From 41e8e5da52c4edbf9243ecf5e05fafd63cef964a Mon Sep 17 00:00:00 2001
From: Kris Kennaway <kris@FreeBSD.org>
Date: Fri, 14 Jan 2000 05:49:29 +0000
Subject: [PATCH] Build infrastructure for OpenSSL

---
 secure/lib/libcrypto/Makefile            | 217 +++++++++++++++++++++++
 secure/lib/libcrypto/Makefile.inc        |  22 +++
 secure/lib/libcrypto/opensslconf-alpha.h | 144 +++++++++++++++
 secure/lib/libcrypto/opensslconf-amd64.h | 144 +++++++++++++++
 secure/lib/libcrypto/opensslconf-i386.h  | 144 +++++++++++++++
 secure/lib/libssl/Makefile               |  62 +++++++
 secure/usr.bin/openssl/Makefile          |  29 +++
 7 files changed, 762 insertions(+)
 create mode 100644 secure/lib/libcrypto/Makefile
 create mode 100644 secure/lib/libcrypto/Makefile.inc
 create mode 100644 secure/lib/libcrypto/opensslconf-alpha.h
 create mode 100644 secure/lib/libcrypto/opensslconf-amd64.h
 create mode 100644 secure/lib/libcrypto/opensslconf-i386.h
 create mode 100644 secure/lib/libssl/Makefile
 create mode 100644 secure/usr.bin/openssl/Makefile

diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
new file mode 100644
index 000000000000..1b751b989bf5
--- /dev/null
+++ b/secure/lib/libcrypto/Makefile
@@ -0,0 +1,217 @@
+# $FreeBSD$
+
+.include "Makefile.inc"
+
+LIB=		crypto
+SHLIB_MAJOR=	1
+
+LCRYPTO_SRC=	${.CURDIR}/../../../crypto/openssl/crypto
+
+# base sources
+SRCS+=	cryptlib.c mem.c cversion.c ex_data.c cpt_err.c	tmdiff.c
+
+# asn1
+SRCS+=	a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \
+	a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c a_meth.c \
+	a_object.c a_octet.c a_print.c a_set.c a_sign.c a_time.c a_type.c \
+	a_utctm.c a_utf8.c a_verify.c a_vis.c asn1_err.c asn1_lib.c \
+	asn1_par.c asn_pack.c d2i_dhp.c d2i_dsap.c d2i_pr.c d2i_pu.c \
+	d2i_r_pr.c d2i_r_pu.c d2i_s_pr.c d2i_s_pu.c evp_asn1.c f_enum.c \
+	f_int.c f_string.c i2d_dhp.c i2d_dsap.c i2d_pr.c i2d_pu.c \
+	i2d_r_pr.c i2d_r_pu.c i2d_s_pr.c i2d_s_pu.c n_pkey.c nsseq.c \
+	p5_pbe.c p5_pbev2.c p7_dgst.c p7_enc.c p7_enc_c.c p7_evp.c \
+	p7_i_s.c p7_lib.c p7_recip.c p7_s_e.c p7_signd.c p7_signi.c \
+	p8_pkey.c t_crl.c t_pkey.c t_req.c t_x509.c x_algor.c \
+	x_attrib.c x_cinf.c x_crl.c x_exten.c x_info.c x_name.c \
+	x_pkey.c x_pubkey.c x_req.c x_sig.c x_spki.c x_val.c x_x509.c  
+
+# blowfish
+SRCS+=	bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c 
+
+# bio
+SRCS+=	b_dump.c b_print.c b_sock.c bf_buff.c bf_nbio.c bf_null.c \
+	bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c bss_conn.c \
+	bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c  
+
+# bn
+SRCS+=	bn_add.c bn_asm.c bn_blind.c bn_div.c bn_err.c bn_exp.c bn_exp2.c \
+	bn_gcd.c bn_lib.c bn_mont.c bn_mpi.c bn_mul.c bn_prime.c \
+	bn_print.c bn_rand.c bn_recp.c bn_shift.c bn_sqr.c bn_word.c  
+
+# buffer
+SRCS+=	buf_err.c buffer.c 
+
+# cast
+SRCS+=	c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c
