Index: Makefile.inc1 =================================================================== --- Makefile.inc1 +++ Makefile.inc1 @@ -1638,6 +1638,14 @@ # build-tools or cross-tools. # +# libcrypto is now private, needed by libarchive, which is needed by elfcopy +.if ${MK_CRYPT} != "no" +.if ${MK_OPENSSL} != "no" +_secure_lib_libcrypto= secure/lib/libcrypto +_secure_lib_libssl= secure/lib/libssl +.endif +.endif + # ELF Tool Chain libraries are needed for ELF tools and dtrace tools. # r296685 fix cross-endian objcopy .if ${BOOTSTRAPPING} < 1100102 @@ -1662,6 +1670,14 @@ false .endif +# Install openssl .h files +.for _tool in ${_secure_lib_libcrypto} ${_secure_lib_libssl} + ${_+_}@${ECHODIR} "===> ${_tool} (obj,includes)"; \ + cd ${.CURDIR}/${_tool}; \ + ${MAKE} DIRPRFX=${_tool}/ obj; \ + ${MAKE} DIRPRFX=${_tool}/ DESTDIR=${MAKEOBJDIRPREFIX} includes; +.endfor + .for _tool in tools/build ${_elftoolchain_libs} ${_+_}@${ECHODIR} "===> ${_tool} (obj,includes,all,install)"; \ cd ${.CURDIR}/${_tool}; \ @@ -1791,6 +1807,7 @@ # FreeBSD versions that need the tool built at this stage of the build. .for _tool in \ ${_clang_tblgen} \ + ${_secure_lib_libcrypto} \ ${_kerberos5_bootstrap_tools} \ ${_strfile} \ ${_gperf} \ Index: ObsoleteFiles.inc =================================================================== --- ObsoleteFiles.inc +++ ObsoleteFiles.inc @@ -38,6 +38,19 @@ # xargs -n1 | sort | uniq -d; # done +# 2017xxxx: Update for making ssl libs private +OLD_FILES+=lib/libcrypto.a +OLD_FILES+=lib/libcrypto.so +OLD_LIBS+=lib/libcrypto.so.8 +OLD_FILES+=usr/lib/libssl.a +OLD_FILES+=usr/lib/libssl.so +OLD_LIBS+=usr/lib/libssl.so.8 +OLD_FILES+=usr/lib32/libcrypto.a +OLD_FILES+=usr/lib32/libcrypto.so +OLD_LIBS+=usr/lib32/libcrypto.so.8 +OLD_FILES+=usr/lib32/libssl.a +OLD_FILES+=usr/lib32/libssl.so +OLD_LIBS+=usr/lib32/libssl.so.8 # 20170601: remove stale manpage OLD_FILES+=usr/share/man/man2/cap_rights_get.2.gz # 20170601: old libifconfig and libifc Index: bin/ed/Makefile =================================================================== --- bin/ed/Makefile +++ bin/ed/Makefile @@ -8,9 +8,4 @@ LINKS= ${BINDIR}/ed ${BINDIR}/red MLINKS= ed.1 red.1 -.if ${MK_OPENSSL} != "no" && ${MK_ED_CRYPTO} != "no" -CFLAGS+=-DDES -LIBADD= crypto -.endif - .include Index: etc/mtree/BSD.usr.dist =================================================================== --- etc/mtree/BSD.usr.dist +++ etc/mtree/BSD.usr.dist @@ -17,6 +17,8 @@ .. ucl .. + openssl + .. zstd .. .. Index: kerberos5/Makefile.inc =================================================================== --- kerberos5/Makefile.inc +++ kerberos5/Makefile.inc @@ -7,6 +7,7 @@ KRB5DIR= ${SRCTOP}/crypto/heimdal CFLAGS+= -DHAVE_CONFIG_H -I${.CURDIR:H:H}/include +CFLAGS+= -I${TMPINCLUDEDIR}/private .if ${MK_OPENLDAP} != "no" && !defined(COMPAT_32BIT) OPENLDAPBASE?= /usr/local Index: lib/libldns/Makefile =================================================================== --- lib/libldns/Makefile +++ lib/libldns/Makefile @@ -10,6 +10,7 @@ PRIVATELIB= true CFLAGS+= -I${LDNSDIR} +CFLAGS+= -I${TMPINCLUDEDIR}/private SRCS= buffer.c dane.c dname.c dnssec.c dnssec_sign.c dnssec_verify.c \ dnssec_zone.c duration.c error.c higher.c host2str.c host2wire.c \ Index: lib/libmp/tests/Makefile =================================================================== --- lib/libmp/tests/Makefile +++ lib/libmp/tests/Makefile @@ -2,6 +2,7 @@ TAP_TESTS_C+= legacy_test +CFLAGS+= -I${TMPINCLUDEDIR}/private WARNS?