diff --git a/crypto/openssl/include/openssl/configuration.h b/crypto/openssl/include/openssl/configuration.h --- a/crypto/openssl/include/openssl/configuration.h +++ b/crypto/openssl/include/openssl/configuration.h @@ -34,6 +34,9 @@ # ifndef OPENSSL_THREADS # define OPENSSL_THREADS # endif +# ifndef OPENSSL_NO_ACVP_TESTS +# define OPENSSL_NO_ACVP_TESTS +# endif # ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG # endif @@ -49,10 +52,8 @@ # ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # endif -# if !defined(__LP64__) || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define OPENSSL_NO_EC_NISTP_64_GCC_128 -# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 # endif # ifndef OPENSSL_NO_EGD # define OPENSSL_NO_EGD @@ -60,6 +61,9 @@ # ifndef OPENSSL_NO_EXTERNAL_TESTS # define OPENSSL_NO_EXTERNAL_TESTS # endif +# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS +# define OPENSSL_NO_FIPS_SECURITYCHECKS +# endif # ifndef OPENSSL_NO_FUZZ_AFL # define OPENSSL_NO_FUZZ_AFL # endif @@ -122,6 +126,38 @@ /* * The following are cipher-specific, but are part of the public API. */ +# if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# endif + +# define RC4_INT unsigned int + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_CONFIGURATION_H */ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __DYNAMIC_FREEBSD_CONFIGURATION_H__ +#define __DYNAMIC_FREEBSD_CONFIGURATION_H__ + +# undef OPENSSL_NO_EC_NISTP_64_GCC_128 +# if !defined(__LP64__) || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# endif + # if !defined(OPENSSL_SYS_UEFI) # if __SIZEOF_LONG__ == 8 # undef BN_LLONG @@ -140,10 +176,4 @@ # endif # endif -# define RC4_INT unsigned int - -# ifdef __cplusplus -} -# endif - -#endif /* OPENSSL_CONFIGURATION_H */ +#endif /* __DYNAMIC_FREEBSD_CONFIGURATION_H__ */ diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -606,6 +606,27 @@ echo "static const char compiler_flags[] = \"compiler: ${COMPILER_TYPE}\";" ) \ > ${.TARGET} +vendor-import: .PHONY + cd ${SRCTOP}/crypto/openssl && \ + perl ./Configure \ + disable-aria \ + disable-idea \ + disable-mdc2 \ + disable-sm2 \ + disable-sm3 \ + disable-sm4 \ + enable-ktls \ + enable-sctp \ + --openssldir=etc \ + --prefix=/usr + # Spam arch-specific overrides to config file. + cat ${.CURDIR}/dynamic_freebsd_configuration.h >> \ + ${SRCTOP}/crypto/openssl/include/openssl/configuration.h + cd ${.CURDIR} && ${MAKE} cleanasm && ${MAKE} buildasm + # Passing `-j ${.MAKE.JOBS}` doesn't work here for some reason. + cd ${SRCTOP}/crypto/openssl && \ + gmake build_man_docs + buildasm cleanasm: .for arch in aarch64 amd64 arm i386 powerpc powerpc64 powerpc64le make MK_AUTO_OBJ=no -DWITHOUT_AUTO_ASM -DASM_${arch} \ diff --git a/secure/lib/libcrypto/dynamic_freebsd_configuration.h b/secure/lib/libcrypto/dynamic_freebsd_configuration.h new file mode 100644 --- /dev/null +++ b/secure/lib/libcrypto/dynamic_freebsd_configuration.h @@ -0,0 +1,36 @@ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __DYNAMIC_FREEBSD_CONFIGURATION_H__ +#define __DYNAMIC_FREEBSD_CONFIGURATION_H__ + +# undef OPENSSL_NO_EC_NISTP_64_GCC_128 +# if !defined(__LP64__) || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# endif + +# if !defined(OPENSSL_SYS_UEFI) +# if __SIZEOF_LONG__ == 8 +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# elif __SIZEOF_LONG__ == 4 +# define BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +# else +# error Unsupported size of long +# endif +# endif + +#endif /* __DYNAMIC_FREEBSD_CONFIGURATION_H__ */