diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa6029082..e8e73a280 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -74,7 +74,20 @@ jobs: steps: - uses: actions/checkout@v2 - run: brew install openssl@1.1 mysql-client unixodbc libpq - - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all + - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all + - run: >- + cd cmake-build && + sudo -s + CPPUNIT_IGNORE="N7CppUnit10TestCallerI10ThreadTestEE.testTrySleep,N7CppUnit10TestCallerI13TimestampTestEE.testTimestamp,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testExpireN,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testAccessExpireN,N7CppUnit10TestCallerI24UniqueExpireLRUCacheTestEE.testExpireN,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testAccessExpireN,N7CppUnit10TestCallerI11PollSetTestEE.testPollClosedServer" + PWD=`pwd` + ctest --output-on-failure -E "(DataMySQL)|(DataODBC)|(PostgreSQL)|(MongoDB)|(Redis)" + + macos-clang-cmake-openssl3: + runs-on: macos-10.15 + steps: + - uses: actions/checkout@v2 + - run: brew install openssl@3 mysql-client unixodbc libpq + - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all - run: >- cd cmake-build && sudo -s diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json index 93759b5a0..bb03adf50 100644 --- a/.vscode/c_cpp_properties.json +++ b/.vscode/c_cpp_properties.json @@ -29,7 +29,7 @@ { "name": "Mac", "intelliSenseMode": "clang-x64", - "includePath": ["${pocoIncludePath}"], + "includePath": ["${pocoIncludePath}", "/usr/local/opt/openssl@3/include"], "macFrameworkPath": ["/System/Library/Frameworks"], "defines": [], "forcedInclude": [], diff --git a/CHANGELOG b/CHANGELOG index 5ad7a3f48..2cce38b75 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,9 +1,37 @@ This is the changelog file for the POCO C++ Libraries. -Release 1.11.2 (2022-02-XX) +Release 1.11.2 (2022-04-16) =========================== -- TODO +- GH #2882: Handle negative DST offset +- GH #3268: Poco redis command set have a bug when you want to set nx ex or expireTime +- GH #3338: NamedMutex does not work on Linux distributions where fs.protected_regular=1 +- GH #3448: Basic support for OpenSSL 3.0.0 +- GH #3458: encryptString() crash on redhat/centos 8 with FIPS enabled using md5 default digest +- GH #3465: NetSSL_Win: bad error handling when decodeMessage() fails +- GH #3466: DefinePlatformSpecific.cmake: handle RelWithDebInfo and MinSizeRel configurations +- GH #3470: bug in JSON ParseHandler.cpp (RFC 7159 should be valid) +- GH #3472: Add Windows 11 detection to Environment_WIN32U +- GH #3483: Adds Windows 11 and Server 2022 to Environment::osDisplayName() +- GH #3485: Adds Visual Studio 2022 (v170) to buildwin.cmd +- GH #3495: Should the Array::operator[] throw? +- GH #3500: Sandbox all iFrames in PocoDoc +- GH #3504: OpenSSL 3 compatibility +- GH #3505: JSON::PrintHandler.value(bool) prints incorrect value +- GH #3507: Reference counting for bound configuration in Util::Option is broken +- GH #3508: #3507: Fix bound configuration reference counting in Poco::Util::Option. +- GH #3509: fix dst and utcOffset handling for Dublin time zone +- GH #3515: NetSSL_OpenSSL Testsuite: testInterop() and testProxy() fail due to changed certificate +- GH #3518: Expat version check in #defines incorrect. +- GH #3519: Add convertation to string in Redis Command#set +- GH #3524: [linux] Why is Poco::XML linked to Poco::Zip target? +- GH #3525: Bad management of file in case of OpenSSLException in X509Certificate::readPEM and X509Certificate::writePEM +- GH #3538: Upgrade bundled expat to 2.4.7 +- GH #3544: Add back NIOS2 double conversion detection to fix compile errors +- GH #3549: Test against the correct signatures in the JWT ES384 and ES512 tests +- GH #3553: Upgrade bundled zlib to 1.2.12 +- GH #3559: Poco::Data::PostgreSQL - DateTime extraction truncates fractional seconds +- GH #3563: Remove support for OpenSSL < 1.0 Release 1.11.1 (2021-11-05) diff --git a/Crypto/include/Poco/Crypto/Crypto.h b/Crypto/include/Poco/Crypto/Crypto.h index eeab263ed..7b857cf31 100644 --- a/Crypto/include/Poco/Crypto/Crypto.h +++ b/Crypto/include/Poco/Crypto/Crypto.h @@ -49,6 +49,11 @@ #endif +#if OPENSSL_VERSION_NUMBER < 0x10000000L +#error "OpenSSL version too old. At least OpenSSL 1.0.0 is required." +#endif + + enum RSAPaddingMode /// The padding mode used for RSA public key encryption. { diff --git a/Crypto/include/Poco/Crypto/OpenSSLInitializer.h b/Crypto/include/Poco/Crypto/OpenSSLInitializer.h index 9b511aa5d..aa29cc63e 100644 --- a/Crypto/include/Poco/Crypto/OpenSSLInitializer.h +++ b/Crypto/include/Poco/Crypto/OpenSSLInitializer.h @@ -74,16 +74,22 @@ protected: SEEDSIZE = 256 }; +#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL multithreading support static void lock(int mode, int n, const char* file, int line); static unsigned long