├── .gitlab-ci.yml ├── CMakeLists.txt ├── LICENSE ├── README.md ├── cmake ├── BuildOpenSSL.cmake ├── ByproductsOpenSSL.cmake ├── PatchOpenSSL.cmake ├── PrebuiltOpenSSL.cmake └── TargetArch.cmake ├── patches ├── .gitkeep ├── 0001-Fix-failing-cms-test-when-no-des-is-used.patch └── 0002-Fix-test_cms-if-DSA-is-not-supported.patch └── scripts ├── building_env.py ├── update_version.sh └── upload_result.sh /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/viaduck/ci 2 | 3 | stages: 4 | - build # contains build and test and deploy 5 | 6 | variables: 7 | OPENSSL_BUILD_VERSION: "3.3.3" 8 | OPENSSL_BUILD_HASH: "712590fd20aaa60ec75d778fe5b810d6b829ca7fb1e530577917a131f9105539" 9 | PREBUILT_AUTH: "$PREBUILT_USER:$PREBUILT_PASSWORD" 10 | ANDROID_PLATFORM: "android-23" 11 | 12 | linux-x86_64: 13 | script: 14 | - mkdir build-linux-x86_64 15 | - useradd -m -d /home/jdoe jdoe # OpenSSL tests must be run as unprivileged user 16 | - cd build-linux-x86_64 17 | - cmake ../ -DBUILD_OPENSSL=ON -DOPENSSL_BUILD_VERSION=$OPENSSL_BUILD_VERSION -DOPENSSL_BUILD_HASH=$OPENSSL_BUILD_HASH -DOPENSSL_INSTALL_MAN=ON -DOPENSSL_ENABLE_TESTS=ON 18 | - chmod -R 777 . # jdoe must be able to write to build directory 19 | - su -l jdoe -c "cd `pwd` && make" # build and test as unprivileged 20 | - DESTDIR=. make install 21 | - ../scripts/upload_result.sh x86_64-linux usr 22 | stage: build 23 | 24 | windows-x86: 25 | image: viaduck/ci:mingw 26 | script: 27 | - mkdir build-windows-x86 28 | - cd build-windows-x86 29 | - cmake ../ -DBUILD_OPENSSL=ON -DOPENSSL_BUILD_VERSION=$OPENSSL_BUILD_VERSION -DOPENSSL_BUILD_HASH=$OPENSSL_BUILD_HASH -DOPENSSL_INSTALL_MAN=ON -DCROSS=ON -DCROSS_PREFIX=i686-w64-mingw32- -DCROSS_TARGET=mingw 30 | - make 31 | - DESTDIR=. make install 32 | - ../scripts/upload_result.sh i686-w64-mingw32 usr 33 | stage: build 34 | 35 | windows-x86_64: 36 | image: viaduck/ci:mingw 37 | script: 38 | - mkdir build-windows-x86_64 39 | - cd build-windows-x86_64 40 | - cmake ../ -DBUILD_OPENSSL=ON -DOPENSSL_BUILD_VERSION=$OPENSSL_BUILD_VERSION -DOPENSSL_BUILD_HASH=$OPENSSL_BUILD_HASH -DOPENSSL_INSTALL_MAN=ON -DCROSS=ON -DCROSS_PREFIX=x86_64-w64-mingw32- -DCROSS_TARGET=mingw64 41 | - make 42 | - DESTDIR=. make install 43 | - ../scripts/upload_result.sh x86_64-w64-mingw32 usr 44 | stage: build 45 | 46 | android-arm64-v8a: 47 | image: viaduck/ci:android 48 | script: 49 | - mkdir build-android-arm64-v8a 50 | - cd build-android-arm64-v8a 51 | - cmake ../ -DBUILD_OPENSSL=ON -DOPENSSL_BUILD_VERSION=$OPENSSL_BUILD_VERSION -DOPENSSL_BUILD_HASH=$OPENSSL_BUILD_HASH -DCROSS_ANDROID=ON -DANDROID_PLATFORM=$ANDROID_PLATFORM -DANDROID_ABI=arm64-v8a -DANDROID_TOOLCHAIN=clang -DANDROID_NDK=$ANDROID_NDK -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK/build/cmake/android.toolchain.cmake 52 | - make 53 | - DESTDIR=. make install 54 | - ../scripts/upload_result.sh arm64-v8a-android usr 55 | stage: build 56 | 57 | android-armeabi-v7a: 58 | image: viaduck/ci:android 59 | script: 60 | - mkdir build-android-armeabi-v7a 61 | - cd build-android-armeabi-v7a 62 | - cmake ../ -DBUILD_OPENSSL=ON -DOPENSSL_BUILD_VERSION=$OPENSSL_BUILD_VERSION -DOPENSSL_BUILD_HASH=$OPENSSL_BUILD_HASH -DCROSS_ANDROID=ON -DANDROID_PLATFORM=$ANDROID_PLATFORM -DANDROID_ABI=armeabi-v7a -DANDROID_ARM_MODE=arm -DANDROID_TOOLCHAIN=clang -DANDROID_NDK=$ANDROID_NDK -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK/build/cmake/android.toolchain.cmake 63 | - make 64 | - DESTDIR=. make install 65 | - ../scripts/upload_result.sh armeabi-v7a-android usr 66 | stage: build 67 | 68 | android-x86_64: 69 | image: viaduck/ci:android 70 | script: 71 | - mkdir build-android-x86_64 72 | - cd build-android-x86_64 73 | - cmake ../ -DBUILD_OPENSSL=ON -DOPENSSL_BUILD_VERSION=$OPENSSL_BUILD_VERSION -DOPENSSL_BUILD_HASH=$OPENSSL_BUILD_HASH -DCROSS_ANDROID=ON -DANDROID_PLATFORM=$ANDROID_PLATFORM -DANDROID_ABI=x86_64 -DANDROID_TOOLCHAIN=clang -DANDROID_NDK=$ANDROID_NDK -DCMAKE_TOOLCHAIN_FILE=$ANDROID_NDK/build/cmake/android.toolchain.cmake 74 | - make 75 | - DESTDIR=. make install 76 | - ../scripts/upload_result.sh x86_64-android usr 77 | stage: build 78 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # MIT License 2 | # 3 | # Copyright (c) 2015-2023 The ViaDuck Project 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | # 23 | 24 | cmake_minimum_required(VERSION 3.12...3.27) 25 | project(openssl-cmake) 26 | 27 | set(BUILD_OPENSSL OFF CACHE BOOL "Automated OpenSSL building") 28 | set(OPENSSL_BUILD_VERSION OFF CACHE STRING "OpenSSL version to build") 29 | set(OPENSSL_USE_STATIC_LIBS OFF CACHE STRING "OpenSSL static libs are preferred over shared libs") 30 | set(OPENSSL_INSTALL_MAN OFF CACHE STRING "Install man pages?") 