Skip to content

Commit

Permalink
Added the patch from the OpenDDS git repo to fix the OpenSSL issue in…
Browse files Browse the repository at this point in the history
… 3.28.0

Could be removed in the next release of OpenDDS.

This patch do make the ptests about security passing.

Signed-off-by: Jan Vermaete <[email protected]>
  • Loading branch information
vermaete committed Apr 22, 2024
1 parent 691aa68 commit fc2c621
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
From 5a9bc8545f771742e48d31e1635e15f156cc9c17 Mon Sep 17 00:00:00 2001
From: "Justin R. Wilson" <[email protected]>
Date: Wed, 17 Apr 2024 12:59:03 -0500
Subject: [PATCH] `gov_gen` uses openssl API incorrectly

Problem
-------

The `gov_gen` application generates governance files for testing and
signs them with openssl. `gov_gen` has a bug on Debian
12.5 (openssl 3.0.11) where a null argument is passed.

Solution
--------

Pass `mem` as the "in"" parameter and use `PKCS7_STREAM`.

Upstream-Status: Backport [https://github.com/OpenDDS/OpenDDS/commit/270cae56421462db367cbe8d89cccd752108dd20]

---
docs/news.d/gov-gen.rst | 5 +++++
tests/security/attributes/gov_gen.cpp | 4 ++--
2 files changed, 7 insertions(+), 2 deletions(-)
create mode 100644 docs/news.d/gov-gen.rst

diff --git a/docs/news.d/gov-gen.rst b/docs/news.d/gov-gen.rst
new file mode 100644
index 0000000000..4a628c1659
--- /dev/null
+++ b/docs/news.d/gov-gen.rst
@@ -0,0 +1,5 @@
+.. news-prs: 4591
+
+.. news-start-section: Fixes
+- Fixed incorrect usage of OpenSSL in ``gov_gen`` application.
+.. news-end-section
diff --git a/tests/security/attributes/gov_gen.cpp b/tests/security/attributes/gov_gen.cpp
index ee1adbdf44..b35dd89ed4 100644
--- a/tests/security/attributes/gov_gen.cpp
+++ b/tests/security/attributes/gov_gen.cpp
@@ -403,7 +403,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[])
return EXIT_FAILURE;
}

- PKCS7* p7 = PKCS7_sign(cert, key, NULL, NULL, PKCS7_TEXT | PKCS7_DETACHED);
+ PKCS7* p7 = PKCS7_sign(cert, key, NULL, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM);
if (!p7) {
std::cerr << "ERROR: could not sign" << std::endl;
print_ssl_error();
@@ -418,7 +418,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[])

}

- if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED)) {
+ if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM)) {
std::cerr << "ERROR: could not write " << outpath << std::endl;
print_ssl_error();
return EXIT_FAILURE;
1 change: 1 addition & 0 deletions recipes-connectivity/opendds/opendds_3.28.0.bb
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ SRC_URI = "\
git://github.com/OpenDDS/OpenDDS.git;protocol=https;branch=${DDS_SRC_BRANCH};name=opendds \
${@bb.utils.contains('PACKAGECONFIG', 'doc-group3', '${DOC_TAO3_URI};name=ace_tao;unpack=0;subdir=git', '${DOC_TAO2_URI};name=ace_tao;unpack=0;subdir=git', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'ishapes', 'file://0001-adding-the-ishapes-demo.patch', '', d)} \
file://0002-gov-gen-uses-openssl-API-incorrectly.patch \
"

require opendds.inc
Expand Down

0 comments on commit fc2c621

Please sign in to comment.