git: 8e7046ff29a0 - main - libcrypto: Revert recent changes to fix legacy and fips providers

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 04 Jul 2023 20:38:49 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=8e7046ff29a09852584b87f5237c230283023e11

commit 8e7046ff29a09852584b87f5237c230283023e11
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-07-04 20:37:21 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-07-04 20:38:26 +0000

    libcrypto: Revert recent changes to fix legacy and fips providers
    
    They break the !amd64 builds due to an underspecified include path and
    will be re-applied once that's fixed.
    
    Reported by:    Ronald Klop <ronald-lists@klop.ws>
---
 crypto/openssl/crypto/bn/bn_const.c          |   2 -
 secure/lib/libcrypto/Makefile.common         | 102 -----------
 secure/lib/libcrypto/Makefile.inc            | 103 ++++++++++-
 secure/lib/libcrypto/modules/Makefile.inc    |   7 +-
 secure/lib/libcrypto/modules/fips/Makefile   | 263 +--------------------------
 secure/lib/libcrypto/modules/legacy/Makefile |  30 +--
 6 files changed, 107 insertions(+), 400 deletions(-)

diff --git a/crypto/openssl/crypto/bn/bn_const.c b/crypto/openssl/crypto/bn/bn_const.c
index bc7ede575d62..a36e0ac792dd 100644
--- a/crypto/openssl/crypto/bn/bn_const.c
+++ b/crypto/openssl/crypto/bn/bn_const.c
@@ -82,12 +82,10 @@ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
  * RFC2312 specifies a generator of 22.
  */
 
-#ifndef FIPS_MODULE
 BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
 {
     return COPY_BN(bn, ossl_bignum_modp_1536_p);
 }
-#endif
 