= 3 LIBADD+= mp Index: lib/libradius/Makefile =================================================================== --- lib/libradius/Makefile +++ lib/libradius/Makefile @@ -74,6 +74,7 @@ .if ${MK_OPENSSL} != "no" LIBADD+= crypto CFLAGS+= -DWITH_SSL +CFLAGS+= -I${TMPINCLUDEDIR}/private .else LIBADD+= md .endif Index: lib/libtelnet/Makefile =================================================================== --- lib/libtelnet/Makefile +++ lib/libtelnet/Makefile @@ -19,6 +19,7 @@ .if ${MK_OPENSSL} != "no" SRCS+= encrypt.c auth.c enc_des.c sra.c pk.c CFLAGS+= -DENCRYPTION -DAUTHENTICATION -DSRA +CFLAGS+= -I${TMPINCLUDEDIR}/private .endif .if ${MK_KERBEROS_SUPPORT} != "no" Index: libexec/dma/dma-mbox-create/Makefile =================================================================== --- libexec/dma/dma-mbox-create/Makefile +++ libexec/dma/dma-mbox-create/Makefile @@ -7,4 +7,6 @@ PROG= dma-mbox-create BINMODE= 4554 +CFLAGS+= -I${TMPINCLUDEDIR}/private + .include Index: rescue/rescue/Makefile =================================================================== --- rescue/rescue/Makefile +++ rescue/rescue/Makefile @@ -201,7 +201,9 @@ CRUNCH_PROGS_usr.bin+= tar CRUNCH_LIBS+= -larchive .if ${MK_OPENSSL} != "no" -CRUNCH_LIBS+= -lcrypto +CRUNCH_LIBS+= -lprivatecrypto +CRUNCH_CFLAGS+= -I${TMPINCLUDEDIR}/private +CFLAGS+= -I${TMPINCLUDEDIR}/private .endif CRUNCH_LIBS+= -lmd Index: secure/lib/libcrypto/Makefile =================================================================== --- secure/lib/libcrypto/Makefile +++ secure/lib/libcrypto/Makefile @@ -8,6 +8,8 @@ LIB= crypto SHLIB_MAJOR= 8 +PRIVATELIB= true + NO_LINT= .if exists(Makefile.man) @@ -396,7 +398,7 @@ SRCS+= buildinf.h INCS+= opensslconf.h -INCSDIR= ${INCLUDEDIR}/openssl +INCSDIR= ${INCLUDEDIR}/private/openssl CSTD= gnu89 @@ -405,6 +407,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/crypto/asn1 CFLAGS+= -I${LCRYPTO_SRC}/crypto/evp CFLAGS+= -I${LCRYPTO_SRC}/crypto/modes +CFLAGS+= -I${TMPINCLUDEDIR}/private .if !empty(SRCS:M*.S) ACFLAGS+= -Wa,--noexecstack Index: secure/lib/libcrypto/Makefile.inc =================================================================== --- secure/lib/libcrypto/Makefile.inc +++ secure/lib/libcrypto/Makefile.inc @@ -10,6 +10,7 @@ LCRYPTO_DOC= ${LCRYPTO_SRC}/doc CFLAGS+= -I${LCRYPTO_SRC} +CFLAGS+= -I${TMPINCLUDEDIR}/private CFLAGS+= -DTERMIOS -DANSI_SOURCE CFLAGS+= -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H Index: secure/lib/libcrypto/engines/Makefile.inc =================================================================== --- secure/lib/libcrypto/engines/Makefile.inc +++ secure/lib/libcrypto/engines/Makefile.inc @@ -3,4 +3,6 @@ LCRYPTO_SRC= ${SRCTOP}/crypto/openssl .PATH: ${LCRYPTO_SRC}/engines ${LCRYPTO_SRC}/engines/ccgost +CFLAGS+= -I${TMPINCLUDEDIR}/private + SHLIBDIR?= /usr/lib/engines Index: secure/lib/libssl/Makefile =================================================================== --- secure/lib/libssl/Makefile +++ secure/lib/libssl/Makefile @@ -3,6 +3,8 @@ LIB= ssl SHLIB_MAJOR= 8 +PRIVATELIB= true + NO_LINT= .if exists(Makefile.man) @@ -19,7 +21,7 @@ t1_srvr.c tls_srp.c INCS= dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h -INCSDIR=${INCLUDEDIR}/openssl +INCSDIR=${INCLUDEDIR}/private/openssl LIBADD= crypto Index: share/mk/bsd.libnames.mk =================================================================== --- share/mk/bsd.libnames.mk +++ share/mk/bsd.libnames.mk @@ -42,7 +42,6 @@ LIBCOM_ERR?= ${DESTDIR}${LIBDIR}/libcom_err.a LIBCPLUSPLUS?= ${DESTDIR}${LIBDIR}/libc++.a LIBCRYPT?= ${DESTDIR}${LIBDIR}/libcrypt.a -LIBCRYPTO?= ${DESTDIR}${LIBDIR}/libcrypto.a LIBCTF?= ${DESTDIR}${LIBDIR}/libctf.a LIBCURSES?= ${DESTDIR}${LIBDIR}/libcurses.a LIBCUSE?= ${DESTDIR}${LIBDIR}/libcuse.a @@ -137,7 +136,6 @@ LIBSBUF?= ${DESTDIR}${LIBDIR}/libsbuf.a LIBSDP?