git: d5984d5f29a7 - main - OpenSSL: update Makefiles to reflect 3.5.1 release
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 18 Sep 2025 19:17:50 UTC
The branch main has been updated by ngie:
URL: https://cgit.FreeBSD.org/src/commit/?id=d5984d5f29a7c717b88ccd17a85a747792403cdf
commit d5984d5f29a7c717b88ccd17a85a747792403cdf
Author: Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2025-09-08 03:20:42 +0000
Commit: Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-09-18 19:17:44 +0000
OpenSSL: update Makefiles to reflect 3.5.1 release
This is a targeted effort to update the INCS and SRCS entries for
libcrypto, the legacy provider, and libssl to match what upstream
(OpenSSL) builds in their respective libraries.
The number of stylistic changes were kept at a minimum.
Another incoming change will reformat this file to make future
maintenance easier.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52554
---
secure/lib/libcrypto/Makefile | 49 +++++++++++++++++-----------
secure/lib/libcrypto/modules/Makefile.inc | 7 ----
secure/lib/libcrypto/modules/legacy/Makefile | 41 ++++++++++++++++++++---
secure/lib/libssl/Makefile | 2 +-
share/mk/src.libnames.mk | 2 +-
5 files changed, 68 insertions(+), 33 deletions(-)
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index 75ebb6e65327..5cb3f5a7c3fe 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -91,7 +91,7 @@ SRCS+= x_bignum.c x_info.c x_int64.c x_long.c x_pkey.c x_sig.c x_spki.c
SRCS+= x_val.c
# async
-SRCS+= async.c async_err.c async_posix.c async_wait.c
+SRCS+= async.c async_err.c async_null.c async_posix.c async_wait.c async_win.c
# bf
SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_prefix.c bf_readbuff.c bf_skey.c
@@ -224,7 +224,11 @@ SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_meth.c dsa_ossl.c dsa_pmeth.c
SRCS+= dsa_prn.c dsa_sign.c dsa_vrf.c
# dso
+SRCS+= dso_dl.c
SRCS+= dso_dlfcn.c dso_err.c dso_lib.c
+SRCS+= dso_openssl.c
+SRCS+= dso_vms.c
+SRCS+= dso_win32.c
# ec
SRCS+= curve25519.c curve448.c curve448_tables.c ec2_oct.c ec2_smpl.c
@@ -291,7 +295,7 @@ SRCS+= ffc_params.c ffc_params_generate.c ffc_params_validate.c
SRCS+= hashtable.c hashfunc.c
# hmac
-SRCS+= hmac.c hmac_s390x.c
+SRCS+= hmac.c
# hpke
SRCS+= hpke_util.c hpke.c
@@ -424,17 +428,10 @@ SRCS+= cipher_aes_xts_fips.c
SRCS+= cipher_aes_gcm_siv.c cipher_aes_gcm_siv_hw.c \
cipher_aes_gcm_siv_polyval.c
SRCS+= cipher_aes_siv.c cipher_aes_siv_hw.c
-SRCS+= cipher_blowfish.c cipher_blowfish_hw.c
SRCS+= cipher_camellia.c cipher_camellia_hw.c
-SRCS+= cipher_cast5.c cipher_cast5_hw.c
SRCS+= cipher_chacha20.c cipher_chacha20_hw.c
SRCS+= cipher_chacha20_poly1305.c cipher_chacha20_poly1305_hw.c
-SRCS+= cipher_des.c cipher_des_hw.c
-SRCS+= cipher_desx.c cipher_desx_hw.c
SRCS+= cipher_null.c
-SRCS+= cipher_rc4.c cipher_rc4_hw.c
-SRCS+= cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
-SRCS+= cipher_seed.c cipher_seed_hw.c
SRCS+= cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c
SRCS+= cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c
@@ -442,12 +439,10 @@ SRCS+= cipher_tdes_default.c cipher_tdes_default_hw.c \
# providers/implementations/digests
SRCS+= digestcommon.c
SRCS+= blake2_prov.c blake2b_prov.c blake2s_prov.c
-SRCS+= md4_prov.c
SRCS+= md5_prov.c md5_sha1_prov.c
SRCS+= null_prov.c
SRCS+= ripemd_prov.c
