changeset 4702:312e0e29de90 openssl-3.x

compilation using openssl-3.0.0-beta1
author Sebastien Jodogne <s.jodogne@gmail.com>
date Tue, 22 Jun 2021 07:09:34 +0200
parents 68635d365a27
children c832cb6ef4f9
files NEWS OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-3.0.cmake OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake OrthancFramework/Resources/Patches/OpenSSL-ConfigureHeaders.py OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.json OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.py OrthancFramework/Resources/Patches/openssl-3.0.0-beta1.patch OrthancServer/UnitTestsSources/VersionsTests.cpp
diffstat 9 files changed, 1879 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/NEWS	Mon Jun 21 17:55:53 2021 +0200
+++ b/NEWS	Tue Jun 22 07:09:34 2021 +0200
@@ -49,6 +49,14 @@
 * C-MOVE SCP: added possible DIMSE status "Sub-operations Complete - One or more Failures"
 * Fix issue #146 (Update Anonyization to 2019c) - was actually updated to 2021b
 
+OpenSSL 3.x branch
+------------------
+
+* General information:
+  https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/
+* Upgraded dependencies for static builds (notably on Windows and LSB):
+  - openssl 3.0.0-beta1
+
 
 Version 1.9.3 (2021-05-07)
 ==========================
--- a/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake	Mon Jun 21 17:55:53 2021 +0200
+++ b/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake	Tue Jun 22 07:09:34 2021 +0200
@@ -23,6 +23,8 @@
     include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.0.2.cmake)
   elseif (OPENSSL_STATIC_VERSION STREQUAL "1.1.1")
     include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.1.1.cmake)
+  elseif (OPENSSL_STATIC_VERSION STREQUAL "3.0")
+    include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-3.0.cmake)
   else()
     message(FATAL_ERROR "Unsupported version of OpenSSL: ${OPENSSL_STATIC_VERSION}")
   endif()
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-3.0.cmake	Tue Jun 22 07:09:34 2021 +0200
@@ -0,0 +1,387 @@
+# Orthanc - A Lightweight, RESTful DICOM Store
+# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
+# Department, University Hospital of Liege, Belgium
+# Copyright (C) 2017-2021 Osimis S.A., Belgium
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation, either version 3 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+
+
+set(OPENSSL_VERSION_MAJOR 3)
+set(OPENSSL_VERSION_MINOR 0)
+set(OPENSSL_VERSION_PATCH 0)
+set(OPENSSL_VERSION_PRE_RELEASE "-beta1")
+set(OPENSSL_VERSION_FULL "${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_PATCH}${OPENSSL_VERSION_PRE_RELEASE}")
+SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-${OPENSSL_VERSION_FULL})
+SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-${OPENSSL_VERSION_FULL}.tar.gz")
+SET(OPENSSL_MD5 "437b21bd0e09fbaa0a89151c6c0130a7")
+
+if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}")
+  set(FirstRun OFF)
+else()
+  set(FirstRun ON)
+endif()
+
+DownloadPackage(${OPENSSL_MD5} ${OPENSSL_URL} "${OPENSSL_SOURCES_DIR}")
+
+
+if (FirstRun)
+  # Apply the patches
+  execute_process(
+    COMMAND ${PATCH_EXECUTABLE} -p0 -N -i
+    ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-3.0.0-beta1.patch
+    WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
+    RESULT_VARIABLE Failure
+    )
+
+  if (Failure)
+    message(FATAL_ERROR "Error while patching a file")
+  endif()
+
+  execute_process(
+    COMMAND ${PYTHON_EXECUTABLE}
+    ${CMAKE_CURRENT_LIST_DIR}/../Patches/OpenSSL-ConfigureHeaders.py
+    "${OPENSSL_SOURCES_DIR}"
+    RESULT_VARIABLE Failure
+    )
+
+  if (Failure)
+    message(FATAL_ERROR "Error while configuring the OpenSSL headers")
+  endif()
+
+  file(WRITE ${OPENSSL_SOURCES_DIR}/include/openssl/opensslv.h "")
+  file(WRITE ${OPENSSL_SOURCES_DIR}/include/crypto/bn_conf.h "")
+  file(WRITE ${OPENSSL_SOURCES_DIR}/include/crypto/dso_conf.h "")
+
+  file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/buildinf.h "
+#define DATE \"\"
+#define PLATFORM \"\"
+#define compiler_flags \"\"
+")
+
+else()
+  message("The patches for OpenSSL have already been applied")
+endif()
+
+
+if (OPENSSL_VERSION_PRE_RELEASE STREQUAL "")
+  set(VERSION_VERSION_OFFSET 0)
+else()
+  set(VERSION_VERSION_OFFSET 15)
+endif()
+
+math(EXPR OPENSSL_CONFIGURED_API "${OPENSSL_VERSION_MAJOR} * 10000 + ${OPENSSL_VERSION_MINOR} * 100 + ${OPENSSL_VERSION_PATCH}")
+