 /*-
  * "2048-bit MODP Group" from RFC3526, Section 3.
diff --git a/secure/lib/libcrypto/Makefile.common b/secure/lib/libcrypto/Makefile.common
deleted file mode 100644
index ff9050e72370..000000000000
--- a/secure/lib/libcrypto/Makefile.common
+++ /dev/null
@@ -1,102 +0,0 @@
-# $FreeBSD$
-
-.include <bsd.endian.mk>
-
-.if ${TARGET_ENDIANNESS} == 1234
-CFLAGS+=	-DL_ENDIAN
-.elif ${TARGET_ENDIANNESS} == 4321
-CFLAGS+=	-DB_ENDIAN
-.endif
-
-.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
-    ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
-ASM_${MACHINE_CPUARCH}=
-.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \
-    ${MACHINE_ARCH} == "powerpc64le"
-ASM_${MACHINE_ARCH}=
-.endif
-
-.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH})
-CFLAGS+=	-DOPENSSL_CPUID_OBJ
-.if defined(ASM_aarch64)
-CFLAGS+=	-DOPENSSL_BN_ASM_MONT
-CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-CFLAGS+=	-DKECCAK1600_ASM
-CFLAGS+=	-DVPAES_ASM
-CFLAGS+=	-DECP_NISTZ256_ASM
-CFLAGS+=	-DPOLY1305_ASM
-.elif defined(ASM_amd64)
-CFLAGS+=	-DOPENSSL_IA32_SSE2
-CFLAGS+=	-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
-CFLAGS+=	-DOPENSSL_BN_ASM_GF2m
-CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-CFLAGS+=	-DKECCAK1600_ASM
-CFLAGS+=	-DRC4_ASM
-CFLAGS+=	-DMD5_ASM
-CFLAGS+=	-DVPAES_ASM
-CFLAGS+=	-DGHASH_ASM
-CFLAGS+=	-DECP_NISTZ256_ASM -DX25519_ASM
-CFLAGS+=	-DPADLOCK_ASM
-CFLAGS+=	-DPOLY1305_ASM
-.elif defined(ASM_arm)
-CFLAGS+=	-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m
-CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-CFLAGS+=	-DKECCAK1600_ASM
-CFLAGS+=	-DBSAES_ASM
-CFLAGS+=	-DGHASH_ASM
-CFLAGS+=	-DECP_NISTZ256_ASM
-CFLAGS+=	-DPOLY1305_ASM
-.elif defined(ASM_i386)
-CFLAGS+=	-DOPENSSL_IA32_SSE2
-CFLAGS+=	-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
-CFLAGS+=	-DOPENSSL_BN_ASM_GF2m
-CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
-CFLAGS+=	-DRC4_ASM
-CFLAGS+=	-DMD5_ASM
-CFLAGS+=	-DRMD160_ASM
-CFLAGS+=	-DVPAES_ASM
-CFLAGS+=	-DWHIRLPOOL_ASM
-CFLAGS+=	-DGHASH_ASM
-CFLAGS+=	-DECP_NISTZ256_ASM
-CFLAGS+=	-DPADLOCK_ASM
-CFLAGS+=	-DPOLY1305_ASM
-.elif defined(ASM_powerpc)
-CFLAGS+=	-DOPENSSL_BN_ASM_MONT
-CFLAGS+=	-DAES_ASM
-CFLAGS+=	-DVPAES_ASM
-CFLAGS+=	-DSHA1_ASM
-CFLAGS+=	-DSHA256_ASM
-CFLAGS+=	-DSHA512_ASM
-CFLAGS+=	-DPOLY1305_ASM
-.elif defined(ASM_powerpc64)
-CFLAGS+=	-DOPENSSL_BN_ASM_MONT
-CFLAGS+=	-DAES_ASM
-CFLAGS+=	-DVPAES_ASM
-CFLAGS+=	-DSHA1_ASM
-CFLAGS+=	-DSHA256_ASM
-CFLAGS+=	-DSHA512_ASM
-CFLAGS+=	-DPOLY1305_ASM
-CFLAGS+=	-DECP_NISTZ256_ASM
-CFLAGS+=	-DX25519_ASM
-CFLAGS+=	-DKECCAK1600_ASM
-.elif defined(ASM_powerpc64le)
-CFLAGS+=	-DOPENSSL_BN_ASM_MONT
-CFLAGS+=	-DAES_ASM
-CFLAGS+=	-DVPAES_ASM
-CFLAGS+=	-DSHA1_ASM
-CFLAGS+=	-DSHA256_ASM
-CFLAGS+=	-DSHA512_ASM
-CFLAGS+=	-DPOLY1305_ASM
-CFLAGS+=	-DECP_NISTZ256_ASM
-CFLAGS+=	-DX25519_ASM
-CFLAGS+=	-DKECCAK1600_ASM
-.endif
-.endif
-
-MANDIR=		${SHAREDIR}/openssl/man/man
-
-CFLAGS+=	-DOPENSSLDIR="\"/etc/ssl\""
-CFLAGS+=	-DENGINESDIR="\"${LIBDIR}/engines-3\""
-CFLAGS+=	-DMODULESDIR="\"${LIBDIR}/ossl-modules\""
-
-CFLAGS+=	-DNDEBUG
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index d462d9f82857..d995fb2a0cb2 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -14,7 +14,108 @@ CFLAGS+=	-I${LCRYPTO_SRC}/include
 CFLAGS+=	-I${LCRYPTO_SRC}/providers/common/include
 CFLAGS+=	-I${LCRYPTO_SRC}/providers/implementations/include
 
