From nobody Thu Aug 21 17:05:00 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c78nm6LDZz65Pv9; Thu, 21 Aug 2025 17:05:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c78nm64PRz3ZjT; Thu, 21 Aug 2025 17:05:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755795900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ab5fYavtJufp11Lj9swy4XrsLr/MZJXbEHFDxaFIWw8=; b=XrBmQNp9COPDUfWCmMxiT27cMeOKP/sRQhQtIvpoz2+DmhjWmkBn1f9y1aAiK8C/KQWf3o cPfpui0aFUqIFgnbCO81gAI2qVtF4c/caLCLsT++f2tC1zoLzzme2zz5FBoiP+PuTAX5at Z9dj9y0myY9LXraAmWgMckcsAL9+RfG4VNNFbeB9K8jlu0E/xZkQJ4PZzd5pcfopuE/EKR Hih3ZclpZOQ5wXyFTBIUOP6NbOaxp7XM1bdGvp55Xy9BSdDoPofKtSKoOKHbOuSr3OzZeQ bV8jrVoCdcifr5IBaB31fCRSR41slFJsXYPp6iztwICBakvN2+3NZ/3tUc6e8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755795900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ab5fYavtJufp11Lj9swy4XrsLr/MZJXbEHFDxaFIWw8=; b=F/v/PAzBPfvIoRGxDgLq6KbDtar6y2OhF1O1jLXL/lHR26HFXpamnRFMGMx4zicIqiMmlz 8npFJbl67v8n4d09diz++CFqlz+8F9hXst0yNc3n+8+f4Fs13gKeAc0tlznD4b+Yz1Vi3z YP1he4GFyuJ3CgkdiJVS9tBKy/3cIITiKoG46YgaWbywfy7iUdBSO9XvN7x1X8bpclCwma kSQwvMhpPI5CA9ZOBOsCckCZD/CnuDKTcaUAhLD1Zqcu39VKl3mpkokv3YHOVzeTOsku9A I6xDXha/FtYfGbDP/7EUmB7mToENw6ksr98SbPFbDrM2K1bASos1Zgvoys4HIA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755795900; a=rsa-sha256; cv=none; b=nEK9XetjVJTA/WBG31AoEQjwK4/wKE2Dg2WDn3zoDp6Vd5+mfO7bT5q1jVW1UNycnbaHg6 6L1iCCj+tClXNFBUqKdF7dCrCD5RzDauE8VMq4Y0npwxWhtYZhlsRkuVrJssdHtJBMYmnG SvKfI7nAPuPpGE5nO5e6pW+y+aHnjQ+QtEhTLZqqsn2WyEU+aaM5nN3KNH57QkHlA+1ZvA Itn1RtSIgR15u0AD+E9/cxCY70ZkKGY+D+H60Cwrz2AQdrua+lIR1uKGLEZNGcVLVdxkeF ZisdvAnoBA063IPQF3PfGeAn8CVFGZJQLRp99lDCiH2Q/Bf68e1Ar3NGyvWZrg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c78nm5fdyz17M4; Thu, 21 Aug 2025 17:05:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57LH50BH095157; Thu, 21 Aug 2025 17:05:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57LH50gR095150; Thu, 21 Aug 2025 17:05:00 GMT (envelope-from git) Date: Thu, 21 Aug 2025 17:05:00 GMT Message-Id: <202508211705.57LH50gR095150@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Enji Cooper Subject: git: 267f8c1f4b09 - main - crypto/openssl: make vendor imports easier/less error prone List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ngie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 267f8c1f4b09431b335d5f48d84586047471f978 Auto-Submitted: auto-generated The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=267f8c1f4b09431b335d5f48d84586047471f978 commit 267f8c1f4b09431b335d5f48d84586047471f978 Author: Enji Cooper AuthorDate: 2025-08-01 04:03:33 +0000 Commit: Enji Cooper CommitDate: 2025-08-21 17:02:46 +0000 crypto/openssl: make vendor imports easier/less error prone This change adds a custom BSD makefile containing multiple high-level PHONY targets, similar to targets provided by the ports framework. The Makefile does the following: - Reruns Configure with a deterministic set of arguments to ensure that all appropriate features have been enabled/disabled in OpenSSL. - Preens the pkgconfig files to remove duplicate paths in their `CFLAGS` and `includedir` variables. - Rebuilds all ASM files to ensure that the content contained is fresh. - Rebuilds all manpages to ensure that the content contained in the manpages is fresh. Some additional work needs to be done to make the manpage regeneration "operation" reproducible (the date the manpages were generated is embedded in the files). All dynamic configuration previously captured in `include/openssl/configuration.h` and `include/crypto/bn_conf.h` has been moved to `freebsd/include/dynamic_freebsd_configuration.h` and `freebsd/include/crypto/bn_conf.h`, respectively. This helps ensure that future updates don't wipe out FreeBSD customizations to these files, which tune behavior on a per-target architecture basis, e.g., ARM vs x86, 32-bit vs 