+# This macro is normally defined in "opensslv.h.in"
+math(EXPR OPENSSL_VERSION_NUMBER "(${OPENSSL_VERSION_MAJOR} << 28) + (${OPENSSL_VERSION_MINOR} << 20) + (${OPENSSL_VERSION_PATCH} << 4) + ${VERSION_VERSION_OFFSET}")
+
+list(GET CMAKE_FIND_LIBRARY_SUFFIXES 0 OPENSSL_DSO_EXTENSION)
+
+add_definitions(
+  -DOPENSSL_VERSION_MAJOR=${OPENSSL_VERSION_MAJOR}
+  -DOPENSSL_VERSION_MINOR=${OPENSSL_VERSION_MINOR}
+  -DOPENSSL_VERSION_PATCH=${OPENSSL_VERSION_PATCH}
+  -DOPENSSL_CONFIGURED_API=${OPENSSL_CONFIGURED_API}
+  -DOPENSSL_VERSION_NUMBER=${OPENSSL_VERSION_NUMBER}
+  -DOPENSSL_VERSION_PRE_RELEASE="${OPENSSL_VERSION_PRE_RELEASE}"
+  -DOPENSSL_VERSION_BUILD_METADATA=""
+  -DOPENSSL_VERSION_TEXT="OpenSSL ${OPENSSL_VERSION_FULL}"
+  -DOPENSSL_VERSION_STR="${OPENSSL_VERSION_MAJOR}.${OPENSSL_VERSION_MINOR}.${OPENSSL_VERSION_PATCH}"
+  -DOPENSSL_FULL_VERSION_STR="${OPENSSL_VERSION_FULL}"
+  -DDSO_EXTENSION="${OPENSSL_DSO_EXTENSION}"
+
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DMODULESDIR=""  # TODO
+  
+  -DOPENSSL_BUILDING_OPENSSL
+  -DOPENSSL_THREADS
+  -DOPENSSL_IA32_SSE2
+  
+  -DOPENSSL_NO_AFALGENG
+  -DOPENSSL_NO_ASM
+  -DOPENSSL_NO_DEVCRYPTOENG
+  -DOPENSSL_NO_DYNAMIC_ENGINE
+  -DOPENSSL_NO_EC_NISTP_64_GCC_128
+  -DOPENSSL_NO_GOST
+  -DOPENSSL_NO_RFC3779
+  -DOPENSSL_NO_SCTP
+
+  -DOPENSSL_NO_KTLS  # TODO ?
+  )
+
+
+include_directories(
+  ${OPENSSL_SOURCES_DIR}
+  ${OPENSSL_SOURCES_DIR}/crypto/asn1
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32
+  ${OPENSSL_SOURCES_DIR}/crypto/evp
+  ${OPENSSL_SOURCES_DIR}/crypto/include
+  ${OPENSSL_SOURCES_DIR}/crypto/modes
+  ${OPENSSL_SOURCES_DIR}/include
+  ${OPENSSL_SOURCES_DIR}/providers/common/include
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/include
+  )
+
+
+set(OPENSSL_SOURCES_SUBDIRS
+  ## Assembly is disabled
+  # ${OPENSSL_SOURCES_DIR}/crypto/aes/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/bf/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/bn/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/camellia/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/cast/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/chacha/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/des/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/ec/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/md5/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/modes/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/poly1305/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/rc4/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/rc5/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/ripemd/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/sha/asm
+  # ${OPENSSL_SOURCES_DIR}/crypto/whrlpool/asm
+
+  ${OPENSSL_SOURCES_DIR}/crypto
+  ${OPENSSL_SOURCES_DIR}/crypto/aes
+  ${OPENSSL_SOURCES_DIR}/crypto/aria
+  ${OPENSSL_SOURCES_DIR}/crypto/asn1
+  ${OPENSSL_SOURCES_DIR}/crypto/async
+  ${OPENSSL_SOURCES_DIR}/crypto/async/arch
+  ${OPENSSL_SOURCES_DIR}/crypto/bf
+  ${OPENSSL_SOURCES_DIR}/crypto/bio
+  ${OPENSSL_SOURCES_DIR}/crypto/bn
+  ${OPENSSL_SOURCES_DIR}/crypto/buffer
+  ${OPENSSL_SOURCES_DIR}/crypto/camellia
+  ${OPENSSL_SOURCES_DIR}/crypto/cast
+  ${OPENSSL_SOURCES_DIR}/crypto/chacha
+  ${OPENSSL_SOURCES_DIR}/crypto/cmac
+  ${OPENSSL_SOURCES_DIR}/crypto/cmp
+  ${OPENSSL_SOURCES_DIR}/crypto/cms
+  ${OPENSSL_SOURCES_DIR}/crypto/comp
+  ${OPENSSL_SOURCES_DIR}/crypto/conf
+  ${OPENSSL_SOURCES_DIR}/crypto/crmf
+  ${OPENSSL_SOURCES_DIR}/crypto/ct
+  ${OPENSSL_SOURCES_DIR}/crypto/des
+  ${OPENSSL_SOURCES_DIR}/crypto/dh
+  ${OPENSSL_SOURCES_DIR}/crypto/dsa
+  ${OPENSSL_SOURCES_DIR}/crypto/dso
+  ${OPENSSL_SOURCES_DIR}/crypto/ec
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_64
+  ${OPENSSL_SOURCES_DIR}/crypto/encode_decode
+  ${OPENSSL_SOURCES_DIR}/crypto/engine
+  ${OPENSSL_SOURCES_DIR}/crypto/err
+  ${OPENSSL_SOURCES_DIR}/crypto/ess
+  ${OPENSSL_SOURCES_DIR}/crypto/evp
+  ${OPENSSL_SOURCES_DIR}/crypto/ffc
+  ${OPENSSL_SOURCES_DIR}/crypto/hmac
+  ${OPENSSL_SOURCES_DIR}/crypto/http
+  ${OPENSSL_SOURCES_DIR}/crypto/idea
+  ${OPENSSL_SOURCES_DIR}/crypto/kdf
+  ${OPENSSL_SOURCES_DIR}/crypto/lhash
+  ${OPENSSL_SOURCES_DIR}/crypto/md2
+  ${OPENSSL_SOURCES_DIR}/crypto/md4
+  ${OPENSSL_SOURCES_DIR}/crypto/md5
+  ${OPENSSL_SOURCES_DIR}/crypto/mdc2
+  ${OPENSSL_SOURCES_DIR}/crypto/modes
+  ${OPENSSL_SOURCES_DIR}/crypto/objects
+  ${OPENSSL_SOURCES_DIR}/crypto/ocsp
