Remove obsolete OpenSSL hacks for IDEA crypto.

We have some hacks in the ports tree to detect or to unconditionally disable
IDEA crypto support.  These hacks existed because OpenSSL in FreeBSD 9.3 and
earlier was shipped without IDEA support by default but we were allowed to
enable it via WITH_IDEA src.conf(5) option.

https://www.freebsd.org/cgi/man.cgi?query=src.conf&manpath=FreeBSD+9.3-RELEASE

Therefore, we had to implement some hacks to support three different cases,
i.e., a) 9.3 and earlier without IDEA crypto (default), b) 9.3 and earlier
with IDEA crypto (via WITH_IDEA src.conf option), and c) 10.0 and later with
unconditional IDEA support.  Now we can safely remove them because 9.3 and
earlier is no longer supported.

PR:		218233
Exp-Run by:	antoine
Approved by:	antoine (portmgr)

Mk/Uses/ssl.mk

@@ -64,24 +64,6 @@ check-depends::
 	@${FALSE}
 .  endif
 
-# OpenSSL in the base system may not include IDEA for patent licensing reasons.
-.  if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA)
-OPENSSL_IDEA=		${MAKE_IDEA}
-.  else
-OPENSSL_IDEA?=		NO
-.  endif
-
-.  if ${OPENSSL_IDEA} == "NO"
-# XXX This is a hack to work around the fact that /etc/make.conf clobbers
-#     our CFLAGS. It might not be enough for all future ports.
-.    if defined(HAS_CONFIGURE)
-CFLAGS+=		-DNO_IDEA
-.    else
-OPENSSL_CFLAGS+=	-DNO_IDEA
-.    endif
-MAKE_ARGS+=		OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
-.  endif
-
 .else # ${SSL_DEFAULT} != base
 
 OPENSSLBASE=		${LOCALBASE}

net/pipsecd/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	pipsecd
 PORTVERSION=	19991014
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	net security
 MASTER_SITES=	http://perso.telecom-paristech.fr/~beyssac/pipsec/ \
 		http://www.komquats.com/distfiles/

net/pipsecd/files/patch-tunip.c

@@ -9,13 +9,7 @@
  #include <netinet/in_systm.h>
  #include <netinet/in.h>
  #include <netinet/ip.h>
-@@ -54,12 +56,14 @@
- #include <blowfish.h>
- #include <cast.h>
- #include <des.h>
-+#ifndef NO_IDEA
- #include <idea.h>
-+#endif
+@@ -58,8 +60,8 @@
  
  #include "defs.h"
  
@@ -26,7 +20,7 @@
  #define _PATH_DEV_RANDOM	"/dev/random"
  
  #ifdef USE_ETHERTAP
-@@ -100,6 +104,7 @@ struct ethtap_header ethtap;
+@@ -100,6 +102,7 @@ struct ethtap_header ethtap;
  #endif
  
  unsigned char buf[MAX_HEADER+MAX_PACKET];
@@ -34,7 +28,7 @@
  
  typedef union {
      MD5_CTX md5;
-@@ -124,14 +129,16 @@ typedef struct hash_method {
+@@ -124,11 +127,11 @@ typedef struct hash_method {
  
  typedef union {
      BF_KEY bf;
@@ -49,49 +43,8 @@
 +	DES_key_schedule k3;
      } des3;
      CAST_KEY cast;
-+#ifndef NO_IDEA
      IDEA_KEY_SCHEDULE idea;
-+#endif
- } crypt_key;
- 
- typedef struct crypt_method {
-@@ -304,12 +311,14 @@ void cast_cbc_encrypt(unsigned char *iv,
- void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
- 		      unsigned char *ct, unsigned int len);
- int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
-+#ifndef NO_IDEA
- void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
- 			 unsigned char *t, unsigned int len);
- void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk,
- 			 unsigned char *ct, unsigned int len);
- int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
- int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
-+#endif
- void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
- 			unsigned char *t, unsigned int len);
- void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
-@@ -379,14 +388,20 @@ hash_method_t hash_ripemd160 = {
- 
- hash_method_t *hash_list = &hash_ripemd160;
- 
-+#ifndef NO_IDEA
- crypt_method_t crypt_idea = {
-     NULL,
-     "idea_cbc", 8, 8,
-     my_idea_cbc_encrypt, my_idea_cbc_decrypt,
-     my_idea_set_encrypt_key, my_idea_set_decrypt_key
- };
-+#endif
- crypt_method_t crypt_cast = {
-+#ifndef NO_IDEA
-     &crypt_idea,
-+#else
-+    NULL,
-+#endif
-     "cast_cbc", 8, 8,
-     cast_cbc_encrypt, cast_cbc_decrypt,
-     cast_setkey, cast_setkey
-@@ -704,13 +719,22 @@ void tun_new(struct tun_method *this,
+@@ -704,13 +707,22 @@ void tun_new(struct tun_method *this,
   */
  int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd)
  {
@@ -115,7 +68,7 @@
      sent = write(fd, encap->buf, encap->buflen);
      if (sent != encap->buflen)
          syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent);
-@@ -1120,6 +1144,7 @@ void config_read(FILE *cf)
+@@ -1120,6 +1132,7 @@ void config_read(FILE *cf)
  	    }
  	} else if (strcmp(arg, "if") == 0) {
  	    int fd;
@@ -123,7 +76,7 @@
  	    struct sa_desc *local_sa, *remote_sa;
  	    struct peer_desc *peer;
  