-.include "Makefile.common"
+.include <bsd.endian.mk>
+
+.if ${TARGET_ENDIANNESS} == 1234
+CFLAGS+=	-DL_ENDIAN
+.elif ${TARGET_ENDIANNESS} == 4321
+CFLAGS+=	-DB_ENDIAN
+.endif
+
+.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
+    ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
+ASM_${MACHINE_CPUARCH}=
+.elif ${MACHINE_ARCH} == "powerpc" || ${MACHINE_ARCH} == "powerpc64" || \
+    ${MACHINE_ARCH} == "powerpc64le"
+ASM_${MACHINE_ARCH}=
+.endif
+
+.if defined(ASM_${MACHINE_CPUARCH}) || defined(ASM_${MACHINE_ARCH})
+CFLAGS+=	-DOPENSSL_CPUID_OBJ
+.if defined(ASM_aarch64)
+CFLAGS+=	-DOPENSSL_BN_ASM_MONT
+CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+CFLAGS+=	-DKECCAK1600_ASM
+CFLAGS+=	-DVPAES_ASM
+CFLAGS+=	-DECP_NISTZ256_ASM
+CFLAGS+=	-DPOLY1305_ASM
+.elif defined(ASM_amd64)
+CFLAGS+=	-DOPENSSL_IA32_SSE2
+CFLAGS+=	-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5
+CFLAGS+=	-DOPENSSL_BN_ASM_GF2m
+CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+CFLAGS+=	-DKECCAK1600_ASM
+CFLAGS+=	-DRC4_ASM
+CFLAGS+=	-DMD5_ASM
+CFLAGS+=	-DVPAES_ASM
+CFLAGS+=	-DGHASH_ASM
+CFLAGS+=	-DECP_NISTZ256_ASM -DX25519_ASM
+CFLAGS+=	-DPADLOCK_ASM
+CFLAGS+=	-DPOLY1305_ASM
+.elif defined(ASM_arm)
+CFLAGS+=	-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m
+CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+CFLAGS+=	-DKECCAK1600_ASM
+CFLAGS+=	-DBSAES_ASM
+CFLAGS+=	-DGHASH_ASM
+CFLAGS+=	-DECP_NISTZ256_ASM
+CFLAGS+=	-DPOLY1305_ASM
+.elif defined(ASM_i386)
+CFLAGS+=	-DOPENSSL_IA32_SSE2
+CFLAGS+=	-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
+CFLAGS+=	-DOPENSSL_BN_ASM_GF2m
+CFLAGS+=	-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+CFLAGS+=	-DRC4_ASM
+CFLAGS+=	-DMD5_ASM
+CFLAGS+=	-DRMD160_ASM
+CFLAGS+=	-DVPAES_ASM
+CFLAGS+=	-DWHIRLPOOL_ASM
+CFLAGS+=	-DGHASH_ASM
+CFLAGS+=	-DECP_NISTZ256_ASM
+CFLAGS+=	-DPADLOCK_ASM
+CFLAGS+=	-DPOLY1305_ASM
+.elif defined(ASM_powerpc)
+CFLAGS+=	-DOPENSSL_BN_ASM_MONT
+CFLAGS+=	-DAES_ASM
+CFLAGS+=	-DVPAES_ASM
+CFLAGS+=	-DSHA1_ASM
+CFLAGS+=	-DSHA256_ASM
+CFLAGS+=	-DSHA512_ASM
+CFLAGS+=	-DPOLY1305_ASM
+.elif defined(ASM_powerpc64)
+CFLAGS+=	-DOPENSSL_BN_ASM_MONT
+CFLAGS+=	-DAES_ASM
+CFLAGS+=	-DVPAES_ASM
+CFLAGS+=	-DSHA1_ASM
+CFLAGS+=	-DSHA256_ASM
+CFLAGS+=	-DSHA512_ASM
+CFLAGS+=	-DPOLY1305_ASM
+CFLAGS+=	-DECP_NISTZ256_ASM
+CFLAGS+=	-DX25519_ASM
+CFLAGS+=	-DKECCAK1600_ASM
+.elif defined(ASM_powerpc64le)
+CFLAGS+=	-DOPENSSL_BN_ASM_MONT
+CFLAGS+=	-DAES_ASM
+CFLAGS+=	-DVPAES_ASM
+CFLAGS+=	-DSHA1_ASM
+CFLAGS+=	-DSHA256_ASM
+CFLAGS+=	-DSHA512_ASM
+CFLAGS+=	-DPOLY1305_ASM
+CFLAGS+=	-DECP_NISTZ256_ASM
+CFLAGS+=	-DX25519_ASM
+CFLAGS+=	-DKECCAK1600_ASM
+.endif
+.endif
+
+.if defined(LIB)
+CFLAGS+=	-DOPENSSLDIR="\"/etc/ssl\""
+CFLAGS+=	-DENGINESDIR="\"${LIBDIR}/engines-3\""
+CFLAGS+=	-DMODULESDIR="\"${LIBDIR}/ossl-modules\""
+.endif
+
+CFLAGS+=	-DNDEBUG
+
+MANDIR=		${SHAREDIR}/openssl/man/man
 
