# HG changeset patch # User Sebastien Jodogne # Date 1624338574 -7200 # Node ID 312e0e29de90ae20f60473a8eba4c9d2f78bc3e5 # Parent 68635d365a27e6be993ae4d39d3808c689bf75b8 compilation using openssl-3.0.0-beta1 diff -r 68635d365a27 -r 312e0e29de90 NEWS --- a/NEWS Mon Jun 21 17:55:53 2021 +0200 +++ b/NEWS Tue Jun 22 07:09:34 2021 +0200 @@ -49,6 +49,14 @@ * C-MOVE SCP: added possible DIMSE status "Sub-operations Complete - One or more Failures" * Fix issue #146 (Update Anonyization to 2019c) - was actually updated to 2021b +OpenSSL 3.x branch +------------------ + +* General information: + https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/ +* Upgraded dependencies for static builds (notably on Windows and LSB): + - openssl 3.0.0-beta1 + Version 1.9.3 (2021-05-07) ========================== diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake --- a/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake Mon Jun 21 17:55:53 2021 +0200 +++ b/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake Tue Jun 22 07:09:34 2021 +0200 @@ -23,6 +23,8 @@ include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.0.2.cmake) elseif (OPENSSL_STATIC_VERSION STREQUAL "1.1.1") include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.1.1.cmake) + elseif (OPENSSL_STATIC_VERSION STREQUAL "3.0") + include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-3.0.cmake) else() message(FATAL_ERROR "Unsupported version of OpenSSL: ${OPENSSL_STATIC_VERSION}") endif() diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-3.0.cmake --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-3.0.cmake Tue Jun 22 07:09:34 2021 +0200 @@ -0,0 +1,387 @@ +# Orthanc - A Lightweight, RESTful DICOM Store +# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics +# Department, University Hospital of Liege, Belgium +# Copyright (C) 2017-2021 Osimis S.A., Belgium +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation, either version 3 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program. If not, see +# . + + +set(OPENSSL_VERSION_MAJOR 3) +set(OPENSSL_VERSION_MINOR 0) +set(OPENSSL_VERSION_PATCH 0) +set(OPENSSL_VERSION_PRE_RELEASE "-beta1") +set(OPENSSL_VERSION_FULL "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_PATCH}${OPENSSL_VERSION_PRE_RELEASE}") +SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-${OPENSSL_VERSION_FULL}) +SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-${OPENSSL_VERSION_FULL}.tar.gz") +SET(OPENSSL_MD5 "437b21bd0e09fbaa0a89151c6c0130a7") + +if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}") + set(FirstRun OFF) +else() + set(FirstRun ON) +endif() + +DownloadPackage(${OPENSSL_MD5} ${OPENSSL_URL} "${OPENSSL_SOURCES_DIR}") + + +if (FirstRun) + # Apply the patches + execute_process( + COMMAND ${PATCH_EXECUTABLE} -p0 -N -i + ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-3.0.0-beta1.patch + WORKING_DIRECTORY ${CMAKE_BINARY_DIR} + RESULT_VARIABLE Failure + ) + + if (Failure) + message(FATAL_ERROR "Error while patching a file") + endif() + + execute_process( + COMMAND ${PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_LIST_DIR}/../Patches/OpenSSL-ConfigureHeaders.py + "${OPENSSL_SOURCES_DIR}" + RESULT_VARIABLE Failure + ) + + if (Failure) + message(FATAL_ERROR "Error while configuring the OpenSSL headers") + endif() + + file(WRITE ${OPENSSL_SOURCES_DIR}/include/openssl/opensslv.h "") + file(WRITE ${OPENSSL_SOURCES_DIR}/include/crypto/bn_conf.h "") + file(WRITE ${OPENSSL_SOURCES_DIR}/include/crypto/dso_conf.h "") + + file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/buildinf.h " +#define DATE \"\" +#define PLATFORM \"\" +#define compiler_flags \"\" +") + +else() + message("The patches for OpenSSL have already been applied") +endif() + + +if (OPENSSL_VERSION_PRE_RELEASE STREQUAL "") + set(VERSION_VERSION_OFFSET 0) +else() + set(VERSION_VERSION_OFFSET 15) +endif() + +math(EXPR OPENSSL_CONFIGURED_API "${OPENSSL_VERSION_MAJOR} * 10000 + ${OPENSSL_VERSION_MINOR} * 100 + ${OPENSSL_VERSION_PATCH}") + +# This macro is normally defined in "opensslv.h.in" +math(EXPR OPENSSL_VERSION_NUMBER "(${OPENSSL_VERSION_MAJOR} << 28) + (${OPENSSL_VERSION_MINOR} << 20) + (${OPENSSL_VERSION_PATCH} << 4) + ${VERSION_VERSION_OFFSET}") + +list(GET CMAKE_FIND_LIBRARY_SUFFIXES 0 OPENSSL_DSO_EXTENSION) + +add_definitions( + -DOPENSSL_VERSION_MAJOR=${OPENSSL_VERSION_MAJOR} + -DOPENSSL_VERSION_MINOR=${OPENSSL_VERSION_MINOR} + -DOPENSSL_VERSION_PATCH=${OPENSSL_VERSION_PATCH} + -DOPENSSL_CONFIGURED_API=${OPENSSL_CONFIGURED_API} + -DOPENSSL_VERSION_NUMBER=${OPENSSL_VERSION_NUMBER} + -DOPENSSL_VERSION_PRE_RELEASE="${OPENSSL_VERSION_PRE_RELEASE}" + -DOPENSSL_VERSION_BUILD_METADATA="" + -DOPENSSL_VERSION_TEXT="OpenSSL ${OPENSSL_VERSION_FULL}" + -DOPENSSL_VERSION_STR="${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_PATCH}" + -DOPENSSL_FULL_VERSION_STR="${OPENSSL_VERSION_FULL}" + -DDSO_EXTENSION="${OPENSSL_DSO_EXTENSION}" + + -DOPENSSLDIR="/usr/local/ssl" + -DMODULESDIR="" # TODO + + -DOPENSSL_BUILDING_OPENSSL + -DOPENSSL_THREADS + -DOPENSSL_IA32_SSE2 + + -DOPENSSL_NO_AFALGENG + -DOPENSSL_NO_ASM + -DOPENSSL_NO_DEVCRYPTOENG + -DOPENSSL_NO_DYNAMIC_ENGINE + -DOPENSSL_NO_EC_NISTP_64_GCC_128 + -DOPENSSL_NO_GOST + -DOPENSSL_NO_RFC3779 + -DOPENSSL_NO_SCTP + + -DOPENSSL_NO_KTLS # TODO ? + ) + + +include_directories( + ${OPENSSL_SOURCES_DIR} + ${OPENSSL_SOURCES_DIR}/crypto/asn1 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 + ${OPENSSL_SOURCES_DIR}/crypto/evp + ${OPENSSL_SOURCES_DIR}/crypto/include + ${OPENSSL_SOURCES_DIR}/crypto/modes + ${OPENSSL_SOURCES_DIR}/include + ${OPENSSL_SOURCES_DIR}/providers/common/include + ${OPENSSL_SOURCES_DIR}/providers/implementations/include + ) + + +set(OPENSSL_SOURCES_SUBDIRS + ## Assembly is disabled + # ${OPENSSL_SOURCES_DIR}/crypto/aes/asm + # ${OPENSSL_SOURCES_DIR}/crypto/bf/asm + # ${OPENSSL_SOURCES_DIR}/crypto/bn/asm + # ${OPENSSL_SOURCES_DIR}/crypto/camellia/asm + # ${OPENSSL_SOURCES_DIR}/crypto/cast/asm + # ${OPENSSL_SOURCES_DIR}/crypto/chacha/asm + # ${OPENSSL_SOURCES_DIR}/crypto/des/asm + # ${OPENSSL_SOURCES_DIR}/crypto/ec/asm + # ${OPENSSL_SOURCES_DIR}/crypto/md5/asm + # ${OPENSSL_SOURCES_DIR}/crypto/modes/asm + # ${OPENSSL_SOURCES_DIR}/crypto/poly1305/asm + # ${OPENSSL_SOURCES_DIR}/crypto/rc4/asm + # ${OPENSSL_SOURCES_DIR}/crypto/rc5/asm + # ${OPENSSL_SOURCES_DIR}/crypto/ripemd/asm + # ${OPENSSL_SOURCES_DIR}/crypto/sha/asm + # ${OPENSSL_SOURCES_DIR}/crypto/whrlpool/asm + + ${OPENSSL_SOURCES_DIR}/crypto + ${OPENSSL_SOURCES_DIR}/crypto/aes + ${OPENSSL_SOURCES_DIR}/crypto/aria + ${OPENSSL_SOURCES_DIR}/crypto/asn1 + ${OPENSSL_SOURCES_DIR}/crypto/async + ${OPENSSL_SOURCES_DIR}/crypto/async/arch + ${OPENSSL_SOURCES_DIR}/crypto/bf + ${OPENSSL_SOURCES_DIR}/crypto/bio + ${OPENSSL_SOURCES_DIR}/crypto/bn + ${OPENSSL_SOURCES_DIR}/crypto/buffer + ${OPENSSL_SOURCES_DIR}/crypto/camellia + ${OPENSSL_SOURCES_DIR}/crypto/cast + ${OPENSSL_SOURCES_DIR}/crypto/chacha + ${OPENSSL_SOURCES_DIR}/crypto/cmac + ${OPENSSL_SOURCES_DIR}/crypto/cmp + ${OPENSSL_SOURCES_DIR}/crypto/cms + ${OPENSSL_SOURCES_DIR}/crypto/comp + ${OPENSSL_SOURCES_DIR}/crypto/conf + ${OPENSSL_SOURCES_DIR}/crypto/crmf + ${OPENSSL_SOURCES_DIR}/crypto/ct + ${OPENSSL_SOURCES_DIR}/crypto/des + ${OPENSSL_SOURCES_DIR}/crypto/dh + ${OPENSSL_SOURCES_DIR}/crypto/dsa + ${OPENSSL_SOURCES_DIR}/crypto/dso + ${OPENSSL_SOURCES_DIR}/crypto/ec + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 + ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_64 + ${OPENSSL_SOURCES_DIR}/crypto/encode_decode + ${OPENSSL_SOURCES_DIR}/crypto/engine + ${OPENSSL_SOURCES_DIR}/crypto/err + ${OPENSSL_SOURCES_DIR}/crypto/ess + ${OPENSSL_SOURCES_DIR}/crypto/evp + ${OPENSSL_SOURCES_DIR}/crypto/ffc + ${OPENSSL_SOURCES_DIR}/crypto/hmac + ${OPENSSL_SOURCES_DIR}/crypto/http + ${OPENSSL_SOURCES_DIR}/crypto/idea + ${OPENSSL_SOURCES_DIR}/crypto/kdf + ${OPENSSL_SOURCES_DIR}/crypto/lhash + ${OPENSSL_SOURCES_DIR}/crypto/md2 + ${OPENSSL_SOURCES_DIR}/crypto/md4 + ${OPENSSL_SOURCES_DIR}/crypto/md5 + ${OPENSSL_SOURCES_DIR}/crypto/mdc2 + ${OPENSSL_SOURCES_DIR}/crypto/modes + ${OPENSSL_SOURCES_DIR}/crypto/objects + ${OPENSSL_SOURCES_DIR}/crypto/ocsp + ${OPENSSL_SOURCES_DIR}/crypto/pem + ${OPENSSL_SOURCES_DIR}/crypto/perlasm + ${OPENSSL_SOURCES_DIR}/crypto/pkcs12 + ${OPENSSL_SOURCES_DIR}/crypto/pkcs7 + ${OPENSSL_SOURCES_DIR}/crypto/poly1305 + ${OPENSSL_SOURCES_DIR}/crypto/property + ${OPENSSL_SOURCES_DIR}/crypto/rand + ${OPENSSL_SOURCES_DIR}/crypto/rc2 + ${OPENSSL_SOURCES_DIR}/crypto/rc4 + ${OPENSSL_SOURCES_DIR}/crypto/rc5 + ${OPENSSL_SOURCES_DIR}/crypto/ripemd + ${OPENSSL_SOURCES_DIR}/crypto/rsa + ${OPENSSL_SOURCES_DIR}/crypto/seed + ${OPENSSL_SOURCES_DIR}/crypto/sha + ${OPENSSL_SOURCES_DIR}/crypto/siphash + ${OPENSSL_SOURCES_DIR}/crypto/sm2 + ${OPENSSL_SOURCES_DIR}/crypto/sm3 + ${OPENSSL_SOURCES_DIR}/crypto/sm4 + ${OPENSSL_SOURCES_DIR}/crypto/srp + ${OPENSSL_SOURCES_DIR}/crypto/stack + ${OPENSSL_SOURCES_DIR}/crypto/store + ${OPENSSL_SOURCES_DIR}/crypto/ts + ${OPENSSL_SOURCES_DIR}/crypto/txt_db + ${OPENSSL_SOURCES_DIR}/crypto/ui + ${OPENSSL_SOURCES_DIR}/crypto/whrlpool + ${OPENSSL_SOURCES_DIR}/crypto/x509 + + # ${OPENSSL_SOURCES_DIR}/providers/implementations/rands/seeding # OS-specific + ${OPENSSL_SOURCES_DIR}/providers + ${OPENSSL_SOURCES_DIR}/providers/common + ${OPENSSL_SOURCES_DIR}/providers/common/der + ${OPENSSL_SOURCES_DIR}/providers/implementations/asymciphers + ${OPENSSL_SOURCES_DIR}/providers/implementations/ciphers + ${OPENSSL_SOURCES_DIR}/providers/implementations/digests + ${OPENSSL_SOURCES_DIR}/providers/implementations/encode_decode + ${OPENSSL_SOURCES_DIR}/providers/implementations/exchange + ${OPENSSL_SOURCES_DIR}/providers/implementations/kdfs + ${OPENSSL_SOURCES_DIR}/providers/implementations/kem + ${OPENSSL_SOURCES_DIR}/providers/implementations/keymgmt + ${OPENSSL_SOURCES_DIR}/providers/implementations/macs + ${OPENSSL_SOURCES_DIR}/providers/implementations/rands + ${OPENSSL_SOURCES_DIR}/providers/implementations/signature + ${OPENSSL_SOURCES_DIR}/providers/implementations/storemgmt + + ${OPENSSL_SOURCES_DIR}/ssl + ${OPENSSL_SOURCES_DIR}/ssl/record + ${OPENSSL_SOURCES_DIR}/ssl/statem + ) + +if (ENABLE_OPENSSL_ENGINES) + add_definitions( + #-DENGINESDIR="/usr/local/lib/engines-1.1" # On GNU/Linux + -DENGINESDIR="." + ) + + list(APPEND OPENSSL_SOURCES_SUBDIRS + ${OPENSSL_SOURCES_DIR}/engines + ${OPENSSL_SOURCES_DIR}/crypto/engine + ) +else() + add_definitions(-DOPENSSL_NO_ENGINE) +endif() + +list(APPEND OPENSSL_SOURCES_SUBDIRS + # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting + # HTTPS servers that use TLS certificate encrypted with ECDSA + # (check the output of a recent version of the "sslscan" + # command). Until Orthanc <= 1.4.1, these features were only + # enabled if ENABLE_PKCS11 support was set to "ON". + # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ + ${OPENSSL_SOURCES_DIR}/crypto/ec + ${OPENSSL_SOURCES_DIR}/crypto/ecdh + ${OPENSSL_SOURCES_DIR}/crypto/ecdsa + ) + +foreach(d ${OPENSSL_SOURCES_SUBDIRS}) + AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES) +endforeach() + + +list(REMOVE_ITEM OPENSSL_SOURCES + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_nyi.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_unix.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_vms.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win32.c + ${OPENSSL_SOURCES_DIR}/crypto/LPdir_wince.c + ${OPENSSL_SOURCES_DIR}/crypto/aes/aes_x86core.c + ${OPENSSL_SOURCES_DIR}/crypto/armcap.c + ${OPENSSL_SOURCES_DIR}/crypto/des/ncbc_enc.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistp224.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistp256.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistp521.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_s390x_nistp.c + ${OPENSSL_SOURCES_DIR}/crypto/ec/ecx_s390x.c + ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c + ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c + ${OPENSSL_SOURCES_DIR}/crypto/rsa/rsa_acvp_test_params.c + ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c + ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c + ${OPENSSL_SOURCES_DIR}/engines/e_devcrypto.c + ${OPENSSL_SOURCES_DIR}/engines/e_loader_attic.c + ${OPENSSL_SOURCES_DIR}/providers/common/securitycheck_fips.c + ${OPENSSL_SOURCES_DIR}/providers/implementations/macs/blake2_mac_impl.c + + ${OPENSSL_SOURCES_DIR}/ssl/ktls.c # TODO ? + ) + + +if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux" OR + ${CMAKE_SYSTEM_NAME} STREQUAL "kFreeBSD" OR + ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" OR + ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD") + list(APPEND OPENSSL_SOURCES + ${OPENSSL_SOURCES_DIR}/providers/implementations/rands/seeding/rand_unix.c + ) +endif() + + +# Check out "${OPENSSL_SOURCES_DIR}/Configurations/README.md": "This +# is default if no option is specified, it works on any supported +# system." It is mandatory to define it as a macro, as it is used by +# all the source files that include OpenSSL (e.g. "Core/Toolbox.cpp" +# or curl) +add_definitions(-DTHIRTY_TWO_BIT) + + +if (NOT CMAKE_COMPILER_IS_GNUCXX OR + "${CMAKE_SYSTEM_NAME}" STREQUAL "Windows" OR + "${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") + # Disable the use of a gcc extension, that is neither available on + # MinGW, nor on LSB + add_definitions( + -DOPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE + ) +endif() + + +if ("${CMAKE_SYSTEM_NAME}" STREQUAL "Windows") + set(OPENSSL_DEFINITIONS + "${OPENSSL_DEFINITIONS};OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN;NO_WINDOWS_BRAINDEATH") + + if (ENABLE_OPENSSL_ENGINES) + link_libraries(crypt32) + endif() + + add_definitions( + -DOPENSSL_RAND_SEED_OS # ${OPENSSL_SOURCES_DIR}/crypto/rand/rand_win.c + ) + +elseif ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") + add_definitions( + # In order for "crypto/mem_sec.c" to compile on LSB + -DOPENSSL_NO_SECURE_MEMORY + + # The "OPENSSL_RAND_SEED_OS" value implies a syscall() to + # "__NR_getrandom" (i.e. system call "getentropy(2)") in + # "rand_unix.c", which is not available in LSB. + -DOPENSSL_RAND_SEED_DEVRANDOM + + # If "OPENSSL_NO_ERR" is not defined, the PostgreSQL plugin + # crashes with segmentation fault in function + # "build_SYS_str_reasons()", that is called from + # "OPENSSL_init_ssl()" + # https://bugs.orthanc-server.com/show_bug.cgi?id=193 + -DOPENSSL_NO_ERR + ) + +else() + # Fixes error "OpenSSL error: error:2406C06E:random number + # generator:RAND_DRBG_instantiate:error retrieving entropy" that was + # present in Orthanc 1.6.0, if statically linking on Ubuntu 18.04 + add_definitions( + -DOPENSSL_RAND_SEED_OS + ) +endif() + + +set_source_files_properties( + ${OPENSSL_SOURCES} + PROPERTIES COMPILE_DEFINITIONS + "${OPENSSL_DEFINITIONS};DSO_NONE" + ) diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake --- a/OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake Mon Jun 21 17:55:53 2021 +0200 +++ b/OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake Tue Jun 22 07:09:34 2021 +0200 @@ -93,7 +93,7 @@ set(MSVC_MULTIPLE_PROCESSES OFF CACHE BOOL "Add the /MP option to build with multiple processes if using Visual Studio") set(EMSCRIPTEN_TARGET_MODE "wasm" CACHE STRING "Sets the target mode for Emscripten (can be \"wasm\" or \"asm.js\")") set(EMSCRIPTEN_TRAP_MODE "" CACHE STRING "Sets the trap mode for Emscripten for numeric errors (can notably be empty, or \"clamp\")") -set(OPENSSL_STATIC_VERSION "1.1.1" CACHE STRING "Version of OpenSSL to be used in static builds (can be \"1.0.2\", or \"1.1.1\")") +set(OPENSSL_STATIC_VERSION "3.0" CACHE STRING "Version of OpenSSL to be used in static builds (can be \"1.0.2\", \"1.1.1\", or \"3.0\")") set(CIVETWEB_OPENSSL_API "1.1" CACHE STRING "Version of the OpenSSL API to be used in civetweb in static builds (can be \"1.0\" or \"1.1\"") set(ORTHANC_LUA_VERSION "" CACHE STRING "Force the version of Lua to be used by Orthanc (for instance \"5.3\"), if empty, this will be autodetected") diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/Patches/OpenSSL-ConfigureHeaders.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancFramework/Resources/Patches/OpenSSL-ConfigureHeaders.py Tue Jun 22 07:09:34 2021 +0200 @@ -0,0 +1,164 @@ +#!/usr/bin/env python + +# Orthanc - A Lightweight, RESTful DICOM Store +# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics +# Department, University Hospital of Liege, Belgium +# Copyright (C) 2017-2021 Osimis S.A., Belgium +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation, either version 3 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program. If not, see +# . + + +import json +import os +import re +import sys + +if len(sys.argv) != 2: + raise Exception('Bad number of arguments') + + +# This emulates "util/perl/OpenSSL/stackhash.pm" + +GENERATE_STACK_MACROS = ''' +SKM_DEFINE_STACK_OF_INTERNAL(${nametype}, ${realtype}, ${plaintype}) +#define sk_${nametype}_num(sk) OPENSSL_sk_num(ossl_check_const_${nametype}_sk_type(sk)) +#define sk_${nametype}_value(sk, idx) ((${realtype} *)OPENSSL_sk_value(ossl_check_const_${nametype}_sk_type(sk), (idx))) +#define sk_${nametype}_new(cmp) ((STACK_OF(${nametype}) *)OPENSSL_sk_new(ossl_check_${nametype}_compfunc_type(cmp))) +#define sk_${nametype}_new_null() ((STACK_OF(${nametype}) *)OPENSSL_sk_new_null()) +#define sk_${nametype}_new_reserve(cmp, n) ((STACK_OF(${nametype}) *)OPENSSL_sk_new_reserve(ossl_check_${nametype}_compfunc_type(cmp), (n))) +#define sk_${nametype}_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_${nametype}_sk_type(sk), (n)) +#define sk_${nametype}_free(sk) OPENSSL_sk_free(ossl_check_${nametype}_sk_type(sk)) +#define sk_${nametype}_zero(sk) OPENSSL_sk_zero(ossl_check_${nametype}_sk_type(sk)) +#define sk_${nametype}_delete(sk, i) ((${realtype} *)OPENSSL_sk_delete(ossl_check_${nametype}_sk_type(sk), (i))) +#define sk_${nametype}_delete_ptr(sk, ptr) ((${realtype} *)OPENSSL_sk_delete_ptr(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))) +#define sk_${nametype}_push(sk, ptr) OPENSSL_sk_push(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr)) +#define sk_${nametype}_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr)) +#define sk_${nametype}_pop(sk) ((${realtype} *)OPENSSL_sk_pop(ossl_check_${nametype}_sk_type(sk))) +#define sk_${nametype}_shift(sk) ((${realtype} *)OPENSSL_sk_shift(ossl_check_${nametype}_sk_type(sk))) +#define sk_${nametype}_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_${nametype}_sk_type(sk),ossl_check_${nametype}_freefunc_type(freefunc)) +#define sk_${nametype}_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr), (idx)) +#define sk_${nametype}_set(sk, idx, ptr) ((${realtype} *)OPENSSL_sk_set(ossl_check_${nametype}_sk_type(sk), (idx), ossl_check_${nametype}_type(ptr))) +#define sk_${nametype}_find(sk, ptr) OPENSSL_sk_find(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr)) +#define sk_${nametype}_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr)) +#define sk_${nametype}_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr), pnum) +#define sk_${nametype}_sort(sk) OPENSSL_sk_sort(ossl_check_${nametype}_sk_type(sk)) +#define sk_${nametype}_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_${nametype}_sk_type(sk)) +#define sk_${nametype}_dup(sk) ((STACK_OF(${nametype}) *)OPENSSL_sk_dup(ossl_check_const_${nametype}_sk_type(sk))) +#define sk_${nametype}_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(${nametype}) *)OPENSSL_sk_deep_copy(ossl_check_const_${nametype}_sk_type(sk), ossl_check_${nametype}_copyfunc_type(copyfunc), ossl_check_${nametype}_freefunc_type(freefunc))) +#define sk_${nametype}_set_cmp_func(sk, cmp) ((sk_${nametype}_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_compfunc_type(cmp))) +''' + + +GENERATE_LHASH_MACROS = ''' +DEFINE_LHASH_OF_INTERNAL(${type}); +#define lh_${type}_new(hfn, cmp) ((LHASH_OF(${type}) *)OPENSSL_LH_new(ossl_check_${type}_lh_hashfunc_type(hfn), ossl_check_${type}_lh_compfunc_type(cmp))) +#define lh_${type}_free(lh) OPENSSL_LH_free(ossl_check_${type}_lh_type(lh)) +#define lh_${type}_flush(lh) OPENSSL_LH_flush(ossl_check_${type}_lh_type(lh)) +#define lh_${type}_insert(lh, ptr) ((${type} *)OPENSSL_LH_insert(ossl_check_${type}_lh_type(lh), ossl_check_${type}_lh_plain_type(ptr))) +#define lh_${type}_delete(lh, ptr) ((${type} *)OPENSSL_LH_delete(ossl_check_${type}_lh_type(lh), ossl_check_const_${type}_lh_plain_type(ptr))) +#define lh_${type}_retrieve(lh, ptr) ((${type} *)OPENSSL_LH_retrieve(ossl_check_${type}_lh_type(lh), ossl_check_const_${type}_lh_plain_type(ptr))) +#define lh_${type}_error(lh) OPENSSL_LH_error(ossl_check_${type}_lh_type(lh)) +#define lh_${type}_num_items(lh) OPENSSL_LH_num_items(ossl_check_${type}_lh_type(lh)) +#define lh_${type}_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_${type}_lh_type(lh), out) +#define lh_${type}_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_${type}_lh_type(lh), out) +#define lh_${type}_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_${type}_lh_type(lh), out) +#define lh_${type}_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_${type}_lh_type(lh)) +#define lh_${type}_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_${type}_lh_type(lh), dl) +#define lh_${type}_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_${type}_lh_type(lh), ossl_check_${type}_lh_doallfunc_type(dfn)) +''' + + +with open(os.path.join(os.path.dirname(os.path.realpath(__file__)), + 'OpenSSL-ExtractProvidersOIDs.json'), 'r') as f: + OIDS = json.loads(f.read()) + + +CURRENT_HEADER = '' + +def Parse(match): + s = '' + + for t in re.findall('generate_stack_macros\("(.+?)"\)', match.group(1)): + s += (GENERATE_STACK_MACROS + .replace('${nametype}', t) + .replace('${realtype}', t) + .replace('${plaintype}', t)) + + for t in re.findall('generate_const_stack_macros\("(.+?)"\)', match.group(1)): + s += (GENERATE_STACK_MACROS + .replace('${nametype}', t) + .replace('${realtype}', 'const %s' % t) + .replace('${plaintype}', t)) + + for t in re.findall('generate_stack_string_macros\(\)', match.group(1)): + s += (GENERATE_STACK_MACROS + .replace('${nametype}', 'OPENSSL_STRING') + .replace('${realtype}', 'char') + .replace('${plaintype}', 'char')) + + for t in re.findall('generate_stack_const_string_macros\(\)', match.group(1)): + s += (GENERATE_STACK_MACROS + .replace('${nametype}', 'OPENSSL_CSTRING') + .replace('${realtype}', 'const char') + .replace('${plaintype}', 'char')) + + for t in re.findall('generate_stack_block_macros\(\)', match.group(1)): + s += (GENERATE_STACK_MACROS + .replace('${nametype}', 'OPENSSL_BLOCK') + .replace('${realtype}', 'void') + .replace('${plaintype}', 'void')) + + for t in re.findall('generate_lhash_macros\("(.+?)"\)', match.group(1)): + s += GENERATE_LHASH_MACROS.replace('${type}', t) + + for t in re.findall('\$config{rc4_int}', match.group(1)): + s += 'unsigned int' + + for t in re.findall('oids_to_c::process_leaves\(.+?\)', match.group(1), re.MULTILINE | re.DOTALL): + if not CURRENT_HEADER in OIDS: + raise Exception('Unknown header: %s' % CURRENT_HEADER) + + for (name, definition) in OIDS[CURRENT_HEADER].items(): + s += '#define DER_OID_V_%s %s\n' % (name, ', '.join(definition)) + s += '#define DER_OID_SZ_%s %d\n' % (name, len(definition)) + s += 'extern const unsigned char ossl_der_oid_%s[DER_OID_SZ_%s];\n\n' % (name, name) + + return s + + +for base in [ 'include/openssl', + 'providers/common/include/prov' ]: + directory = os.path.join(sys.argv[1], base) + for source in os.listdir(directory): + if source.endswith('.h.in'): + target = re.sub('\.h\.in$', '.h', source) + + with open(os.path.join(directory, source), 'r') as f: + with open(os.path.join(directory, target), 'w') as g: + CURRENT_HEADER = source + g.write(re.sub('{-(.*?)-}.*?$', Parse, f.read(), + flags = re.MULTILINE | re.DOTALL)) + + +with open(os.path.join(sys.argv[1], 'providers/common/der/orthanc_oids_gen.c'), 'w') as f: + for (header, content) in OIDS.items(): + f.write('#include "prov/%s"\n' % re.sub('\.h\.in$', '.h', header)) + + f.write('\n') + + for (header, content) in OIDS.items(): + for (name, definition) in content.items(): + f.write('const unsigned char ossl_der_oid_%s[DER_OID_SZ_%s] = { DER_OID_V_%s };\n' % ( + name, name, name)) diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.json --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.json Tue Jun 22 07:09:34 2021 +0200 @@ -0,0 +1,1225 @@ +{ + "der_digests.h.in": { + "id_KMACWithSHAKE128": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x13" + ], + "id_KMACWithSHAKE256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x14" + ], + "id_md2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x02", + "0x02" + ], + "id_md5": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x02", + "0x05" + ], + "id_sha1": [ + "DER_P_OBJECT", + "5", + "0x2B", + "0x0E", + "0x03", + "0x02", + "0x1A" + ], + "id_sha224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x04" + ], + "id_sha256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x01" + ], + "id_sha384": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x02" + ], + "id_sha3_224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x07" + ], + "id_sha3_256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x08" + ], + "id_sha3_384": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x09" + ], + "id_sha3_512": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x0A" + ], + "id_sha512": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x03" + ], + "id_sha512_224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x05" + ], + "id_sha512_256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x06" + ], + "id_shake128": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x0B" + ], + "id_shake128_len": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x11" + ], + "id_shake256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x0C" + ], + "id_shake256_len": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02", + "0x12" + ], + "sigAlgs": [ + "DER_P_OBJECT", + "8", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03" + ] + }, + "der_dsa.h.in": { + "id_dsa": [ + "DER_P_OBJECT", + "7", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x38", + "0x04", + "0x01" + ], + "id_dsa_with_sha1": [ + "DER_P_OBJECT", + "7", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x38", + "0x04", + "0x03" + ], + "id_dsa_with_sha224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x01" + ], + "id_dsa_with_sha256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x02" + ], + "id_dsa_with_sha384": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x03" + ], + "id_dsa_with_sha3_224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x05" + ], + "id_dsa_with_sha3_256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x06" + ], + "id_dsa_with_sha3_384": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x07" + ], + "id_dsa_with_sha3_512": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x08" + ], + "id_dsa_with_sha512": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x04" + ] + }, + "der_ec.h.in": { + "c2onb191v4": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x08" + ], + "c2onb191v5": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x09" + ], + "c2onb239v4": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x0E" + ], + "c2onb239v5": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x0F" + ], + "c2pnb163v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x01" + ], + "c2pnb163v2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x02" + ], + "c2pnb163v3": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x03" + ], + "c2pnb176w1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x04" + ], + "c2pnb208w1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x0A" + ], + "c2pnb272w1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x10" + ], + "c2pnb304w1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x11" + ], + "c2pnb368w1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x13" + ], + "c2tnb191v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x05" + ], + "c2tnb191v2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x06" + ], + "c2tnb191v3": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x07" + ], + "c2tnb239v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x0B" + ], + "c2tnb239v2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x0C" + ], + "c2tnb239v3": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x0D" + ], + "c2tnb359v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x12" + ], + "c2tnb431r1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x00", + "0x14" + ], + "ecdsa_with_SHA1": [ + "DER_P_OBJECT", + "7", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x04", + "0x01" + ], + "ecdsa_with_SHA224": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x04", + "0x03", + "0x01" + ], + "ecdsa_with_SHA256": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x04", + "0x03", + "0x02" + ], + "ecdsa_with_SHA384": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x04", + "0x03", + "0x03" + ], + "ecdsa_with_SHA512": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x04", + "0x03", + "0x04" + ], + "id_ecPublicKey": [ + "DER_P_OBJECT", + "7", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x02", + "0x01" + ], + "id_ecdsa_with_sha3_224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x09" + ], + "id_ecdsa_with_sha3_256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x0A" + ], + "id_ecdsa_with_sha3_384": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x0B" + ], + "id_ecdsa_with_sha3_512": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x0C" + ], + "prime192v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x01" + ], + "prime192v2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x02" + ], + "prime192v3": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x03" + ], + "prime239v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x04" + ], + "prime239v2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x05" + ], + "prime239v3": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x06" + ], + "prime256v1": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x86", + "0x48", + "0xCE", + "0x3D", + "0x03", + "0x01", + "0x07" + ] + }, + "der_ecx.h.in": { + "id_Ed25519": [ + "DER_P_OBJECT", + "3", + "0x2B", + "0x65", + "0x70" + ], + "id_Ed448": [ + "DER_P_OBJECT", + "3", + "0x2B", + "0x65", + "0x71" + ], + "id_X25519": [ + "DER_P_OBJECT", + "3", + "0x2B", + "0x65", + "0x6E" + ], + "id_X448": [ + "DER_P_OBJECT", + "3", + "0x2B", + "0x65", + "0x6F" + ] + }, + "der_rsa.h.in": { + "hashAlgs": [ + "DER_P_OBJECT", + "8", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x02" + ], + "id_RSAES_OAEP": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x07" + ], + "id_RSASSA_PSS": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x0A" + ], + "id_mgf1": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x08" + ], + "id_pSpecified": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x09" + ], + "id_rsassa_pkcs1_v1_5_with_sha3_224": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x0D" + ], + "id_rsassa_pkcs1_v1_5_with_sha3_256": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x0E" + ], + "id_rsassa_pkcs1_v1_5_with_sha3_384": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x0F" + ], + "id_rsassa_pkcs1_v1_5_with_sha3_512": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x03", + "0x10" + ], + "md2WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x02" + ], + "md4WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x03" + ], + "md5WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x04" + ], + "mdc2WithRSASignature": [ + "DER_P_OBJECT", + "5", + "0x2B", + "0x0E", + "0x03", + "0x02", + "0x0E" + ], + "ripemd160WithRSAEncryption": [ + "DER_P_OBJECT", + "6", + "0x2B", + "0x24", + "0x03", + "0x03", + "0x01", + "0x02" + ], + "rsaEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x01" + ], + "sha1WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x05" + ], + "sha224WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x0E" + ], + "sha256WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x0B" + ], + "sha384WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x0C" + ], + "sha512WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x0D" + ], + "sha512_224WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x0F" + ], + "sha512_256WithRSAEncryption": [ + "DER_P_OBJECT", + "9", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x01", + "0x10" + ] + }, + "der_sm2.h.in": { + "curveSM2": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x81", + "0x1C", + "0xCF", + "0x55", + "0x01", + "0x82", + "0x2D" + ], + "sm2_with_SM3": [ + "DER_P_OBJECT", + "8", + "0x2A", + "0x81", + "0x1C", + "0xCF", + "0x55", + "0x01", + "0x83", + "0x75" + ] + }, + "der_wrap.h.in": { + "id_aes128_wrap": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x01", + "0x05" + ], + "id_aes192_wrap": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x01", + "0x19" + ], + "id_aes256_wrap": [ + "DER_P_OBJECT", + "9", + "0x60", + "0x86", + "0x48", + "0x01", + "0x65", + "0x03", + "0x04", + "0x01", + "0x2D" + ], + "id_alg_CMS3DESwrap": [ + "DER_P_OBJECT", + "11", + "0x2A", + "0x86", + "0x48", + "0x86", + "0xF7", + "0x0D", + "0x01", + "0x09", + "0x10", + "0x03", + "0x06" + ] + } +} \ No newline at end of file diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.py Tue Jun 22 07:09:34 2021 +0200 @@ -0,0 +1,71 @@ +#!/usr/bin/env python + +# Orthanc - A Lightweight, RESTful DICOM Store +# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics +# Department, University Hospital of Liege, Belgium +# Copyright (C) 2017-2021 Osimis S.A., Belgium +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation, either version 3 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this program. If not, see +# . + + +## +## This is a maintenance script to automatically extract the OIDs +## generated from the ".asn1" files by the OpenSSL configuration +## script "./Configure". This script generates the file +## "OpenSSL-ExtractProvidersOIDs.json". The output JSON is then used +## by "OpenSSL-ConfigureHeaders.py". +## + + +import json +import os +import re +import sys + +if len(sys.argv) != 2: + raise Exception('Provide the path to your configured OpenSSL 3.x build directory') + +BASE = os.path.join(sys.argv[1], 'providers/common/include/prov') +TARGET = 'OpenSSL-ExtractProvidersOIDs.json' +RESULT = {} + + +for source in os.listdir(BASE): + if source.endswith('.h.in'): + path = os.path.join(BASE, re.sub('.in$', '', source)) + + content = {} + + with open(path, 'r') as f: + for definition in re.findall('#define (DER_OID_V_.+?)#define (DER_OID_SZ_.+?)extern const(.+?)$', f.read(), re.MULTILINE | re.DOTALL): + oid = definition[0].strip().split(' ') + + name = oid[0].replace('DER_OID_V_', '') + oid = oid[1:] + + sizes = definition[1].strip().split(' ') + if (name in content or + len(sizes) != 2 or + sizes[0] != 'DER_OID_SZ_%s' % name or + int(sizes[1]) != len(oid)): + raise Exception('Cannot parse %s, for OID %s' % (path, name)) + + content[name] = list(map(lambda x: x.replace(',', ''), oid)) + + RESULT[source] = content + + +with open(os.path.join(os.path.dirname(os.path.realpath(__file__)), TARGET), 'w') as f: + f.write(json.dumps(RESULT, sort_keys = True, indent = 4)) diff -r 68635d365a27 -r 312e0e29de90 OrthancFramework/Resources/Patches/openssl-3.0.0-beta1.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/OrthancFramework/Resources/Patches/openssl-3.0.0-beta1.patch Tue Jun 22 07:09:34 2021 +0200 @@ -0,0 +1,19 @@ +diff -urEb openssl-3.0.0-beta1.orig/providers/implementations/rands/seeding/rand_unix.c openssl-3.0.0-beta1/providers/implementations/rands/seeding/rand_unix.c +--- openssl-3.0.0-beta1.orig/providers/implementations/rands/seeding/rand_unix.c 2021-06-21 18:25:55.220224494 +0200 ++++ openssl-3.0.0-beta1/providers/implementations/rands/seeding/rand_unix.c 2021-06-21 18:26:44.884237640 +0200 +@@ -447,6 +447,7 @@ + * system call and this should always succeed which renders + * this alternative but essentially identical source moot. + */ ++#if !defined(__LSB_VERSION__) // "syscall()" is not available in LSB + if (uname(&un) == 0) { + kernel[0] = atoi(un.release); + p = strchr(un.release, '.'); +@@ -457,6 +458,7 @@ + return 0; + } + } ++#endif + /* Open /dev/random and wait for it to be readable */ + if ((fd = open(DEVRANDOM_WAIT, O_RDONLY)) != -1) { + if (DEVRANDM_WAIT_USE_SELECT && fd < FD_SETSIZE) { diff -r 68635d365a27 -r 312e0e29de90 OrthancServer/UnitTestsSources/VersionsTests.cpp --- a/OrthancServer/UnitTestsSources/VersionsTests.cpp Mon Jun 21 17:55:53 2021 +0200 +++ b/OrthancServer/UnitTestsSources/VersionsTests.cpp Tue Jun 22 07:09:34 2021 +0200 @@ -178,7 +178,8 @@ TEST(Version, OpenSslStatic) { ASSERT_TRUE(OPENSSL_VERSION_NUMBER == 0x1000210fL /* openssl-1.0.2p */ || - OPENSSL_VERSION_NUMBER == 0x101010bfL /* openssl-1.1.1k */); + OPENSSL_VERSION_NUMBER == 0x101010bfL /* openssl-1.1.1k */ || + OPENSSL_VERSION_NUMBER == 0x3000000fL /* openssl-3.0.0 */); } #endif