31 | set(OPENSSL_MODULES "no-cast no-md2 no-md4 no-mdc2 no-rc4 no-rc5 no-engine no-idea no-mdc2 no-rc5 no-camellia no-ssl3 no-heartbeats no-gost no-deprecated no-capieng no-comp no-dtls no-psk no-srp no-dso no-dsa no-rc2 no-des" CACHE STRING "OpenSSL configure options") 32 | set(OPENSSL_RPATH "" CACHE STRING "RPath to set during build") 33 | set(CROSS_ANDROID OFF CACHE BOOL "Cross-compiling for Android?") 34 | set(CROSS OFF CACHE BOOL "Cross-compiling?") 35 | set(CROSS_TARGET OFF CACHE STRING "Cross-compilation target") 36 | set(SYSTEM_OPENSSL OFF CACHE STRING "Use system-provided openssl libraries (instead of prebuilts or building)") 37 | 38 | # allow including our modules 39 | list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/cmake") 40 | 41 | # mimic system ssl and crypto targets 42 | add_library(ssl INTERFACE) 43 | add_library(crypto INTERFACE) 44 | 45 | if (SYSTEM_OPENSSL) 46 | # use system provided openssl 47 | find_package(OpenSSL REQUIRED) 48 | 49 | # link fake targets 50 | target_link_libraries(ssl INTERFACE OpenSSL::SSL) 51 | target_link_libraries(crypto INTERFACE OpenSSL::Crypto) 52 | add_custom_target(openssl) 53 | else() 54 | # build our own or use prebuilts 55 | 56 | # set up prefix 57 | if (BUILD_OPENSSL) 58 | set(OPENSSL_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/openssl-build/) 59 | else() 60 | set(OPENSSL_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/openssl-prefix/src/openssl) 61 | endif() 62 | 63 | # predict byproduct names and include directory 64 | include(ByproductsOpenSSL) 65 | GetOpenSSLByproducts(${OPENSSL_PREFIX} OPENSSL_BYPRODUCTS OPENSSL_INCLUDE_DIR) 66 | 67 | # set up openssl target 68 | if (BUILD_OPENSSL) 69 | include(BuildOpenSSL) 70 | else() 71 | include(PrebuiltOpenSSL) 72 | endif() 73 | 74 | # add imported targets to common target 75 | add_dependencies(ssl_static_lib openssl) 76 | add_dependencies(ssl_shared_lib openssl) 77 | add_dependencies(crypto_static_lib openssl) 78 | add_dependencies(crypto_shared_lib openssl) 79 | 80 | if (OPENSSL_USE_STATIC_LIBS) 81 | target_link_libraries(ssl INTERFACE ssl_static_lib) 82 | target_link_libraries(crypto INTERFACE crypto_static_lib) 83 | else() 84 | target_link_libraries(ssl INTERFACE ssl_shared_lib) 85 | target_link_libraries(crypto INTERFACE crypto_shared_lib) 86 | endif() 87 | 88 | # set include locations 89 | target_include_directories(ssl BEFORE INTERFACE $) 90 | target_include_directories(crypto BEFORE INTERFACE $) 91 | 92 | install(DIRECTORY ${OPENSSL_PREFIX}/usr/local/bin/ TYPE BIN) 93 | install(DIRECTORY ${OPENSSL_PREFIX}/usr/local/include/ TYPE INCLUDE) 94 | install(DIRECTORY ${OPENSSL_PREFIX}/usr/local/lib/ TYPE LIB) 95 | if (OPENSSL_INSTALL_MAN) 96 | install(DIRECTORY ${OPENSSL_PREFIX}/usr/local/share/ TYPE DATA) 97 | endif() 98 | endif() 99 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2015-2018 The ViaDuck Project 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenSSL-CMake 2 | CMake script supplying `OpenSSL` libraries conveniently, encapsulating the 3 | `OpenSSL` build system on various platforms. 4 | 5 | ## Features 6 | * Allows usage of system OpenSSL 7 | * Allows trivial and complex building of OpenSSL 8 | * Allows cross compilation, especially for Android 9 | * Defaults to prebuilt binaries 10 | 11 | ## System OpenSSL 12 | To use the system OpenSSL, simply set `SYSTEM_OPENSSL=ON`. 13 | 14 | ## Prebuilt OpenSSL 15 | Default behaviour is the download of a prebuilt binary. This is only intended 16 | as a convenience for debugging purposes and NOT for production use. 17 | Available prebuilt binaries can be viewed [here](https://builds.viaduck.org/prebuilts/openssl/). 18 | 19 | ## Build OpenSSL 20 | In order to build `OpenSSL`, set `BUILD_OPENSSL=ON` along with the version 21 | name, for example `OPENSSL_BUILD_VERSION=3.1.5`. 22 | View available versions [here](https://mirror.viaduck.org/openssl/). 23 | 24 | ### General Cross Compile 25 | Cross compilation is enabled using `CROSS=ON` and the target is specified using 26 | `CROSS_TARGET=mingw` along with the optional `CROSS_PREFIX=mingw32-`. 27 | 28 | ### Android Cross Compile 29 | Android requires a special `CROSS_ANDROID=ON`. Using `OpenSSL-CMake` from 30 | Gradle's native build does not require additional settings. Otherwise, it is 31 | required to set the general NDK variables `ANDROID_NDK_ROOT`, `ANDROID_EABI`, 32 | `ANDROID_ARCH`, `ANDROID_API`, `ANDROID_MACHINE`. 33 | Cross compile was tested with NDK r18b, r19c and r20. 34 | 35 | ## Usage 36 | 1. Add `OpenSSL-CMake` as a submodule to your Git project using `git submodule 37 | add external/openssl-cmake` 38 | 2. Initialize the submodule using `git submodule update --init` 39 | 3. In your `CMakeLists.txt` include the directory using 40 | `add_subdirectory(external/openssl-cmake)` 41 | 4. Link against `ssl` and `crypto` targets, which will also include the headers 42 | 43 | ## Licensing 44 | These scripts, unless otherwise stated, are subject to the MIT license. 