git: ee6882e6b128 - stable/15 - OpenSSL: update Makefiles to reflect 3.5.1 release
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 31 Jan 2026 23:46:18 UTC
The branch stable/15 has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=ee6882e6b1287aa910a4f74f5290ae397dbd5054
commit ee6882e6b1287aa910a4f74f5290ae397dbd5054
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2025-09-08 03:20:42 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2026-01-31 23:45:44 +0000
OpenSSL: update Makefiles to reflect 3.5.1 release
This is a targeted effort to update the INCS and SRCS entries for
libcrypto, the legacy provider, and libssl to match what upstream
(OpenSSL) builds in their respective libraries.
The number of stylistic changes were kept at a minimum.
Another incoming change will reformat this file to make future
maintenance easier.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52554
(cherry picked from commit d5984d5f29a7c717b88ccd17a85a747792403cdf)
---
secure/lib/libcrypto/Makefile | 49 +++++++++++++++++-----------
secure/lib/libcrypto/modules/Makefile.inc | 7 ----
secure/lib/libcrypto/modules/legacy/Makefile | 41 ++++++++++++++++++++---
secure/lib/libssl/Makefile | 2 +-
share/mk/src.libnames.mk | 2 +-
5 files changed, 68 insertions(+), 33 deletions(-)
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index 6f9dd62d8610..738de3479987 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -91,7 +91,7 @@ SRCS+= x_bignum.c x_info.c x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c
SRCS+= x_val.c
# async
-SRCS+= async.c async_err.c async_posix.c async_wait.c
+SRCS+= async.c async_err.c async_null.c async_posix.c async_wait.c async_win.c
# bf
SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_prefix.c bf_readbuff.c bf_skey.c
@@ -224,7 +224,11 @@ SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_meth.c dsa_ossl.c dsa_pmeth.c
SRCS+= dsa_prn.c dsa_sign.c dsa_vrf.c
# dso
+SRCS+= dso_dl.c
SRCS+= dso_dlfcn.c dso_err.c dso_lib.c
+SRCS+= dso_openssl.c
+SRCS+= dso_vms.c
+SRCS+= dso_win32.c
# ec
SRCS+= curve25519.c curve448.c curve448_tables.c ec2_oct.c ec2_smpl.c
@@ -291,7 +295,7 @@ SRCS+= ffc_params.c ffc_params_generate.c ffc_params_validate.c
SRCS+= hashtable.c hashfunc.c
# hmac
-SRCS+= hmac.c hmac_s390x.c
+SRCS+= hmac.c
# hpke
SRCS+= hpke_util.c hpke.c
@@ -424,17 +428,10 @@ SRCS+= cipher_aes_xts_fips.c
SRCS+= cipher_aes_gcm_siv.c cipher_aes_gcm_siv_hw.c \
cipher_aes_gcm_siv_polyval.c
SRCS+= cipher_aes_siv.c cipher_aes_siv_hw.c
-SRCS+= cipher_blowfish.c cipher_blowfish_hw.c
SRCS+= cipher_camellia.c cipher_camellia_hw.c
-SRCS+= cipher_cast5.c cipher_cast5_hw.c
SRCS+= cipher_chacha20.c cipher_chacha20_hw.c
SRCS+= cipher_chacha20_poly1305.c cipher_chacha20_poly1305_hw.c
-SRCS+= cipher_des.c cipher_des_hw.c
-SRCS+= cipher_desx.c cipher_desx_hw.c
SRCS+= cipher_null.c
-SRCS+= cipher_rc4.c cipher_rc4_hw.c
-SRCS+= cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
-SRCS+= cipher_seed.c cipher_seed_hw.c
SRCS+= cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c
SRCS+= cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c
@@ -442,12 +439,10 @@ SRCS+= cipher_tdes_default.c cipher_tdes_default_hw.c \
# providers/implementations/digests
SRCS+= digestcommon.c
SRCS+= blake2_prov.c blake2b_prov.c blake2s_prov.c
-SRCS+= md4_prov.c
SRCS+= md5_prov.c md5_sha1_prov.c
