D51663.id159997.diff
No OneTemporary
Actions

Size

12 KB

Referenced Files

None

Subscribers

None

D51663.id159997.diff
View Options

	diff --git a/crypto/openssl/BSDmakefile b/crypto/openssl/BSDmakefile
	new file mode 100644
	--- /dev/null
	+++ b/crypto/openssl/BSDmakefile
	@@ -0,0 +1,91 @@
	+# This BSD makefile helps provide a deterministic means of doing a "clean"
	+# vendor import of OpenSSL.
	+#
	+# Recommended use:
	+#
	+# % make clean
	+# % make all
	+
	+NO_OBJ=
	+
	+LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
	+LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
	+
	+CAT?= /bin/cat
	+MV?= /bin/mv
	+PERL?= perl
	+
	+BN_CONF_H= include/crypto/bn_conf.h
	+BN_CONF_H_ORIG= ${BN_CONF_H}.orig
	+CONFIGURATION_H= include/openssl/configuration.h
	+CONFIGURATION_H_ORIG= ${CONFIGURATION_H}.orig
	+
	+.PHONY: configure patch all
	+.ORDER: configure patch all
	+
	+# XXX: 3.0.16 fails to configure properly when `enable-tests` is specified due to
	+# missing sources under test/ ; this was fixed in 3.0.17.
	+configure:
	+ @cd ${.CURDIR} && \
	+ ${PERL} ./Configure \
	+ disable-aria \
	+ disable-idea \
	+ disable-mdc2 \
	+ disable-sm2 \
	+ disable-sm3 \
	+ disable-sm4 \
	+ disable-tests \
	+ enable-ktls \
	+ enable-sctp \
	+ --openssldir=etc \
	+ --prefix=/usr
	+ @cd ${.CURDIR} && gmake configdata.pm
	+ @cd ${LCRYPTO_SRC} && ${PERL} \
	+ ${LCRYPTO_SRC}/freebsd/dump_version_from_configdata.pl > \
	+ ${SRCTOP}/secure/lib/libcrypto/Makefile.version
	+
	+all: patch
	+ # Passing `-j ${.MAKE.JOBS}` doesn't work here for some reason.
	+ @cd ${.CURDIR} && gmake build_all_generated
	+
	+ @cd ${SRCTOP}/secure/lib/libcrypto && \
	+ ${MAKE} cleanasm && \
	+ ${MAKE} buildasm
	+
	+ @rsync -a --delete \
	+ --exclude 'Makefile' --exclude '.1' \
	+ ${LCRYPTO_DOC}/man/ \
	+ ${SRCTOP}/secure/lib/libcrypto/man
	+
	+ @rsync -a --delete \
	+ --exclude 'Makefile' --exclude '.[357]' \
	+ ${LCRYPTO_DOC}/man/man1/ \
	+ ${SRCTOP}/secure/usr.bin/openssl/man
	+
	+
	+# This doesn't use standard patching since the generated files can vary
	+# depending on the host architecture.
	+patch: configure
	+ # Spam arch-specific overrides to config files.
	+
	+ @cd ${.CURDIR} && gmake ${BN_CONF_H} && \
	+ ${MV} ${BN_CONF_H} ${BN_CONF_H_ORIG} && \
	+ ${CAT} ${BN_CONF_H}.orig \
	+ ${LCRYPTO_SRC}/freebsd/${BN_CONF_H} >> \
	+ ${BN_CONF_H}
	+
	+ @cd ${.CURDIR} && \
	+ ${MV} ${CONFIGURATION_H} ${CONFIGURATION_H_ORIG} && \
	+ ${CAT} ${CONFIGURATION_H_ORIG} \
	+ ${LCRYPTO_SRC}/freebsd/${CONFIGURATION_H} >> \
	+ ${CONFIGURATION_H}
	+
	+
	+clean: .PHONY
	+ @cd ${.CURDIR} && rm -f ${BN_CONF_H_ORIG} ${CONFIGURATION_H_ORIG}
	+
	+ @cd ${SRCTOP}/secure/lib/libcrypto && ${MAKE} cleanasm
	+
	+ -@cd ${.CURDIR} && gmake ${.TARGET}
	+
	+.include <sys.mk>
	diff --git a/crypto/openssl/freebsd/dump_version_from_configdata.pl b/crypto/openssl/freebsd/dump_version_from_configdata.pl
	new file mode 100644
	--- /dev/null
	+++ b/crypto/openssl/freebsd/dump_version_from_configdata.pl
	@@ -0,0 +1,21 @@
	+#!/usr/bin/env perl
	+#
	+# This dumps out the values needed to generate manpages and other artifacts
	+# which include the release version/date.
	+#
	+# See also: `secure/lib/libcrypto/Makefile.version`.
	+
	+use Cwd qw(realpath);