45 | -------------------------------------------------------------------------------- /cmake/BuildOpenSSL.cmake: -------------------------------------------------------------------------------- 1 | # MIT License 2 | # 3 | # Copyright (c) 2015-2024 The ViaDuck Project 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | # 23 | 24 | # build openssl locally 25 | 26 | # includes 27 | include(ProcessorCount) 28 | include(ExternalProject) 29 | 30 | # find packages 31 | find_package(Python COMPONENTS Interpreter REQUIRED) 32 | 33 | # used to apply various patches to OpenSSL 34 | find_program(PATCH_PROGRAM patch) 35 | if (NOT PATCH_PROGRAM) 36 | message(FATAL_ERROR "Cannot find patch utility. This is only required for Android cross-compilation but due to script complexity " 37 | "the requirement is always enforced") 38 | endif() 39 | 40 | # set variables 41 | ProcessorCount(NUM_JOBS) 42 | set(OS "UNIX") 43 | 44 | if (OPENSSL_BUILD_HASH) 45 | set(OPENSSL_CHECK_HASH URL_HASH SHA256=${OPENSSL_BUILD_HASH}) 46 | endif() 47 | 48 | # if already built, do not build again 49 | if (EXISTS ${OPENSSL_PREFIX}) 50 | message(WARNING "Not building OpenSSL again. Remove ${OPENSSL_PREFIX} for rebuild") 51 | else() 52 | if (NOT OPENSSL_BUILD_VERSION) 53 | message(FATAL_ERROR "You must specify OPENSSL_BUILD_VERSION!") 54 | endif() 55 | 56 | if (WIN32 AND NOT CROSS) 57 | # yep, windows needs special treatment, but neither cygwin nor msys, since they provide an UNIX-like environment 58 | 59 | if (MINGW) 60 | set(OS "WIN32") 61 | message(WARNING "Building on windows is experimental") 62 | 63 | find_program(MSYS_BASH "bash.exe" PATHS "C:/Msys/" "C:/MinGW/msys/" PATH_SUFFIXES "/1.0/bin/" "/bin/" 64 | DOC "Path to MSYS installation") 65 | if (NOT MSYS_BASH) 66 | message(FATAL_ERROR "Specify MSYS installation path") 67 | endif(NOT MSYS_BASH) 68 | 69 | set(MINGW_MAKE ${CMAKE_MAKE_PROGRAM}) 70 | message(WARNING "Assuming your make program is a sibling of your compiler (resides in same directory)") 71 | elseif(NOT (CYGWIN OR MSYS)) 72 | message(FATAL_ERROR "Unsupported compiler infrastructure") 73 | endif(MINGW) 74 | 75 | set(MAKE_PROGRAM ${CMAKE_MAKE_PROGRAM}) 76 | elseif(NOT UNIX) 77 | message(FATAL_ERROR "Unsupported platform") 78 | else() 79 | # for OpenSSL we can only use GNU make, no exotic things like Ninja (MSYS always uses GNU make) 80 | find_program(MAKE_PROGRAM make) 81 | endif() 82 | 83 | # on windows we need to replace path to perl since CreateProcess(..) cannot handle unix paths 84 | if (WIN32 AND NOT CROSS) 85 | set(PERL_PATH_FIX_INSTALL sed -i -- 's/\\/usr\\/bin\\/perl/perl/g' Makefile) 86 | else() 87 | set(PERL_PATH_FIX_INSTALL true) 88 | endif() 89 | 90 | # CROSS and CROSS_ANDROID cannot both be set (because of internal reasons) 91 | if (CROSS AND CROSS_ANDROID) 92 | # if user set CROSS_ANDROID and CROSS we assume he wants CROSS_ANDROID, so set CROSS to OFF 93 | set(CROSS OFF) 94 | endif() 95 | 96 | if (CROSS_ANDROID) 97 | set(OS "LINUX_CROSS_ANDROID") 98 | endif() 99 | 100 | # python helper script for corrent building environment 101 | set(BUILD_ENV_TOOL ${Python_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/building_env.py 102 | --bash "${MSYS_BASH}" --make "${MINGW_MAKE}" --envfile "${CMAKE_CURRENT_BINARY_DIR}/buildenv.txt" ${OS}) 103 | 104 | # user-specified modules 105 | set(CONFIGURE_OPENSSL_MODULES ${OPENSSL_MODULES}) 106 | 107 | # additional configure script parameters 108 | set(CONFIGURE_OPENSSL_PARAMS --libdir=lib) 109 | if (OPENSSL_DEBUG_BUILD) 110 | set(CONFIGURE_OPENSSL_PARAMS "${CONFIGURE_OPENSSL_PARAMS} no-asm -g3 -O0 -fno-omit-frame-pointer -fno-inline-functions") 111 | endif() 112 | if (OPENSSL_RPATH) 113 | # ridiculous escaping required to pass through cmake, one shell, one makefile and another shell. 114 | # \\\\ in shell, \\ in makefile 115 | string(REPLACE "\\" "\\\\\\\\" OPENSSL_RPATH_ESCAPED ${OPENSSL_RPATH}) 116 | # \\$\$ in shell, \$$ in makefile 117 | string(REPLACE "\$" "\\\\\$\\\$" OPENSSL_RPATH_ESCAPED ${OPENSSL_RPATH_ESCAPED}) # \$$ in makefile 118 | set(CONFIGURE_OPENSSL_PARAMS "${CONFIGURE_OPENSSL_PARAMS} -Wl,-rpath=${OPENSSL_RPATH_ESCAPED}") 119 | endif() 120 | 121 | # set install command depending of choice on man page generation 122 | if (OPENSSL_INSTALL_MAN) 123 | set(INSTALL_OPENSSL_MAN "install_docs") 124 | endif() 125 | 126 | # disable building tests 127 | if (NOT OPENSSL_ENABLE_TESTS) 128 | set(CONFIGURE_OPENSSL_MODULES ${CONFIGURE_OPENSSL_MODULES} no-tests) 129 | set(COMMAND_TEST "true") 130 | endif() 131 | 132 | # cross-compiling 133 | if (CROSS) 134 | set(COMMAND_CONFIGURE ./Configure ${CONFIGURE_OPENSSL_PARAMS} --cross-compile-prefix=${CROSS_PREFIX} ${CROSS_TARGET} 135 | ${CONFIGURE_OPENSSL_MODULES} --prefix=/usr/local/) 136 | set(COMMAND_TEST "true") 137 | elseif(CROSS_ANDROID) 138 | # required environment configuration is already set (by e.g. ndk) so no need to fiddle around with all the OpenSSL options ... 