svn commit: r280306 - in head: secure/lib/libcrypto secure/lib/libssl sys/sys

Fri Mar 20 23:48:15 UTC 2015

Author: jkim
Date: Fri Mar 20 23:48:11 2015
New Revision: 280306
URL: https://svnweb.freebsd.org/changeset/base/280306

Log:
  Disable insecure SSLv2 support from the base OpenSSL.
  
  Differential Revision:	https://reviews.freebsd.org/D1304

Modified:
  head/secure/lib/libcrypto/opensslconf-arm.h
  head/secure/lib/libcrypto/opensslconf-mips.h
  head/secure/lib/libcrypto/opensslconf-powerpc.h
  head/secure/lib/libcrypto/opensslconf-sparc64.h
  head/secure/lib/libcrypto/opensslconf-x86.h
  head/secure/lib/libssl/Makefile
  head/sys/sys/param.h

Modified: head/secure/lib/libcrypto/opensslconf-arm.h
==============================================================================

--- head/secure/lib/libcrypto/opensslconf-arm.h	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/secure/lib/libcrypto/opensslconf-arm.h	Fri Mar 20 23:48:11 2015	(r280306)
@@ -27,6 +27,9 @@ extern "C" {
 #ifndef OPENSSL_NO_SCTP
 # define OPENSSL_NO_SCTP
 #endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
@@ -69,6 +72,9 @@ extern "C" {
 # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
 #  define NO_SCTP
 # endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif

Modified: head/secure/lib/libcrypto/opensslconf-mips.h
==============================================================================
--- head/secure/lib/libcrypto/opensslconf-mips.h	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/secure/lib/libcrypto/opensslconf-mips.h	Fri Mar 20 23:48:11 2015	(r280306)
@@ -27,6 +27,9 @@ extern "C" {
 #ifndef OPENSSL_NO_SCTP
 # define OPENSSL_NO_SCTP
 #endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
@@ -69,6 +72,9 @@ extern "C" {
 # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
 #  define NO_SCTP
 # endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif

Modified: head/secure/lib/libcrypto/opensslconf-powerpc.h
==============================================================================
--- head/secure/lib/libcrypto/opensslconf-powerpc.h	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/secure/lib/libcrypto/opensslconf-powerpc.h	Fri Mar 20 23:48:11 2015	(r280306)
@@ -27,6 +27,9 @@ extern "C" {
 #ifndef OPENSSL_NO_SCTP
 # define OPENSSL_NO_SCTP
 #endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
@@ -69,6 +72,9 @@ extern "C" {
 # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
 #  define NO_SCTP
 # endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif

Modified: head/secure/lib/libcrypto/opensslconf-sparc64.h
==============================================================================
--- head/secure/lib/libcrypto/opensslconf-sparc64.h	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/secure/lib/libcrypto/opensslconf-sparc64.h	Fri Mar 20 23:48:11 2015	(r280306)
@@ -27,6 +27,9 @@ extern "C" {
 #ifndef OPENSSL_NO_SCTP
 # define OPENSSL_NO_SCTP
 #endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
@@ -69,6 +72,9 @@ extern "C" {
 # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
 #  define NO_SCTP
 # endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif

Modified: head/secure/lib/libcrypto/opensslconf-x86.h
==============================================================================
--- head/secure/lib/libcrypto/opensslconf-x86.h	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/secure/lib/libcrypto/opensslconf-x86.h	Fri Mar 20 23:48:11 2015	(r280306)
@@ -27,6 +27,9 @@ extern "C" {
 #ifndef OPENSSL_NO_SCTP
 # define OPENSSL_NO_SCTP
 #endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
@@ -66,6 +69,9 @@ extern "C" {
 # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
 #  define NO_SCTP
 # endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif

Modified: head/secure/lib/libssl/Makefile
==============================================================================
--- head/secure/lib/libssl/Makefile	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/secure/lib/libssl/Makefile	Fri Mar 20 23:48:11 2015	(r280306)
@@ -12,11 +12,11 @@ NO_LINT=
 
 SRCS=	bio_ssl.c d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c \
 	d1_srtp.c d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c \
-	s23_srvr.c s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \
-	s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \
-	s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \
-	ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \
-	t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c tls_srp.c
+	s23_srvr.c s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c \
+	s3_pkt.c s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \
+	ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \
+	ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c \
+	tls_srp.c
 
 INCS=	dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
 INCSDIR=${INCLUDEDIR}/openssl

Modified: head/sys/sys/param.h
==============================================================================
--- head/sys/sys/param.h	Fri Mar 20 21:56:48 2015	(r280305)
+++ head/sys/sys/param.h	Fri Mar 20 23:48:11 2015	(r280306)
@@ -58,7 +58,7 @@
  *		in the range 5 to 9.
  */
 #undef __FreeBSD_version
-#define __FreeBSD_version 1100065	/* Master, propagated to newvers */
+#define __FreeBSD_version 1100066	/* Master, propagated to newvers */
 
 /*
  * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,