SRCS+= sha2_prov.c sha3_prov.c
-SRCS+= wp_prov.c
# providers/implementations/encode_decode
SRCS+= decode_der2key.c decode_epki2pki.c decode_msblob2key.c decode_pvk2key.c
@@ -463,8 +458,8 @@ SRCS+= kdf_exch.c
# providers/implementations/kdfs
SRCS+= argon2.c hkdf.c hmacdrbg_kdf.c kbkdf.c krb5kdf.c
-SRCS+= pbkdf1.c pbkdf2.c pbkdf2_fips.c
-SRCS+= pkcs12kdf.c pvkkdf.c scrypt.c sskdf.c sshkdf.c tls1_prf.c x942kdf.c
+SRCS+= pbkdf2.c pbkdf2_fips.c
+SRCS+= pkcs12kdf.c scrypt.c sskdf.c sshkdf.c tls1_prf.c x942kdf.c
# providers/implementations/kem
SRCS+= ec_kem.c ecx_kem.c kem_util.c ml_kem_kem.c mlx_kem.c rsa_kem.c
@@ -484,6 +479,7 @@ SRCS+= siphash_prov.c
# providers/implementations/rands
SRCS+= drbg.c drbg_ctr.c drbg_hash.c drbg_hmac.c test_rng.c
SRCS+= seed_src.c
+SRCS+= seed_src_jitter.c
# providers/implementations/rands/seeding
SRCS+= rand_cpu_x86.c rand_tsc.c rand_unix.c rand_win.c
@@ -499,7 +495,7 @@ SRCS+= aes_skmgmt.c generic.c
SRCS+= file_store.c file_store_any2obj.c
# rand
-SRCS+= prov_seed.c rand_deprecated.c rand_egd.c rand_err.c rand_lib.c
+SRCS+= prov_seed.c rand_deprecated.c rand_err.c rand_lib.c
SRCS+= rand_meth.c rand_pool.c rand_uniform.c randfile.c
# rc2
@@ -573,7 +569,10 @@ SRCS+= store_err.c store_init.c store_lib.c store_meth.c store_register.c
SRCS+= store_result.c store_strings.c
# thread
-SRCS+= api.c arch.c arch/thread_win.c arch/thread_posix.c arch/thread_none.c internal.c
+SRCS+= api.c arch.c internal.c
+SRCS+= thread_none.c
+SRCS+= thread_posix.c
+SRCS+= thread_win.c
# ts
SRCS+= ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c ts_req_utils.c
@@ -620,11 +619,21 @@ SRCS+= x509type.c
INCS= aes.h asn1.h asn1err.h asn1t.h async.h asyncerr.h bio.h
INCS+= bioerr.h blowfish.h bn.h bnerr.h buffer.h buffererr.h byteorder.h camellia.h
-INCS+= cast.h cmac.h cmp.h cmp_util.h cmperr.h cms.h cmserr.h comp.h comperr.h conf.h conf_api.h
+INCS+= cast.h cmac.h cmp.h cmp_util.h cmperr.h cms.h cmserr.h comp.h comperr.h conf.h
INCS+= conferr.h configuration.h conftypes.h core.h core_dispatch.h core_names.h core_object.h
INCS+= crmf.h crmferr.h crypto.h cryptoerr.h cryptoerr_legacy.h ct.h cterr.h
-INCS+= decoder.h decodererr.h des.h dh.h dherr.h dsa.h
-INCS+= dsaerr.h dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h
+INCS+= decoder.h decodererr.h
+INCS+= der_digests.h
+INCS+= der_dsa.h
+INCS+= der_ec.h
+INCS+= der_ecx.h
+INCS+= der_ml_dsa.h
+INCS+= der_rsa.h
+INCS+= der_slh_dsa.h
+INCS+= der_wrap.h
+INCS+= des.h dh.h dherr.h dsa.h
+INCS+= dsaerr.h
+INCS+= dtls1.h e_os2.h e_ostime.h ebcdic.h ec.h ecdh.h ecdsa.h ecerr.h encoder.h encodererr.h
INCS+= engine.h engineerr.h err.h ess.h esserr.h evp.h evperr.h fips_names.h fipskey.h hmac.h hpke.h http.h httperr.h idea.h indicator.h
INCS+= kdf.h kdferr.h lhash.h macros.h md2.h md4.h md5.h mdc2.h modes.h obj_mac.h
INCS+= objects.h objectserr.h ocsp.h ocsperr.h opensslconf.h opensslv.h
@@ -762,6 +771,7 @@ PICFLAG+= -DOPENSSL_PIC
${LCRYPTO_SRC}/crypto/stack \
${LCRYPTO_SRC}/crypto/store \
${LCRYPTO_SRC}/crypto/thread \
+ ${LCRYPTO_SRC}/crypto/thread/arch \
${LCRYPTO_SRC}/crypto/ts \
${LCRYPTO_SRC}/crypto/txt_db \
${LCRYPTO_SRC}/crypto/ui \
@@ -771,6 +781,7 @@ PICFLAG+= -DOPENSSL_PIC
${LCRYPTO_SRC}/providers \
${LCRYPTO_SRC}/providers/common \
${LCRYPTO_SRC}/providers/common/der \