139 | if (NOT ANDROID) 140 | message(FATAL_ERROR "Use NDK cmake toolchain or cmake android autoconfig") 141 | endif() 142 | 143 | # arch options 144 | if (ARMEABI_V7A) 145 | set(OPENSSL_PLATFORM "arm") 146 | set(CONFIGURE_OPENSSL_PARAMS ${CONFIGURE_OPENSSL_PARAMS} "-march=armv7-a") 147 | else() 148 | if (CMAKE_ANDROID_ARCH_ABI MATCHES "arm64-v8a") 149 | set(OPENSSL_PLATFORM "arm64") 150 | else() 151 | set(OPENSSL_PLATFORM ${CMAKE_ANDROID_ARCH_ABI}) 152 | endif() 153 | endif() 154 | 155 | # collect options to pass via ENV to openssl configure 156 | set(FORWARD_ANDROID_NDK "${ANDROID_NDK}") 157 | # silence warnings about unused arguments (Clang specific) 158 | set(FORWARD_CFLAGS "${CMAKE_C_FLAGS} -Qunused-arguments") 159 | set(FORWARD_CXXFLAGS "${CMAKE_CXX_FLAGS} -Qunused-arguments") 160 | set(FORWARD_LDFLAGS "${CMAKE_MODULE_LINKER_FLAGS}") 161 | set(FORWARD_PATH "${ANDROID_TOOLCHAIN_ROOT}/bin/:${ANDROID_TOOLCHAIN_ROOT}/${ANDROID_TOOLCHAIN_NAME}/bin/") 162 | 163 | # Android specific configuration options 164 | set(CONFIGURE_OPENSSL_MODULES ${CONFIGURE_OPENSSL_MODULES} no-hw) 165 | 166 | set(COMMAND_CONFIGURE ./Configure android-${OPENSSL_PLATFORM} ${CONFIGURE_OPENSSL_PARAMS} ${CONFIGURE_OPENSSL_MODULES}) 167 | set(COMMAND_TEST "true") 168 | else() # detect host system automatically 169 | set(COMMAND_CONFIGURE ./config ${CONFIGURE_OPENSSL_PARAMS} ${CONFIGURE_OPENSSL_MODULES}) 170 | 171 | if (NOT COMMAND_TEST) 172 | set(COMMAND_TEST ${BUILD_ENV_TOOL} -- ${MAKE_PROGRAM} test) 173 | endif() 174 | endif() 175 | 176 | # build OPENSSL_PATCH_COMMAND 177 | include(PatchOpenSSL) 178 | 179 | # add openssl target 180 | ExternalProject_Add(openssl 181 | URL https://mirror.viaduck.org/openssl/openssl-${OPENSSL_BUILD_VERSION}.tar.gz 182 | ${OPENSSL_CHECK_HASH} 183 | UPDATE_COMMAND "" 184 | 185 | CONFIGURE_COMMAND ${BUILD_ENV_TOOL} -- ${COMMAND_CONFIGURE} 186 | ${OPENSSL_PATCH_COMMAND} 187 | 188 | BUILD_COMMAND ${BUILD_ENV_TOOL} -- ${MAKE_PROGRAM} -j ${NUM_JOBS} 189 | BUILD_BYPRODUCTS ${OPENSSL_BYPRODUCTS} 190 | 191 | TEST_BEFORE_INSTALL 1 192 | TEST_COMMAND ${COMMAND_TEST} 193 | 194 | INSTALL_COMMAND ${BUILD_ENV_TOOL} -- ${PERL_PATH_FIX_INSTALL} 195 | COMMAND ${BUILD_ENV_TOOL} -- ${MAKE_PROGRAM} DESTDIR=${OPENSSL_PREFIX} install_sw ${INSTALL_OPENSSL_MAN} 196 | COMMAND ${CMAKE_COMMAND} -G ${CMAKE_GENERATOR} ${CMAKE_BINARY_DIR} # force CMake-reload 197 | 198 | LOG_INSTALL 1 199 | ) 200 | 201 | # write all "FORWARD_" variables with escaped quotes to file, is picked up by python script 202 | get_cmake_property(_variableNames VARIABLES) 203 | foreach (_variableName ${_variableNames}) 204 | if (_variableName MATCHES "^FORWARD_") 205 | string(REPLACE "FORWARD_" "" _envName ${_variableName}) 206 | string(REPLACE "\"" "\\\"" _envValue "${${_variableName}}") 207 | set(OUT_FILE "${OUT_FILE}${_envName}=\"${_envValue}\"\n") 208 | endif() 209 | endforeach() 210 | file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/buildenv.txt ${OUT_FILE}) 211 | endif() 212 | -------------------------------------------------------------------------------- /cmake/ByproductsOpenSSL.cmake: -------------------------------------------------------------------------------- 1 | # MIT License 2 | # 3 | # Copyright (c) 2023 The ViaDuck Project 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | # 23 | 24 | # precompute future OpenSSL library paths from prefix dir 25 | function(GetOpenSSLByproducts OPENSSL_PREFIX_PATH OPENSSL_BYPRODUCTS_VAR OPENSSL_INCLUDE_VAR) 26 | # include directory 27 | set(${OPENSSL_INCLUDE_VAR} "${OPENSSL_PREFIX_PATH}/usr/local/include" PARENT_SCOPE) 28 | 29 | if (WIN32) 30 | # windows pre/suffixes 31 | 32 | set(OPENSSL_SHARED_PREFIX "lib") 33 | set(OPENSSL_STATIC_PREFIX "lib") 34 | set(OPENSSL_SHARED_SUFFIX ".dll.a") 35 | set(OPENSSL_STATIC_SUFFIX ".a") 36 | else() 37 | # unix pre/suffixes 38 | 39 | set(OPENSSL_SHARED_PREFIX ${CMAKE_SHARED_LIBRARY_PREFIX}) 40 | set(OPENSSL_STATIC_PREFIX ${CMAKE_STATIC_LIBRARY_PREFIX}) 41 | set(OPENSSL_SHARED_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX}) 42 | set(OPENSSL_STATIC_SUFFIX ${CMAKE_STATIC_LIBRARY_SUFFIX}) 43 | endif() 44 | 45 | set(OPENSSL_BASE_NAMES crypto ssl) 46 | foreach(OPENSSL_BASE_NAME ${OPENSSL_BASE_NAMES}) 47 | set(OPENSSL_STATIC_LIB ${OPENSSL_PREFIX_PATH}/usr/local/lib/${OPENSSL_STATIC_PREFIX}${OPENSSL_BASE_NAME}${OPENSSL_STATIC_SUFFIX}) 48 | 49 | add_library(${OPENSSL_BASE_NAME}_static_lib STATIC IMPORTED GLOBAL) 50 | set_property(TARGET ${OPENSSL_BASE_NAME}_static_lib PROPERTY IMPORTED_LOCATION ${OPENSSL_STATIC_LIB}) 51 | 52 | set(OPENSSL_SHARED_LIB ${OPENSSL_PREFIX_PATH}/usr/local/lib/${OPENSSL_SHARED_PREFIX}${OPENSSL_BASE_NAME}${OPENSSL_SHARED_SUFFIX}) 53 | 54 | # windows .dll.a requires unknown import library type 55 | add_library(${OPENSSL_BASE_NAME}_shared_lib UNKNOWN IMPORTED GLOBAL) 56 | set_property(TARGET ${OPENSSL_BASE_NAME}_shared_lib PROPERTY IMPORTED_LOCATION ${OPENSSL_SHARED_LIB}) 57 | 58 | list(APPEND ${OPENSSL_BYPRODUCTS_VAR} ${OPENSSL_STATIC_LIB} ${OPENSSL_SHARED_LIB}) 59 | endforeach() 60 | 61 | # returns 62 | set(${OPENSSL_BYPRODUCTS_VAR} ${${OPENSSL_BYPRODUCTS_VAR}} PARENT_SCOPE) 63 | endfunction() 64 | -------------------------------------------------------------------------------- /cmake/PatchOpenSSL.cmake: -------------------------------------------------------------------------------- 1 | # MIT License 2 | # 3 | # Copyright (c) 2023 The ViaDuck Project 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | # 23 | 24 | set(OPENSSL_PATCH_N 2) 25 | 26 | # fix a failing test, see https://github.com/openssl/openssl/issues/20249 27 | set(OPENSSL_PATCH_1_FILE ${CMAKE_CURRENT_SOURCE_DIR}/patches/0001-Fix-failing-cms-test-when-no-des-is-used.patch) 28 | set(OPENSSL_PATCH_1_VERS "3.0.8..3.1.0") 29 | 30 | # fix a failing test, see https://github.com/openssl/openssl/pull/22150 31 | set(OPENSSL_PATCH_2_FILE ${CMAKE_CURRENT_SOURCE_DIR}/patches/0002-Fix-test_cms-if-DSA-is-not-supported.patch) 32 | set(OPENSSL_PATCH_2_VERS "3.1.3..") 33 | 34 | # process patches 35 | 36 | set(OPENSSL_PATCH_COMMAND PATCH_COMMAND echo) 37 | foreach(PATCH_INDEX RANGE 1 ${OPENSSL_PATCH_N}) 38 | set(PATCH_FILE ${OPENSSL_PATCH_${PATCH_INDEX}_FILE}) 39 | set(PATCH_VERS ${OPENSSL_PATCH_${PATCH_INDEX}_VERS}) 40 | 41 | set(PATCH_APPLY OFF) 42 | string(FIND ${PATCH_VERS} ".." PATCH_HAS_RANGE) 43 | if (PATCH_HAS_RANGE) 44 | string(REGEX MATCH "^([a-zA-Z0-9\\.]*)\\.\\.([a-zA-Z0-9\\.]*)$" PATCH_RANGE_FOUND ${PATCH_VERS}) 45 | 46 | if (("${CMAKE_MATCH_1}" STREQUAL "" OR ${OPENSSL_BUILD_VERSION} VERSION_GREATER_EQUAL "${CMAKE_MATCH_1}") 47 | AND ("${CMAKE_MATCH_2}" STREQUAL "" OR ${OPENSSL_BUILD_VERSION} VERSION_LESS "${CMAKE_MATCH_2}")) 48 | set(PATCH_APPLY ON) 49 | endif() 50 | else() 51 | if (${OPENSSL_BUILD_VERSION} VERSION_EQUAL ${PATCH_VERS}) 52 | set(PATCH_APPLY ON) 53 | endif() 54 | endif() 55 | 56 | if (PATCH_APPLY) 57 | set(OPENSSL_PATCH_COMMAND ${OPENSSL_PATCH_COMMAND} COMMAND ${PATCH_PROGRAM} -p1 --forward -r - < ${PATCH_FILE} || echo) 58 | endif() 59 | endforeach() 60 | -------------------------------------------------------------------------------- /cmake/PrebuiltOpenSSL.cmake: -------------------------------------------------------------------------------- 1 | # MIT License 2 | # 3 | # Copyright (c) 2015-2018 The ViaDuck Project 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | # 23 | 24 | # check out prebuilts for the current system 25 | 26 | # includes 27 | include(ExternalProject) 28 | include(TargetArch) 29 | 30 | # autodetect PREBUILT_BRANCH 31 | if (NOT PREBUILT_BRANCH) 32 | target_architecture(ARCH) 33 | if (${ARCH} STREQUAL "unknown") 34 | message(FATAL_ERROR "Architecture detection failed. Please specify manually.") 35 | endif() 36 | 37 | if (WIN32) 38 | # prebuilts on windows use mingw-w64 for building 39 | set(ARCH_SYSTEM ${ARCH}-w64-mingw32) 40 | elseif(ANDROID) 41 | set(ARCH_SYSTEM ${ARCH}-android) 42 | elseif(UNIX AND NOT APPLE) 43 | set(ARCH_SYSTEM ${ARCH}-linux) 44 | else() 45 | message(FATAL_ERROR "Prebuilts for this system are not available (yet)!") 46 | endif() 47 | message(STATUS "Using ${ARCH_SYSTEM} prebuilts") 48 | endif() 49 | set(PREBUILT_BRANCH ${ARCH_SYSTEM} CACHE STRING "Branch in OpenSSL-Prebuilts to checkout from") 50 | 51 | # auto version 52 | if (NOT OPENSSL_PREBUILT_VERSION) 53 | set(OPENSSL_PREBUILT_VERSION "3.3.3") 54 | endif() 55 | 56 | # add openssl target 57 | ExternalProject_Add(openssl 58 | URL https://builds.viaduck.org/prebuilts/openssl/${OPENSSL_PREBUILT_VERSION}/${PREBUILT_BRANCH}.tar.gz 59 | 60 | UPDATE_COMMAND "" 61 | CONFIGURE_COMMAND "" 62 | BUILD_COMMAND "" 63 | BUILD_BYPRODUCTS ${OPENSSL_BYPRODUCTS} 64 | INSTALL_COMMAND "" 65 | TEST_COMMAND "" 66 | ) 67 | -------------------------------------------------------------------------------- /cmake/TargetArch.cmake: -------------------------------------------------------------------------------- 1 | #[[ 2 | Copyright (c) 2012 Petroules Corporation. All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 5 | following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following 8 | disclaimer. 9 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following 10 | disclaimer in the documentation and/or other materials provided with the distribution. 