libcrypto: complete the support for the 0.9.8 API

When importing OpenSSL 3 in base, some but not all source files
implementing the deprecated 0.9.8 API were imported. With this change,
it becomes possible again to compile software targeting this API.

PR: 272220
Fixes: b077aed33b7b ("Merge OpenSSL 3.0.9")
Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/851

libcrypto: link engines and the legacy provider to libcrypto

OpenSSL's legacy provider module and engines need to link to
libcrypto.so, as it provides some of the actual implementations of
legacy routines.

This is a little tricky due to build order issues. Introduce a small
hack (LIBCRYPTO_WITHOUT_SUBDIRS) that builds libcrypto.so in its usual
early phase without any OpenSSL provider modules or engines. This is
intended to restore the test suite; a future change should remove the
hack and replace it with a better approach.

PR: 254853, 273528
Discussed with: Folks at EuroBSDCon in Coimbra
Sponsored by: The FreeBSD Foundation

libcrypto: Switch back to the generated assembly in sys/crypto/openssl

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41569

libcrypto: Add buildasm and cleanasm targets

These targets generate all the assembly files in sys/crypto/openssl.

Reviewed by: markj, emaste (earlier version)
Differential Revision: https://reviews.freebsd.org/D41590

libcrypto: Update assembly build glue for x86 for OpenSSL 3.0.

Notably, define AES_ASM which is required for any AES acceleration
(OpenSSL 1.0 gated all AES acceleration on OPENSSL_CPUID_OBJ instead).
Enabling this exposed that new assembly files added in OpenSSL 3.0
needed to be included in the build (aes-x86-64.S and aes-586.S). Both
of these files supplant both aes_core.c and aes_cbc.c. The last file
had to be moved out of the MI SRCS line for aes and into each ASM_*
for non-x86.

As part of this I audited the generated configdata.pm for amd64, i386,
and aarch64 and found the following additional discrepecancies that are
fixed here as well:

- Enabled BSAES_ASM on amd64 which requires bsase-x86_64.S

- Enabled WHIRLPOOL_ASM on amd64 (asm sources already built)

- Enabled CMLL_ASM on amd64 and i386 (asm sources already built)

aarch64 had no discreprecancies in configdata.pm, and no *.pl asm
generators were missing for aarch64 in Makefile.asm. I did not check
powerpc or armv7, but for armv7 all of the asm generators seem to be
present in Makefile.asm.

Reported by: gallatin (AES-GCM using plain software on amd64)
Reviewed by: gallatin, ngie, emaste
Differential Revision: https://reviews.freebsd.org/D41539

libcrypto: add rsa_depr.c to the build

It provides the RSA_generate_key function, which is deprecated as of
3.0 but is used by various ports.

Reviewed by: kbowling
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41506

libcrypto: add err_all_legacy.c to the build

It provides the ERR_load_*_strings routines, which are deprecated as of
3.0 but are used by various ports.

PR: 272580
Reviewed by: kbowling
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41505

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

pkgbase: reorganise caroot and openssl packages

This splits out the certctl utility into a new certctl package and the
openssl libs into an openssl-lib package.

PR: 272816
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D41321

openssl: include d2i_KeyParams() and d2i_KeyParams_bio()

These functions are new, and some ports (e.g.opensc) expect to have them
available. Add the file they're defined in to the build, and add them
to Version.map.

PR: 270076
Reviewed by: markj, emaste, pierre
Fixes: b077aed33b7b ("Merge OpenSSL 3.0.9")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40914

libcrypto: group definitions for libcrypto and fips

OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change makes sure the FIPS module matches build instructions used for
libcrypto.

Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787

libcrypto: build nistp* on all little-endian 64-bit targets

libcrypto intends to provide these routines on little-endian 64-bit
targets. This was previously done by including them in the ASM_aarch64
and ASM_amd64 blocks in the Makefile, but this excluded powerpc64le and
riscv64.

Reported by: ci.freebsd.org
Reviewed by: jrtc27
Fixes: b077aed33b7b ("Merge OpenSSL 3.0.9")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40749

OpenSSL: Merge OpenSSL 1.1.1u

OpenSSL: Merge OpenSSL 1.1.1t

openssl: install pc files

most programs in ports are looking for .pc files in order to get the
necessary information on how to compile and link against openssl.