+  ${OPENSSL_SOURCES_DIR}/crypto/pem
+  ${OPENSSL_SOURCES_DIR}/crypto/perlasm
+  ${OPENSSL_SOURCES_DIR}/crypto/pkcs12
+  ${OPENSSL_SOURCES_DIR}/crypto/pkcs7
+  ${OPENSSL_SOURCES_DIR}/crypto/poly1305
+  ${OPENSSL_SOURCES_DIR}/crypto/property
+  ${OPENSSL_SOURCES_DIR}/crypto/rand
+  ${OPENSSL_SOURCES_DIR}/crypto/rc2
+  ${OPENSSL_SOURCES_DIR}/crypto/rc4
+  ${OPENSSL_SOURCES_DIR}/crypto/rc5
+  ${OPENSSL_SOURCES_DIR}/crypto/ripemd
+  ${OPENSSL_SOURCES_DIR}/crypto/rsa
+  ${OPENSSL_SOURCES_DIR}/crypto/seed
+  ${OPENSSL_SOURCES_DIR}/crypto/sha
+  ${OPENSSL_SOURCES_DIR}/crypto/siphash
+  ${OPENSSL_SOURCES_DIR}/crypto/sm2
+  ${OPENSSL_SOURCES_DIR}/crypto/sm3
+  ${OPENSSL_SOURCES_DIR}/crypto/sm4
+  ${OPENSSL_SOURCES_DIR}/crypto/srp
+  ${OPENSSL_SOURCES_DIR}/crypto/stack
+  ${OPENSSL_SOURCES_DIR}/crypto/store
+  ${OPENSSL_SOURCES_DIR}/crypto/ts
+  ${OPENSSL_SOURCES_DIR}/crypto/txt_db
+  ${OPENSSL_SOURCES_DIR}/crypto/ui
+  ${OPENSSL_SOURCES_DIR}/crypto/whrlpool
+  ${OPENSSL_SOURCES_DIR}/crypto/x509
+
+  # ${OPENSSL_SOURCES_DIR}/providers/implementations/rands/seeding  # OS-specific
+  ${OPENSSL_SOURCES_DIR}/providers
+  ${OPENSSL_SOURCES_DIR}/providers/common
+  ${OPENSSL_SOURCES_DIR}/providers/common/der
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/asymciphers
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/ciphers
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/digests
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/encode_decode
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/exchange
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/kdfs
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/kem
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/keymgmt
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/macs
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/rands
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/signature
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/storemgmt
+
+  ${OPENSSL_SOURCES_DIR}/ssl
+  ${OPENSSL_SOURCES_DIR}/ssl/record
+  ${OPENSSL_SOURCES_DIR}/ssl/statem
+  )
+
+if (ENABLE_OPENSSL_ENGINES)
+  add_definitions(
+    #-DENGINESDIR="/usr/local/lib/engines-1.1"  # On GNU/Linux
+    -DENGINESDIR="."
+    )
+
+  list(APPEND OPENSSL_SOURCES_SUBDIRS
+    ${OPENSSL_SOURCES_DIR}/engines
+    ${OPENSSL_SOURCES_DIR}/crypto/engine
+    )
+else()
+  add_definitions(-DOPENSSL_NO_ENGINE)
+endif()
+
+list(APPEND OPENSSL_SOURCES_SUBDIRS
+  # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting
+  # HTTPS servers that use TLS certificate encrypted with ECDSA
+  # (check the output of a recent version of the "sslscan"
+  # command). Until Orthanc <= 1.4.1, these features were only
+  # enabled if ENABLE_PKCS11 support was set to "ON".
+  # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ
+  ${OPENSSL_SOURCES_DIR}/crypto/ec
+  ${OPENSSL_SOURCES_DIR}/crypto/ecdh
+  ${OPENSSL_SOURCES_DIR}/crypto/ecdsa
+  )
+
+foreach(d ${OPENSSL_SOURCES_SUBDIRS})
+  AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES)
+endforeach()
+
+
+list(REMOVE_ITEM OPENSSL_SOURCES
+  ${OPENSSL_SOURCES_DIR}/crypto/LPdir_nyi.c
+  ${OPENSSL_SOURCES_DIR}/crypto/LPdir_unix.c
+  ${OPENSSL_SOURCES_DIR}/crypto/LPdir_vms.c
+  ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win.c
+  ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win32.c
+  ${OPENSSL_SOURCES_DIR}/crypto/LPdir_wince.c
+  ${OPENSSL_SOURCES_DIR}/crypto/aes/aes_x86core.c
+  ${OPENSSL_SOURCES_DIR}/crypto/armcap.c
+  ${OPENSSL_SOURCES_DIR}/crypto/des/ncbc_enc.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistp224.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistp256.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistp521.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_s390x_nistp.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ec/ecx_s390x.c
+  ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c
+  ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c
+  ${OPENSSL_SOURCES_DIR}/crypto/rsa/rsa_acvp_test_params.c
+  ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c
+  ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c
+  ${OPENSSL_SOURCES_DIR}/engines/e_devcrypto.c
+  ${OPENSSL_SOURCES_DIR}/engines/e_loader_attic.c
+  ${OPENSSL_SOURCES_DIR}/providers/common/securitycheck_fips.c
+  ${OPENSSL_SOURCES_DIR}/providers/implementations/macs/blake2_mac_impl.c
+
+  ${OPENSSL_SOURCES_DIR}/ssl/ktls.c   # TODO ?
+  )
+
+
+if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux" OR
+    ${CMAKE_SYSTEM_NAME} STREQUAL "kFreeBSD" OR
+    ${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" OR
+    ${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD")
+  list(APPEND OPENSSL_SOURCES
+    ${OPENSSL_SOURCES_DIR}/providers/implementations/rands/seeding/rand_unix.c
+    )
+endif()
+  
+
+# Check out "${OPENSSL_SOURCES_DIR}/Configurations/README.md": "This
+# is default if no option is specified, it works on any supported
+# system." It is mandatory to define it as a macro, as it is used by
+# all the source files that include OpenSSL (e.g. "Core/Toolbox.cpp"
+# or curl)
+add_definitions(-DTHIRTY_TWO_BIT)
+
+
+if (NOT CMAKE_COMPILER_IS_GNUCXX OR
+    "${CMAKE_SYSTEM_NAME}" STREQUAL "Windows" OR
+    "${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase")
+  # Disable the use of a gcc extension, that is neither available on
+  # MinGW, nor on LSB
+  add_definitions(
+    -DOPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    )
+endif()
+
+
+if ("${CMAKE_SYSTEM_NAME}" STREQUAL "Windows")
+  set(OPENSSL_DEFINITIONS
+    "${OPENSSL_DEFINITIONS};OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN;NO_WINDOWS_BRAINDEATH")
+  
+  if (ENABLE_OPENSSL_ENGINES)
+    link_libraries(crypt32)
+  endif()
+
+  add_definitions(
+    -DOPENSSL_RAND_SEED_OS  # ${OPENSSL_SOURCES_DIR}/crypto/rand/rand_win.c
+    )
+ 
+elseif ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase")
+  add_definitions(
+    # In order for "crypto/mem_sec.c" to compile on LSB
+    -DOPENSSL_NO_SECURE_MEMORY
+
+    # The "OPENSSL_RAND_SEED_OS" value implies a syscall() to
+    # "__NR_getrandom" (i.e. system call "getentropy(2)") in
+    # "rand_unix.c", which is not available in LSB.
+    -DOPENSSL_RAND_SEED_DEVRANDOM
+
+    # If "OPENSSL_NO_ERR" is not defined, the PostgreSQL plugin
+    # crashes with segmentation fault in function
+    # "build_SYS_str_reasons()", that is called from
+    # "OPENSSL_init_ssl()"
+    # https://bugs.orthanc-server.com/show_bug.cgi?id=193
+    -DOPENSSL_NO_ERR
+    )
+
+else()
+  # Fixes error "OpenSSL error: error:2406C06E:random number
+  # generator:RAND_DRBG_instantiate:error retrieving entropy" that was
+  # present in Orthanc 1.6.0, if statically linking on Ubuntu 18.04
+  add_definitions(
+    -DOPENSSL_RAND_SEED_OS
+    )
+endif()
+
+
+set_source_files_properties(
+  ${OPENSSL_SOURCES}
+    PROPERTIES COMPILE_DEFINITIONS
+    "${OPENSSL_DEFINITIONS};DSO_NONE"
+    )
--- a/OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake	Mon Jun 21 17:55:53 2021 +0200
+++ b/OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake	Tue Jun 22 07:09:34 2021 +0200
@@ -93,7 +93,7 @@
 set(MSVC_MULTIPLE_PROCESSES OFF CACHE BOOL "Add the /MP option to build with multiple processes if using Visual Studio")
 set(EMSCRIPTEN_TARGET_MODE "wasm" CACHE STRING "Sets the target mode for Emscripten (can be \"wasm\" or \"asm.js\")")
 set(EMSCRIPTEN_TRAP_MODE "" CACHE STRING "Sets the trap mode for Emscripten for numeric errors (can notably be empty, or \"clamp\")")
-set(OPENSSL_STATIC_VERSION "1.1.1" CACHE STRING "Version of OpenSSL to be used in static builds (can be \"1.0.2\", or \"1.1.1\")")
+set(OPENSSL_STATIC_VERSION "3.0" CACHE STRING "Version of OpenSSL to be used in static builds (can be \"1.0.2\", \"1.1.1\", or \"3.0\")")
 set(CIVETWEB_OPENSSL_API "1.1" CACHE STRING "Version of the OpenSSL API to be used in civetweb in static builds (can be \"1.0\" or \"1.1\"")
 set(ORTHANC_LUA_VERSION "" CACHE STRING "Force the version of Lua to be used by Orthanc (for instance \"5.3\"), if empty, this will be autodetected")
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/OrthancFramework/Resources/Patches/OpenSSL-ConfigureHeaders.py	Tue Jun 22 07:09:34 2021 +0200
@@ -0,0 +1,164 @@
+#!/usr/bin/env python
+
+# Orthanc - A Lightweight, RESTful DICOM Store
+# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
+# Department, University Hospital of Liege, Belgium
+# Copyright (C) 2017-2021 Osimis S.A., Belgium
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation, either version 3 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+
+
+import json
+import os
+import re
+import sys
+
+if len(sys.argv) != 2:
+    raise Exception('Bad number of arguments')
+
+
+# This emulates "util/perl/OpenSSL/stackhash.pm"
+
+GENERATE_STACK_MACROS = '''
+SKM_DEFINE_STACK_OF_INTERNAL(${nametype}, ${realtype}, ${plaintype})
+#define sk_${nametype}_num(sk) OPENSSL_sk_num(ossl_check_const_${nametype}_sk_type(sk))
+#define sk_${nametype}_value(sk, idx) ((${realtype} *)OPENSSL_sk_value(ossl_check_const_${nametype}_sk_type(sk), (idx)))
+#define sk_${nametype}_new(cmp) ((STACK_OF(${nametype}) *)OPENSSL_sk_new(ossl_check_${nametype}_compfunc_type(cmp)))
+#define sk_${nametype}_new_null() ((STACK_OF(${nametype}) *)OPENSSL_sk_new_null())
+#define sk_${nametype}_new_reserve(cmp, n) ((STACK_OF(${nametype}) *)OPENSSL_sk_new_reserve(ossl_check_${nametype}_compfunc_type(cmp), (n)))
+#define sk_${nametype}_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_${nametype}_sk_type(sk), (n))
+#define sk_${nametype}_free(sk) OPENSSL_sk_free(ossl_check_${nametype}_sk_type(sk))
+#define sk_${nametype}_zero(sk) OPENSSL_sk_zero(ossl_check_${nametype}_sk_type(sk))
+#define sk_${nametype}_delete(sk, i) ((${realtype} *)OPENSSL_sk_delete(ossl_check_${nametype}_sk_type(sk), (i)))
+#define sk_${nametype}_delete_ptr(sk, ptr) ((${realtype} *)OPENSSL_sk_delete_ptr(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr)))
+#define sk_${nametype}_push(sk, ptr) OPENSSL_sk_push(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_pop(sk) ((${realtype} *)OPENSSL_sk_pop(ossl_check_${nametype}_sk_type(sk)))
+#define sk_${nametype}_shift(sk) ((${realtype} *)OPENSSL_sk_shift(ossl_check_${nametype}_sk_type(sk)))
+#define sk_${nametype}_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_${nametype}_sk_type(sk),ossl_check_${nametype}_freefunc_type(freefunc))
+#define sk_${nametype}_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr), (idx))
