1# Orthanc - A Lightweight, RESTful DICOM Store 2# Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics 3# Department, University Hospital of Liege, Belgium 4# Copyright (C) 2017-2020 Osimis S.A., Belgium 5# 6# This program is free software: you can redistribute it and/or 7# modify it under the terms of the GNU Lesser General Public License 8# as published by the Free Software Foundation, either version 3 of 9# the License, or (at your option) any later version. 10# 11# This program is distributed in the hope that it will be useful, but 12# WITHOUT ANY WARRANTY; without even the implied warranty of 13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14# Lesser General Public License for more details. 15# 16# You should have received a copy of the GNU Lesser General Public 17# License along with this program. If not, see 18# <http://www.gnu.org/licenses/>. 19 20 21SET(OPENSSL_SOURCES_DIR ${CMAKE_BINARY_DIR}/openssl-1.1.1g) 22SET(OPENSSL_URL "http://orthanc.osimis.io/ThirdPartyDownloads/openssl-1.1.1g.tar.gz") 23SET(OPENSSL_MD5 "76766e98997660138cdaf13a187bd234") 24 25if (IS_DIRECTORY "${OPENSSL_SOURCES_DIR}") 26 set(FirstRun OFF) 27else() 28 set(FirstRun ON) 29endif() 30 31DownloadPackage(${OPENSSL_MD5} ${OPENSSL_URL} "${OPENSSL_SOURCES_DIR}") 32 33if (FirstRun) 34 file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/buildinf.h " 35#define DATE \"\" 36#define PLATFORM \"\" 37#define compiler_flags \"\" 38") 39 file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/bn_conf.h "") 40 file(WRITE ${OPENSSL_SOURCES_DIR}/crypto/dso_conf.h "") 41 42 configure_file( 43 ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-1.1.1-conf.h.in 44 ${OPENSSL_SOURCES_DIR}/include/openssl/opensslconf.h 45 ) 46 47 # Apply the patches 48 execute_process( 49 COMMAND ${PATCH_EXECUTABLE} -p0 -N -i 50 ${CMAKE_CURRENT_LIST_DIR}/../Patches/openssl-1.1.1g.patch 51 WORKING_DIRECTORY ${CMAKE_BINARY_DIR} 52 RESULT_VARIABLE Failure 53 ) 54 55 if (Failure) 56 message(FATAL_ERROR "Error while patching a file") 57 endif() 58else() 59 message("The patches for OpenSSL have already been applied") 60endif() 61 62add_definitions( 63 -DOPENSSL_THREADS 64 -DOPENSSL_IA32_SSE2 65 -DOPENSSL_NO_ASM 66 -DOPENSSL_NO_DYNAMIC_ENGINE 67 -DOPENSSL_NO_DEVCRYPTOENG 68 69 -DOPENSSL_NO_BF 70 -DOPENSSL_NO_CAMELLIA 71 -DOPENSSL_NO_CAST 72 -DOPENSSL_NO_EC_NISTP_64_GCC_128 73 -DOPENSSL_NO_GMP 74 -DOPENSSL_NO_GOST 75 -DOPENSSL_NO_HW 76 -DOPENSSL_NO_JPAKE 77 -DOPENSSL_NO_IDEA 78 -DOPENSSL_NO_KRB5 79 -DOPENSSL_NO_MD2 80 -DOPENSSL_NO_MDC2 81 #-DOPENSSL_NO_MD4 # MD4 is necessary for MariaDB/MySQL client 82 -DOPENSSL_NO_RC2 83 -DOPENSSL_NO_RC4 84 -DOPENSSL_NO_RC5 85 -DOPENSSL_NO_RFC3779 86 -DOPENSSL_NO_SCTP 87 -DOPENSSL_NO_STORE 88 -DOPENSSL_NO_SEED 89 -DOPENSSL_NO_WHIRLPOOL 90 -DOPENSSL_NO_RIPEMD 91 -DOPENSSL_NO_AFALGENG 92 93 -DOPENSSLDIR="/usr/local/ssl" 94 ) 95 96 97include_directories( 98 ${OPENSSL_SOURCES_DIR} 99 ${OPENSSL_SOURCES_DIR}/crypto 100 ${OPENSSL_SOURCES_DIR}/crypto/asn1 101 ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 102 ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 103 ${OPENSSL_SOURCES_DIR}/crypto/evp 104 ${OPENSSL_SOURCES_DIR}/crypto/include 105 ${OPENSSL_SOURCES_DIR}/crypto/modes 106 ${OPENSSL_SOURCES_DIR}/include 107 ) 108 109 110set(OPENSSL_SOURCES_SUBDIRS 111 ${OPENSSL_SOURCES_DIR}/crypto 112 ${OPENSSL_SOURCES_DIR}/crypto/aes 113 ${OPENSSL_SOURCES_DIR}/crypto/aria 114 ${OPENSSL_SOURCES_DIR}/crypto/asn1 115 ${OPENSSL_SOURCES_DIR}/crypto/async 116 ${OPENSSL_SOURCES_DIR}/crypto/async/arch 117 ${OPENSSL_SOURCES_DIR}/crypto/bio 118 ${OPENSSL_SOURCES_DIR}/crypto/blake2 119 ${OPENSSL_SOURCES_DIR}/crypto/bn 120 ${OPENSSL_SOURCES_DIR}/crypto/buffer 121 ${OPENSSL_SOURCES_DIR}/crypto/chacha 122 ${OPENSSL_SOURCES_DIR}/crypto/cmac 123 ${OPENSSL_SOURCES_DIR}/crypto/cms 124 ${OPENSSL_SOURCES_DIR}/crypto/comp 125 ${OPENSSL_SOURCES_DIR}/crypto/conf 126 ${OPENSSL_SOURCES_DIR}/crypto/ct 127 ${OPENSSL_SOURCES_DIR}/crypto/des 128 ${OPENSSL_SOURCES_DIR}/crypto/dh 129 ${OPENSSL_SOURCES_DIR}/crypto/dsa 130 ${OPENSSL_SOURCES_DIR}/crypto/dso 131 ${OPENSSL_SOURCES_DIR}/crypto/ec 132 ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448 133 ${OPENSSL_SOURCES_DIR}/crypto/ec/curve448/arch_32 134 ${OPENSSL_SOURCES_DIR}/crypto/err 135 ${OPENSSL_SOURCES_DIR}/crypto/evp 136 ${OPENSSL_SOURCES_DIR}/crypto/hmac 137 ${OPENSSL_SOURCES_DIR}/crypto/kdf 138 ${OPENSSL_SOURCES_DIR}/crypto/lhash 139 ${OPENSSL_SOURCES_DIR}/crypto/md4 140 ${OPENSSL_SOURCES_DIR}/crypto/md5 141 ${OPENSSL_SOURCES_DIR}/crypto/modes 142 ${OPENSSL_SOURCES_DIR}/crypto/objects 143 ${OPENSSL_SOURCES_DIR}/crypto/ocsp 144 ${OPENSSL_SOURCES_DIR}/crypto/pem 145 ${OPENSSL_SOURCES_DIR}/crypto/pkcs12 146 ${OPENSSL_SOURCES_DIR}/crypto/pkcs7 147 ${OPENSSL_SOURCES_DIR}/crypto/poly1305 148 ${OPENSSL_SOURCES_DIR}/crypto/pqueue 149 ${OPENSSL_SOURCES_DIR}/crypto/rand 150 ${OPENSSL_SOURCES_DIR}/crypto/ripemd 151 ${OPENSSL_SOURCES_DIR}/crypto/rsa 152 ${OPENSSL_SOURCES_DIR}/crypto/sha 153 ${OPENSSL_SOURCES_DIR}/crypto/siphash 154 ${OPENSSL_SOURCES_DIR}/crypto/sm2 155 ${OPENSSL_SOURCES_DIR}/crypto/sm3 156 ${OPENSSL_SOURCES_DIR}/crypto/sm4 157 ${OPENSSL_SOURCES_DIR}/crypto/srp 158 ${OPENSSL_SOURCES_DIR}/crypto/stack 159 ${OPENSSL_SOURCES_DIR}/crypto/store 160 ${OPENSSL_SOURCES_DIR}/crypto/ts 161 ${OPENSSL_SOURCES_DIR}/crypto/txt_db 162 ${OPENSSL_SOURCES_DIR}/crypto/ui 163 ${OPENSSL_SOURCES_DIR}/crypto/x509 164 ${OPENSSL_SOURCES_DIR}/crypto/x509v3 165 ${OPENSSL_SOURCES_DIR}/ssl 166 ${OPENSSL_SOURCES_DIR}/ssl/record 167 ${OPENSSL_SOURCES_DIR}/ssl/statem 168 ) 169 170if (ENABLE_OPENSSL_ENGINES) 171 add_definitions( 172 #-DENGINESDIR="/usr/local/lib/engines-1.1" # On GNU/Linux 173 -DENGINESDIR="." 174 ) 175 176 list(APPEND OPENSSL_SOURCES_SUBDIRS 177 ${OPENSSL_SOURCES_DIR}/engines 178 ${OPENSSL_SOURCES_DIR}/crypto/engine 179 ) 180else() 181 add_definitions(-DOPENSSL_NO_ENGINE) 182endif() 183 184list(APPEND OPENSSL_SOURCES_SUBDIRS 185 # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting 186 # HTTPS servers that use TLS certificate encrypted with ECDSA 187 # (check the output of a recent version of the "sslscan" 188 # command). Until Orthanc <= 1.4.1, these features were only 189 # enabled if ENABLE_PKCS11 support was set to "ON". 