Update to OpenSSL 3.

- Rename the package in Jamfiles as appropriate (but don't rename the
  build feature)

- Remove libnetapi SSL class (not needed anymore, OpenSSL now knows how
  to use pthread functions directly and seed its random generator)

- Rename or remove a few other deprecated functions

Change-Id: I624833923e113a8235932d7ce8020bf27c6e2ea6
Reviewed-on: https://review.haiku-os.org/c/haiku/+/7717

Jamfile

@@ -82,7 +82,7 @@ if $(HAIKU_PACKAGING_ARCHS[2]) {
 
 # If enabled, make sure that OpenSSL is added to the image.
 if [ FIsBuildFeatureEnabled openssl ] {
-	AddHaikuImageSystemPackages openssl ;
+	AddHaikuImageSystemPackages openssl3 ;
 }
 
 # add additionally requested packages

build/jam/BuildFeatures

@@ -15,16 +15,16 @@ local unavailableBuildFeatures ;
 # SSL
 
 # Automatically enable the SSL feature, when the OpenSSL package is enabled.
-if [ IsHaikuImagePackageAdded openssl ] {
+if [ IsHaikuImagePackageAdded openssl3 ] {
 	HAIKU_BUILD_FEATURE_SSL = 1 ;
 }
 
 if $(HAIKU_BUILD_FEATURE_SSL) {
-	if [ IsPackageAvailable openssl_devel ] {
+	if [ IsPackageAvailable openssl3_devel ] {
 		ExtractBuildFeatureArchives openssl :
-			file: base openssl
+			file: base openssl3
 				runtime: lib
-			file: devel openssl_devel
+			file: devel openssl3_devel
 				depends: base
 				libraries:
 					$(developLibDir)/libcrypto.so

build/jam/DefaultBuildProfiles

@@ -105,7 +105,7 @@ rule DefineDefaultBuildProfiles
 			local architectureObject ;
 			for architectureObject in [ MultiArchSubDirSetup ] {
 				on $(architectureObject) {
-					AddHaikuImageSystemPackages openssl wonderbrush@gcc2 ;
+					AddHaikuImageSystemPackages openssl3 wonderbrush@gcc2 ;
 				}
 			}
 
@@ -135,7 +135,7 @@ rule DefineDefaultBuildProfiles
 				mandoc
 				noto
 				openssh
-				openssl
+				openssl3
 				pe
 				vision
 				wpa_supplicant
@@ -171,7 +171,7 @@ rule DefineDefaultBuildProfiles
 			}
 
 			AddHaikuImageSystemPackages
-				openssl
+				openssl3
 				;
 		}
 

build/jam/OptionalPackages

@@ -76,7 +76,7 @@ if [ IsOptionalHaikuImagePackageAdded Development ] {
 	local architectureObject ;
 	for architectureObject in [ MultiArchSubDirSetup ] {
 		on $(architectureObject) {
-			AddHaikuImageDisabledPackages openssl_devel
+			AddHaikuImageDisabledPackages openssl3_devel
 				libjpeg_turbo_devel libpng16_devel zlib_devel zstd_devel ;
 		}
 	}

src/kits/network/libnetapi/Certificate.cpp

@@ -80,14 +80,14 @@ BCertificate::Version() const
 time_t
 BCertificate::StartDate() const
 {
-	return parse_ASN1(X509_get_notBefore(fPrivate->fX509));
+	return parse_ASN1(X509_getm_notBefore(fPrivate->fX509));
 }
 
 
 time_t
 BCertificate::ExpirationDate() const
 {
-	return parse_ASN1(X509_get_notAfter(fPrivate->fX509));
+	return parse_ASN1(X509_getm_notAfter(fPrivate->fX509));
 }
 
 

src/kits/network/libnetapi/Jamfile

@@ -12,15 +12,13 @@ local architectureObject ;
 for architectureObject in [ MultiArchSubDirSetup ] {
 	on $(architectureObject) {
 		local architecture = $(TARGET_PACKAGING_ARCH) ;
-		local sslSources ;
 
 		UsePrivateSystemHeaders ;
 
 		if [ FIsBuildFeatureEnabled openssl ] {
 			SubDirC++Flags -DOPENSSL_ENABLED -DOPENSSL_API_COMPAT=10101 -DOPENSSL_NO_DEPRECATED=1 ;
 			UseBuildFeatureHeaders openssl ;
-			sslSources = SSL.cpp ;
-			Includes [ FGristFiles $(sslSources) SecureSocket.cpp
+			Includes [ FGristFiles SecureSocket.cpp
 					HttpAuthentication.cpp Certificate.cpp ]
 				: [ BuildFeatureAttribute openssl : headers ] ;
 				# Dependency needed to trigger downloading/unzipping the package
@@ -37,7 +35,6 @@ for architectureObject in [ MultiArchSubDirSetup ] {
 			NetBuffer.cpp
 			NetDebug.cpp
 
-			$(sslSources)
 			Certificate.cpp
 
 			NetworkAddress.cpp

src/kits/network/libnetapi/SSL.cpp

@@ -1,69 +0,0 @@
-/*
- * Copyright 2011, Axel Dörfler, axeld@pinc-software.de.
- * Copyright 2014 Haiku, inc.
- *
- * Distributed under the terms of the MIT License.
- */
-
-
-#include <OS.h>
-
-#include <openssl/ssl.h>
-#include <openssl/rand.h>
-#include <pthread.h>
-
-
-namespace BPrivate {
-
-
-class SSL {
-public:
-	SSL()
-	{
-		SSL_library_init();
-
-		int64 seed = find_thread(NULL) ^ system_time();
-		RAND_seed(&seed, sizeof(seed));
-
-		// Set callbacks required for thread-safe operation of OpenSSL.
-		sMutexBuf = new pthread_mutex_t[CRYPTO_num_locks()];
-		for (int i = 0; i < CRYPTO_num_locks(); i++)
-			pthread_mutex_init(&sMutexBuf[i], NULL);
-		CRYPTO_set_id_callback(_GetThreadId);
-		CRYPTO_set_locking_callback(_LockingFunction);
-	}
-
-	~SSL()
-	{
-		CRYPTO_set_id_callback(NULL);
-		CRYPTO_set_locking_callback(NULL);
-
-		for (int i = 0; i < CRYPTO_num_locks(); i++)
-			pthread_mutex_destroy(&sMutexBuf[i]);
-		delete[] sMutexBuf;
-	}
-
-private:
-	static void _LockingFunction(int mode, int n, const char * file, int line)
-	{
-		if (mode & CRYPTO_LOCK)
-			pthread_mutex_lock(&sMutexBuf[n]);
-		else
-			pthread_mutex_unlock(&sMutexBuf[n]);
-	}
-
-	static unsigned long _GetThreadId()
-	{
-		return find_thread(NULL);
-	}
-
-private:
-	static pthread_mutex_t* sMutexBuf;
-};
-
-
-static SSL sSSL;
-pthread_mutex_t* SSL::sMutexBuf;
-
-
-}	// namespace BPrivate

src/kits/network/libnetapi/SecureSocket.cpp

@@ -295,9 +295,6 @@ static void apps_ssl_info_callback(const SSL *s, int where, int ret)
 /* static */ void
 BSecureSocket::Private::_CreateContext()
 {
-	// We want SSL to report errors in human readable format.
-	SSL_load_error_strings();
-
 	// "SSLv23" means "any SSL or TLS version". We disable SSL v2 and v3 below
 	// to keep only TLS 1.0 and above.
 	sContext = SSL_CTX_new(SSLv23_method());