+ ${LCRYPTO_SRC}/providers/common/include/prov \
${LCRYPTO_SRC}/providers/implementations/asymciphers \
${LCRYPTO_SRC}/providers/implementations/ciphers \
${LCRYPTO_SRC}/providers/implementations/digests \
@@ -787,4 +798,4 @@ PICFLAG+= -DOPENSSL_PIC
${LCRYPTO_SRC}/providers/implementations/storemgmt \
${LCRYPTO_SRC}/ssl \
${LCRYPTO_SRC}/ssl/record \
- ${LCRYPTO_SRC}/ssl/record/methods
+ ${LCRYPTO_SRC}/ssl/record/methods \
diff --git a/secure/lib/libcrypto/modules/Makefile.inc b/secure/lib/libcrypto/modules/Makefile.inc
index 4b3d9fc512ce..64fb57ee74c5 100644
--- a/secure/lib/libcrypto/modules/Makefile.inc
+++ b/secure/lib/libcrypto/modules/Makefile.inc
@@ -10,11 +10,4 @@ CFLAGS+= -I${LCRYPTO_SRC}/providers/common/include
CFLAGS+= -I${LCRYPTO_SRC}/providers/fips/include
CFLAGS+= -I${LCRYPTO_SRC}/providers/implementations/include
-# common
-SRCS+= provider_err.c provider_ctx.c
-SRCS+= provider_util.c
-
-.PATH: ${LCRYPTO_SRC}/providers \
- ${LCRYPTO_SRC}/providers/common
-
WARNS?= 0
diff --git a/secure/lib/libcrypto/modules/legacy/Makefile b/secure/lib/libcrypto/modules/legacy/Makefile
index db05f212f62a..8f91d9504504 100644
--- a/secure/lib/libcrypto/modules/legacy/Makefile
+++ b/secure/lib/libcrypto/modules/legacy/Makefile
@@ -1,7 +1,7 @@
SHLIB_NAME?= legacy.so
LIBADD= crypto
-SRCS+= legacyprov.c prov_running.c params_idx.c
+SRCS+= legacyprov.c prov_running.c
# ciphers
SRCS+= ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
@@ -16,17 +16,48 @@ SRCS+= cipher_rc4.c cipher_rc4_hw.c
SRCS+= cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
SRCS+= cipher_seed.c cipher_seed_hw.c
-# digests
+# crypto
+SRCS+= cpuid.c
+SRCS+= ctype.c
+
+# crypto/des
+SRCS+= des_enc.c
+SRCS+= fcrypt_b.c
+
+# crypto/md5
+SRCS+= md5_dgst.c
+SRCS+= md5_one.c
+SRCS+= md5_sha1.c
+
+# providers/implementations/digests
SRCS+= digestcommon.c
SRCS+= md4_prov.c wp_prov.c ripemd_prov.c
-# kdfs
-SRCS+= pbkdf1.c pvkkdf.c
+# providers/implementations/kdfs
+SRCS+= pbkdf1.c
+SRCS+= pvkkdf.c
+
+# common
+SRCS+= provider_err.c provider_ctx.c
+SRCS+= provider_util.c
+
+SRCS+= tls_pad.c
+
+# This is needed so the provider can be loaded for us.
+#
+# There's a discrepancy between how this provider gets built in OpenSSL proper
+# and FreeBSD.
+SRCS+= params_idx.c
.include <bsd.lib.mk>
.PATH: ${LCRYPTO_SRC}/crypto \
+ ${LCRYPTO_SRC}/crypto/des \
+ ${LCRYPTO_SRC}/crypto/md5 \
+ ${LCRYPTO_SRC}/providers \
+ ${LCRYPTO_SRC}/providers/common \
${LCRYPTO_SRC}/providers/implementations/ciphers \
${LCRYPTO_SRC}/providers/implementations/digests \
${LCRYPTO_SRC}/providers/implementations/kdfs \
- ${LCRYPTO_SRC}/ssl
+ ${LCRYPTO_SRC}/ssl \
+ ${LCRYPTO_SRC}/ssl/record/methods \
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile
index b0ca31644279..fe2e2492045f 100644
--- a/secure/lib/libssl/Makefile
+++ b/secure/lib/libssl/Makefile
@@ -76,7 +76,7 @@ CFLAGS+=-DOPENSSL_NO_KTLS
SRCS+= ktls_meth.c
.endif
-LIBADD= crypto
+LIBADD= pthread crypto
CFLAGS+= -I${LCRYPTO_SRC}/ssl
CFLAGS+= -I${.OBJDIR:H}/libcrypto
diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk
index d6597caf7e2a..95cd3b02d8e4 100644
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@@ -329,7 +329,7 @@ _DP_archive+= md
.endif
.endif
_DP_sqlite3= pthread
-_DP_ssl= crypto
+_DP_ssl= pthread crypto
_DP_ssh= crypto crypt z
.if ${MK_LDNS} != "no"
_DP_ssh+= ldns