The ports now also has a way to hide or force a path for pkgconf.

Providing .pc files along with openssl in base will allow (once all
the supported version of FreeBSD has it) so improve the framework to
deal with openssl in base vs openssl in ports (and libressl)

This will also greatly reduce the number of patches necessary to
workaround the build systems which only knows how to detect where
openssl is installed via pkgconf.

PR: 266051
MFC After: 3 weeks
Reviewed by: jkim, delphij
Exp-run by: antoine
Differential Revision: https://reviews.freebsd.org/D36360

libcrypto: Work around strict aliasing violations in bn_nist.c

This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:

root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key is not a key file.
root@unmatched:/usr/src # git fetch
fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve

Reviewed by: dim, jkim
Obtained from: CheriBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35885

Add assembly optimized code for OpenSSL on powerpc, powerpc64 and powerpc64le

Summary:
1. https://github.com/openssl/openssl/commit/34ab13b7d8e3e723adb60be8142e38b7c9cd382a
needs to be merged for ELFv2 support on big-endian.
2. crypto/openssl/crypto/ppccap.c needs to be patched.
Same reason as in https://github.com/openssl/openssl/pull/17082.

Approved by: jkim, jhibbits
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D33076

pkgbase: Put openssl in its own package

This is useful for upgrade and also to make tiny jail so they won't
depend on FreeBSD-utilities (where openssl was packaged before).

MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30081

OpenSSL: Support for kernel TLS offload (KTLS)

This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.

Note that TLS 1.3 only supports TX offload.

A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support. It defaults to enabled on amd64 and disabled on all
other architectures.

Reviewed by: jkim (earlier version)
Approved by: secteam
Obtained from: OpenSSL (patches from master)
MFC after: 1 week
Relnotes: yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D28273

Move generated OpenSSL assembly routines into the kernel sources.

Sponsored by: Netflix

Install man5 and man7 for OpenSSL.

Note config.5 and crypto.7 are not installed because we have conflicts.

Requested by: phk
MFC after: 1 month

pkgbase: Put a lot of binaries and lib in FreeBSD-runtime

All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.

Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21503

Enable devcryptoeng for OpenSSL.

Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been
deprecated in favor of this new engine. However, this engine is not
throughly tested on FreeBSD because it was originally written for Linux.

http://cryptodev-linux.org/

Also, the author actually meant to enable it by default on BSD platforms but
he failed to do so because there was a bug in the Configure script.

https://github.com/openssl/openssl/pull/7882

Now they found that it was more generic issue.

https://github.com/openssl/openssl/pull/7885

Therefore, we need to enable this engine on head to give it more exposure.

Bump base OpenSSL libraries versions to avoid conflict with port's libraries.

Reported by: many
Reviewed by: gjb
Sponsored by: The FreeBSD Foundation
MFC after: 3 hours

libcrypto: have buildinf.h depend on Makefile

So that it will be regenerated after Makefile changes affecting the
file's content - specifically, the OpenSSL 1.1.1 update adds a DATE
macro which did not exist previously.

Sponsored by: The FreeBSD Foundation

Make it more meta mode friendly.

Fix CLEANFILES.

Connect an assembly file for aarch64 to build.

Add missing ACFLAGS for aarch64.

Add a missing source file for SHA.

Add another include directory for aarch64 and arm.

Connect assembly files for arm to build.

Connect assembly files for aarch64 to build.

Unify opensslconf.h templates.

There is no MD macro in this file any more.

Sort assembly source files for i386.

Connect i386 assembly files to build.

Link libcrypto with pthread.

Remove an obsolete compiler option.

Build libcrypto for amd64.

Add OpenSSL symbol version maps.

Note the files are not automatically generated for now.

Update shlib version to 9.

Prefer ACFLAGS over CFLAGS for compiling aarch64 assembly files.

Build OpenSSL assembly sources for aarch64. Tested with ThunderX by andrew.

Build OpenSSL assembly sources for arm. Tested with Raspberry Pi 2 Model B.

MFC after: 1 week

Disable assembly sources when compiler/assembler cannot compile certain
instructions. For example, GCC 4.2.1 + binutils 2.17.50 does not support
AVX instructions.

Reported by: bde
MFC after: 2 weeks

Enable linker error if libcrypto.so contains a relocation against text. It
is position independent on all platforms since r299389.