+#define sk_${nametype}_set(sk, idx, ptr) ((${realtype} *)OPENSSL_sk_set(ossl_check_${nametype}_sk_type(sk), (idx), ossl_check_${nametype}_type(ptr)))
+#define sk_${nametype}_find(sk, ptr) OPENSSL_sk_find(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_find_all(sk, ptr, pnum) OPENSSL_sk_find_all(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr), pnum)
+#define sk_${nametype}_sort(sk) OPENSSL_sk_sort(ossl_check_${nametype}_sk_type(sk))
+#define sk_${nametype}_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_${nametype}_sk_type(sk))
+#define sk_${nametype}_dup(sk) ((STACK_OF(${nametype}) *)OPENSSL_sk_dup(ossl_check_const_${nametype}_sk_type(sk)))
+#define sk_${nametype}_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(${nametype}) *)OPENSSL_sk_deep_copy(ossl_check_const_${nametype}_sk_type(sk), ossl_check_${nametype}_copyfunc_type(copyfunc), ossl_check_${nametype}_freefunc_type(freefunc)))
+#define sk_${nametype}_set_cmp_func(sk, cmp) ((sk_${nametype}_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_compfunc_type(cmp)))
+'''
+
+
+GENERATE_LHASH_MACROS = '''
+DEFINE_LHASH_OF_INTERNAL(${type});
+#define lh_${type}_new(hfn, cmp) ((LHASH_OF(${type}) *)OPENSSL_LH_new(ossl_check_${type}_lh_hashfunc_type(hfn), ossl_check_${type}_lh_compfunc_type(cmp)))
+#define lh_${type}_free(lh) OPENSSL_LH_free(ossl_check_${type}_lh_type(lh))
+#define lh_${type}_flush(lh) OPENSSL_LH_flush(ossl_check_${type}_lh_type(lh))
+#define lh_${type}_insert(lh, ptr) ((${type} *)OPENSSL_LH_insert(ossl_check_${type}_lh_type(lh), ossl_check_${type}_lh_plain_type(ptr)))
+#define lh_${type}_delete(lh, ptr) ((${type} *)OPENSSL_LH_delete(ossl_check_${type}_lh_type(lh), ossl_check_const_${type}_lh_plain_type(ptr)))
+#define lh_${type}_retrieve(lh, ptr) ((${type} *)OPENSSL_LH_retrieve(ossl_check_${type}_lh_type(lh), ossl_check_const_${type}_lh_plain_type(ptr)))
+#define lh_${type}_error(lh) OPENSSL_LH_error(ossl_check_${type}_lh_type(lh))
+#define lh_${type}_num_items(lh) OPENSSL_LH_num_items(ossl_check_${type}_lh_type(lh))
+#define lh_${type}_node_stats_bio(lh, out) OPENSSL_LH_node_stats_bio(ossl_check_const_${type}_lh_type(lh), out)
+#define lh_${type}_node_usage_stats_bio(lh, out) OPENSSL_LH_node_usage_stats_bio(ossl_check_const_${type}_lh_type(lh), out)
+#define lh_${type}_stats_bio(lh, out) OPENSSL_LH_stats_bio(ossl_check_const_${type}_lh_type(lh), out)
+#define lh_${type}_get_down_load(lh) OPENSSL_LH_get_down_load(ossl_check_${type}_lh_type(lh))
+#define lh_${type}_set_down_load(lh, dl) OPENSSL_LH_set_down_load(ossl_check_${type}_lh_type(lh), dl)
+#define lh_${type}_doall(lh, dfn) OPENSSL_LH_doall(ossl_check_${type}_lh_type(lh), ossl_check_${type}_lh_doallfunc_type(dfn))
+'''
+
+
+with open(os.path.join(os.path.dirname(os.path.realpath(__file__)),
+                       'OpenSSL-ExtractProvidersOIDs.json'), 'r') as f:
+    OIDS = json.loads(f.read())
+
+
+CURRENT_HEADER = ''
+    
+def Parse(match):
+    s = ''
+    
+    for t in re.findall('generate_stack_macros\("(.+?)"\)', match.group(1)):
+        s += (GENERATE_STACK_MACROS
+              .replace('${nametype}', t)
+              .replace('${realtype}', t)
+              .replace('${plaintype}', t))
+        
+    for t in re.findall('generate_const_stack_macros\("(.+?)"\)', match.group(1)):
+        s += (GENERATE_STACK_MACROS
+              .replace('${nametype}', t)
+              .replace('${realtype}', 'const %s' % t)
+              .replace('${plaintype}', t))
+
+    for t in re.findall('generate_stack_string_macros\(\)', match.group(1)):
+        s += (GENERATE_STACK_MACROS
+              .replace('${nametype}', 'OPENSSL_STRING')
+              .replace('${realtype}', 'char')
+              .replace('${plaintype}', 'char'))
+
+    for t in re.findall('generate_stack_const_string_macros\(\)', match.group(1)):
+        s += (GENERATE_STACK_MACROS
+              .replace('${nametype}', 'OPENSSL_CSTRING')
+              .replace('${realtype}', 'const char')
+              .replace('${plaintype}', 'char'))
+
+    for t in re.findall('generate_stack_block_macros\(\)', match.group(1)):
+        s += (GENERATE_STACK_MACROS
+              .replace('${nametype}', 'OPENSSL_BLOCK')
+              .replace('${realtype}', 'void')
+              .replace('${plaintype}', 'void'))
+        
+    for t in re.findall('generate_lhash_macros\("(.+?)"\)', match.group(1)):
+        s += GENERATE_LHASH_MACROS.replace('${type}', t)
+
+    for t in re.findall('\$config{rc4_int}', match.group(1)):
+        s += 'unsigned int'
+
+    for t in re.findall('oids_to_c::process_leaves\(.+?\)', match.group(1), re.MULTILINE | re.DOTALL):
+        if not CURRENT_HEADER in OIDS:
+            raise Exception('Unknown header: %s' % CURRENT_HEADER)
+
+        for (name, definition) in OIDS[CURRENT_HEADER].items():
+            s += '#define DER_OID_V_%s %s\n' % (name, ', '.join(definition))
+            s += '#define DER_OID_SZ_%s %d\n' % (name, len(definition))
+            s += 'extern const unsigned char ossl_der_oid_%s[DER_OID_SZ_%s];\n\n' % (name, name)
+        
+    return s
+
+
+for base in [ 'include/openssl',
+              'providers/common/include/prov' ]:
+    directory = os.path.join(sys.argv[1], base)
+    for source in os.listdir(directory):
+        if source.endswith('.h.in'):
+            target = re.sub('\.h\.in$', '.h', source)
+                            
+            with open(os.path.join(directory, source), 'r') as f:
+                with open(os.path.join(directory, target), 'w') as g:
+                    CURRENT_HEADER = source
+                    g.write(re.sub('{-(.*?)-}.*?$', Parse, f.read(),
+                                   flags = re.MULTILINE | re.DOTALL))
+
+
+with open(os.path.join(sys.argv[1], 'providers/common/der/orthanc_oids_gen.c'), 'w') as f:
+    for (header, content) in OIDS.items():
+        f.write('#include "prov/%s"\n' % re.sub('\.h\.in$', '.h', header))
+
+    f.write('\n')
+        
+    for (header, content) in OIDS.items():
+        for (name, definition) in content.items():
+            f.write('const unsigned char ossl_der_oid_%s[DER_OID_SZ_%s] = { DER_OID_V_%s };\n' % (
+                name, name, name))