64-bit, etc. MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D51663 --- crypto/openssl/BSDmakefile | 99 + crypto/openssl/apps/CA.pl | 2 +- crypto/openssl/apps/progs.c | 11 +- crypto/openssl/apps/progs.h | 4 +- crypto/openssl/configdata.pm | 2295 ++++---------------- crypto/openssl/exporters/libcrypto.pc | 13 + crypto/openssl/exporters/libssl.pc | 11 + crypto/openssl/exporters/openssl.pc | 9 + .../freebsd/dump_version_from_configdata.pl | 21 + crypto/openssl/freebsd/include/crypto/bn_conf.h | 27 + .../freebsd/include/openssl/configuration.h | 38 + crypto/openssl/include/crypto/bn_conf.h | 27 + crypto/openssl/include/openssl/configuration.h | 53 +- crypto/openssl/include/openssl/fipskey.h | 2 +- crypto/openssl/include/openssl/opensslv.h | 2 +- crypto/openssl/libcrypto.pc | 13 + crypto/openssl/libssl.pc | 11 + crypto/openssl/openssl.pc | 9 + crypto/openssl/tools/c_rehash | 6 +- crypto/openssl/util/shlib_wrap.sh | 4 +- crypto/openssl/util/wrap.pl | 8 +- secure/lib/libcrypto/Makefile.inc | 3 +- secure/lib/libcrypto/Makefile.version | 2 + 23 files changed, 718 insertions(+), 1952 deletions(-) diff --git a/crypto/openssl/BSDmakefile b/crypto/openssl/BSDmakefile new file mode 100644 index 000000000000..bd2bfe0ea033 --- /dev/null +++ b/crypto/openssl/BSDmakefile @@ -0,0 +1,99 @@ +# This BSD makefile helps provide a deterministic means of doing a "clean" +# vendor import of OpenSSL. +# +# Recommended use: +# +# % make clean +# % make all + +NO_OBJ= + +LCRYPTO_SRC= ${SRCTOP}/crypto/openssl +LCRYPTO_DOC= ${LCRYPTO_SRC}/doc + +CAT?= /bin/cat +MV?= /bin/mv +PERL?= perl + +BN_CONF_H= include/crypto/bn_conf.h +BN_CONF_H_ORIG= ${BN_CONF_H}.orig +CONFIGURATION_H= include/openssl/configuration.h +CONFIGURATION_H_ORIG= ${CONFIGURATION_H}.orig + +.PHONY: configure patch all +.ORDER: configure patch all + +configure: + @cd ${.CURDIR} && \ + ${PERL} ./Configure \ + disable-aria \ + disable-egd \ + disable-idea \ + disable-mdc2 \ + disable-sm2 \ + disable-sm3 \ + disable-sm4 \ + enable-ec_nistp_64_gcc_128 \ + enable-ktls \ + enable-sctp \ + --openssldir=etc \ + --prefix=/usr + @cd ${.CURDIR} && gmake configdata.pm + @cd ${LCRYPTO_SRC} && ${PERL} \ + ${LCRYPTO_SRC}/freebsd/dump_version_from_configdata.pl > \ + ${SRCTOP}/secure/lib/libcrypto/Makefile.version + +all: patch + # Passing `-j ${.MAKE.JOBS}` doesn't work here for some reason. + @cd ${.CURDIR} && gmake build_all_generated + + # Clean the pkgconfig files: + # 1. Fix --prefix (not sure why configure --prefix isn't honored properly). + # 2. Remove duplicate path in CFLAGS. + # 3. Remove duplicate path in includedir(s). + @find . -name \*.pc -print -exec sed -i '' -E \ + -e 's,^prefix=.+,prefix=/usr,' \ + -e 's,[[:space:]]+(\-I)?\$\{prefix\}/\./include[[:space:]]*,,g' \ + {} + + + @cd ${SRCTOP}/secure/lib/libcrypto && \ + ${MAKE} cleanasm && \ + ${MAKE} buildasm + + @rsync -a --delete \ + --exclude 'Makefile*' --exclude '*.1' \ + ${LCRYPTO_DOC}/man/ \ + ${SRCTOP}/secure/lib/libcrypto/man + + @rsync -a --delete \ + --exclude 'Makefile*' --exclude '*.[357]' \ + ${LCRYPTO_DOC}/man/man1/ \ + ${SRCTOP}/secure/usr.bin/openssl/man + + +# This doesn't use standard patching since the generated files can vary +# depending on the host architecture. +patch: configure + # Spam arch-specific overrides to config files. + + @cd ${.CURDIR} && gmake ${BN_CONF_H} && \ + ${MV} ${BN_CONF_H} ${BN_CONF_H_ORIG} && \ + ${CAT} ${BN_CONF_H}.orig \ + ${LCRYPTO_SRC}/freebsd/${BN_CONF_H} >> \ + ${BN_CONF_H} + + @cd ${.CURDIR} && \ + ${MV} ${CONFIGURATION_H} ${CONFIGURATION_H_ORIG} && \ + ${CAT} ${CONFIGURATION_H_ORIG} \ + ${LCRYPTO_SRC}/freebsd/${CONFIGURATION_H} >> \ + ${CONFIGURATION_H} + + +clean: .PHONY + @cd ${.CURDIR} && rm -f ${BN_CONF_H_ORIG} ${CONFIGURATION_H_ORIG} + + @cd ${SRCTOP}/secure/lib/libcrypto && ${MAKE} cleanasm + + -@cd ${.CURDIR} && gmake ${.TARGET} + +.include diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl index 70ad231fff04..0861fd7a4da7 100755 --- a/crypto/openssl/apps/CA.pl +++ b/crypto/openssl/apps/CA.