Merge topic branch t/openssl-3 into master

The series starts with a few cleanups and crypto-backend tweaks to
beat the openssl specific code into shape for the main objective:
the switch of the RSA encryption and decryption routines to the
high-level EVP API. This has become necessary because the old RSA
API functions have been deprecated in openssl-3.

This merge conflicted against commit a18458cff51c (No longer check
for CRYPTO_cleanup_all_ex_data()). The resolution is to remove the
checks which that commit removed and to add the checks which commit
0485079436ad (openssl: Use the EVP library for RSA public encryption)
of this series introduced.

Cooking for four months.

* refs/heads/t/openssl-3:
  openssl: Reactivate openssl warnings.
  openssl: Use the EVP library for RSA private decryption.
  openssl: Use the EVP library for RSA public encryption.
  apc_priv_decrypt: Let the callee allocate the buffer.
  apc_pub_encrypt: Let the callee allocate the buffer.
  openssl: Assume that openssl allocation functions functions succeed.
  openssl: Introduce openssl_perror().
  openssl: Don't pass pointers to RSA structures around.
  openssl: Kill rsa coefficient computations.
  client: Check buffer size returned by apc_priv_decrypt().

diff --cc Makefile.real
Simple merge

diff --cc NEWS.md
index 935e8493cedeb4c3c94ffafbb4c6d11035ea65f4,d5812289640d71c52a60bd850928c72b3c5ba0b8..0886b26e2a31eb6af6e12103a77fac3ed11afdbc
--- 1/NEWS.md
--- 2/NEWS.md
+++ b/NEWS.md
@@@ -5,15 -5,6 +5,17 @@@ NEW
  0.7.4 (to be announced) "genetic contraction"
  ---------------------------------------------
  
++- The openssl RSA code has been converted to EVP and no longer uses
++  any deprecated openssl API functions.
 +- Simplification of the build system. The only visible effect is
 +  that configure no longer prints a summary at the end.
 +- para_play is no longer built if libreadline is not installed.
 +- Speedups for the buffer tree code, which particularly improves the
 +  performance of para_play for large mp3 files.
 +- The chunk table and mbox listing modes of the ls server command
 +  have been deprecated. They still work, but a warning is issued to
 +  inform the user about the deprecated option.
 +
  Downloads:
  [tarball](./releases/paraslash-git.tar.xz)
  

diff --cc configure.ac
index 63b06316137c0a67d6b2142bda481e55aab934ed,d6796e5641aeea757b84db65d6e6f50f4a489240..9e90ae5d6745d335f93b9eb3f7c8f8e44630964e
--- 1/configure.ac
--- 2/configure.ac
+++ b/configure.ac
@@@ -109,6 -110,20 +109,10 @@@ if test $HAVE_OPENSSL = yes; the
        will be removed in the next major paraslash release. Please upgrade
        your openssl installation.])
        fi
 -
+       AC_CHECK_LIB([crypto], [OSSL_PARAM_construct_BN], [HAVE_OSSL_PARAM=yes],
+               [HAVE_OSSL_PARAM=no])
+       test $HAVE_OSSL_PARAM = yes &&
+               AC_DEFINE([HAVE_OSSL_PARAM], [1], [openssl >= 3.0])
 -      HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=yes
 -      AC_CHECK_DECL([CRYPTO_cleanup_all_ex_data], [],
 -              [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no],
 -              [#include <openssl/rsa.h>])
 -      AC_CHECK_LIB([crypto], [CRYPTO_cleanup_all_ex_data], [],
 -              [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no])
 -      test $HAVE_CRYPTO_CLEANUP_ALL_EX_DATA = yes &&
 -              AC_DEFINE([HAVE_CRYPTO_CLEANUP_ALL_EX_DATA], [1],
 -                      [not available on FreeBSD 12])
        HAVE_OPENSSL_THREAD_STOP=yes
        AC_CHECK_DECL([OPENSSL_thread_stop], [],
                [HAVE_OPENSSL_THREAD_STOP=no],

diff --cc openssl.c
Simple merge