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.json	Tue Jun 22 07:09:34 2021 +0200
@@ -0,0 +1,1225 @@
+{
+    "der_digests.h.in": {
+        "id_KMACWithSHAKE128": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x13"
+        ], 
+        "id_KMACWithSHAKE256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x14"
+        ], 
+        "id_md2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x02", 
+            "0x02"
+        ], 
+        "id_md5": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x02", 
+            "0x05"
+        ], 
+        "id_sha1": [
+            "DER_P_OBJECT", 
+            "5", 
+            "0x2B", 
+            "0x0E", 
+            "0x03", 
+            "0x02", 
+            "0x1A"
+        ], 
+        "id_sha224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x04"
+        ], 
+        "id_sha256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x01"
+        ], 
+        "id_sha384": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x02"
+        ], 
+        "id_sha3_224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x07"
+        ], 
+        "id_sha3_256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x08"
+        ], 
+        "id_sha3_384": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x09"
+        ], 
+        "id_sha3_512": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x0A"
+        ], 
+        "id_sha512": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x03"
+        ], 
+        "id_sha512_224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x05"
+        ], 
+        "id_sha512_256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x06"
+        ], 
+        "id_shake128": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x0B"
+        ], 
+        "id_shake128_len": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x11"
+        ], 
+        "id_shake256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x0C"
+        ], 
+        "id_shake256_len": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02", 
+            "0x12"
+        ], 
+        "sigAlgs": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03"
+        ]
+    }, 
+    "der_dsa.h.in": {
+        "id_dsa": [
+            "DER_P_OBJECT", 
+            "7", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x38", 
+            "0x04", 
+            "0x01"
+        ], 
+        "id_dsa_with_sha1": [
+            "DER_P_OBJECT", 
+            "7", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x38", 
+            "0x04", 
+            "0x03"
+        ], 
+        "id_dsa_with_sha224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x01"
+        ], 
+        "id_dsa_with_sha256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x02"
+        ], 
+        "id_dsa_with_sha384": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x03"
+        ], 
+        "id_dsa_with_sha3_224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x05"
+        ], 
+        "id_dsa_with_sha3_256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x06"
+        ], 
+        "id_dsa_with_sha3_384": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x07"
+        ], 
+        "id_dsa_with_sha3_512": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x08"
+        ], 
+        "id_dsa_with_sha512": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x04"
+        ]
+    }, 
+    "der_ec.h.in": {
+        "c2onb191v4": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x08"
+        ], 
+        "c2onb191v5": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x09"
+        ], 
+        "c2onb239v4": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x0E"
+        ], 
+        "c2onb239v5": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x0F"
+        ], 
+        "c2pnb163v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x01"
+        ], 
+        "c2pnb163v2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x02"
+        ], 
+        "c2pnb163v3": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x03"
+        ], 
+        "c2pnb176w1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x04"
+        ], 
+        "c2pnb208w1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x0A"
+        ], 
+        "c2pnb272w1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x10"
+        ], 
+        "c2pnb304w1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x11"
+        ], 
+        "c2pnb368w1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x13"
+        ], 
+        "c2tnb191v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x05"
+        ], 
+        "c2tnb191v2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x06"
+        ], 
+        "c2tnb191v3": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x07"
+        ], 
+        "c2tnb239v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x0B"
+        ], 
+        "c2tnb239v2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x0C"
+        ], 
+        "c2tnb239v3": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x0D"
+        ], 
+        "c2tnb359v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x12"
+        ], 
+        "c2tnb431r1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x00", 
+            "0x14"
+        ], 
+        "ecdsa_with_SHA1": [
+            "DER_P_OBJECT", 
+            "7", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x04", 
+            "0x01"
+        ], 
+        "ecdsa_with_SHA224": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x04", 
+            "0x03", 
+            "0x01"
+        ], 
+        "ecdsa_with_SHA256": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x04", 
+            "0x03", 
+            "0x02"
+        ], 
+        "ecdsa_with_SHA384": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x04", 
+            "0x03", 
+            "0x03"
+        ], 
+        "ecdsa_with_SHA512": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x04", 
+            "0x03", 
+            "0x04"
+        ], 
+        "id_ecPublicKey": [
+            "DER_P_OBJECT", 
+            "7", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x02", 
+            "0x01"
+        ], 
+        "id_ecdsa_with_sha3_224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x09"
+        ], 
+        "id_ecdsa_with_sha3_256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x0A"
+        ], 
+        "id_ecdsa_with_sha3_384": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x0B"
+        ], 
+        "id_ecdsa_with_sha3_512": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x0C"
+        ], 
+        "prime192v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x01"
+        ], 
+        "prime192v2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x02"
+        ], 
+        "prime192v3": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x03"
+        ], 
+        "prime239v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x04"
+        ], 
+        "prime239v2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x05"
+        ], 
+        "prime239v3": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x06"
+        ], 
+        "prime256v1": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0xCE", 
+            "0x3D", 
+            "0x03", 
+            "0x01", 
+            "0x07"
+        ]
+    }, 
+    "der_ecx.h.in": {
+        "id_Ed25519": [
+            "DER_P_OBJECT", 
+            "3", 
+            "0x2B", 
+            "0x65", 
+            "0x70"
+        ], 
+        "id_Ed448": [
+            "DER_P_OBJECT", 
+            "3", 
+            "0x2B", 
+            "0x65", 
+            "0x71"
+        ], 
+        "id_X25519": [
+            "DER_P_OBJECT", 
+            "3", 
+            "0x2B", 
+            "0x65", 
+            "0x6E"
+        ], 
+        "id_X448": [
+            "DER_P_OBJECT", 
+            "3", 
+            "0x2B", 
+            "0x65", 
+            "0x6F"
+        ]
+    }, 
+    "der_rsa.h.in": {
+        "hashAlgs": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x02"
+        ], 
+        "id_RSAES_OAEP": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x07"
+        ], 
+        "id_RSASSA_PSS": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x0A"
+        ], 
+        "id_mgf1": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x08"
+        ], 
+        "id_pSpecified": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x09"
+        ], 
+        "id_rsassa_pkcs1_v1_5_with_sha3_224": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x0D"
+        ], 
+        "id_rsassa_pkcs1_v1_5_with_sha3_256": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x0E"
+        ], 
+        "id_rsassa_pkcs1_v1_5_with_sha3_384": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x0F"
+        ], 
+        "id_rsassa_pkcs1_v1_5_with_sha3_512": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x03", 
+            "0x10"
+        ], 
+        "md2WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x02"
+        ], 
+        "md4WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x03"
+        ], 
+        "md5WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x04"
+        ], 
+        "mdc2WithRSASignature": [
+            "DER_P_OBJECT", 
+            "5", 
+            "0x2B", 
+            "0x0E", 
+            "0x03", 
+            "0x02", 
+            "0x0E"
+        ], 
+        "ripemd160WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "6", 
+            "0x2B", 
+            "0x24", 
+            "0x03", 
+            "0x03", 
+            "0x01", 
+            "0x02"
+        ], 
+        "rsaEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x01"
+        ], 
+        "sha1WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x05"
+        ], 
+        "sha224WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x0E"
+        ], 
+        "sha256WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x0B"
+        ], 
+        "sha384WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x0C"
+        ], 
+        "sha512WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x0D"
+        ], 
+        "sha512_224WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x0F"
+        ], 
+        "sha512_256WithRSAEncryption": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x01", 
+            "0x10"
+        ]
+    }, 
+    "der_sm2.h.in": {
+        "curveSM2": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x81", 
+            "0x1C", 
+            "0xCF", 
+            "0x55", 
+            "0x01", 
+            "0x82", 
+            "0x2D"
+        ], 
+        "sm2_with_SM3": [
+            "DER_P_OBJECT", 
+            "8", 
+            "0x2A", 
+            "0x81", 
+            "0x1C", 
+            "0xCF", 
+            "0x55", 
+            "0x01", 
+            "0x83", 
+            "0x75"
+        ]
+    }, 
+    "der_wrap.h.in": {
+        "id_aes128_wrap": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x01", 
+            "0x05"
+        ], 
+        "id_aes192_wrap": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x01", 
+            "0x19"
+        ], 
+        "id_aes256_wrap": [
+            "DER_P_OBJECT", 
+            "9", 
+            "0x60", 
+            "0x86", 
+            "0x48", 
+            "0x01", 
+            "0x65", 
+            "0x03", 
+            "0x04", 
+            "0x01", 
+            "0x2D"
+        ], 
+        "id_alg_CMS3DESwrap": [
+            "DER_P_OBJECT", 
+            "11", 
+            "0x2A", 
+            "0x86", 
+            "0x48", 
+            "0x86", 
+            "0xF7", 
+            "0x0D", 
+            "0x01", 
+            "0x09", 
+            "0x10", 
+            "0x03", 
+            "0x06"
+        ]
+    }
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/OrthancFramework/Resources/Patches/OpenSSL-ExtractProvidersOIDs.py	Tue Jun 22 07:09:34 2021 +0200
@@ -0,0 +1,71 @@
+#!/usr/bin/env python
+
+# Orthanc - A Lightweight, RESTful DICOM Store
+# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
+# Department, University Hospital of Liege, Belgium
+# Copyright (C) 2017-2021 Osimis S.A., Belgium
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation, either version 3 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program. If not, see
+# <http://www.gnu.org/licenses/>.