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl # Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/openssl/apps/progs.c b/crypto/openssl/apps/progs.c index 2646a1a35bf3..acc204a3e6e7 100644 --- a/crypto/openssl/apps/progs.c +++ b/crypto/openssl/apps/progs.c @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by apps/progs.pl * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,6 +89,7 @@ FUNCTION functions[] = { {FT_general, "s_time", s_time_main, s_time_options, NULL, NULL}, #endif {FT_general, "sess_id", sess_id_main, sess_id_options, NULL, NULL}, + {FT_general, "skeyutl", skeyutl_main, skeyutl_options, NULL, NULL}, {FT_general, "smime", smime_main, smime_options, NULL, NULL}, {FT_general, "speed", speed_main, speed_options, NULL, NULL}, {FT_general, "spkac", spkac_main, spkac_options, NULL, NULL}, @@ -225,9 +226,15 @@ FUNCTION functions[] = { {FT_cipher, "camellia-256-ecb", enc_main, enc_options, NULL}, #endif {FT_cipher, "base64", enc_main, enc_options, NULL}, -#ifdef ZLIB +#ifndef OPENSSL_NO_ZLIB {FT_cipher, "zlib", enc_main, enc_options, NULL}, #endif +#ifndef OPENSSL_NO_BROTLI + {FT_cipher, "brotli", enc_main, enc_options, NULL}, +#endif +#ifndef OPENSSL_NO_ZSTD + {FT_cipher, "zstd", enc_main, enc_options, NULL}, +#endif #ifndef OPENSSL_NO_DES {FT_cipher, "des", enc_main, enc_options, NULL}, #endif diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h index 83c829a721bf..1b62ec37dec1 100644 --- a/crypto/openssl/apps/progs.h +++ b/crypto/openssl/apps/progs.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by apps/progs.pl * - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,6 +56,7 @@ extern int s_client_main(int argc, char *argv[]); extern int s_server_main(int argc, char *argv[]); extern int s_time_main(int argc, char *argv[]); extern int sess_id_main(int argc, char *argv[]); +extern int skeyutl_main(int argc, char *argv[]); extern int smime_main(int argc, char *argv[]); extern int speed_main(int argc, char *argv[]); extern int spkac_main(int argc, char *argv[]); @@ -110,6 +111,7 @@ extern const OPTIONS s_client_options[]; extern const OPTIONS s_server_options[]; extern const OPTIONS s_time_options[]; extern const OPTIONS sess_id_options[]; +extern const OPTIONS skeyutl_options[]; extern const OPTIONS smime_options[]; extern const OPTIONS speed_options[]; extern const OPTIONS spkac_options[]; diff --git a/crypto/openssl/configdata.pm b/crypto/openssl/configdata.pm index b2ea8dcd87ca..ec70eaba9f07 100755 --- a/crypto/openssl/configdata.pm +++ b/crypto/openssl/configdata.pm @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl +#! /usr/bin/env perl # -*- mode: perl -*- package configdata; @@ -21,24 +21,16 @@ our %config = ( "ASFLAGS" => [], "CC" => "cc", "CFLAGS" => [ - "-O2 -pipe -fstack-protector-strong -fno-strict-aliasing " + "-Wall -O3" ], - "CPP" => "cpp", "CPPDEFINES" => [], - "CPPFLAGS" => [ - "" - ], + "CPPFLAGS" => [], "CPPINCLUDES" => [], - "CXX" => "c++", - "CXXFLAGS" => [ - "-O2 -pipe -fstack-protector-strong -fno-strict-aliasing " - ], + "CXXFLAGS" => [], "FIPSKEY" => "f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813", - "FIPS_VENDOR" => "OpenSSL FIPS Provider", - "HASHBANGPERL" => "/usr/local/bin/perl", - "LDFLAGS" => [ - " " - ], + "FIPS_VENDOR" => "OpenSSL non-compliant FIPS Provider", + "HASHBANGPERL" => "/usr/bin/env perl", + "LDFLAGS" => [], "LDLIBS" => [], "OBJCOPY" => "objcopy", "PERL" => "/usr/local/bin/perl", @@ -139,7 +131,6 @@ our %config = ( "apps/lib/build.info", "providers/common/build.info", "providers/implementations/build.info", - "providers/fips/build.info", "doc/man1/build.info", "ssl/record/methods/build.info", "providers/common/der/build.info", @@ -178,6 +169,7 @@ our %config = ( "ex_libs" => [], "full_version" => "3.5.1", "includes" => [], + "ktls" => "", "lflags" => [], "lib_defines" => [ "OPENSSL_PIC" @@ -192,6 +184,7 @@ our %config = ( "openssl_feature_defines" => [ "OPENSSL_RAND_SEED_OS", "OPENSSL_THREADS", + "OPENSSL_NO_ACVP_TESTS", "OPENSSL_NO_AFALGENG", "OPENSSL_NO_ARIA", "OPENSSL_NO_ASAN", @@ -203,13 +196,14 @@ our %config = ( "OPENSSL_NO_EGD", "OPENSSL_NO_EXTERNAL_TESTS", "OPENSSL_NO_FIPS_JITTER", + "OPENSSL_NO_FIPS_POST", + "OPENSSL_NO_FIPS_SECURITYCHECKS", "OPENSSL_NO_FUZZ_AFL", "OPENSSL_NO_FUZZ_LIBFUZZER", "OPENSSL_NO_H3DEMO", "OPENSSL_NO_HQINTEROP", "OPENSSL_NO_IDEA", "OPENSSL_NO_JITTER", - "OPENSSL_NO_KTLS", "OPENSSL_NO_MD2", "OPENSSL_NO_MDC2", "OPENSSL_NO_MSAN", @@ -222,7 +216,6 @@ our %config = ( "OPENSSL_NO_SSL3_METHOD", "OPENSSL_NO_SSLKEYLOG", "OPENSSL_NO_TFO", - "OPENSSL_NO_TLS_DEPRECATED_EC", "OPENSSL_NO_TRACE", "OPENSSL_NO_UBSAN", "OPENSSL_NO_UNIT_TEST", @@ -235,30 +228,26 @@ our %config = ( "OPENSSL_NO_ZSTD_DYNAMIC", "OPENSSL_NO_STATIC_ENGINE" ], - "openssl_other_defines" => [ - "OPENSSL_NO_KTLS" - ], "openssl_sys_defines" => [], - "openssldir" => "/usr/local/openssl", - "options" => "--openssldir=/usr/local/openssl --prefix=/usr/local enable-ec_nistp_64_gcc_128 enable-fips enable-sctp no-afalgeng no-aria no-asan no-brotli no-brotli-dynamic no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-demos no-egd no-external-tests no-fips-jitter no-fuzz-afl no-fuzz-libfuzzer no-h3demo no-hqinterop no-idea no-jitter no-ktls no-legacy no-md2 no-mdc2 no-msan no-pie no-rc5 no-sm2 no-sm3 no-sm4 no-ssl3 no-ssl3-method no-sslkeylog no-tfo no-tls-deprecated-ec no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-winstore no-zlib no-zlib-dynamic no-zstd no-zstd-dynamic", + "openssldir" => "etc", + "options" => "enable-ec_nistp_64_gcc_128 enable-ktls enable-sctp --openssldir=etc --prefix=/usr no-acvp-tests no-afalgeng no-aria no-asan no-brotli no-brotli-dynamic no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-demos no-egd no-external-tests no-fips no-fips-jitter no-fips-post no-fips-securitychecks no-fuzz-afl no-fuzz-libfuzzer no-h3demo no-hqinterop no-idea no-jitter no-md2 no-mdc2 no-msan no-pie no-rc5 no-sm2 no-sm3 no-sm4 no-ssl3 no-ssl3-method no-sslkeylog no-tfo no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-winstore no-zlib no-zlib-dynamic no-zstd no-zstd-dynamic", "patch" => "1", "perl_archname" => "amd64-freebsd-thread-multi", "perl_cmd" => "/usr/local/bin/perl", "perl_version" => "5.40.2", "perlargv" => [ - "--openssldir=/usr/local/openssl", - "--prefix=/usr/local", - "no-aria", + "disable-aria", + "disable-egd", + "disable-idea", + "disable-mdc2", + "disable-sm2", + "disable-sm3", + "disable-sm4", "enable-ec_nistp_64_gcc_128", - "enable-fips", - "no-idea", - "no-legacy", - "no-mdc2", + "enable-ktls", "enable-sctp", - "no-sm2", - "no-sm3", - "no-sm4", - "no-tls-deprecated-ec" + "--openssldir=etc", + "--prefix=/usr" ], "perlenv" => { "AR" => undef, @@ -266,24 +255,24 @@ our %config = ( "AS" => undef, "ASFLAGS" => undef, "BUILDFILE" => undef, - "CC" => "cc", - "CFLAGS" => "-O2 -pipe -fstack-protector-strong -fno-strict-aliasing ", - "CPP" => "cpp", + "CC" => undef, + "CFLAGS" => undef, + "CPP" => undef, "CPPDEFINES" => undef, - "CPPFLAGS" => "", + "CPPFLAGS" => undef, "CPPINCLUDES" => undef, "CROSS_COMPILE" => undef, - "CXX" => "c++", - "CXXFLAGS" => "-O2 -pipe -fstack-protector-strong -fno-strict-aliasing ", + "CXX" => undef, + "CXXFLAGS" => undef, "HASHBANGPERL" => undef, "LD" => undef, - "LDFLAGS" => " ", + "LDFLAGS" => undef, "LDLIBS" => undef, "MT" => undef, "MTFLAGS" => undef, "OBJCOPY" => undef, "OPENSSL_LOCAL_CONFIG_DIR" => undef, - "PERL" => "/usr/local/bin/perl", + "PERL" => undef, "RANLIB" => undef, "RC" => undef, "RCFLAGS" => undef, @@ -297,12 +286,12 @@ our %config = ( "__CNF_LDFLAGS" => undef, "__CNF_LDLIBS" => undef }, - "prefix" => "/usr/local", + "prefix" => "/usr", "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", "release_date" => "1 Jul 2025", - "shlib_version" => "17", + "shlib_version" => "3", "sourcedir" => ".", "target" => "BSD-x86_64", "version" => "3.5.1" @@ -521,6 +510,7 @@ our @disablables_int = ( "crmf" ); our %disabled = ( + "acvp-tests" => "cascade", "afalgeng" => "not-linux", "aria" => "option", "asan" => "default", @@ -530,17 +520,18 @@ our %disabled = ( "crypto-mdebug" => "default", "crypto-mdebug-backtrace" => "default", "demos" => "default", - "egd" => "default", + "egd" => "option", "external-tests" => "default", + "fips" => "default", "fips-jitter" => "default", + "fips-post" => "cascade", + "fips-securitychecks" => "cascade", "fuzz-afl" => "default", "fuzz-libfuzzer" => "default", "h3demo" => "default", "hqinterop" => "default", "idea" => "option", "jitter" => "default", - "ktls" => "default", - "legacy" => "option", "md2" => "default", "mdc2" => "option", "msan" => "default", @@ -553,7 +544,6 @@ our %disabled = ( "ssl3-method" => "default", "sslkeylog" => "default", "tfo" => "default", - "tls-deprecated-ec" => "option", "trace" => "default", "ubsan" => "default", "unit-test" => "default", @@ -880,7 +870,7 @@ our %unified_info = ( "providers/libdefault.a" => { "noinst" => "1" }, - "providers/libfips.a" => { + "providers/liblegacy.a" => { "noinst" => "1" }, "providers/libtemplate.a" => { @@ -912,9 +902,6 @@ our %unified_info = ( "engines/padlock" => { "engine" => "1" }, - "providers/fips" => { - "fips" => "1" - }, "test/p_minimal" => { "noinst" => "1" }, @@ -1016,9 +1003,6 @@ our %unified_info = ( "test/aborttest" => { "noinst" => "1" }, - "test/acvp_test" => { - "noinst" => "1" - }, "test/aesgcmtest" => { "noinst" => "1" }, @@ -1142,6 +1126,9 @@ our %unified_info = ( "test/buildtest_c_conf_api" => { "noinst" => "1" }, + "test/buildtest_c_configuration" => { + "noinst" => "1" + }, "test/buildtest_c_conftypes" => { "noinst" => "1" }, @@ -1996,9 +1983,6 @@ our %unified_info = ( "libssl" => [ "AES_ASM" ], - "providers/fips" => [ - "FIPS_MODULE" - ], "providers/legacy" => [ "OPENSSL_CPUID_OBJ" ], @@ -2053,8 +2037,11 @@ our %unified_info = ( "VPAES_ASM", "X25519_ASM" ], - "test/evp_test" => [ - "NO_LEGACY_MODULE" + "test/endecode_test" => [ + "STATIC_LEGACY" + ], + "test/evp_extra_test" => [ + "STATIC_LEGACY" ], "test/provider_internal_test" => [ "PROVIDER_INIT_FUNCTION_NAME=p_test_init" @@ -2296,9 +2283,6 @@ our %unified_info = ( "apps/progs.h" => [ "apps/progs.c" ], - "build_modules_nodep" => [ - "providers/fipsmodule.cnf" - ], "crypto/aes/aes-586.S" => [ "crypto/perlasm/x86asm.pl" ], @@ -8214,10 +8198,6 @@ our %unified_info = ( "providers/common/include/prov/der_digests.h", "providers/common/include/prov/der_rsa.h" ], - "providers/common/der/libfips-lib-der_rsa_sig.o" => [ - "providers/common/include/prov/der_digests.h", - "providers/common/include/prov/der_rsa.h" - ], "providers/common/include/prov/der_digests.h" => [ "providers/common/der/DIGESTS.asn1", "providers/common/der/NIST.asn1", @@ -8252,21 +8232,12 @@ our %unified_info = ( "providers/common/der/oids_to_c.pm", "providers/common/der/wrap.asn1" ], - "providers/fips" => [ - "providers/libfips.a" - ], - "providers/fipsmodule.cnf" => [ - "providers/fips" - ], "providers/implementations/encode_decode/libdefault-lib-encode_key2any.o" => [ "providers/common/include/prov/der_rsa.h" ], "providers/implementations/kdfs/libdefault-lib-x942kdf.o" => [ "providers/common/include/prov/der_wrap.h" ], - "providers/implementations/kdfs/libfips-lib-x942kdf.o" => [ - "providers/common/include/prov/der_wrap.h" - ], "providers/implementations/signature/libdefault-lib-dsa_sig.o" => [ "providers/common/include/prov/der_dsa.h" ], @@ -8285,27 +8256,13 @@ our %unified_info = ( "providers/implementations/signature/libdefault-lib-slh_dsa_sig.o" => [ "providers/common/include/prov/der_slh_dsa.h" ], - "providers/implementations/signature/libfips-lib-dsa_sig.o" => [ - "providers/common/include/prov/der_dsa.h" - ], - "providers/implementations/signature/libfips-lib-ecdsa_sig.o" => [ - "providers/common/include/prov/der_ec.h" - ], - "providers/implementations/signature/libfips-lib-eddsa_sig.o" => [ - "providers/common/include/prov/der_ecx.h" - ], - "providers/implementations/signature/libfips-lib-ml_dsa_sig.o" => [ - "providers/common/include/prov/der_ml_dsa.h" - ], - "providers/implementations/signature/libfips-lib-rsa_sig.o" => [ - "providers/common/include/prov/der_rsa.h" - ], - "providers/implementations/signature/libfips-lib-slh_dsa_sig.o" => [ - "providers/common/include/prov/der_slh_dsa.h" - ], "providers/implementations/signature/sm2_sig.o" => [ "providers/common/include/prov/der_sm2.h" ], + "providers/legacy" => [ + "libcrypto", + "providers/liblegacy.a" + ], "providers/libcommon.a" => [ "libcrypto" ], @@ -8318,10 +8275,6 @@ our %unified_info = ( "test/aborttest" => [ "libcrypto" ], - "test/acvp_test" => [ - "libcrypto.a", - "test/libtestutil.a" - ], "test/aesgcmtest" => [ "libcrypto", "test/libtestutil.a" @@ -8487,6 +8440,10 @@ our %unified_info = ( "libcrypto", "libssl" ], + "test/buildtest_c_configuration" => [ + "libcrypto", + "libssl" + ], "test/buildtest_c_conftypes" => [ "libcrypto", "libssl" @@ -8917,6 +8874,8 @@ our %unified_info = ( ], "test/endecode_test" => [ "libcrypto.a", + "providers/libcommon.a", + "providers/liblegacy.a", "test/libtestutil.a" ], "test/endecoder_legacy_test" => [ @@ -8937,6 +8896,8 @@ our %unified_info = ( ], "test/evp_extra_test" => [ "libcrypto.a", + "providers/libcommon.a", + "providers/liblegacy.a", "test/libtestutil.a" ], "test/evp_extra_test2" => [ @@ -9676,6 +9637,9 @@ our %unified_info = ( "crypto/packettest-bin-quic_vlint.o", "crypto/tls13secretstest-bin-packet.o", "crypto/tls13secretstest-bin-quic_vlint.o", + "crypto/legacy-dso-cpuid.o", + "crypto/legacy-dso-ctype.o", + "crypto/legacy-dso-x86_64cpuid.o", "crypto/libcrypto-lib-asn1_dsa.o", "crypto/libcrypto-lib-bsearch.o", "crypto/libcrypto-lib-comp_methods.o", @@ -9792,37 +9756,7 @@ our %unified_info = ( "crypto/libssl-shlib-getenv.o", "crypto/libssl-shlib-packet.o", "crypto/libssl-shlib-quic_vlint.o", - "crypto/libssl-shlib-time.o", - "crypto/libfips-lib-asn1_dsa.o", - "crypto/libfips-lib-bsearch.o", - "crypto/libfips-lib-context.o", - "crypto/libfips-lib-core_algorithm.o", - "crypto/libfips-lib-core_fetch.o", - "crypto/libfips-lib-core_namemap.o", - "crypto/libfips-lib-cpuid.o", - "crypto/libfips-lib-cryptlib.o", - "crypto/libfips-lib-ctype.o", - "crypto/libfips-lib-der_writer.o", - "crypto/libfips-lib-ex_data.o", - "crypto/libfips-lib-initthread.o", - "crypto/libfips-lib-o_str.o", - "crypto/libfips-lib-packet.o", - "crypto/libfips-lib-param_build.o", - "crypto/libfips-lib-param_build_set.o", - "crypto/libfips-lib-params.o", - "crypto/libfips-lib-params_dup.o", - "crypto/libfips-lib-params_from_text.o", - "crypto/libfips-lib-params_idx.o", - "crypto/libfips-lib-provider_core.o", - "crypto/libfips-lib-provider_predefined.o", - "crypto/libfips-lib-self_test_core.o", - "crypto/libfips-lib-sparse_array.o", - "crypto/libfips-lib-threads_lib.o", - "crypto/libfips-lib-threads_none.o", - "crypto/libfips-lib-threads_pthread.o", - "crypto/libfips-lib-threads_win.o", - "crypto/libfips-lib-time.o", - "crypto/libfips-lib-x86_64cpuid.o" + "crypto/libssl-shlib-time.o" ], "products" => { "bin" => [ @@ -9831,10 +9765,12 @@ our %unified_info = ( "test/packettest", "test/tls13secretstest" ], + "dso" => [ + "providers/legacy" + ], "lib" => [ "libcrypto", - "libssl", - "providers/libfips.a" + "libssl" ] } }, @@ -9867,22 +9803,11 @@ our %unified_info = ( "crypto/aes/libcrypto-shlib-aesni-x86_64.o", "crypto/aes/libcrypto-shlib-aesni-xts-avx512.o", "crypto/aes/libcrypto-shlib-bsaes-x86_64.o", - "crypto/aes/libcrypto-shlib-vpaes-x86_64.o", - "crypto/aes/libfips-lib-aes-x86_64.o", - "crypto/aes/libfips-lib-aes_ecb.o", - "crypto/aes/libfips-lib-aes_misc.o", - "crypto/aes/libfips-lib-aesni-mb-x86_64.o", - "crypto/aes/libfips-lib-aesni-sha1-x86_64.o", - "crypto/aes/libfips-lib-aesni-sha256-x86_64.o", - "crypto/aes/libfips-lib-aesni-x86_64.o", - "crypto/aes/libfips-lib-aesni-xts-avx512.o", - "crypto/aes/libfips-lib-bsaes-x86_64.o", - "crypto/aes/libfips-lib-vpaes-x86_64.o" + "crypto/aes/libcrypto-shlib-vpaes-x86_64.