Upgrade to OpenSSL 3

.gitmodules

@@ -1,6 +1,3 @@
 [submodule "external/catch"]
 	path = external/catch
 	url = https://github.com/catchorg/Catch2.git
-[submodule "tools/vcpkg/ports"]
-	path = tools/vcpkg/ports
-	url = https://github.com/microsoft/vcpkg.git

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ### Enhancements
 * <New feature description> (PR [#????](https://github.com/realm/realm-core/pull/????))
-* None.
+* Upgrade OpenSSL from 1.1.1n to 3.0.7. ([#????](https://github.com/realm/realm-core/pull/????))
 
 ### Fixed
 * <How do the end-user experience this issue? what was the impact?> ([#????](https://github.com/realm/realm-core/issues/????), since v?.?.?)
@@ -18,6 +18,7 @@
   * `SubscriptionSet::find()` overloads now return `const Subscription*` with `nullptr` to signal not-found, rather than an at-end iterator
   * `MutableSubscriptionSet::erase()` now has overloads taking a `StringData name` or a `Query`. Both return a bool to indicate if anything was found and removed.
   * `MutableSubscriptionSet::commit()` is no longer `&&`-qualified. This means you no longer need to `std::move()` the set when calling it.
+* Core no longer provides any VCPKG infrastructure (the ports submodule and overlay triplets), because it handles dependant libraries internally now.
 
 ### Compatibility
 * Fileformat: Generates files with format v23. Reads and automatically upgrade from fileformat v5.

CMakeLists.txt

@@ -19,6 +19,7 @@ include(SpecialtyBuilds)
 include(GetVersion)
 include(CheckCXXCompilerFlag)
 include(CheckCXXSourceRuns)
+include(AcquireRealmDependency)
 
 include(CodeCoverage)
 
@@ -228,52 +229,15 @@ elseif(CMAKE_SYSTEM_NAME MATCHES "Linux|Android")
 endif()
 
 if(REALM_NEEDS_OPENSSL OR REALM_FORCE_OPENSSL)
-    set(OPENSSL_USE_STATIC_LIBS ON)
-    if(VCPKG_TOOLCHAIN)
-        # If we're building with vcpkg, prefer to find OpenSSL there first
-        find_package(OpenSSL)
-    endif()
-    # We aren't building with vcpkg, or it didn't have OpenSSL
-    if(NOT OpenSSL_FOUND)
-        if(ANDROID OR (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64"))
-            # We have prebuilt OpenSSL tarballs for Android and Linux x86_64
-            set(_realm_have_prebuilt_openssl ON)
-        endif()
-        if(NOT REALM_USE_SYSTEM_OPENSSL AND _realm_have_prebuilt_openssl)
-            # Use our own prebuilt OpenSSL
-            if(NOT OpenSSL_DIR)
-                if(NOT EXISTS ${CMAKE_CURRENT_BINARY_DIR}/openssl/lib/cmake/OpenSSL/OpenSSLConfig.cmake)
-                    if(ANDROID)
-                        set(OPENSSL_URL "http://static.realm.io/downloads/openssl/${OPENSSL_VERSION}/Android/${CMAKE_ANDROID_ARCH_ABI}/openssl.tar.gz")
-                    else()
-                        set(OPENSSL_URL "http://static.realm.io/downloads/openssl/${OPENSSL_VERSION}/Linux/x86_64/openssl.tar.gz")
-                    endif()
-
-                    message(STATUS "Getting ${OPENSSL_URL}...")
-                    file(DOWNLOAD "${OPENSSL_URL}" "${CMAKE_CURRENT_BINARY_DIR}/openssl/openssl.tar.gz" STATUS download_status)
-
-                    list(GET download_status 0 status_code)
-                    if (NOT "${status_code}" STREQUAL "0")
-                        message(FATAL_ERROR "Downloading ${url}... Failed. Status: ${download_status}")
-                    endif()
-
-                    message(STATUS "Uncompressing OpenSSL...")
-                    execute_process(
-                        COMMAND ${CMAKE_COMMAND} -E tar xfz "openssl.tar.gz"
-                        WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/openssl"
-                    )
-                endif()
-
-                set(OpenSSL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openssl/lib/cmake/OpenSSL")
-            endif()
-            find_package(OpenSSL REQUIRED CONFIG)
-            target_link_libraries(OpenSSL::SSL INTERFACE OpenSSL::Crypto)
-        else()
-            # Use whatever OpenSSL CMake finds on the system
-            find_package(OpenSSL REQUIRED)
-        endif()
+    if(NOT REALM_USE_SYSTEM_OPENSSL AND (ANDROID OR WIN32 OR CMAKE_SYSTEM_NAME STREQUAL "Linux"))
+        # Use our own prebuilt OpenSSL
+        realm_acquire_dependency(openssl ${OPENSSL_VERSION} OPENSSL_CMAKE_INCLUDE_FILE)
+
+        include(${OPENSSL_CMAKE_INCLUDE_FILE})
     endif()
 
