aboutsummaryrefslogtreecommitdiff
path: root/secure/lib/libssl
Commit message (Collapse)AuthorAgeFilesLines
* OpenSSL: update Makefiles to reflect 3.5.1 releaseEnji Cooper2025-09-181-1/+1
| | | | | | | | | | | | | | This is a targeted effort to update the INCS and SRCS entries for libcrypto, the legacy provider, and libssl to match what upstream (OpenSSL) builds in their respective libraries. The number of stylistic changes were kept at a minimum. Another incoming change will reformat this file to make future maintenance easier. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52554
* openssl: Disable KTLS in bootstrap librariesMark Johnston2025-09-041-1/+1
| | | | | | | | | We need to build OpenSSL when bootstrapping certctl. On MacOS ktls_enable() isn't defined anywhere, so without this the build fails. We don't need KTLS in the bootstrap library, so just disable it. Reviewed by: khorben, ngie Differential Revision: https://reviews.freebsd.org/D52341
* packages: Improve handling of -lib packagesLexi Winter2025-08-231-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some packages (OpenSSL, Kerberos) we want to ship runtime libraries in a separate package, e.g. openssl and openssl-lib. Currently this is done using PACKAGE=openssl-lib, but that creates packages with strange names like openssl-lib-lib32. Instead, add a new LIB_PACKAGE option to bsd.lib.mk that causes runtime libraries to be placed in a new -lib subpackage. This significantly improves the set of packages we create; for example, OpenSSL goes from: FreeBSD-openssl FreeBSD-openssl-dbg FreeBSD-openssl-lib FreeBSD-openssl-lib-dbg FreeBSD-openssl-lib-dbg-lib32 FreeBSD-openssl-lib-dev FreeBSD-openssl-lib-dev-lib32 FreeBSD-openssl-lib-lib32 FreeBSD-openssl-lib-man FreeBSD-openssl-man to: FreeBSD-openssl FreeBSD-openssl-dbg FreeBSD-openssl-dbg-lib32 FreeBSD-openssl-dev FreeBSD-openssl-dev-lib32 FreeBSD-openssl-lib FreeBSD-openssl-lib32 FreeBSD-openssl-man While here, move /usr/bin/krb5-config and /usr/bin/compile_et into the kerberos-dev package. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D51925
* libssl: unbreak building the library with KTLSEnji Cooper2025-08-211-0/+2
| | | | | | | | | | | | | | | The 3.5.1 update dropped a `SRCS` entry for the MK_OPENSSL_KTLS != no case (the source was renamed from `ktls.c` to `ktls_meth.c`). Add the new file to SRCS in order to unbreak linking the library when KTLS is enabled. This bug isn't apparent now because KTLS is always disabled in `include/openssl/configuration.h` (this will be fixed soon). Found when doing `make universe` with KTLS enabled in `include/openssl/configuration.h`. Fixes: 4757b351ea9d59d ("openssl: Import version 3.5.1")
* openssl: Import version 3.5.1Pierre Pronchery2025-08-072-16/+153
| | | | | | | | | | Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be EOL after 2026-09-07. Approved by: philip (mentor) Sponsored by: Alpha-Omega Beach Cleaning Project Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D51613
* build: remove the last vestiges of lint supportBrooks Davis2025-06-051-2/+0
| | | | | | | | | Commit 1cbb58886a47 (shipped in 12.0.0) removed all lint infrastructure. A bunch of NO_LINT definitions remained (perhaps as a bootstrapping measture). Remove them. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D50704
* Update Makefile.depend filesSimon J. Gerraty2024-10-141-1/+0
| | | | | | | After building packages we have a number of new and updated Makefile.depend files Reviewed by: stevek
* Remove residual blank line at start of MakefileWarner Losh2024-07-151-1/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* openssl: don't export nonexistant symbolsBrooks Davis2024-04-221-4/+0
| | | | | | | | These are all OpenSSL 1.1.0 and 1.1.1 symbols that aren't present in our OpenSSL 3.0 builds. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D44249
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-163-3/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* pkgbase: reorganise caroot and openssl packagesDoug Rabson2023-08-051-1/+1
| | | | | | | | | This splits out the certctl utility into a new certctl package and the openssl libs into an openssl-lib package. PR: 272816 Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D41321