11 | 12 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 13 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 14 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 15 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 16 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 17 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 18 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 19 | 20 | -- 21 | See https://github.com/axr/solar-cmake 22 | ]] 23 | 24 | # Based on the Qt 5 processor detection code, so should be very accurate 25 | # https://qt.gitorious.org/qt/qtbase/blobs/master/src/corelib/global/qprocessordetection.h 26 | # Currently handles arm (v5, v6, v7), x86 (32/64), ia64, and ppc (32/64) 27 | 28 | # Regarding POWER/PowerPC, just as is noted in the Qt source, 29 | # "There are many more known variants/revisions that we do not handle/detect." 30 | 31 | set(archdetect_c_code " 32 | #if defined(__arm__) || defined(__TARGET_ARCH_ARM) || defined(_M_ARM) || defined(__aarch64__) || defined(__ARM64__) 33 | #if defined(__ARM64_ARCH_8__) \\ 34 | || defined(__aarch64__) \\ 35 | || defined(__ARMv8__) \\ 36 | || defined(__ARMv8_A__) 37 | #error cmake_ARCH arm64-v8a 38 | #elif defined(__ARM_ARCH_7__) \\ 39 | || defined(__ARM_ARCH_7A__) \\ 40 | || defined(__ARM_ARCH_7R__) \\ 41 | || defined(__ARM_ARCH_7M__) \\ 42 | || defined(__ARM_ARCH_7S__) \\ 43 | || defined(_ARM_ARCH_7) \\ 44 | || defined(__CORE_CORTEXA__) \\ 45 | || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 7) 46 | #error cmake_ARCH armeabi-v7a 47 | #elif defined(__ARM_ARCH_6__) \\ 48 | || defined(__ARM_ARCH_6J__) \\ 49 | || defined(__ARM_ARCH_6T2__) \\ 50 | || defined(__ARM_ARCH_6Z__) \\ 51 | || defined(__ARM_ARCH_6K__) \\ 52 | || defined(__ARM_ARCH_6ZK__) \\ 53 | || defined(__ARM_ARCH_6M__) \\ 54 | || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 6) 55 | #error cmake_ARCH armv6 56 | #elif defined(__ARM_ARCH_5TEJ__) \\ 57 | || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 5) 58 | #error cmake_ARCH armv5 59 | #else 60 | #error cmake_ARCH arm 61 | #endif 62 | #elif defined(__i386) || defined(__i386__) || defined(_M_IX86) 63 | #error cmake_ARCH i686 64 | #elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(_M_X64) 65 | #error cmake_ARCH x86_64 66 | #elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) 67 | #error cmake_ARCH ia64 68 | #elif defined(__ppc__) || defined(__ppc) || defined(__powerpc__) \\ 69 | || defined(_ARCH_COM) || defined(_ARCH_PWR) || defined(_ARCH_PPC) \\ 70 | || defined(_M_MPPC) || defined(_M_PPC) 71 | #if defined(__ppc64__) || defined(__powerpc64__) || defined(__64BIT__) 72 | #error cmake_ARCH ppc64 73 | #else 74 | #error cmake_ARCH ppc 75 | #endif 76 | #else 77 | #error cmake_ARCH unknown 78 | #endif 79 | ") 80 | 81 | # Set ppc_support to TRUE before including this file or ppc and ppc64 82 | # will be treated as invalid architectures since they are no longer supported by Apple 83 | 84 | function(target_architecture output_var) 85 | if(APPLE AND CMAKE_OSX_ARCHITECTURES) 86 | # On OS X we use CMAKE_OSX_ARCHITECTURES *if* it was set 87 | # First let's normalize the order of the values 88 | 89 | # Note that it's not possible to compile PowerPC applications if you are using 90 | # the OS X SDK version 10.6 or later - you'll need 10.4/10.5 for that, so we 91 | # disable it by default 92 | # See this page for more information: 93 | # http://stackoverflow.com/questions/5333490/how-can-we-restore-ppc-ppc64-as-well-as-full-10-4-10-5-sdk-support-to-xcode-4 94 | 95 | # Architecture defaults to i386 or ppc on OS X 10.5 and earlier, depending on the CPU type detected at runtime. 96 | # On OS X 10.6+ the default is x86_64 if the CPU supports it, i386 otherwise. 97 | 98 | foreach(osx_arch ${CMAKE_OSX_ARCHITECTURES}) 99 | if("${osx_arch}" STREQUAL "ppc" AND ppc_support) 100 | set(osx_arch_ppc TRUE) 101 | elseif("${osx_arch}" STREQUAL "i386") 102 | set(osx_arch_i386 TRUE) 103 | elseif("${osx_arch}" STREQUAL "x86_64") 104 | set(osx_arch_x86_64 TRUE) 105 | elseif("${osx_arch}" STREQUAL "ppc64" AND ppc_support) 106 | set(osx_arch_ppc64 TRUE) 107 | else() 108 | message(FATAL_ERROR "Invalid OS X arch name: ${osx_arch}") 109 | endif() 110 | endforeach() 111 | 112 | # Now add all the architectures in our normalized order 113 | if(osx_arch_ppc) 114 | list(APPEND ARCH ppc) 115 | endif() 116 | 117 | if(osx_arch_i386) 118 | list(APPEND ARCH i386) 119 | endif() 120 | 121 | if(osx_arch_x86_64) 122 | list(APPEND ARCH x86_64) 123 | endif() 124 | 125 | if(osx_arch_ppc64) 126 | list(APPEND ARCH ppc64) 127 | endif() 128 | else() 129 | file(WRITE "${CMAKE_BINARY_DIR}/arch.c" "${archdetect_c_code}") 130 | 131 | enable_language(C) 132 | 133 | # Detect the architecture in a rather creative way... 134 | # This compiles a small C program which is a series of ifdefs that selects a 135 | # particular #error preprocessor directive whose message string contains the 136 | # target architecture. The program will always fail to compile (both because 137 | # file is not a valid C program, and obviously because of the presence of the 138 | # #error preprocessor directives... but by exploiting the preprocessor in this 139 | # way, we can detect the correct target architecture even when cross-compiling, 140 | # since the program itself never needs to be run (only the compiler/preprocessor) 141 | try_run( 142 | run_result_unused 143 | compile_result_unused 144 | "${CMAKE_BINARY_DIR}" 145 | "${CMAKE_BINARY_DIR}/arch.c" 146 | COMPILE_OUTPUT_VARIABLE ARCH 147 | CMAKE_FLAGS CMAKE_OSX_ARCHITECTURES=${CMAKE_OSX_ARCHITECTURES} 148 | ) 149 | 150 | # Parse the architecture name from the compiler output 151 | string(REGEX MATCH "cmake_ARCH ([a-zA-Z0-9_\-]+)" ARCH "${ARCH}") 152 | 153 | # Get rid of the value marker leaving just the architecture name 154 | string(REPLACE "cmake_ARCH " "" ARCH "${ARCH}") 155 | 156 | # If we are compiling with an unknown architecture this variable should 157 | # already be set to "unknown" but in the case that it's empty (i.e. due 158 | # to a typo in the code), then set it to unknown 159 | if (NOT ARCH) 160 | set(ARCH unknown) 161 | endif() 162 | endif() 163 | 164 | set(${output_var} "${ARCH}" PARENT_SCOPE) 165 | endfunction() 166 | -------------------------------------------------------------------------------- /patches/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/viaduck/openssl-cmake/12cbae86a69ea6096f2c86eb495d4d5880ff3c2b/patches/.gitkeep -------------------------------------------------------------------------------- /patches/0001-Fix-failing-cms-test-when-no-des-is-used.patch: -------------------------------------------------------------------------------- 1 | From 87da6db1773f7741e7f92f40907e3282586da28a Mon Sep 17 00:00:00 2001 2 | From: Bernd Edlinger 3 | Date: Mon, 13 Feb 2023 12:58:33 +0100 4 | Subject: [PATCH] Fix failing cms test when no-des is used 5 | 6 | The test tries to use DES but that may not be available. 7 | But for the purpose of regression testing CVE-2023-0215 8 | the cipher is not relevant, so we use AES-128 instead. 9 | 10 | Fixes #20249 11 | 12 | Reviewed-by: Matt Caswell 13 | Reviewed-by: Todd Short 14 | (Merged from https://github.com/openssl/openssl/pull/20276) 15 | 16 | (cherry picked from commit c400a1fe477b44a5eacbad2be8d50f2eaa92925c) 17 | --- 18 | test/recipes/80-test_cms.t | 2 +- 19 | 1 file changed, 1 insertion(+), 1 deletion(-) 20 | 21 | diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t 22 | index abe299b6a2..cabbe3ecdf 100644 23 | --- a/test/recipes/80-test_cms.t 24 | +++ b/test/recipes/80-test_cms.t 25 | @@ -989,7 +989,7 @@ with({ exit_checker => sub { return shift == 6; } }, 26 | sub { 27 | ok(run(app(['openssl', 'cms', '-encrypt', 28 | '-in', srctop_file("test", "smcont.txt"), 29 | - '-stream', '-recip', 30 | + '-aes128', '-stream', '-recip', 31 | srctop_file("test/smime-certs", "badrsa.pem"), 32 | ])), 33 | "Check failure during BIO setup with -stream is handled correctly"); 34 | -- 35 | 2.35.3 36 | 37 | -------------------------------------------------------------------------------- /patches/0002-Fix-test_cms-if-DSA-is-not-supported.patch: -------------------------------------------------------------------------------- 1 | From 48685e37684258085532a2a62fefd08098f9a62f Mon Sep 17 00:00:00 2001 2 | From: Steffen Klee 3 | Date: Wed, 20 Sep 2023 00:04:18 +0200 4 | Subject: [PATCH] Fix test_cms if DSA is not supported 5 | 6 | CLA: trivial 7 | --- 8 | test/recipes/80-test_cms.t | 14 +++++++++----- 9 | 1 file changed, 9 insertions(+), 5 deletions(-) 10 | 11 | diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t 12 | index 21c683c404..3857916105 100644 13 | --- a/test/recipes/80-test_cms.t 14 | +++ b/test/recipes/80-test_cms.t 15 | @@ -1144,9 +1144,13 @@ with({ exit_checker => sub { return shift == 6; } }, 16 | # Test case for return value mis-check reported in #21986 17 | with({ exit_checker => sub { return shift == 3; } }, 18 | sub { 19 | - ok(run(app(['openssl', 'cms', '-sign', 20 | - '-in', srctop_file("test", "smcont.txt"), 21 | - '-signer', srctop_file("test/smime-certs", "smdsa1.pem"), 22 | - '-md', 'SHAKE256'])), 23 | - "issue#21986"); 24 | + SKIP: { 25 | + skip "DSA is not supported in this build", 1 if $no_dsa; 26 | + 27 | + ok(run(app(['openssl', 'cms', '-sign', 28 | + '-in', srctop_file("test", "smcont.txt"), 29 | + '-signer', srctop_file("test/smime-certs", "smdsa1.pem"), 30 | + '-md', 'SHAKE256'])), 31 | + "issue#21986"); 32 | + } 33 | }); 34 | -- 35 | 2.42.0 36 | 37 | -------------------------------------------------------------------------------- /scripts/building_env.py: -------------------------------------------------------------------------------- 1 | # MIT License 2 | # 3 | # Copyright (c) 2015-2023 The ViaDuck Project 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in all 13 | # copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | # SOFTWARE. 