+
+# comp
+SRCS+=	c_rle.c c_zlib.c comp_lib.c
+
+# conf
+SRCS+=	conf.c conf_err.c
+
+# des
+SRCS+=	cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c des_enc.c \
+	ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c enc_writ.c \
+	fcrypt.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c ofb_enc.c \
+	pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c read_pwd.c rpc_enc.c \
+	set_key.c str2key.c supp.c xcbc_enc.c
+
+# dh
+SRCS+=	dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c
+
+# dsa
+SRCS+=	dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_sign.c \
+	dsa_vrf.c 
+
+# err
+SRCS+=	err.c err_all.c err_prn.c
+
+# evp
+SRCS+=	bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c digest.c e_cbc_3d.c \
+	e_cbc_bf.c e_cbc_c.c e_cbc_d.c e_cbc_i.c e_cbc_r2.c e_cbc_r5.c \
+	e_cfb_3d.c e_cfb_bf.c e_cfb_c.c e_cfb_d.c e_cfb_i.c e_cfb_r2.c \
+	e_cfb_r5.c e_ecb_3d.c e_ecb_bf.c e_ecb_c.c e_ecb_d.c e_ecb_i.c \
+	e_ecb_r2.c e_ecb_r5.c e_null.c e_ofb_3d.c e_ofb_bf.c e_ofb_c.c \
+	e_ofb_d.c e_ofb_i.c e_ofb_r2.c e_ofb_r5.c e_rc4.c e_xcbc_d.c \
+	encode.c evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c \
+	evp_pkey.c m_dss.c m_dss1.c m_md2.c m_md5.c m_mdc2.c m_null.c \
+	m_ripemd.c m_sha.c m_sha1.c names.c p5_crpt.c p5_crpt2.c p_dec.c \
+	p_enc.c p_lib.c p_open.c p_seal.c p_sign.c p_verify.c 
+
+# hmac
+SRCS+=	hmac.c
+
+# lhash
+SRCS+=	lh_stats.c lhash.c
+
+# md2
+SRCS+=	md2_dgst.c md2_one.c
+
+# md5
+SRCS+=	md5_dgst.c md5_one.c
+
+# mdc2
+SRCS+=	mdc2dgst.c mdc2_one.c
+
+# objects
+SRCS+=	o_names.c obj_dat.c obj_err.c obj_lib.c
+
+# pem
+SRCS+=	pem_all.c pem_err.c pem_info.c pem_lib.c pem_seal.c pem_sign.c
+
+# pkcs7
+SRCS+=	pk7_doit.c pk7_lib.c pkcs7err.c
+
+# pkcs12
+SRCS+=	p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
+	p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c \
+	p12_sbag.c p12_utl.c pk12err.c
+
+# rand
+SRCS+=	md_rand.c rand_lib.c randfile.c
+
+# rc2
+SRCS+=	rc2_cbc.c rc2cfb64.c rc2_ecb.c rc2ofb64.c rc2_skey.c 
+
+# rc4
+SRCS+=	rc4_enc.c rc4_skey.c
+
+# rc5
+SRCS+=	rc5cfb64.c rc5_ecb.c rc5_enc.c rc5ofb64.c rc5_skey.c 
+
+# ripemd
+SRCS+=	rmd_dgst.c rmd_one.c
+
+# rsaref
+.if defined(RSAREF) && ${RSAREF} == YES
+SRCS+=	rsar_err.c rsaref.c
+.endif
+
+# sha
+SRCS+=	sha_dgst.c sha_one.c sha1_one.c sha1dgst.c
+
+# stack
+SRCS+=	stack.c
+
+# txt_db
+SRCS+=	txt_db.c
+
+# x509
+SRCS+=	by_dir.c by_file.c x509_cmp.c x509_d2.c x509_def.c x509_err.c \
+	x509_ext.c x509_lu.c x509_obj.c x509_r2x.c x509_req.c x509_set.c \
+	x509_txt.c x509_v3.c x509_vfy.c x509name.c x509rset.c x509type.c \
+	x_all.c
+
+# x509v3
+SRCS+=	v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c \
+	v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_int.c \
+	v3_lib.c v3_pku.c v3_prn.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c
+
+HDRS=	asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \
+	buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \
+	des/des.h dh/dh.h dsa/dsa.h ../e_os.h ../e_os2.h ebcdic.h \
+	err/err.h evp/evp.h hmac/hmac.h lhash/lhash.h md2/md2.h \
+	md5/md5.h mdc2/mdc2.h objects/objects.h opensslv.h pem/pem.h \
+	pem/pem2.h pkcs12/pkcs12.h pkcs7/pkcs7.h rand/rand.h rc2/rc2.h \
+	rc4/rc4.h rc5/rc5.h ripemd/ripemd.h stack/safestack.h \
+	sha/sha.h stack/stack.h tmdiff.h txt_db/txt_db.h x509/x509.h \
+	x509/x509_vfy.h x509v3/x509v3.h
+
+.if defined(RSAREF) && ${RSAREF} == YES
+HDRS+=	rsa/rsa.h ../rsaref/rsaref.h 
+.endif
+
+beforedepend: ${.OBJDIR}/obj_dat.h ${.OBJDIR}/buildinf.h \
+	${.OBJDIR}/openssl/opensslconf.h headers
+
+DPADD+=	${.OBJDIR}/obj_dat.h ${.OBJDIR}/buildinf.h ${.OBJDIR}/openssl/opensslconf.h
+
+CLEANFILES+=	${.OBJDIR}/obj_dat.h ${.OBJDIR}/buildinf.h
+CLEANDIRS+=	${.OBJDIR}/openssl
+
+${.OBJDIR}/obj_dat.h:	${LCRYPTO_SRC}/objects/obj_dat.pl
+	perl ${LCRYPTO_SRC}/objects/obj_dat.pl < ${LCRYPTO_SRC}/objects/objects.h > ${.OBJDIR}/obj_dat.h
+
+${.OBJDIR}/buildinf.h:
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+	echo "  #define CFLAGS \"$(CC)\""; \
+	echo "  #define PLATFORM \"`uname -s`-`uname -m`\""; \
+	echo "  #define DATE \"`date`\""; \
+	echo "#endif" ) > ${.OBJDIR}/buildinf.h
+
+${.OBJDIR}/openssl/opensslconf.h: opensslconf-${MACHINE_ARCH}.h
+	@test -d ${.OBJDIR}/openssl || mkdir -p ${.OBJDIR}/openssl; \
+	cp ${.OODATE} ${.TARGET}
+
+headers:
+	@test -d ${.OBJDIR}/openssl || mkdir -p ${.OBJDIR}/openssl; \
+	for i in ${HDRS}; do \
+		${INSTALL} ${COPY} -m 444 ${LCRYPTO_SRC}/$$i \
+			${.OBJDIR}/openssl; \
+	done
+
+beforeinstall: ${.OBJDIR}/openssl/opensslconf.h
+	for i in ${HDRS}; do \
+		${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
+			${LCRYPTO_SRC}/$$i ${DESTDIR}/usr/include/openssl; \
+	done; \
+	${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
+		${.OBJDIR}/openssl/opensslconf.h ${DESTDIR}/usr/include/openssl
+
+.PATH:	${LCRYPTO_SRC} ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/bf \
+	${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/buffer \
+	${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/conf \
+	${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/dsa \
+	${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/evp ${LCRYPTO_SRC}/hmac \
+	${LCRYPTO_SRC}/lhash ${LCRYPTO_SRC}/md2 ${LCRYPTO_SRC}/md5 \
+	${LCRYPTO_SRC}/mdc2 ${LCRYPTO_SRC}/objects ${LCRYPTO_SRC}/pem \
+	${LCRYPTO_SRC}/pkcs7 ${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/rand \
+	${LCRYPTO_SRC}/rc2 ${LCRYPTO_SRC}/rc4 ${LCRYPTO_SRC}/rc5 \
+	${LCRYPTO_SRC}/ripemd ${LCRYPTO_SRC}/rsa ${LCRYPTO_SRC}/../rsaref \
+	${LCRYPTO_SRC}/sha ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/txt_db \
+	${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/x509v3
+
+.include <bsd.lib.mk>
+
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
new file mode 100644
index 000000000000..b6f5e232c275