* Merge OpenSSL 3.0.9Pierre Pronchery2023-06-233-55/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the version we were previously using) will be EOL as of 2023-09-11. Most of the base system has already been updated for a seamless switch to OpenSSL 3.0. For many components we've added `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, which avoids deprecation warnings from OpenSSL 3.0. Changes have also been made to avoid OpenSSL APIs that were already deprecated in OpenSSL 1.1.1. The process of updating to contemporary APIs can continue after this merge. Additional changes are still required for libarchive and Kerberos- related libraries or tools; workarounds will immediately follow this commit. Fixes are in progress in the upstream projects and will be incorporated when those are next updated. There are some performance regressions in benchmarks (certain tests in `openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy). Investigation will continue for these. Netflix's testing showed no functional regression and a rather small, albeit statistically significant, increase in CPU consumption with OpenSSL 3.0. Thanks to ngie@ and des@ for updating base system components, to antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to Netflix and everyone who tested prior to commit or contributed to this update in other ways. PR: 271615 PR: 271656 [exp-run] Relnotes: Yes Sponsored by: The FreeBSD Foundation
* openssl: install pc filesBaptiste Daroussin2022-09-063-0/+22
| | | | | | | | | | | | | | | | | | | | | most programs in ports are looking for .pc files in order to get the necessary information on how to compile and link against openssl. The ports now also has a way to hide or force a path for pkgconf. Providing .pc files along with openssl in base will allow (once all the supported version of FreeBSD has it) so improve the framework to deal with openssl in base vs openssl in ports (and libressl) This will also greatly reduce the number of patches necessary to workaround the build systems which only knows how to detect where openssl is installed via pkgconf. PR: 266051 MFC After: 3 weeks Reviewed by: jkim, delphij Exp-run by: antoine Differential Revision: https://reviews.freebsd.org/D36360
* libcrypto: Add symbol versions for symbols added since 1.1.1d.John Baldwin2021-05-281-1/+0
| | | | | | | | | | While here, trim a spurious local: I missed when added SSL_sendfile. PR: 255277 Reported by: yuri Reviewed by: jkim MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D30483
* pkgbase: Put openssl in its own packageEmmanuel Vadot2021-05-131-0/+1
| | | | | | | | This is useful for upgrade and also to make tiny jail so they won't depend on FreeBSD-utilities (where openssl was packaged before). MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D30081
* OpenSSL: Support for kernel TLS offload (KTLS)John Baldwin2021-01-282-0/+12
| | | | | | | | | | | | | | | | | | | | This merges upstream patches from OpenSSL's master branch to add KTLS infrastructure for TLS 1.0-1.3 including both RX and TX offload and SSL_sendfile support on both Linux and FreeBSD. Note that TLS 1.3 only supports TX offload. A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with KTLS support. It defaults to enabled on amd64 and disabled on all other architectures. Reviewed by: jkim (earlier version) Approved by: secteam Obtained from: OpenSSL (patches from master) MFC after: 1 week Relnotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D28273
* Fix a typo in the cpp macro defined for PIC.John Baldwin2020-08-131-1/+1
| | | | | | | | | | | In practice this isn't used in OpenSSL outside of some sparc-specific code. Reviewed by: delphij Differential Revision: https://reviews.freebsd.org/D26058 Notes: svn path=/head/; revision=364218
* Replace OPENSSL_NO_SSL3_METHODs with dummiesConrad Meyer2020-07-012-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | SSLv3 has been deprecated since 2015 (and broken since 2014: "POODLE"); it should not have shipped in FreeBSD 11 (2016) or 12 (2018). No one should use it, and if they must, they can use some implementation outside of base. There are three symbols removed with OPENSSL_NO_SSL3_METHOD: SSLv3_client_method SSLv3_method SSLv3_server_method These symbols exist to request an explicit SSLv3 connection to a server. There is no good reason for an application to link or invoke these symbols instead of TLS_method(), et al (née SSLv23_method, et al). Applications that do so have broken cryptography. Define these symbols for some pedantic definition of ABI stability, but remove the functionality again (r361392) after r362620. Reviewed by: gordon, jhb (earlier-but-equivalent version both) Discussed with: bjk, kib Differential Revision: https://reviews.freebsd.org/D25493 Notes: svn path=/head/; revision=362818