22 | # 23 | 24 | # creates a building environment for openssl 25 | # - working directory 26 | # - on windows: uses msys' bash for command execution (openssl's scripts need an UNIX-like environment with perl) 27 | 28 | import argparse 29 | import os, re 30 | from subprocess import PIPE, Popen 31 | from sys import exit 32 | 33 | parser = argparse.ArgumentParser() 34 | parser.add_argument('-v', '--verbose', action='store_true') 35 | parser.add_argument('--bash', nargs='?') 36 | parser.add_argument('--make', nargs='?') 37 | parser.add_argument('--envfile') 38 | parser.add_argument('os') 39 | parser.add_argument('cwd') 40 | parser.add_argument('args', nargs='+') 41 | args = parser.parse_args() 42 | 43 | if args.verbose: 44 | print(args) 45 | 46 | env = os.environ 47 | env_sep = ';' if args.os == 'WIN32' else ':' 48 | 49 | def add_env(k, v): 50 | global env 51 | 52 | if k == 'PATH': 53 | env[k] = v + ('' if v.endswith(env_sep) else env_sep) + env[k] 54 | else: 55 | env[k] = v 56 | 57 | if args.verbose: 58 | print(f'Updated env[{k}] to "{v}"') 59 | 60 | # add bash and make directories to path if specified 61 | if args.bash is not None and len(args.bash) > 0: 62 | add_env('PATH', os.path.dirname(args.bash)) 63 | if args.make is not None and len(args.make) > 0: 64 | add_env('PATH', os.path.dirname(args.make)) 65 | 66 | # os-specifics 67 | if args.os == 'WIN32': 68 | # otherwise: internal error: invalid --jobserver-fds string `gmake_semaphore_1824' 69 | add_env('MAKEFLAGS', '') 70 | elif args.os == 'LINUX_CROSS_ANDROID': 71 | # parse A="B" where B has all quotes escaped 72 | pattern = re.compile(r'^(.*?)="((?:\\.|[^"\\])*)"', re.MULTILINE | re.DOTALL) 73 | 74 | # parse env vars from file 75 | with open(args.envfile, 'r') as f: 76 | content = f.read() 77 | 78 | # unescape and save all env vars 79 | for k, v in pattern.findall(content): 80 | add_env(k, v.replace("\\\"", "\"")) 81 | 82 | # build command-line 83 | cmd_exec, cmd_args = args.args[0], ' '.join(args.args[1:]) 84 | cmd_line = f'"{cmd_exec}" {cmd_args} || exit $?' 85 | 86 | if args.verbose: 87 | print(f'Built cmd_line = "{cmd_line}"') 88 | 89 | proc = None 90 | if args.os == 'WIN32': 91 | # we must emulate a UNIX environment to build openssl using mingw 92 | proc = Popen(bash, env=env, cwd=args.cwd, stdin=PIPE, universal_newlines=True) 93 | proc.communicate(input=cmd_line) 94 | else: 95 | proc = Popen(cmd_line, env=env, cwd=args.cwd, shell=True) 96 | proc.communicate() 97 | 98 | exit(proc.returncode) 99 | -------------------------------------------------------------------------------- /scripts/update_version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sed -i "s/OPENSSL_BUILD_VERSION: \".*\"/OPENSSL_BUILD_VERSION: \"$1\"/g" .gitlab-ci.yml 3 | sed -i "s/OPENSSL_BUILD_HASH: \".*\"/OPENSSL_BUILD_HASH: \"$2\"/g" .gitlab-ci.yml 4 | sed -i "s/set(OPENSSL_PREBUILT_VERSION \".*\"/set(OPENSSL_PREBUILT_VERSION \"$1\"/g" cmake/PrebuiltOpenSSL.cmake 5 | -------------------------------------------------------------------------------- /scripts/upload_result.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # MIT License 3 | # 4 | # Copyright (c) 2018-2019 The ViaDuck Project 5 | # 6 | # Permission is hereby granted, free of charge, to any person obtaining a copy 7 | # of this software and associated documentation files (the "Software"), to deal 8 | # in the Software without restriction, including without limitation the rights 9 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | # copies of the Software, and to permit persons to whom the Software is 11 | # furnished to do so, subject to the following conditions: 12 | # 13 | # The above copyright notice and this permission notice shall be included in all 14 | # copies or substantial portions of the Software. 15 | # 16 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | # SOFTWARE. 23 | # 24 | # usage: 25 | 26 | # early exit when no secrets are set 27 | if [[ $PREBUILT_AUTH = ":" ]]; then 28 | echo "No secrets to upload result." 29 | exit 0 30 | fi 31 | 32 | # rename dir as arch for tarring 33 | mkdir -p $1 34 | mv $2 $1/$2 35 | tar czf $1.tar.gz $1 36 | 37 | # capture the code while printing the page 38 | { code=$(curl -u $PREBUILT_AUTH -F "file=@$1.tar.gz" -F "dir=prebuilts/openssl/$OPENSSL_BUILD_VERSION" -F 'checksum=yes' -o /dev/stderr -w '%{http_code}' https://mirror.viaduck.org/scripts/upload.py); } 2>&1 39 | 40 | # check for 200 41 | if [ "$code" -ne 200 ]; then 42 | echo "cURL error" 43 | exit 1 44 | fi 45 | 46 | --------------------------------------------------------------------------------