Date: Thu, 18 Sep 2025 19:17:50 GMT From: Enji Cooper <ngie@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: d5984d5f29a7 - main - OpenSSL: update Makefiles to reflect 3.5.1 release Message-ID: <202509181917.58IJHoPv088807@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=d5984d5f29a7c717b88ccd17a85a747792403cdf commit d5984d5f29a7c717b88ccd17a85a747792403cdf Author: Enji Cooper <ngie@FreeBSD.org> AuthorDate: 2025-09-08 03:20:42 +0000 Commit: Enji Cooper <ngie@FreeBSD.org> CommitDate: 2025-09-18 19:17:44 +0000 OpenSSL: update Makefiles to reflect 3.5.1 release This is a targeted effort to update the INCS and SRCS entries for libcrypto, the legacy provider, and libssl to match what upstream (OpenSSL) builds in their respective libraries. The number of stylistic changes were kept at a minimum. Another incoming change will reformat this file to make future maintenance easier. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52554 --- secure/lib/libcrypto/Makefile | 49 +++++++++++++++++----------- secure/lib/libcrypto/modules/Makefile.inc | 7 ---- secure/lib/libcrypto/modules/legacy/Makefile | 41 ++++++++++++++++++++--- secure/lib/libssl/Makefile | 2 +- share/mk/src.libnames.mk | 2 +- 5 files changed, 68 insertions(+), 33 deletions(-) diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 75ebb6e65327..5cb3f5a7c3fe 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -91,7 +91,7 @@ SRCS+= x_bignum.c x_info.c x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c SRCS+= x_val.c # async -SRCS+= async.c async_err.c async_posix.c async_wait.c +SRCS+= async.c async_err.c async_null.c async_posix.c async_wait.c async_win.c # bf SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_prefix.c bf_readbuff.c bf_skey.c @@ -224,7 +224,11 @@ SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_meth.c dsa_ossl.c dsa_pmeth.c SRCS+= dsa_prn.c dsa_sign.c dsa_vrf.c # dso +SRCS+= dso_dl.c SRCS+= dso_dlfcn.c dso_err.c dso_lib.c +SRCS+= dso_openssl.c +SRCS+= dso_vms.c +SRCS+= dso_win32.c # ec SRCS+= curve25519.c curve448.c curve448_tables.c ec2_oct.c ec2_smpl.c @@ -291,7 +295,7 @@ SRCS+= ffc_params.c ffc_params_generate.c ffc_params_validate.c SRCS+= hashtable.c hashfunc.c # hmac -SRCS+= hmac.c hmac_s390x.c +SRCS+= hmac.c # hpke SRCS+= hpke_util.c hpke.c @@ -424,17 +428,10 @@ SRCS+= cipher_aes_xts_fips.c SRCS+= cipher_aes_gcm_siv.c cipher_aes_gcm_siv_hw.c \ cipher_aes_gcm_siv_polyval.c SRCS+= cipher_aes_siv.c cipher_aes_siv_hw.c -SRCS+= cipher_blowfish.c cipher_blowfish_hw.c SRCS+= cipher_camellia.c cipher_camellia_hw.c -SRCS+= cipher_cast5.c cipher_cast5_hw.c SRCS+= cipher_chacha20.c cipher_chacha20_hw.c SRCS+= cipher_chacha20_poly1305.c cipher_chacha20_poly1305_hw.c -SRCS+= cipher_des.c cipher_des_hw.c -SRCS+= cipher_desx.c cipher_desx_hw.c SRCS+= cipher_null.c -SRCS+= cipher_rc4.c cipher_rc4_hw.c -SRCS+= cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c -SRCS+= cipher_seed.c cipher_seed_hw.c SRCS+= cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c SRCS+= cipher_tdes_default.c cipher_tdes_default_hw.c \ cipher_tdes_wrap.c cipher_tdes_wrap_hw.c @@ -442,12 +439,10 @@ SRCS+= cipher_tdes_default.c cipher_tdes_default_hw.c \ # providers/implementations/digests SRCS+= digestcommon.c SRCS+= blake2_prov.c blake2b_prov.c blake2s_prov.c -SRCS+= md4_prov.c