Update LibreSSL makefiles.
authorzrj <rimvydas.jasinskas@gmail.com>
Fri, 12 Apr 2019 17:36:59 +0000 (20:36 +0300)
committerzrj <zrj@dragonflybsd.org>
Wed, 24 Apr 2019 17:11:09 +0000 (20:11 +0300)
Version 2.9.1, add local CRYPTO_free.c CRYPTO_malloc.c to avoid extra deps.

Makefile_upgrade.inc
lib/librecrypto/CRYPTO_free.c [new file with mode: 0644]
lib/librecrypto/CRYPTO_malloc.c [new file with mode: 0644]
lib/librecrypto/Makefile
lib/librecrypto/Makefile.inc
lib/librecrypto/dfly_config.h [new file with mode: 0644]
lib/libressl/Makefile
usr.bin/nc/Makefile
usr.bin/openssl/Makefile

index 03e25b5..2af937f 100644 (file)
@@ -3629,6 +3629,11 @@ TO_REMOVE+=/usr/lib/gcc47/libobjc.so.4
 TO_REMOVE+=/usr/lib/gcc47/profile/libobjc.a
 TO_REMOVE+=/usr/libdata/gcc47/objc
 TO_REMOVE+=/usr/libexec/gcc47/cc1obj
+TO_REMOVE+=/usr/include/priv/openssl/asn1_mac.h
+TO_REMOVE+=/usr/include/priv/openssl/cms.h
+TO_REMOVE+=/usr/include/priv/openssl/engine.h
+TO_REMOVE+=/usr/include/priv/openssl/krb5_asn.h
+TO_REMOVE+=/usr/include/priv/openssl/ui_compat.h
 
 .if !defined(WANT_INSTALLER)
 TO_REMOVE+=/usr/sbin/dfuibe_installer
@@ -3660,6 +3665,8 @@ TO_REMOVE_LATE+=/usr/include/openssl
 TO_REMOVE_LATE+=/usr/share/openssl
 TO_REMOVE_LATE+=/usr/lib/gcc50/libstdc++.so.9
 TO_REMOVE_LATE+=/usr/lib/gcc50
+TO_REMOVE_LATE+=/lib/priv/libprivate_crypto.so.38
+TO_REMOVE_LATE+=/lib/priv/libprivate_ssl.so.39
 
 # XXX Remove when pfsync(4) has been fixed
 TO_REMOVE+=/usr/share/man/man4/pfsync.4.gz
diff --git a/lib/librecrypto/CRYPTO_free.c b/lib/librecrypto/CRYPTO_free.c
new file mode 100644 (file)
index 0000000..2c7abaf
--- /dev/null
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2019 The DragonFly Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+void CRYPTO_free(void *ptr);
+
+void
+CRYPTO_free(void *ptr)
+{
+       free(ptr);
+}
diff --git a/lib/librecrypto/CRYPTO_malloc.c b/lib/librecrypto/CRYPTO_malloc.c
new file mode 100644 (file)
index 0000000..1bd1959
--- /dev/null
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2019 The DragonFly Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+void * CRYPTO_malloc(int size, const char *file __unused, int loc __unused);
+
+void *
+CRYPTO_malloc(int size, const char *file, int loc)
+{
+       if (size <= 0)
+               return NULL;
+       return malloc(size);
+}
index ecf8492..53ccab2 100644 (file)
-# This version of libcrypto is from LibreSSL
+# This version of librecrypto is from LibreSSL
 .include "Makefile.inc"
 
-LIB=            private_crypto
-SHLIB_MAJOR=    38
-PRIVATELIB=
+LIB=           private_crypto
+SHLIB_MAJOR=   45
+PRIVATELIB=    shpub
 
 SHLIBDIR?=     /lib
 WARNS?=                2
 NO_STRICT_ALIASING=
 
-INCS+=         aes.h asn1.h asn1_mac.h asn1t.h
-INCS+=         bio.h blowfish.h bn.h buffer.h
-INCS+=         camellia.h cast.h chacha.h cmac.h cms.h comp.h conf.h conf_api.h crypto.h
-INCS+=         des.h dh.h dsa.h dso.h
-INCS+=         ec.h ecdh.h ecdsa.h engine.h err.h evp.h
-INCS+=         gost.h hmac.h idea.h krb5_asn.h lhash.h
-INCS+=         md4.h md5.h modes.h
-INCS+=         obj_mac.h objects.h ocsp.h opensslconf.h opensslfeatures.h opensslv.h ossl_typ.h
-INCS+=         pem.h pem2.h pkcs12.h pkcs7.h poly1305.h
-INCS+=         rand.h rc2.h rc4.h ripemd.h rsa.h
-INCS+=         safestack.h sha.h stack.h
-INCS+=         ts.h txt_db.h ui.h ui_compat.h
-INCS+=         whrlpool.h x509.h x509_vfy.h x509v3.h
+INCS+=         aes.h asn1.h asn1t.h bio.h blowfish.h bn.h
+INCS+=         buffer.h camellia.h cast.h chacha.h cmac.h comp.h conf.h
+INCS+=         conf_api.h crypto.h curve25519.h des.h dh.h dsa.h dso.h
+INCS+=         ec.h ecdh.h ecdsa.h err.h evp.h gost.h
+INCS+=         hkdf.h hmac.h idea.h lhash.h md4.h md5.h modes.h
+INCS+=         obj_mac.h objects.h ocsp.h
+INCS+=         opensslconf.h opensslfeatures.h opensslv.h ossl_typ.h
+INCS+=         pem.h pem2.h pkcs12.h pkcs7.h poly1305.h rand.h rc2.h rc4.h
+INCS+=         ripemd.h rsa.h safestack.h sha.h sm3.h sm4.h stack.h
+INCS+=         ts.h txt_db.h ui.h whrlpool.h x509.h x509_vfy.h x509v3.h
 INCSDIR=       ${INCLUDEDIR}/priv/openssl
+# explicitly disabled: engine.h
+# not needed: ui_compat.h
 
