build: remove certctl requirement for host OpenSSL libs on macOS

Some platforms, like macOS, do not expose headers for the system's
libcrypto for public consumption.  libcrypto is relatively heavy and
needs to know, e.g., the host system's endianness, so we scope the build
down to macOS where OpenSSL headers are known to not be present and we
can be reasonably certain that most of the systems today that would be
cross-building are little endian.

We still don't bother if building WITHOUT_OPENSSL since the end result
is expected to be used by OpenSSL, but perhaps we could revisit that
independently in case one, e.g., brings their own implementation.

Reported by:	jrtc27
Reviewed by:	jrtc27, ngie
Fixes:	c340ef28fd ("certctl: Reimplement in C")
Differential Revision:	https://reviews.freebsd.org/D51935

Makefile.inc1

@@ -2709,8 +2709,14 @@ _basic_bootstrap_tools+=sbin/md5
 _basic_bootstrap_tools+=usr.sbin/tzsetup
 .endif
 
-# certctl is needed as an install tool
+# certctl is needed as an install tool.  libcrypto is rather heavy, so we'll
+# build that alongside it only for platforms that don't expose headers for
+# OpenSSL, like macOS.
 .if ${MK_CAROOT} != "no" && ${MK_OPENSSL} != "no"
+.if ${.MAKE.OS} == "Darwin"
+_bootstrap_libcrypto=secure/lib/libcrypto
+${_bt}-usr.sbin/certctl: ${_bt}-secure/lib/libcrypto
+.endif
 _certctl=usr.sbin/certctl
 .endif
 
@@ -2777,6 +2783,7 @@ bootstrap-tools: ${_bt}-links .PHONY
     ${_strfile} \
     usr.bin/dtc \
     ${_cat} \
+    ${_bootstrap_libcrypto} \
     ${_certctl} \
     ${_kbdcontrol} \
     ${_elftoolchain_libs} \

secure/lib/libcrypto/Makefile

@@ -1,7 +1,10 @@
 SHLIBDIR?=	/lib
-.if !defined(LIBCRYPTO_WITHOUT_SUBDIRS)
+.if !defined(LIBCRYPTO_WITHOUT_SUBDIRS) && !defined(BOOTSTRAPPING)
 SUBDIR=		engines modules
 .endif
+.ifdef BOOTSTRAPPING
+CFLAGS+=	-DOPENSSL_NO_SCTP
+.endif
 
 .include <bsd.own.mk>
 .include <src.opts.mk>

secure/lib/libcrypto/Makefile.common

@@ -6,7 +6,7 @@ CFLAGS+=	-DL_ENDIAN
 CFLAGS+=	-DB_ENDIAN
 .endif
 
-.ifndef WITHOUT_AUTO_ASM
+.if !defined(WITHOUT_AUTO_ASM) && !defined(BOOTSTRAPPING)
 .if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
     ${MACHINE_CPUARCH} == "arm" || ${MACHINE_CPUARCH} == "i386"
 ASM_${MACHINE_CPUARCH}=

share/mk/bsd.endian.mk

@@ -20,10 +20,17 @@ LOCALEDEF_ENDIAN= -b
 #
 # During bootstrapping on !FreeBSD OSes, we need to define some value.  Short of
 # having an exhaustive list for all variants of Linux and MacOS we simply do not
-# set TARGET_ENDIANNESS and poison the other variables. They should be unused
-# during the bootstrap phases (apart from one place that's adequately protected
-# in bsd.compiler.mk) where we're building the bootstrap tools.
+# set TARGET_ENDIANNESS (on Linux) and poison the other variables. They should
+# be unused during the bootstrap phases (apart from one place that's adequately
+# protected in bsd.compiler.mk) where we're building the bootstrap tools.
 #
+.if ${.MAKE.OS} == "Darwin"
+# We do assume the endianness on macOS because Apple's modern hardware is all
+# little-endian.  This might need revisited in the far future, but for the time
+# being Apple Silicon's reign of terror continues.  We only set this one up
+# because libcrypto is now built in bootstrap.
+TARGET_ENDIANNESS= 1234
+.endif
 CAP_MKDB_ENDIAN= -B	# Poisoned value, invalid flags for both cap_mkdb
 LOCALEDEF_ENDIAN= -B	# and localedef.
 .endif

tools/build/Makefile

@@ -495,6 +495,7 @@ INSTALLDIR_LIST= \
 	bin \
 	lib/geom \
 	usr/include/casper \
+	usr/include/openssl \
 	usr/include/private/ucl \
 	usr/include/private/zstd \
 	usr/lib \