From 9c75c5ad685b47d4b5195cad8d715f060e880d79 Mon Sep 17 00:00:00 2001
From: Benoit Pierre <benoit.pierre@gmail.com>
Date: Wed, 25 Dec 2024 10:43:18 +0100
Subject: [PATCH] drop openssl in favor of libressl

---
 cmake/CMakeLists.txt                          |  11 +-
 ffi/crypto.lua                                |   2 +-
 .../cmake_modules/koreader_targets.cmake      |   4 +-
 .../koreader_thirdparty_libs.cmake            |  10 --
 thirdparty/openssl/CMakeLists.txt             | 123 ------------------
 .../fix_libcrypto_pkg-config_entry.patch      |  13 --
 thirdparty/openssl/macos_rpath.patch          |  11 --
 .../openssl-1.1.0j-parallel_install_fix.patch |  21 ---
 .../openssl/reduce_build_verbosity.patch      |  22 ----
 9 files changed, 7 insertions(+), 210 deletions(-)
 delete mode 100644 thirdparty/openssl/CMakeLists.txt
 delete mode 100644 thirdparty/openssl/fix_libcrypto_pkg-config_entry.patch
 delete mode 100644 thirdparty/openssl/macos_rpath.patch
 delete mode 100644 thirdparty/openssl/openssl-1.1.0j-parallel_install_fix.patch
 delete mode 100644 thirdparty/openssl/reduce_build_verbosity.patch

diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt
index 0434b392e..1b841aeb8 100644
--- a/cmake/CMakeLists.txt
+++ b/cmake/CMakeLists.txt
@@ -172,7 +172,7 @@ set(crengine_BINARY_DIR ${crengine_CMAKE_BINARY_DIR}/build)
 declare_project(thirdparty/cpu_features EXCLUDE_FROM_ALL)
 
 # curl
-declare_project(thirdparty/curl DEPENDS openssl zlib EXCLUDE_FROM_ALL)
+declare_project(thirdparty/curl DEPENDS libressl zlib EXCLUDE_FROM_ALL)
 
 # czmq
 if(NOT WIN32)
@@ -318,7 +318,7 @@ declare_project(thirdparty/luajson)
 declare_project(thirdparty/luarocks DEPENDS luajit EXCLUDE_FROM_ALL)
 
 # luasec
-declare_project(thirdparty/luasec DEPENDS luajit luasocket openssl)
+declare_project(thirdparty/luasec DEPENDS luajit luasocket libressl)
 
 # luasocket
 declare_project(thirdparty/luasocket DEPENDS luajit)
@@ -354,9 +354,6 @@ else()
 endif()
 declare_project(thirdparty/openssh ${EXCLUDE_FROM_ALL})
 
-# openssl
-declare_project(thirdparty/openssl)
-
 # pcre2
 declare_project(thirdparty/pcre2 EXCLUDE_FROM_ALL)
 
@@ -396,7 +393,7 @@ endif()
 declare_project(thirdparty/tesseract DEPENDS ${DEPENDS})
 
 # turbo
-declare_project(thirdparty/turbo DEPENDS openssl)
+declare_project(thirdparty/turbo DEPENDS libressl)
 
 # utf8proc
 declare_project(thirdparty/utf8proc)
@@ -413,7 +410,7 @@ if(CERVANTES OR KINDLE OR KOBO OR POCKETBOOK OR REMARKABLE OR SONY_PRSTUX)
 else()
     set(EXCLUDE_FROM_ALL EXCLUDE_FROM_ALL)
 endif()
-declare_project(thirdparty/zsync2 DEPENDS curl openssl zlib ${EXCLUDE_FROM_ALL})
+declare_project(thirdparty/zsync2 DEPENDS curl libressl zlib ${EXCLUDE_FROM_ALL})
 
 # }}}
 
diff --git a/ffi/crypto.lua b/ffi/crypto.lua
index 98ec990aa..f506f6503 100644
--- a/ffi/crypto.lua
+++ b/ffi/crypto.lua
@@ -7,7 +7,7 @@ LuaJIT FFI wrapper for libcrypto (OpenSSL).
 local ffi = require("ffi")
 require("ffi/crypto_h")
 
-local libcrypto = ffi.loadlib("crypto", "1.1")
+local libcrypto = ffi.loadlib("crypto", "55")
 local crypto = {}
 
 function crypto.pbkdf2_hmac_sha1(pass, salt, iterations, key_len)
diff --git a/thirdparty/cmake_modules/koreader_targets.cmake b/thirdparty/cmake_modules/koreader_targets.cmake
index c792c4c57..543d8fe34 100644
--- a/thirdparty/cmake_modules/koreader_targets.cmake
+++ b/thirdparty/cmake_modules/koreader_targets.cmake
@@ -297,6 +297,8 @@ if(MONOLIBTIC)
         leptonica::leptonica
         libjpeg-turbo::turbojpeg
         libk2pdfopt::k2pdfopt
+        libressl::crypto
+        libressl::ssl
         libzmq::zmq
         lodepng::lodepng
         lpeg::lpeg
@@ -305,8 +307,6 @@ if(MONOLIBTIC)
         luasocket::luasocket
         luasocket::mcore
         luasocket::score
-        openssl::crypto
-        openssl::ssl
         pthread
         sqlite::sqlite3
         turbo::tffi_wrap
diff --git a/thirdparty/cmake_modules/koreader_thirdparty_libs.cmake b/thirdparty/cmake_modules/koreader_thirdparty_libs.cmake
index 21d32b44f..532aae6b0 100644
--- a/thirdparty/cmake_modules/koreader_thirdparty_libs.cmake
+++ b/thirdparty/cmake_modules/koreader_thirdparty_libs.cmake
@@ -189,16 +189,6 @@ if(MONOLIBTIC)
     declare_dependency(openlipclua::libopenlipclua SHARED lipc STATIC openlipclua)
 endif()
 
-# openssl
-set(CRYPTO_LIBS)
-set(SSL_LIBS)
-if(MONOLIBTIC)
-    list(APPEND CRYPTO_LIBS dl pthread)
-    list(APPEND SSL_LIBS pthread)
-endif()
-declare_dependency(openssl::crypto MONOLIBTIC crypto LIBRARIES ${CRYPTO_LIBS})
-declare_dependency(openssl::ssl MONOLIBTIC ssl LIBRARIES ${SSL_LIBS})
-
 # nanosvg
 declare_dependency(nanosvg::nanosvg LIBRARIES m)
 
diff --git a/thirdparty/openssl/CMakeLists.txt b/thirdparty/openssl/CMakeLists.txt
deleted file mode 100644
index b5b0928be..000000000
--- a/thirdparty/openssl/CMakeLists.txt
+++ /dev/null
@@ -1,123 +0,0 @@
-list(APPEND PATCH_FILES
-    openssl-1.1.0j-parallel_install_fix.patch
-    reduce_build_verbosity.patch
-    macos_rpath.patch
-)
-if(MONOLIBTIC)
-    list(APPEND PATCH_FILES fix_libcrypto_pkg-config_entry.patch)
-endif()
-
-list(APPEND CFG_ENV_VAR
-    CC=${HOSTCC}
-    CXX=${HOSTCXX}
-    # NOTE: Disable https://github.com/openssl/openssl/pull/9595 as it's causing
-    # stalls long after the early boot on devices without the getrandom() syscall,
-    # which is pretty much all of them, because it's a Linux 3.17+ & glibc 2.25+
-    # feature.  This is most easily reproduced with scp transfers that will block
-    # on the initial select on /dev/random.  Since those devices are low-power, UP,
-    # and mostly idle, it can take a fairly noticeable amount of time for entropy
-    # to be generated...
-    CPPFLAGS=-DOPENSSL_RAND_SEED_DEVRANDOM_SHM_ID=-1
-    CFLAGS=${CFLAGS}
-    CXXFLAGS=${CXXFLAGS}
-    LDFLAGS=${LDFLAGS}
-)
-# If we have a CHOST set, use it.
-if(CHOST)
-    list(APPEND CFG_ENV_VAR CROSS_COMPILE=${CHOST}-)
-endif()
-
-set(CFG_OPTS shared)
-
-if(ANDROID)
-    assert_var_defined(ENV{NDKABI})
-    set(CFG_OPTS -D__ANDROID_API__=$ENV{NDKABI} ${CFG_OPTS})
-    # If we're on ARM, make it so
-    if(CHOST MATCHES "^armv7a-.*")
-        set(CFG_OPTS android-arm ${CFG_OPTS})
-    elseif(CHOST MATCHES "^aarch64-.*")
-        set(CFG_OPTS android-arm64 ${CFG_OPTS})
-    elseif(CHOST MATCHES "^x86_64-.*")
-        set(CFG_OPTS android-x86_64 ${CFG_OPTS})
-    else()
-        set(CFG_OPTS android-x86 ${CFG_OPTS})
-    endif()
-else()
-    # If we're on ARM, make it so
-    if(CHOST MATCHES "^arm-.*")
-        # Yes, OpenSSL's preset names make no sense.
-        set(CFG_OPTS linux-armv4 -DL_ENDIAN ${CFG_OPTS})
-    elseif(CHOST MATCHES "^aarch64-.*")
-        set(CFG_OPTS linux-aarch64 -DL_ENDIAN ${CFG_OPTS})
-    endif()
-endif()
-
-# Do we support SIMD?
-if(WANT_SIMD)
-    set(ASM_OPT enable-asm)
-else()
-    set(ASM_OPT no-asm)
-endif()
-
-if(APPLE)
-    list(APPEND CONFIGURE_CMD ${SOURCE_DIR}/Configure)
-    if(DARWIN_AARCH64)
-        list(APPEND CONFIGURE_CMD darwin64-arm64-cc)
-    else()
-        list(APPEND CONFIGURE_CMD darwin64-x86_64-cc)
-    endif()
-elseif(WIN32)
-    list(APPEND CONFIGURE_CMD ${SOURCE_DIR}/Configure mingw)
-elseif(EMULATE_READER)
-    list(APPEND CONFIGURE_CMD ${SOURCE_DIR}/config)
-else()
-    list(APPEND CONFIGURE_CMD ${SOURCE_DIR}/Configure)
-endif()
-
-set(CFG_OPTS ${CFG_OPTS} ${ASM_OPT} no-async no-idea no-mdc2 no-rc5 no-tests)
-list(APPEND CFG_CMD COMMAND
-    env ${CFG_ENV_VAR}
-    ${CONFIGURE_CMD}
-    --prefix=${STAGING_DIR}
-    ${CFG_OPTS}
-)
-if(ANDROID)
-    # Disable versioning of shared objects.
-    list(APPEND CFG_CMD COMMAND ${ISED} "s|^SHLIB_EXT=.*|SHLIB_EXT=${LIB_EXT}|" Makefile)
-endif()
-
-set(MAKE_CMD
-    make
-    AR=${AR}
-    CC=${CC}
-    CXX=${CXX}
-    LD=${LD}
-    MAKEDEPEND=${CC}
-    RANLIB=${RANLIB}
-    # Reproducible builds.
-    SOURCE_DATE_EPOCH=1694383200
-)
-
-list(APPEND BUILD_CMD COMMAND ${MAKE_CMD} build_libs)
-
-list(APPEND INSTALL_CMD COMMAND ${MAKE_CMD} install_dev)
-
-if(MONOLIBTIC)
-    list(APPEND INSTALL_CMD COMMAND sh -c "rm -v \"$1\"* \"$2\"*" --
-        ${STAGING_DIR}/lib/libcrypto${LIB_EXT}
-        ${STAGING_DIR}/lib/libssl${LIB_EXT}
-    )
-else()
-    append_shared_lib_install_commands(INSTALL_CMD crypto VERSION 1.1)
-    append_shared_lib_install_commands(INSTALL_CMD ssl VERSION 1.1)
-endif()
-
-external_project(
-    DOWNLOAD URL 3f76825f195e52d4b10c70040681a275
-    https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz
-    https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz
-    PATCH_FILES ${PATCH_FILES}
-    CONFIGURE_COMMAND ${CFG_CMD}
-    BUILD_COMMAND ${BUILD_CMD}
-    INSTALL_COMMAND ${INSTALL_CMD}
-)
diff --git a/thirdparty/openssl/fix_libcrypto_pkg-config_entry.patch b/thirdparty/openssl/fix_libcrypto_pkg-config_entry.patch
deleted file mode 100644
index b8c201b72..000000000
--- a/thirdparty/openssl/fix_libcrypto_pkg-config_entry.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -974,8 +974,8 @@
- 	    echo 'Name: OpenSSL-libcrypto'; \
- 	    echo 'Description: OpenSSL cryptography library'; \
- 	    echo 'Version: '$(VERSION); \
--	    echo 'Libs: -L$${libdir} -lcrypto'; \
--	    echo 'Libs.private: $(LIB_EX_LIBS)'; \
-+	    echo 'Libs: -L$${libdir} -lcrypto $(LIB_EX_LIBS)'; \
-+	    echo 'Libs.private:'; \
- 	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
- 
- libssl.pc:
diff --git a/thirdparty/openssl/macos_rpath.patch b/thirdparty/openssl/macos_rpath.patch
deleted file mode 100644
index 9736d41b9..000000000
--- a/thirdparty/openssl/macos_rpath.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- i/Configurations/shared-info.pl
-+++ w/Configurations/shared-info.pl
-@@ -44,7 +44,7 @@ my %shared_info;
-     'darwin-shared' => {
-         module_ldflags        => '-bundle',
-         shared_ldflag         => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
--        shared_sonameflag     => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
-+        shared_sonameflag     => '-install_name @rpath/',
-     },
-     'cygwin-shared' => {
-         shared_ldflag         => '-shared -Wl,--enable-auto-image-base',
diff --git a/thirdparty/openssl/openssl-1.1.0j-parallel_install_fix.patch b/thirdparty/openssl/openssl-1.1.0j-parallel_install_fix.patch
deleted file mode 100644
index c837e208c..000000000
--- a/thirdparty/openssl/openssl-1.1.0j-parallel_install_fix.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://github.com/openssl/openssl/issues/7679
-
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -77,8 +77,14 @@
-      # to. You're welcome.
-      sub dependmagic {
-          my $target = shift;
--
--         return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
-+		  my $magic = <<"_____";
-+$target: build_generated depend
-+		 \$(MAKE) _$target
-+_$target
-+_____
-+		 # Remove line ending
-+		 $magic =~ s|\R$||;
-+		 return $magic;
-      }
-      '';
- -}
diff --git a/thirdparty/openssl/reduce_build_verbosity.patch b/thirdparty/openssl/reduce_build_verbosity.patch
deleted file mode 100644
index 9068659b7..000000000
--- a/thirdparty/openssl/reduce_build_verbosity.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- i/Configurations/unix-Makefile.tmpl
-+++ w/Configurations/unix-Makefile.tmpl
-@@ -291,7 +291,11 @@
- HTMLSUFFIX=html
- 
- # For "optional" echo messages, to get "real" silence
-+ifeq (,$(findstring s,$(firstword -$(MAKEFLAGS))))
- ECHO = echo
-+else
-+ECHO = :
-+endif
- 
- ##### User defined commands and flags ################################
- 
-@@ -1123,6 +1127,7 @@
-               bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
-           } -> {$args{intent}};
-       }
-+      $cmd = '@$(ECHO) $@; '.$cmd;
-       my $recipe;
-       # extension-specific rules
-       if (grep /\.s$/, @srcs) {