 .for pcfile in ${PCFILES}
 ${pcfile}:	${pcfile}.in
diff --git a/secure/lib/libcrypto/modules/Makefile.inc b/secure/lib/libcrypto/modules/Makefile.inc
index 6e74ff36a9cf..e2f8e9437953 100644
--- a/secure/lib/libcrypto/modules/Makefile.inc
+++ b/secure/lib/libcrypto/modules/Makefile.inc
@@ -9,11 +9,8 @@ CFLAGS+=	-I${LCRYPTO_SRC}/include
 CFLAGS+=	-I${LCRYPTO_SRC}/providers/common/include
 CFLAGS+=	-I${LCRYPTO_SRC}/providers/implementations/include
 
-# common
-SRCS+=	provider_err.c provider_ctx.c
-SRCS+=	provider_util.c
+.include <bsd.endian.mk>
 
-.PATH:	${LCRYPTO_SRC}/providers \
-	${LCRYPTO_SRC}/providers/common
+.PATH: ${LCRYPTO_SRC}/providers
 
 WARNS?=		0
diff --git a/secure/lib/libcrypto/modules/fips/Makefile b/secure/lib/libcrypto/modules/fips/Makefile
index c8b79e3badfd..46c5ec2a091f 100644
--- a/secure/lib/libcrypto/modules/fips/Makefile
+++ b/secure/lib/libcrypto/modules/fips/Makefile
@@ -2,268 +2,9 @@
 