	+use File::Basename qw(dirname);
	+use Time::Piece;
	+
	+use lib dirname(dirname(realpath($0)));
	+
	+use configdata qw(%config);
	+
	+$OPENSSL_DATE = Time::Piece->strptime($config{"release_date"}, "%d %b %Y")->strftime("%Y-%m-%d");
	+
	+$OPENSSL_VER = "$config{'major'}.$config{'minor'}.$config{'patch'}";
	+
	+print("OPENSSL_VER=\t${OPENSSL_VER}\n");
	+print("OPENSSL_DATE=\t${OPENSSL_DATE}\n");
	diff --git a/crypto/openssl/freebsd/include/crypto/bn_conf.h b/crypto/openssl/freebsd/include/crypto/bn_conf.h
	new file mode 100644
	--- /dev/null
	+++ b/crypto/openssl/freebsd/include/crypto/bn_conf.h
	@@ -0,0 +1,28 @@
	+
	+/**
	+ * OpenSSL's Configure script generates these values automatically for the host
	+ * architecture, but FreeBSD provides values which are universal for all
	+ * supported target architectures.
	+ */
	+
	+#ifndef __FREEBSD_BN_CONF_H__
	+#define __FREEBSD_BN_CONF_H__
	+
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+
	+# if __SIZEOF_LONG__ == 8
	+# define SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+# elif __SIZEOF_LONG__ == 4
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# define THIRTY_TWO_BIT
	+# else
	+# error Unsupported size of long
	+# endif
	+# endif
	+
	+#endif /* __FREEBSD_BN_CONF_H__ */
	diff --git a/crypto/openssl/freebsd/include/openssl/configuration.h b/crypto/openssl/freebsd/include/openssl/configuration.h
	new file mode 100644
	--- /dev/null
	+++ b/crypto/openssl/freebsd/include/openssl/configuration.h
	@@ -0,0 +1,38 @@
	+
	+/**
	+ * OpenSSL's Configure script generates these values automatically for the host
	+ * architecture, but FreeBSD provides values which are universal for all
	+ * supported target architectures.
	+ */
	+
	+#ifndef __FREEBSD_CONFIGURATION_H__
	+#define __FREEBSD_CONFIGURATION_H__
	+
	+# undef OPENSSL_NO_EC_NISTP_64_GCC_128
	+# if __SIZEOF_LONG__ == 4 \|\| __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__
	+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
	+# define OPENSSL_NO_EC_NISTP_64_GCC_128
	+# endif
	+# endif
	+
	+# undef BN_LLONG
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+# if !defined(OPENSSL_SYS_UEFI)
	+# if __SIZEOF_LONG__ == 8
	+# undef BN_LLONG
	+# define SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+# elif __SIZEOF_LONG__ == 4
	+# define BN_LLONG
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# define THIRTY_TWO_BIT
	+# else
	+# error Unsupported size of long
	+# endif
	+# endif
	+
	+#endif /* __FREEBSD_CONFIGURATION_H__ */
	diff --git a/crypto/openssl/include/crypto/bn_conf.h b/crypto/openssl/include/crypto/bn_conf.h
	--- a/crypto/openssl/include/crypto/bn_conf.h
	+++ b/crypto/openssl/include/crypto/bn_conf.h
	@@ -1,10 +1,9 @@
	-/* $FreeBSD$ */
	/* WARNING: do not edit! */
	/* Generated by Makefile from include/crypto/bn_conf.h.in */
	/*
	- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	*
	- * Licensed under the OpenSSL license (the "License"). You may not use
	+ * Licensed under the Apache License 2.0 (the "License"). You may not use
	* this file except in compliance with the License. You can obtain a copy
	* in the file LICENSE in the source distribution or at
	* https://www.openssl.org/source/license.html
	@@ -12,6 +11,7 @@