SRCS+= null_prov.c
SRCS+= ripemd_prov.c
SRCS+= sha2_prov.c sha3_prov.c
-SRCS+= wp_prov.c
# providers/implementations/encode_decode
SRCS+= decode_der2key.c decode_epki2pki.c decode_msblob2key.c decode_pvk2key.c
@@ -463,8 +458,8 @@ SRCS+= kdf_exch.c
# providers/implementations/kdfs
SRCS+= argon2.c hkdf.c hmacdrbg_kdf.c kbkdf.c krb5kdf.c
-SRCS+= pbkdf1.c pbkdf2.c pbkdf2_fips.c
-SRCS+= pkcs12kdf.c pvkkdf.c scrypt.c sskdf.c sshkdf.c tls1_prf.c x942kdf.c
+SRCS+= pbkdf2.c pbkdf2_fips.c
+SRCS+= pkcs12kdf.c scrypt.c sskdf.c sshkdf.c tls1_prf.c x942kdf.c
# providers/implementations/kem
SRCS+= ec_kem.c ecx_kem.c kem_util.c ml_kem_kem.c mlx_kem.c rsa_kem.c
@@ -484,6 +479,7 @@ SRCS+= siphash_prov.c
# providers/implementations/rands
SRCS+= drbg.c drbg_ctr.c drbg_hash.c drbg_hmac.c test_rng.c
SRCS+= seed_src.c
+SRCS+= seed_src_jitter.c
# providers/implementations/rands/seeding
SRCS+= rand_cpu_x86.c rand_tsc.c rand_unix.c rand_win.c
@@ -499,7 +495,7 @@ SRCS+= aes_skmgmt.c generic.c
SRCS+= file_store.c file_store_any2obj.c
# rand
-SRCS+= prov_seed.c rand_deprecated.c rand_egd.c rand_err.c rand_lib.c
+SRCS+= prov_seed.c rand_deprecated.c rand_err.c rand_lib.c
SRCS+= rand_meth.c rand_pool.c rand_uniform.c randfile.c
# rc2
@@ -573,7 +569,10 @@ SRCS+= store_err.c store_init.c store_lib.c store_meth.c store_register.c
SRCS+= store_result.c store_strings.c
# thread
-SRCS+= api.c arch.c arch/thread_win.c arch/thread_posix.c arch/thread_none.c internal.c
+SRCS+= api.c arch.c internal.c
+SRCS+= thread_none.c
+SRCS+= thread_posix.c
+SRCS+= thread_win.c
# ts
SRCS+= ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c ts_req_utils.c
@@ -620,11 +619,21 @@ SRCS+= x509type.c
INCS= aes.h asn1.h asn1err.h asn1t.h async.h asyncerr.h bio.h
INCS+= bioerr.h blowfish.h bn.h bnerr.h buffer.h buffererr.h byteorder.h camellia.h
-INCS+= cast.h cmac.h cmp.h cmp_util.h cmperr.h cms.h cmserr.h comp.h comperr.h conf.h conf_api.h
+INCS+= cast.h cmac.h cmp.h cmp_util.h cmperr.h cms.h cmserr.h comp.h comperr.h conf.h
INCS+= conferr.h configuration.h conftypes.h core.h core_dispatch.h core_names.h core_object.h
INCS+= crmf.h crmferr.h crypto.h cryptoerr.h cryptoerr_legacy.h ct.h cterr.h
-INCS+= decoder.h decodererr.h des.h dh.h dherr.h dsa.h
-INCS+= dsaerr.h dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h
+INCS+= decoder.h decodererr.h
+INCS+= der_digests.h
+INCS+= der_dsa.h
+INCS+= der_ec.h
+INCS+= der_ecx.h
+INCS+= der_ml_dsa.h
+INCS+= der_rsa.h
+INCS+= der_slh_dsa.h
+INCS+= der_wrap.h
+INCS+= des.h dh.h dherr.h dsa.h
+INCS+= dsaerr.h
+INCS+= dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h
INCS+= engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h fips_names.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h
INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.h obj_mac.h
INCS+= objects.h objectserr.h ocsp.h ocsperr.h opensslconf.h opensslv.h
@@ -765,6 +774,7 @@ PICFLAG+= -DOPENSSL_PIC
${LCRYPTO_SRC}/crypto/stack \
${LCRYPTO_SRC}/crypto/store \
${LCRYPTO_SRC}/crypto/thread \
+ ${LCRYPTO_SRC}/crypto/thread/arch \
${LCRYPTO_SRC}/crypto/ts \
${LCRYPTO_SRC}/crypto/txt_db \
${LCRYPTO_SRC}/crypto/ui \
@@ -774,6 +784,7 @@ PICFLAG+= -DOPENSSL_PIC
${LCRYPTO_SRC}/providers \
${LCRYPTO_SRC}/providers/common \
${LCRYPTO_SRC}/providers/common/der \
+ ${LCRYPTO_SRC}/providers/common/include/prov \
