| #
0244e0a1 |
| 29-Jul-2024 |
John Baldwin <jhb@FreeBSD.org> |
openssl: Add <sys/random.h> include for getrandom()
GCC 14 (but not earlier versions) warns about a missing prototype
for getrandom(). Include <sys/random.h> explicitly to bring in the
prototype ra
openssl: Add <sys/random.h> include for getrandom()
GCC 14 (but not earlier versions) warns about a missing prototype
for getrandom(). Include <sys/random.h> explicitly to bring in the
prototype rather than depending on a nested include. While here,
stop defining sysctl_random() since it is no longer used.
Reviewed by: brooks
Fixes: 838b6caababb openssl: use getrandom(2) instead of probing for getentropy(2)
Differential Revision: https://reviews.freebsd.org/D45995
show more ...
|
| #
838b6caa |
| 16-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
openssl: use getrandom(2) instead of probing for getentropy(2)
The probing for getentropy(2) relies on re-declaring getentropy(2)
as weak and checking the address, but this is incompatible with
the
openssl: use getrandom(2) instead of probing for getentropy(2)
The probing for getentropy(2) relies on re-declaring getentropy(2)
as weak and checking the address, but this is incompatible with
the _FORTIFY_SOURCE symbol renaming scheme. It's always present on
all supported FreeBSD versions now so we could cut it down to
unconditional use, but there's another segment for getrandom(2)
already that's cleaner to just add us to.
We should upstream this.
Reviewed by: kib (earlier version), markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D45976
show more ...
|
| #
b077aed3 |
| 23-Jun-2023 |
Pierre Pronchery <pierre@freebsdfoundation.org> |
Merge OpenSSL 3.0.9
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.
Most of the base system has already been u
Merge OpenSSL 3.0.9
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.
Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0. For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0. Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1. The process of updating to contemporary APIs can continue after
this merge.
Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit. Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.
There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy).
Investigation will continue for these.
Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.
Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.
PR: 271615
PR: 271656 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
show more ...
|