Submitted by: kib

Make libcrypto.so position independent on i386.

Revert r299139: these are generated files

We'll need to properly generate PIC/non-PIC from the source .pl files.

Reported by: jkim

Make libcrypto position independent on i386

Prior to this change libcrypto ended up with a .text relocation.

Submitted by: Rafael Espíndola (earlier version)
Reviewed by: kib
Approved by: so (glebius)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D6164

Fix a typo. I did not mean it, really.

Clean up OpenSSL makefiles.

Replace afterinstall: hack from r111083 with 'make delete-old' functionality.

Sponsored by: EMC / Isilon Storage Division

Revert r284417 it is not necessary anymore

Enforce overwritting SHLIBDIR

Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by: many

Update buildinf.h to make SSLeay_version(3) little bit more useful.

MFC after: 1 week

Add a ${CP} alias for copying files in the build.

Some users build FreeBSD as non-root in Perforce workspaces. By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories. Bare use of
'cp' should be avoided in the future.

Update all current users of 'cp' in the src tree.

Reviewed by: emaste
MFC after: 1 week
Sponsored by: Spectra Logic

Remove references to MK_IDEA.

As of r249959, we want to build with IDEA support enabled
unconditionally. As this change removed the MK_IDEA flag, update these
Makefiles accordingly.

Force linker error when created shared library contains a relocation
against text. Provide the override switch to turn off the strict
behaviour. Apparently, openssl libcrypto needs it due to assembler
code not being PIC.

Discussed with: bf
MFC after: 2 weeks

Fix some leftover binaries and shared libraries in the system that still
have an executable stack, due to linking in hand-assembled .S or .s
files, that have no .GNU-stack sections:

RWX --- --- /lib/libcrypto.so.6
RWX --- --- /lib/libmd.so.5
RWX --- --- /lib/libz.so.6
RWX --- --- /lib/libzpool.so.2
RWX --- --- /usr/lib/liblzma.so.5

These were found using scanelf, from the sysutils/pax-utils port.

Reviewed by: kib

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Repair some build breakage introduced in r211725 and garbage collect some
code made obsolete in the same commit.

MFtbemd:

Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.

Fix buildworld -DNO_CLEAN when using with Perforce, which marks files as
read-only by default, meaning files copied can't be overwritten next time.

Reviewed by: imp
Approved by: ken (mentor)

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by: kib
Approved by: re (rwatson)

Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl),
roberto (ntp), jkim (acpica)
Approved by: re (kib)

Update build infrastructure for OpenSSL 0.9.8k.

- Import the HEAD csup code which is the basis for the cvsmode work.

Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after: 1 month

Upgrade to OpenSSL 0.9.8e.

Upgrade to OpenSSL 0.9.8d.

Upgrade to OpenSSL 0.9.8b.

Clean generated headers.

Provide alternate default for SHLIBDIR before bsd.own.mk does this.

Reported by: phk

Reimplementation of world/kernel build options. For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)

Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by: ru
Approved by: re (not needed for commit check but in principle...)

Update OpenSSL 0.9.7d -> 0.9.7e.

Define PLATFORM correctly when cross-building.

NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE

For variables that are only checked with defined(), don't provide
any fake value.

Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.

Turn MAKE_IDEA into a true "bool" type variable, as documented in
the make.conf(5) manpage.

PR: conf/65738
OK'ed by: markm

Turn on the amd64-specific bignum code in openssl. This is actually
a variant of the C code but with some scattered asm and things laid out
more optimally for the platform. This means that we need to the asm
directory to the search path for the amd64 case so that make can find
the source.

Re-add the hand-optimised assembler versions of some of the ciphers
to the build.

Should have done this ages ago: markm
Reminded above to do this: peter

Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.

Ugg, wrong version.
CSTD=gnu89, c89 wont do.

This isn't C99 clean.

Silence `make -s' (echo -> ${ECHO}).

Back out rev 1.60, taking the pointy hat away from nectar as 'rm -f'
doesn't need to be prefixed with '-'. Keep the pointy hat for myself
for not reading the code closely.

Don't error out the build if removing a "stale" symlink fails.

Pointy hat for breaking my installworld: nectar

Handle includes the normal way.

Reviewed by: markm
Approved by: nectar

LIBDIR/INCLUDEDIR do not include DESTDIR.

