Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 May 2020 19:38:10 +0000 (UTC)
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r536340 - head/security/openssl-devel
Message-ID:  <202005231938.04NJcAhK010071@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: brnrd
Date: Sat May 23 19:38:10 2020
New Revision: 536340
URL: https://svnweb.freebsd.org/changeset/ports/536340

Log:
  security/openssl-devel: Add modules options
  
  Submitted by:	gordon@freebsd.org
  Differential Revision:	https://reviews.freebsd.org/D24965

Modified:
  head/security/openssl-devel/Makefile
  head/security/openssl-devel/pkg-plist

Modified: head/security/openssl-devel/Makefile
==============================================================================
--- head/security/openssl-devel/Makefile	Sat May 23 19:35:43 2020	(r536339)
+++ head/security/openssl-devel/Makefile	Sat May 23 19:38:10 2020	(r536340)
@@ -33,18 +33,21 @@ LDFLAGS_i386=	-Wl,-znotext
 MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
 MAKE_ENV+=	LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
 
-OPTIONS_GROUP=		CIPHERS HASHES OPTIMIZE PROTOCOLS
+OPTIONS_GROUP=		CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS
 OPTIONS_GROUP_CIPHERS=	ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS
 OPTIONS_GROUP_HASHES=	MD2 MD4 MDC2 RMD160 SM2 SM3
 OPTIONS_GROUP_OPTIMIZE=	ASM SSE2 THREADS
+OPTIONS_GROUP_MODULES=	FIPS LEGACY
 OPTIONS_DEFINE_i386=	I386
 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
 
-OPTIONS_DEFINE=	ASYNC CT MAN3 RFC3779 SHARED ZLIB
+OPTIONS_DEFINE=	ASYNC CT KTLS MAN3 RFC3779 SHARED ZLIB
 
-OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC MAN3 MD4 NEXTPROTONEG RC2 RC4 \
+OPTIONS_DEFAULT=ASM ASYNC CT FIPS GOST DES EC MAN3 MD4 NEXTPROTONEG RC2 RC4 \
 		RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2
 
+OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:}
+
 OPTIONS_GROUP_OPTIMIZE_amd64=	EC
 
 .if ${MACHINE_ARCH} == "amd64"
@@ -62,14 +65,18 @@ CIPHERS_DESC=	Block Cipher Support
 CT_DESC=	Certificate Transparency Support
 DES_DESC=	(Triple) Data Encryption Standard
 EC_DESC=	Optimize NIST elliptic curves
+FIPS_DESC=	Build FIPS provider (Note: NOT yet FIPS validated)
 GOST_DESC=	GOST (Russian standard)
 HASHES_DESC=	Hash Function Support
 I386_DESC=	i386 (instead of i486+)
 IDEA_DESC=	International Data Encryption Algorithm
+KTLS_DESC=	Use in-kernel TLS (FreeBSD >13)
+LEGACY_DESC=	Older algorithms
 MAN3_DESC=	Install API manpages (section 3, 7)
-MD2_DESC=	MD2 (obsolete)
+MD2_DESC=	MD2 (obsolete) (requires LEGACY)
 MD4_DESC=	MD4 (unsafe)
 MDC2_DESC=	MDC-2 (patented, requires DES)
+MODULES_DESC=	Provider modules
 NEXTPROTONEG_DESC=	Next Protocol Negotiation (SPDY)
 OPTIMIZE_DESC=	Optimizations
 PROTOCOLS_DESC=	Protocol Support
@@ -92,16 +99,18 @@ WEAK-SSL-CIPHERS_DESC=	Weak cipher support (unsafe)
 ZLIB_DESC=	zlib compression support
 
 # Upstream default disabled options
-.for _option in md2 rc5 sctp ssl3 weak-ssl-ciphers zlib
+.for _option in md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib
 ${_option:tu}_CONFIGURE_ON=	enable-${_option}
 .endfor
 
 # Upstream default enabled options
-.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \
-	rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2
+.for _option in aria asm async ct des fips gost idea md4 mdc2 legacy \
+	nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \
+	threads tls1 tls1_1 tls1_2
 ${_option:tu}_CONFIGURE_OFF=	no-${_option}
 .endfor
 
+MD2_IMPLIES=	LEGACY
 MDC2_IMPLIES=	DES
 TLS1_IMPLIES=	TLS1_1
 TLS1_1_IMPLIES=	TLS1_2

Modified: head/security/openssl-devel/pkg-plist
==============================================================================
--- head/security/openssl-devel/pkg-plist	Sat May 23 19:35:43 2020	(r536339)
+++ head/security/openssl-devel/pkg-plist	Sat May 23 19:38:10 2020	(r536340)
@@ -136,8 +136,8 @@ lib/libcrypto.a
 lib/libssl.a
 %%SHARED%%lib/libssl.so
 %%SHARED%%lib/libssl.so.%%SHLIBVER%%
-%%SHARED%%lib/ossl-modules/fips.so
-%%SHARED%%lib/ossl-modules/legacy.so
+%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so
+%%LEGACY%%%%SHARED%%lib/ossl-modules/legacy.so
 libdata/pkgconfig/libcrypto.pc
 libdata/pkgconfig/libssl.pc
 libdata/pkgconfig/openssl.pc



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005231938.04NJcAhK010071>