= ${DESTDIR}${LIBDIR}/libsdp.a LIBSMB?= ${DESTDIR}${LIBDIR}/libsmb.a -LIBSSL?= ${DESTDIR}${LIBDIR}/libssl.a LIBSSP_NONSHARED?= ${DESTDIR}${LIBDIR}/libssp_nonshared.a LIBSTAND?= ${DESTDIR}${LIBDIR}/libstand.a LIBSTDCPLUSPLUS?= ${DESTDIR}${LIBDIR}/libstdc++.a Index: share/mk/bsd.own.mk =================================================================== --- share/mk/bsd.own.mk +++ share/mk/bsd.own.mk @@ -198,6 +198,7 @@ NLSMODE?= ${NOBINMODE} INCLUDEDIR?= /usr/include +TMPINCLUDEDIR?= ${OBJTOP:S,${SRCTOP}/world32,,:S,${SRCTOP}/rescue/rescue,,:S,${SRCTOP}/tmp,,}/tmp/usr/include # # install(1) parameters. Index: share/mk/src.libnames.mk =================================================================== --- share/mk/src.libnames.mk +++ share/mk/src.libnames.mk @@ -23,6 +23,8 @@ ldns \ sqlite3 \ ssh \ + ssl \ + crypto \ ucl \ unbound \ zstd @@ -79,7 +81,6 @@ com_err \ compiler_rt \ crypt \ - crypto \ ctf \ cuse \ cxxrt \ @@ -154,7 +155,6 @@ sdp \ sm \ smb \ - ssl \ ssp_nonshared \ stdthreads \ supcplusplus \ @@ -398,7 +398,14 @@ .for _l in ${LIBADD} DPADD+= ${DPADD_${_l}} LDADD+= ${LDADD_${_l}} +.if ${_PRIVATELIBS:M${_l}} +_CFLAGS_PRIVATE= -I${TMPINCLUDEDIR}/private +.endif .endfor + +.if !empty(_CFLAGS_PRIVATE) +CFLAGS+= ${_CFLAGS_PRIVATE} +.endif # INTERNALLIB definitions. LIBELFTCDIR= ${OBJTOP}/lib/libelftc Index: sys/boot/geli/Makefile =================================================================== --- sys/boot/geli/Makefile +++ sys/boot/geli/Makefile @@ -46,6 +46,7 @@ # local GELI Implementation .PATH: ${.CURDIR}/../../geom/eli +CFLAGS+= -I${TMPINCLUDEDIR}/private CFLAGS+= -D_STAND SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c Index: tools/bsdbox/Makefile =================================================================== --- tools/bsdbox/Makefile +++ tools/bsdbox/Makefile @@ -103,7 +103,7 @@ # .include "Makefile.telnetd" .include "Makefile.fs" -CRUNCH_LIBS+= -lcrypto -lssl -lz +CRUNCH_LIBS+= -lprivatecrypto -lprivatessl -lz # the crunchgen build environment .include Index: usr.bin/chkey/Makefile =================================================================== --- usr.bin/chkey/Makefile +++ usr.bin/chkey/Makefile @@ -7,6 +7,7 @@ PROG= chkey SRCS= chkey.c generic.c update.c CFLAGS+= -I${SRCTOP}/usr.bin/newkey +CFLAGS+= -I${TMPINCLUDEDIR}/private .if ${MK_NIS} != "no" CFLAGS+= -DYP .endif Index: usr.bin/newkey/Makefile =================================================================== --- usr.bin/newkey/Makefile +++ usr.bin/newkey/Makefile @@ -4,6 +4,7 @@ PROG= newkey SRCS= newkey.c generic.c update.c +CFLAGS+= -I${TMPINCLUDEDIR}/private .if ${MK_NIS} != "no" CFLAGS+= -DYP .endif Index: usr.bin/svn/lib/libserf/Makefile =================================================================== --- usr.bin/svn/lib/libserf/Makefile +++ usr.bin/svn/lib/libserf/Makefile @@ -21,5 +21,6 @@ -I${APR}/include/arch/unix -I${APR}/include \ -I${.CURDIR}/../libapr_util \ -I${APRU}/include +CFLAGS+= -I${TMPINCLUDEDIR}/private .include Index: usr.sbin/keyserv/Makefile =================================================================== --- usr.sbin/keyserv/Makefile +++ usr.sbin/keyserv/Makefile @@ -5,6 +5,7 @@ SRCS= keyserv.c setkey.c crypt_svc.c crypt_server.c crypt.h CFLAGS+= -DKEYSERV_RANDOM -DBROKEN_DES -I. +CFLAGS+= -I${TMPINCLUDEDIR}/private LIBADD= mp rpcsvc Index: usr.sbin/ntp/Makefile.inc =================================================================== --- usr.sbin/ntp/Makefile.inc +++ usr.sbin/ntp/Makefile.inc @@ -12,6 +12,7 @@ .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) CFLAGS+= -DOPENSSL -DUSE_OPENSSL_CRYPTO_RAND -DAUTOKEY +CFLAGS+= -I${TMPINCLUDEDIR}/private .endif WARNS?= 0