src/secure/lib/libcrypto, branch main FreeBSD source tree [OpenSSL] Add missing header file (openssl/ml_kem.h) 2026-04-12T18:07:24+00:00 Po-Chuan Hsieh sunpoet@FreeBSD.org 2026-04-12T18:07:14+00:00 98118af4f08a020c8c5925e933bdd523d6a6e8aa Add missing header file (openssl/ml_kem.h) of OpenSSL 3.5 Reviewed by: fluffy, ngie Approved by: ngie (maintainer) Differential Revision: https://reviews.freebsd.org/D56291 
Add missing header file (openssl/ml_kem.h) of OpenSSL 3.5

Reviewed by:	fluffy, ngie
Approved by:	ngie (maintainer)
Differential Revision:	https://reviews.freebsd.org/D56291
crypto/openssl: add new manpage from release 3.5.6 2026-04-09T02:00:10+00:00 Enji Cooper ngie@FreeBSD.org 2026-04-09T02:00:10+00:00 9f7080ba6bcf18d013ae3b91dc9d92cfa731a8c0 MFC after: 1 day (the security issues warrant a quick backport). MFC with: 10a428653ee7216475f1ddce3fb4cbf1200319f8 
MFC after:      1 day (the security issues warrant a quick backport).
MFC with:       10a428653ee7216475f1ddce3fb4cbf1200319f8
crypto/openssl: update artifacts to match 3.5.6 release artifacts 2026-04-09T01:55:43+00:00 Enji Cooper ngie@FreeBSD.org 2026-04-09T01:54:40+00:00 5254e16213ff1bb136ef24e0b0fe30625ac53563 A new manpage and any associated links will be added in the next commit. MFC after: 1 day (the security issues warrant a quick backport). MFC with: 10a428653ee7216475f1ddce3fb4cbf1200319f8 
A new manpage and any associated links will be added in the next commit.

MFC after:      1 day (the security issues warrant a quick backport).
MFC with:	10a428653ee7216475f1ddce3fb4cbf1200319f8
libcrypto: compile all PIC objects with -DOPENSSL_PIC -fPIC 2026-03-22T01:38:49+00:00 Enji Cooper ngie@FreeBSD.org 2026-03-22T00:39:16+00:00 3797fe720a37ff9fb5b20546494ef1c4a6c01541 This change modifies the libcrypto PIC objects to always compile with `-DOPENSSL_PIC -fPIC` to restore parity with the upstream build process. This ensures that the legacy provider is built with parity to the upstream legacy provider. MFC after: 12 days Tested with: `make check` (legacy provider), `make universe` Fixes: 14b9955e Differential Revision: https://reviews.freebsd.org/D44896 
This change modifies the libcrypto PIC objects to always compile with
`-DOPENSSL_PIC -fPIC` to restore parity with the upstream build process.
This ensures that the legacy provider is built with parity to the
upstream legacy provider.

MFC after:              12 days
Tested with:		`make check` (legacy provider), `make universe`
Fixes:			14b9955e
Differential Revision:  https://reviews.freebsd.org/D44896
Revert "libcrypto: compile all PIC objects with -DOPENSSL_PIC" 2026-03-20T20:12:26+00:00 Enji Cooper ngie@FreeBSD.org 2026-03-20T20:08:09+00:00 67b918e03475e780854a43fe4eb7c8e95f4deb29 This commit broke the build with some build options. Some validation needs to be done to confirm that moving the preprocessor argument to `secure/lib/libcrypto/Makefile.inc` works without breaking the build, but revert for now until a `tinderbox` run can be done with the change. PR: 293934 Reported by: Jenkins, Trond Endrestøl This reverts commit 14b9955e57cc28b61e785165b9effcbe620edb46. 
This commit broke the build with some build options.

Some validation needs to be done to confirm that moving the preprocessor
argument to `secure/lib/libcrypto/Makefile.inc` works without breaking
the build, but revert for now until a `tinderbox` run can be done with
the change.

PR:		293934
Reported by:	Jenkins, Trond Endrestøl

This reverts commit 14b9955e57cc28b61e785165b9effcbe620edb46.
libcrypto: compile all PIC objects with -DOPENSSL_PIC 2026-03-20T00:51:51+00:00 Enji Cooper ngie@FreeBSD.org 2026-03-19T23:56:41+00:00 14b9955e57cc28b61e785165b9effcbe620edb46 This change modifies the libcrypto PIC objects to always compile with `-DOPENSSL_PIC` to restore parity with the upstream build process. This ensures that `-DOPENSSL_PIC` is used whenever building the auxiliary shared objects. In this case, just the legacy provider (we no longer distribute the fips provider). MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D44896 
This change modifies the libcrypto PIC objects to always compile with
`-DOPENSSL_PIC` to restore parity with the upstream build process. This
ensures that `-DOPENSSL_PIC` is used whenever building the auxiliary
shared objects. In this case, just the legacy provider (we no longer
distribute the fips provider).

MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D44896
OpenSSL: install EVP_CIPHER_CTX_get_app_data.3 once 2026-02-17T18:24:29+00:00 Brooks Davis brooks@FreeBSD.org 2026-02-17T18:24:29+00:00 c4130a8a84e1ce0fc9c05d2b48f83e66ade302aa A separate EVP_CIPHER_CTX_get_app_data.3 was added in the OpenSSL 3.5.5 import, but the link to EVP_EncryptInit.3 was still being installed which stomped on the file and created inconsistent entries in the METALOG. Reviewed by: emaste Found by: package_check script in Cirrus-CI Fixes: 1731fc70f734 ("OpenSSL: update vendor sources to match 3.5.5 content") Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D55332 
A separate EVP_CIPHER_CTX_get_app_data.3 was added in the OpenSSL 3.5.5
import, but the link to EVP_EncryptInit.3 was still being installed
which stomped on the file and created inconsistent entries in the METALOG.

Reviewed by:	emaste
Found by:	package_check script in Cirrus-CI
Fixes:		1731fc70f734 ("OpenSSL: update vendor sources to match 3.5.5 content")
Sponsored by:	Innovate UK
Differential Revision:	https://reviews.freebsd.org/D55332
OpenSSL: update vendor sources to match 3.5.5 content 2026-01-31T22:07:17+00:00 Enji Cooper ngie@FreeBSD.org 2026-01-31T22:06:28+00:00 1731fc70f7344af08db49b06c63c963fa12ee354 MFC with: f25b8c9fb4f58cf61adb47d7570abe7caa6d385d MFC after: 1 week 
MFC with:	f25b8c9fb4f58cf61adb47d7570abe7caa6d385d
MFC after:	1 week
libcrypto: Install tests in the tests package 2025-11-05T21:17:31+00:00 Lexi Winter ivy@FreeBSD.org 2025-11-05T21:17:31+00:00 c3b853fe522ead976863af086557be8863327eb0 libcrypto's Makefile.inc used PACKAGE=openssl, which overrides the PACKAGE=tests in libcrypto/tests/Makefile. Use PACKAGE?=openssl instead to avoid this. This puts the OpenSSL tests in the tests package where they belong. MFC after: 1 day Reviewed by: manu, ngie Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53595 
libcrypto's Makefile.inc used PACKAGE=openssl, which overrides the
PACKAGE=tests in libcrypto/tests/Makefile.  Use PACKAGE?=openssl
instead to avoid this.  This puts the OpenSSL tests in the tests
package where they belong.

MFC after:	1 day
Reviewed by:	manu, ngie
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D53595
OpenSSL: install .pc files from the exporters subdir 2025-10-17T06:42:13+00:00 Enji Cooper ngie@FreeBSD.org 2025-10-11T20:47:20+00:00 97388e7215e080f2cb9fd446f4be4e46a9aeb114 The .pc files generated in the root directory are used as part of the build; they should never be installed. Use the versions from the exporters subdirectory--which should be installed--as the .pc files which are distributed with FreeBSD. This avoids the need for "fixing up" these files after the fact (see `crypto/openssl/BSDmakefile` for more details as part of this change). Garbage collect `secure/lib/libcrypto/Makefile.version`, et al, as they're orphaned files. They were technically unused prior to this change as the vendor process properly embeds the version numbers in various files, but this commit formalizes the removal. This correction/clarification on the .pc files will be made in an upcoming release of OpenSSL [1]. References: 1. https://github.com/openssl/openssl/issues/28803 Suggested by: Richard Levitte (OpenSSL project) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53043 
The .pc files generated in the root directory are used as part of the
build; they should never be installed. Use the versions from the
exporters subdirectory--which should be installed--as the .pc files
which are distributed with FreeBSD. This avoids the need for "fixing up"
these files after the fact (see `crypto/openssl/BSDmakefile` for more
details as part of this change).

Garbage collect `secure/lib/libcrypto/Makefile.version`, et al,
as they're orphaned files. They were technically unused prior to this
change as the vendor process properly embeds the version numbers in
various files, but this commit formalizes the removal.

This correction/clarification on the .pc files will be made in an
upcoming release of OpenSSL [1].

References:
1. https://github.com/openssl/openssl/issues/28803

Suggested by:	Richard Levitte (OpenSSL project)
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D53043