* Update Makefile.depend filesSimon J. Gerraty2019-12-111-1/+1
| | | | | | | | | | | | | Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Notes: svn path=/head/; revision=355617
* Merge OpenSSL 1.1.1a.Jung-uk Kim2018-11-201-1/+6
| | | | Notes: svn path=/head/; revision=340703
* Bump base OpenSSL libraries versions to avoid conflict with port's libraries.Konstantin Belousov2018-10-251-1/+1
| | | | | | | | | | Reported by: many Reviewed by: gjb Sponsored by: The FreeBSD Foundation MFC after: 3 hours Notes: svn path=/head/; revision=339709
* Remove MD dirdeps from Makefile.depend.Jung-uk Kim2018-09-251-1/+0
| | | | | | | It can't be right. :-( Notes: svn path=/projects/openssl111/; revision=338936
* Regen Makefile.depend.Jung-uk Kim2018-09-251-1/+1
| | | | Notes: svn path=/projects/openssl111/; revision=338933
* Build libssl for amd64.Jung-uk Kim2018-09-191-11/+19
| | | | Notes: svn path=/projects/openssl111/; revision=338766
* Add OpenSSL symbol version maps.Jung-uk Kim2018-09-132-0/+512
| | | | | | | Note the files are not automatically generated for now. Notes: svn path=/projects/openssl111/; revision=338674
* Catch up with manual page removal from secure/lib/libssl.Jung-uk Kim2018-09-131-5/+1
| | | | Notes: svn path=/projects/openssl111/; revision=338673
* Regen manual pages.Jung-uk Kim2018-09-13103-22323/+0
| | | | | | | Note the manual pages are not automatically generated for now. Notes: svn path=/projects/openssl111/; revision=338671
* Update shlib version to 9.Jung-uk Kim2018-09-131-1/+1
| | | | Notes: svn path=/projects/openssl111/; revision=338665
* Merge OpenSSL 1.0.2p.Jung-uk Kim2018-08-14103-240/+272
| | | | Notes: svn path=/head/; revision=337791
* Merge OpenSSL 1.0.2o.Jung-uk Kim2018-03-27102-102/+102
| | | | Notes: svn path=/head/; revision=331627
* Merge OpenSSL 1.0.2n.Jung-uk Kim2017-12-07102-102/+102
| | | | Notes: svn path=/head/; revision=326662
* Merge OpenSSL 1.0.2m.Jung-uk Kim2017-11-02103-102/+293
| | | | Notes: svn path=/head/; revision=325328
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-311-1/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* Merge OpenSSL 1.0.2l.Jung-uk Kim2017-05-25102-190/+383
| | | | Notes: svn path=/head/; revision=318899
* Merge OpenSSL 1.0.2k.Jung-uk Kim2017-01-26100-1444/+1039
| | | | Notes: svn path=/head/; revision=312825
* Merge OpenSSL 1.0.2j.Jung-uk Kim2016-09-26100-100/+100
| | | | Notes: svn path=/head/; revision=306342
* Merge OpenSSL 1.0.2i.Jung-uk Kim2016-09-22100-200/+200
| | | | Notes: svn path=/head/; revision=306193
* Merge OpenSSL 1.0.2h.Jung-uk Kim2016-05-03101-99/+360
| | | | | | | Relnotes: yes Notes: svn path=/head/; revision=298998
* Merge OpenSSL 1.0.2g.Jung-uk Kim2016-03-01100-192/+325
| | | | | | | Relnotes: yes Notes: svn path=/head/; revision=296279
* Merge OpenSSL 1.0.2f.Jung-uk Kim2016-01-28100-224/+417
| | | | | | | Relnotes: yes Notes: svn path=/head/; revision=295009
* Merge OpenSSL 1.0.2e.Jung-uk Kim2015-12-0399-207/+437
| | | | Notes: svn path=/head/; revision=291719
* META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.Bryan Drewery2015-11-251-1/+0
| | | | | | | | | | | This both avoids some dependencies on xinstall.host and allows bootstrapping on older releases to work due to lack of at least 'install -l' support. Sponsored by: EMC / Isilon Storage Division Notes: svn path=/head/; revision=291307
* Clean up OpenSSL makefiles.Jung-uk Kim2015-11-061-0/+2
| | | | Notes: svn path=/head/; revision=290460
* Merge OpenSSL 1.0.2d.Jung-uk Kim2015-10-3099-131/+3216
| | | | Notes: svn path=/head/; revision=290207
* Merge OpenSSL 1.0.1p.Jung-uk Kim2015-07-0984-84/+84
| | | | Notes: svn path=/head/; revision=285329
* new dependsSimon J. Gerraty2015-06-161-0/+1
| | | | Notes: svn path=/head/; revision=284481
* Add META_MODE support.Simon J. Gerraty2015-06-131-0/+20
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp Notes: svn path=/head/; revision=284345
| * dirdeps.mk now sets DEP_RELDIRSimon J. Gerraty2015-06-081-2/+0
| | | | | | | | Notes: svn path=/projects/bmake/; revision=284172
| * Merge sync of headSimon J. Gerraty2015-05-2786-1043/+1981
| |\ | | | | | | | | | Notes: svn path=/projects/bmake/; revision=283595
| * \ Merge from head@274682Simon J. Gerraty2014-11-1984-115/+476
| |\ \ | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=274683
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-17 04:09:09 +0000