Mercurial > hg > orthanc
changeset 4703:c832cb6ef4f9 openssl-3.x
Dropped support for static compilation of OpenSSL 1.0.2 and 1.1.1
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 22 Jun 2021 07:17:43 +0200 |
parents | 312e0e29de90 |
children | f0038043fb97 |
files | NEWS OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-1.0.2.cmake OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake OrthancFramework/Resources/Patches/openssl-1.1.1-conf.h.in OrthancFramework/Resources/Patches/openssl-1.1.1k.patch OrthancServer/UnitTestsSources/VersionsTests.cpp |
diffstat | 8 files changed, 4 insertions(+), 814 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Tue Jun 22 07:09:34 2021 +0200 +++ b/NEWS Tue Jun 22 07:17:43 2021 +0200 @@ -54,6 +54,7 @@ * General information: https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/ +* Dropped support for static compilation of OpenSSL 1.0.2 and 1.1.1 * Upgraded dependencies for static builds (notably on Windows and LSB): - openssl 3.0.0-beta1
--- a/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake Tue Jun 22 07:09:34 2021 +0200 +++ b/OrthancFramework/Resources/CMake/OpenSslConfiguration.cmake Tue Jun 22 07:17:43 2021 +0200 @@ -19,11 +19,7 @@ if (STATIC_BUILD OR NOT USE_SYSTEM_OPENSSL) - if (OPENSSL_STATIC_VERSION STREQUAL "1.0.2") - include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.0.2.cmake) - elseif (OPENSSL_STATIC_VERSION STREQUAL "1.1.1") - include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-1.1.1.cmake) - elseif (OPENSSL_STATIC_VERSION STREQUAL "3.0") + if (OPENSSL_STATIC_VERSION STREQUAL "3.0") include(${CMAKE_CURRENT_LIST_DIR}/OpenSslConfigurationStatic-3.0.cmake) else() message(FATAL_ERROR "Unsupported version of OpenSSL: ${OPENSSL_STATIC_VERSION}")
--- a/OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-1.0.2.cmake Tue Jun 22 07:09:34 2021 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,352 +0,0 @@ -# Orthanc - A Lightweight, RESTful DICOM Store -# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics -# Department, University Hospital of Liege, Belgium -# Copyright (C) 2017-2021 Osimis S.A., Belgium -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public License -# as published by the Free Software Foundation, either version 3 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - - -SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.0.2p) -SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-1.0.2p.tar.gz") -SET(OPENSSL_MD5 "ac5eb30bf5798aa14b1ae6d0e7da58df") - -if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}") - set(FirstRun OFF) -else() - set(FirstRun ON) -endif() - -DownloadPackage(${OPENSSL_MD5} ${OPENSSL_URL} "${OPENSSL_SOURCES_DIR}") - -if (FirstRun) - file(MAKE_DIRECTORY ${OPENSSL_SOURCES_DIR}/include/openssl) - - foreach(header - ${OPENSSL_SOURCES_DIR}/crypto/aes/aes.h - ${OPENSSL_SOURCES_DIR}/crypto/asn1/asn1.h - ${OPENSSL_SOURCES_DIR}/crypto/asn1/asn1_mac.h - ${OPENSSL_SOURCES_DIR}/crypto/asn1/asn1t.h - ${OPENSSL_SOURCES_DIR}/crypto/bf/blowfish.h - ${OPENSSL_SOURCES_DIR}/crypto/bio/bio.h - ${OPENSSL_SOURCES_DIR}/crypto/bn/bn.h - ${OPENSSL_SOURCES_DIR}/crypto/buffer/buffer.h - ${OPENSSL_SOURCES_DIR}/crypto/camellia/camellia.h - ${OPENSSL_SOURCES_DIR}/crypto/cast/cast.h - ${OPENSSL_SOURCES_DIR}/crypto/cmac/cmac.h - ${OPENSSL_SOURCES_DIR}/crypto/cms/cms.h - ${OPENSSL_SOURCES_DIR}/crypto/comp/comp.h - ${OPENSSL_SOURCES_DIR}/crypto/conf/conf.h - ${OPENSSL_SOURCES_DIR}/crypto/conf/conf_api.h - ${OPENSSL_SOURCES_DIR}/crypto/crypto.h - ${OPENSSL_SOURCES_DIR}/crypto/des/des.h - ${OPENSSL_SOURCES_DIR}/crypto/des/des_old.h - ${OPENSSL_SOURCES_DIR}/crypto/dh/dh.h - ${OPENSSL_SOURCES_DIR}/crypto/dsa/dsa.h - ${OPENSSL_SOURCES_DIR}/crypto/dso/dso.h - ${OPENSSL_SOURCES_DIR}/crypto/ebcdic.h - ${OPENSSL_SOURCES_DIR}/crypto/ec/ec.h - ${OPENSSL_SOURCES_DIR}/crypto/ecdh/ecdh.h - ${OPENSSL_SOURCES_DIR}/crypto/ecdsa/ecdsa.h - ${OPENSSL_SOURCES_DIR}/crypto/engine/engine.h - ${OPENSSL_SOURCES_DIR}/crypto/err/err.h - ${OPENSSL_SOURCES_DIR}/crypto/evp/evp.h - ${OPENSSL_SOURCES_DIR}/crypto/hmac/hmac.h - ${OPENSSL_SOURCES_DIR}/crypto/idea/idea.h - ${OPENSSL_SOURCES_DIR}/crypto/jpake/jpake.h - ${OPENSSL_SOURCES_DIR}/crypto/krb5/krb5_asn.h - ${OPENSSL_SOURCES_DIR}/crypto/lhash/lhash.h - ${OPENSSL_SOURCES_DIR}/crypto/md2/md2.h - ${OPENSSL_SOURCES_DIR}/crypto/md4/md4.h - ${OPENSSL_SOURCES_DIR}/crypto/md5/md5.h - ${OPENSSL_SOURCES_DIR}/crypto/mdc2/mdc2.h - ${OPENSSL_SOURCES_DIR}/crypto/modes/modes.h - ${OPENSSL_SOURCES_DIR}/crypto/objects/obj_mac.h - ${OPENSSL_SOURCES_DIR}/crypto/objects/objects.h - ${OPENSSL_SOURCES_DIR}/crypto/ocsp/ocsp.h - ${OPENSSL_SOURCES_DIR}/crypto/opensslconf.h - ${OPENSSL_SOURCES_DIR}/crypto/opensslv.h - ${OPENSSL_SOURCES_DIR}/crypto/ossl_typ.h - ${OPENSSL_SOURCES_DIR}/crypto/pem/pem.h - ${OPENSSL_SOURCES_DIR}/crypto/pem/pem2.h - ${OPENSSL_SOURCES_DIR}/crypto/pkcs12/pkcs12.h - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/pkcs7.h - ${OPENSSL_SOURCES_DIR}/crypto/pqueue/pqueue.h - ${OPENSSL_SOURCES_DIR}/crypto/rand/rand.h - ${OPENSSL_SOURCES_DIR}/crypto/rc2/rc2.h - ${OPENSSL_SOURCES_DIR}/crypto/rc4/rc4.h - ${OPENSSL_SOURCES_DIR}/crypto/rc5/rc5.h - ${OPENSSL_SOURCES_DIR}/crypto/ripemd/ripemd.h - ${OPENSSL_SOURCES_DIR}/crypto/rsa/rsa.h - ${OPENSSL_SOURCES_DIR}/crypto/seed/seed.h - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha.h - ${OPENSSL_SOURCES_DIR}/crypto/srp/srp.h - ${OPENSSL_SOURCES_DIR}/crypto/stack/safestack.h - ${OPENSSL_SOURCES_DIR}/crypto/stack/stack.h - ${OPENSSL_SOURCES_DIR}/crypto/store/store.h - ${OPENSSL_SOURCES_DIR}/crypto/symhacks.h - ${OPENSSL_SOURCES_DIR}/crypto/ts/ts.h - ${OPENSSL_SOURCES_DIR}/crypto/txt_db/txt_db.h - ${OPENSSL_SOURCES_DIR}/crypto/ui/ui.h - ${OPENSSL_SOURCES_DIR}/crypto/ui/ui_compat.h - ${OPENSSL_SOURCES_DIR}/crypto/whrlpool/whrlpool.h - ${OPENSSL_SOURCES_DIR}/crypto/x509/x509.h - ${OPENSSL_SOURCES_DIR}/crypto/x509/x509_vfy.h - ${OPENSSL_SOURCES_DIR}/crypto/x509v3/x509v3.h - ${OPENSSL_SOURCES_DIR}/e_os2.h - ${OPENSSL_SOURCES_DIR}/ssl/dtls1.h - ${OPENSSL_SOURCES_DIR}/ssl/kssl.h - ${OPENSSL_SOURCES_DIR}/ssl/srtp.h - ${OPENSSL_SOURCES_DIR}/ssl/ssl.h - ${OPENSSL_SOURCES_DIR}/ssl/ssl2.h - ${OPENSSL_SOURCES_DIR}/ssl/ssl23.h - ${OPENSSL_SOURCES_DIR}/ssl/ssl3.h - ${OPENSSL_SOURCES_DIR}/ssl/tls1.h - ) - file(COPY ${header} DESTINATION ${OPENSSL_SOURCES_DIR}/include/openssl) - endforeach() - - file(RENAME - ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2.h - ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2_source.h) - - # The following patch of "e_os2.h" prevents from building OpenSSL - # as a DLL under Windows. Otherwise, symbols have inconsistent - # linkage if ${OPENSSL_SOURCES} is used to create a DLL (notably - # if building an Orthanc plugin such as PostgreSQL or MySQL). - file(WRITE ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2.h " -#include \"e_os2_source.h\" -#if defined(_WIN32) -# undef OPENSSL_EXPORT -# undef OPENSSL_IMPORT -# undef OPENSSL_EXTERN -# undef OPENSSL_GLOBAL -# define OPENSSL_EXPORT -# define OPENSSL_IMPORT -# define OPENSSL_EXTERN extern -# define OPENSSL_GLOBAL -#endif -") -endif() - -add_definitions( - -DOPENSSL_THREADS - -DOPENSSL_IA32_SSE2 - -DOPENSSL_NO_ASM - -DOPENSSL_NO_DYNAMIC_ENGINE - -DNO_WINDOWS_BRAINDEATH - - -DOPENSSL_NO_BF - -DOPENSSL_NO_CAMELLIA - -DOPENSSL_NO_CAST - -DOPENSSL_NO_EC_NISTP_64_GCC_128 - -DOPENSSL_NO_GMP - -DOPENSSL_NO_GOST - -DOPENSSL_NO_HW - -DOPENSSL_NO_JPAKE - -DOPENSSL_NO_IDEA - -DOPENSSL_NO_KRB5 - -DOPENSSL_NO_MD2 - -DOPENSSL_NO_MDC2 - #-DOPENSSL_NO_MD4 # MD4 is necessary for MariaDB/MySQL client - -DOPENSSL_NO_RC2 - -DOPENSSL_NO_RC4 - -DOPENSSL_NO_RC5 - -DOPENSSL_NO_RFC3779 - -DOPENSSL_NO_SCTP - -DOPENSSL_NO_STORE - -DOPENSSL_NO_SEED - -DOPENSSL_NO_WHIRLPOOL - -DOPENSSL_NO_RIPEMD - ) - -include_directories( - ${OPENSSL_SOURCES_DIR} - ${OPENSSL_SOURCES_DIR}/crypto - ${OPENSSL_SOURCES_DIR}/crypto/asn1 - ${OPENSSL_SOURCES_DIR}/crypto/modes - ${OPENSSL_SOURCES_DIR}/crypto/evp - ${OPENSSL_SOURCES_DIR}/include - ) - -set(OPENSSL_SOURCES_SUBDIRS - ${OPENSSL_SOURCES_DIR}/crypto - ${OPENSSL_SOURCES_DIR}/crypto/aes - ${OPENSSL_SOURCES_DIR}/crypto/asn1 - ${OPENSSL_SOURCES_DIR}/crypto/bio - ${OPENSSL_SOURCES_DIR}/crypto/bn - ${OPENSSL_SOURCES_DIR}/crypto/buffer - ${OPENSSL_SOURCES_DIR}/crypto/cmac - ${OPENSSL_SOURCES_DIR}/crypto/cms - ${OPENSSL_SOURCES_DIR}/crypto/comp - ${OPENSSL_SOURCES_DIR}/crypto/conf - ${OPENSSL_SOURCES_DIR}/crypto/des - ${OPENSSL_SOURCES_DIR}/crypto/dh - ${OPENSSL_SOURCES_DIR}/crypto/dsa - ${OPENSSL_SOURCES_DIR}/crypto/dso - ${OPENSSL_SOURCES_DIR}/crypto/engine - ${OPENSSL_SOURCES_DIR}/crypto/err - ${OPENSSL_SOURCES_DIR}/crypto/evp - ${OPENSSL_SOURCES_DIR}/crypto/hmac - ${OPENSSL_SOURCES_DIR}/crypto/lhash - ${OPENSSL_SOURCES_DIR}/crypto/md4 - ${OPENSSL_SOURCES_DIR}/crypto/md5 - ${OPENSSL_SOURCES_DIR}/crypto/modes - ${OPENSSL_SOURCES_DIR}/crypto/objects - ${OPENSSL_SOURCES_DIR}/crypto/ocsp - ${OPENSSL_SOURCES_DIR}/crypto/pem - ${OPENSSL_SOURCES_DIR}/crypto/pkcs12 - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7 - ${OPENSSL_SOURCES_DIR}/crypto/pqueue - ${OPENSSL_SOURCES_DIR}/crypto/rand - ${OPENSSL_SOURCES_DIR}/crypto/rsa - ${OPENSSL_SOURCES_DIR}/crypto/sha - ${OPENSSL_SOURCES_DIR}/crypto/srp - ${OPENSSL_SOURCES_DIR}/crypto/stack - ${OPENSSL_SOURCES_DIR}/crypto/ts - ${OPENSSL_SOURCES_DIR}/crypto/txt_db - ${OPENSSL_SOURCES_DIR}/crypto/ui - ${OPENSSL_SOURCES_DIR}/crypto/x509 - ${OPENSSL_SOURCES_DIR}/crypto/x509v3 - ${OPENSSL_SOURCES_DIR}/ssl - ) - -if (ENABLE_OPENSSL_ENGINES) - list(APPEND OPENSSL_SOURCES_SUBDIRS - ${OPENSSL_SOURCES_DIR}/engines - ) -endif() - -list(APPEND OPENSSL_SOURCES_SUBDIRS - # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting - # HTTPS servers that use TLS certificate encrypted with ECDSA - # (check the output of a recent version of the "sslscan" - # command). Until Orthanc <= 1.4.1, these features were only - # enabled if ENABLE_PKCS11 support was set to "ON". - # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ - ${OPENSSL_SOURCES_DIR}/crypto/ec - ${OPENSSL_SOURCES_DIR}/crypto/ecdh - ${OPENSSL_SOURCES_DIR}/crypto/ecdsa - ) - -foreach(d ${OPENSSL_SOURCES_SUBDIRS}) - AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES) -endforeach() - -list(REMOVE_ITEM OPENSSL_SOURCES - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_unix.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_vms.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win32.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_wince.c - ${OPENSSL_SOURCES_DIR}/crypto/armcap.c - ${OPENSSL_SOURCES_DIR}/crypto/bf/bfs.cpp - ${OPENSSL_SOURCES_DIR}/crypto/bio/bss_rtcp.c - ${OPENSSL_SOURCES_DIR}/crypto/bn/exp.c - ${OPENSSL_SOURCES_DIR}/crypto/conf/cnf_save.c - ${OPENSSL_SOURCES_DIR}/crypto/conf/test.c - ${OPENSSL_SOURCES_DIR}/crypto/des/des.c - ${OPENSSL_SOURCES_DIR}/crypto/des/des3s.cpp - ${OPENSSL_SOURCES_DIR}/crypto/des/des_opts.c - ${OPENSSL_SOURCES_DIR}/crypto/des/dess.cpp - ${OPENSSL_SOURCES_DIR}/crypto/des/read_pwd.c - ${OPENSSL_SOURCES_DIR}/crypto/des/speed.c - ${OPENSSL_SOURCES_DIR}/crypto/evp/e_dsa.c - ${OPENSSL_SOURCES_DIR}/crypto/evp/m_ripemd.c - ${OPENSSL_SOURCES_DIR}/crypto/lhash/lh_test.c - ${OPENSSL_SOURCES_DIR}/crypto/md4/md4.c - ${OPENSSL_SOURCES_DIR}/crypto/md4/md4s.cpp - ${OPENSSL_SOURCES_DIR}/crypto/md4/md4test.c - ${OPENSSL_SOURCES_DIR}/crypto/md5/md5s.cpp - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/bio_ber.c - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/pk7_enc.c - ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c - ${OPENSSL_SOURCES_DIR}/crypto/rand/randtest.c - ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c - ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c - ${OPENSSL_SOURCES_DIR}/crypto/x509v3/tabtest.c - ${OPENSSL_SOURCES_DIR}/crypto/x509v3/v3conf.c - ${OPENSSL_SOURCES_DIR}/ssl/ssl_task.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_nyi.c - ${OPENSSL_SOURCES_DIR}/crypto/aes/aes_x86core.c - ${OPENSSL_SOURCES_DIR}/crypto/bio/bss_dgram.c - ${OPENSSL_SOURCES_DIR}/crypto/bn/bntest.c - ${OPENSSL_SOURCES_DIR}/crypto/bn/expspeed.c - ${OPENSSL_SOURCES_DIR}/crypto/bn/exptest.c - ${OPENSSL_SOURCES_DIR}/crypto/engine/enginetest.c - ${OPENSSL_SOURCES_DIR}/crypto/evp/evp_test.c - ${OPENSSL_SOURCES_DIR}/crypto/hmac/hmactest.c - ${OPENSSL_SOURCES_DIR}/crypto/md5/md5.c - ${OPENSSL_SOURCES_DIR}/crypto/md5/md5test.c - ${OPENSSL_SOURCES_DIR}/crypto/o_dir_test.c - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/dec.c - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/enc.c - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/sign.c - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7/verify.c - ${OPENSSL_SOURCES_DIR}/crypto/rsa/rsa_test.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha1.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha1t.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha1test.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha256t.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/sha512t.c - ${OPENSSL_SOURCES_DIR}/crypto/sha/shatest.c - ${OPENSSL_SOURCES_DIR}/crypto/srp/srptest.c - - ${OPENSSL_SOURCES_DIR}/crypto/bn/divtest.c - ${OPENSSL_SOURCES_DIR}/crypto/bn/bnspeed.c - ${OPENSSL_SOURCES_DIR}/crypto/des/destest.c - ${OPENSSL_SOURCES_DIR}/crypto/dh/p192.c - ${OPENSSL_SOURCES_DIR}/crypto/dh/p512.c - ${OPENSSL_SOURCES_DIR}/crypto/dh/p1024.c - ${OPENSSL_SOURCES_DIR}/crypto/des/rpw.c - ${OPENSSL_SOURCES_DIR}/ssl/ssltest.c - ${OPENSSL_SOURCES_DIR}/crypto/dsa/dsagen.c - ${OPENSSL_SOURCES_DIR}/crypto/dsa/dsatest.c - ${OPENSSL_SOURCES_DIR}/crypto/dh/dhtest.c - ${OPENSSL_SOURCES_DIR}/crypto/pqueue/pq_test.c - ${OPENSSL_SOURCES_DIR}/crypto/des/ncbc_enc.c - - ${OPENSSL_SOURCES_DIR}/crypto/evp/evp_extra_test.c - ${OPENSSL_SOURCES_DIR}/crypto/evp/verify_extra_test.c - ${OPENSSL_SOURCES_DIR}/crypto/x509/verify_extra_test.c - ${OPENSSL_SOURCES_DIR}/crypto/x509v3/v3prin.c - ${OPENSSL_SOURCES_DIR}/crypto/x509v3/v3nametest.c - ${OPENSSL_SOURCES_DIR}/crypto/constant_time_test.c - - ${OPENSSL_SOURCES_DIR}/ssl/heartbeat_test.c - ${OPENSSL_SOURCES_DIR}/ssl/fatalerrtest.c - ${OPENSSL_SOURCES_DIR}/ssl/dtlstest.c - ${OPENSSL_SOURCES_DIR}/ssl/bad_dtls_test.c - ${OPENSSL_SOURCES_DIR}/ssl/clienthellotest.c - ${OPENSSL_SOURCES_DIR}/ssl/sslv2conftest.c - - ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c - ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c - ${OPENSSL_SOURCES_DIR}/crypto/ec/ectest.c - ${OPENSSL_SOURCES_DIR}/crypto/ecdh/ecdhtest.c - ${OPENSSL_SOURCES_DIR}/crypto/ecdsa/ecdsatest.c - ) - - -if ("${CMAKE_SYSTEM_NAME}" STREQUAL "Windows") - set_source_files_properties( - ${OPENSSL_SOURCES} - PROPERTIES COMPILE_DEFINITIONS - "OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN") - - if (ENABLE_OPENSSL_ENGINES) - link_libraries(crypt32) - endif() -endif()
--- a/OrthancFramework/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake Tue Jun 22 07:09:34 2021 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,308 +0,0 @@ -# Orthanc - A Lightweight, RESTful DICOM Store -# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics -# Department, University Hospital of Liege, Belgium -# Copyright (C) 2017-2021 Osimis S.A., Belgium -# -# This program is free software: you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public License -# as published by the Free Software Foundation, either version 3 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program. If not, see -# <http://www.gnu.org/licenses/>. - - -SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.1.1k) -SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-1.1.1k.tar.gz") -SET(OPENSSL_MD5 "c4e7d95f782b08116afa27b30393dd27") - -if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}") - set(FirstRun OFF) -else() - set(FirstRun ON) -endif() - -DownloadPackage(${OPENSSL_MD5} ${OPENSSL_URL} "${OPENSSL_SOURCES_DIR}") - -if (FirstRun) - file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/buildinf.h " -#define DATE \"\" -#define PLATFORM \"\" -#define compiler_flags \"\" -") - file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/bn_conf.h "") - file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/dso_conf.h "") - - configure_file( - ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-1.1.1-conf.h.in - ${OPENSSL_SOURCES_DIR}/include/openssl/opensslconf.h - ) - - # Apply the patches - execute_process( - COMMAND ${PATCH_EXECUTABLE} -p0 -N -i - ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-1.1.1k.patch - WORKING_DIRECTORY ${CMAKE_BINARY_DIR} - RESULT_VARIABLE Failure - ) - - if (Failure) - message(FATAL_ERROR "Error while patching a file") - endif() - - file(RENAME - ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2.h - ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2_source.h) - - # The following patch of "e_os2.h" prevents from building OpenSSL - # as a DLL under Windows. Otherwise, symbols have inconsistent - # linkage if ${OPENSSL_SOURCES} is used to create a DLL (notably - # if building an Orthanc plugin such as PostgreSQL or MySQL). - file(WRITE ${OPENSSL_SOURCES_DIR}/include/openssl/e_os2.h " -#include \"e_os2_source.h\" -#if defined(_WIN32) -# undef OPENSSL_EXPORT -# undef OPENSSL_IMPORT -# undef OPENSSL_EXTERN -# undef OPENSSL_GLOBAL -# define OPENSSL_EXPORT -# define OPENSSL_IMPORT -# define OPENSSL_EXTERN extern -# define OPENSSL_GLOBAL -#endif -") - -else() - message("The patches for OpenSSL have already been applied") -endif() - -add_definitions( - -DOPENSSL_THREADS - -DOPENSSL_IA32_SSE2 - -DOPENSSL_NO_ASM - -DOPENSSL_NO_DYNAMIC_ENGINE - -DOPENSSL_NO_DEVCRYPTOENG - - -DOPENSSL_NO_BF - -DOPENSSL_NO_CAMELLIA - -DOPENSSL_NO_CAST - -DOPENSSL_NO_EC_NISTP_64_GCC_128 - -DOPENSSL_NO_GMP - -DOPENSSL_NO_GOST - -DOPENSSL_NO_HW - -DOPENSSL_NO_JPAKE - -DOPENSSL_NO_IDEA - -DOPENSSL_NO_KRB5 - -DOPENSSL_NO_MD2 - -DOPENSSL_NO_MDC2 - #-DOPENSSL_NO_MD4 # MD4 is necessary for MariaDB/MySQL client - -DOPENSSL_NO_RC2 - -DOPENSSL_NO_RC4 - -DOPENSSL_NO_RC5 - -DOPENSSL_NO_RFC3779 - -DOPENSSL_NO_SCTP - -DOPENSSL_NO_STORE - -DOPENSSL_NO_SEED - -DOPENSSL_NO_WHIRLPOOL - -DOPENSSL_NO_RIPEMD - -DOPENSSL_NO_AFALGENG - - -DOPENSSLDIR="/usr/local/ssl" - ) - - -include_directories( - ${OPENSSL_SOURCES_DIR} - ${OPENSSL_SOURCES_DIR}/crypto - ${OPENSSL_SOURCES_DIR}/crypto/asn1 - ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 - ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 - ${OPENSSL_SOURCES_DIR}/crypto/evp - ${OPENSSL_SOURCES_DIR}/crypto/include - ${OPENSSL_SOURCES_DIR}/crypto/modes - ${OPENSSL_SOURCES_DIR}/include - ) - - -set(OPENSSL_SOURCES_SUBDIRS - ${OPENSSL_SOURCES_DIR}/crypto - ${OPENSSL_SOURCES_DIR}/crypto/aes - ${OPENSSL_SOURCES_DIR}/crypto/aria - ${OPENSSL_SOURCES_DIR}/crypto/asn1 - ${OPENSSL_SOURCES_DIR}/crypto/async - ${OPENSSL_SOURCES_DIR}/crypto/async/arch - ${OPENSSL_SOURCES_DIR}/crypto/bio - ${OPENSSL_SOURCES_DIR}/crypto/blake2 - ${OPENSSL_SOURCES_DIR}/crypto/bn - ${OPENSSL_SOURCES_DIR}/crypto/buffer - ${OPENSSL_SOURCES_DIR}/crypto/chacha - ${OPENSSL_SOURCES_DIR}/crypto/cmac - ${OPENSSL_SOURCES_DIR}/crypto/cms - ${OPENSSL_SOURCES_DIR}/crypto/comp - ${OPENSSL_SOURCES_DIR}/crypto/conf - ${OPENSSL_SOURCES_DIR}/crypto/ct - ${OPENSSL_SOURCES_DIR}/crypto/des - ${OPENSSL_SOURCES_DIR}/crypto/dh - ${OPENSSL_SOURCES_DIR}/crypto/dsa - ${OPENSSL_SOURCES_DIR}/crypto/dso - ${OPENSSL_SOURCES_DIR}/crypto/ec - ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 - ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 - ${OPENSSL_SOURCES_DIR}/crypto/err - ${OPENSSL_SOURCES_DIR}/crypto/evp - ${OPENSSL_SOURCES_DIR}/crypto/hmac - ${OPENSSL_SOURCES_DIR}/crypto/kdf - ${OPENSSL_SOURCES_DIR}/crypto/lhash - ${OPENSSL_SOURCES_DIR}/crypto/md4 - ${OPENSSL_SOURCES_DIR}/crypto/md5 - ${OPENSSL_SOURCES_DIR}/crypto/modes - ${OPENSSL_SOURCES_DIR}/crypto/objects - ${OPENSSL_SOURCES_DIR}/crypto/ocsp - ${OPENSSL_SOURCES_DIR}/crypto/pem - ${OPENSSL_SOURCES_DIR}/crypto/pkcs12 - ${OPENSSL_SOURCES_DIR}/crypto/pkcs7 - ${OPENSSL_SOURCES_DIR}/crypto/poly1305 - ${OPENSSL_SOURCES_DIR}/crypto/pqueue - ${OPENSSL_SOURCES_DIR}/crypto/rand - ${OPENSSL_SOURCES_DIR}/crypto/ripemd - ${OPENSSL_SOURCES_DIR}/crypto/rsa - ${OPENSSL_SOURCES_DIR}/crypto/sha - ${OPENSSL_SOURCES_DIR}/crypto/siphash - ${OPENSSL_SOURCES_DIR}/crypto/sm2 - ${OPENSSL_SOURCES_DIR}/crypto/sm3 - ${OPENSSL_SOURCES_DIR}/crypto/sm4 - ${OPENSSL_SOURCES_DIR}/crypto/srp - ${OPENSSL_SOURCES_DIR}/crypto/stack - ${OPENSSL_SOURCES_DIR}/crypto/store - ${OPENSSL_SOURCES_DIR}/crypto/ts - ${OPENSSL_SOURCES_DIR}/crypto/txt_db - ${OPENSSL_SOURCES_DIR}/crypto/ui - ${OPENSSL_SOURCES_DIR}/crypto/x509 - ${OPENSSL_SOURCES_DIR}/crypto/x509v3 - ${OPENSSL_SOURCES_DIR}/ssl - ${OPENSSL_SOURCES_DIR}/ssl/record - ${OPENSSL_SOURCES_DIR}/ssl/statem - ) - -if (ENABLE_OPENSSL_ENGINES) - add_definitions( - #-DENGINESDIR="/usr/local/lib/engines-1.1" # On GNU/Linux - -DENGINESDIR="." - ) - - list(APPEND OPENSSL_SOURCES_SUBDIRS - ${OPENSSL_SOURCES_DIR}/engines - ${OPENSSL_SOURCES_DIR}/crypto/engine - ) -else() - add_definitions(-DOPENSSL_NO_ENGINE) -endif() - -list(APPEND OPENSSL_SOURCES_SUBDIRS - # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting - # HTTPS servers that use TLS certificate encrypted with ECDSA - # (check the output of a recent version of the "sslscan" - # command). Until Orthanc <= 1.4.1, these features were only - # enabled if ENABLE_PKCS11 support was set to "ON". - # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ - ${OPENSSL_SOURCES_DIR}/crypto/ec - ${OPENSSL_SOURCES_DIR}/crypto/ecdh - ${OPENSSL_SOURCES_DIR}/crypto/ecdsa - ) - -foreach(d ${OPENSSL_SOURCES_SUBDIRS}) - AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES) -endforeach() - -list(REMOVE_ITEM OPENSSL_SOURCES - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_nyi.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_unix.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_vms.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win32.c - ${OPENSSL_SOURCES_DIR}/crypto/LPdir_wince.c - ${OPENSSL_SOURCES_DIR}/crypto/aes/aes_x86core.c - ${OPENSSL_SOURCES_DIR}/crypto/armcap.c - ${OPENSSL_SOURCES_DIR}/crypto/bio/bss_dgram.c - ${OPENSSL_SOURCES_DIR}/crypto/des/ncbc_enc.c - ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c - ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c - ${OPENSSL_SOURCES_DIR}/crypto/engine/eng_devcrypto.c - ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c # Cannot be compiled with MinGW - ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_ieee754.c # Cannot be compiled with MinGW - ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c - ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c - ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c - ${OPENSSL_SOURCES_DIR}/engines/e_afalg.c # Cannot be compiled with MinGW - ) - -# Check out "${OPENSSL_SOURCES_DIR}/Configurations/README": "This is -# default if no option is specified, it works on any supported -# system." It is mandatory to define it as a macro, as it is used by -# all the source files that include OpenSSL (e.g. "Core/Toolbox.cpp" -# or curl) -add_definitions(-DTHIRTY_TWO_BIT) - - -if (NOT CMAKE_COMPILER_IS_GNUCXX OR - "${CMAKE_SYSTEM_NAME}" STREQUAL "Windows" OR - "${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") - # Disable the use of a gcc extension, that is neither available on - # MinGW, nor on LSB - add_definitions( - -DOPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE - ) -endif() - - -if ("${CMAKE_SYSTEM_NAME}" STREQUAL "Windows") - set(OPENSSL_DEFINITIONS - "${OPENSSL_DEFINITIONS};OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN;NO_WINDOWS_BRAINDEATH") - - if (ENABLE_OPENSSL_ENGINES) - link_libraries(crypt32) - endif() - - add_definitions( - -DOPENSSL_RAND_SEED_OS # ${OPENSSL_SOURCES_DIR}/crypto/rand/rand_win.c - ) - -elseif ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") - add_definitions( - # In order for "crypto/mem_sec.c" to compile on LSB - -DOPENSSL_NO_SECURE_MEMORY - - # The "OPENSSL_RAND_SEED_OS" value implies a syscall() to - # "__NR_getrandom" (i.e. system call "getentropy(2)") in - # "rand_unix.c", which is not available in LSB. - -DOPENSSL_RAND_SEED_DEVRANDOM - - # If "OPENSSL_NO_ERR" is not defined, the PostgreSQL plugin - # crashes with segmentation fault in function - # "build_SYS_str_reasons()", that is called from - # "OPENSSL_init_ssl()" - # https://bugs.orthanc-server.com/show_bug.cgi?id=193 - -DOPENSSL_NO_ERR - ) - -else() - # Fixes error "OpenSSL error: error:2406C06E:random number - # generator:RAND_DRBG_instantiate:error retrieving entropy" that was - # present in Orthanc 1.6.0, if statically linking on Ubuntu 18.04 - add_definitions( - -DOPENSSL_RAND_SEED_OS - ) -endif() - - -set_source_files_properties( - ${OPENSSL_SOURCES} - PROPERTIES COMPILE_DEFINITIONS - "${OPENSSL_DEFINITIONS};DSO_NONE" - )
--- a/OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake Tue Jun 22 07:09:34 2021 +0200 +++ b/OrthancFramework/Resources/CMake/OrthancFrameworkParameters.cmake Tue Jun 22 07:17:43 2021 +0200 @@ -93,7 +93,7 @@ set(MSVC_MULTIPLE_PROCESSES OFF CACHE BOOL "Add the /MP option to build with multiple processes if using Visual Studio") set(EMSCRIPTEN_TARGET_MODE "wasm" CACHE STRING "Sets the target mode for Emscripten (can be \"wasm\" or \"asm.js\")") set(EMSCRIPTEN_TRAP_MODE "" CACHE STRING "Sets the trap mode for Emscripten for numeric errors (can notably be empty, or \"clamp\")") -set(OPENSSL_STATIC_VERSION "3.0" CACHE STRING "Version of OpenSSL to be used in static builds (can be \"1.0.2\", \"1.1.1\", or \"3.0\")") +set(OPENSSL_STATIC_VERSION "3.0" CACHE STRING "Version of OpenSSL to be used in static builds (can be \"3.0\")") set(CIVETWEB_OPENSSL_API "1.1" CACHE STRING "Version of the OpenSSL API to be used in civetweb in static builds (can be \"1.0\" or \"1.1\"") set(ORTHANC_LUA_VERSION "" CACHE STRING "Force the version of Lua to be used by Orthanc (for instance \"5.3\"), if empty, this will be autodetected")
--- a/OrthancFramework/Resources/Patches/openssl-1.1.1-conf.h.in Tue Jun 22 07:09:34 2021 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,126 +0,0 @@ -/* - * {- join("\n * ", @autowarntext) -} - * - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <openssl/opensslv.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef OPENSSL_ALGORITHM_DEFINES -# error OPENSSL_ALGORITHM_DEFINES no longer supported -#endif - -/* - * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers - * don't like that. This will hopefully silence them. - */ -#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; - -/* - * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the - * declarations of functions deprecated in or before <version>. Otherwise, they - * still won't see them if the library has been built to disable deprecated - * functions. - */ -#ifndef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f; -# ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# elif defined(__SUNPRO_C) -# if (__SUNPRO_C >= 0x5130) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -# endif -# endif -#endif - -#ifndef OPENSSL_FILE -# ifdef OPENSSL_NO_FILENAMES -# define OPENSSL_FILE "" -# define OPENSSL_LINE 0 -# else -# define OPENSSL_FILE __FILE__ -# define OPENSSL_LINE __LINE__ -# endif -#endif - -#ifndef OPENSSL_MIN_API -# define OPENSSL_MIN_API 0 -#endif - -#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API -# undef OPENSSL_API_COMPAT -# define OPENSSL_API_COMPAT OPENSSL_MIN_API -#endif - -/* - * Do not deprecate things to be deprecated in version 1.2.0 before the - * OpenSSL version number matches. - */ -#if OPENSSL_VERSION_NUMBER < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) f; -#elif OPENSSL_API_COMPAT < 0x10200000L -# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_2_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10100000L -# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_1_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x10000000L -# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_1_0_0(f) -#endif - -#if OPENSSL_API_COMPAT < 0x00908000L -# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) -#else -# define DEPRECATEDIN_0_9_8(f) -#endif - - -#define OPENSSL_UNISTD <unistd.h> - -#if 0 -/* Generate 80386 code? */ -{- ${processor} eq "386" ? "#define" : "#undef" -} I386_ONLY - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD {- ${unistd} -} - -{- ${export_var_as_fn} ? "#define" : "#undef" -} OPENSSL_EXPORT_VAR_AS_FUNCTION - -/* - * The following are cipher-specific, but are part of the public API. - */ -#if !defined(OPENSSL_SYS_UEFI) -{- ${bn_ll} ? "# define" : "# undef" -} BN_LLONG -/* Only one for the following should be defined */ -{- ${b64l} ? "# define" : "# undef" -} SIXTY_FOUR_BIT_LONG -{- ${b64} ? "# define" : "# undef" -} SIXTY_FOUR_BIT -{- ${b32} ? "# define" : "# undef" -} THIRTY_TWO_BIT -#endif - -#define RC4_INT {- ${rc4_int} -} -#endif - -#ifdef __cplusplus -} -#endif
--- a/OrthancFramework/Resources/Patches/openssl-1.1.1k.patch Tue Jun 22 07:09:34 2021 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,19 +0,0 @@ -diff -urEb openssl-1.1.1k.orig/crypto/rand/rand_unix.c openssl-1.1.1k/crypto/rand/rand_unix.c ---- openssl-1.1.1k.orig/crypto/rand/rand_unix.c 2021-04-21 11:33:05.241258372 +0200 -+++ openssl-1.1.1k/crypto/rand/rand_unix.c 2021-04-21 11:34:48.705287133 +0200 -@@ -455,6 +455,7 @@ - * system call and this should always succeed which renders - * this alternative but essentially identical source moot. - */ -+#if !defined(__LSB_VERSION__) // "syscall()" is not available in LSB - if (uname(&un) == 0) { - kernel[0] = atoi(un.release); - p = strchr(un.release, '.'); -@@ -465,6 +466,7 @@ - return 0; - } - } -+#endif - /* Open /dev/random and wait for it to be readable */ - if ((fd = open(DEVRANDOM_WAIT, O_RDONLY)) != -1) { - if (DEVRANDM_WAIT_USE_SELECT && fd < FD_SETSIZE) {
--- a/OrthancServer/UnitTestsSources/VersionsTests.cpp Tue Jun 22 07:09:34 2021 +0200 +++ b/OrthancServer/UnitTestsSources/VersionsTests.cpp Tue Jun 22 07:17:43 2021 +0200 @@ -177,9 +177,7 @@ #if ORTHANC_ENABLE_SSL == 1 TEST(Version, OpenSslStatic) { - ASSERT_TRUE(OPENSSL_VERSION_NUMBER == 0x1000210fL /* openssl-1.0.2p */ || - OPENSSL_VERSION_NUMBER == 0x101010bfL /* openssl-1.1.1k */ || - OPENSSL_VERSION_NUMBER == 0x3000000fL /* openssl-3.0.0 */); + ASSERT_EQ(0x3000000fL /* openssl-3.0.0 */, OPENSSL_VERSION_NUMBER); } #endif