aboutsummaryrefslogtreecommitdiff
path: root/secure/lib/libssl/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* OpenSSL: update Makefiles to reflect 3.5.1 releaseEnji Cooper2025-09-181-1/+1
| | | | | | | | | | | | | | This is a targeted effort to update the INCS and SRCS entries for libcrypto, the legacy provider, and libssl to match what upstream (OpenSSL) builds in their respective libraries. The number of stylistic changes were kept at a minimum. Another incoming change will reformat this file to make future maintenance easier. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52554
* openssl: Disable KTLS in bootstrap librariesMark Johnston2025-09-041-1/+1
| | | | | | | | | We need to build OpenSSL when bootstrapping certctl. On MacOS ktls_enable() isn't defined anywhere, so without this the build fails. We don't need KTLS in the bootstrap library, so just disable it. Reviewed by: khorben, ngie Differential Revision: https://reviews.freebsd.org/D52341
* packages: Improve handling of -lib packagesLexi Winter2025-08-231-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some packages (OpenSSL, Kerberos) we want to ship runtime libraries in a separate package, e.g. openssl and openssl-lib. Currently this is done using PACKAGE=openssl-lib, but that creates packages with strange names like openssl-lib-lib32. Instead, add a new LIB_PACKAGE option to bsd.lib.mk that causes runtime libraries to be placed in a new -lib subpackage. This significantly improves the set of packages we create; for example, OpenSSL goes from: FreeBSD-openssl FreeBSD-openssl-dbg FreeBSD-openssl-lib FreeBSD-openssl-lib-dbg FreeBSD-openssl-lib-dbg-lib32 FreeBSD-openssl-lib-dev FreeBSD-openssl-lib-dev-lib32 FreeBSD-openssl-lib-lib32 FreeBSD-openssl-lib-man FreeBSD-openssl-man to: FreeBSD-openssl FreeBSD-openssl-dbg FreeBSD-openssl-dbg-lib32 FreeBSD-openssl-dev FreeBSD-openssl-dev-lib32 FreeBSD-openssl-lib FreeBSD-openssl-lib32 FreeBSD-openssl-man While here, move /usr/bin/krb5-config and /usr/bin/compile_et into the kerberos-dev package. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D51925
* libssl: unbreak building the library with KTLSEnji Cooper2025-08-211-0/+2
| | | | | | | | | | | | | | | The 3.5.1 update dropped a `SRCS` entry for the MK_OPENSSL_KTLS != no case (the source was renamed from `ktls.c` to `ktls_meth.c`). Add the new file to SRCS in order to unbreak linking the library when KTLS is enabled. This bug isn't apparent now because KTLS is always disabled in `include/openssl/configuration.h` (this will be fixed soon). Found when doing `make universe` with KTLS enabled in `include/openssl/configuration.h`. Fixes: 4757b351ea9d59d ("openssl: Import version 3.5.1")
* openssl: Import version 3.5.1Pierre Pronchery2025-08-071-16/+64
| | | | | | | | | | Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be EOL after 2026-09-07. Approved by: philip (mentor) Sponsored by: Alpha-Omega Beach Cleaning Project Sponsored by: The FreeBSD Foundation Differential revision: https://reviews.freebsd.org/D51613
* build: remove the last vestiges of lint supportBrooks Davis2025-06-051-2/+0
| | | | | | | | | Commit 1cbb58886a47 (shipped in 12.0.0) removed all lint infrastructure. A bunch of NO_LINT definitions remained (perhaps as a bootstrapping measture). Remove them. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D50704
* Remove residual blank line at start of MakefileWarner Losh2024-07-151-1/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-161-1/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* pkgbase: reorganise caroot and openssl packagesDoug Rabson2023-08-051-1/+1
| | | | | | | | | This splits out the certctl utility into a new certctl package and the openssl libs into an openssl-lib package. PR: 272816 Reviewed by: manu Differential Revision: https://reviews.freebsd.org/D41321