-@@ -1128,6 +1153,7 @@ void config_read(FILE *cf)
+@@ -1128,6 +1141,7 @@ void config_read(FILE *cf)
  		perror(arg);
  		continue;
  	    }
@@ -131,20 +84,7 @@
  
  	    local_sa = NULL;
  	    remote_sa = NULL;
-@@ -1974,6 +2000,7 @@ int cast_setkey(unsigned char *b, unsign
-     return 0;
- }
- 
-+#ifndef NO_IDEA
- void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
- 			 unsigned char *t, unsigned int len)
- {
-@@ -2002,11 +2029,12 @@ int my_idea_set_decrypt_key(unsigned cha
-     idea_set_decrypt_key(&k->idea, &k->idea);
-     return 0;
- }
-+#endif
- 
+@@ -2006,7 +2020,7 @@ int my_idea_set_decrypt_key(unsigned cha
  void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
  			unsigned char *t, unsigned int len)
  {
@@ -153,7 +93,7 @@
  }
  
  void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
-@@ -2018,7 +2046,7 @@ void my_des_cbc_decrypt(unsigned char *i
+@@ -2018,7 +2032,7 @@ void my_des_cbc_decrypt(unsigned char *i
      for (i = 0; i < len; i++) printf(" %02x", ct[i]);
      printf("\n");
  #endif
@@ -162,7 +102,7 @@
  #if 0
      printf("%d bytes after decrypt\n", len);
      for (i = 0; i < len; i++) printf(" %02x", ct[i]);
-@@ -2029,23 +2057,23 @@ void my_des_cbc_decrypt(unsigned char *i
+@@ -2029,23 +2043,23 @@ void my_des_cbc_decrypt(unsigned char *i
  int my_des_setkey(unsigned char *b, unsigned int len, crypt_key *k)
  {
      if (len == 8)
@@ -191,7 +131,7 @@
  			 iv, DES_DECRYPT);
  }
  
-@@ -2054,11 +2082,11 @@ int my_des3_setkey(unsigned char *b, uns
+@@ -2054,11 +2068,11 @@ int my_des3_setkey(unsigned char *b, uns
      if (len != 24)
  	return -1;
  
@@ -206,7 +146,7 @@
  	return -1;
  
      return 0;
-@@ -2081,6 +2109,11 @@ int null_setkey(unsigned char *b, unsign
+@@ -2081,6 +2095,11 @@ int null_setkey(unsigned char *b, unsign
      return 0;
  }
  
@@ -218,7 +158,7 @@
  int main(int argc, char **argv)
  {
      time_t t;
-@@ -2088,9 +2121,14 @@ int main(int argc, char **argv)
+@@ -2088,9 +2107,14 @@ int main(int argc, char **argv)
      int pack, i;
      struct sockaddr_in from;
      struct stat sb;
@@ -233,7 +173,7 @@
      openlog ("pipsecd", LOG_PID, LOG_DAEMON);
      syslog (LOG_NOTICE, "pipsecd starting");
  
-@@ -2113,7 +2151,21 @@ int main(int argc, char **argv)
+@@ -2113,7 +2137,21 @@ int main(int argc, char **argv)
      if (encap_icmp_new(&encap_meth[ENCAP_ICMP], IPPROTO_ICMP) == -1)
  	exit(1);
  
@@ -256,7 +196,7 @@
      if (f == NULL) {
  	perror("configuration file");
  	exit(1);
-@@ -2123,8 +2175,8 @@ int main(int argc, char **argv)
+@@ -2123,8 +2161,8 @@ int main(int argc, char **argv)
      fclose(f);
  
      /* Execute startup script, if any */

security/netpgp/Makefile

@@ -18,8 +18,5 @@ INSTALL_TARGET=	install-strip
 CPPFLAGS+=	-I${OPENSSLINC}
 CFLAGS+=	-I${OPENSSLINC} -Wno-error
 LDFLAGS+=	-L${OPENSSLLIB}
-.if !exists(${OPENSSLINC}/openssl/idea.h)
-CFLAGS+=	-DOPENSSL_NO_IDEA
-.endif
 
 .include <bsd.port.post.mk>

security/py-pow/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	pow
 PORTVERSION=	0.7
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security python
 MASTER_SITES=	SF/${PORTNAME}/POW/POW-${PORTVERSION}
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
@@ -26,7 +26,7 @@ post-patch:
 	@${REINPLACE_CMD} -e 's|licence|license|' ${WRKSRC}/setup.py
 
 do-build:
-	cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_IDEA -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
+	cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
 
 post-install:
 	@${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/POW/_POW.so