Committing the ClickHouse core changes and other libraries to support OpenSSL. BoringSSL is still set as default

CMakeLists.txt

@@ -495,6 +495,20 @@ endif ()
 
 enable_testing() # Enable for tests without binary
 
+option(ENABLE_CH_BUNDLE_BORINGSSL "Provide the user to allow building of OpenSSL library. By default, uses in-house ClickHouse BoringSSL" ON)
+
+message (STATUS "ENABLE_CH_BUNDLE_BORINGSSL: ${ENABLE_CH_BUNDLE_BORINGSSL}")
+if (ENABLE_CH_BUNDLE_BORINGSSL)
+    message (STATUS "Uses in-house ClickHouse BoringSSL library")
+else ()
+    message (STATUS "Build and uses OpenSSL library instead of BoringSSL")
+endif ()
+
+if (NOT ENABLE_CH_BUNDLE_BORINGSSL)
+    set(ENABLE_SSL 1)
+    target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations")
+endif ()
+
 # when installing to /usr - place configs to /etc but for /usr/local place to /usr/local/etc
 if (CMAKE_INSTALL_PREFIX STREQUAL "/usr")
     set (CLICKHOUSE_ETC_DIR "/etc")

contrib/CMakeLists.txt

@@ -74,7 +74,11 @@ add_contrib (re2-cmake re2)
 add_contrib (xz-cmake xz)
 add_contrib (brotli-cmake brotli)
 add_contrib (double-conversion-cmake double-conversion)
-add_contrib (boringssl-cmake boringssl)
+if (ENABLE_CH_BUNDLE_BORINGSSL)
+    add_contrib (boringssl-cmake boringssl)
+else ()
+    add_contrib (openssl-cmake openssl)
+endif ()
 add_contrib (poco-cmake poco)
 add_contrib (croaring-cmake croaring)
 add_contrib (zstd-cmake zstd)

contrib/krb5-cmake/CMakeLists.txt

@@ -578,6 +578,12 @@ if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
     list(APPEND ALL_SRCS "${CMAKE_CURRENT_BINARY_DIR}/include_private/kcmrpc.c")
 endif()
 
+if (NOT ENABLE_CH_BUNDLE_BORINGSSL)
+    list(REMOVE_ITEM ALL_SRCS "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/aes.c")
+    list(APPEND ALL_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/aes.c")
+endif ()
+
+
 target_sources(_krb5 PRIVATE
     ${ALL_SRCS}
 )

contrib/libpq-cmake/CMakeLists.txt

@@ -59,6 +59,12 @@ set(SRCS
 
 add_library(_libpq ${SRCS})
 
+if (NOT ENABLE_CH_BUNDLE_BORINGSSL)
+    add_definitions(-DHAVE_BIO_METH_NEW)
+    add_definitions(-DHAVE_HMAC_CTX_NEW)
+    add_definitions(-DHAVE_HMAC_CTX_FREE)
+endif ()
+
 target_include_directories (_libpq SYSTEM PUBLIC ${LIBPQ_SOURCE_DIR})
 target_include_directories (_libpq SYSTEM PUBLIC "${LIBPQ_SOURCE_DIR}/include")
 target_include_directories (_libpq SYSTEM PRIVATE "${LIBPQ_SOURCE_DIR}/configs")

programs/server/Server.cpp

@@ -79,7 +79,9 @@
 #include <Common/ThreadFuzzer.h>
 #include <Common/getHashOfLoadedBinary.h>
 #include <Common/filesystemHelpers.h>
+#if USE_BORINGSSL
 #include <Compression/CompressionCodecEncrypted.h>
+#endif
 #include <Server/MySQLHandlerFactory.h>
 #include <Server/PostgreSQLHandlerFactory.h>
 #include <Server/CertificateReloader.h>
@@ -1263,8 +1265,9 @@ int Server::main(const std::vector<std::string> & /*args*/)
 
             global_context->updateStorageConfiguration(*config);
             global_context->updateInterserverCredentials(*config);
-
+#if USE_BORINGSSL
             CompressionCodecEncrypted::Configuration::instance().tryLoad(*config, "encryption_codecs");
+#endif
 #if USE_SSL
             CertificateReloader::instance().tryLoad(*config);
 #endif
@@ -1467,9 +1470,10 @@ int Server::main(const std::vector<std::string> & /*args*/)
         global_context->getMergeTreeSettings().sanityCheck(background_pool_tasks);
         global_context->getReplicatedMergeTreeSettings().sanityCheck(background_pool_tasks);
     }
-
+#if USE_BORINGSSL
     /// try set up encryption. There are some errors in config, error will be printed and server wouldn't start.
     CompressionCodecEncrypted::Configuration::instance().load(config(), "encryption_codecs");
+#endif
 
     SCOPE_EXIT({
         /// Stop reloading of the main config. This must be done before `global_context->shutdown()` because

src/CMakeLists.txt

@@ -247,7 +247,13 @@ add_object_library(clickhouse_access Access)
 add_object_library(clickhouse_backups Backups)
 add_object_library(clickhouse_core Core)
 add_object_library(clickhouse_core_mysql Core/MySQL)
-add_object_library(clickhouse_compression Compression)
+if (ENABLE_CH_BUNDLE_BORINGSSL)
+    add_object_library(clickhouse_compression Compression)
+else ()
+    add_headers_and_sources(dbms Compression)
+    list(REMOVE_ITEM dbms_headers Compression/CompressionCodecEncrypted.h)
+    list(REMOVE_ITEM dbms_sources Compression/CompressionCodecEncrypted.cpp)
+endif ()
 add_object_library(clickhouse_querypipeline QueryPipeline)
 add_object_library(clickhouse_datatypes DataTypes)
 add_object_library(clickhouse_datatypes_serializations DataTypes/Serializations)

src/Compression/CompressionFactory.cpp

@@ -176,7 +176,9 @@ void registerCodecDelta(CompressionCodecFactory & factory);
 void registerCodecT64(CompressionCodecFactory & factory);
 void registerCodecDoubleDelta(CompressionCodecFactory & factory);
 void registerCodecGorilla(CompressionCodecFactory & factory);
+#if USE_BORINGSSL
 void registerCodecEncrypted(CompressionCodecFactory & factory);
+#endif
 void registerCodecFPC(CompressionCodecFactory & factory);
 
 #endif
@@ -193,7 +195,9 @@ CompressionCodecFactory::CompressionCodecFactory()
     registerCodecT64(*this);
     registerCodecDoubleDelta(*this);
     registerCodecGorilla(*this);
+#if USE_BORINGSSL
     registerCodecEncrypted(*this);
+#endif
     registerCodecFPC(*this);
     #ifdef ENABLE_QPL_COMPRESSION
         registerCodecDeflateQpl(*this);

src/Core/config_core.h.in

@@ -22,3 +22,4 @@
 #cmakedefine01 USE_ODBC
 #cmakedefine01 USE_REPLXX
 #cmakedefine01 USE_JEMALLOC
+#cmakedefine01 USE_BORINGSSL

src/configure_config.cmake

@@ -103,3 +103,6 @@ endif()
 if (TARGET ch_contrib::jemalloc)
     set(USE_JEMALLOC 1)
 endif()
+if (ENABLE_CH_BUNDLE_BORINGSSL)
+    set(USE_BORINGSSL 1)
+endif ()