org>
> AuthorDate: 2026-03-22 00:39:16 +0000
> Commit:     Enji Cooper <ngie@FreeBSD.org>
> CommitDate: 2026-03-22 01:38:49 +0000
>=20
>    libcrypto: compile all PIC objects with -DOPENSSL_PIC -fPIC
>=20
>    This change modifies the libcrypto PIC objects to always compile =
with
>    `-DOPENSSL_PIC -fPIC` to restore parity with the upstream build =
process.
>    This ensures that the legacy provider is built with parity to the
>    upstream legacy provider.
>=20
>    MFC after:              12 days
>    Tested with:            `make check` (legacy provider), `make =
universe`
>    Fixes:                  14b9955e
>    Differential Revision:  https://reviews.freebsd.org/D44896
> ---
> secure/lib/libcrypto/Makefile     | 6 ------
> secure/lib/libcrypto/Makefile.inc | 3 +++
> 2 files changed, 3 insertions(+), 6 deletions(-)
>=20
> diff --git a/secure/lib/libcrypto/Makefile =
b/secure/lib/libcrypto/Makefile
> index 738de3479987..9d484e9d480c 100644
> --- a/secure/lib/libcrypto/Makefile
> +++ b/secure/lib/libcrypto/Makefile
> @@ -687,12 +687,6 @@ SUBDIR.${MK_TESTS}=3D tests
>=20
> .include <bsd.lib.mk>
>=20
> -.if ${MACHINE} =3D=3D "powerpc"
> -# Work around "relocation R_PPC_GOT16 out of range" errors
> -PICFLAG=3D -fPIC
> -.endif
> -PICFLAG+=3D -DOPENSSL_PIC
> -
> .if defined(ASM_${MACHINE_CPUARCH})
> .PATH: ${SRCTOP}/sys/crypto/openssl/${MACHINE_CPUARCH}
> .if defined(ASM_amd64)
> diff --git a/secure/lib/libcrypto/Makefile.inc =
b/secure/lib/libcrypto/Makefile.inc
> index 73c650d590ff..8f22d501e005 100644
> --- a/secure/lib/libcrypto/Makefile.inc
> +++ b/secure/lib/libcrypto/Makefile.inc
> @@ -12,6 +12,9 @@ CFLAGS+=3D -I${LCRYPTO_SRC}/providers/common/include
> CFLAGS+=3D -I${LCRYPTO_SRC}/providers/fips/include
> CFLAGS+=3D -I${LCRYPTO_SRC}/providers/implementations/include
>=20
> +PICFLAG=3D -fPIC
> +PICFLAG+=3D -DOPENSSL_PIC
> +
> .SUFFIXES: .pc
> .PATH.pc: ${LCRYPTO_SRC}/exporters

This isn=E2=80=99t what PICFLAG is for. Is there a reason you can=E2=80=99=
t use SHARED_CFLAGS?

Jessica