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10234,65 +10159,22 @@ our %unified_info = ( "crypto/bn/libcrypto-shlib-rsaz_exp_x2.o", "crypto/bn/libcrypto-shlib-x86_64-gf2m.o", "crypto/bn/libcrypto-shlib-x86_64-mont.o", - "crypto/bn/libcrypto-shlib-x86_64-mont5.o", - "crypto/bn/libfips-lib-bn_add.o", - "crypto/bn/libfips-lib-bn_blind.o", - "crypto/bn/libfips-lib-bn_const.o", - "crypto/bn/libfips-lib-bn_conv.o", - "crypto/bn/libfips-lib-bn_ctx.o", - "crypto/bn/libfips-lib-bn_dh.o", - "crypto/bn/libfips-lib-bn_div.o", - "crypto/bn/libfips-lib-bn_exp.o", - "crypto/bn/libfips-lib-bn_exp2.o", - "crypto/bn/libfips-lib-bn_gcd.o", - "crypto/bn/libfips-lib-bn_gf2m.o", - "crypto/bn/libfips-lib-bn_intern.o", - "crypto/bn/libfips-lib-bn_kron.o", - "crypto/bn/libfips-lib-bn_lib.o", - "crypto/bn/libfips-lib-bn_mod.o", - "crypto/bn/libfips-lib-bn_mont.o", - "crypto/bn/libfips-lib-bn_mpi.o", - "crypto/bn/libfips-lib-bn_mul.o", - "crypto/bn/libfips-lib-bn_nist.o", - "crypto/bn/libfips-lib-bn_prime.o", - "crypto/bn/libfips-lib-bn_rand.o", - "crypto/bn/libfips-lib-bn_recp.o", - "crypto/bn/libfips-lib-bn_rsa_fips186_4.o", - "crypto/bn/libfips-lib-bn_shift.o", - "crypto/bn/libfips-lib-bn_sqr.o", - "crypto/bn/libfips-lib-bn_sqrt.o", - "crypto/bn/libfips-lib-bn_word.o", - "crypto/bn/libfips-lib-rsaz-2k-avx512.o", - "crypto/bn/libfips-lib-rsaz-2k-avxifma.o", - "crypto/bn/libfips-lib-rsaz-3k-avx512.o", - "crypto/bn/libfips-lib-rsaz-3k-avxifma.o", - "crypto/bn/libfips-lib-rsaz-4k-avx512.o", - "crypto/bn/libfips-lib-rsaz-4k-avxifma.o", - "crypto/bn/libfips-lib-rsaz-avx2.o", - "crypto/bn/libfips-lib-rsaz-x86_64.o", - "crypto/bn/libfips-lib-rsaz_exp.o", - "crypto/bn/libfips-lib-rsaz_exp_x2.o", - "crypto/bn/libfips-lib-x86_64-gf2m.o", - "crypto/bn/libfips-lib-x86_64-mont.o", - "crypto/bn/libfips-lib-x86_64-mont5.o" + "crypto/bn/libcrypto-shlib-x86_64-mont5.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, "crypto/bn/asm" => { "deps" => [ "crypto/bn/asm/libcrypto-lib-x86_64-gcc.o", - "crypto/bn/asm/libcrypto-shlib-x86_64-gcc.o", - "crypto/bn/asm/libfips-lib-x86_64-gcc.o" + "crypto/bn/asm/libcrypto-shlib-x86_64-gcc.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10301,13 +10183,11 @@ our %unified_info = ( "crypto/buffer/libcrypto-lib-buf_err.o", "crypto/buffer/libcrypto-lib-buffer.o", "crypto/buffer/libcrypto-shlib-buf_err.o", - "crypto/buffer/libcrypto-shlib-buffer.o", - "crypto/buffer/libfips-lib-buffer.o" + "crypto/buffer/libcrypto-shlib-buffer.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10365,13 +10245,11 @@ our %unified_info = ( "crypto/cmac" => { "deps" => [ "crypto/cmac/libcrypto-lib-cmac.o", - "crypto/cmac/libcrypto-shlib-cmac.o", - "crypto/cmac/libfips-lib-cmac.o" + "crypto/cmac/libcrypto-shlib-cmac.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10583,15 +10461,13 @@ our %unified_info = ( "crypto/des/libcrypto-shlib-set_key.o", "crypto/des/libcrypto-shlib-str2key.o", "crypto/des/libcrypto-shlib-xcbc_enc.o", - "crypto/des/libfips-lib-des_enc.o", - "crypto/des/libfips-lib-ecb3_enc.o", - "crypto/des/libfips-lib-fcrypt_b.o", - "crypto/des/libfips-lib-set_key.o" + "crypto/des/liblegacy-lib-des_enc.o", + "crypto/des/liblegacy-lib-fcrypt_b.o" ], "products" => { "lib" => [ "libcrypto", - "providers/libfips.a" + "providers/liblegacy.a" ] } }, @@ -10626,19 +10502,11 @@ our %unified_info = ( "crypto/dh/libcrypto-shlib-dh_meth.o", "crypto/dh/libcrypto-shlib-dh_pmeth.o", "crypto/dh/libcrypto-shlib-dh_prn.o", - "crypto/dh/libcrypto-shlib-dh_rfc5114.o", - "crypto/dh/libfips-lib-dh_backend.o", - "crypto/dh/libfips-lib-dh_check.o", - "crypto/dh/libfips-lib-dh_gen.o", - "crypto/dh/libfips-lib-dh_group_params.o", - "crypto/dh/libfips-lib-dh_kdf.o", - "crypto/dh/libfips-lib-dh_key.o", - "crypto/dh/libfips-lib-dh_lib.o" + "crypto/dh/libcrypto-shlib-dh_rfc5114.