--- /dev/null
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -0,0 +1,22 @@
+# $FreeBSD$
+
+LCRYPTO_SRC=	${.CURDIR}/../../../crypto/openssl/crypto
+CFLAGS+= -DTERMIOS -DANSI_SOURCE -DNO_IDEA -I${LCRYPTO_SRC} -I${.OBJDIR}
+
+.if ${MACHINE_ARCH} == "i386"
+CFLAGS+= -DL_ENDIAN
+# -DBN_ASM -DSHA1_ASM -DMD5_ASM -DRMD160_ASM - XXX notyet
+CFLAGS+= -DDEVRANDOM=\"/dev/urandom\"
+.else
+.if ${MACHINE_ARCH} == "alpha"
+# no ENDIAN stuff defined for alpha (64-bit)
+.endif
+.endif
+
+.if !defined(RSA_NONCOMMERCIAL) || ${RSA_NONCOMMERCIAL} != YES
+CFLAGS+= -DNO_RSA -DNO_SSL2
+WITH_RSA= NO
+.else
+CFLAGS+= -DRSAref
+RSAREF= YES
+.endif
diff --git a/secure/lib/libcrypto/opensslconf-alpha.h b/secure/lib/libcrypto/opensslconf-alpha.h
new file mode 100644
index 000000000000..03894d577ae2
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-alpha.h
@@ -0,0 +1,144 @@
+/* $FreeBSD$ */
+
+/* crypto/opensslconf.h */
+/* WARNING: This file is autogenerated by Configure */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#define OPENSSL_UNISTD <unistd.h>
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H) && !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+#define RC4_INT unsigned int
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-amd64.h b/secure/lib/libcrypto/opensslconf-amd64.h
new file mode 100644
index 000000000000..03894d577ae2
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-amd64.h
@@ -0,0 +1,144 @@
+/* $FreeBSD$ */
+
+/* crypto/opensslconf.h */
+/* WARNING: This file is autogenerated by Configure */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#define OPENSSL_UNISTD <unistd.h>
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H) && !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+#define RC4_INT unsigned int
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned int
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#define DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h
new file mode 100644
index 000000000000..d80b68fc91de
--- /dev/null
+++ b/secure/lib/libcrypto/opensslconf-i386.h
@@ -0,0 +1,144 @@
+/* $FreeBSD$ */
+
+/* crypto/opensslconf.h */
+/* WARNING: This file is autogenerated by Configure */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/etc/ssl"
+#endif
+#endif
+
+#define OPENSSL_UNISTD <unistd.h>
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H) && !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+#define RC4_INT unsigned int
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#define BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#define RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( i386 )		/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile
new file mode 100644
index 000000000000..f5ca8be667d6
--- /dev/null
+++ b/secure/lib/libssl/Makefile
@@ -0,0 +1,62 @@
+# $FreeBSD$
+
+.include "../libcrypto/Makefile.inc"
+
+LIB=		ssl
+SHLIB_MAJOR=	1
