mirror of
https://github.com/opnsense/src.git
synced 2026-06-08 08:12:27 -04:00
e4520c8bd1
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.8.tar.gz Differential Revision: https://reviews.freebsd.org/D38835 Test Plan: ``` $ git status On branch vendor/openssl-3.0 nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.8.tar.gz 14 MB 4507 kBps 04s openssl-3.0.8.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.8 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/ngie/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2014-10-04 [SC] 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C uid [ unknown] Richard Levitte <richard@levitte.org> uid [ unknown] Richard Levitte <levitte@lp.se> uid [ unknown] Richard Levitte <levitte@openssl.org> sub rsa4096 2014-10-04 [E] $ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Feb 7 05:43:55 2023 PST gpg: using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown] gpg: aka "Richard Levitte <levitte@lp.se>" [unknown] gpg: aka "Richard Levitte <levitte@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C $ (cd vendor.checkout/; git status; find . -type f -or -type l | cut -c 3- | sort > ../old) On branch vendor/openssl-3.0 nothing to commit, working tree clean $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . $ cat .git gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout $ diff -arq ../openssl-3.0.8 . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 nothing to commit, working tree clean $ ``` Reviewers: emaste, jkim Subscribers: imp, andrew, dab Differential Revision: https://reviews.freebsd.org/D38835
220 lines
7.5 KiB
Perl
220 lines
7.5 KiB
Perl
#! /usr/bin/env perl
|
|
# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
# Generate progs.h file by looking for command mains in list of C files
|
|
# passed on the command line.
|
|
|
|
use strict;
|
|
use warnings;
|
|
use lib '.';
|
|
use configdata qw/@disablables %unified_info/;
|
|
|
|
my $opt = shift @ARGV;
|
|
die "Unrecognised option, must be -C or -H\n"
|
|
unless ($opt eq '-H' || $opt eq '-C');
|
|
|
|
my %commands = ();
|
|
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
|
|
my $apps_openssl = shift @ARGV;
|
|
my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900;
|
|
|
|
# because the program apps/openssl has object files as sources, and
|
|
# they then have the corresponding C files as source, we need to chain
|
|
# the lookups in %unified_info
|
|
my @openssl_source =
|
|
map { @{$unified_info{sources}->{$_}} }
|
|
grep { /\.o$/
|
|
&& !$unified_info{attributes}->{sources}->{$apps_openssl}->{$_}->{nocheck} }
|
|
@{$unified_info{sources}->{$apps_openssl}};
|
|
|
|
foreach my $filename (@openssl_source) {
|
|
open F, $filename or die "Couldn't open $filename: $!\n";
|
|
foreach ( grep /$cmdre/, <F> ) {
|
|
my @foo = /$cmdre/;
|
|
$commands{$1} = 1;
|
|
}
|
|
close F;
|
|
}
|
|
|
|
@ARGV = sort keys %commands;
|
|
|
|
if ($opt eq '-H') {
|
|
print <<"EOF";
|
|
/*
|
|
* WARNING: do not edit!
|
|
* Generated by apps/progs.pl
|
|
*
|
|
* Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "function.h"
|
|
|
|
EOF
|
|
|
|
foreach (@ARGV) {
|
|
printf "extern int %s_main(int argc, char *argv[]);\n", $_;
|
|
}
|
|
print "\n";
|
|
|
|
foreach (@ARGV) {
|
|
printf "extern const OPTIONS %s_options[];\n", $_;
|
|
}
|
|
print "\n";
|
|
print "extern FUNCTION functions[];\n";
|
|
}
|
|
|
|
if ($opt eq '-C') {
|
|
print <<"EOF";
|
|
/*
|
|
* WARNING: do not edit!
