changeset 3723:cc6d4edfe8fe

fix pkcs11 compilation
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 05 Mar 2020 21:13:37 +0100
parents a49d49d945c9
children f29a75a3190a
files CMakeLists.txt Core/Pkcs11.cpp Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake Resources/Patches/libp11-0.4.0.patch
diffstat 4 files changed, 54 insertions(+), 26 deletions(-) [+]
line wrap: on
line diff
--- a/CMakeLists.txt	Thu Mar 05 19:48:19 2020 +0100
+++ b/CMakeLists.txt	Thu Mar 05 21:13:37 2020 +0100
@@ -17,7 +17,7 @@
 set(ENABLE_JPEG ON)
 set(ENABLE_LOCALE ON)
 set(ENABLE_LUA ON)
-set(ENABLE_OPENSSL_ENGINES ON)
+set(ENABLE_OPENSSL_ENGINES ON)  # OpenSSL engines are necessary for PKCS11
 set(ENABLE_PNG ON)
 set(ENABLE_PUGIXML ON)
 set(ENABLE_SQLITE ON)
--- a/Core/Pkcs11.cpp	Thu Mar 05 19:48:19 2020 +0100
+++ b/Core/Pkcs11.cpp	Thu Mar 05 21:13:37 2020 +0100
@@ -213,10 +213,11 @@
           !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) ||
 
           !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) ||
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
           !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) ||
           !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) ||
-
-#if OPENSSL_VERSION_NUMBER  >= 0x10100002L
+#else
           !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) ||
 #endif
 
--- a/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake	Thu Mar 05 19:48:19 2020 +0100
+++ b/Resources/CMake/OpenSslConfigurationStatic-1.1.1.cmake	Thu Mar 05 21:13:37 2020 +0100
@@ -46,6 +46,7 @@
   -DOPENSSL_IA32_SSE2
   -DOPENSSL_NO_ASM
   -DOPENSSL_NO_DYNAMIC_ENGINE
+  -DOPENSSL_NO_DEVCRYPTOENG
 
   -DOPENSSL_NO_BF 
   -DOPENSSL_NO_CAMELLIA
@@ -69,6 +70,7 @@
   -DOPENSSL_NO_SEED
   -DOPENSSL_NO_WHIRLPOOL
   -DOPENSSL_NO_RIPEMD
+  -DOPENSSL_NO_AFALGENG
 
   -DOPENSSLDIR="/usr/local/ssl"
   )
@@ -148,19 +150,15 @@
   )
 
 if (ENABLE_OPENSSL_ENGINES)
-  # Engines support is not done yet, as Orthanc only needs it for
-  # OpenSSL < 1.1.0
-  
-  #add_definitions(
-  #  -DENGINESDIR="/usr/local/lib/engines-1.1"
-  #  )
+  add_definitions(
+    #-DENGINESDIR="/usr/local/lib/engines-1.1"  # On GNU/Linux
+    -DENGINESDIR="."
+    )
 
-  #list(APPEND OPENSSL_SOURCES_SUBDIRS
-  #  ${OPENSSL_SOURCES_DIR}/engines
-  #  ${OPENSSL_SOURCES_DIR}/crypto/engine
-  #  )
-
-  add_definitions(-DOPENSSL_NO_ENGINE)
+  list(APPEND OPENSSL_SOURCES_SUBDIRS
+    ${OPENSSL_SOURCES_DIR}/engines
+    ${OPENSSL_SOURCES_DIR}/crypto/engine
+    )
 else()
   add_definitions(-DOPENSSL_NO_ENGINE)
 endif()
@@ -198,11 +196,12 @@
   ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c
   ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c
   ${OPENSSL_SOURCES_DIR}/crypto/engine/eng_devcrypto.c
+  ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c  # Cannot be compiled with MinGW
+  ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_ieee754.c  # Cannot be compiled with MinGW
   ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c
   ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c
   ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c
-  ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c  # Cannot be compiled with MinGW
-  ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_ieee754.c  # Cannot be compiled with MinGW
+  ${OPENSSL_SOURCES_DIR}/engines/e_afalg.c  # Cannot be compiled with MinGW
   )
 
 # Check out "${OPENSSL_SOURCES_DIR}/Configurations/README": "This is
@@ -216,9 +215,9 @@
   set(OPENSSL_DEFINITIONS
     "${OPENSSL_DEFINITIONS};OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN;NO_WINDOWS_BRAINDEATH")
   
-  #if (ENABLE_OPENSSL_ENGINES)
-  #  link_libraries(crypt32)
-  #endif()
+  if (ENABLE_OPENSSL_ENGINES)
+    link_libraries(crypt32)
+  endif()
 
   add_definitions(
     -DOPENSSL_RAND_SEED_OS  # ${OPENSSL_SOURCES_DIR}/crypto/rand/rand_win.c
--- a/Resources/Patches/libp11-0.4.0.patch	Thu Mar 05 19:48:19 2020 +0100
+++ b/Resources/Patches/libp11-0.4.0.patch	Thu Mar 05 21:13:37 2020 +0100
@@ -1,6 +1,6 @@
 diff -urEb libp11-0.4.0.orig/src/atfork.c libp11-0.4.0/src/atfork.c
---- libp11-0.4.0.orig/src/atfork.c	2016-06-20 13:38:43.845575107 +0200
-+++ libp11-0.4.0/src/atfork.c	2016-06-20 13:46:52.969575591 +0200
+--- libp11-0.4.0.orig/src/atfork.c	2020-03-05 20:48:55.447852662 +0100
++++ libp11-0.4.0/src/atfork.c	2020-03-05 20:49:05.983770656 +0100
 @@ -25,7 +25,7 @@
  #include <sys/stat.h>
  #include <sys/types.h>
@@ -11,8 +11,8 @@
  #ifdef __sun
  # pragma fini(lib_deinit)
 diff -urEb libp11-0.4.0.orig/src/engine.h libp11-0.4.0/src/engine.h
---- libp11-0.4.0.orig/src/engine.h	2016-06-20 13:38:43.845575107 +0200
-+++ libp11-0.4.0/src/engine.h	2016-06-20 13:46:27.421575566 +0200
+--- libp11-0.4.0.orig/src/engine.h	2020-03-05 20:48:55.447852662 +0100
++++ libp11-0.4.0/src/engine.h	2020-03-05 20:49:05.983770656 +0100
 @@ -29,7 +29,7 @@
  #define _ENGINE_PKCS11_H
  
@@ -23,8 +23,8 @@
  
  #include "libp11.h"
 diff -urEb libp11-0.4.0.orig/src/libp11-int.h libp11-0.4.0/src/libp11-int.h
---- libp11-0.4.0.orig/src/libp11-int.h	2016-06-20 13:38:43.845575107 +0200
-+++ libp11-0.4.0/src/libp11-int.h	2016-06-20 13:46:27.421575566 +0200
+--- libp11-0.4.0.orig/src/libp11-int.h	2020-03-05 20:48:55.447852662 +0100
++++ libp11-0.4.0/src/libp11-int.h	2020-03-05 20:49:05.983770656 +0100
 @@ -20,7 +20,7 @@
  #define _LIBP11_INT_H
  
@@ -34,3 +34,31 @@
  #endif
  
  #include "libp11.h"
+diff -urEb libp11-0.4.0.orig/src/p11_key.c libp11-0.4.0/src/p11_key.c
+--- libp11-0.4.0.orig/src/p11_key.c	2020-03-05 20:48:55.447852662 +0100
++++ libp11-0.4.0/src/p11_key.c	2020-03-05 20:49:24.959625180 +0100
+@@ -21,6 +21,10 @@
+ #include <string.h>
+ #include <openssl/bn.h>
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.0.2
++#  include <crypto/rsa/rsa_locl.h>
++#endif
++
+ #ifdef _WIN32
+ #define strncasecmp strnicmp
+ #endif
+diff -urEb libp11-0.4.0.orig/src/p11_rsa.c libp11-0.4.0/src/p11_rsa.c
+--- libp11-0.4.0.orig/src/p11_rsa.c	2020-03-05 20:48:55.447852662 +0100
++++ libp11-0.4.0/src/p11_rsa.c	2020-03-05 20:49:20.095662204 +0100
+@@ -27,6 +27,10 @@
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.0.2
++#  include <crypto/rsa/rsa_locl.h>
++#endif
++
+ static int rsa_ex_index = 0;
+ 
+ #if OPENSSL_VERSION_NUMBER < 0x10100003L