+
+LOPENSSL_SRC= ${.CURDIR}/../../../crypto/openssl/ssl
+
+SRCS=	bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \
+	s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c s3_both.c \
+	s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c s3_srvr.c ssl_algs.c \
+	ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c ssl_err2.c ssl_lib.c \
+	ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c t1_clnt.c t1_enc.c \
+	t1_lib.c t1_meth.c t1_srvr.c 
+
+HDRS=	ssl.h ssl2.h ssl23.h ssl3.h ssl_locl.h tls1.h
+
+CRYPTOHDRS= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \
+	buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \
+	des/des.h dh/dh.h dsa/dsa.h ../e_os.h ../e_os2.h ebcdic.h \
+	err/err.h evp/evp.h hmac/hmac.h lhash/lhash.h md2/md2.h \
+	md5/md5.h mdc2/mdc2.h objects/objects.h opensslv.h pem/pem.h \
+	pem/pem2.h pkcs12/pkcs12.h pkcs7/pkcs7.h rand/rand.h rc2/rc2.h \
+	rc4/rc4.h rc5/rc5.h ripemd/ripemd.h stack/safestack.h \
+	sha/sha.h stack/stack.h tmdiff.h txt_db/txt_db.h x509/x509.h \
+	x509/x509_vfy.h x509v3/x509v3.h
+
+.if defined(RSAREF) && ${RSAREF} == YES
+CRYPTOHDRS+=	rsa/rsa.h ../rsaref/rsaref.h
+.endif
+
+beforedepend:	headers ${.OBJDIR}/openssl/opensslconf.h
+
+DPADD+=	${.OBJDIR}/openssl/opensslconf.h
+
+CLEANDIRS+=	${.OBJDIR}/openssl
+
+${.OBJDIR}/openssl/opensslconf.h: ../libcrypto/opensslconf-${MACHINE_ARCH}.h
+	@test -d ${.OBJDIR}/openssl || mkdir -p ${.OBJDIR}/openssl; \
+	cp ${.OODATE} ${.TARGET}
+
+headers:
+	@test -d ${.OBJDIR}/openssl || mkdir -p ${.OBJDIR}/openssl; \
+	for i in ${HDRS}; do \
+		${INSTALL} ${COPY} -m 444 ${LOPENSSL_SRC}/$$i \
+			${.OBJDIR}/openssl; \
+	done; \
+	for i in ${CRYPTOHDRS}; do \
+		${INSTALL} ${COPY} -m 444 ${LCRYPTO_SRC}/$$i \
+			${.OBJDIR}/openssl; \
+	done
+
+beforeinstall:
+	for i in ${HDRS}; do \
+		${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
+			${LOPENSSL_SRC}/$$i ${DESTDIR}/usr/include/openssl; \
+	done
+
+.PATH:	${LOPENSSL_SRC}
+
+.include <bsd.lib.mk>
diff --git a/secure/usr.bin/openssl/Makefile b/secure/usr.bin/openssl/Makefile
new file mode 100644
index 000000000000..0401cf920b3d
--- /dev/null
+++ b/secure/usr.bin/openssl/Makefile
@@ -0,0 +1,29 @@
+# $FreeBSD$
+
+PROG=	openssl
+
+LDADD=	-lssl -lcrypto
+NOMAN=	noman 
+
+OPENSSL_SRC= ${.CURDIR}/../../../crypto/openssl/apps
+
+CFLAGS+= -DMONOLITH -DNO_IDEA -I${.CURDIR}
+
+.if !defined(RSA_NONCOMMERCIAL) || ${RSA_NONCOMMERCIAL} != YES
+CFLAGS+= -DNO_RSA -DNO_SSL2
+WITH_RSA= NO
+.else
+CFLAGS+= -DRSAref
+LDADD+=	-L/usr/local/lib -lrsaref
+RSAREF= YES
+.endif
+
+SRCS=	apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c dgst.c dh.c \
+	dsa.c dsaparam.c enc.c errstr.c gendh.c gendsa.c genrsa.c \
+	nseq.c openssl.c pkcs12.c pkcs7.c pkcs8.c req.c rsa.c s_cb.c \
+	s_client.c s_server.c s_socket.c s_time.c sess_id.c speed.c \
+	verify.c version.c x509.c
+
+.PATH:	${OPENSSL_SRC}
+
+.include <bsd.prog.mk>