-CFLAGS+=       -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp -I${.OBJDIR}
+CFLAGS+=       -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1
+CFLAGS+=       -I${LCRYPTO_SRC}/bn -I${LCRYPTO_SRC}/ec -I${LCRYPTO_SRC}/ecdsa
+CFLAGS+=       -I${LCRYPTO_SRC}/evp -I${.OBJDIR}
 
-CFLAGS+=       -DAES_ASM \
-               -DBSAES_ASM \
-               -DVPAES_ASM \
-               -DOPENSSL_IA32_SSE2 \
-               -DOPENSSL_BN_ASM_MONT \
-               -DOPENSSL_BN_ASM_MONT5 \
-               -DOPENSSL_BN_ASM_GF2m \
-               -DMD5_ASM \
-               -DGHASH_ASM \
-               -DRSA_ASM \
-               -DSHA1_ASM \
-               -DSHA256_ASM \
-               -DSHA512_ASM \
-               -DWHIRLPOOL_ASM \
-               -DOPENSSL_CPUID_OBJ
+CFLAGS+=       -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
+CFLAGS+=       -D__STRICT_ALIGNMENT
 
-FLAGS_GROUPS=          bzero
-bzero_FLAGS=           -O0
-bzero_FLAGS_FILES=     explicit_bzero.c
+# Local sources:
+# Replacement for malloc-wrapper.c, base tools depend on CRYPTO_free() here:
+#  contrib/ldns/keys.c         CRYPTO_free(),  unused (only if USE_GOST)
+#  contrib/ldns/host2str.c     OPENSSL_free(), unused (only if USE_GOST)
+#  lib/libfetch/common.c       OPENSSL_free()
+#  lib/libtelnet/pk.c          OPENSSL_free()
+#  usr.bin/dc/bcode.c          OPENSSL_free(), unused (only if DEBUGGING)
+#  usr.bin/newkey/generic.c    OPENSSL_free()
+#  contrib/wpa_supplicant/src/crypto/tls_openssl.c OPENSSL_malloc() XXX
+SRCS_LOCAL=    CRYPTO_free.c CRYPTO_malloc.c
 
-# Vendor ASM_X86_64_ELF definition with directories stripped off and
-# rearranged one per row
-ASM_X86_64_ELF=        aes-elf-x86_64.s \
-               bsaes-elf-x86_64.s \
-               vpaes-elf-x86_64.s \
-               aesni-elf-x86_64.s \
-               aesni-sha1-elf-x86_64.s \
-               modexp512-elf-x86_64.s \
-               mont-elf-x86_64.s \
-               mont5-elf-x86_64.s \
-               gf2m-elf-x86_64.s \
-               cmll-elf-x86_64.s \
-               md5-elf-x86_64.s \
-               ghash-elf-x86_64.s \
-               rc4-elf-x86_64.s \
-               rc4-md5-elf-x86_64.s \
-               sha1-elf-x86_64.s \
-               sha256-elf-x86_64.S \
-               sha512-elf-x86_64.S \
-               wp-elf-x86_64.s \
-               cpuid-elf-x86_64.S
+# Do not use ASM if -flto for now
+.if ${CFLAGS:M-flto}
+CFLAGS+=       -DOPENSSL_NO_ASM
+NOASM_AES=     aes_cbc.c aes_core.c
+NOASM_CAMELLIA=        camellia.c cmll_cbc.c
+NOASM_RC4=     rc4_enc.c rc4_skey.c
+NOASM_WHRLPOOL=        wp_block.c
+.else
+FLAGS_GROUPS=  asms asm
+
+asms_FLAGS=    -DHAVE_GNU_STACK
+asms_FLAGS_FILES=${ASM_X86_64_ELF}
+
+asm_FLAGS=     -DOPENSSL_CPUID_OBJ
+asm_FLAGS+=    -DAES_ASM -DBSAES_ASM -DVPAES_ASM
+asm_FLAGS+=    -DOPENSSL_IA32_SSE2
+asm_FLAGS+=    -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
+asm_FLAGS+=    -DGHASH_ASM
+asm_FLAGS+=    -DMD5_ASM
+asm_FLAGS+=    -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+asm_FLAGS+=    -DWHIRLPOOL_ASM
+# unavailable: -DRSA_ASM
+asm_FLAGS_FILES=       cryptlib.c
+asm_FLAGS_FILES+=      aes_core.c e_aes.c e_aes_cbc_hmac_sha1.c
+asm_FLAGS_FILES+=      e_aes.c gcm128.c
+asm_FLAGS_FILES+=      bn_asm.c bn_exp.c bn_mont.c ec_cvt.c bn_gf2m.c
+asm_FLAGS_FILES+=      gcm128.c
+asm_FLAGS_FILES+=      md5_dgst.c
+asm_FLAGS_FILES+=      sha1dgst.c sha256.c sha512.c
+asm_FLAGS_FILES+=      wp_block.c
+
+ASM_X86_64_AES=                aes-elf-x86_64.S bsaes-elf-x86_64.S vpaes-elf-x86_64.S \
+                       aesni-elf-x86_64.S aesni-sha1-elf-x86_64.S
+ASM_X86_64_BN=         modexp512-elf-x86_64.S mont-elf-x86_64.S \
+                       mont5-elf-x86_64.S gf2m-elf-x86_64.S
+ASM_X86_64_CAMELLIA=   cmll-elf-x86_64.S
+ASM_X86_64_MD5=                md5-elf-x86_64.S
+ASM_X86_64_MODES=      ghash-elf-x86_64.S
+ASM_X86_64_RC4=                rc4-elf-x86_64.S rc4-md5-elf-x86_64.S
+ASM_X86_64_SHA=                sha1-elf-x86_64.S sha256-elf-x86_64.S sha512-elf-x86_64.S
+ASM_X86_64_WHRLPOOL=   wp-elf-x86_64.S
+ASM_X86_64_ELF=        ${ASM_X86_64_AES} ${ASM_X86_64_BN} ${ASM_X86_64_CAMELLIA} \
+               ${ASM_X86_64_MD5} ${ASM_X86_64_MODES} ${ASM_X86_64_RC4} \
+               ${ASM_X86_64_SHA} ${ASM_X86_64_WHRLPOOL} cpuid-elf-x86_64.S
+NOASM_AES=
+NOASM_CAMELLIA=
+NOASM_RC4=
+NOASM_WHRLPOOL=
+.endif
 