+    set(OPENSSL_USE_STATIC_LIBS ON)
+    find_package(OpenSSL REQUIRED)
     set(REALM_HAVE_OPENSSL ON)
     string(REGEX MATCH "^([0-9]+)\\.([0-9]+)" OPENSSL_VERSION_MAJOR_MINOR ${OPENSSL_VERSION})
 elseif(APPLE)
@@ -285,7 +249,10 @@ endif()
 # so for an iOS build it'll use the path from the Device plaform, which is an error on Simulator.
 # Just use -lz and let Xcode figure it out
 if(NOT APPLE AND NOT TARGET ZLIB::ZLIB)
-    if(ANDROID)
+    if(WIN32)
+        realm_acquire_dependency(zlib ${WIN32_ZLIB_VERSION} ZLIB_CMAKE_INCLUDE_FILE)
+        include(${ZLIB_CMAKE_INCLUDE_FILE})
+    elseif(ANDROID)
         # On Android FindZLIB chooses the static libz over the dynamic one, but this leads to issues
         # (see https://github.com/android/ndk/issues/1179)
         # We want to link against the stub library instead of statically linking anyway,
@@ -364,7 +331,8 @@ if(REALM_ENABLE_SYNC)
     list(APPEND REALM_EXPORTED_TARGETS Sync)
 endif()
 export(TARGETS ${REALM_EXPORTED_TARGETS} NAMESPACE Realm:: FILE RealmTargets.cmake)
-configure_file(${CMAKE_CURRENT_LIST_DIR}/tools/cmake/RealmConfig.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/RealmConfig.cmake @ONLY)
+configure_file(tools/cmake/RealmConfig.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/RealmConfig.cmake @ONLY)
+configure_file(tools/cmake/AcquireRealmDependency.cmake ${CMAKE_CURRENT_BINARY_DIR}/AcquireRealmDependency.cmake @ONLY)
 
 # Make the project importable from the install directory
 install(EXPORT realm
@@ -379,6 +347,11 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/RealmConfig.cmake
         COMPONENT devel
 )
 
+install(FILES tools/cmake/AcquireRealmDependency.cmake
+        DESTINATION lib/cmake/Realm
+        COMPONENT devel
+)
+
 # CPack
 set(CPACK_GENERATOR "TGZ")
 set(CPACK_PACKAGE_VERSION ${REALM_VERSION})

Jenkinsfile

@@ -547,12 +547,6 @@ def doBuildWindows(String buildType, boolean isUWP, String platform, boolean run
       CMAKE_BUILD_TYPE: buildType,
       REALM_ENABLE_SYNC: "ON",
       CPACK_SYSTEM_NAME: cpackSystemName,
-      CMAKE_TOOLCHAIN_FILE: '%WORKSPACE%/tools/vcpkg/ports/scripts/buildsystems/vcpkg.cmake',
-      VCPKG_MANIFEST_DIR: '%WORKSPACE%/tools/vcpkg',
-      VCPKG_OVERLAY_TRIPLETS: '%WORKSPACE%/tools/vcpkg/triplets',
-      // set a custom buildtrees path because the default one is too long and msbuild tasks fail
-      VCPKG_INSTALL_OPTIONS: '--x-buildtrees-root=%WORKSPACE%/vcpkg-buildtrees',
-      VCPKG_TARGET_TRIPLET: triplet,
       REALM_VERSION: gitDescribeVersion,
     ]
 

dependencies.list

@@ -1,4 +1,5 @@
 PACKAGE_NAME=realm-core
 VERSION=13.1.1
-OPENSSL_VERSION=1.1.1n
+OPENSSL_VERSION=3.0.7
+WIN32_ZLIB_VERSION=1.2.13
 MDBREALM_TEST_SERVER_TAG=2022-10-21