* Merge OpenSSL 3.0.9Pierre Pronchery2023-06-231-9/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the version we were previously using) will be EOL as of 2023-09-11. Most of the base system has already been updated for a seamless switch to OpenSSL 3.0. For many components we've added `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, which avoids deprecation warnings from OpenSSL 3.0. Changes have also been made to avoid OpenSSL APIs that were already deprecated in OpenSSL 1.1.1. The process of updating to contemporary APIs can continue after this merge. Additional changes are still required for libarchive and Kerberos- related libraries or tools; workarounds will immediately follow this commit. Fixes are in progress in the upstream projects and will be incorporated when those are next updated. There are some performance regressions in benchmarks (certain tests in `openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy). Investigation will continue for these. Netflix's testing showed no functional regression and a rather small, albeit statistically significant, increase in CPU consumption with OpenSSL 3.0. Thanks to ngie@ and des@ for updating base system components, to antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to Netflix and everyone who tested prior to commit or contributed to this update in other ways. PR: 271615 PR: 271656 [exp-run] Relnotes: Yes Sponsored by: The FreeBSD Foundation
* openssl: install pc filesBaptiste Daroussin2022-09-061-0/+2
| | | | | | | | | | | | | | | | | | | | | most programs in ports are looking for .pc files in order to get the necessary information on how to compile and link against openssl. The ports now also has a way to hide or force a path for pkgconf. Providing .pc files along with openssl in base will allow (once all the supported version of FreeBSD has it) so improve the framework to deal with openssl in base vs openssl in ports (and libressl) This will also greatly reduce the number of patches necessary to workaround the build systems which only knows how to detect where openssl is installed via pkgconf. PR: 266051 MFC After: 3 weeks Reviewed by: jkim, delphij Exp-run by: antoine Differential Revision: https://reviews.freebsd.org/D36360
* pkgbase: Put openssl in its own packageEmmanuel Vadot2021-05-131-0/+1
| | | | | | | | This is useful for upgrade and also to make tiny jail so they won't depend on FreeBSD-utilities (where openssl was packaged before). MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D30081
* OpenSSL: Support for kernel TLS offload (KTLS)John Baldwin2021-01-281-0/+6
| | | | | | | | | | | | | | | | | | | | This merges upstream patches from OpenSSL's master branch to add KTLS infrastructure for TLS 1.0-1.3 including both RX and TX offload and SSL_sendfile support on both Linux and FreeBSD. Note that TLS 1.3 only supports TX offload. A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with KTLS support. It defaults to enabled on amd64 and disabled on all other architectures. Reviewed by: jkim (earlier version) Approved by: secteam Obtained from: OpenSSL (patches from master) MFC after: 1 week Relnotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D28273
* Fix a typo in the cpp macro defined for PIC.John Baldwin2020-08-131-1/+1
| | | | | | | | | | | In practice this isn't used in OpenSSL outside of some sparc-specific code. Reviewed by: delphij Differential Revision: https://reviews.freebsd.org/D26058 Notes: svn path=/head/; revision=364218