	#ifndef OSSL_CRYPTO_BN_CONF_H
	# define OSSL_CRYPTO_BN_CONF_H
	+# pragma once

	/*
	* The contents of this file are not used in the UEFI build, as
	@@ -22,16 +22,38 @@
	/* Should we define BN_DIV2W here? */

	/* Only one for the following should be defined */
	-# if __SIZEOF_LONG__ == 8
	-# define SIXTY_FOUR_BIT_LONG
	-# undef SIXTY_FOUR_BIT
	-# undef THIRTY_TWO_BIT
	-# elif __SIZEOF_LONG__ == 4
	-# undef SIXTY_FOUR_BIT_LONG
	-# undef SIXTY_FOUR_BIT
	-# define THIRTY_TWO_BIT
	-# else
	-# error Unsupported size of long
	-# endif
	+#define SIXTY_FOUR_BIT_LONG
	+#undef SIXTY_FOUR_BIT
	+#undef THIRTY_TWO_BIT

	#endif
	+
	+/**
	+ * OpenSSL's Configure script generates these values automatically for the host
	+ * architecture, but FreeBSD provides values which are universal for all
	+ * supported target architectures.
	+ */
	+
	+#ifndef __FREEBSD_BN_CONF_H__
	+#define __FREEBSD_BN_CONF_H__
	+
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+
	+# if __SIZEOF_LONG__ == 8
	+/* Only one for the following should be defined */
	+# define SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+# elif __SIZEOF_LONG__ == 4
	+/* Only one for the following should be defined */
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# define THIRTY_TWO_BIT
	+# else
	+# error Unsupported size of long
	+# endif
	+# endif
	+
	+#endif /* __FREEBSD_BN_CONF_H__ */
	diff --git a/crypto/openssl/include/crypto/dso_conf.h b/crypto/openssl/include/crypto/dso_conf.h
	--- a/crypto/openssl/include/crypto/dso_conf.h
	+++ b/crypto/openssl/include/crypto/dso_conf.h
	@@ -1,4 +1,3 @@
	-/* $FreeBSD$ */
	/* WARNING: do not edit! */
	/* Generated by Makefile from include/crypto/dso_conf.h.in */
	/*
	diff --git a/crypto/openssl/include/openssl/bio.h b/crypto/openssl/include/openssl/bio.h
	--- a/crypto/openssl/include/openssl/bio.h
	+++ b/crypto/openssl/include/openssl/bio.h
	@@ -867,7 +867,7 @@
	int (puts) (BIO , const char *));
	int (BIO_meth_get_gets(const BIO_METHOD biom)) (BIO , char , int);
	int BIO_meth_set_gets(BIO_METHOD *biom,
	- int (gets) (BIO , char *, int));
	+ int (ossl_gets) (BIO , char *, int));
	long (BIO_meth_get_ctrl(const BIO_METHOD biom)) (BIO , int, long, void );
	int BIO_meth_set_ctrl(BIO_METHOD *biom,
	long (ctrl) (BIO , int, long, void *));
	diff --git a/crypto/openssl/include/openssl/configuration.h b/crypto/openssl/include/openssl/configuration.h
	--- a/crypto/openssl/include/openssl/configuration.h
	+++ b/crypto/openssl/include/openssl/configuration.h
	@@ -34,6 +34,9 @@
	# ifndef OPENSSL_THREADS
	# define OPENSSL_THREADS
	# endif
	+# ifndef OPENSSL_NO_ACVP_TESTS
	+# define OPENSSL_NO_ACVP_TESTS
	+# endif
	# ifndef OPENSSL_NO_AFALGENG
	# define OPENSSL_NO_AFALGENG
	# endif
	@@ -49,10 +52,8 @@
	# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
	# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
	# endif
	-# if !defined(__LP64__) \|\| __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__
	-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
	-# define OPENSSL_NO_EC_NISTP_64_GCC_128
	-# endif
	+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
	+# define OPENSSL_NO_EC_NISTP_64_GCC_128
	# endif
	# ifndef OPENSSL_NO_EGD
	# define OPENSSL_NO_EGD
	@@ -60,6 +61,9 @@
	# ifndef OPENSSL_NO_EXTERNAL_TESTS
	# define OPENSSL_NO_EXTERNAL_TESTS
	# endif
	+# ifndef OPENSSL_NO_FIPS_SECURITYCHECKS
	+# define OPENSSL_NO_FIPS_SECURITYCHECKS
	+# endif
	# ifndef OPENSSL_NO_FUZZ_AFL
	# define OPENSSL_NO_FUZZ_AFL
	# endif
	@@ -123,6 +127,42 @@
	* The following are cipher-specific, but are part of the public API.
	*/
	# if !defined(OPENSSL_SYS_UEFI)
	+# undef BN_LLONG
	+/* Only one for the following should be defined */
	+# define SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+# endif
	+
	+# define RC4_INT unsigned int
	+
	+# ifdef __cplusplus
	+}
	+# endif
	+
	+#endif /* OPENSSL_CONFIGURATION_H */
	+
	+/**
	+ * OpenSSL's Configure script generates these values automatically for the host
	+ * architecture, but FreeBSD provides values which are universal for all
	+ * supported target architectures.
	+ */
	+
	+#ifndef __FREEBSD_CONFIGURATION_H__
	+#define __FREEBSD_CONFIGURATION_H__
	+
	+# undef OPENSSL_NO_EC_NISTP_64_GCC_128
	+# if __SIZEOF_LONG__ == 4 \|\| __BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__
	+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
	+# define OPENSSL_NO_EC_NISTP_64_GCC_128
	+# endif
	+# endif
	+
	+# undef BN_LLONG
	+# undef SIXTY_FOUR_BIT_LONG
	+# undef SIXTY_FOUR_BIT
	+# undef THIRTY_TWO_BIT
	+# if !defined(OPENSSL_SYS_UEFI)
	# if __SIZEOF_LONG__ == 8
	# undef BN_LLONG
	/* Only one for the following should be defined */
	@@ -140,10 +180,4 @@
	# endif
	# endif

