Fix the build (after boringssl submodule removal)

2024-09-19 16:20:50 +00:00 · 2024-02-10 14:35:04 +00:00 · 2024-02-10 14:35:04 +00:00 · dca6e0abbd
commit dca6e0abbd
parent 0608f7662e
19 changed files with 1307 additions and 2219 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -455,8 +455,6 @@ endif ()
 enable_testing() # Enable for tests without binary
 option(ENABLE_OPENSSL "This option performs a build with OpenSSL. NOTE! This option is insecure and should never be used. By default, ClickHouse uses and only supports BoringSSL" OFF)
 if (ARCH_S390X)
    set(ENABLE_OPENSSL_DYNAMIC_DEFAULT ON)
 else ()
--- a/contrib/CMakeLists.txt
+++ b/contrib/CMakeLists.txt
@ -37,11 +37,7 @@ function(add_contrib cmake_folder)
    message(STATUS "Adding contrib module ${base_folders} (configuring with ${cmake_folder})")
    add_subdirectory (${cmake_folder})
 endfunction()
-if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
+add_contrib (openssl-cmake openssl)
    add_contrib (openssl-cmake openssl)
 else ()
    add_contrib (boringssl-cmake boringssl)
 endif ()
 add_contrib (miniselect-cmake miniselect)
 add_contrib (pdqsort-cmake pdqsort)
 add_contrib (pocketfft-cmake pocketfft)
--- a/contrib/krb5-cmake/CMakeLists.txt
+++ b/contrib/krb5-cmake/CMakeLists.txt
@ -224,6 +224,7 @@ set(ALL_SRCS
    "${KRB5_SOURCE_DIR}/lib/crypto/krb/prf_rc4.c"
    "${KRB5_SOURCE_DIR}/lib/crypto/krb/s2k_pbkdf2.c"
    "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/aes.c"
    "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
    # "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des.c"
    "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/rc4.c"
    "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des3.c"
@ -474,14 +475,6 @@ set(ALL_SRCS
    "${KRB5_SOURCE_DIR}/lib/krb5/krb5_libinit.c"
 )
 if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
    add_compile_definitions(USE_BORINGSSL=1)
 else()
    set(ALL_SRCS ${ALL_SRCS}
        "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
    )
 endif()
 add_custom_command(
    OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/compile_et"
    COMMAND /bin/sh
--- a/contrib/libpq-cmake/CMakeLists.txt
+++ b/contrib/libpq-cmake/CMakeLists.txt
@ -59,11 +59,9 @@ set(SRCS
 add_library(_libpq ${SRCS})
-if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
+add_definitions(-DHAVE_BIO_METH_NEW)
-    add_definitions(-DHAVE_BIO_METH_NEW)
+add_definitions(-DHAVE_HMAC_CTX_NEW)
-    add_definitions(-DHAVE_HMAC_CTX_NEW)
+add_definitions(-DHAVE_HMAC_CTX_FREE)
    add_definitions(-DHAVE_HMAC_CTX_FREE)
 endif ()
 target_include_directories (_libpq SYSTEM PUBLIC ${LIBPQ_SOURCE_DIR})
 target_include_directories (_libpq SYSTEM PUBLIC "${LIBPQ_SOURCE_DIR}/include")
--- a/contrib/libssh-cmake/CMakeLists.txt
+++ b/contrib/libssh-cmake/CMakeLists.txt
@ -88,10 +88,6 @@ set(libssh_SRCS
    ${LIB_SOURCE_DIR}/src/bind_config.c
 )
 if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
    add_compile_definitions(USE_BORINGSSL=1)
 endif()
 configure_file(${LIB_SOURCE_DIR}/include/libssh/libssh_version.h.cmake ${LIB_BINARY_DIR}/include/libssh/libssh_version.h @ONLY)
 add_library(_ssh STATIC ${libssh_SRCS})
--- a/contrib/openssl-cmake/CMakeLists.txt
+++ b/contrib/openssl-cmake/CMakeLists.txt
--- a/contrib/openssl-cmake/linux_x86_64/der_digests_gen.c
+++ b/contrib/openssl-cmake/linux_x86_64/der_digests_gen.c
@ -1,160 +0,0 @@
 /*
 * WARNING: do not edit!
