diff --git a/crypto/openssl/BSDmakefile b/crypto/openssl/BSDmakefile new file mode 100644 --- /dev/null +++ b/crypto/openssl/BSDmakefile @@ -0,0 +1,50 @@ +NO_OBJ= + +LCRYPTO_SRC= ${SRCTOP}/crypto/openssl +LCRYPTO_DOC= ${LCRYPTO_SRC}/doc + +PERL?= perl + +CONFIGURATION_H= ${LCRYPTO_SRC}/include/openssl/configuration.h + +vendor-import: .PHONY + @cd ${.CURDIR} && \ + ${PERL} ./Configure \ + disable-aria \ + disable-idea \ + disable-mdc2 \ + disable-sm2 \ + disable-sm3 \ + disable-sm4 \ + enable-ktls \ + enable-sctp \ + --openssldir=etc \ + --prefix=/usr + + @mv ${CONFIGURATION_H} ${CONFIGURATION_H}.orig + + # Spam arch-specific overrides to config file. + @cat ${CONFIGURATION_H}.orig \ + ${LCRYPTO_SRC}/dynamic_freebsd_configuration.h >> \ + ${CONFIGURATION_H} + + @cd ${SRCTOP}/secure/lib/libcrypto && \ + ${MAKE} cleanasm && \ + ${MAKE} buildasm + + # Passing `-j ${.MAKE.JOBS}` doesn't work here for some reason. + @cd ${.CURDIR} && gmake build_man_docs + + @rsync -a --delete \ + --exclude 'Makefile*' --exclude '*.1' \ + ${LCRYPTO_DOC}/man/ \ + ${SRCTOP}/secure/lib/libcrypto/man + + @rsync -a --delete \ + --exclude 'Makefile*' --exclude '*.[357]' \ + ${LCRYPTO_DOC}/man/man1/ \ + ${SRCTOP}/secure/usr.bin/openssl/man + + @cd ${LCRYPTO_SRC} && ${PERL} \ + ${LCRYPTO_SRC}/freebsd_dump_openssl_config.pl > \ + ${SRCTOP}/secure/lib/libcrypto/Makefile.version diff --git a/crypto/openssl/dynamic_freebsd_configuration.h b/crypto/openssl/dynamic_freebsd_configuration.h new file mode 100644 --- /dev/null +++ b/crypto/openssl/dynamic_freebsd_configuration.h @@ -0,0 +1,40 @@ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __DYNAMIC_FREEBSD_CONFIGURATION_H__ +#define __DYNAMIC_FREEBSD_CONFIGURATION_H__ + +# undef OPENSSL_NO_EC_NISTP_64_GCC_128 +# if __SIZEOF_LONG__ == 4 || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# endif + +# undef BN_LLONG +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# if !defined(OPENSSL_SYS_UEFI) +# if __SIZEOF_LONG__ == 8 +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# elif __SIZEOF_LONG__ == 4 +# define BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +# else +# error Unsupported size of long +# endif +# endif + +#endif /* __DYNAMIC_FREEBSD_CONFIGURATION_H__ */ diff --git a/crypto/openssl/freebsd_dump_openssl_config.pl b/crypto/openssl/freebsd_dump_openssl_config.pl new file mode 100644 --- /dev/null +++ b/crypto/openssl/freebsd_dump_openssl_config.pl @@ -0,0 +1,14 @@ +#!/usr/bin/env perl + +use lib "."; + +use Time::Piece; + +use configdata qw(%config); + +$OPENSSL_DATE = Time::Piece->strptime($config{"release_date"}, "%d %b %Y")->strftime("%Y-%m-%d"); + +$OPENSSL_RELVER = "$config{'major'}.$config{'minor'}.$config{'patch'}"; + +print("OPENSSL_VER=\t${OPENSSL_RELVER}\n"); +print("OPENSSL_DATE=\t${OPENSSL_DATE}\n"); diff --git a/crypto/openssl/include/openssl/configuration.h b/crypto/openssl/include/openssl/configuration.h --- a/crypto/openssl/include/openssl/configuration.h +++ b/crypto/openssl/include/openssl/configuration.h @@ -34,6 +34,9 @@ # ifndef OPENSSL_THREADS # define OPENSSL_THREADS # endif +# ifndef OPENSSL_NO_ACVP_TESTS +# define OPENSSL_NO_ACVP_TESTS +# endif # ifndef OPENSSL_NO_AFALGENG # define OPENSSL_NO_AFALGENG # endif @@ -49,10 +52,8 @@ # ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE # endif -# if !defined(__LP64__) || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# define OPENSSL_NO_EC_NISTP_64_GCC_128 -# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 # endif # ifndef OPENSSL_NO_EGD # define OPENSSL_NO_EGD @@ -60,6 +61,9 @@ # ifndef OPENSSL_NO_EXTERNAL_TESTS # define OPENSSL_NO_EXTERNAL_TESTS # endif +# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS +# define OPENSSL_NO_FIPS_SECURITYCHECKS +# endif # ifndef OPENSSL_NO_FUZZ_AFL # define OPENSSL_NO_FUZZ_AFL # endif @@ -123,6 +127,42 @@ * The following are cipher-specific, but are part of the public API. */ # if !defined(OPENSSL_SYS_UEFI) +# undef BN_LLONG +/* Only one for the following should be defined */ +# define SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# endif + +# define RC4_INT unsigned int + +# ifdef __cplusplus +} +# endif + +#endif /* OPENSSL_CONFIGURATION_H */ + +/** + * OpenSSL's Configure script generates these values automatically for the host + * architecture, but FreeBSD provides values which are universal for all + * supported target architectures. + */ + +#ifndef __DYNAMIC_FREEBSD_CONFIGURATION_H__ +#define __DYNAMIC_FREEBSD_CONFIGURATION_H__ + +# undef OPENSSL_NO_EC_NISTP_64_GCC_128 +# if __SIZEOF_LONG__ == 4 || __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__ +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +# endif +# endif + +# undef BN_LLONG +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# undef THIRTY_TWO_BIT +# if !defined(OPENSSL_SYS_UEFI) # if __SIZEOF_LONG__ == 8 # undef BN_LLONG /* Only one for the following should be defined */ @@ -140,10 +180,4 @@ # endif # endif -# define RC4_INT unsigned int - -# ifdef __cplusplus -} -# endif - -#endif /* OPENSSL_CONFIGURATION_H */ +#endif /* __DYNAMIC_FREEBSD_CONFIGURATION_H__ */ diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -1,8 +1,7 @@ .include # OpenSSL version used for manual page generation -OPENSSL_VER= 3.0.17 -OPENSSL_DATE= 2025-07-01 +.include "Makefile.version" LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc