Merge #17265: Remove OpenSSL

e5a0bece6e doc: add OpenSSL removal to release-notes.md (fanquake) 397dbae070 ci: remove OpenSSL installation (fanquake) a4eb839619 doc: remove OpenSSL from build instructions and licensing info (fanquake) 648b2e3c32 depends: remove OpenSSL package (fanquake) 8983ee3e6d build: remove OpenSSL detection and libs (fanquake) b49b6b0f70 random: Remove remaining OpenSSL calls and locking infrastructure (fanquake) 4fcfcc294e random: stop retrieving random bytes from OpenSSL (fanquake) 5624ab0b4f random: stop feeding RNG output back into OpenSSL (fanquake) Pull request description: Now that #17165 has been merged, removing our remaining OpenSSL usage is possible. That remaining usage was a call to [`RAND_bytes`](https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html) during the ::SLOW path of [ProcRand](https://github.com/bitcoin/bitcoin/blob/master/src/random.cpp#L616). As well as feeding output from our RNG back into OpenSSL via [`RAND_add`](https://www.openssl.org/docs/manmaster/man3/RAND_add.html) during the ::SLOW and ::SLEEP paths. Optimistically tagged for `0.20.0`. Needs discussion, potentially in an upcoming weekly meeting? Closes #12530. ACKs for top commit: MarcoFalke: ACK e5a0bece6e laanwj: ACK e5a0bece6e Tree-SHA512: 02fce08ec91d20e0da51e9314eec53dcf8699cded02f0a005417d627520c20b826332cb42bdae132af283d4903aa3088a9f613f3aea915d655a51532a4d4796c
2025-04-29 23:09:44 -04:00 · 2019-11-19 09:04:52 +01:00 · 2019-11-19 09:04:52 +01:00 · 2065ef66ee
commit 2065ef66ee
parent 30521302f9 e5a0bece6e
28 changed files with 22 additions and 209 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -16,7 +16,7 @@ task:
  ccache_cache:
    folder: "/tmp/ccache_dir"
  install_script:
-    - pkg install -y autoconf automake boost-libs git gmake libevent libtool openssl pkgconf python3 ccache
+    - pkg install -y autoconf automake boost-libs git gmake libevent libtool pkgconf python3 ccache
    - ./contrib/install_db4.sh $(pwd)
    - ccache --max-size=${CCACHE_SIZE}
  configure_script:
--- a/build_msvc/README.md
+++ b/build_msvc/README.md
@ -12,7 +12,7 @@ Quick Start
 The minimal steps required to build Bitcoin Core with the msbuild toolchain are below. More detailed instructions are contained in the following sections.
 ```
-vcpkg install --triplet x64-windows-static boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent openssl zeromq berkeleydb rapidcheck double-conversion
+vcpkg install --triplet x64-windows-static boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent zeromq berkeleydb rapidcheck double-conversion
 py -3 build_msvc\msvc-autogen.py
 msbuild /m build_msvc\bitcoin.sln /p:Platform=x64 /p:Configuration=Release /t:build
 ```
@ -33,7 +33,6 @@ The [external dependencies](https://github.com/bitcoin/bitcoin/blob/master/doc/d
 - Boost
 - DoubleConversion
 - libevent
 - OpenSSL
 - Qt5
 - RapidCheck
 - ZeroMQ
--- a/build_msvc/vcpkg-packages.txt
+++ b/build_msvc/vcpkg-packages.txt
@ -1 +1 @@
-berkeleydb boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent openssl rapidcheck zeromq double-conversion
+berkeleydb boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent rapidcheck zeromq double-conversion
--- a/ci/test/04_install.sh
+++ b/ci/test/04_install.sh
@ -25,8 +25,6 @@ if [ "$TRAVIS_OS_NAME" == "osx" ]; then
  done
  export PATH="/usr/local/opt/ccache/libexec:$PATH"
  OPENSSL_PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"
  export PKG_CONFIG_PATH=$OPENSSL_PKG_CONFIG_PATH:$PKG_CONFIG_PATH
  ${CI_RETRY_EXE} pip3 install $PIP_PACKAGES
--- a/configure.ac
+++ b/configure.ac
@ -555,13 +555,8 @@ case $host in
         dnl It's safe to add these paths even if the functionality is disabled by
         dnl the user (--without-wallet or --without-gui for example).
         openssl_prefix=`$BREW --prefix openssl 2>/dev/null`
         bdb_prefix=`$BREW --prefix berkeley-db4 2>/dev/null`
         qt5_prefix=`$BREW --prefix qt5 2>/dev/null`
         if test x$openssl_prefix != x; then
           PKG_CONFIG_PATH="$openssl_prefix/lib/pkgconfig:$PKG_CONFIG_PATH"
           export PKG_CONFIG_PATH
         fi
         if test x$bdb_prefix != x; then
           CPPFLAGS="$CPPFLAGS -I$bdb_prefix/include"
           LIBS="$LIBS -L$bdb_prefix/lib"
@ -1255,7 +1250,6 @@ if test x$use_pkgconfig = xyes; then
  m4_ifdef(
    [PKG_CHECK_MODULES],
    [
      PKG_CHECK_MODULES([CRYPTO], [libcrypto],,[AC_MSG_ERROR(libcrypto not found.)])
      if test x$use_qr != xno; then
        BITCOIN_QT_CHECK([PKG_CHECK_MODULES([QR], [libqrencode], [have_qrencode=yes], [have_qrencode=no])])
      fi
@ -1278,8 +1272,6 @@ if test x$use_pkgconfig = xyes; then
    ]
  )
 else
  AC_CHECK_HEADER([openssl/crypto.h],,AC_MSG_ERROR(libcrypto headers missing))
  AC_CHECK_LIB([crypto],      [main],CRYPTO_LIBS=-lcrypto, AC_MSG_ERROR(libcrypto missing))
  if test x$build_bitcoin_cli$build_bitcoind$bitcoin_enable_qt$use_tests != xnononono; then
    AC_CHECK_HEADER([event2/event.h],, AC_MSG_ERROR(libevent headers missing),)
@ -1599,7 +1591,6 @@ AC_SUBST(TESTDEFS)
 AC_SUBST(LEVELDB_TARGET_FLAGS)
 AC_SUBST(MINIUPNPC_CPPFLAGS)
 AC_SUBST(MINIUPNPC_LIBS)
 AC_SUBST(CRYPTO_LIBS)
 AC_SUBST(EVENT_LIBS)
 AC_SUBST(EVENT_PTHREADS_LIBS)
 AC_SUBST(ZMQ_LIBS)
--- a/depends/packages/openssl.mk
+++ b/depends/packages/openssl.mk
@ -1,88 +0,0 @@
 package=openssl
 $(package)_version=1.0.1k
 $(package)_download_path=https://www.openssl.org/source
 $(package)_file_name=$(package)-$($(package)_version).tar.gz
 $(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c
 $(package)_patches=0001-Add-OpenSSL-termios-fix-for-musl-libc.patch
 define $(package)_set_vars
 $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
 $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl
 $(package)_config_opts+=no-camellia
 $(package)_config_opts+=no-capieng
 $(package)_config_opts+=no-cast
 $(package)_config_opts+=no-comp
 $(package)_config_opts+=no-dso
 $(package)_config_opts+=no-dtls1
 $(package)_config_opts+=no-ec_nistp_64_gcc_128
 $(package)_config_opts+=no-gost
 $(package)_config_opts+=no-gmp
 $(package)_config_opts+=no-heartbeats
 $(package)_config_opts+=no-idea
 $(package)_config_opts+=no-jpake
 $(package)_config_opts+=no-krb5
 $(package)_config_opts+=no-libunbound
 $(package)_config_opts+=no-md2
 $(package)_config_opts+=no-mdc2
 $(package)_config_opts+=no-rc4
 $(package)_config_opts+=no-rc5
 $(package)_config_opts+=no-rdrand
 $(package)_config_opts+=no-rfc3779
 $(package)_config_opts+=no-rsax
 $(package)_config_opts+=no-sctp
 $(package)_config_opts+=no-seed
 $(package)_config_opts+=no-sha0
 $(package)_config_opts+=no-shared
 $(package)_config_opts+=no-ssl-trace
 $(package)_config_opts+=no-ssl2
 $(package)_config_opts+=no-ssl3
 $(package)_config_opts+=no-static_engine
 $(package)_config_opts+=no-store
 $(package)_config_opts+=no-unit-test
 $(package)_config_opts+=no-weak-ssl-ciphers
 $(package)_config_opts+=no-whirlpool
 $(package)_config_opts+=no-zlib
 $(package)_config_opts+=no-zlib-dynamic
 $(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags)
 $(package)_config_opts_linux=-fPIC -Wa,--noexecstack
 $(package)_config_opts_x86_64_linux=linux-x86_64
 $(package)_config_opts_i686_linux=linux-generic32
 $(package)_config_opts_arm_linux=linux-generic32
 $(package)_config_opts_armv7l_linux=linux-generic32
 $(package)_config_opts_aarch64_linux=linux-generic64
 $(package)_config_opts_mipsel_linux=linux-generic32
 $(package)_config_opts_mips_linux=linux-generic32
 $(package)_config_opts_powerpc_linux=linux-generic32
 $(package)_config_opts_riscv32_linux=linux-generic32
 $(package)_config_opts_riscv64_linux=linux-generic64
 $(package)_config_opts_x86_64_darwin=darwin64-x86_64-cc
 $(package)_config_opts_x86_64_mingw32=mingw64
 $(package)_config_opts_i686_mingw32=mingw
 $(package)_config_opts_android=-fPIC
 $(package)_config_opts_aarch64_android=linux-generic64
 $(package)_config_opts_x86_64_android=linux-generic64
 $(package)_config_opts_armv7a_android=linux-generic32
 $(package)_config_opts_i686_android=linux-generic32
 endef
 define $(package)_preprocess_cmds
  patch -p1 < $($(package)_patch_dir)/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch && \
  sed -i.old "/define DATE/d" util/mkbuildinf.pl && \
  sed -i.old "s|engines apps test|engines|" Makefile.org
 endef
 define $(package)_config_cmds
  ./Configure $($(package)_config_opts)
 endef
 define $(package)_build_cmds
  $(MAKE) -j1 build_crypto libcrypto.pc libssl.pc openssl.pc
 endef
 define $(package)_stage_cmds
  $(MAKE) INSTALL_PREFIX=$($(package)_staging_dir) -j1 install_sw
 endef
 define $(package)_postprocess_cmds
  rm -rf share bin etc
 endef
--- a/depends/packages/packages.mk
+++ b/depends/packages/packages.mk
@ -1,4 +1,4 @@
-packages:=boost openssl libevent
+packages:=boost libevent
 qt_packages = qrencode zlib
--- a/depends/patches/openssl/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch
+++ b/depends/patches/openssl/0001-Add-OpenSSL-termios-fix-for-musl-libc.patch
@ -1,17 +0,0 @@
 diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
 index a38c758..d99edc2 100644
 --- a/crypto/ui/ui_openssl.c
 +++ b/crypto/ui/ui_openssl.c
@@ -190,9 +190,9 @@
 # undef  SGTTY
 #endif
 -#if defined(linux) && !defined(TERMIO)
 -# undef  TERMIOS
 -# define TERMIO
 +#if defined(linux)
 +# define TERMIOS
 +# undef  TERMIO
 # undef  SGTTY
 #endif
--- a/doc/README.md
+++ b/doc/README.md
@ -84,5 +84,3 @@ The Bitcoin repo's [root README](/README.md) contains relevant information on th
 License
 ---------------------
 Distributed under the [MIT software license](/COPYING).
 This product includes software developed by the OpenSSL Project for use in the [OpenSSL Toolkit](https://www.openssl.org/). This product includes
 cryptographic software written by Eric Young ([eay@cryptsoft.com](mailto:eay@cryptsoft.com)), and UPnP software written by Thomas Bernard.
--- a/doc/build-freebsd.md
+++ b/doc/build-freebsd.md
@ -11,7 +11,7 @@ This guide does not contain instructions for building the GUI.
 You will need the following dependencies, which can be installed as root via pkg:
 ```shell
-pkg install autoconf automake boost-libs git gmake libevent libtool openssl pkgconf
+pkg install autoconf automake boost-libs git gmake libevent libtool pkgconf
 git clone https://github.com/bitcoin/bitcoin.git
 ```
--- a/doc/build-osx.md
+++ b/doc/build-osx.md
@ -19,7 +19,7 @@ Then install [Homebrew](https://brew.sh).
 ## Dependencies
 ```shell
-brew install automake berkeley-db4 libtool boost miniupnpc openssl pkg-config python qt libevent qrencode
+brew install automake berkeley-db4 libtool boost miniupnpc pkg-config python qt libevent qrencode
 ```
 See [dependencies.md](dependencies.md) for a complete overview.
--- a/doc/build-unix.md
+++ b/doc/build-unix.md
@ -127,7 +127,7 @@ built by default.
 Build requirements:
-    sudo dnf install gcc-c++ libtool make autoconf automake openssl-devel libevent-devel boost-devel libdb4-devel libdb4-cxx-devel python3
+    sudo dnf install gcc-c++ libtool make autoconf automake libevent-devel boost-devel libdb4-devel libdb4-cxx-devel python3
 Optional (see `--with-miniupnpc` and `--enable-upnp-default`):
--- a/doc/dependencies.md
+++ b/doc/dependencies.md
@ -17,7 +17,6 @@ These are the dependencies currently used by Bitcoin Core. You can find instruct
 | libpng |  |  |  |  | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) |
 | librsvg | |  |  |  |  |
 | MiniUPnPc | [2.0.20180203](http://miniupnp.free.fr/files) |  | No |  |  |
 | OpenSSL | [1.0.1k](https://www.openssl.org/source) |  | Yes |  |  |
 | PCRE |  |  |  |  | [Yes](https://github.com/bitcoin/bitcoin/blob/master/depends/packages/qt.mk) |
 | Python (tests) |  | [3.5](https://www.python.org/downloads) |  |  |  |
 | qrencode | [3.4.4](https://fukuchi.org/works/qrencode) |  | No |  |  |
--- a/doc/man/bitcoin-cli.1
+++ b/doc/man/bitcoin-cli.1
@ -113,7 +113,3 @@ The source code is available from <https://github.com/bitcoin/bitcoin>.
 This is experimental software.
 Distributed under the MIT software license, see the accompanying file COPYING
 or <https://opensource.org/licenses/MIT>
 This product includes software developed by the OpenSSL Project for use in the
 OpenSSL Toolkit <https://www.openssl.org> and cryptographic software written by
 Eric Young and UPnP software written by Thomas Bernard.
--- a/doc/man/bitcoin-qt.1
+++ b/doc/man/bitcoin-qt.1
@ -608,7 +608,3 @@ The source code is available from <https://github.com/bitcoin/bitcoin>.
 This is experimental software.
 Distributed under the MIT software license, see the accompanying file COPYING
 or <https://opensource.org/licenses/MIT>
 This product includes software developed by the OpenSSL Project for use in the
 OpenSSL Toolkit <https://www.openssl.org> and cryptographic software written by
 Eric Young and UPnP software written by Thomas Bernard.
--- a/doc/man/bitcoin-tx.1
+++ b/doc/man/bitcoin-tx.1
@ -114,7 +114,3 @@ The source code is available from <https://github.com/bitcoin/bitcoin>.
 This is experimental software.
 Distributed under the MIT software license, see the accompanying file COPYING
 or <https://opensource.org/licenses/MIT>
 This product includes software developed by the OpenSSL Project for use in the
 OpenSSL Toolkit <https://www.openssl.org> and cryptographic software written by
 Eric Young and UPnP software written by Thomas Bernard.
--- a/doc/man/bitcoin-wallet.1
+++ b/doc/man/bitcoin-wallet.1
@ -61,7 +61,3 @@ The source code is available from <https://github.com/bitcoin/bitcoin>.
 This is experimental software.
 Distributed under the MIT software license, see the accompanying file COPYING
 or <https://opensource.org/licenses/MIT>
 This product includes software developed by the OpenSSL Project for use in the
 OpenSSL Toolkit <https://www.openssl.org> and cryptographic software written by
 Eric Young and UPnP software written by Thomas Bernard.
--- a/doc/man/bitcoind.1
+++ b/doc/man/bitcoind.1
@ -581,7 +581,3 @@ The source code is available from <https://github.com/bitcoin/bitcoin>.
 This is experimental software.
 Distributed under the MIT software license, see the accompanying file COPYING
 or <https://opensource.org/licenses/MIT>
 This product includes software developed by the OpenSSL Project for use in the
 OpenSSL Toolkit <https://www.openssl.org> and cryptographic software written by
 Eric Young and UPnP software written by Thomas Bernard.
--- a/doc/release-notes.md
+++ b/doc/release-notes.md
@ -63,6 +63,12 @@ distribution provides binaries for the RISC-V platform.
 Notable changes
 ===============
 Build System
 ------------
 - OpenSSL is no longer used by Bitcoin Core. The last usage of the library
 was removed in #17265.
 New RPCs
 --------
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -19,7 +19,7 @@ else
 LIBUNIVALUE = $(UNIVALUE_LIBS)
 endif
-BITCOIN_INCLUDES=-I$(builddir) $(BDB_CPPFLAGS) $(BOOST_CPPFLAGS) $(LEVELDB_CPPFLAGS) $(CRYPTO_CFLAGS)
+BITCOIN_INCLUDES=-I$(builddir) $(BDB_CPPFLAGS) $(BOOST_CPPFLAGS) $(LEVELDB_CPPFLAGS)
 BITCOIN_INCLUDES += -I$(srcdir)/secp256k1/include
 BITCOIN_INCLUDES += $(UNIVALUE_CFLAGS)
@ -571,7 +571,7 @@ bitcoind_LDADD = \
  $(LIBMEMENV) \
  $(LIBSECP256K1)
-bitcoind_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(ZMQ_LIBS)
+bitcoind_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(ZMQ_LIBS)
 # bitcoin-cli binary #
 bitcoin_cli_SOURCES = bitcoin-cli.cpp
@ -589,7 +589,7 @@ bitcoin_cli_LDADD = \
  $(LIBBITCOIN_UTIL) \
  $(LIBBITCOIN_CRYPTO)
-bitcoin_cli_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS) $(EVENT_LIBS)
+bitcoin_cli_LDADD += $(BOOST_LIBS) $(EVENT_LIBS)
 #
 # bitcoin-tx binary #
@ -610,7 +610,7 @@ bitcoin_tx_LDADD = \
  $(LIBBITCOIN_CRYPTO) \
  $(LIBSECP256K1)
-bitcoin_tx_LDADD += $(BOOST_LIBS) $(CRYPTO_LIBS)
+bitcoin_tx_LDADD += $(BOOST_LIBS)
 #
 # bitcoin-wallet binary #
@ -637,7 +637,7 @@ bitcoin_wallet_LDADD = \
  $(LIBSECP256K1) \
  $(LIBUNIVALUE)
-bitcoin_wallet_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS) $(ZMQ_LIBS)
+bitcoin_wallet_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS) $(ZMQ_LIBS)
 #
 # bitcoinconsensus library #
--- a/src/Makefile.bench.include
+++ b/src/Makefile.bench.include
@ -76,7 +76,7 @@ bench_bench_bitcoin_SOURCES += bench/coin_selection.cpp
 bench_bench_bitcoin_SOURCES += bench/wallet_balance.cpp
 endif
-bench_bench_bitcoin_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS)
+bench_bench_bitcoin_LDADD += $(BOOST_LIBS) $(BDB_LIBS) $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS) $(MINIUPNPC_LIBS)
 bench_bench_bitcoin_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 CLEAN_BITCOIN_BENCH = bench/*.gcda bench/*.gcno $(GENERATED_BENCH_FILES)
--- a/src/Makefile.qt.include
+++ b/src/Makefile.qt.include
@ -314,7 +314,6 @@ endif
 qt_bitcoin_qt_LDADD += $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CONSENSUS) $(LIBBITCOIN_CRYPTO) $(LIBUNIVALUE) $(LIBLEVELDB) $(LIBLEVELDB_SSE42) $(LIBMEMENV) \
  $(BOOST_LIBS) $(QT_LIBS) $(QT_DBUS_LIBS) $(QR_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \
  $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS)
 qt_bitcoin_qt_LDADD += $(CRYPTO_LIBS)
 qt_bitcoin_qt_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(QT_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 qt_bitcoin_qt_LIBTOOLFLAGS = $(AM_LIBTOOLFLAGS) --tag CXX
--- a/src/Makefile.qttest.include
+++ b/src/Makefile.qttest.include