	-# define RC4_INT unsigned int
	-
	-# ifdef __cplusplus
	-}
	-# endif
	-
	-#endif /* OPENSSL_CONFIGURATION_H */
	+#endif /* __FREEBSD_CONFIGURATION_H__ */
	diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h
	--- a/crypto/openssl/include/openssl/opensslv.h
	+++ b/crypto/openssl/include/openssl/opensslv.h
	@@ -29,7 +29,7 @@
	*/
	# define OPENSSL_VERSION_MAJOR 3
	# define OPENSSL_VERSION_MINOR 0
	-# define OPENSSL_VERSION_PATCH 16
	+# define OPENSSL_VERSION_PATCH 17

	/*
	* Additional version information
	@@ -74,21 +74,21 @@
	* longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
	* OPENSSL_VERSION_BUILD_METADATA_STR appended.
	*/
	-# define OPENSSL_VERSION_STR "3.0.16"
	-# define OPENSSL_FULL_VERSION_STR "3.0.16"
	+# define OPENSSL_VERSION_STR "3.0.17"
	+# define OPENSSL_FULL_VERSION_STR "3.0.17"

	/*
	* SECTION 3: ADDITIONAL METADATA
	*
	* These strings are defined separately to allow them to be parsable.
	*/
	-# define OPENSSL_RELEASE_DATE "11 Feb 2025"
	+# define OPENSSL_RELEASE_DATE "1 Jul 2025"

	/*
	* SECTION 4: BACKWARD COMPATIBILITY
	*/

	-# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.16 11 Feb 2025"
	+# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.17 1 Jul 2025"

	/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
	# ifdef OPENSSL_VERSION_PRE_RELEASE
	diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
	--- a/secure/lib/libcrypto/Makefile.inc
	+++ b/secure/lib/libcrypto/Makefile.inc
	@@ -1,8 +1,7 @@
	.include <bsd.own.mk>

	# OpenSSL version used for manual page generation
	-OPENSSL_VER= 3.0.16
	-OPENSSL_DATE= 2025-02-11
	+.include "Makefile.version"

	LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
	LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
	diff --git a/secure/lib/libcrypto/Makefile.version b/secure/lib/libcrypto/Makefile.version
	new file mode 100644
	--- /dev/null
	+++ b/secure/lib/libcrypto/Makefile.version
	@@ -0,0 +1,2 @@
	+OPENSSL_VER= 3.0.16
	+OPENSSL_DATE= 2025-02-11

File Metadata

Mime Type: text/plain
Expires: Tue, Apr 28, 5:57 AM (4 h, 14 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 32254317
Default Alt Text: D51663.id159997.diff (12 KB)

D51663.id159997.diffNo OneTemporaryActions

D51663.id159997.diffView Options

File Metadata

Event Timeline

D51663.id159997.diff
No OneTemporary
Actions

D51663.id159997.diff
View Options