src/lib/libcrypt, branch main FreeBSD source tree packages: Improve handling of -lib packages 2025-08-23T00:57:23+00:00 Lexi Winter ivy@FreeBSD.org 2025-08-22T23:50:20+00:00 929f5966a9fd3d050c7b604513c6fb4ac9b5d335 For some packages (OpenSSL, Kerberos) we want to ship runtime libraries in a separate package, e.g. openssl and openssl-lib. Currently this is done using PACKAGE=openssl-lib, but that creates packages with strange names like openssl-lib-lib32. Instead, add a new LIB_PACKAGE option to bsd.lib.mk that causes runtime libraries to be placed in a new -lib subpackage. This significantly improves the set of packages we create; for example, OpenSSL goes from: FreeBSD-openssl FreeBSD-openssl-dbg FreeBSD-openssl-lib FreeBSD-openssl-lib-dbg FreeBSD-openssl-lib-dbg-lib32 FreeBSD-openssl-lib-dev FreeBSD-openssl-lib-dev-lib32 FreeBSD-openssl-lib-lib32 FreeBSD-openssl-lib-man FreeBSD-openssl-man to: FreeBSD-openssl FreeBSD-openssl-dbg FreeBSD-openssl-dbg-lib32 FreeBSD-openssl-dev FreeBSD-openssl-dev-lib32 FreeBSD-openssl-lib FreeBSD-openssl-lib32 FreeBSD-openssl-man While here, move /usr/bin/krb5-config and /usr/bin/compile_et into the kerberos-dev package. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D51925 
For some packages (OpenSSL, Kerberos) we want to ship runtime libraries
in a separate package, e.g. openssl and openssl-lib.  Currently this is
done using PACKAGE=openssl-lib, but that creates packages with strange
names like openssl-lib-lib32.

Instead, add a new LIB_PACKAGE option to bsd.lib.mk that causes runtime
libraries to be placed in a new -lib subpackage.  This significantly
improves the set of packages we create; for example, OpenSSL goes from:

	FreeBSD-openssl
	FreeBSD-openssl-dbg
	FreeBSD-openssl-lib
	FreeBSD-openssl-lib-dbg
	FreeBSD-openssl-lib-dbg-lib32
	FreeBSD-openssl-lib-dev
	FreeBSD-openssl-lib-dev-lib32
	FreeBSD-openssl-lib-lib32
	FreeBSD-openssl-lib-man
	FreeBSD-openssl-man

to:

	FreeBSD-openssl
	FreeBSD-openssl-dbg
	FreeBSD-openssl-dbg-lib32
	FreeBSD-openssl-dev
	FreeBSD-openssl-dev-lib32
	FreeBSD-openssl-lib
	FreeBSD-openssl-lib32
	FreeBSD-openssl-man

While here, move /usr/bin/krb5-config and /usr/bin/compile_et into
the kerberos-dev package.

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D51925
lib/libcrypt: reinstate CFLAGS+=-I${SRCTOP}/sys/crypto/sha2 2024-10-26T18:11:02+00:00 Robert Clausecker fuz@FreeBSD.org 2024-10-26T14:16:10+00:00 87c2aab0a0b3db2a4690773b869e8cfc8b3ac6c2 This is apparently needed for the cross-build from Linux to succeed. Fixes: cb5e41b160838880de7d03100afa02e4edee5a9e 
This is apparently needed for the cross-build from Linux to succeed.

Fixes:		cb5e41b160838880de7d03100afa02e4edee5a9e
lib/libcrypt: unbundle hash functions 2024-10-25T14:02:38+00:00 Robert Clausecker fuz@FreeBSD.org 2024-10-11T15:41:52+00:00 cb5e41b160838880de7d03100afa02e4edee5a9e libcrypt bundles the various hash functions it needs, duplicating code that is also found in libmd. Unbundle the hash functions and apply the same hack used for libncursesw so static consumers link -lmd in addition to -lcrypt. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D47062 
libcrypt bundles the various hash functions it needs,
duplicating code that is also found in libmd.
Unbundle the hash functions and apply the same hack used
for libncursesw so static consumers link -lmd in addition
to -lcrypt.

Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D47062
lib/libcrypt: use explicit_bzero() to clear sensitive buffers 2024-10-25T14:02:38+00:00 Robert Clausecker fuz@FreeBSD.org 2024-10-10T09:08:35+00:00 a2c0d2026fb422ade2171da4bc6d5d2773b268a6 Prevent a potentially sufficiently smart compiler from optimising away our attempts to clear sensitive buffers. A related change was discussed and rejected in D16059, but I don't believe the reasoning there applies: the code clearly documents its intent that the `memset` calls clear sensitive buffers so they don't hang around. `explicit_bzero` is the appropriate function for this purpose. A potential performance disadvantage seems less important: the functions in crypt are specifically designed to be slow, so a few extra calls to guarantee that sensitive buffers are cleared does not significantly affect runtime. See also: D16059 Reviewed by: delphij, kevans MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47037 
Prevent a potentially sufficiently smart compiler from optimising
away our attempts to clear sensitive buffers.

A related change was discussed and rejected in D16059, but I don't
believe the reasoning there applies: the code clearly documents its
intent that the `memset` calls clear sensitive buffers so they don't
hang around.  `explicit_bzero` is the appropriate function for this
purpose.  A potential performance disadvantage seems less important:
the functions in crypt are specifically designed to be slow, so a
few extra calls to guarantee that sensitive buffers are cleared does
not significantly affect runtime.

See also:	D16059
Reviewed by:	delphij, kevans
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D47037
libmd, kern, stand: consolidate md5 implementations (NFC) 2024-09-30T03:34:18+00:00 Kyle Evans kevans@FreeBSD.org 2022-03-08T15:39:52+00:00 e7a629c851d747772cc138efcb0418809ecdea55 Reduce the number of md5c.c between the three of these from two to one by just reaching into the kernel build for both userland builds. The precedent for this already exists for sha2 in both cases. _libmd_ symbol privatization bits have been moved to sys/md5.h and md5.h remains to #include <sys/md5.h> for compatibility. This stops exporting MD5Pad() in the process because the kernel stopped exporting it in 502a35d60f4c. soversion is bumped accordingly. This also renames the libc version of stack_protector.c; it previously only worked by coincidence because .PATH ordering worked out such that we got the right one, but this is not the case anymore. Remove the landmine. PR: 280784 (exp-run) Reviewed by: allanjude, delphij Differential Revision: https://reviews.freebsd.org/D34497 
Reduce the number of md5c.c between the three of these from two to one
by just reaching into the kernel build for both userland builds.  The
precedent for this already exists for sha2 in both cases.

_libmd_ symbol privatization bits have been moved to sys/md5.h and
md5.h remains to #include <sys/md5.h> for compatibility.

This stops exporting MD5Pad() in the process because the kernel stopped
exporting it in 502a35d60f4c.  soversion is bumped accordingly.

This also renames the libc version of stack_protector.c; it previously
only worked by coincidence because .PATH ordering worked out such that
we got the right one, but this is not the case anymore.  Remove the
landmine.

PR:		280784 (exp-run)
Reviewed by:	allanjude, delphij
Differential Revision:	https://reviews.freebsd.org/D34497
Remove residual blank line at start of Makefile 2024-07-15T22:43:39+00:00 Warner Losh imp@FreeBSD.org 2024-07-15T04:46:32+00:00 e9ac41698b2f322d55ccf9da50a3596edb2c1800 This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix 
This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
lib: Automated cleanup of cdefs and other formatting 2023-11-27T05:23:59+00:00 Warner Losh imp@FreeBSD.org 2023-11-24T20:12:57+00:00 a2f733abcff64628b7771a47089628b7327a88bd Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix 
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by:		Netflix
lib/libcrypt: another trivial style change 2023-10-28T01:59:23+00:00 Enji Cooper ngie@FreeBSD.org 2023-10-28T01:56:41+00:00 61b15e6dfc963a0c67dbaeae7f4590674976111f Normalize on hard tabs. I didn't catch this before pushing the previous commit. No functional changes intended. MFC after: 2 weeks MFC with: 8ef8da882ff475e3da3bde57d97593a68f7d97b2 
Normalize on hard tabs.

I didn't catch this before pushing the previous commit.

No functional changes intended.

MFC after:	2 weeks
MFC with:	8ef8da882ff475e3da3bde57d97593a68f7d97b2
lib/libcrypt: remove trailing whitespace 2023-10-28T01:28:01+00:00 Enji Cooper ngie@FreeBSD.org 2023-10-28T01:10:39+00:00 8ef8da882ff475e3da3bde57d97593a68f7d97b2 No functional change intended. MFC after: 2 weeks 
No functional change intended.

MFC after:	2 weeks
Remove $FreeBSD$: two-line nroff pattern 2023-08-16T17:55:10+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:55:10+00:00 fa9896e082a1046ff4fbc75fcba4d18d1f2efc19 Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/ 
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/