 * Generated by Makefile from ../providers/common/der/der_digests_gen.c.in
 *
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 #include "prov/der_digests.h"
 /* Well known OIDs precompiled */
 /*
 * sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
 */
 const unsigned char ossl_der_oid_sigAlgs[DER_OID_SZ_sigAlgs] = {
    DER_OID_V_sigAlgs
 };
 /*
 * id-sha1  OBJECT IDENTIFIER  ::=  { iso(1)
 *                      identified-organization(3) oiw(14)
 *                      secsig(3) algorithms(2) 26 }
 */
 const unsigned char ossl_der_oid_id_sha1[DER_OID_SZ_id_sha1] = {
    DER_OID_V_id_sha1
 };
 /*
 * id-md2  OBJECT IDENTIFIER ::= {
 *   iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
 */
 const unsigned char ossl_der_oid_id_md2[DER_OID_SZ_id_md2] = {
    DER_OID_V_id_md2
 };
 /*
 * id-md5  OBJECT IDENTIFIER ::= {
 *   iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
 */
 const unsigned char ossl_der_oid_id_md5[DER_OID_SZ_id_md5] = {
    DER_OID_V_id_md5
 };
 /*
 * id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
 */
 const unsigned char ossl_der_oid_id_sha256[DER_OID_SZ_id_sha256] = {
    DER_OID_V_id_sha256
 };
 /*
 * id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
 */
 const unsigned char ossl_der_oid_id_sha384[DER_OID_SZ_id_sha384] = {
    DER_OID_V_id_sha384
 };
 /*
 * id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
 */
 const unsigned char ossl_der_oid_id_sha512[DER_OID_SZ_id_sha512] = {
    DER_OID_V_id_sha512
 };
 /*
 * id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
 */
 const unsigned char ossl_der_oid_id_sha224[DER_OID_SZ_id_sha224] = {
    DER_OID_V_id_sha224
 };
 /*
 * id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
 */
 const unsigned char ossl_der_oid_id_sha512_224[DER_OID_SZ_id_sha512_224] = {
    DER_OID_V_id_sha512_224
 };
 /*
 * id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }
 */
 const unsigned char ossl_der_oid_id_sha512_256[DER_OID_SZ_id_sha512_256] = {
    DER_OID_V_id_sha512_256
 };
 /*
 * id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }
 */
 const unsigned char ossl_der_oid_id_sha3_224[DER_OID_SZ_id_sha3_224] = {
    DER_OID_V_id_sha3_224
 };
 /*
 * id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }
 */
 const unsigned char ossl_der_oid_id_sha3_256[DER_OID_SZ_id_sha3_256] = {
    DER_OID_V_id_sha3_256
 };
 /*
 * id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }
 */
 const unsigned char ossl_der_oid_id_sha3_384[DER_OID_SZ_id_sha3_384] = {
    DER_OID_V_id_sha3_384
 };
 /*
 * id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }
 */
 const unsigned char ossl_der_oid_id_sha3_512[DER_OID_SZ_id_sha3_512] = {
    DER_OID_V_id_sha3_512
 };
 /*
 * id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }
 */
 const unsigned char ossl_der_oid_id_shake128[DER_OID_SZ_id_shake128] = {
    DER_OID_V_id_shake128
 };
 /*
 * id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }
 */
 const unsigned char ossl_der_oid_id_shake256[DER_OID_SZ_id_shake256] = {
    DER_OID_V_id_shake256
 };
 /*
 * id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }
 */
 const unsigned char ossl_der_oid_id_shake128_len[DER_OID_SZ_id_shake128_len] = {
    DER_OID_V_id_shake128_len
 };
 /*
 * id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }
 */
 const unsigned char ossl_der_oid_id_shake256_len[DER_OID_SZ_id_shake256_len] = {
    DER_OID_V_id_shake256_len
 };
 /*
 * id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19}
 */
 const unsigned char ossl_der_oid_id_KMACWithSHAKE128[DER_OID_SZ_id_KMACWithSHAKE128] = {
    DER_OID_V_id_KMACWithSHAKE128
 };
 /*
 * id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20}
 */
 const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256] = {
    DER_OID_V_id_KMACWithSHAKE256
 };
--- a/contrib/openssl-cmake/linux_x86_64/der_dsa_gen.c
+++ b/contrib/openssl-cmake/linux_x86_64/der_dsa_gen.c
@ -1,94 +0,0 @@
 /*
 * WARNING: do not edit!
 * Generated by Makefile from ../providers/common/der/der_dsa_gen.c.in
 *
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 /*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
 #include "internal/deprecated.h"
 #include "prov/der_dsa.h"
 /* Well known OIDs precompiled */
 /*
 * id-dsa OBJECT IDENTIFIER ::= {
 *      iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
 */
 const unsigned char ossl_der_oid_id_dsa[DER_OID_SZ_id_dsa] = {
    DER_OID_V_id_dsa
 };
 /*
 * id-dsa-with-sha1 OBJECT IDENTIFIER ::=  {
 *      iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha1[DER_OID_SZ_id_dsa_with_sha1] = {
    DER_OID_V_id_dsa_with_sha1
 };
 /*
 * id-dsa-with-sha224 OBJECT IDENTIFIER ::= { sigAlgs 1 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha224[DER_OID_SZ_id_dsa_with_sha224] = {
    DER_OID_V_id_dsa_with_sha224
 };
 /*
 * id-dsa-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 2 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha256[DER_OID_SZ_id_dsa_with_sha256] = {
    DER_OID_V_id_dsa_with_sha256
 };
 /*
 * id-dsa-with-sha384 OBJECT IDENTIFIER ::= { sigAlgs 3 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha384[DER_OID_SZ_id_dsa_with_sha384] = {
    DER_OID_V_id_dsa_with_sha384
 };
 /*
 * id-dsa-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 4 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha512[DER_OID_SZ_id_dsa_with_sha512] = {
    DER_OID_V_id_dsa_with_sha512
 };
 /*
 * id-dsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 5 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha3_224[DER_OID_SZ_id_dsa_with_sha3_224] = {
    DER_OID_V_id_dsa_with_sha3_224
 };
 /*
 * id-dsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 6 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha3_256[DER_OID_SZ_id_dsa_with_sha3_256] = {
    DER_OID_V_id_dsa_with_sha3_256
 };
 /*
 * id-dsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 7 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha3_384[DER_OID_SZ_id_dsa_with_sha3_384] = {
    DER_OID_V_id_dsa_with_sha3_384
 };
 /*
 * id-dsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 8 }
 */
 const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512] = {
    DER_OID_V_id_dsa_with_sha3_512
 };
--- a/contrib/openssl-cmake/linux_x86_64/der_ec_gen.c
+++ b/contrib/openssl-cmake/linux_x86_64/der_ec_gen.c
@ -1,279 +0,0 @@
 /*
 * WARNING: do not edit!
 * Generated by Makefile from ../providers/common/der/der_ec_gen.c.in
 *
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 #include "prov/der_ec.h"
 /* Well known OIDs precompiled */
 /*
 * ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
 */
 const unsigned char ossl_der_oid_ecdsa_with_SHA1[DER_OID_SZ_ecdsa_with_SHA1] = {
    DER_OID_V_ecdsa_with_SHA1
 };
 /*
 * id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
 */
 const unsigned char ossl_der_oid_id_ecPublicKey[DER_OID_SZ_id_ecPublicKey] = {
    DER_OID_V_id_ecPublicKey
 };
 /*
 * c2pnb163v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  1 }
 */
 const unsigned char ossl_der_oid_c2pnb163v1[DER_OID_SZ_c2pnb163v1] = {
    DER_OID_V_c2pnb163v1
 };
 /*
 * c2pnb163v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  2 }
 */
 const unsigned char ossl_der_oid_c2pnb163v2[DER_OID_SZ_c2pnb163v2] = {
    DER_OID_V_c2pnb163v2
 };
 /*
 * c2pnb163v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  3 }
 */
 const unsigned char ossl_der_oid_c2pnb163v3[DER_OID_SZ_c2pnb163v3] = {
    DER_OID_V_c2pnb163v3
 };
 /*
 * c2pnb176w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  4 }
 */
 const unsigned char ossl_der_oid_c2pnb176w1[DER_OID_SZ_c2pnb176w1] = {
    DER_OID_V_c2pnb176w1
 };
 /*
 * c2tnb191v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve  5 }
 */
 const unsigned char ossl_der_oid_c2tnb191v1[DER_OID_SZ_c2tnb191v1] = {
    DER_OID_V_c2tnb191v1