src/realm/util/network_ssl.cpp

@@ -835,15 +835,18 @@ int Stream::bio_puts(BIO* bio, const char* c_str) noexcept
 long Stream::bio_ctrl(BIO*, int cmd, long, void*) noexcept
 {
     switch (cmd) {
+        case BIO_CTRL_EOF:
+            return 0;
         case BIO_CTRL_PUSH:
         case BIO_CTRL_POP:
             // Ignoring in alignment with `crypto/bio/bss_sock.c` of OpenSSL.
             return 0;
         case BIO_CTRL_FLUSH:
             // Ignoring in alignment with `crypto/bio/bss_sock.c` of OpenSSL.
             return 1;
+        default:
+            REALM_ASSERT_EX(false, "Got BIO_ctrl with unknown command %d", cmd);
     }
-    REALM_ASSERT(false);
     return 0;
 }
 

tools/cmake/AcquireRealmDependency.cmake

@@ -0,0 +1,48 @@
+function(realm_acquire_dependency dep_name dep_version out_dep_cmake)
+    set(_target_architecture_Android_armeabi-v7a arm)
+    set(_target_architecture_Android_arm64-v8a arm64)
+    set(_target_architecture_Android_x86 x86)
+    set(_target_architecture_Android_x86_64 x64)
+    set(_target_architecture_Windows_Win32 x86)
+    set(_target_architecture_Windows_x64 x64)
+    set(_target_architecture_Windows_ARM64 arm64)
+    set(_target_architecture_WindowsStore_Win32 x86)
+    set(_target_architecture_WindowsStore_x64 x64)
+    set(_target_architecture_WindowsStore_ARM arm)
+    set(_target_architecture_WindowsStore_ARM64 arm64)
+    set(_target_architecture_Linux_arm arm)
+    set(_target_architecture_Linux_armv7 arm)
+    set(_target_architecture_Linux_armv7l arm)
+    set(_target_architecture_Linux_aarch64 arm64)
+    set(_target_platform_name_Android android)
+    set(_target_platform_name_Windows windows-static)
+    set(_target_platform_name_WindowsStore uwp-static)
+    set(_target_platform_name_Linux linux-gnu)
+
+    if(ANDROID)
+        set(_target_architecture ${CMAKE_ANDROID_ARCH_ABI})
+    elseif(WIN32 AND CMAKE_GENERATOR MATCHES "^Visual Studio")
+        set(_target_architecture ${CMAKE_GENERATOR_PLATFORM})
+    else()
+        set(_target_architecture ${CMAKE_SYSTEM_PROCESSOR})
+    endif()
+
+    if(NOT EXISTS ${CMAKE_CURRENT_BINARY_DIR}/${dep_name}/include.cmake)
+        set(DEP_URL "https://static.realm.io/downloads/dependencies/${dep_name}/${dep_version}/${dep_name}-${dep_version}-${_target_architecture_${CMAKE_SYSTEM_NAME}_${_target_architecture}}-${_target_platform_name_${CMAKE_SYSTEM_NAME}}.tar.gz")
+        message(STATUS "Getting ${DEP_URL}...")
+        file(DOWNLOAD "${DEP_URL}" "${CMAKE_CURRENT_BINARY_DIR}/${dep_name}/${dep_name}.tar.gz" STATUS download_status)
+
+        list(GET download_status 0 status_code)
+        if (NOT "${status_code}" STREQUAL "0")
+            message(FATAL_ERROR "Downloading ${url}... Failed. Status: ${download_status}")
+        endif()
+
+        message(STATUS "Uncompressing ${dep_name}...")
+        execute_process(
+            COMMAND ${CMAKE_COMMAND} -E tar xfz "${dep_name}.tar.gz"
+            WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/${dep_name}"
+        )
+    endif()
+
+    set(${out_dep_cmake} ${CMAKE_CURRENT_BINARY_DIR}/${dep_name}/include.cmake PARENT_SCOPE)
+endfunction()

tools/cmake/RealmConfig.cmake.in

@@ -1,55 +1,19 @@
 include("${CMAKE_CURRENT_LIST_DIR}/RealmTargets.cmake")
+include("${CMAKE_CURRENT_LIST_DIR}/AcquireRealmDependency.cmake")
 