SRCS+= md5_prov.c md5_sha1_prov.c SRCS+= null_prov.c SRCS+= ripemd_prov.c SRCS+= sha2_prov.c sha3_prov.c -SRCS+= wp_prov.c # providers/implementations/encode_decode SRCS+= decode_der2key.c decode_epki2pki.c decode_msblob2key.c decode_pvk2key.c @@ -463,8 +458,8 @@ SRCS+= kdf_exch.c # providers/implementations/kdfs SRCS+= argon2.c hkdf.c hmacdrbg_kdf.c kbkdf.c krb5kdf.c -SRCS+= pbkdf1.c pbkdf2.c pbkdf2_fips.c -SRCS+= pkcs12kdf.c pvkkdf.c scrypt.c sskdf.c sshkdf.c tls1_prf.c x942kdf.c +SRCS+= pbkdf2.c pbkdf2_fips.c +SRCS+= pkcs12kdf.c scrypt.c sskdf.c sshkdf.c tls1_prf.c x942kdf.c # providers/implementations/kem SRCS+= ec_kem.c ecx_kem.c kem_util.c ml_kem_kem.c mlx_kem.c rsa_kem.c @@ -484,6 +479,7 @@ SRCS+= siphash_prov.c # providers/implementations/rands SRCS+= drbg.c drbg_ctr.c drbg_hash.c drbg_hmac.c test_rng.c SRCS+= seed_src.c +SRCS+= seed_src_jitter.c # providers/implementations/rands/seeding SRCS+= rand_cpu_x86.c rand_tsc.c rand_unix.c rand_win.c @@ -499,7 +495,7 @@ SRCS+= aes_skmgmt.c generic.c SRCS+= file_store.c file_store_any2obj.c # rand -SRCS+= prov_seed.c rand_deprecated.c rand_egd.c rand_err.c rand_lib.c +SRCS+= prov_seed.c rand_deprecated.c rand_err.c rand_lib.c SRCS+= rand_meth.c rand_pool.c rand_uniform.c randfile.c # rc2 @@ -573,7 +569,10 @@ SRCS+= store_err.c store_init.c store_lib.c store_meth.c store_register.c SRCS+= store_result.c store_strings.c # thread -SRCS+= api.c arch.c arch/thread_win.c arch/thread_posix.c arch/thread_none.c internal.c +SRCS+= api.c arch.c internal.c +SRCS+= thread_none.c +SRCS+= thread_posix.c +SRCS+= thread_win.c # ts SRCS+= ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c ts_req_utils.c @@ -620,11 +619,21 @@ SRCS+= x509type.c INCS= aes.h asn1.h asn1err.h asn1t.h async.h asyncerr.h bio.h INCS+= bioerr.h blowfish.h bn.h bnerr.h buffer.h buffererr.h byteorder.h camellia.h -INCS+= cast.h cmac.h cmp.h cmp_util.h cmperr.h cms.h cmserr.h comp.h comperr.h conf.h conf_api.h +INCS+= cast.h cmac.h cmp.h cmp_util.h cmperr.h cms.h cmserr.h comp.h comperr.h conf.h INCS+= conferr.h configuration.h conftypes.h core.h core_dispatch.h core_names.h core_object.h INCS+= crmf.h crmferr.h crypto.h cryptoerr.h cryptoerr_legacy.h ct.h cterr.h -INCS+= decoder.h decodererr.h des.h dh.h dherr.h dsa.h -INCS+= dsaerr.h dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h +INCS+= decoder.h decodererr.h +INCS+= der_digests.h +INCS+= der_dsa.h +INCS+= der_ec.h +INCS+= der_ecx.h +INCS+= der_ml_dsa.h +INCS+= der_rsa.h +INCS+= der_slh_dsa.h +INCS+= der_wrap.h +INCS+= des.h dh.h dherr.h dsa.h +INCS+= dsaerr.h +INCS+= dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h INCS+= engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h fips_names.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.h obj_mac.h INCS+= objects.h objectserr.h ocsp.h ocsperr.h opensslconf.h opensslv.h @@ -762,6 +771,7 @@ PICFLAG+= -DOPENSSL_PIC ${LCRYPTO_SRC}/crypto/stack \ ${LCRYPTO_SRC}/crypto/store \ ${LCRYPTO_SRC}/crypto/thread \ + ${LCRYPTO_SRC}/crypto/thread/arch \ ${LCRYPTO_SRC}/crypto/ts \ ${LCRYPTO_SRC}/crypto/txt_db \ ${LCRYPTO_SRC}/crypto/ui \ @@ -771,6 +781,7 @@ PICFLAG+= -DOPENSSL_PIC ${LCRYPTO_SRC}/providers \ ${LCRYPTO_SRC}/providers/common \ ${LCRYPTO_SRC}/providers/common/der \ + ${LCRYPTO_SRC}/providers/common/include/prov \ ${LCRYPTO_SRC}/providers/implementations/asymciphers \ ${LCRYPTO_SRC}/providers/implementations/ciphers \ ${LCRYPTO_SRC}/providers/implementations/digests \ @@ -787,4 +798,4 @@ PICFLAG+= -DOPENSSL_PIC ${LCRYPTO_SRC}/providers/implementations/storemgmt \ ${LCRYPTO_SRC}/ssl \ ${LCRYPTO_SRC}/ssl/record \ - ${LCRYPTO_SRC}/ssl/record/methods + ${LCRYPTO_SRC}/ssl/record/methods \ diff --git a/secure/lib/libcrypto/modules/Makefile.inc b/secure/lib/libcrypto/modules/Makefile.inc index 4b3d9fc512ce..64fb57ee74c5 100644 --- a/secure/lib/libcrypto/modules/Makefile.inc +++ b/secure/lib/libcrypto/modules/Makefile.inc @@ -10,11 +10,4 @@ CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include CFLAGS+= -I${LCRYPTO_SRC}/providers/fips/include CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include -# common -SRCS+= provider_err.c provider_ctx.c -SRCS+= provider_util.c - -.PATH: ${LCRYPTO_SRC}/providers \ - ${LCRYPTO_SRC}/providers/common - WARNS?= 0 diff --git a/secure/lib/libcrypto/modules/legacy/Makefile b/secure/lib/libcrypto/modules/legacy/Makefile index db05f212f62a..8f91d9504504 100644 --- a/secure/lib/libcrypto/modules/legacy/Makefile +++ b/secure/lib/libcrypto/modules/legacy/Makefile @@ -1,7 +1,7 @@ SHLIB_NAME?= legacy.so LIBADD= crypto -SRCS+= legacyprov.c prov_running.c params_idx.c +SRCS+= legacyprov.c prov_running.c # ciphers SRCS+= ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \ @@ -16,17 +16,48 @@ SRCS+= cipher_rc4.c cipher_rc4_hw.c SRCS+= cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c SRCS+= cipher_seed.c cipher_seed_hw.c -# digests +# crypto +SRCS+= cpuid.c +SRCS+= ctype.c + +# crypto/des +SRCS+= des_enc.c +SRCS+= fcrypt_b.c + +# crypto/md5 +SRCS+= md5_dgst.c +SRCS+= md5_one.c +SRCS+= md5_sha1.c + +# providers/implementations/digests SRCS+= digestcommon.c SRCS+= md4_prov.c wp_prov.c ripemd_prov.c -# kdfs -SRCS+= pbkdf1.c pvkkdf.c +# providers/implementations/kdfs +SRCS+= pbkdf1.c +SRCS+= pvkkdf.c + +# common +SRCS+= provider_err.c provider_ctx.c +SRCS+= provider_util.c + +SRCS+= tls_pad.c + +# This is needed so the provider can be loaded for us. +# +# There's a discrepancy between how this provider gets built in OpenSSL proper +# and FreeBSD. +SRCS+= params_idx.c .include <bsd.lib.mk> .PATH: ${LCRYPTO_SRC}/crypto \ + ${LCRYPTO_SRC}/crypto/des \ + ${LCRYPTO_SRC}/crypto/md5 \ + ${LCRYPTO_SRC}/providers \ + ${LCRYPTO_SRC}/providers/common \ ${LCRYPTO_SRC}/providers/implementations/ciphers \ ${LCRYPTO_SRC}/providers/implementations/digests \ ${LCRYPTO_SRC}/providers/implementations/kdfs \ - ${LCRYPTO_SRC}/ssl + ${LCRYPTO_SRC}/ssl \ + ${LCRYPTO_SRC}/ssl/record/methods \ diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index b0ca31644279..fe2e2492045f 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -76,7 +76,7 @@ CFLAGS+=-DOPENSSL_NO_KTLS SRCS+= ktls_meth.c .endif -LIBADD= crypto +LIBADD= pthread crypto CFLAGS+= -I${LCRYPTO_SRC}/ssl CFLAGS+= -I${.OBJDIR:H}/libcrypto diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index d6597caf7e2a..95cd3b02d8e4 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -329,7 +329,7 @@ _DP_archive+= md .endif .endif _DP_sqlite3= pthread -_DP_ssl= crypto +_DP_ssl= pthread crypto _DP_ssh= crypto crypt z .if ${MK_LDNS} != "no" _DP_ssh+= ldns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509181917.58IJHoPv088807>