Reported by: Andrzej Tobola <san@iem.pw.edu.pl>

Follow-up to previous commit: we had a des.h symlink, too. Remove
that.

Previously, libcrypto contained symbols that were identical to EAY
libdes, and functionally close enough so that we created symlinks
(libdes -> libcrypto) to help older applications. With the import of
OpenSSL 0.9.7, this is no longer true and we no longer install these
symlinks. However, systems that are upgraded may have these symlinks,
which could cause non-obvious breakage at build-time. Therefore, blow
any old symlinks away in the `afterinstall' target.

Install the OpenSSL man pages in /usr/share/openssl/man
and remove the WANT_OPENSSL_MANPAGES knob.

Background:
When libdes was replaced with OpenSSL's libcrypto, there were a few
interfaces that the former implemented but the latter did not. Because
some software in the base system still depended upon these interfaces,
we simply included them in our libcrypto (rnd_keys.c).

Now, finally get around to removing the dependencies on these
interfaces. There were basically two cases:

des_new_random_key -- This is just a wrapper for des_random_key, and
these calls were replaced.

des_init_random_number_generator et. al. -- A few functions were used
by the application to seed libdes's PRNG. These are not necessary
when using libcrypto, as OpenSSL internally seeds the PRNG from
/dev/random. These calls were simply removed.

Again, some of the Kerberos 4 files have been taken off the vendor
branch. I do not expect there to be future imports of KTH Kerberos 4.

Re-add WANT_OPENSSL_MANPAGES knob.

Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.

Remove myself as maintainer of openssl; I no longer have enough time to
devote to it.

Style sync with rest of FreeBSD.

Don't lint contrib'ed sources, even if the builder has asked for linting.
Its Just Too Noisy.

Update list of installed manual pages after regenerating them.

s,/usr/include,${INCLUDEDIR},

Build using pregenerated manpages; don't use perl to translate .pod's.
The translated .pod's have already been committed.

Added new bsd.incs.mk which handles installing of header files
via INCS. Implemented INCSLINKS (equivalent to SYMLINKS) to
handle symlinking include files. Allow for multiple groups of
include files to be installed, with the powerful INCSGROUPS knob.
Documentation to follow.

Added standard `includes' and `incsinstall' targets, use them
in Makefile.inc1. Headers from the following makefiles were
not installed before (during `includes' in Makefile.inc1):

kerberos5/lib/libtelnet/Makefile
lib/libbz2/Makefile
lib/libdevinfo/Makefile
lib/libform/Makefile
lib/libisc/Makefile
lib/libmenu/Makefile
lib/libmilter/Makefile
lib/libpanel/Makefile

Replaced all `beforeinstall' targets for installing includes
with the INCS stuff.

Renamed INCDIR to INCSDIR, for consistency with FILES and SCRIPTS,
and for compatibility with NetBSD. Similarly for INCOWN, INCGRP,
and INCMODE.

Consistently use INCLUDEDIR instead of /usr/include.

gnu/lib/libstdc++/Makefile and gnu/lib/libsupc++/Makefile changes
were only lightly tested due to the missing contrib/libstdc++-v3.
I fully tested the pre-WIP_GCC31 version of this patch with the
contrib/libstdc++.295 stuff.

These changes have been tested on i386 with the -DNO_WERROR "make
world" and "make release".

Pre-generate the optimized x86 crypto code and check it in rather than
depending on perl at build time. Makefile.asm is a helper for after the
next import.

With my cvs@ hat on, the relatively small repo cost of this is acceptable,
especially given that we have other (much bigger) things like
lib*.so.gz.uu checked in under src/lib/compat/*.

Reviewed by: kris (maintainer)

Install headers with -C. Ideally, these Makefiles should not need to
override the beforeinstall target at all, but this has proven difficult
to achieve.

Fixed some style bugs. Mainly, don't use ${.ALLSRC} in implicit rules.
This change should have been in rev.1.37.

Use NO_PERL as well as NOPERL. The latter is going to (eventually) go.

Update list of manpages

Update for OpenSSL 0.9.6a

MFC after: 2 weeks

secure/ build fixes:

- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a
in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
New LIBSSH is introduced for libssh.a (an internal static lib).
Previously, build without prior `obj' was broken; SSH modules
always looked for libssh.a in ${.OBJDIR}. Also, the dependancies
on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
/usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by: markm

- MAN[1-9] -> MAN.