 # Find dependencies
 include(CMakeFindDependencyMacro)
 
-set(REALM_FORCE_OPENSSL @REALM_HAVE_OPENSSL@)
-if(REALM_FORCE_OPENSSL)
-    if(VCPKG_TOOLCHAIN)
-        # If we're building with vcpkg, prefer to find OpenSSL there first
-        if(Realm_FIND_QUIETLY)
-            set(_quiet_arg QUIET)
-        endif()
-        find_package(OpenSSL @OPENSSL_VERSION_MAJOR_MINOR@ ${_quiet_arg})
-    endif()
-    # We aren't building with vcpkg, or it didn't have OpenSSL
-    if(NOT OpenSSL_FOUND)
-        if(ANDROID OR (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64"))
-            # We have prebuilt OpenSSL tarballs for Android and Linux x86_64
-            set(_realm_have_prebuilt_openssl ON)
-        endif()
-        if(NOT REALM_USE_SYSTEM_OPENSSL AND _realm_have_prebuilt_openssl)
-            # Use our own prebuilt OpenSSL
-            if(NOT OpenSSL_DIR)
-                if(NOT EXISTS ${CMAKE_BINARY_DIR}/openssl/lib/cmake/OpenSSL/OpenSSLConfig.cmake)
-                    if(ANDROID)
-                        set(OPENSSL_URL "http://static.realm.io/downloads/openssl/@OPENSSL_VERSION@/Android/${CMAKE_ANDROID_ARCH_ABI}/openssl.tar.gz")
-                    else()
-                        set(OPENSSL_URL "http://static.realm.io/downloads/openssl/@OPENSSL_VERSION@/Linux/x86_64/openssl.tar.gz")
-                    endif()
-
-                    message(STATUS "Getting ${OPENSSL_URL}...")
-                    file(DOWNLOAD "${OPENSSL_URL}" "${CMAKE_BINARY_DIR}/openssl/openssl.tar.gz" STATUS download_status)
-
-                    list(GET download_status 0 status_code)
-                    if (NOT "${status_code}" STREQUAL "0")
-                        message(FATAL_ERROR "Downloading ${OPENSSL_URL}... Failed. Status: ${download_status}")
-                    endif()
-                    message(STATUS "Uncompressing OpenSSL...")
-                    execute_process(
-                        COMMAND ${CMAKE_COMMAND} -E tar xfz "openssl.tar.gz"
-                        WORKING_DIRECTORY "${CMAKE_BINARY_DIR}/openssl"
-                    )
-                endif()
+if(@REALM_HAVE_OPENSSL@)
+    if(NOT REALM_USE_SYSTEM_OPENSSL AND (ANDROID OR WIN32 OR CMAKE_SYSTEM_NAME STREQUAL "Linux"))
+        # Use our own prebuilt OpenSSL
+        realm_acquire_dependency(openssl @OPENSSL_VERSION@ OPENSSL_CMAKE_INCLUDE_FILE)
 
-                set(OpenSSL_DIR "${CMAKE_BINARY_DIR}/openssl/lib/cmake/OpenSSL")
-            endif()
-            find_package(OpenSSL REQUIRED CONFIG)
-            target_link_libraries(OpenSSL::SSL INTERFACE OpenSSL::Crypto)
-        else()
-            find_dependency(OpenSSL @OPENSSL_VERSION_MAJOR_MINOR@)
-        endif()
+        include(${OPENSSL_CMAKE_INCLUDE_FILE})
     endif()
+
+    set(OPENSSL_USE_STATIC_LIBS ON)
+    find_dependency(OpenSSL @OPENSSL_VERSION@)
 endif()
 
 set(THREADS_PREFER_PTHREAD_FLAG ON)
@@ -60,5 +24,19 @@ find_dependency(Threads)
 # so for an iOS build it'll use the path from the Device plaform, which is an error on Simulator.
 # Just use -lz and let Xcode figure it out
 if(TARGET Realm::Sync AND NOT APPLE AND NOT TARGET ZLIB::ZLIB)
+    if(WIN32)
+        realm_acquire_dependency(zlib @WIN32_ZLIB_VERSION@ ZLIB_CMAKE_INCLUDE_FILE)
+        include(${ZLIB_CMAKE_INCLUDE_FILE})
+    elseif(ANDROID)
+        # On Android FindZLIB chooses the static libz over the dynamic one, but this leads to issues
+        # (see https://github.com/android/ndk/issues/1179)
+        # We want to link against the stub library instead of statically linking anyway,
+        # so we hack find_library to only consider shared object libraries when looking for libz
+        set(_CMAKE_FIND_LIBRARY_SUFFIXES_orig ${CMAKE_FIND_LIBRARY_SUFFIXES})
+        set(CMAKE_FIND_LIBRARY_SUFFIXES .so)
+    endif()
     find_dependency(ZLIB)
+    if(ANDROID)
+        set(CMAKE_FIND_LIBRARY_SUFFIXES ${_CMAKE_FIND_LIBRARY_SUFFIXES_orig})
+    endif()
 endif()