 # Based on vendor libcrypto_la_SOURCES definitions with subdirectories stripped out
 
-SRC_TOP=       cpt_err.c cryptlib.c cversion.c ex_data.c malloc-wrapper.c \
-               mem_clr.c mem_dbg.c o_init.c o_str.c o_time.c
-SRC_AES=       aes_cfb.c aes_ctr.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c \
-               aes_wrap.c
-SRC_ASN1=      a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c a_dup.c \
-               a_enum.c a_i2d_fp.c a_int.c a_mbstr.c a_object.c a_octet.c \
-               a_print.c a_set.c a_sign.c a_strex.c a_strnid.c a_time.c \
+SRC_TOP=       cpt_err.c cryptlib.c crypto_init.c crypto_lock.c cversion.c \
+               ex_data.c mem_dbg.c o_init.c o_time.c
+# not needed: malloc-wrapper.c mem_clr.c o_str.c
+SRC_AES=       aes_ige.c aes_misc.c aes_wrap.c ${NOASM_AES}
+# not needed: aes_cfb.c aes_ctr.c aes_ecb.c aes_ofb.c
+SRC_ASN1=      a_bitstr.c a_bool.c a_d2i_fp.c a_digest.c a_dup.c a_enum.c \
+               a_i2d_fp.c a_int.c a_mbstr.c a_object.c a_octet.c a_print.c \
+               a_sign.c a_strex.c a_strnid.c a_time.c \
                a_time_tm.c a_type.c a_utf8.c a_verify.c ameth_lib.c \
                asn1_err.c asn1_gen.c asn1_lib.c asn1_par.c asn_mime.c \
-               asn_moid.c asn_pack.c bio_asn1.c bio_ndef.c d2i_pr.c d2i_pu.c \
-               evp_asn1.c f_enum.c f_int.c f_string.c i2d_pr.c i2d_pu.c \
-               n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c t_bitst.c \
+               asn_moid.c asn_pack.c bio_asn1.c bio_ndef.c d2i_pr.c \
+               evp_asn1.c f_int.c f_string.c i2d_pr.c \
+               n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c \
                t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \
                tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_prn.c \
                tasn_typ.c tasn_utl.c x_algor.c x_attrib.c x_bignum.c \
                x_crl.c x_exten.c x_info.c x_long.c x_name.c x_nx509.c \
-               x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c \
-               x_x509a.c
+               x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c \
+               x_val.c x_x509.c x_x509a.c
+# not needed: d2i_pu.c f_enum.c i2d_pu.c t_bitst.c
 SRC_BF=                bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c
 SRC_BIO=       b_dump.c b_posix.c b_print.c b_sock.c bf_buff.c bf_nbio.c \
-               bf_null.c bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c \
-               bss_conn.c bss_dgram.c bss_fd.c bss_file.c bss_log.c \
+               bio_cb.c bio_err.c bio_lib.c bss_acpt.c \
+               bss_conn.c bss_dgram.c bss_fd.c bss_file.c \
                bss_mem.c bss_null.c bss_sock.c
-SRC_BN=                bn_add.c bn_asm.c bn_blind.c bn_const.c bn_ctx.c bn_depr.c \
+# not needed: bf_null.c bio_meth.c bss_bio.c bss_log.c
+SRC_BN=                bn_add.c bn_asm.c bn_blind.c bn_const.c bn_ctx.c \
                bn_div.c bn_err.c bn_exp.c bn_exp2.c bn_gcd.c bn_gf2m.c \
-               bn_kron.c bn_lib.c bn_mod.c bn_mont.c bn_mpi.c bn_mul.c \
+               bn_kron.c bn_lib.c bn_mod.c bn_mont.c bn_mul.c \
                bn_nist.c bn_prime.c bn_print.c bn_rand.c bn_recp.c \
-               bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c bn_x931p.c
-SRC_BUFFER=    buf_err.c buf_str.c buffer.c
-SRC_CAMELLIA=  cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_misc.c cmll_ofb.c
+               bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c
+# not needed: bn_depr.c bn_mpi.c bn_x931p.c
+SRC_BUFFER=    buf_err.c buffer.c
+# not needed: buf_str.c
+SRC_CAMELLIA=  cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_misc.c \
+               cmll_ofb.c ${NOASM_CAMELLIA}
+# not needed but included: cmll_ctr.c
 SRC_CAST=      c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c
 SRC_CHACHA=    chacha.c
 SRC_CMAC=      cm_ameth.c cm_pmeth.c cmac.c
-SRC_COMP=      c_rle.c c_zlib.c
-SRC_CONF=      comp_err.c comp_lib.c conf_api.c conf_def.c \
-               conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_sap.c
-SRC_DES=       cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \
-               des_enc.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c \
-               enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \
-               ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c set_key.c \