 };
 /*
 * c2tnb191v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve  6 }
 */
 const unsigned char ossl_der_oid_c2tnb191v2[DER_OID_SZ_c2tnb191v2] = {
    DER_OID_V_c2tnb191v2
 };
 /*
 * c2tnb191v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve  7 }
 */
 const unsigned char ossl_der_oid_c2tnb191v3[DER_OID_SZ_c2tnb191v3] = {
    DER_OID_V_c2tnb191v3
 };
 /*
 * c2onb191v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve  8 }
 */
 const unsigned char ossl_der_oid_c2onb191v4[DER_OID_SZ_c2onb191v4] = {
    DER_OID_V_c2onb191v4
 };
 /*
 * c2onb191v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve  9 }
 */
 const unsigned char ossl_der_oid_c2onb191v5[DER_OID_SZ_c2onb191v5] = {
    DER_OID_V_c2onb191v5
 };
 /*
 * c2pnb208w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 10 }
 */
 const unsigned char ossl_der_oid_c2pnb208w1[DER_OID_SZ_c2pnb208w1] = {
    DER_OID_V_c2pnb208w1
 };
 /*
 * c2tnb239v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 11 }
 */
 const unsigned char ossl_der_oid_c2tnb239v1[DER_OID_SZ_c2tnb239v1] = {
    DER_OID_V_c2tnb239v1
 };
 /*
 * c2tnb239v2  OBJECT IDENTIFIER  ::=  { c-TwoCurve 12 }
 */
 const unsigned char ossl_der_oid_c2tnb239v2[DER_OID_SZ_c2tnb239v2] = {
    DER_OID_V_c2tnb239v2
 };
 /*
 * c2tnb239v3  OBJECT IDENTIFIER  ::=  { c-TwoCurve 13 }
 */
 const unsigned char ossl_der_oid_c2tnb239v3[DER_OID_SZ_c2tnb239v3] = {
    DER_OID_V_c2tnb239v3
 };
 /*
 * c2onb239v4  OBJECT IDENTIFIER  ::=  { c-TwoCurve 14 }
 */
 const unsigned char ossl_der_oid_c2onb239v4[DER_OID_SZ_c2onb239v4] = {
    DER_OID_V_c2onb239v4
 };
 /*
 * c2onb239v5  OBJECT IDENTIFIER  ::=  { c-TwoCurve 15 }
 */
 const unsigned char ossl_der_oid_c2onb239v5[DER_OID_SZ_c2onb239v5] = {
    DER_OID_V_c2onb239v5
 };
 /*
 * c2pnb272w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 16 }
 */
 const unsigned char ossl_der_oid_c2pnb272w1[DER_OID_SZ_c2pnb272w1] = {
    DER_OID_V_c2pnb272w1
 };
 /*
 * c2pnb304w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 17 }
 */
 const unsigned char ossl_der_oid_c2pnb304w1[DER_OID_SZ_c2pnb304w1] = {
    DER_OID_V_c2pnb304w1
 };
 /*
 * c2tnb359v1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 18 }
 */
 const unsigned char ossl_der_oid_c2tnb359v1[DER_OID_SZ_c2tnb359v1] = {
    DER_OID_V_c2tnb359v1
 };
 /*
 * c2pnb368w1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 19 }
 */
 const unsigned char ossl_der_oid_c2pnb368w1[DER_OID_SZ_c2pnb368w1] = {
    DER_OID_V_c2pnb368w1
 };
 /*
 * c2tnb431r1  OBJECT IDENTIFIER  ::=  { c-TwoCurve 20 }
 */
 const unsigned char ossl_der_oid_c2tnb431r1[DER_OID_SZ_c2tnb431r1] = {
    DER_OID_V_c2tnb431r1
 };
 /*
 * prime192v1  OBJECT IDENTIFIER  ::=  { primeCurve  1 }
 */
 const unsigned char ossl_der_oid_prime192v1[DER_OID_SZ_prime192v1] = {
    DER_OID_V_prime192v1
 };
 /*
 * prime192v2  OBJECT IDENTIFIER  ::=  { primeCurve  2 }
 */
 const unsigned char ossl_der_oid_prime192v2[DER_OID_SZ_prime192v2] = {
    DER_OID_V_prime192v2
 };
 /*
 * prime192v3  OBJECT IDENTIFIER  ::=  { primeCurve  3 }
 */
 const unsigned char ossl_der_oid_prime192v3[DER_OID_SZ_prime192v3] = {
    DER_OID_V_prime192v3
 };
 /*
 * prime239v1  OBJECT IDENTIFIER  ::=  { primeCurve  4 }
 */
 const unsigned char ossl_der_oid_prime239v1[DER_OID_SZ_prime239v1] = {
    DER_OID_V_prime239v1
 };
 /*
 * prime239v2  OBJECT IDENTIFIER  ::=  { primeCurve  5 }
 */
 const unsigned char ossl_der_oid_prime239v2[DER_OID_SZ_prime239v2] = {
    DER_OID_V_prime239v2
 };
 /*
 * prime239v3  OBJECT IDENTIFIER  ::=  { primeCurve  6 }
 */
 const unsigned char ossl_der_oid_prime239v3[DER_OID_SZ_prime239v3] = {
    DER_OID_V_prime239v3
 };
 /*
 * prime256v1  OBJECT IDENTIFIER  ::=  { primeCurve  7 }
 */
 const unsigned char ossl_der_oid_prime256v1[DER_OID_SZ_prime256v1] = {
    DER_OID_V_prime256v1
 };
 /*
 * ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
 */
 const unsigned char ossl_der_oid_ecdsa_with_SHA224[DER_OID_SZ_ecdsa_with_SHA224] = {
    DER_OID_V_ecdsa_with_SHA224
 };
 /*
 * ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
 */
 const unsigned char ossl_der_oid_ecdsa_with_SHA256[DER_OID_SZ_ecdsa_with_SHA256] = {
    DER_OID_V_ecdsa_with_SHA256
 };
 /*
 * ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
 */
 const unsigned char ossl_der_oid_ecdsa_with_SHA384[DER_OID_SZ_ecdsa_with_SHA384] = {
    DER_OID_V_ecdsa_with_SHA384
 };
 /*
 * ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 *      us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
 */
 const unsigned char ossl_der_oid_ecdsa_with_SHA512[DER_OID_SZ_ecdsa_with_SHA512] = {
    DER_OID_V_ecdsa_with_SHA512
 };
 /*
 * id-ecdsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 9 }
 */
 const unsigned char ossl_der_oid_id_ecdsa_with_sha3_224[DER_OID_SZ_id_ecdsa_with_sha3_224] = {
    DER_OID_V_id_ecdsa_with_sha3_224
 };
 /*
 * id-ecdsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 10 }
 */
 const unsigned char ossl_der_oid_id_ecdsa_with_sha3_256[DER_OID_SZ_id_ecdsa_with_sha3_256] = {
    DER_OID_V_id_ecdsa_with_sha3_256
 };
 /*
 * id-ecdsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 11 }
 */
 const unsigned char ossl_der_oid_id_ecdsa_with_sha3_384[DER_OID_SZ_id_ecdsa_with_sha3_384] = {
    DER_OID_V_id_ecdsa_with_sha3_384
 };
 /*
 * id-ecdsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 12 }
 */
 const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512] = {
    DER_OID_V_id_ecdsa_with_sha3_512
 };
--- a/contrib/openssl-cmake/linux_x86_64/der_ecx_gen.c
+++ b/contrib/openssl-cmake/linux_x86_64/der_ecx_gen.c
@ -1,44 +0,0 @@
 /*
 * WARNING: do not edit!
 * Generated by Makefile from ../providers/common/der/der_ecx_gen.c.in
 *
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 #include "prov/der_ecx.h"
 /* Well known OIDs precompiled */
 /*
 * id-X25519        OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 }
 */
 const unsigned char ossl_der_oid_id_X25519[DER_OID_SZ_id_X25519] = {
    DER_OID_V_id_X25519
 };
 /*
 * id-X448          OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 }
 */
 const unsigned char ossl_der_oid_id_X448[DER_OID_SZ_id_X448] = {
    DER_OID_V_id_X448
 };
 /*
 * id-Ed25519       OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 }
 */
 const unsigned char ossl_der_oid_id_Ed25519[DER_OID_SZ_id_Ed25519] = {
    DER_OID_V_id_Ed25519
 };
 /*
 * id-Ed448         OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 }
 */
 const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448] = {
    DER_OID_V_id_Ed448
 };
--- a/contrib/openssl-cmake/linux_x86_64/der_rsa_gen.c
+++ b/contrib/openssl-cmake/linux_x86_64/der_rsa_gen.c
@ -1,174 +0,0 @@
 /*
 * WARNING: do not edit!
 * Generated by Makefile from ../providers/common/der/der_rsa_gen.c.in
 *
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 #include "prov/der_rsa.h"
 /* Well known OIDs precompiled */
 /*
 * hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }
 */
 const unsigned char ossl_der_oid_hashAlgs[DER_OID_SZ_hashAlgs] = {
    DER_OID_V_hashAlgs
 };
 /*
 * rsaEncryption    OBJECT IDENTIFIER ::= { pkcs-1 1 }
 */
 const unsigned char ossl_der_oid_rsaEncryption[DER_OID_SZ_rsaEncryption] = {
    DER_OID_V_rsaEncryption
 };
 /*
 * id-RSAES-OAEP    OBJECT IDENTIFIER ::= { pkcs-1 7 }
 */
 const unsigned char ossl_der_oid_id_RSAES_OAEP[DER_OID_SZ_id_RSAES_OAEP] = {
    DER_OID_V_id_RSAES_OAEP
 };
 /*
 * id-pSpecified    OBJECT IDENTIFIER ::= { pkcs-1 9 }
 */
 const unsigned char ossl_der_oid_id_pSpecified[DER_OID_SZ_id_pSpecified] = {
    DER_OID_V_id_pSpecified
 };
 /*
 * id-RSASSA-PSS    OBJECT IDENTIFIER ::= { pkcs-1 10 }
 */
 const unsigned char ossl_der_oid_id_RSASSA_PSS[DER_OID_SZ_id_RSASSA_PSS] = {
    DER_OID_V_id_RSASSA_PSS
 };
 /*
 * md2WithRSAEncryption         OBJECT IDENTIFIER ::= { pkcs-1 2 }
 */
 const unsigned char ossl_der_oid_md2WithRSAEncryption[DER_OID_SZ_md2WithRSAEncryption] = {
    DER_OID_V_md2WithRSAEncryption
 };
 /*
 * md5WithRSAEncryption         OBJECT IDENTIFIER ::= { pkcs-1 4 }
 */
 const unsigned char ossl_der_oid_md5WithRSAEncryption[DER_OID_SZ_md5WithRSAEncryption] = {
    DER_OID_V_md5WithRSAEncryption
 };
 /*
 * sha1WithRSAEncryption        OBJECT IDENTIFIER ::= { pkcs-1 5 }
 */
 const unsigned char ossl_der_oid_sha1WithRSAEncryption[DER_OID_SZ_sha1WithRSAEncryption] = {
    DER_OID_V_sha1WithRSAEncryption
 };
 /*
 * sha224WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 14 }
 */
 const unsigned char ossl_der_oid_sha224WithRSAEncryption[DER_OID_SZ_sha224WithRSAEncryption] = {
    DER_OID_V_sha224WithRSAEncryption
 };
 /*
 * sha256WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 11 }
 */
 const unsigned char ossl_der_oid_sha256WithRSAEncryption[DER_OID_SZ_sha256WithRSAEncryption] = {
    DER_OID_V_sha256WithRSAEncryption
 };
 /*
 * sha384WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 12 }
 */
 const unsigned char ossl_der_oid_sha384WithRSAEncryption[DER_OID_SZ_sha384WithRSAEncryption] = {
    DER_OID_V_sha384WithRSAEncryption
 };
 /*
 * sha512WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 13 }
 */
 const unsigned char ossl_der_oid_sha512WithRSAEncryption[DER_OID_SZ_sha512WithRSAEncryption] = {
    DER_OID_V_sha512WithRSAEncryption
 };
 /*
 * sha512-224WithRSAEncryption  OBJECT IDENTIFIER ::= { pkcs-1 15 }
 */
 const unsigned char ossl_der_oid_sha512_224WithRSAEncryption[DER_OID_SZ_sha512_224WithRSAEncryption] = {
    DER_OID_V_sha512_224WithRSAEncryption
 };
 /*
 * sha512-256WithRSAEncryption  OBJECT IDENTIFIER ::= { pkcs-1 16 }
 */
 const unsigned char ossl_der_oid_sha512_256WithRSAEncryption[DER_OID_SZ_sha512_256WithRSAEncryption] = {
    DER_OID_V_sha512_256WithRSAEncryption
 };
 /*
 * id-mgf1    OBJECT IDENTIFIER ::= { pkcs-1 8 }
 */
 const unsigned char ossl_der_oid_id_mgf1[DER_OID_SZ_id_mgf1] = {
    DER_OID_V_id_mgf1
 };
 /*
 * id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 }
 */
 const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224] = {
    DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_224
 };
 /*
 * id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 }
 */
 const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256] = {
    DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_256
 };
 /*
 * id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 }
 */
 const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384] = {
    DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_384
 };
 /*
 * id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 }
 */
 const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512] = {
    DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_512
 };
 /*
 * md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
 */
 const unsigned char ossl_der_oid_md4WithRSAEncryption[DER_OID_SZ_md4WithRSAEncryption] = {
    DER_OID_V_md4WithRSAEncryption
 };
 /*
 * ripemd160WithRSAEncryption    OBJECT IDENTIFIER ::= {
 *     iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2
 * }
 */
 const unsigned char ossl_der_oid_ripemd160WithRSAEncryption[DER_OID_SZ_ripemd160WithRSAEncryption] = {
    DER_OID_V_ripemd160WithRSAEncryption
 };
 /*
 * mdc2WithRSASignature OBJECT IDENTIFIER ::= {
 *     iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14)
 * }
 */
 const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature] = {
    DER_OID_V_mdc2WithRSASignature
 };
--- a/contrib/openssl-cmake/linux_x86_64/der_wrap_gen.c
+++ b/contrib/openssl-cmake/linux_x86_64/der_wrap_gen.c
@ -1,46 +0,0 @@
 /*
 * WARNING: do not edit!
 * Generated by Makefile from ../providers/common/der/der_wrap_gen.c.in
 *
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */
 #include "prov/der_wrap.h"
 /* Well known OIDs precompiled */
 /*
 * id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
 *     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6
 * }
 */
 const unsigned char ossl_der_oid_id_alg_CMS3DESwrap[DER_OID_SZ_id_alg_CMS3DESwrap] = {
    DER_OID_V_id_alg_CMS3DESwrap
 };
 /*
 * id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
 */
 const unsigned char ossl_der_oid_id_aes128_wrap[DER_OID_SZ_id_aes128_wrap] = {
    DER_OID_V_id_aes128_wrap
 };
 /*
 * id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
 */
 const unsigned char ossl_der_oid_id_aes192_wrap[DER_OID_SZ_id_aes192_wrap] = {
    DER_OID_V_id_aes192_wrap
 };
 /*
 * id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }
 */
 const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap] = {
    DER_OID_V_id_aes256_wrap
 };
--- a/docs/en/development/build-cross-s390x.md
+++ b/docs/en/development/build-cross-s390x.md
@ -10,11 +10,11 @@ As of writing (2023/3/10) building for s390x considered to be experimental. Not
 ## Building
-As s390x does not support boringssl, it uses OpenSSL and has two related build options. 
+s390x has two OpenSSL-related build options. 
 - By default, the s390x build will dynamically link to OpenSSL libraries. It will build OpenSSL shared objects, so it's not necessary to install OpenSSL beforehand. (This option is recommended in all cases.)
 - Another option is to build OpenSSL in-tree. In this case two build flags need to be supplied to cmake
 ```bash
-DENABLE_OPENSSL_DYNAMIC=0 -DENABLE_OPENSSL=1
+-DENABLE_OPENSSL_DYNAMIC=0
 ```
 These instructions assume that the host machine is x86_64 and has all the tooling required to build natively based on the [build instructions](../development/build.md). It also assumes that the host is Ubuntu 22.04 but the following instructions should also work on Ubuntu 20.04.
--- a/programs/server/Server.cpp
+++ b/programs/server/Server.cpp
@ -648,23 +648,22 @@ try
    }
 #endif
 #if USE_OPENSSL_INTREE
    /// When building openssl into clickhouse, clickhouse owns the configuration
    /// Therefore, the clickhouse openssl configuration should be kept separate from
    /// the OS. Default to the one in the standard config directory, unless overridden
    /// by a key in the config.
    /// Note: this has to be done once at server initialization, because 'setenv' is not thread-safe.
    if (config().has("opensslconf"))
    {
        std::string opensslconf_path = config().getString("opensslconf");
-        setenv("OPENSSL_CONF", opensslconf_path.c_str(), true);
+        setenv("OPENSSL_CONF", opensslconf_path.c_str(), true); /// NOLINT
    }
    else
    {
        const String config_path = config().getString("config-file", "config.xml");
        const auto config_dir = std::filesystem::path{config_path}.replace_filename("openssl.conf");
-        setenv("OPENSSL_CONF", config_dir.c_str(), true);
+        setenv("OPENSSL_CONF", config_dir.c_str(), true); /// NOLINT
    }
 #endif
    registerInterpreters();
    registerFunctions();
--- a/src/Common/config.h.in
+++ b/src/Common/config.h.in
@ -55,11 +55,9 @@
 #cmakedefine01 USE_KRB5
 #cmakedefine01 USE_FILELOG
 #cmakedefine01 USE_ODBC
 #cmakedefine01 USE_BORINGSSL
 #cmakedefine01 USE_BLAKE3
 #cmakedefine01 USE_SKIM
 #cmakedefine01 USE_PRQL
 #cmakedefine01 USE_OPENSSL_INTREE
 #cmakedefine01 USE_ULID
 #cmakedefine01 FIU_ENABLE
 #cmakedefine01 USE_BCRYPT
--- a/src/Compression/CompressionCodecEncrypted.cpp
+++ b/src/Compression/CompressionCodecEncrypted.cpp
@ -9,16 +9,10 @@
 #include <Common/logger_useful.h>
 #include <Common/safe_cast.h>
 // This depends on BoringSSL-specific API, notably <openssl/aead.h>.
 #if USE_SSL
 #    include <openssl/err.h>
 #    include <boost/algorithm/hex.hpp>
-#    if USE_BORINGSSL
+#    include <openssl/evp.h>
 #        include <openssl/digest.h>
 #        include <openssl/aead.h>
 #    else
 #        include <openssl/evp.h>
 #    endif
 #endif
 // Common part for both parts (with SSL and without)
@ -107,77 +101,6 @@ std::string lastErrorString()
    return std::string(buffer.data());
 }
 #if USE_BORINGSSL
 /// Get encryption/decryption algorithms.
 auto getMethod(EncryptionMethod Method)
 {
    if (Method == AES_128_GCM_SIV)
        return EVP_aead_aes_128_gcm_siv;
    else if (Method == AES_256_GCM_SIV)
        return EVP_aead_aes_256_gcm_siv;
    else
        throw Exception(ErrorCodes::BAD_ARGUMENTS, "Unknown encryption method. Got {}", getMethodName(Method));
 }
 /// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
 /// This function get key and nonce and encrypt text with their help.
