3 files changed, 39 insertions, 55 deletions

diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile
index 8c72c6221056..4cf17b8d5c51 100644
--- a/secure/lib/libssl/Makefile
+++ b/secure/lib/libssl/Makefile
@@ -3,7 +3,7 @@
 .include <src.opts.mk>
 
 LIB=		ssl
-SHLIB_MAJOR=	111
+SHLIB_MAJOR=	30
 VERSION_MAP=	${.CURDIR}/Version.map
 PACKAGE=	openssl
 
@@ -13,15 +13,18 @@ PCFILES=	libssl.pc openssl.pc
 
 .include "../libcrypto/Makefile.inc"
 
-SRCS=	bio_ssl.c d1_lib.c d1_msg.c d1_srtp.c methods.c packet.c pqueue.c
+SRCS=	bio_ssl.c d1_lib.c d1_msg.c d1_srtp.c methods.c pqueue.c
 SRCS+=	s3_cbc.c s3_enc.c s3_lib.c s3_msg.c ssl_asn1.c ssl_cert.c ssl_ciph.c
-SRCS+=	ssl_conf.c ssl_err.c ssl_init.c ssl_lib.c ssl_mcnf.c ssl_rsa.c
-SRCS+=	ssl_sess.c ssl_stat.c ssl_txt.c t1_enc.c t1_lib.c tls_srp.c
-SRCS+=	tls13_enc.c
+SRCS+=	ssl_conf.c ssl_err.c ssl_err_legacy.c ssl_init.c ssl_lib.c ssl_mcnf.c
+SRCS+=	ssl_rsa.c ssl_rsa_legacy.c ssl_sess.c ssl_stat.c ssl_txt.c ssl_utst.c
+SRCS+=	t1_enc.c t1_lib.c t1_trce.c tls_depr.c tls_srp.c tls13_enc.c
+
+# crypto
+SRCS+=	packet.c sparse_array.c
 
 # record
 SRCS+=	dtls1_bitmap.c rec_layer_d1.c rec_layer_s3.c ssl3_buffer.c
-SRCS+=	ssl3_record.c ssl3_record_tls13.c
+SRCS+=	ssl3_record.c ssl3_record_tls13.c tls_pad.c
 
 # statem
 SRCS+=	extensions.c extensions_clnt.c extensions_cust.c extensions_srvr.c
@@ -29,10 +32,10 @@ SRCS+=	statem.c statem_clnt.c statem_dtls.c statem_lib.c statem_srvr.c
 
 .if ${MK_OPENSSL_KTLS} != "no"
 SRCS+=	ktls.c
+.else
+CFLAGS+=-DOPENSSL_NO_KTLS
 .endif
 
-SRCS+=	dummy_abi.c
-
 LIBADD=	crypto
 
 CFLAGS+=	-I${LCRYPTO_SRC}/ssl
@@ -42,6 +45,7 @@ CFLAGS+=	-I${.OBJDIR:H}/libcrypto
 
 PICFLAG+=	-DOPENSSL_PIC
 
-.PATH:	${LCRYPTO_SRC}/ssl \
+.PATH:	${LCRYPTO_SRC}/crypto \
+	${LCRYPTO_SRC}/ssl \
 	${LCRYPTO_SRC}/ssl/record \
 	${LCRYPTO_SRC}/ssl/statem
diff --git a/secure/lib/libssl/Version.map b/secure/lib/libssl/Version.map
index 3e4e00950def..b777dab1dd4d 100644
--- a/secure/lib/libssl/Version.map
+++ b/secure/lib/libssl/Version.map
@@ -519,3 +519,29 @@ OPENSSL_1_1_1e {
         SSL_sendfile;
     local: *;
 } OPENSSL_1_1_1a;
+
+OPENSSL_3_0_9 {
+    global:
+        OSSL_default_cipher_list;
+        OSSL_default_ciphersuites;
+        SSL_CTX_load_verify_dir;
+        SSL_CTX_load_verify_file;
+        SSL_CTX_load_verify_store;
+        SSL_CTX_new_ex;
+        SSL_CTX_set0_tmp_dh_pkey;
+        SSL_CTX_set_async_callback;
+        SSL_CTX_set_async_callback_arg;
+        SSL_CTX_set_default_verify_store;
+        SSL_CTX_set_tlsext_ticket_key_evp_cb;
+        SSL_add_store_cert_subjects_to_stack;
+        SSL_get0_peer_certificate;
+        SSL_get1_peer_certificate;
+        SSL_get_async_status;
+        SSL_group_to_name;
+        SSL_load_client_CA_file_ex;
+        SSL_new_session_ticket;
+        SSL_set0_tmp_dh_pkey;
+        SSL_set_async_callback;
+        SSL_set_async_callback_arg;
+        SSL_trace;
+} OPENSSL_1_1_1e;
diff --git a/secure/lib/libssl/dummy_abi.c b/secure/lib/libssl/dummy_abi.c
index 79d38a420093..e69de29bb2d1 100644
--- a/secure/lib/libssl/dummy_abi.c
+++ b/secure/lib/libssl/dummy_abi.c
@@ -1,46 +0,0 @@
-/* This file is in the public domain. */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <stdbool.h>
-#include <unistd.h>
-
-#include <openssl/ssl.h>
-
-static inline void
-__SSLv3_dummy_method_impl(void)
-{
-	static const char warning[] = "SSLv3 use is deprecated.\n";
-	static bool once = false;
-
-	if (once)
-		return;
-
-	once = true;
-	write(STDERR_FILENO, warning, sizeof(warning) - 1);
-}
-
-const SSL_METHOD *
-__SSLv3_method_fbsd12(void)
-{
-	__SSLv3_dummy_method_impl();
-	return (NULL);
-}
-__sym_compat(SSLv3_method, __SSLv3_method_fbsd12, OPENSSL_1_1_0);
-
-const SSL_METHOD *
-__SSLv3_client_method_fbsd12(void)
-{
-	__SSLv3_dummy_method_impl();
-	return (NULL);
-}
-__sym_compat(SSLv3_client_method, __SSLv3_client_method_fbsd12, OPENSSL_1_1_0);
-
-const SSL_METHOD *
-__SSLv3_server_method_fbsd12(void)
-{
-	__SSLv3_dummy_method_impl();
-	return (NULL);
-}
-__sym_compat(SSLv3_server_method, __SSLv3_server_method_fbsd12, OPENSSL_1_1_0);