-               str2key.c xcbc_enc.c
-SRC_DH=                dh_ameth.c dh_asn1.c dh_check.c dh_depr.c dh_err.c dh_gen.c \
+SRC_COMP=
+# not needed: c_rle.c c_zlib.c comp_err.c comp_lib.c
+SRC_CONF=      conf_api.c conf_def.c conf_err.c conf_lib.c \
+               conf_mall.c conf_mod.c conf_sap.c
+SRC_CURVE25519= curve25519-generic.c curve25519.c
+SRC_DES=       cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \
+               des_enc.c ecb3_enc.c ecb_enc.c \
+               fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \
+               rand_key.c set_key.c xcbc_enc.c
+# not needed: cbc_cksm.c ede_cbcm_enc.c enc_read.c enc_writ.c
+# not needed: ofb_enc.c pcbc_enc.c qud_cksm.c str2key.c
+SRC_DH=                dh_ameth.c dh_asn1.c dh_check.c dh_err.c dh_gen.c \
                dh_key.c dh_lib.c dh_pmeth.c dh_prn.c
-SRC_DSA=       dsa_ameth.c dsa_asn1.c dsa_depr.c dsa_err.c dsa_gen.c \
+# deprecated: dh_depr.c
+# needed: dh_prn.c (for openssh/kexdhc.c)
+SRC_DSA=       dsa_ameth.c dsa_asn1.c dsa_err.c dsa_gen.c \
                dsa_key.c dsa_lib.c dsa_ossl.c dsa_pmeth.c dsa_prn.c \
-               dsa_sign.c dsa_vrf.c
-SRC_DSO=       dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c
+               dsa_sign.c dsa_vrf.c dsa_depr.c dsa_meth.c
+# deprecated: dsa_depr.c (needed for contrib/ldns/keys.c)
+# not needed but included: dsa_meth.c
+SRC_DSO=       dso_err.c dso_lib.c dso_null.c dso_openssl.c
+# explictly disabled: dso_dlfcn.c
 SRC_EC=                ec2_mult.c ec2_oct.c ec2_smpl.c ec_ameth.c ec_asn1.c \
-               ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_lib.c \
-               ec_mult.c ec_oct.c ec_pmeth.c ec_print.c eck_prn.c ecp_mont.c \
-               ecp_nist.c ecp_oct.c ecp_smpl.c
+               ec_check.c ec_curve.c ec_cvt.c ec_err.c ec_key.c ec_kmeth.c \
+               ec_lib.c ec_mult.c ec_oct.c ec_pmeth.c ec_print.c \
+               eck_prn.c ecp_mont.c ecp_nist.c ecp_oct.c ecp_smpl.c
 SRC_ECDH=      ech_err.c ech_key.c ech_lib.c
 SRC_ECDSA=     ecs_asn1.c ecs_err.c ecs_lib.c ecs_ossl.c ecs_sign.c ecs_vrf.c
-SRC_ENGINE=    eng_all.c eng_cnf.c eng_ctrl.c eng_dyn.c eng_err.c eng_fat.c \
-               eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c \
-               eng_table.c tb_asnmth.c tb_cipher.c tb_dh.c tb_digest.c \
-               tb_dsa.c tb_ecdh.c tb_ecdsa.c tb_pkmeth.c tb_rand.c \
-               tb_rsa.c tb_store.c
+SRC_ENGINE=    # explicitly disabled
+#SRC_ENGINE=   eng_all.c eng_cnf.c eng_ctrl.c eng_dyn.c eng_err.c eng_fat.c \
+#              eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c \
+#              eng_table.c tb_asnmth.c tb_cipher.c tb_dh.c tb_digest.c \
+#              tb_dsa.c tb_ecdh.c tb_ecdsa.c tb_eckey.c tb_pkmeth.c \
+#              tb_rand.c tb_rsa.c tb_store.c
 SRC_ERR=       err.c err_all.c err_prn.c
 SRC_EVP=       bio_b64.c bio_enc.c bio_md.c c_all.c digest.c e_aes.c \
                e_aes_cbc_hmac_sha1.c e_bf.c e_camellia.c e_cast.c e_chacha.c \
                e_chacha20poly1305.c e_des.c e_des3.c e_gost2814789.c \
-               e_idea.c e_null.c e_old.c e_rc2.c e_rc4.c e_rc4_hmac_md5.c \
+               e_idea.c e_null.c e_rc2.c e_rc4.c e_rc4_hmac_md5.c e_sm4.c \
                e_xcbc_d.c encode.c evp_aead.c evp_enc.c evp_err.c evp_key.c \
                evp_lib.c evp_pbe.c evp_pkey.c m_dss.c m_dss1.c m_ecdsa.c \
-               m_gost2814789.c m_gostr341194.c m_md4.c m_md5.c m_null.c \
-               m_ripemd.c m_sha1.c m_sigver.c m_streebog.c m_wp.c names.c \
-               p5_crpt.c p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c \
-               p_seal.c p_sign.c p_verify.c pmeth_fn.c pmeth_gn.c \
-               pmeth_lib.c
+               m_gost2814789.c m_gostr341194.c m_md4.c m_md5.c m_md5_sha1.c \
+               m_ripemd.c m_sha1.c m_sigver.c m_sm3.c m_streebog.c m_wp.c \
+               names.c p5_crpt.c p5_crpt2.c p_lib.c p_sign.c p_verify.c \
+               pmeth_fn.c pmeth_gn.c pmeth_lib.c
+# not needed: e_old.c m_null.c p_dec.c p_enc.c p_open.c p_seal.c
 SRC_GOST=      gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c \
                gost89imit_pmeth.c gost_asn1.c gost_err.c gostr341001.c \
                gostr341001_ameth.c gostr341001_key.c gostr341001_params.c \
                gostr341001_pmeth.c gostr341194.c streebog.c
