From owner-svn-ports-all@freebsd.org Sat May 23 19:38:11 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 788662DBFD5; Sat, 23 May 2020 19:38:11 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Tttq2HSjz4XY4; Sat, 23 May 2020 19:38:11 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 49C1C14E4D; Sat, 23 May 2020 19:38:11 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04NJcB8m010073; Sat, 23 May 2020 19:38:11 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04NJcAhK010071; Sat, 23 May 2020 19:38:10 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <202005231938.04NJcAhK010071@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Sat, 23 May 2020 19:38:10 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r536340 - head/security/openssl-devel X-SVN-Group: ports-head X-SVN-Commit-Author: brnrd X-SVN-Commit-Paths: head/security/openssl-devel X-SVN-Commit-Revision: 536340 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2020 19:38:11 -0000 Author: brnrd Date: Sat May 23 19:38:10 2020 New Revision: 536340 URL: https://svnweb.freebsd.org/changeset/ports/536340 Log: security/openssl-devel: Add modules options Submitted by: gordon@freebsd.org Differential Revision: https://reviews.freebsd.org/D24965 Modified: head/security/openssl-devel/Makefile head/security/openssl-devel/pkg-plist Modified: head/security/openssl-devel/Makefile ============================================================================== --- head/security/openssl-devel/Makefile Sat May 23 19:35:43 2020 (r536339) +++ head/security/openssl-devel/Makefile Sat May 23 19:38:10 2020 (r536340) @@ -33,18 +33,21 @@ LDFLAGS_i386= -Wl,-znotext MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= -OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS +OPTIONS_GROUP= CIPHERS HASHES MODULES OPTIMIZE PROTOCOLS OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS +OPTIONS_GROUP_MODULES= FIPS LEGACY OPTIONS_DEFINE_i386= I386 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 -OPTIONS_DEFINE= ASYNC CT MAN3 RFC3779 SHARED ZLIB +OPTIONS_DEFINE= ASYNC CT KTLS MAN3 RFC3779 SHARED ZLIB -OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC MAN3 MD4 NEXTPROTONEG RC2 RC4 \ +OPTIONS_DEFAULT=ASM ASYNC CT FIPS GOST DES EC MAN3 MD4 NEXTPROTONEG RC2 RC4 \ RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 +OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} + OPTIONS_GROUP_OPTIMIZE_amd64= EC .if ${MACHINE_ARCH} == "amd64" @@ -62,14 +65,18 @@ CIPHERS_DESC= Block Cipher Support CT_DESC= Certificate Transparency Support DES_DESC= (Triple) Data Encryption Standard EC_DESC= Optimize NIST elliptic curves +FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) GOST_DESC= GOST (Russian standard) HASHES_DESC= Hash Function Support I386_DESC= i386 (instead of i486+) IDEA_DESC= International Data Encryption Algorithm +KTLS_DESC= Use in-kernel TLS (FreeBSD >13) +LEGACY_DESC= Older algorithms MAN3_DESC= Install API manpages (section 3, 7) -MD2_DESC= MD2 (obsolete) +MD2_DESC= MD2 (obsolete) (requires LEGACY) MD4_DESC= MD4 (unsafe) MDC2_DESC= MDC-2 (patented, requires DES) +MODULES_DESC= Provider modules NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) OPTIMIZE_DESC= Optimizations PROTOCOLS_DESC= Protocol Support @@ -92,16 +99,18 @@ WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) ZLIB_DESC= zlib compression support # Upstream default disabled options -.for _option in md2 rc5 sctp ssl3 weak-ssl-ciphers zlib +.for _option in md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib ${_option:tu}_CONFIGURE_ON= enable-${_option} .endfor # Upstream default enabled options -.for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \ - rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2 +.for _option in aria asm async ct des fips gost idea md4 mdc2 legacy \ + nextprotoneg rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 sse2 \ + threads tls1 tls1_1 tls1_2 ${_option:tu}_CONFIGURE_OFF= no-${_option} .endfor +MD2_IMPLIES= LEGACY MDC2_IMPLIES= DES TLS1_IMPLIES= TLS1_1 TLS1_1_IMPLIES= TLS1_2 Modified: head/security/openssl-devel/pkg-plist ============================================================================== --- head/security/openssl-devel/pkg-plist Sat May 23 19:35:43 2020 (r536339) +++ head/security/openssl-devel/pkg-plist Sat May 23 19:38:10 2020 (r536340) @@ -136,8 +136,8 @@ lib/libcrypto.a lib/libssl.a %%SHARED%%lib/libssl.so %%SHARED%%lib/libssl.so.%%SHLIBVER%% -%%SHARED%%lib/ossl-modules/fips.so -%%SHARED%%lib/ossl-modules/legacy.so +%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so +%%LEGACY%%%%SHARED%%lib/ossl-modules/legacy.so libdata/pkgconfig/libcrypto.pc libdata/pkgconfig/libssl.pc libdata/pkgconfig/openssl.pc