History log of /freebsd/secure/lib/libcrypto/modules/legacy/Makefile (Results 1 – 11 of 11)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# e9ac4169 15-Jul-2024 Warner Losh <imp@FreeBSD.org>

Remove residual blank line at start of Makefile

This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix


Revision tags: release/14.1.0
# 572948d0 21-Apr-2024 Enji Cooper <ngie@FreeBSD.org>

Revert "OpenSSL: use the upstream provided version.map files for the fips/legacy providers"

This change is still under review and should not have been merged
directly to main (yet).

This is a case

Revert "OpenSSL: use the upstream provided version.map files for the fips/legacy providers"

This change is still under review and should not have been merged
directly to main (yet).

This is a case and point for using `push.default` to nothing instead of
matching or simple.

This reverts commit 42ce242e353065dfbaa248955f6657005a395a95.

show more ...


# 42ce242e 20-Apr-2024 Enji Cooper <ngie@FreeBSD.org>

OpenSSL: use the upstream provided version.map files for the fips/legacy providers

This change introduces a static copy of the fips and legacy linker version maps
generated by the OpenSSL 3.0.13 bui

OpenSSL: use the upstream provided version.map files for the fips/legacy providers

This change introduces a static copy of the fips and legacy linker version maps
generated by the OpenSSL 3.0.13 build process.

This unbreaks the fips and legacy providers by not exposing unnecessary
symbols from the fips/legacy provider shared objects shared with other
providers (base, default) and libcrypto.

More discussion:

Prior to this change, loading the fips provider indirectly from a
FreeBSD 14.0-CURRENT and 15.0-CURRENT host would result in a
process-wide deadlock when invoking select OpenSSL APIs
(CONF_modules_load* in this particular example).

Speaking with the upstream maintainers [1], it became obvious that
the FreeBSD base system was incorrectly building/linking the fips
provider, resulting in a symbol collision at runtime, and thus a
process-wide deadlock in specific circumstances. The fips provider
would deadlock when trying to acquire a write lock on internal
structures which should have only been available to the base and
default providers, as certain preprocessor ifdefs only allow specific
internal calls to be made with the base and default providers.

1. https://github.com/openssl/openssl/issues/24202

Differential Revision: https://reviews.freebsd.org/D44892

show more ...


Revision tags: release/13.3.0, release/14.0.0
# 1a18383a 15-Sep-2023 Pierre Pronchery <pierre@freebsdfoundation.org>

libcrypto: link engines and the legacy provider to libcrypto

OpenSSL's legacy provider module and engines need to link to
libcrypto.so, as it provides some of the actual implementations of
legacy ro

libcrypto: link engines and the legacy provider to libcrypto

OpenSSL's legacy provider module and engines need to link to
libcrypto.so, as it provides some of the actual implementations of
legacy routines.

This is a little tricky due to build order issues. Introduce a small
hack (LIBCRYPTO_WITHOUT_SUBDIRS) that builds libcrypto.so in its usual
early phase without any OpenSSL provider modules or engines. This is
intended to restore the test suite; a future change should remove the
hack and replace it with a better approach.

PR: 254853, 273528
Discussed with: Folks at EuroBSDCon in Coimbra
Sponsored by: The FreeBSD Foundation

show more ...


# d0b2dbfa 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/


# 4a3cc17e 30-Jun-2023 Pierre Pronchery <pierre@freebsdfoundation.org>

libcrypto: expand the common Makefile for providers

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
chan

libcrypto: expand the common Makefile for providers

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change adds mandatory source files to every provider.

Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787

show more ...


# 87e08018 29-Jun-2023 Pierre Pronchery <pierre@freebsdfoundation.org>

libcrypto: add missing symbols to the legacy provider

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
suc

libcrypto: add missing symbols to the legacy provider

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "legacy", ships with OpenSSL 3 directly, and groups
obsoleted algorithms that can still optionally be used anyway.

The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.

Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787

show more ...


# 8e7046ff 04-Jul-2023 Mark Johnston <markj@FreeBSD.org>

libcrypto: Revert recent changes to fix legacy and fips providers

They break the !amd64 builds due to an underspecified include path and
will be re-applied once that's fixed.

Reported by: Ronald Kl

libcrypto: Revert recent changes to fix legacy and fips providers

They break the !amd64 builds due to an underspecified include path and
will be re-applied once that's fixed.

Reported by: Ronald Klop <ronald-lists@klop.ws>

show more ...


# 0b27be50 30-Jun-2023 Pierre Pronchery <pierre@freebsdfoundation.org>

libcrypto: expand the common Makefile for providers

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
chan

libcrypto: expand the common Makefile for providers

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change adds mandatory source files to every provider.

Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787

show more ...


# 0457eebb 29-Jun-2023 Pierre Pronchery <pierre@freebsdfoundation.org>

libcrypto: add missing symbols to the legacy provider

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
suc

libcrypto: add missing symbols to the legacy provider

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "legacy", ships with OpenSSL 3 directly, and groups
obsoleted algorithms that can still optionally be used anyway.

The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.

Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787

show more ...


# b077aed3 24-Jun-2023 Pierre Pronchery <pierre@freebsdfoundation.org>

Merge OpenSSL 3.0.9

Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been u

Merge OpenSSL 3.0.9

Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0. For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0. Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1. The process of updating to contemporary APIs can continue after
this merge.

Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit. Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.

There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy).
Investigation will continue for these.

Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.

Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.

PR: 271615
PR: 271656 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...