+SRC_HKDF=      hkdf.c
 SRC_HMAC=      hm_ameth.c hm_pmeth.c hmac.c
 SRC_IDEA=      i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c
-SRC_KRB5=      krb5_asn.c
 SRC_LHASH=     lh_stats.c lhash.c
 SRC_MD4=       md4_dgst.c md4_one.c
 SRC_MD5=       md5_dgst.c md5_one.c
-SRC_MODES=     cbc128.c ccm128.c cfb128.c ctr128.c cts128.c gcm128.c \
+SRC_MODES=     cbc128.c ccm128.c cfb128.c ctr128.c gcm128.c \
                ofb128.c xts128.c
+# not needed: cts128.c
 SRC_OBJECTS=   o_names.c obj_dat.c obj_err.c obj_lib.c obj_xref.c
 SRC_OCSP=      ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c \
                ocsp_lib.c ocsp_prn.c ocsp_srv.c ocsp_vfy.c
 SRC_PEM=       pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c \
-               pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c \
-               pvkfmt.c
+               pem_pkey.c pem_x509.c pem_xaux.c pvkfmt.c
+# not needed: pem_seal.c pem_sign.c
 SRC_PKCS12=    p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c \
                p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c \
-               p12_npas.c p12_p8d.c p12_p8e.c p12_utl.c pk12err.c
-SRC_PKCS7=     bio_pk7.c pk7_asn1.c pk7_attr.c pk7_doit.c pk7_lib.c \
+               p12_p8d.c p12_p8e.c p12_utl.c pk12err.c
+# not needed: p12_npas.c
+SRC_PKCS7=     pk7_asn1.c pk7_attr.c pk7_doit.c pk7_lib.c \
                pk7_mime.c pk7_smime.c pkcs7err.c
+# not needed: bio_pk7.c
 SRC_POLY1305=  poly1305.c
-SRC_RAND=      rand_err.c rand_lib.c randfile.c
+SRC_RAND=      rand_err.c rand_lib.c
+# not needed: randfile.c
 SRC_RC2=       rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c
+SRC_RC4=       ${NOASM_RC4}
 SRC_RIPEMD=    rmd_dgst.c rmd_one.c
 SRC_RSA=       rsa_ameth.c rsa_asn1.c rsa_chk.c rsa_crpt.c rsa_depr.c \
-               rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_none.c \
+               rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_meth.c rsa_none.c \
                rsa_oaep.c rsa_pk1.c rsa_pmeth.c rsa_prn.c rsa_pss.c \
-               rsa_saos.c rsa_sign.c rsa_ssl.c rsa_x931.c
+               rsa_sign.c rsa_x931.c
+# deprecated but needed: rsa_depr.c (for openssh/sshkey.c)
+# not needed: rsa_saos.c
 SRC_SHA=       sha1_one.c sha1dgst.c sha256.c sha512.c
+SRC_SM3=       sm3.c
+SRC_SM4=       sm4.c
 SRC_STACK=     stack.c
 SRC_TS=                ts_asn1.c ts_conf.c ts_err.c ts_lib.c ts_req_print.c \
                ts_req_utils.c ts_rsp_print.c ts_rsp_sign.c ts_rsp_utils.c \
                ts_rsp_verify.c ts_verify_ctx.c
 SRC_TXT_DB=    txt_db.c
-SRC_UI=                ui_err.c ui_lib.c ui_openssl.c ui_util.c
-SRC_WHRLPOOL=  wp_dgst.c
+SRC_UI=                ui_err.c ui_lib.c ui_openssl.c
+# not needed: ui_util.c
+SRC_WHRLPOOL=  wp_dgst.c ${NOASM_WHRLPOOL}
 SRC_X509=      by_dir.c by_file.c by_mem.c x509_att.c x509_cmp.c x509_d2.c \
                x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \
                x509_r2x.c x509_req.c x509_set.c x509_trs.c x509_txt.c \
                x509_v3.c x509_vfy.c x509_vpm.c x509cset.c x509name.c \
                x509rset.c x509spki.c x509type.c x_all.c
+# not needed but included: x509_r2x.c
 SRC_X509V3=    pcy_cache.c pcy_data.c pcy_lib.c pcy_map.c pcy_node.c \
                pcy_tree.c v3_akey.c v3_akeya.c v3_alt.c v3_bcons.c \
                v3_bitst.c v3_conf.c v3_cpols.c v3_crld.c v3_enum.c \
@@ -197,13 +247,15 @@ SRCS=             ${ASM_X86_64_ELF} ${SRC_TOP} ${SRC_AES} ${SRC_ASN1} \
                ${SRC_CAST} ${SRC_CHACHA} ${SRC_CMAC} ${SRC_COMP} \
                ${SRC_CONF} ${SRC_DES} ${SRC_DH} ${SRC_DSA} ${SRC_DSO} \
                ${SRC_EC} ${SRC_ECDH} ${SRC_ECDSA} ${SRC_ENGINE} ${SRC_ERR} \
-               ${SRC_EVP} ${SRC_GOST} ${SRC_HMAC} ${SRC_IDEA} ${SRC_KRB5} \
+               ${SRC_EVP} ${SRC_GOST} ${SRC_HMAC} ${SRC_HKDF} ${SRC_IDEA} \
                ${SRC_LHASH} ${SRC_MD4} ${SRC_MD5} ${SRC_MODES} \
                ${SRC_OBJECTS} ${SRC_OCSP} ${SRC_PEM} ${SRC_PKCS12} \
                ${SRC_PKCS7} ${SRC_POLY1305} ${SRC_RAND} ${SRC_RC2} \
                ${SRC_RIPEMD} ${SRC_RSA} ${SRC_SHA} ${SRC_STACK} ${SRC_TS} \
                ${SRC_TXT_DB} ${SRC_UI} ${SRC_WHRLPOOL} ${SRC_X509} \
-               ${SRC_X509V3}
+               ${SRC_X509V3} ${SRC_CURVE25519} \
+               ${SRC_RC4} ${SRC_SM3} ${SRC_SM4}
+SRCS+=         ${SRCS_LOCAL}
 