* Replace OPENSSL_NO_SSL3_METHODs with dummiesConrad Meyer2020-07-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | SSLv3 has been deprecated since 2015 (and broken since 2014: "POODLE"); it should not have shipped in FreeBSD 11 (2016) or 12 (2018). No one should use it, and if they must, they can use some implementation outside of base. There are three symbols removed with OPENSSL_NO_SSL3_METHOD: SSLv3_client_method SSLv3_method SSLv3_server_method These symbols exist to request an explicit SSLv3 connection to a server. There is no good reason for an application to link or invoke these symbols instead of TLS_method(), et al (née SSLv23_method, et al). Applications that do so have broken cryptography. Define these symbols for some pedantic definition of ABI stability, but remove the functionality again (r361392) after r362620. Reviewed by: gordon, jhb (earlier-but-equivalent version both) Discussed with: bjk, kib Differential Revision: https://reviews.freebsd.org/D25493 Notes: svn path=/head/; revision=362818
* Bump base OpenSSL libraries versions to avoid conflict with port's libraries.Konstantin Belousov2018-10-251-1/+1
| | | | | | | | | | Reported by: many Reviewed by: gjb Sponsored by: The FreeBSD Foundation MFC after: 3 hours Notes: svn path=/head/; revision=339709
* Build libssl for amd64.Jung-uk Kim2018-09-191-11/+19
| | | | Notes: svn path=/projects/openssl111/; revision=338766
* Add OpenSSL symbol version maps.Jung-uk Kim2018-09-131-0/+1
| | | | | | | Note the files are not automatically generated for now. Notes: svn path=/projects/openssl111/; revision=338674
* Catch up with manual page removal from secure/lib/libssl.Jung-uk Kim2018-09-131-5/+1
| | | | Notes: svn path=/projects/openssl111/; revision=338673
* Update shlib version to 9.Jung-uk Kim2018-09-131-1/+1
| | | | Notes: svn path=/projects/openssl111/; revision=338665
* Clean up OpenSSL makefiles.Jung-uk Kim2015-11-061-0/+2
| | | | Notes: svn path=/head/; revision=290460
* Merge OpenSSL 1.0.2d.Jung-uk Kim2015-10-301-7/+7
| | | | Notes: svn path=/head/; revision=290207
* Disable insecure SSLv2 support from the base OpenSSL.Jung-uk Kim2015-03-201-5/+5
| | | | | | | Differential Revision: https://reviews.freebsd.org/D1304 Notes: svn path=/head/; revision=280306
* Convert to LIBADDBaptiste Daroussin2014-11-251-2/+1
| | | | | | | Reduce overlinking Notes: svn path=/head/; revision=275077
* Merge OpenSSL 1.0.1e.Jung-uk Kim2013-02-131-4/+4
| | | | | | | Approved by: secteam (simon), benl (silence) Notes: svn path=/head/; revision=246772
* Merge OpenSSL 1.0.1c.Jung-uk Kim2012-07-121-10/+9
| | | | | | | Approved by: benl (maintainer) Notes: svn path=/head/; revision=238405
* Merge OpenSSL 0.9.8m into head.Simon L. B. Nielsen2010-03-131-1/+1
| | | | | | | | | | | | | | This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support. MFC after: 3 weeks Notes: svn path=/head/; revision=205128
* Bump the version of all non-symbol-versioned shared libraries inKen Smith2009-07-191-1/+1
| | | | | | | | | | | preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version. Reviewed by: kib Approved by: re (rwatson) Notes: svn path=/head/; revision=195767
* Upgrade to OpenSSL 0.9.8b.Simon L. B. Nielsen2006-07-291-4/+6
| | | | Notes: svn path=/head/; revision=160819
* Revert last revision by phk@, it's redundant since bsd.incs.mkRuslan Ermilov2005-11-191-2/+0
| | | | | | | already handles this, FWIW. Notes: svn path=/head/; revision=152603
* Don't install includes if NO_TOOLCHAINPoul-Henning Kamp2005-08-031-0/+2
| | | | Notes: svn path=/head/; revision=148672
* Bump the shared library version number of all libraries that have notKen Smith2005-07-221-1/+1
| | | | | | | | | | been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...) Notes: svn path=/head/; revision=148297
* NODOCCOMPRESS -> NO_DOCCOMPRESSRuslan Ermilov2004-12-211-1/+1
| | | | | | | | | | | NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE Notes: svn path=/head/; revision=139106
* For variables that are only checked with defined(), don't provideRuslan Ermilov2004-10-241-1/+1
| | | | | | | any fake value. Notes: svn path=/head/; revision=136910
* Record the libssl.so dependency on libcrypto.so. This shouldRuslan Ermilov2004-05-131-0/+3
| | | | | | | | | | | | help some ports that depend on libradius that recently gained the dependency on libssl. This is also how the stock OpenSSL build would link libssl.so on FreeBSD. Prompted by: kris OK'ed by: markm, nectar Notes: svn path=/head/; revision=129174
* Install the OpenSSL man pages in /usr/share/openssl/manJacques Vidrine2003-02-101-33/+3
| | | | | | | and remove the WANT_OPENSSL_MANPAGES knob. Notes: svn path=/head/; revision=110655
* Re-add WANT_OPENSSL_MANPAGES knob.Jacques Vidrine2003-01-311-0/+2
| | | | | | | Noticed by: ru Notes: svn path=/head/; revision=110141
* Update for OpenSSL 0.9.7. No assembler code at the moment. ThisMark Murray2003-01-281-8/+39
| | | | | | | will follow. Notes: svn path=/head/; revision=110010
* Remove myself as maintainer of openssl; I no longer have enough time toKris Kennaway2002-11-211-2/+0
| | | | | | | devote to it. Notes: svn path=/head/; revision=107133
* Don't lint contrib'ed sources, even if the builder has asked for linting.Mark Murray2002-09-251-0/+2
| | | | | | | Its Just Too Noisy. Notes: svn path=/head/; revision=103960
* Bandaid for a broken world. The real fix is somewhat moreRuslan Ermilov2002-09-201-9/+7
| | | | | | | complicated and will be sent for a review. Notes: svn path=/head/; revision=103674
* Added new bsd.incs.mk which handles installing of header filesRuslan Ermilov2002-05-121-13/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to handle symlinking include files. Allow for multiple groups of include files to be installed, with the powerful INCSGROUPS knob. Documentation to follow. Added standard `includes' and `incsinstall' targets, use them in Makefile.inc1. Headers from the following makefiles were not installed before (during `includes' in Makefile.inc1): kerberos5/lib/libtelnet/Makefile lib/libbz2/Makefile lib/libdevinfo/Makefile lib/libform/Makefile lib/libisc/Makefile lib/libmenu/Makefile lib/libmilter/Makefile lib/libpanel/Makefile Replaced all `beforeinstall' targets for installing includes with the INCS stuff. Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS, and for compatibility with NetBSD. Similarly for INCOWN, INCGRP, and INCMODE. Consistently use INCLUDEDIR instead of /usr/include. gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes were only lightly tested due to the missing contrib/libstdc++-v3. I fully tested the pre-WIP_GCC31 version of this patch with the contrib/libstdc++.295 stuff. These changes have been tested on i386 with the -DNO_WERROR "make world" and "make release". Notes: svn path=/head/; revision=96462
* Install headers with -C. Ideally, these Makefiles should not need toDag-Erling Smørgrav2002-03-231-1/+1
| | | | | | | | override the beforeinstall target at all, but this has proven difficult to achieve. Notes: svn path=/head/; revision=93034
* MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6Kris Kennaway2001-03-081-1/+1
| | | | Notes: svn path=/head/; revision=73983
* Update for OpenSSL 0.9.6Kris Kennaway2000-11-131-5/+5
| | | | Notes: svn path=/head/; revision=68655
* Overhaul of the build-time include file generation. Don't break in evp.hKris Kennaway2000-09-171-15/+4
| | | | | | | | if bootstrapping from a system on which the openssl headers are not already present. Notes: svn path=/head/; revision=65971
* Update for OpenSSL 0.9.5a and clean up a bit.Kris Kennaway2000-04-131-27/+11
| | | | Notes: svn path=/head/; revision=59196
* * Fix dependancies so that ``make depend'' is not required.David E. O'Brien2000-04-111-24/+26
| | | | | | | | | * Some style fixes Approved by: kris Notes: svn path=/head/; revision=59146
* Merge from internat.freebsd.org; cleanup stray rsaref glue code referencePeter Wemm2000-03-051-4/+0
| | | | Notes: svn path=/head/; revision=57766
* Freefall/Internat diff reducer.Mark Murray2000-02-241-2/+2
| | | | Notes: svn path=/head/; revision=57414
generated by cgit v1.3 (git 2.53.0) at 2026-03-11 05:05:31 +0000