-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added the patch from the OpenDDS git repo to fix the OpenSSL issue in…
… 3.28.0 Could be removed in the next release of OpenDDS. This patch do make the ptests about security passing. Signed-off-by: Jan Vermaete <[email protected]>
- Loading branch information
Showing
2 changed files
with
59 additions
and
0 deletions.
There are no files selected for viewing
58 changes: 58 additions & 0 deletions
58
recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
From 5a9bc8545f771742e48d31e1635e15f156cc9c17 Mon Sep 17 00:00:00 2001 | ||
From: "Justin R. Wilson" <[email protected]> | ||
Date: Wed, 17 Apr 2024 12:59:03 -0500 | ||
Subject: [PATCH] `gov_gen` uses openssl API incorrectly | ||
|
||
Problem | ||
------- | ||
|
||
The `gov_gen` application generates governance files for testing and | ||
signs them with openssl. `gov_gen` has a bug on Debian | ||
12.5 (openssl 3.0.11) where a null argument is passed. | ||
|
||
Solution | ||
-------- | ||
|
||
Pass `mem` as the "in"" parameter and use `PKCS7_STREAM`. | ||
|
||
Upstream-Status: Backport [https://github.com/OpenDDS/OpenDDS/commit/270cae56421462db367cbe8d89cccd752108dd20] | ||
|
||
--- | ||
docs/news.d/gov-gen.rst | 5 +++++ | ||
tests/security/attributes/gov_gen.cpp | 4 ++-- | ||
2 files changed, 7 insertions(+), 2 deletions(-) | ||
create mode 100644 docs/news.d/gov-gen.rst | ||
|
||
diff --git a/docs/news.d/gov-gen.rst b/docs/news.d/gov-gen.rst | ||
new file mode 100644 | ||
index 0000000000..4a628c1659 | ||
--- /dev/null | ||
+++ b/docs/news.d/gov-gen.rst | ||
@@ -0,0 +1,5 @@ | ||
+.. news-prs: 4591 | ||
+ | ||
+.. news-start-section: Fixes | ||
+- Fixed incorrect usage of OpenSSL in ``gov_gen`` application. | ||
+.. news-end-section | ||
diff --git a/tests/security/attributes/gov_gen.cpp b/tests/security/attributes/gov_gen.cpp | ||
index ee1adbdf44..b35dd89ed4 100644 | ||
--- a/tests/security/attributes/gov_gen.cpp | ||
+++ b/tests/security/attributes/gov_gen.cpp | ||
@@ -403,7 +403,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[]) | ||
return EXIT_FAILURE; | ||
} | ||
|
||
- PKCS7* p7 = PKCS7_sign(cert, key, NULL, NULL, PKCS7_TEXT | PKCS7_DETACHED); | ||
+ PKCS7* p7 = PKCS7_sign(cert, key, NULL, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM); | ||
if (!p7) { | ||
std::cerr << "ERROR: could not sign" << std::endl; | ||
print_ssl_error(); | ||
@@ -418,7 +418,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[]) | ||
|
||
} | ||
|
||
- if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED)) { | ||
+ if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM)) { | ||
std::cerr << "ERROR: could not write " << outpath << std::endl; | ||
print_ssl_error(); | ||
return EXIT_FAILURE; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters