openssl: update to 3.4.0

[benoit-pierre]

https://github.com/openssl/openssl/blob/openssl-3.4.0/NEWS.md

---

This change is 

[benoit-pierre]

Size as really ballooned, example for the kindlepw2 release build:

	1.1.1	3.4.0
crypto	1.6 MB	2.5 MB
ssl	326 KB	575 KB

[NiLuJe]

Assuming luasec is happy with it, I'm all for it, thanks ;).

(IIRC, OpenSSL 1.1 is very very EoL ;p)

[Frenzie]

Should be: lunarmodules/luasec@c297c52

[Frenzie]

Size has really ballooned, example for the kindlepw2 release build:

There are some obvious ones like no-ui-console no-whirlpool if we don't already use those.

[benoit-pierre]

Updated results, again with a kindlepw2 release build:

	1.1.1	3.4.0
crypto	1.6 MB	2.4 MB ( +884.5 KB)
ssl	326 KB	420.2 KB ( +98.2 KB)
TOTAL	1.9 MB	2.8 MB ( +982.7 KB)

[Frenzie]

That differs less than I'd hoped, but hey, it's something.

[benoit-pierre]

Yesterday, I tried to see if wolfSSL was an alternative, but could not get luasec to work. LibreSSL, however, looks to be viable. I tested the Android ARM build: calibre plugin, NEWS downloader.

Code size comparison for the kindlepw2 release build:

	OpenSSL 1.1.1	OpenSSL 3.4.0	LibreSSL 4.0.0
crypto	1.6 MB	2.4 MB ( +884.5 KB)	1.0 MB ( -538.2 KB)
ssl	326 KB	420.2 KB ( +98.2 KB)	213.5 KB ( -108.5 KB)
TOTAL	1.9 MB	2.8 MB ( +982.7 KB)	1.2 MB ( -646.7 KB)

[Frenzie]

I had commented on the commit, so replicating it here so I can actually find it again in the future.

---

I see, no-legacy is about the provider only but not about the algorithms. From the name I incorrectly assumed it covered all of these:

• Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
  RC4, RC5, and DES to the legacy provider.
• Moved the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 to the legacy
  provider.

But presumably that does provide a (incomplete?) list of various others to disable.

[Frenzie]

LibreSSL, however, looks to be viable.

I seem to recall reading it was a fair bit slower, which would be more relevant on ereaders. But I'm fine with anything that works.

[benoit-pierre]

No issue with the LibreSSL build on my Kindle either. I also did an OTA update to check zsync2 was still working.

[benoit-pierre]

	OpenSSL 1.1.1	OpenSSL 3.4.0	LibreSSL 4.0.0
crypto	1.6 MB	1.9 MB ( +395.0 KB)	1.0 MB ( -538.2 KB)
ssl	326 KB	380.7 KB ( +58.7 KB)	213.5 KB ( -108.5 KB)
TOTAL	1.9 MB	2.3 MB ( +453.7 KB)	1.2 MB ( -646.7 KB)

[Frenzie]

@poire-z @pazos @NiLuJe Any preference? I don't mind either way. There's a mild worry of subtle incompatibility/misbehavior with LibreSSL, but then again this isn't some kind of networking app.

[benoit-pierre]

There are only 3 remaining users:

• cURL: officially supports LibreSSL
• luasec: there are a number of LibreSSL related #ifdef checks in the code, so we can assume it's supported and tested
• turbo: no reference to LibreSSL, but API should be OpenSSL compatible, so…

I do like that the LibreSSL (default) build is 1MB lighter than OpenSSL 3.4.0, and uses CMake.

The hardware related feature detection code is different than both OpenSSL version, so maybe we should check that the ARM issue is not present. @TheBolshe: are you available to test a LibreSSL build?

[TheBolshe]

Sure ^^
Do I do a full reset of the ebook before trying?

[benoit-pierre]

Sure ^^ Do I do a full reset of the ebook before trying?

No need, here's the build.

[TheBolshe]

Sure ^^ Do I do a full reset of the ebook before trying?

No need, here's the build.

Seems to be working fine, no crashes on download.

[benoit-pierre]

Sure ^^ Do I do a full reset of the ebook before trying?

No need, here's the build.

Seems to be working fine, no crashes on download.

Great, thanks for testing!

[poire-z]

@poire-z Any preference? I don't mind either way.

No real opinion.

[NiLuJe]

No preferences either, FWIW; the perf differences are likely irrelevant for our usecases and/or targets ;).

(i.e., smaller sounds good, so, fine w/ libressl).

[Frenzie]

Alright, I'll merge the other one when I get to a PC. (Or anybody else feel free to do so. ;-)