hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-14 14:21:18 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
5af6fbd727
HardenedBSD/crypto/openssl/HACKING.md
Pierre Pronchery b077aed33b Merge OpenSSL 3.0.9 
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0.  OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0.  For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0.  Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1.  The process of updating to contemporary APIs can continue after
this merge.

Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit.  Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.

There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g.  haproxy).
Investigation will continue for these.

Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.

Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.

PR:		271615
PR:		271656 [exp-run]
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2023-06-23 18:53:36 -04:00

1.2 KiB
Raw Blame History

MODIFYING OPENSSL SOURCE

This document describes the way to add custom modifications to OpenSSL sources.

If you are adding new public functions to the custom library build, you need to either add a prototype in one of the existing OpenSSL header files; or provide a new header file and edit Configurations/unix-Makefile.tmpl to pick up that file.

After that perform the following steps:

./Configure -Werror --strict-warnings [your-options]
make update
make
make test

make update ensures that your functions declarations are added to util/libcrypto.num or util/libssl.num. If you plan to submit the changes you made to OpenSSL (see CONTRIBUTING.md), it's worth running:

make doc-nits

after running make update to ensure that documentation has correct format.

make update also generates files related to OIDs (in the crypto/objects/ folder) and errors. If a merge error occurs in one of these generated files then the generated files need to be removed and regenerated using make update. To aid in this process the generated files can be committed separately so they can be removed easily.