 .PATH: ${LCRYPTO_SRC} \
        ${LCRYPTO_SRC}/aes \
@@ -217,8 +269,8 @@ SRCS=               ${ASM_X86_64_ELF} ${SRC_TOP} ${SRC_AES} ${SRC_ASN1} \
        ${LCRYPTO_SRC}/chacha \
        ${LCRYPTO_SRC}/cmac \
        ${LCRYPTO_SRC}/comp \
-       ${LCRYPTO_SRC}/compat \
        ${LCRYPTO_SRC}/conf \
+       ${LCRYPTO_SRC}/curve25519 \
        ${LCRYPTO_SRC}/des \
        ${LCRYPTO_SRC}/dh \
        ${LCRYPTO_SRC}/dsa \
@@ -231,8 +283,8 @@ SRCS=               ${ASM_X86_64_ELF} ${SRC_TOP} ${SRC_AES} ${SRC_ASN1} \
        ${LCRYPTO_SRC}/evp \
        ${LCRYPTO_SRC}/gost \
        ${LCRYPTO_SRC}/hmac \
+       ${LCRYPTO_SRC}/hkdf \
        ${LCRYPTO_SRC}/idea \
-       ${LCRYPTO_SRC}/krb5 \
        ${LCRYPTO_SRC}/lhash \
        ${LCRYPTO_SRC}/md4 \
        ${LCRYPTO_SRC}/md5 \
@@ -249,6 +301,8 @@ SRCS=               ${ASM_X86_64_ELF} ${SRC_TOP} ${SRC_AES} ${SRC_ASN1} \
        ${LCRYPTO_SRC}/ripemd \
        ${LCRYPTO_SRC}/rsa \
        ${LCRYPTO_SRC}/sha \
+       ${LCRYPTO_SRC}/sm3 \
+       ${LCRYPTO_SRC}/sm4 \
        ${LCRYPTO_SRC}/stack \
        ${LCRYPTO_SRC}/ts \
        ${LCRYPTO_SRC}/txt_db \
@@ -258,7 +312,4 @@ SRCS=               ${ASM_X86_64_ELF} ${SRC_TOP} ${SRC_AES} ${SRC_ASN1} \
        ${LCRYPTO_SRC}/x509v3 \
        ${LIBRESSL_SRC}/include/openssl
 
