src - FreeBSD source tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	OpenSSL: update Makefiles to reflect 3.5.1 release	Enji Cooper	2025-09-18	1	-5/+36
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is a targeted effort to update the INCS and SRCS entries for libcrypto, the legacy provider, and libssl to match what upstream (OpenSSL) builds in their respective libraries. The number of stylistic changes were kept at a minimum. Another incoming change will reformat this file to make future maintenance easier. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52554
*	openssl: link enough files for the legacy provider to actually load	Gleb Smirnoff	2025-09-01	1	-3/+4
\| \| \| \| \|	Reviewed by: khorben, ngie Differential Revision: https://reviews.freebsd.org/D52113
*	openssl: Import version 3.5.1	Pierre Pronchery	2025-08-07	1	-3/+0
\| \| \| \| \| \| \| \| \| \|	Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be EOL after 2026-09-07. Approved by: philip (mentor) Sponsored by: Alpha-Omega Beach Cleaning Project Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D51613
*	Remove residual blank line at start of Makefile	Warner Losh	2024-07-15	1	-1/+0
\| \| \| \| \| \| \|	This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
*	Revert "OpenSSL: use the upstream provided version.map files for the ↵	Enji Cooper	2024-04-21	1	-2/+0
\| \| \| \| \| \| \| \| \| \| \| \|	fips/legacy providers" This change is still under review and should not have been merged directly to main (yet). This is a case and point for using `push.default` to nothing instead of matching or simple. This reverts commit 42ce242e353065dfbaa248955f6657005a395a95.
*	OpenSSL: use the upstream provided version.map files for the fips/legacy ↵	Enji Cooper	2024-04-21	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	providers This change introduces a static copy of the fips and legacy linker version maps generated by the OpenSSL 3.0.13 build process. This unbreaks the fips and legacy providers by not exposing unnecessary symbols from the fips/legacy provider shared objects shared with other providers (base, default) and libcrypto. More discussion: Prior to this change, loading the fips provider indirectly from a FreeBSD 14.0-CURRENT and 15.0-CURRENT host would result in a process-wide deadlock when invoking select OpenSSL APIs (CONF_modules_load* in this particular example). Speaking with the upstream maintainers [1], it became obvious that the FreeBSD base system was incorrectly building/linking the fips provider, resulting in a symbol collision at runtime, and thus a process-wide deadlock in specific circumstances. The fips provider would deadlock when trying to acquire a write lock on internal structures which should have only been available to the base and default providers, as certain preprocessor ifdefs only allow specific internal calls to be made with the base and default providers. 1. https://github.com/openssl/openssl/issues/24202 Differential Revision: https://reviews.freebsd.org/D44892
*	libcrypto: link engines and the legacy provider to libcrypto	Pierre Pronchery	2023-09-16	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	OpenSSL's legacy provider module and engines need to link to libcrypto.so, as it provides some of the actual implementations of legacy routines. This is a little tricky due to build order issues. Introduce a small hack (LIBCRYPTO_WITHOUT_SUBDIRS) that builds libcrypto.so in its usual early phase without any OpenSSL provider modules or engines. This is intended to restore the test suite; a future change should remove the hack and replace it with a better approach. PR: 254853, 273528 Discussed with: Folks at EuroBSDCon in Coimbra Sponsored by: The FreeBSD Foundation
*	Remove $FreeBSD$: one-line sh pattern	Warner Losh	2023-08-16	1	-1/+0
\| \| \| \|	Remove /^\s#[#!]?\s\$FreeBSD\$.*$\n/
*	libcrypto: expand the common Makefile for providers	Pierre Pronchery	2023-07-05	1	-5/+1
\| \| \| \| \| \| \| \| \|	OpenSSL 3 supports a modular architecture, allowing different providers to bring specific implementations of cryptographical algorithms. This change adds mandatory source files to every provider. Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/787
*	libcrypto: add missing symbols to the legacy provider	Pierre Pronchery	2023-07-05	1	-1/+33
\| \| \| \| \| \| \| \| \| \| \| \| \|	OpenSSL 3 supports a modular architecture, allowing different providers to bring specific implementations of cryptographical algorithms. One such provider, "legacy", ships with OpenSSL 3 directly, and groups obsoleted algorithms that can still optionally be used anyway. The import of OpenSSL 3.0.9 was building this provider incorrectly, missing symbols required for proper operation. Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/787
*	libcrypto: Revert recent changes to fix legacy and fips providers	Mark Johnston	2023-07-04	1	-29/+1
\| \| \| \| \| \| \|	They break the !amd64 builds due to an underspecified include path and will be re-applied once that's fixed. Reported by: Ronald Klop <ronald-lists@klop.ws>
*	libcrypto: expand the common Makefile for providers	Pierre Pronchery	2023-07-04	1	-5/+1
\| \| \| \| \| \| \| \| \|	OpenSSL 3 supports a modular architecture, allowing different providers to bring specific implementations of cryptographical algorithms. This change adds mandatory source files to every provider. Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/787
*	libcrypto: add missing symbols to the legacy provider	Pierre Pronchery	2023-07-04	1	-1/+33
\| \| \| \| \| \| \| \| \| \| \| \| \|	OpenSSL 3 supports a modular architecture, allowing different providers to bring specific implementations of cryptographical algorithms. One such provider, "legacy", ships with OpenSSL 3 directly, and groups obsoleted algorithms that can still optionally be used anyway. The import of OpenSSL 3.0.9 was building this provider incorrectly, missing symbols required for proper operation. Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/787
*	Merge OpenSSL 3.0.9	Pierre Pronchery	2023-06-23	1	-0/+7
	Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the version we were previously using) will be EOL as of 2023-09-11. Most of the base system has already been updated for a seamless switch to OpenSSL 3.0. For many components we've added `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, which avoids deprecation warnings from OpenSSL 3.0. Changes have also been made to avoid OpenSSL APIs that were already deprecated in OpenSSL 1.1.1. The process of updating to contemporary APIs can continue after this merge. Additional changes are still required for libarchive and Kerberos- related libraries or tools; workarounds will immediately follow this commit. Fixes are in progress in the upstream projects and will be incorporated when those are next updated. There are some performance regressions in benchmarks (certain tests in `openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy). Investigation will continue for these. Netflix's testing showed no functional regression and a rather small, albeit statistically significant, increase in CPU consumption with OpenSSL 3.0. Thanks to ngie@ and des@ for updating base system components, to antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to Netflix and everyone who tested prior to commit or contributed to this update in other ways. PR: 271615 PR: 271656 [exp-run] Relnotes: Yes Sponsored by: The FreeBSD Foundation