Upgrade depends OpenSSL to 3.5 LTS

depends/packages/openssl.mk

@@ -1,45 +1,19 @@
 package=openssl
-$(package)_version=1.0.1k
-$(package)_download_path=https://openssl-library.org/source/old/1.0.1
+$(package)_version=3.5.6
+$(package)_download_path=https://github.com/openssl/openssl/releases/download/openssl-$($(package)_version)
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
-$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
+$(package)_sha256_hash=deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736
 
 define $(package)_set_vars
-$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
-$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl
-$(package)_config_opts+=no-camellia
-$(package)_config_opts+=no-capieng
-$(package)_config_opts+=no-cast
+$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" CXX="$($(package)_cxx)"
+$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl --libdir=lib
 $(package)_config_opts+=no-comp
+$(package)_config_opts+=no-docs
 $(package)_config_opts+=no-dso
-$(package)_config_opts+=no-dtls1
-$(package)_config_opts+=no-ec_nistp_64_gcc_128
-$(package)_config_opts+=no-gost
-$(package)_config_opts+=no-gmp
-$(package)_config_opts+=no-heartbeats
-$(package)_config_opts+=no-idea
-$(package)_config_opts+=no-jpake
-$(package)_config_opts+=no-krb5
-$(package)_config_opts+=no-libunbound
-$(package)_config_opts+=no-md2
-$(package)_config_opts+=no-mdc2
-$(package)_config_opts+=no-rc4
-$(package)_config_opts+=no-rc5
-$(package)_config_opts+=no-rdrand
-$(package)_config_opts+=no-rfc3779
-$(package)_config_opts+=no-rsax
-$(package)_config_opts+=no-sctp
-$(package)_config_opts+=no-seed
-$(package)_config_opts+=no-sha0
+$(package)_config_opts+=no-tests
 $(package)_config_opts+=no-shared
-$(package)_config_opts+=no-ssl-trace
-$(package)_config_opts+=no-ssl2
 $(package)_config_opts+=no-ssl3
-$(package)_config_opts+=no-static_engine
-$(package)_config_opts+=no-store
-$(package)_config_opts+=no-unit-test
 $(package)_config_opts+=no-weak-ssl-ciphers
-$(package)_config_opts+=no-whirlpool
 $(package)_config_opts+=no-zlib
 $(package)_config_opts+=no-zlib-dynamic
 $(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags)
@@ -64,17 +38,12 @@ $(package)_config_opts_x86_64_mingw32=mingw64
 $(package)_config_opts_i686_mingw32=mingw
 endef
 
-define $(package)_preprocess_cmds
-  sed -i.old "/define DATE/d" util/mkbuildinf.pl && \
-  sed -i.old "s|engines apps test|engines|" Makefile.org
-endef
-
 define $(package)_config_cmds
   ./Configure $($(package)_config_opts)
 endef
 
 define $(package)_build_cmds
-  $(MAKE) -j1 build_libs libcrypto.pc libssl.pc openssl.pc
+  $(MAKE) build_libs libcrypto.pc libssl.pc openssl.pc
 endef
 
 define $(package)_stage_cmds
@@ -83,4 +52,4 @@ endef
 
 define $(package)_postprocess_cmds
   rm -rf share bin etc
-endef
+endef

src/init.cpp

@@ -53,6 +53,8 @@
 #include <stdint.h>
 #include <stdio.h>
 
+#include <openssl/crypto.h>
+
 #ifndef WIN32
 #include <signal.h>
 #endif
@@ -1055,7 +1057,11 @@ bool AppInit2()
         ShrinkDebugFile();
     LogPrintf("\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n");
     LogPrintf("Agrarian version %s (%s)\n", FormatFullVersion(), CLIENT_DATE);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    LogPrintf("Using OpenSSL version %s\n", OpenSSL_version(OPENSSL_VERSION));
+#else
     LogPrintf("Using OpenSSL version %s\n", SSLeay_version(SSLEAY_VERSION));
+#endif
 #ifdef ENABLE_WALLET
     LogPrintf("Using BerkeleyDB version %s\n", DbEnv::version(0, 0, 0));
 #endif

src/qt/paymentrequestplus.cpp

@@ -116,9 +116,18 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c
 
     // The first cert is the signing cert, the rest are untrusted certs that chain
     // to a valid root authority. OpenSSL needs them separately.
-    STACK_OF(X509)* chain = sk_X509_new_null();
+    STACK_OF(X509)* chain =
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        reinterpret_cast<STACK_OF(X509)*>(OPENSSL_sk_new_null());
+#else
+        sk_X509_new_null();
+#endif
     for (int i = certs.size() - 1; i > 0; i--) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        OPENSSL_sk_push(reinterpret_cast<OPENSSL_STACK*>(chain), reinterpret_cast<void*>(certs[i]));
+#else
         sk_X509_push(chain, certs[i]);
+#endif
     }
     X509* signing_cert = certs[0];
 
@@ -159,9 +168,9 @@ bool PaymentRequestPlus::getMerchant(X509_STORE* certStore, QString& merchant) c
         EVP_MD_CTX _ctx;
         EVP_MD_CTX *ctx;
         ctx = &_ctx;
+        EVP_MD_CTX_init(ctx);
 #endif
         EVP_PKEY* pubkey = X509_get_pubkey(signing_cert);
-        EVP_MD_CTX_init(ctx);
         if (!EVP_VerifyInit_ex(ctx, digestAlgorithm, NULL) ||
             !EVP_VerifyUpdate(ctx, data_to_verify.data(), data_to_verify.size()) ||
             !EVP_VerifyFinal(ctx, (const unsigned char*)paymentRequest.signature().data(), paymentRequest.signature().size(), pubkey)) {

src/qt/rpcconsole.cpp

@@ -286,7 +286,11 @@ RPCConsole::RPCConsole(QWidget* parent) : QDialog(parent, Qt::WindowSystemMenuHi
     connect(ui->btn_resync, SIGNAL(clicked()), this, SLOT(walletResync()));
 
     // set library version labels
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    ui->openSSLVersion->setText(OpenSSL_version(OPENSSL_VERSION));
+#else
     ui->openSSLVersion->setText(SSLeay_version(SSLEAY_VERSION));
+#endif
 #ifdef ENABLE_WALLET
     std::string strPathCustom = GetArg("-backuppath", "");
     std::string strzAGRPathCustom = GetArg("-zagrbackuppath", "");