${LCRYPTO_SRC}/providers/implementations/asymciphers \
${LCRYPTO_SRC}/providers/implementations/ciphers \
${LCRYPTO_SRC}/providers/implementations/digests \
@@ -790,4 +801,4 @@ PICFLAG+= -DOPENSSL_PIC
${LCRYPTO_SRC}/providers/implementations/storemgmt \
${LCRYPTO_SRC}/ssl \
${LCRYPTO_SRC}/ssl/record \
- ${LCRYPTO_SRC}/ssl/record/methods
+ ${LCRYPTO_SRC}/ssl/record/methods \
diff --git a/secure/lib/libcrypto/modules/Makefile.inc b/secure/lib/libcrypto/modules/Makefile.inc
index 4b3d9fc512ce..64fb57ee74c5 100644
--- a/secure/lib/libcrypto/modules/Makefile.inc
+++ b/secure/lib/libcrypto/modules/Makefile.inc
@@ -10,11 +10,4 @@ CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include
CFLAGS+= -I${LCRYPTO_SRC}/providers/fips/include
CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include
-# common
-SRCS+= provider_err.c provider_ctx.c
-SRCS+= provider_util.c
-
-.PATH: ${LCRYPTO_SRC}/providers \
- ${LCRYPTO_SRC}/providers/common
-
WARNS?= 0
diff --git a/secure/lib/libcrypto/modules/legacy/Makefile b/secure/lib/libcrypto/modules/legacy/Makefile
index db05f212f62a..8f91d9504504 100644
--- a/secure/lib/libcrypto/modules/legacy/Makefile
+++ b/secure/lib/libcrypto/modules/legacy/Makefile
@@ -1,7 +1,7 @@
SHLIB_NAME?= legacy.so
LIBADD= crypto
-SRCS+= legacyprov.c prov_running.c params_idx.c
+SRCS+= legacyprov.c prov_running.c
# ciphers
SRCS+= ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
@@ -16,17 +16,48 @@ SRCS+= cipher_rc4.c cipher_rc4_hw.c
SRCS+= cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
SRCS+= cipher_seed.c cipher_seed_hw.c
-# digests
+# crypto
+SRCS+= cpuid.c
+SRCS+= ctype.c
+
+# crypto/des
+SRCS+= des_enc.c
+SRCS+= fcrypt_b.c
+
+# crypto/md5
+SRCS+= md5_dgst.c
+SRCS+= md5_one.c
+SRCS+= md5_sha1.c
+
+# providers/implementations/digests
SRCS+= digestcommon.c
SRCS+= md4_prov.c wp_prov.c ripemd_prov.c
-# kdfs
-SRCS+= pbkdf1.c pvkkdf.c
+# providers/implementations/kdfs
+SRCS+= pbkdf1.c
+SRCS+= pvkkdf.c
+
+# common
+SRCS+= provider_err.c provider_ctx.c
+SRCS+= provider_util.c
+
+SRCS+= tls_pad.c
+
+# This is needed so the provider can be loaded for us.
+#
+# There's a discrepancy between how this provider gets built in OpenSSL proper
+# and FreeBSD.
+SRCS+= params_idx.c
.include <bsd.lib.mk>
.PATH: ${LCRYPTO_SRC}/crypto \
+ ${LCRYPTO_SRC}/crypto/des \
+ ${LCRYPTO_SRC}/crypto/md5 \
+ ${LCRYPTO_SRC}/providers \
+ ${LCRYPTO_SRC}/providers/common \
${LCRYPTO_SRC}/providers/implementations/ciphers \
${LCRYPTO_SRC}/providers/implementations/digests \
${LCRYPTO_SRC}/providers/implementations/kdfs \
- ${LCRYPTO_SRC}/ssl
+ ${LCRYPTO_SRC}/ssl \
+ ${LCRYPTO_SRC}/ssl/record/methods \
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile
index b0ca31644279..fe2e2492045f 100644
--- a/secure/lib/libssl/Makefile
+++ b/secure/lib/libssl/Makefile
@@ -76,7 +76,7 @@ CFLAGS+=-DOPENSSL_NO_KTLS
SRCS+= ktls_meth.c
.endif
-LIBADD= crypto
+LIBADD= pthread crypto
CFLAGS+= -I${LCRYPTO_SRC}/ssl
CFLAGS+= -I${.OBJDIR:H}/libcrypto
diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk
index 6d90a26c0dcc..e108cc15fb55 100644
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@@ -338,7 +338,7 @@ _DP_archive+= md
.endif
.endif
_DP_sqlite3= pthread
-_DP_ssl= crypto
+_DP_ssl= pthread crypto
_DP_ssh= crypto crypt z
.if ${MK_LDNS} != "no"
_DP_ssh+= ldns