190 # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ 191 ${OPENSSL_SOURCES_DIR}/crypto/ec 192 ${OPENSSL_SOURCES_DIR}/crypto/ecdh 193 ${OPENSSL_SOURCES_DIR}/crypto/ecdsa 194 ) 195 196foreach(d ${OPENSSL_SOURCES_SUBDIRS}) 197 AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES) 198endforeach() 199 200list(REMOVE_ITEM OPENSSL_SOURCES 201 ${OPENSSL_SOURCES_DIR}/crypto/LPdir_nyi.c 202 ${OPENSSL_SOURCES_DIR}/crypto/LPdir_unix.c 203 ${OPENSSL_SOURCES_DIR}/crypto/LPdir_vms.c 204 ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win.c 205 ${OPENSSL_SOURCES_DIR}/crypto/LPdir_win32.c 206 ${OPENSSL_SOURCES_DIR}/crypto/LPdir_wince.c 207 ${OPENSSL_SOURCES_DIR}/crypto/aes/aes_x86core.c 208 ${OPENSSL_SOURCES_DIR}/crypto/armcap.c 209 ${OPENSSL_SOURCES_DIR}/crypto/bio/bss_dgram.c 210 ${OPENSSL_SOURCES_DIR}/crypto/des/ncbc_enc.c 211 ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256.c 212 ${OPENSSL_SOURCES_DIR}/crypto/ec/ecp_nistz256_table.c 213 ${OPENSSL_SOURCES_DIR}/crypto/engine/eng_devcrypto.c 214 ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_base2_44.c # Cannot be compiled with MinGW 215 ${OPENSSL_SOURCES_DIR}/crypto/poly1305/poly1305_ieee754.c # Cannot be compiled with MinGW 216 ${OPENSSL_SOURCES_DIR}/crypto/ppccap.c 217 ${OPENSSL_SOURCES_DIR}/crypto/s390xcap.c 218 ${OPENSSL_SOURCES_DIR}/crypto/sparcv9cap.c 219 ${OPENSSL_SOURCES_DIR}/engines/e_afalg.c # Cannot be compiled with MinGW 220 ) 221 222# Check out "${OPENSSL_SOURCES_DIR}/Configurations/README": "This is 223# default if no option is specified, it works on any supported 224# system." It is mandatory to define it as a macro, as it is used by 225# all the source files that include OpenSSL (e.g. "Core/Toolbox.cpp" 226# or curl) 227add_definitions(-DTHIRTY_TWO_BIT) 228 229 230if (NOT CMAKE_COMPILER_IS_GNUCXX OR 231 "${CMAKE_SYSTEM_NAME}" STREQUAL "Windows" OR 232 "${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") 233 # Disable the use of a gcc extension, that is neither available on 234 # MinGW, nor on LSB 235 add_definitions( 236 -DOPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE 237 ) 238endif() 239 240 241if ("${CMAKE_SYSTEM_NAME}" STREQUAL "Windows") 242 set(OPENSSL_DEFINITIONS 243 "${OPENSSL_DEFINITIONS};OPENSSL_SYSNAME_WIN32;SO_WIN32;WIN32_LEAN_AND_MEAN;L_ENDIAN;NO_WINDOWS_BRAINDEATH") 244 245 if (ENABLE_OPENSSL_ENGINES) 246 link_libraries(crypt32) 247 endif() 248 249 add_definitions( 250 -DOPENSSL_RAND_SEED_OS # ${OPENSSL_SOURCES_DIR}/crypto/rand/rand_win.c 251 ) 252 253elseif ("${CMAKE_SYSTEM_VERSION}" STREQUAL "LinuxStandardBase") 254 add_definitions( 255 # In order for "crypto/mem_sec.c" to compile on LSB 256 -DOPENSSL_NO_SECURE_MEMORY 257 258 # The "OPENSSL_RAND_SEED_OS" value implies a syscall() to 259 # "__NR_getrandom" (i.e. system call "getentropy(2)") in 260 # "rand_unix.c", which is not available in LSB. 261 -DOPENSSL_RAND_SEED_DEVRANDOM 262 ) 263 264else() 265 # Fixes error "OpenSSL error: error:2406C06E:random number 266 # generator:RAND_DRBG_instantiate:error retrieving entropy" that was 267 # present in Orthanc 1.6.0, if statically linking on Ubuntu 18.04 268 add_definitions( 269 -DOPENSSL_RAND_SEED_OS 270 ) 271endif() 272 273 274set_source_files_properties( 275 ${OPENSSL_SOURCES} 276 PROPERTIES COMPILE_DEFINITIONS 277 "${OPENSSL_DEFINITIONS};DSO_NONE" 278 ) 279