-# compat/
-SRCS+= explicit_bzero.c timingsafe_bcmp.c timingsafe_memcmp.c
-
 .include <bsd.lib.mk>
index 8e0fbf9..c482058 100644 (file)
@@ -9,51 +9,4 @@ LCRYPTO_SRC=   ${LIBRESSL_SRC}/crypto
 LSSL_SRC=      ${LIBRESSL_SRC}/ssl
 
 CFLAGS+=       -I${LCRYPTO_SRC} -I${LSSL_SRC} -I${.OBJDIR}
-CFLAGS+=       -I${LIBRESSL_SRC}/include -I${LIBRESSL_SRC}/include/compat
-CFLAGS+=       -DSTDC_HEADERS=1 \
-               -DHAVE_SYS_TYPES_H=1 \
-               -DHAVE_SYS_STAT_H=1 \
-               -DHAVE_STDLIB_H=1 \
-               -DHAVE_STRING_H=1 \
-               -DHAVE_MEMORY_H=1 \
-               -DHAVE_STRINGS_H=1 \
-               -DHAVE_INTTYPES_H=1 \
-               -DHAVE_STDINT_H=1 \
-               -DHAVE_UNISTD_H=1 \
-               -DHAVE_DLFCN_H=1 \
-               -DHAVE_SYMLINK=1 \
-               -DHAVE_ERR_H=1 \
-               -DHAVE_READPASSPHRASE_H=1 \
-               -DHAVE_ASPRINTF=1 \
-               -DHAVE_INET_PTON=1 \
-               -DHAVE_MEMMEM=1 \
-               -DHAVE_READPASSPHRASE=1 \
-               -DHAVE_REALLOCARRAY=1 \
-               -DHAVE_STRLCAT=1 \
-               -DHAVE_STRLCPY=1 \
-               -DHAVE_STRCASECMP=1 \
-               -DHAVE_STRNDUP=1 \
-               -DHAVE_STRNLEN=1 \
-               -DHAVE_STRSEP=1 \
-               -DHAVE_STRTONUM=1 \
-               -DHAVE_TIMEGM=1 \
-               -DHAVE_ACCEPT4=1 \
-               -DHAVE_POLL=1 \
-               -DHAVE_ARC4RANDOM=1 \
-               -DHAVE_ARC4RANDOM_BUF=1 \
-               -DHAVE_ARC4RANDOM_UNIFORM=1 \
-               -DHAVE_VA_COPY=1 \
-               -DHAVE___VA_COPY=1 \
-               -DHAS_GNU_WARNING_LONG=1 \
-               -DSIZEOF_TIME_T=8
-CFLAGS+=       -DLIBRESSL_INTERNAL -DOPENSSL_NO_HW_PADLOCK
-
-.if defined(LIB)
-_docs= ${LIB}
-_skip= SSLeay_version des_modes
-_sec=  3
-.else
-_docs= apps
-_skip= config
-_sec=  1
-.endif
+CFLAGS+=       -I${LIBRESSL_SRC}/include
diff --git a/lib/librecrypto/dfly_config.h b/lib/librecrypto/dfly_config.h
new file mode 100644 (file)
index 0000000..deb1171
--- /dev/null
@@ -0,0 +1,110 @@
+
+#if 0
+/* added to openssl/opensslfeatures.h */
+#define OPENSSL_NO_ENGINE
+#define OPENSSL_NO_HW_PADLOCK
+#endif
+
+#if 0
+/* use as default */
+#define OPENSSLDIR "/etc/ssl"
+#endif
+
+#if 0
+/* unused */
+#define PACKAGE_NAME "libressl"
+#define PACKAGE_TARNAME "libressl"
+#define PACKAGE_VERSION "2.9.1"
+#define PACKAGE_STRING "libressl 2.9.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE_URL ""
+#define PACKAGE "libressl"
+#define VERSION "2.9.1"
+#define LT_OBJDIR ".libs/"
+#endif
+
+#if 0
+/* only if using/compiling compat/ sources */
+#define STDC_HEADERS 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_SYS_STAT_H 1
+#define HAVE_STDLIB_H 1
+#define HAVE_STRING_H 1
+#define HAVE_MEMORY_H 1
+#define HAVE_STRINGS_H 1
+#define HAVE_INTTYPES_H 1
+#define HAVE_STDINT_H 1
+#define HAVE_UNISTD_H 1
+#define HAVE_SYMLINK 1
+#define HAVE_ERR_H 1
+#define HAVE_READPASSPHRASE_H 1
+#define HAVE_ASPRINTF 1
+#define HAVE_FREEZERO 1
+#define HAVE_MEMMEM 1
+#define HAVE_READPASSPHRASE 1
+#define HAVE_REALLOCARRAY 1
+#define HAVE_RECALLOCARRAY 1
+#define HAVE_STRLCAT 1
+#define HAVE_STRLCPY 1
+#define HAVE_STRNDUP 1
+#define HAVE_STRNLEN 1
+#define HAVE_STRSEP 1
+#define HAVE_STRTONUM 1
+#define HAVE_TIMEGM 1
+#define HAVE_GETPROGNAME 1
+#define HAVE_SYSLOG 1
+#define HAVE_ACCEPT4 1
+#define HAVE_PIPE2 1
+#define HAVE_POLL 1
+#define HAVE_SOCKETPAIR 1
+#define HAVE_ARC4RANDOM 1
+#define HAVE_ARC4RANDOM_BUF 1
+#define HAVE_ARC4RANDOM_UNIFORM 1
+#define HAVE_EXPLICIT_BZERO 1
+#define HAVE_TIMINGSAFE_BCMP 1
+#define HAVE_TIMINGSAFE_MEMCMP 1
+#define HAVE_DL_ITERATE_PHDR 1
+#define HAVE_CLOCK_GETTIME 1
+#define HAVE_VA_COPY 1
+#define HAVE___VA_COPY 1
+#define HAS_GNU_WARNING_LONG 1
+#define SIZEOF_TIME_T 8
+#endif
+
+#if 0
+/* global for libressl */
+#define LIBRESSL_INTERNAL
+#define __BEGIN_HIDDEN_DECLS
+#define __END_HIDDEN_DECLS
+#endif
+
+#if 0
+/* only for crypto/ * / *.c */
+#define __STRICT_ALIGNMENT
+#endif
+#if 0
+/* only for crypto/ * / *.S */
+#define HAVE_GNU_STACK
+#endif
+
+#if 0
+/* only for crypto/chacha/chacha-merged.c */
+#define __bounded__(x, y, z)
+#endif
+#if 0
+/* only for apps/ */
+#define pledge(request, paths) 0
+#define unveil(path, permissions) 0
+#endif
+#if 0
+/* only for apps/openssl/apps_posix.c */
+#define timespecsub(tsp, usp, vsp)                                      \
+        do {                                                            \
+                (vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec;          \
+                (vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec;       \
+                if ((vsp)->tv_nsec < 0) {                               \
+                        (vsp)->tv_sec--;                                \
+                        (vsp)->tv_nsec += 1000000000L;                  \
+                }                                                       \
+        } while (0)
+#endif
index 16801be..b479061 100644 (file)
@@ -1,24 +1,30 @@
-# This version of libssl is from LibreSSL
+# This version of libressl is from LibreSSL
 .include "../librecrypto/Makefile.inc"
 
