Skip to content

Commit

Permalink
Update OpenSSL 3.0.10 (#549)
Browse files Browse the repository at this point in the history
IB-7803

Signed-off-by: Raul Metsma <[email protected]>
  • Loading branch information
metsma authored Aug 28, 2023
1 parent 8d16924 commit c9d4ca7
Show file tree
Hide file tree
Showing 8 changed files with 30 additions and 13 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ jobs:
- name: Prepare vcpkg X64
uses: lukka/run-vcpkg@v11
with:
vcpkgGitCommitId: 5787cfa699a75805ef41938ec66bc7492714d290
vcpkgGitCommitId: 2f6176ce98fee807a207dc9e8fec213f111c291b
vcpkgJsonGlob: ${{ steps.path.outputs.value }}/vcpkg.json
runVcpkgInstall: true
runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
Expand All @@ -175,7 +175,7 @@ jobs:
- name: Prepare vcpkg X86
uses: lukka/run-vcpkg@v11
with:
vcpkgGitCommitId: 5787cfa699a75805ef41938ec66bc7492714d290
vcpkgGitCommitId: 2f6176ce98fee807a207dc9e8fec213f111c291b
vcpkgJsonGlob: ${{ steps.path.outputs.value }}/vcpkg.json
runVcpkgInstall: true
runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
Expand Down
8 changes: 7 additions & 1 deletion patches/vcpkg-ports/openssl/portfile.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ vcpkg_from_github(
OUT_SOURCE_PATH SOURCE_PATH
REPO openssl/openssl
REF "openssl-${VERSION}"
SHA512 4762ce7faa0d7f43d0d4882700dcb10cd31bb025c52110fb2f1a8d3911f4ed92153db982935be6f38f45ae3f030f7edb4968e96dd5a41367ad7365c03c25edb1
SHA512 5c20269f9666eae0111252378baf196d74ae14a68b19cac49703d73fa564f7ae7aaf06209f5a3d7dc48c014ddb2e760bdf765141c14adde63edee552a8de015e
PATCHES
disable-apps.patch
disable-install-docs.patch
Expand All @@ -40,6 +40,12 @@ vcpkg_list(SET CONFIGURE_OPTIONS
no-tests
)

set(INSTALL_FIPS "")
if("fips" IN_LIST FEATURES)
vcpkg_list(APPEND INSTALL_FIPS install_fips)
vcpkg_list(APPEND CONFIGURE_OPTIONS enable-fips)
endif()

if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
vcpkg_list(APPEND CONFIGURE_OPTIONS shared)
else()
Expand Down
2 changes: 1 addition & 1 deletion patches/vcpkg-ports/openssl/unix/configure
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash

set -e

Expand Down
6 changes: 5 additions & 1 deletion patches/vcpkg-ports/openssl/vcpkg.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "openssl",
"version": "3.0.9",
"version": "3.0.10",
"description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.",
"homepage": "https://www.openssl.org",
"license": "Apache-2.0",
Expand All @@ -19,6 +19,10 @@
}
],
"features": {
"fips": {
"description": "Enable fips",
"supports": "!static"
},
"tools": {
"description": "Install openssl executable and scripts",
"supports": "!uwp"
Expand Down
7 changes: 6 additions & 1 deletion patches/vcpkg-ports/openssl/windows/portfile.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ vcpkg_build_nmake(
"LD=${ld}"
"LDFLAGS=${VCPKG_COMBINED_SHARED_LINKER_FLAGS_DEBUG}"
PROJECT_NAME "makefile"
TARGET install_dev install_modules
TARGET install_dev install_modules ${INSTALL_FIPS}
LOGFILE_ROOT install
OPTIONS
"INSTALL_PDBS=${OPENSSL_BUILD_MAKES_PDBS}" # install-pdbs.patch
Expand All @@ -89,13 +89,17 @@ set(scripts "bin/c_rehash.pl" "misc/CA.pl" "misc/tsget.pl")
if("tools" IN_LIST FEATURES)
file(MAKE_DIRECTORY "${CURRENT_PACKAGES_DIR}/tools/${PORT}")
file(RENAME "${CURRENT_PACKAGES_DIR}/openssl.cnf" "${CURRENT_PACKAGES_DIR}/tools/${PORT}/openssl.cnf")
if("fips" IN_LIST FEATURES)
file(RENAME "${CURRENT_PACKAGES_DIR}/fipsmodule.cnf" "${CURRENT_PACKAGES_DIR}/tools/${PORT}/fipsmodule.cnf")
endif()
foreach(script IN LISTS scripts)
file(COPY "${CURRENT_PACKAGES_DIR}/${script}" DESTINATION "${CURRENT_PACKAGES_DIR}/tools/${PORT}")
file(REMOVE "${CURRENT_PACKAGES_DIR}/${script}" "${CURRENT_PACKAGES_DIR}/debug/${script}")
endforeach()
vcpkg_copy_tools(TOOL_NAMES openssl AUTO_CLEAN)
else()
file(REMOVE "${CURRENT_PACKAGES_DIR}/openssl.cnf")
file(REMOVE "${CURRENT_PACKAGES_DIR}/fipsmodule.cnf")
foreach(script IN LISTS scripts)
file(REMOVE "${CURRENT_PACKAGES_DIR}/${script}" "${CURRENT_PACKAGES_DIR}/debug/${script}")
endforeach()
Expand Down Expand Up @@ -125,4 +129,5 @@ file(REMOVE
"${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
"${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
"${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
"${CURRENT_PACKAGES_DIR}/debug/fipsmodule.cnf"
)
10 changes: 6 additions & 4 deletions src/crypto/TS.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -131,20 +131,22 @@ TS::TS(const unsigned char *data, size_t size)
#ifndef OPENSSL_NO_CMS
if(d)
return;
OpenSSLException(EXCEPTION_PARAMS("ignore")); //Clear errors
ERR_clear_error();
/**
* Handle CMS based TimeStamp tokens
* https://rt.openssl.org/Ticket/Display.html?id=4519
* https://github.com/openssl/openssl/issues/993
*
* If PKCS7 wrapped TimeStamp parsing fails, try with CMS wrapping
*/
auto bio = SCOPE_PTR(BIO, BIO_new_mem_buf((void*)data, int(size)));
cms.reset(d2i_CMS_bio(bio.get(), nullptr), CMS_ContentInfo_free);
cms.reset(d2i_CMS_ContentInfo(nullptr, &data, long(size)), [](CMS_ContentInfo *contentInfo) {
CMS_ContentInfo_free(contentInfo);
ERR_clear_error();
});
if(!cms || OBJ_obj2nid(CMS_get0_eContentType(cms.get())) != NID_id_smime_ct_TSTInfo)
cms.reset();

OpenSSLException(EXCEPTION_PARAMS("ignore")); //Clear errors
ERR_clear_error();
#endif
}

Expand Down
4 changes: 2 additions & 2 deletions src/crypto/X509CertStore.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ int X509CertStore::validate(int ok, X509_STORE_CTX *ctx, const Type &type)
SCOPE(EVP_PKEY, pub, X509_get_pubkey(issuer.handle()));
if(X509_verify(x509, pub.get()) == 1)
return true;
OpenSSLException(EXCEPTION_PARAMS("ignore")); //Clear errors
ERR_clear_error();
return false;
}))
continue;
Expand Down Expand Up @@ -234,7 +234,7 @@ bool X509CertStore::verify(const X509Cert &cert, bool noqscd) const
if(noqscd)
return true;

const TSL::Validity *v = static_cast<const TSL::Validity*>(X509_STORE_CTX_get_ex_data(csc.get(), 0));
const auto *v = static_cast<const TSL::Validity*>(X509_STORE_CTX_get_ex_data(csc.get(), 0));
const vector<string> policies = cert.certificatePolicies();
const vector<string> qcstatement = cert.qcStatements();
const vector<X509Cert::KeyUsage> keyUsage = cert.keyUsage();
Expand Down
2 changes: 1 addition & 1 deletion vcpkg.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"features": {
"tests": { "description": "Build tests", "dependencies": ["boost-test"] }
},
"builtin-baseline": "5787cfa699a75805ef41938ec66bc7492714d290",
"builtin-baseline": "2f6176ce98fee807a207dc9e8fec213f111c291b",
"vcpkg-configuration": {
"overlay-triplets": ["./patches/vcpkg-triplets"],
"overlay-ports": [
Expand Down

0 comments on commit c9d4ca7

Please sign in to comment.