@ -63,7 +63,7 @@ qt_test_test_bitcoin_qt_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS)
 endif
 qt_test_test_bitcoin_qt_LDADD += $(LIBBITCOIN_CLI) $(LIBBITCOIN_COMMON) $(LIBBITCOIN_UTIL) $(LIBBITCOIN_CONSENSUS) $(LIBBITCOIN_CRYPTO) $(LIBUNIVALUE) $(LIBLEVELDB) \
  $(LIBLEVELDB_SSE42) $(LIBMEMENV) $(BOOST_LIBS) $(QT_DBUS_LIBS) $(QT_TEST_LIBS) $(QT_LIBS) \
-  $(QR_LIBS) $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \
+  $(QR_LIBS) $(BDB_LIBS) $(MINIUPNPC_LIBS) $(LIBSECP256K1) \
  $(EVENT_PTHREADS_LIBS) $(EVENT_LIBS)
 qt_test_test_bitcoin_qt_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(QT_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 qt_test_test_bitcoin_qt_CXXFLAGS = $(AM_CXXFLAGS) $(QT_PIE_FLAGS)
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@ -92,7 +92,6 @@ FUZZ_SUITE_LD_COMMON = \
 $(LIBMEMENV) \
 $(LIBSECP256K1) \
 $(EVENT_LIBS) \
 $(CRYPTO_LIBS) \
 $(EVENT_PTHREADS_LIBS)
 # test_bitcoin binary #
@ -208,7 +207,7 @@ test_test_bitcoin_LDADD += $(LIBBITCOIN_SERVER) $(LIBBITCOIN_CLI) $(LIBBITCOIN_C
  $(LIBLEVELDB) $(LIBLEVELDB_SSE42) $(LIBMEMENV) $(BOOST_LIBS) $(BOOST_UNIT_TEST_FRAMEWORK_LIB) $(LIBSECP256K1) $(EVENT_LIBS) $(EVENT_PTHREADS_LIBS)
 test_test_bitcoin_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
-test_test_bitcoin_LDADD += $(BDB_LIBS) $(CRYPTO_LIBS) $(MINIUPNPC_LIBS) $(RAPIDCHECK_LIBS)
+test_test_bitcoin_LDADD += $(BDB_LIBS) $(MINIUPNPC_LIBS) $(RAPIDCHECK_LIBS)
 test_test_bitcoin_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) -static
 if ENABLE_ZMQ
--- a/src/init.cpp
+++ b/src/init.cpp
@ -563,9 +563,7 @@ std::string LicenseInfo()
           "\n" +
           "\n" +
           _("This is experimental software.").translated + "\n" +
-           strprintf(_("Distributed under the MIT software license, see the accompanying file %s or %s").translated, "COPYING", "<https://opensource.org/licenses/MIT>") + "\n" +
+           strprintf(_("Distributed under the MIT software license, see the accompanying file %s or %s").translated, "COPYING", "<https://opensource.org/licenses/MIT>") +
           "\n" +
           strprintf(_("This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit %s and cryptographic software written by Eric Young and UPnP software written by Thomas Bernard.").translated, "<https://www.openssl.org>") +
           "\n";
 }
--- a/src/random.cpp
+++ b/src/random.cpp
@ -43,10 +43,6 @@
 #include <sys/sysctl.h>
 #endif
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/conf.h>
 [[noreturn]] static void RandFailure()
 {
    LogPrintf("Failed to read randomness, aborting\n");
@ -347,8 +343,6 @@ void GetOSRand(unsigned char *ent32)
 #endif
 }
 void LockingCallbackOpenSSL(int mode, int i, const char* file, int line);
 namespace {
 class RNGState {
@ -364,31 +358,15 @@ class RNGState {
    unsigned char m_state[32] GUARDED_BY(m_mutex) = {0};
    uint64_t m_counter GUARDED_BY(m_mutex) = 0;
    bool m_strongly_seeded GUARDED_BY(m_mutex) = false;
    std::unique_ptr<Mutex[]> m_mutex_openssl;
 public:
    RNGState() noexcept
    {
        InitHardwareRand();
        // Init OpenSSL library multithreading support
        m_mutex_openssl.reset(new Mutex[CRYPTO_num_locks()]);
        CRYPTO_set_locking_callback(LockingCallbackOpenSSL);
        // OpenSSL can optionally load a config file which lists optional loadable modules and engines.