 LIB=           private_ssl
-SHLIB_MAJOR=   39
-PRIVATELIB=
+SHLIB_MAJOR=   47
+PRIVATELIB=    shpub
 
 SHLIBDIR?=     /lib
 WARNS?=                2
 
+CFLAGS+=       -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
+
 # from vendor makefile
-libssl_la_SOURCES= \
-       bio_ssl.c bs_ber.c bs_cbb.c bs_cbs.c d1_both.c \
-       d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c d1_srtp.c \
-       d1_srvr.c pqueue.c s23_clnt.c s23_lib.c s23_pkt.c s23_srvr.c \
-       s3_both.c s3_cbc.c s3_clnt.c s3_lib.c s3_pkt.c s3_srvr.c \
-       ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \
-       ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \
-       t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c
-
-SRCS=  ${libssl_la_SOURCES}
+SRCS=  bio_ssl.c bs_cbb.c bs_cbs.c \
+       d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_pkt.c d1_srtp.c d1_srvr.c \
+       pqueue.c s3_cbc.c s3_lib.c \
+       ssl_algs.c ssl_asn1.c ssl_both.c ssl_cert.c ssl_ciph.c ssl_ciphers.c \
+       ssl_clnt.c ssl_err.c ssl_init.c \
+       ssl_lib.c ssl_methods.c ssl_packet.c ssl_pkt.c ssl_rsa.c \
+       ssl_sess.c ssl_sigalgs.c ssl_srvr.c ssl_stat.c \
+       ssl_tlsext.c ssl_transcript.c ssl_txt.c ssl_versions.c \
+       t1_enc.c t1_lib.c tls13_key_schedule.c
+
+# not referenced:
+# bs_ber.c tls13_buffer.c tls13_client.c
+# tls13_handshake.c tls13_handshake_msg.c tls13_lib.c
+# tls13_record.c tls13_record_layer.c
 
 INCS=  dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
 INCSDIR=       ${INCLUDEDIR}/priv/openssl
index 9fb7255..dc1c03b 100644 (file)
@@ -1,3 +1,4 @@
+# This version of nc(1) is from LibreSSL
 .PATH: ${.CURDIR}/../../crypto/libressl/apps/nc
 .PATH: ${.CURDIR}/../../crypto/libressl/tls
 
@@ -5,10 +6,13 @@ PROG= nc
 SRCS=  netcat.c atomicio.c socks.c
 
 # TLS block (no separate libtls.a)
-SRCS+= tls_client.c    \
+SRCS+= tls_bio_cb.c    \
+       tls_client.c    \
        tls_config.c    \
        tls_conninfo.c  \
+       tls_keypair.c   \
        tls_peer.c      \
+       tls_ocsp.c      \
        tls_server.c    \
        tls_util.c      \
        tls_verify.c    \
@@ -16,9 +20,8 @@ SRCS+=        tls_client.c    \
 
 WARNS?=        2
 
-CFLAGS+=-DHAVE_ARC4RANDOM_BUF -DHAVE_STRTONUM  \
-       -I${.CURDIR}/../../crypto/libressl/include              \
-       -I${.CURDIR}/../../crypto/libressl/include/compat
+CFLAGS+= -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
+CFLAGS+=-I${.CURDIR}/../../crypto/libressl/include
 
 DPADD= ${LIBCRYPTO} ${LIBSSL}
 LDADD= -lprivate_ssl -lprivate_crypto
index 6f6ec2f..faff058 100644 (file)
@@ -1,23 +1,24 @@
-# $FreeBSD: src/secure/usr.bin/openssl/Makefile,v 1.11.2.6 2003/02/14 22:38:22 nectar Exp $
-
+# This version of openssl(1) is from LibreSSL
 PROG=  openssl
 WARNS?=        2
 
 .include "${.CURDIR}/../../lib/librecrypto/Makefile.inc"
 
+CFLAGS+=       -DLIBRESSL_INTERNAL
+CFLAGS+=       -I${.CURDIR}/../../crypto/libressl/include
+CFLAGS+=       -I${.CURDIR}
+
 DPADD+=                ${LIBSSL} ${LIBCRYPTO}
 LDADD+=                -lprivate_ssl -lprivate_crypto
 LDFLAGS+=      ${PRIVATELIB_LDFLAGS}
-CFLAGS+=       -I${.CURDIR}/../../crypto/libressl/include
-CFLAGS+=       -DMONOLITH -I${.CURDIR}
 
-SRCS=  apps.c apps_posix.c asn1pars.c ca.c certhash.c ciphers.c cms.c crl.c \
-       crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c \
-       errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c \
-       openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c \
-       pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_cb.c s_client.c \
-       s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c ts.c \
-       verify.c version.c x509.c
+SRCS=  apps_posix.c apps.c asn1pars.c ca.c certhash.c ciphers.c crl2p7.c crl.c \
+       dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c errstr.c \
+       gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c openssl.c \
+       passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \
+       prime.c rand.c req.c rsa.c rsautl.c \
+       s_cb.c s_client.c s_server.c s_socket.c s_time.c sess_id.c \
+       smime.c speed.c spkac.c ts.c verify.c version.c x509.c
 
 .include <bsd.prog.mk>