OpenSSL itself keeps only a single copy of this header. Do the same in
sys/crypto/openssl to avoid the extra maintenance burden. This requires
adjusting the include paths for generated asm files.
No functional change intended.
Reported by: jrtc27
Reviewed by: jhb
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D42866
(cherry picked from commit e655cc70dfcda5cfedb5a1d9bef1e87d55519f64)
It may be needed when it's updated so is best to keep in sync with the
assembly files.
Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D41938
(cherry picked from commit c97a82d4a4a0288ed2a456f4ce41d57483724f17)
Currently Makefile.asm relies on the current buildenv to set CFLAGS
for i386. The current approach also leaves various temporary *.s
files around in the current directory. To make this a bit better:
- Instead of using CFLAGS from buildenv for i386, define the actual
flags the perl scripts need: -DOPENSSL_IA32_SSE2 to enable SSE2.
- Change i386 to have the perl scripts write to /dev/stdout to avoid
creating temporaries. Previously i386 was generating the temporary
files in the OpenSSL contrib src.
- Cleanup temporary *.s files in the all target after generating the
real *.S files for architectures which need them.
- Remove a duplicate rule for aes-armv4.S.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41589
(cherry picked from commit c0fe6b9d7506d6ce6f9ec3688ee0cc5656a8707e)
The :R:S expressions removed the .pl extension only to add it back
again, so just trim them to using :T alone.
Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org>, markj, emaste
Differential Revision: https://reviews.freebsd.org/D41588
(cherry picked from commit 7406b6f9761c35eb53f91f54d1a687d96d638907)
This only affects amd64 and i386, but in particular includes wrappers
for AES encryption/decryption that gate all of the accelerated AES.
Reviewed by: gallatin, ngie, emaste
Differential Revision: https://reviews.freebsd.org/D41537
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.
Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0. For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0. Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1. The process of updating to contemporary APIs can continue after
this merge.
Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit. Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.
There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy).
Investigation will continue for these.
Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.
Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.
PR: 271615
PR: 271656 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
depending on perl at build time. Makefile.asm is a helper for after the
next import.
With my cvs@ hat on, the relatively small repo cost of this is acceptable,
especially given that we have other (much bigger) things like
lib*.so.gz.uu checked in under src/lib/compat/*.
Reviewed by: kris (maintainer)