|
|
* Generated by apps/progs.pl
|
|
*
|
|
* Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include "progs.h"
|
|
|
|
EOF
|
|
|
|
my %cmd_disabler = (
|
|
ciphers => "sock",
|
|
genrsa => "rsa",
|
|
gendsa => "dsa",
|
|
dsaparam => "dsa",
|
|
gendh => "dh",
|
|
dhparam => "dh",
|
|
ecparam => "ec",
|
|
);
|
|
my %cmd_deprecated = (
|
|
# The format of this table is:
|
|
# [0] = alternative command to use instead
|
|
# [1] = deprecented in this version
|
|
# [2] = preprocessor conditional for exclusing irrespective of deprecation
|
|
# rsa => [ "pkey", "3_0", "rsa" ],
|
|
# genrsa => [ "genpkey", "3_0", "rsa" ],
|
|
rsautl => [ "pkeyutl", "3_0", "rsa" ],
|
|
# dhparam => [ "pkeyparam", "3_0", "dh" ],
|
|
# dsaparam => [ "pkeyparam", "3_0", "dsa" ],
|
|
# dsa => [ "pkey", "3_0", "dsa" ],
|
|
# gendsa => [ "genpkey", "3_0", "dsa" ],
|
|
# ec => [ "pkey", "3_0", "ec" ],
|
|
# ecparam => [ "pkeyparam", "3_0", "ec" ],
|
|
);
|
|
|
|
print "FUNCTION functions[] = {\n";
|
|
foreach my $cmd ( @ARGV ) {
|
|
my $str =
|
|
" {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options, NULL, NULL},\n";
|
|
if ($cmd =~ /^s_/) {
|
|
print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
|
|
} elsif (my $deprecated = $cmd_deprecated{$cmd}) {
|
|
my @dep = @{$deprecated};
|
|
my $daltprg = $dep[0];
|
|
my $dver = $dep[1];
|
|
my $dsys = $dep[2];
|
|
print "#if !defined(OPENSSL_NO_DEPRECATED_" . $dver . ")";
|
|
if ($dsys) {
|
|
print " && !defined(OPENSSL_NO_" . uc($dsys) . ")";
|
|
}
|
|
$dver =~ s/_/./g;
|
|
my $dalt = "\"" . $daltprg . "\", \"" . $dver . "\"";
|
|
$str =~ s/NULL, NULL/$dalt/;
|
|
print "\n${str}#endif\n";
|
|
} elsif (grep { $cmd eq $_ } @disablables) {
|
|
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
|
|
} elsif (my $disabler = $cmd_disabler{$cmd}) {
|
|
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
|
|
} else {
|
|
print $str;
|
|
}
|
|
}
|
|
|
|
my %md_disabler = (
|
|
blake2b512 => "blake2",
|
|
blake2s256 => "blake2",
|
|
);
|
|
foreach my $cmd (
|
|
"md2", "md4", "md5",
|
|
"sha1", "sha224", "sha256", "sha384",
|
|
"sha512", "sha512-224", "sha512-256",
|
|
"sha3-224", "sha3-256", "sha3-384", "sha3-512",
|
|
"shake128", "shake256",
|
|
"mdc2", "rmd160", "blake2b512", "blake2s256",
|
|
"sm3"
|
|
) {
|
|
my $str = " {FT_md, \"$cmd\", dgst_main, NULL, NULL},\n";
|
|
if (grep { $cmd eq $_ } @disablables) {
|
|
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
|
|
} elsif (my $disabler = $md_disabler{$cmd}) {
|
|
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
|
|
} else {
|
|
print $str;
|
|
}
|
|
}
|
|
|
|
my %cipher_disabler = (
|
|
des3 => "des",
|
|
desx => "des",
|
|
cast5 => "cast",
|
|
);
|
|
foreach my $cmd (
|
|
"aes-128-cbc", "aes-128-ecb",
|
|
"aes-192-cbc", "aes-192-ecb",
|
|
"aes-256-cbc", "aes-256-ecb",
|
|
"aria-128-cbc", "aria-128-cfb",
|
|
"aria-128-ctr", "aria-128-ecb", "aria-128-ofb",
|
|
"aria-128-cfb1", "aria-128-cfb8",
|
|
"aria-192-cbc", "aria-192-cfb",
|
|
"aria-192-ctr", "aria-192-ecb", "aria-192-ofb",
|
|
"aria-192-cfb1", "aria-192-cfb8",
|
|
"aria-256-cbc", "aria-256-cfb",
|
|
"aria-256-ctr", "aria-256-ecb", "aria-256-ofb",
|
|
"aria-256-cfb1", "aria-256-cfb8",
|
|
"camellia-128-cbc", "camellia-128-ecb",
|
|
"camellia-192-cbc", "camellia-192-ecb",
|
|
"camellia-256-cbc", "camellia-256-ecb",
|
|
"base64", "zlib",
|
|
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
|
|
"rc2", "bf", "cast", "rc5",
|
|
"des-ecb", "des-ede", "des-ede3",
|
|
"des-cbc", "des-ede-cbc","des-ede3-cbc",
|
|
"des-cfb", "des-ede-cfb","des-ede3-cfb",
|
|
"des-ofb", "des-ede-ofb","des-ede3-ofb",
|
|
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
|
|
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
|
|
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
|
|
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
|
|
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
|
|
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
|
|
"sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr"
|
|
) {
|
|
my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options, NULL},\n";
|
|
(my $algo = $cmd) =~ s/-.*//g;
|
|
if ($cmd eq "zlib") {
|
|
print "#ifdef ZLIB\n${str}#endif\n";
|
|
} elsif (grep { $algo eq $_ } @disablables) {
|
|
print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n";
|
|
} elsif (my $disabler = $cipher_disabler{$algo}) {
|
|
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
|
|
} else {
|
|
print $str;
|
|
}
|
|
}
|
|
|
|
print " {0, NULL, NULL, NULL, NULL}\n};\n";
|
|
}
|