 SHLIB_NAME?=	fips.so
 
-CFLAGS+=	-DFIPS_MODULE
-
-SRCS+=	fips_entry.c fipsprov.c self_test.c self_test_kats.c
-
-.include "../../Makefile.common"
-
-# crypto
-SRCS+=	provider_core.c provider_predefined.c \
-	core_fetch.c core_algorithm.c core_namemap.c self_test_core.c
-
-SRCS+=	cpuid.c ctype.c
-.if defined(ASM_aarch64)
-SRCS+=	arm64cpuid.S armcap.c
-ACFLAGS.arm64cpuid.S=	-march=armv8-a+crypto
-.elif defined(ASM_amd64)
-SRCS+=	x86_64cpuid.S
-.elif defined(ASM_arm)
-SRCS+=	armv4cpuid.S armcap.c
-.elif defined(ASM_i386)
-SRCS+=	x86cpuid.S
-.elif defined(ASM_powerpc)
-SRCS+=	ppccpuid.S ppccap.c
-.elif defined(ASM_powerpc64)
-SRCS+=	ppccpuid.S ppccap.c
-.elif defined(ASM_powerpc64le)
-SRCS+=	ppccpuid.S ppccap.c
-.else
-SRCS+=	mem_clr.c
-.endif
-
-# crypto/bn
-SRCS+=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
-	bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
-	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-	bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
-.if defined(ASM_aarch64)
-SRCS+=	armv8-mont.S bn_asm.c
-.elif defined(ASM_amd64)
-SRCS+=	rsaz-avx2.S rsaz-avx512.S rsaz-x86_64.S rsaz_exp.c rsaz_exp_x2.c
-SRCS+=	x86_64-gcc.c x86_64-gf2m.S x86_64-mont.S x86_64-mont5.S
-.elif defined(ASM_arm)
-SRCS+=	armv4-gf2m.S armv4-mont.S bn_asm.c
-.elif defined(ASM_i386)
-SRCS+=	bn-586.S co-586.S x86-gf2m.S x86-mont.S
-.elif defined(ASM_powerpc)
-SRCS+=	bn_ppc.c bn-ppc.S ppc-mont.S
-.elif defined(ASM_powerpc64)
-SRCS+=	bn_ppc.c bn-ppc.S ppc-mont.S
-.elif defined(ASM_powerpc64le)
-SRCS+=	bn_ppc.c bn-ppc.S ppc-mont.S
-.else
-SRCS+=	bn_asm.c
-.endif
-
-# crypto/dh
-SRCS+=	dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c dh_gen.c \
-	dh_kdf.c
-
-# crypto/dsa
-SRCS+=	dsa_sign.c dsa_vrf.c dsa_lib.c dsa_ossl.c dsa_check.c \
-	dsa_key.c dsa_backend.c dsa_gen.c
-
-# crypto/ec
-SRCS+=	ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
-	ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \
-	ec2_smpl.c \
-	ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \
-	ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
-	curve448/f_generic.c curve448/scalar.c \
-	curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
-	ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \
-	curve448/arch_32/f_impl32.c
-SRCS+=	cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \
-	threads_pthread.c threads_none.c initthread.c \
-	context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
-	param_build_set.c der_writer.c threads_lib.c params_dup.c
-
-.include <bsd.opts.mk>
-.if ${MACHINE_ABI:Mlittle-endian} && ${MACHINE_ABI:Mlong64}
-SRCS+=	ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
-.endif
-.if defined(ASM_aarch64)
-SRCS+=	ecp_nistz256-armv8.S ecp_nistz256.c
-.elif defined(ASM_amd64)
-SRCS+=	ecp_nistz256-x86_64.S ecp_nistz256.c x25519-x86_64.S
-.elif defined(ASM_arm)
-SRCS+=	ecp_nistz256-armv4.S ecp_nistz256.c
-.elif defined(ASM_i386)
-SRCS+=	ecp_nistz256-x86.S ecp_nistz256.c
-.elif defined(ASM_powerpc64)
-SRCS+=	ecp_nistp521-ppc64.S ecp_nistz256-ppc64.S ecp_nistz256.c ecp_ppc.c x25519-ppc64.S
-.elif defined(ASM_powerpc64le)
-SRCS+=	ecp_nistp521-ppc64.S ecp_nistz256-ppc64.S ecp_nistz256.c ecp_ppc.c x25519-ppc64.S
-.endif
-
-# crypto/evp
-SRCS+=	digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \
-	mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \
-	m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \
-	evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c
-
-# crypto/ffc
-SRCS+=	ffc_params.c ffc_params_generate.c ffc_key_generate.c \
-	ffc_params_validate.c ffc_key_validate.c ffc_backend.c \
-	ffc_dh.c
-
-# crypto/lhash
-SRCS+=	lhash.c
-
-# crypto/property
-SRCS+=	property_string.c property_parse.c property_query.c property.c defn_cache.c
-
-# crypto/rsa
-SRCS+=	rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \
-	rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \
-	rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \
-	rsa_mp_names.c rsa_schemes.c
-SRCS+=	rsa_acvp_test_params.c
-
-# crypto/sha
-SRCS+=	sha1dgst.c sha256.c sha512.c sha3.c
-.if defined(ASM_aarch64)
-SRCS+=	keccak1600-armv8.S sha1-armv8.S sha256-armv8.S sha512-armv8.S
-.elif defined(ASM_amd64)
-SRCS+=	keccak1600-x86_64.S sha1-mb-x86_64.S sha1-x86_64.S
-SRCS+=	sha256-mb-x86_64.S sha256-x86_64.S sha512-x86_64.S
-.elif defined(ASM_arm)
-SRCS+=	keccak1600-armv4.S sha1-armv4-large.S sha256-armv4.S sha512-armv4.S
-.elif defined(ASM_i386)
-SRCS+=	keccak1600.c sha1-586.S sha256-586.S sha512-586.S
-.elif defined(ASM_powerpc)
-SRCS+=	keccak1600.c sha_ppc.c sha1-ppc.S sha256-ppc.S sha512-ppc.S sha256p8-ppc.S sha512p8-ppc.S
-.elif defined(ASM_powerpc64)
-SRCS+=	keccak1600-ppc64.S sha_ppc.c sha1-ppc.S sha256-ppc.S sha512-ppc.S sha256p8-ppc.S sha512p8-ppc.S
-.elif defined(ASM_powerpc64le)
-SRCS+=	keccak1600-ppc64.S sha_ppc.c sha1-ppc.S sha256-ppc.S sha512-ppc.S sha256p8-ppc.S sha512p8-ppc.S
-.else
-SRCS+=	keccak1600.c
-.endif
-
-# common
-SRCS+=	capabilities.c bio_prov.c digest_to_nid.c \
-	securitycheck.c provider_seeding.c
-SRCS+=	securitycheck_fips.c
-
-# common/der
-SRCS+=	der_rsa_gen.c der_rsa_key.c
-SRCS+=	der_rsa_sig.c
-
-SRCS+=	der_dsa_gen.c der_dsa_key.c
-SRCS+=	der_dsa_sig.c
-
-SRCS+=	der_ec_gen.c der_ec_key.c
-SRCS+=	der_ec_sig.c
-
-SRCS+=	der_ecx_gen.c der_ecx_key.c
-
-SRCS+=	der_wrap_gen.c
-
-# asymciphers
-SRCS+=	rsa_enc.c
-
-# ciphers
-SRCS+=	ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
-	ciphercommon_gcm.c ciphercommon_gcm_hw.c \
-	ciphercommon_ccm.c ciphercommon_ccm_hw.c
-SRCS+=	cipher_aes.c cipher_aes_hw.c \
-	cipher_aes_xts.c cipher_aes_xts_hw.c \
-	cipher_aes_gcm.c cipher_aes_gcm_hw.c \
-	cipher_aes_ccm.c cipher_aes_ccm_hw.c \
-	cipher_aes_wrp.c \
-	cipher_aes_cbc_hmac_sha.c \
-	cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \
-	cipher_cts.c
-SRCS+=	cipher_aes_xts_fips.c
-SRCS+=	cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c
-
-# digests
-SRCS+=	digestcommon.c
-SRCS+=	sha2_prov.c
-SRCS+=	sha3_prov.c
-
-# exchange
-SRCS+=	dh_exch.c
-SRCS+=	ecx_exch.c
-SRCS+=	ecdh_exch.c
-SRCS+=	kdf_exch.c
-
-# kdfs
-SRCS+=	tls1_prf.c
-SRCS+=	hkdf.c
-SRCS+=	kbkdf.c
-SRCS+=	pbkdf2.c
-SRCS+=	pbkdf2_fips.c
-SRCS+=	sskdf.c
-SRCS+=	sshkdf.c
-SRCS+=	x942kdf.c
-
-# kem
-SRCS+=	rsa_kem.c
-
-# keymgmt
-SRCS+=	dh_kmgmt.c
-SRCS+=	dsa_kmgmt.c
-SRCS+=	ec_kmgmt.c
-SRCS+=	ecx_kmgmt.c
-SRCS+=	kdf_legacy_kmgmt.c
-SRCS+=	mac_legacy_kmgmt.c
-SRCS+=	rsa_kmgmt.c
-
-# macs
-SRCS+=	gmac_prov.c
-SRCS+=	hmac_prov.c
-SRCS+=	kmac_prov.c
-SRCS+=	cmac_prov.c
-
-# rands
-SRCS+=	drbg.c test_rng.c drbg_ctr.c drbg_hash.c drbg_hmac.c crngt.c
-
-# signature
-SRCS+=	dsa_sig.c
-SRCS+=	eddsa_sig.c ecdsa_sig.c
-SRCS+=	mac_legacy_sig.c
-SRCS+=	rsa_sig.c
-
-# ssl
-SRCS+=	record/tls_pad.c s3_cbc.c
+SRCS=	fips_entry.c fipsprov.c self_test.c self_test_kats.c
 