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10673,20 +10541,11 @@ our %unified_info = ( "crypto/dsa/libcrypto-shlib-dsa_pmeth.o", "crypto/dsa/libcrypto-shlib-dsa_prn.o", "crypto/dsa/libcrypto-shlib-dsa_sign.o", - "crypto/dsa/libcrypto-shlib-dsa_vrf.o", - "crypto/dsa/libfips-lib-dsa_backend.o", - "crypto/dsa/libfips-lib-dsa_check.o", - "crypto/dsa/libfips-lib-dsa_gen.o", - "crypto/dsa/libfips-lib-dsa_key.o", - "crypto/dsa/libfips-lib-dsa_lib.o", - "crypto/dsa/libfips-lib-dsa_ossl.o", - "crypto/dsa/libfips-lib-dsa_sign.o", - "crypto/dsa/libfips-lib-dsa_vrf.o" + "crypto/dsa/libcrypto-shlib-dsa_vrf.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10792,44 +10651,11 @@ our %unified_info = ( "crypto/ec/libcrypto-shlib-ecx_backend.o", "crypto/ec/libcrypto-shlib-ecx_key.o", "crypto/ec/libcrypto-shlib-ecx_meth.o", - "crypto/ec/libcrypto-shlib-x25519-x86_64.o", - "crypto/ec/libfips-lib-curve25519.o", - "crypto/ec/libfips-lib-ec2_oct.o", - "crypto/ec/libfips-lib-ec2_smpl.o", - "crypto/ec/libfips-lib-ec_asn1.o", - "crypto/ec/libfips-lib-ec_backend.o", - "crypto/ec/libfips-lib-ec_check.o", - "crypto/ec/libfips-lib-ec_curve.o", - "crypto/ec/libfips-lib-ec_cvt.o", - "crypto/ec/libfips-lib-ec_key.o", - "crypto/ec/libfips-lib-ec_kmeth.o", - "crypto/ec/libfips-lib-ec_lib.o", - "crypto/ec/libfips-lib-ec_mult.o", - "crypto/ec/libfips-lib-ec_oct.o", - "crypto/ec/libfips-lib-ecdh_kdf.o", - "crypto/ec/libfips-lib-ecdh_ossl.o", - "crypto/ec/libfips-lib-ecdsa_ossl.o", - "crypto/ec/libfips-lib-ecdsa_sign.o", - "crypto/ec/libfips-lib-ecdsa_vrf.o", - "crypto/ec/libfips-lib-ecp_mont.o", - "crypto/ec/libfips-lib-ecp_nist.o", - "crypto/ec/libfips-lib-ecp_nistp224.o", - "crypto/ec/libfips-lib-ecp_nistp256.o", - "crypto/ec/libfips-lib-ecp_nistp384.o", - "crypto/ec/libfips-lib-ecp_nistp521.o", - "crypto/ec/libfips-lib-ecp_nistputil.o", - "crypto/ec/libfips-lib-ecp_nistz256-x86_64.o", - "crypto/ec/libfips-lib-ecp_nistz256.o", - "crypto/ec/libfips-lib-ecp_oct.o", - "crypto/ec/libfips-lib-ecp_smpl.o", - "crypto/ec/libfips-lib-ecx_backend.o", - "crypto/ec/libfips-lib-ecx_key.o", - "crypto/ec/libfips-lib-x25519-x86_64.o" + "crypto/ec/libcrypto-shlib-x25519-x86_64.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, @@ -10844,43 +10670,33 @@ our %unified_info = ( "crypto/ec/curve448/libcrypto-shlib-curve448_tables.o", "crypto/ec/curve448/libcrypto-shlib-eddsa.o", "crypto/ec/curve448/libcrypto-shlib-f_generic.o", - "crypto/ec/curve448/libcrypto-shlib-scalar.o", - "crypto/ec/curve448/libfips-lib-curve448.o", - "crypto/ec/curve448/libfips-lib-curve448_tables.o", - "crypto/ec/curve448/libfips-lib-eddsa.o", - "crypto/ec/curve448/libfips-lib-f_generic.o", - "crypto/ec/curve448/libfips-lib-scalar.o" + "crypto/ec/curve448/libcrypto-shlib-scalar.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, "crypto/ec/curve448/arch_32" => { "deps" => [ "crypto/ec/curve448/arch_32/libcrypto-lib-f_impl32.o", - "crypto/ec/curve448/arch_32/libcrypto-shlib-f_impl32.o", - "crypto/ec/curve448/arch_32/libfips-lib-f_impl32.o" + "crypto/ec/curve448/arch_32/libcrypto-shlib-f_impl32.o" ], "products" => { "lib" => [ - "libcrypto", - "providers/libfips.a" + "libcrypto" ] } }, "crypto/ec/curve448/arch_64" => { "deps" => [ "crypto/ec/curve448/arch_64/libcrypto-lib-f_impl64.o", - "crypto/ec/curve448/arch_64/libcrypto-shlib-f_impl64.o", - "crypto/ec/curve448/arch_64/libfips-lib-f_impl64.o" + "crypto/ec/curve448/arch_64/libcrypto-shlib-f_impl64.o" ], *** 3348 LINES SKIPPED ***