diff --git a/secure/lib/libcrypto/modules/Makefile b/secure/lib/libcrypto/modules/Makefile --- a/secure/lib/libcrypto/modules/Makefile +++ b/secure/lib/libcrypto/modules/Makefile @@ -1,5 +1,8 @@ +.include + +SUBDIR.${MK_OPENSSL_FIPS_PROVIDER}+= fips +SUBDIR.${MK_OPENSSL_LEGACY_PROVIDER}+= legacy -SUBDIR= fips legacy SUBDIR_PARALLEL= .include diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,5 +1,5 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. -.Dd March 15, 2024 +.Dd April 21, 2024 .Dt SRC.CONF 5 .Os .Sh NAME @@ -430,8 +430,12 @@ .It .Va WITHOUT_OPENSSL .It +.Va WITHOUT_OPENSSL_FIPS_PROVIDER +.It .Va WITHOUT_OPENSSL_KTLS .It +.Va WITHOUT_OPENSSL_LEGACY_PROVIDER +.It .Va WITHOUT_PKGBOOTSTRAP .It .Va WITHOUT_UNBOUND @@ -1318,14 +1322,6 @@ Do not install the limited cloud init support scripts. .It Va WITHOUT_NVME Do not build nvme related tools and kernel modules. -.Pp -This is a default setting on -arm/armv7, powerpc/powerpc and riscv/riscv64. -.It Va WITH_NVME -Build nvme related tools and kernel modules. -.Pp -This is a default setting on -amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_OFED Do not build the .Dq "OpenFabrics Enterprise Distribution" @@ -1384,8 +1380,12 @@ .It .Va WITHOUT_OPENSSH .It +.Va WITHOUT_OPENSSL_FIPS_PROVIDER +.It .Va WITHOUT_OPENSSL_KTLS .It +.Va WITHOUT_OPENSSL_LEGACY_PROVIDER +.It .Va WITHOUT_PKGBOOTSTRAP .It .Va WITHOUT_UNBOUND @@ -1401,6 +1401,8 @@ .Va WITH_GSSAPI is set explicitly) .El +.It Va WITHOUT_OPENSSL_FIPS_PROVIDER +Do not build the fips provider for OpenSSL. .It Va WITHOUT_OPENSSL_KTLS Do not include kernel TLS support in OpenSSL. .Pp @@ -1411,6 +1413,8 @@ .Pp This is a default setting on amd64/amd64, arm64/aarch64, powerpc/powerpc64 and powerpc/powerpc64le. +.It Va WITHOUT_OPENSSL_LEGACY_PROVIDER +Do not build the legacy provider for OpenSSL. .It Va WITHOUT_PAM Do not build PAM library and modules. .Bf -symbolic diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -152,6 +152,8 @@ NVME \ OFED \ OPENSSL \ + OPENSSL_FIPS_PROVIDER \ + OPENSSL_LEGACY_PROVIDER \ PAM \ PF \ PKGBOOTSTRAP \ @@ -427,7 +429,9 @@ .if ${MK_OPENSSL} == "no" MK_DMAGENT:= no MK_OPENSSH:= no +MK_OPENSSL_FIPS_PROVIDER:= no MK_OPENSSL_KTLS:= no +MK_OPENSSL_LEGACY_PROVIDER:= no MK_KERBEROS:= no MK_KERBEROS_SUPPORT:= no MK_LDNS:= no diff --git a/tools/build/options/WITHOUT_OPENSSL_FIPS_PROVIDER b/tools/build/options/WITHOUT_OPENSSL_FIPS_PROVIDER new file mode 100644 --- /dev/null +++ b/tools/build/options/WITHOUT_OPENSSL_FIPS_PROVIDER @@ -0,0 +1 @@ +Do not build the fips provider for OpenSSL. diff --git a/tools/build/options/WITHOUT_OPENSSL_LEGACY_PROVIDER b/tools/build/options/WITHOUT_OPENSSL_LEGACY_PROVIDER new file mode 100644 --- /dev/null +++ b/tools/build/options/WITHOUT_OPENSSL_LEGACY_PROVIDER @@ -0,0 +1 @@ +Do not build the legacy provider for OpenSSL. diff --git a/tools/build/options/WITH_OPENSSL_FIPS_PROVIDER b/tools/build/options/WITH_OPENSSL_FIPS_PROVIDER new file mode 100644 --- /dev/null +++ b/tools/build/options/WITH_OPENSSL_FIPS_PROVIDER @@ -0,0 +1 @@ +Build the fips provider for OpenSSL. diff --git a/tools/build/options/WITH_OPENSSL_LEGACY_PROVIDER b/tools/build/options/WITH_OPENSSL_LEGACY_PROVIDER new file mode 100644 --- /dev/null +++ b/tools/build/options/WITH_OPENSSL_LEGACY_PROVIDER @@ -0,0 +1 @@ +Build the legacy provider for OpenSSL.