 .include <bsd.lib.mk>
 
-.if defined(ASM_${MACHINE_CPUARCH})
-.PATH:	${SRCTOP}/secure/lib/libcrypto/arch/${MACHINE_CPUARCH}
-.if defined(ASM_amd64)
-.PATH:	${LCRYPTO_SRC}/crypto/bn/asm
-.endif
-.elif defined(ASM_${MACHINE_ARCH})
-.PATH:	${SRCTOP}/secure/lib/libcrypto/arch/${MACHINE_ARCH}
-.endif
-
 .PATH:	${LCRYPTO_SRC}/crypto \
-	${LCRYPTO_SRC}/crypto/bio \
-	${LCRYPTO_SRC}/crypto/bn \
-	${LCRYPTO_SRC}/crypto/dh \
-	${LCRYPTO_SRC}/crypto/dsa \
-	${LCRYPTO_SRC}/crypto/ec \
-	${LCRYPTO_SRC}/crypto/evp \
-	${LCRYPTO_SRC}/crypto/ffc \
-	${LCRYPTO_SRC}/crypto/lhash \
-	${LCRYPTO_SRC}/crypto/property \
-	${LCRYPTO_SRC}/crypto/rsa \
-	${LCRYPTO_SRC}/crypto/sha \
-	${LCRYPTO_SRC}/providers/fips \
-	${LCRYPTO_SRC}/providers/common/der \
-	${LCRYPTO_SRC}/providers/implementations/asymciphers \
-	${LCRYPTO_SRC}/providers/implementations/ciphers \
-	${LCRYPTO_SRC}/providers/implementations/digests \
-	${LCRYPTO_SRC}/providers/implementations/exchange \
-	${LCRYPTO_SRC}/providers/implementations/kdfs \
-	${LCRYPTO_SRC}/providers/implementations/kem \
-	${LCRYPTO_SRC}/providers/implementations/keymgmt \
-	${LCRYPTO_SRC}/providers/implementations/macs \
-	${LCRYPTO_SRC}/providers/implementations/rands \
-	${LCRYPTO_SRC}/providers/implementations/signature \
-	${LCRYPTO_SRC}/ssl
+	${LCRYPTO_SRC}/providers/fips
diff --git a/secure/lib/libcrypto/modules/legacy/Makefile b/secure/lib/libcrypto/modules/legacy/Makefile
index c98ca9553e20..3ed4bed6cd52 100644
--- a/secure/lib/libcrypto/modules/legacy/Makefile
+++ b/secure/lib/libcrypto/modules/legacy/Makefile
@@ -2,34 +2,6 @@
 
 SHLIB_NAME?=	legacy.so
 
-SRCS+=	legacyprov.c prov_running.c
-
-# ciphers
-SRCS+=	ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
-	ciphercommon_gcm.c ciphercommon_gcm_hw.c \
-	ciphercommon_ccm.c ciphercommon_ccm_hw.c
-SRCS+=	cipher_desx.c cipher_desx_hw.c cipher_des.c cipher_des_hw.c
-SRCS+=	cipher_tdes_common.c
-SRCS+=	cipher_blowfish.c cipher_blowfish_hw.c
-SRCS+=	cipher_cast5.c cipher_cast5_hw.c
-SRCS+=	cipher_rc2.c cipher_rc2_hw.c
-SRCS+=	cipher_rc4.c cipher_rc4_hw.c
-SRCS+=	cipher_rc4_hmac_md5.c cipher_rc4_hmac_md5_hw.c
-SRCS+=	cipher_seed.c cipher_seed_hw.c
-
-# digests
-SRCS+=	digestcommon.c
-SRCS+=	md4_prov.c wp_prov.c ripemd_prov.c
-
-# kdfs
-SRCS+=	pbkdf1.c
-
-# ssl
-SRCS+=	record/tls_pad.c
+SRCS=	legacyprov.c
 
 .include <bsd.lib.mk>
-
-.PATH:	${LCRYPTO_SRC}/providers/implementations/ciphers \
-	${LCRYPTO_SRC}/providers/implementations/digests \
-	${LCRYPTO_SRC}/providers/implementations/kdfs \
-	${LCRYPTO_SRC}/ssl