+
+
+##
+## This is a maintenance script to automatically extract the OIDs
+## generated from the ".asn1" files by the OpenSSL configuration
+## script "./Configure". This script generates the file
+## "OpenSSL-ExtractProvidersOIDs.json". The output JSON is then used
+## by "OpenSSL-ConfigureHeaders.py".
+##
+
+
+import json
+import os
+import re
+import sys
+
+if len(sys.argv) != 2:
+    raise Exception('Provide the path to your configured OpenSSL 3.x build directory')
+
+BASE = os.path.join(sys.argv[1], 'providers/common/include/prov')
+TARGET = 'OpenSSL-ExtractProvidersOIDs.json'
+RESULT = {}
+
+
+for source in os.listdir(BASE):
+    if source.endswith('.h.in'):
+        path = os.path.join(BASE, re.sub('.in$', '', source))
+
+        content = {}
+        
+        with open(path, 'r') as f:
+            for definition in re.findall('#define (DER_OID_V_.+?)#define (DER_OID_SZ_.+?)extern const(.+?)$', f.read(), re.MULTILINE | re.DOTALL):
+                oid = definition[0].strip().split(' ')
+                
+                name = oid[0].replace('DER_OID_V_', '')
+                oid = oid[1:]
+
+                sizes = definition[1].strip().split(' ')
+                if (name in content or
+                    len(sizes) != 2 or
+                    sizes[0] != 'DER_OID_SZ_%s' % name or
+                    int(sizes[1]) != len(oid)):
+                    raise Exception('Cannot parse %s, for OID %s' % (path, name))
+
+                content[name] = list(map(lambda x: x.replace(',', ''), oid))
+
+        RESULT[source] = content
+
+
+with open(os.path.join(os.path.dirname(os.path.realpath(__file__)), TARGET), 'w') as f:
+    f.write(json.dumps(RESULT, sort_keys = True, indent = 4))
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/OrthancFramework/Resources/Patches/openssl-3.0.0-beta1.patch	Tue Jun 22 07:09:34 2021 +0200
@@ -0,0 +1,19 @@
+diff -urEb openssl-3.0.0-beta1.orig/providers/implementations/rands/seeding/rand_unix.c openssl-3.0.0-beta1/providers/implementations/rands/seeding/rand_unix.c
+--- openssl-3.0.0-beta1.orig/providers/implementations/rands/seeding/rand_unix.c	2021-06-21 18:25:55.220224494 +0200
++++ openssl-3.0.0-beta1/providers/implementations/rands/seeding/rand_unix.c	2021-06-21 18:26:44.884237640 +0200
+@@ -447,6 +447,7 @@
+              * system call and this should always succeed which renders
+              * this alternative but essentially identical source moot.
+              */
++#if !defined(__LSB_VERSION__)  // "syscall()" is not available in LSB
+             if (uname(&un) == 0) {
+                 kernel[0] = atoi(un.release);
+                 p = strchr(un.release, '.');
+@@ -457,6 +458,7 @@
+                     return 0;
+                 }
+             }
++#endif
+             /* Open /dev/random and wait for it to be readable */
+             if ((fd = open(DEVRANDOM_WAIT, O_RDONLY)) != -1) {
+                 if (DEVRANDM_WAIT_USE_SELECT && fd < FD_SETSIZE) {
--- a/OrthancServer/UnitTestsSources/VersionsTests.cpp	Mon Jun 21 17:55:53 2021 +0200
+++ b/OrthancServer/UnitTestsSources/VersionsTests.cpp	Tue Jun 22 07:09:34 2021 +0200
@@ -178,7 +178,8 @@
 TEST(Version, OpenSslStatic)
 {
   ASSERT_TRUE(OPENSSL_VERSION_NUMBER == 0x1000210fL /* openssl-1.0.2p */ ||
-              OPENSSL_VERSION_NUMBER == 0x101010bfL /* openssl-1.1.1k */);
+              OPENSSL_VERSION_NUMBER == 0x101010bfL /* openssl-1.1.1k */ ||
+              OPENSSL_VERSION_NUMBER == 0x3000000fL /* openssl-3.0.0 */);
 }
 #endif