        // We don't use them so we don't require the config. However some of our libs may call functions
        // which attempt to load the config file, possibly resulting in an exit() or crash if it is missing
        // or corrupt. Explicitly tell OpenSSL not to try to load the file. The result for our libs will be
        // that the config appears to have been loaded and there are no modules/engines available.
        OPENSSL_no_config();
    }
    ~RNGState()
    {
        // Securely erase the memory used by the OpenSSL PRNG
        RAND_cleanup();
        // Shutdown OpenSSL library multithreading support
        CRYPTO_set_locking_callback(nullptr);
    }
    /** Extract up to 32 bytes of entropy from the RNG state, mixing in new entropy from hasher.
@ -424,8 +402,6 @@ public:
        memory_cleanse(buf, 64);
        return ret;
    }
    Mutex& GetOpenSSLMutex(int i) { return m_mutex_openssl[i]; }
 };
 RNGState& GetRNGState() noexcept
@ -437,17 +413,6 @@ RNGState& GetRNGState() noexcept
 }
 }
 void LockingCallbackOpenSSL(int mode, int i, const char* file, int line) NO_THREAD_SAFETY_ANALYSIS
 {
    RNGState& rng = GetRNGState();
    if (mode & CRYPTO_LOCK) {
        rng.GetOpenSSLMutex(i).lock();
    } else {
        rng.GetOpenSSLMutex(i).unlock();
    }
 }
 /* A note on the use of noexcept in the seeding functions below:
 *
 * None of the RNG code should ever throw any exception, with the sole exception
@ -495,10 +460,6 @@ static void SeedSlow(CSHA512& hasher) noexcept
    GetOSRand(buffer);
    hasher.Write(buffer, sizeof(buffer));
    // OpenSSL RNG (for now)
    RAND_bytes(buffer, sizeof(buffer));
    hasher.Write(buffer, sizeof(buffer));
    // High-precision timestamp.
    //
    // Note that we also commit to a timestamp in the Fast seeder, so we indirectly commit to a
@ -586,14 +547,6 @@ static void ProcRand(unsigned char* out, int num, RNGLevel level)
        SeedStartup(startup_hasher, rng);
        rng.MixExtract(out, num, std::move(startup_hasher), true);
    }
    // For anything but the 'fast' level, feed the resulting RNG output (after an additional hashing step) back into OpenSSL.
    if (level != RNGLevel::FAST) {
        unsigned char buf[64];
        CSHA512().Write(out, num).Finalize(buf);
        RAND_add(buf, sizeof(buf), num);
        memory_cleanse(buf, 64);
    }
 }
 void GetRandBytes(unsigned char* buf, int num) noexcept { ProcRand(buf, num, RNGLevel::FAST); }
--- a/src/random.h
+++ b/src/random.h
@ -35,7 +35,6 @@
 *   that fast seeding includes, but additionally:
 *   - OS entropy (/dev/urandom, getrandom(), ...). The application will terminate if
 *     this entropy source fails.
 *   - Bytes from OpenSSL's RNG (which itself may be seeded from various sources)
 *   - Another high-precision timestamp (indirectly committing to a benchmark of all the
 *     previous sources).
 *   These entropy sources are slower, but designed to make sure the RNG state contains
--- a/src/randomenv.cpp
+++ b/src/randomenv.cpp
@ -70,7 +70,6 @@ namespace {
 void RandAddSeedPerfmon(CSHA512& hasher)
 {
 #ifdef WIN32
    // Don't need this on Linux, OpenSSL automatically uses /dev/urandom
    // Seed with the entire set of perfmon data
    // This can take up to 2 seconds, so only do it every 10 minutes
		`@ -1 +1 @@`
			`berkeleydb boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent openssl rapidcheck zeromq double-conversion`				`berkeleydb boost-filesystem boost-multi-index boost-signals2 boost-test boost-thread libevent rapidcheck zeromq double-conversion`
`@ -1,4 +1,4 @@`
	`packages:=boost openssl libevent`	`packages:=boost libevent`

	`qt_packages = qrencode zlib`	`qt_packages = qrencode zlib`