 /// If something went wrong (can't init context or can't encrypt data) it throws exception.
 /// It returns length of encrypted text.
 size_t encrypt(std::string_view plaintext, char * ciphertext_and_tag, EncryptionMethod method, const String & key, const String & nonce)
 {
    /// Init context for encryption, using key.
    EVP_AEAD_CTX encrypt_ctx;
    EVP_AEAD_CTX_zero(&encrypt_ctx);
    const int ok_init = EVP_AEAD_CTX_init(&encrypt_ctx, getMethod(method)(),
                                            reinterpret_cast<const uint8_t*>(key.data()), key.size(),
                                            tag_size, nullptr);
    if (!ok_init)
        throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
    /// encrypt data using context and given nonce.
    size_t out_len;
    const int ok_open = EVP_AEAD_CTX_seal(&encrypt_ctx,
                                            reinterpret_cast<uint8_t *>(ciphertext_and_tag),
                                            &out_len, plaintext.size() + tag_size,
                                            reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
                                            reinterpret_cast<const uint8_t *>(plaintext.data()), plaintext.size(),
                                            nullptr, 0);
    if (!ok_open)
        throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
    return out_len;
 }
 /// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
 /// This function get key and nonce and encrypt text with their help.
 /// If something went wrong (can't init context or can't encrypt data) it throws exception.
 /// It returns length of encrypted text.
 size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod method, const String & key, const String & nonce)
 {
    /// Init context for decryption with given key.
    EVP_AEAD_CTX decrypt_ctx;
    EVP_AEAD_CTX_zero(&decrypt_ctx);
    const int ok_init = EVP_AEAD_CTX_init(&decrypt_ctx, getMethod(method)(),
                                          reinterpret_cast<const uint8_t*>(key.data()), key.size(),
                                          tag_size, nullptr);
    if (!ok_init)
        throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
    /// decrypt data using given nonce
    size_t out_len;
    const int ok_open = EVP_AEAD_CTX_open(&decrypt_ctx,
                                          reinterpret_cast<uint8_t *>(plaintext),
                                          &out_len, ciphertext.size(),
                                          reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
                                          reinterpret_cast<const uint8_t *>(ciphertext.data()), ciphertext.size(),
                                          nullptr, 0);
    if (!ok_open)
        throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
    return out_len;
 }
 #else
 /// Get encryption/decryption algorithms.
 auto getMethod(EncryptionMethod Method)
 {
@ -324,7 +247,6 @@ size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod m
    return plaintext_len + out_len;
 }
 #endif
 /// Register codec in factory
 void registerEncryptionCodec(CompressionCodecFactory & factory, EncryptionMethod Method)
--- a/src/Core/MySQL/Authentication.cpp
+++ b/src/Core/MySQL/Authentication.cpp
@ -184,11 +184,7 @@ void Sha256Password::authenticate(
        const auto * ciphertext = reinterpret_cast<const unsigned char *>(unpack_auth_response.data());
        unsigned char plaintext[RSA_size(&private_key)];
 #if USE_BORINGSSL
        int plaintext_size = RSA_private_decrypt(unpack_auth_response.size(), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
 #else
        int plaintext_size = RSA_private_decrypt(static_cast<int>(unpack_auth_response.size()), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
 #endif
        if (plaintext_size == -1)
        {
            if (!sent_public_key)
--- a/src/Functions/FunctionsStringHashFixedString.cpp
+++ b/src/Functions/FunctionsStringHashFixedString.cpp
@ -17,11 +17,7 @@
 #    include <openssl/md4.h>
 #    include <openssl/md5.h>
 #    include <openssl/sha.h>
-#    if USE_BORINGSSL
+#    include <openssl/evp.h>
 #        include <openssl/digest.h>
 #    else
 #        include <openssl/evp.h>
 #    endif
 #endif
 /// Instatiating only the functions that require FunctionStringHashFixedString in a separate file
--- a/src/configure_config.cmake
+++ b/src/configure_config.cmake
@ -158,12 +158,6 @@ endif()
 if (TARGET ch_contrib::bcrypt)
    set(USE_BCRYPT 1)
 endif()
 if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
    set(USE_BORINGSSL 1)
 endif ()
 if (ENABLE_OPENSSL)
    set(USE_OPENSSL_INTREE 1)
 endif ()
 if (TARGET ch_contrib::ssh)
    set(USE_SSH 1)
 endif()