Attempt to fix the problem with -j builds, and du-uglify the asm code
generation and assembly targets.

Help from: bde, obrien

MFS: Belatedly bump SHLIB_MAJOR corresponding to OpenSSL 0.9.6

Install the des.h link under ${DESTDIR}. Fixes buildworld.

Submitted by: Christian Weisgerber <naddy@mips.inka.de>

Clean up the installation of the compatibility libdes header/library
symlinks

Pointed out by: bde

Don't override CPUTYPE (actually this predates the <bsd.cpu.mk> use of
CPUTYPE, and I forgot I used it here already)

Pointed out by: bde

Update the list of OpenSSL manpages (now contains many more describing
libssl, for example), and hide it behind a make.conf option,
WANT_OPENSSL_MANPAGES, instead of having it commented out. We still can't
install these by default because of clobbering of a number of system
manpages with the same name, but they're there for people who want them.

Add back a missing file from the no-asm case

Submitted by: gallatin

Remove a remnant of my attempt to get alpha asm code working. OpenSSL
does include code for the alpha, but as far as I can tell, it is
non-functional (e.g. it's not even compiled by the native openssl build on
the alpha).

Noticed by: gallatin

Introduce support for using OpenSSL ASM optimizations. This is done
through the use of a new build directive, MACHINE_CPU, which contains a
list of the CPU generations/features for which optimizations are desired.
This feature will be extended to cover the ports tree in the future.

Currently OpenSSL provides optimizations for i386, i586 and i686-class
CPUs. Currently it has not been tested on an i386 or i486.

Teach make(1) to provide sensible defaults for MACHINE_CPU if it is not
defined (namely, the lowest common denominator CPU we support for each
architecture). Currently this is i386 for the i386 architecture and ev4
for the alpha. sys.mk also sets the variable as a last resort for
consistency with MACHINE_ARCH and bootstrapping from very old versions of
make.

Benchmarks show a significant speed increase even in the i386 case, with
additional improvements for i586 and i686 systems. For maximum performance
define MACHINE_CPU=i686 i586 i386 in /etc/make.conf.

Based on a patch submitted by: Mike Silbersack <silby@silby.com>
Reviewed by: current

Fixed a typo from the last commit.

Submitted by: Mike Heffner <mheffner@vt.edu>

Correct some fallout from the semi-automated way I updated the makefile.

Submitted by: roberto

Update for OpenSSL 0.9.6

Overhaul of the build-time include file generation. Don't break in evp.h
if bootstrapping from a system on which the openssl headers are not
already present.

Nuke RSAREF support from orbit.

It's the only way to be sure.

Make the temporary file _evp.h instead of evp.h to not conflict with
the real evp.h.

Reported by: markm

Generate a new evp.h at build-time instead of install-time to properly
support NFS(ro) installworlds.

Unbreak the OpenSSL headers for those of us who don't/can't use IDEA by
getting rid of the check for NO_IDEA (in evp.h) completely if it's
installed without MAKE_IDEA=YES.

Be consistant about WITH_ vs MAKE_ flags. We have a precedent of using
MAKE_foo for things like MAKE_KERBEROS etc. Use that. I managed to
confuse myself last time and made make.conf different to the code. ;-(

Reported by: Jun Kuriyama <kuriyama@FreeBSD.org>

MFI. This is a documentation-only, diffreducing patch, that if
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.

Update for OpenSSL 0.9.5a and clean up a bit.

* Fix dependancies so that ``make depend'' is not required.
* Some style fixes

Approved by: kris

Resurrect the old libdes manpages (after a repo copy) until we have better
ones.

MFI: stupid typo of mine.

New distribution names.

Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)

Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.

Merge from internat.freebsd.org; make RSAREF=YES work correctly, although
this is not very useful as the US repo is missing bits.

Fold libRSAglue into libcrypto so we don't have to special-case
all the builds. There is still no actual RSA implementation code
in libcrypto or src/* on US code trees.

Sync with internat; delete a trailing space

Build everything properly. This means:

o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.

Freefall/Internat diff reducer.

Move the rsaref gunk to libRSAglue where ports expect it.

*** empty log message ***

Add MAINTAINER tag so people don't feel the need to randomly frob with this.

Build infrastructure for OpenSSL