni-trier.de.kleink1-3/+2
2001-11-29Get rid of manually adding "nbX" to PKGNAME when a pkg was changed inhubertf1-2/+2
pkgsrc. Instead, a new variable PKGREVISION is invented that can get bumped independent of DISTNAME and PKGNAME. Example #1: DISTNAME= foo-X.Y PKGREVISION= Z => PKGNAME= foo-X.YnbZ Example #2: DISTNAME= barthing-X.Y PKGNAME= bar-X.Y PKGREVISION= Z => PKGNAME= bar=X.YnbZ (!) On subsequent changes, only PKGREVISION needs to be bumped, no more risk of getting DISTNAME changed accidentally.
2001-10-18SVR4 packages have a limit of 9 chars for a package name.veego1-1/+2
The automatic truncation in gensolpkg doesn't work for packages which have the same package name for the first 5-6 chars. e.g. amanda-server and amanda-client would be named amanda and amanda. Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for amanda-server. All svr4 packages also have a vendor tag, so we have to reserve some chars for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6 or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the vendor tag enough room. All p5-* packages and a few other packages have now a SVR4_PKGNAME.
2001-10-18Add conflict between "glimpse" and "openssl" package. They both installtron1-2/+3
"bin/cast" in "${LOCALBASE}".
2001-09-27Mechanical changes to 375 files to change dependency patterns of the formjlam1-2/+2
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the packages whose base package name is "foo", and not those named "foo-bar". A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also change dependency examples in Packages.txt to reflect this.
2001-09-14Super bump the major numbers for libssl and libcrypto so that they don'tskrll1-5/+5
conflict with the -current versions.
2001-08-30Record libssl dependency on libcrypt.skrll1-2/+2
This allows a mixture of 1.5.x openssl (version<0.9.5) and security/openssl (version>=0.9.6) to actually work.
2001-07-11Pull in security fix from basesrc by itojun. Commit message was:wiz1-1/+2
fix PRNG weakness. the workaround presented on bugtraq posting. Update to 0.9.6nb1.
2001-07-10Add support for "SPARC_TARGET_ARCH".tron1-3/+9
2001-05-22We also work under Linuxabs1-2/+2
2001-05-11Move NetBSD only patches to a distribution patch file to avoid uglytron1-11/+4
conditional patch hack.
2001-04-30Change build dependency from perl-5.* to perl>=${PERL5_REQD}. Also changejlam1-2/+2
dependency from libperl-5.* to libperl>=${PERL5_REQD}.
2001-04-17clarify comment on LICENSE line.itojun1-2/+2
2001-04-09- Install new include files so that this package can be used to buildtron1-22/+18
applications again. - Fix patch sum for Solaris.
2001-04-09Update to OpenSSL 0.9.6. Update contributed by Dave Burgess,fredb1-2/+2
in PR pkg/12569. Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: o Some documentation for BIO and SSL libraries. o Enhanced chain verification using key identifiers. o New sign and verify options to 'dgst' application. o Support for DER and PEM encoded messages in 'smime' application. o New 'rsautl' application, low level RSA utility. [*] o MD4 now included. o Bugfix for SSL rollback padding check. o Support for external crypto devices [1]. o Enhanced EVP interface. [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. [*] Not installed with the package.
2001-04-09Make an explicit BUILD_DEPENDS on perl5, rather than the run-time DEPENDSfredb1-2/+3
that USE_PERL implies, as the core functionality of this package does not depend on perl. The user can always install perl later, to format the "pod" docs or to run the installed scripts.
2001-04-05Standardize patch file names.wiz1-2/+2
2001-03-24- -Supply the customary symlinks for NetBSD/ELF.fredb1-4/+10
- -Make the "test" target work. - -Allow the user to set USE_RSAREF2. (It works!) Not sure why you'd ever want to...
2001-03-01Revert rev. 1.30 which didn't do anything with MKDIR but ratherhubertf1-2/+2
bumbed the version accidentally.
2001-02-27security/openssl and converters/base64 both install a 'base64' executable,wiz1-2/+2
so make them CONFLICT (pkg/11408).
2001-02-25Cleanup MKDIR usage => INSTALL_*_DIRhubertf1-2/+2
XXX need to teach pkglint to be more picky about this
2001-02-20Work around Solaris' braindead "ln -f" (which just does not do anything)hubertf1-1/+2
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz1-1/+2
2001-01-17Should make this buildable on Solaris, too. Untested for lack of Solaris.wiz1-1/+5
2001-01-14Pass "${CC}" to configure script.tron1-2/+2
2000-12-28Enable on alpha again; according to itojun, the referenced PR doesn'twiz1-3/+3
apply to the package.
2000-10-11Openssl no longer conflicts with kth-krb4.wennmach1-2/+2
2000-10-10add LICENCE=fee-based-commercial-use, for use of IDEA/RC5 logic.itojun1-1/+4
(per discussion on packages@netbsd.org)
2000-09-28openssl is broken on alpha, and openssh hangs in configure when checkinghubertf1-3/+3
for openssl libs. Disable both, and reference PR to fix it. XXX should be changed for USE_SSL.
2000-09-09Reorganize crypto handling, as discussed on tech-pkg. Remove allfredb1-16/+4
RESTRICTED= variables that were predicated on former U.S. export regulations. Add CRYPTO=, as necessary, so it's still possible to exclude all crypto packages from a build by setting MKCRYPTO=no (but "lintpkgsrc -R" will no longer catch them). Specifically, - - All packages which set USE_SSL just lose their RESTRICTED variable, since MKCRYPTO responds to USE_SSL directly. - - realplayer7 and ns-flash keep their RESTRICTED, which is based on license terms, but also gain the CRYPTO variable. - - srp-client is now marked broken, since the distfile is evidently no longer available. On this, we're no worse off than before. [We haven't been mirroring the distfile, or testing the build!] - - isakmpd gets CRYPTO for RESTRICTED, but remains broken. - - crack loses all restrictions, as it does not evidently empower a user to utilize strong encryption (working definition: ability to encode a message that requires a secret key plus big number arithmetic to decode).
2000-09-05Added a CONFLICT with kth-krb4. Both pkgs install a `des' binary inwennmach1-2/+2
the same place, $PREFIX/bin/des.
2000-08-27Use new PERL5 variable instead of ${LOCALBASE}/bin/perl.jlam1-5/+4
2000-08-21Update IGNORE-messages for recent changes: add ${PKGNAME} wherehubertf1-2/+2
appropriate.