id(); static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line); static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line); static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line); +#endif private: - static Poco::FastMutex* _mutexes; static Poco::AtomicCounter _rc; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + static Poco::FastMutex* _mutexes; +#endif + #if OPENSSL_VERSION_NUMBER >= 0x30000000L static OSSL_PROVIDER* _defaultProvider; static OSSL_PROVIDER* _legacyProvider; diff --git a/Crypto/src/ECKeyImpl.cpp b/Crypto/src/ECKeyImpl.cpp index 99ffae760..e11b134ca 100644 --- a/Crypto/src/ECKeyImpl.cpp +++ b/Crypto/src/ECKeyImpl.cpp @@ -21,9 +21,7 @@ #include "Poco/StreamCopier.h" #include #include -#if OPENSSL_VERSION_NUMBER >= 0x00908000L #include -#endif namespace Poco { @@ -78,8 +76,8 @@ ECKeyImpl::ECKeyImpl(int curve): } -ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile, - const std::string& privateKeyFile, +ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile, + const std::string& privateKeyFile, const std::string& privateKeyPassphrase): KeyPairImpl("ec", KT_EC_IMPL), _pEC(0) { if (EVPPKey::loadKey(&_pEC, PEM_read_PrivateKey, EVP_PKEY_get1_EC_KEY, privateKeyFile, privateKeyPassphrase)) diff --git a/Crypto/src/OpenSSLInitializer.cpp b/Crypto/src/OpenSSLInitializer.cpp index b1fb98fc0..3cdeb1470 100644 --- a/Crypto/src/OpenSSLInitializer.cpp +++ b/Crypto/src/OpenSSLInitializer.cpp @@ -13,15 +13,16 @@ #include "Poco/Crypto/OpenSSLInitializer.h" +#include "Poco/Crypto/CryptoException.h" #include "Poco/RandomStream.h" #include "Poco/Thread.h" #include #include #include #include -#if OPENSSL_VERSION_NUMBER >= 0x0907000L #include -#endif + + #if defined(POCO_OS_FAMILY_WINDOWS) #define POCO_STR_HELPER(x) #x #define POCO_STR(x) POCO_STR_HELPER(x) @@ -58,8 +59,12 @@ namespace Poco { namespace Crypto { -Poco::FastMutex* OpenSSLInitializer::_mutexes(0); Poco::AtomicCounter OpenSSLInitializer::_rc; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +Poco::FastMutex* OpenSSLInitializer::_mutexes(0); +#endif + #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0); OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0); @@ -91,23 +96,15 @@ void OpenSSLInitializer::initialize() { #if OPENSSL_VERSION_NUMBER >= 0x10100000L CONF_modules_load(NULL, NULL, 0); -#elif OPENSSL_VERSION_NUMBER >= 0x0907000L +#else OPENSSL_config(NULL); #endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - _defaultProvider = OSSL_PROVIDER_load(NULL, "default"); - _legacyProvider = OSSL_PROVIDER_load(NULL, "legacy"); -#endif - - char seed[SEEDSIZE]; - RandomInputStream rnd; - rnd.read(seed, sizeof(seed)); - RAND_seed(seed, SEEDSIZE); - int nMutexes = CRYPTO_num_locks(); _mutexes = new Poco::FastMutex[nMutexes]; CRYPTO_set_locking_callback(&OpenSSLInitializer::lock); @@ -124,6 +121,25 @@ void OpenSSLInitializer::initialize() CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate); CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock); CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy); + + char seed[SEEDSIZE]; + RandomInputStream rnd; + rnd.read(seed, sizeof(seed)); + RAND_seed(seed, SEEDSIZE); +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (!_defaultProvider) + { + _defaultProvider = OSSL_PROVIDER_load(NULL, "default"); + if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL default provider"); + } + if (!_legacyProvider) + { + _legacyProvider = OSSL_PROVIDER_load(NULL, "legacy"); + if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL legacy provider"); + } +#endif } } @@ -132,6 +148,7 @@ void OpenSSLInitializer::uninitialize() { if (--_rc == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_cleanup(); ERR_free_strings(); CRYPTO_set_locking_callback(0); @@ -139,17 +156,15 @@ void OpenSSLInitializer::uninitialize() CRYPTO_set_id_callback(0); #endif delete [] _mutexes; - - CONF_modules_free(); - -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - OSSL_PROVIDER_unload(_defaultProvider); - OSSL_PROVIDER_unload(_legacyProvider); #endif + } } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + + void OpenSSLInitializer::lock(int mode, int n, const char* file, int line) { if (mode & CRYPTO_LOCK) @@ -191,6 +206,9 @@ void OpenSSLInitializer::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const } +#endif // OPENSSL_VERSION_NUMBER < 0x10100000L + + void initializeCrypto() { OpenSSLInitializer::initialize(); diff --git a/Crypto/src/RSAKeyImpl.cpp b/Crypto/src/RSAKeyImpl.cpp index 8aa3890b9..58396ccb4 100644 --- a/Crypto/src/RSAKeyImpl.cpp +++ b/Crypto/src/RSAKeyImpl.cpp @@ -21,9 +21,7 @@ #include #include #include -#if OPENSSL_VERSION_NUMBER >= 0x00908000L #include -#endif namespace Poco { @@ -66,7 +64,6 @@ RSAKeyImpl::RSAKeyImpl(const PKCS12Container& cont): RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa", KT_RSA_IMPL), _pRSA(0) { -#if OPENSSL_VERSION_NUMBER >= 0x00908000L _pRSA = RSA_new(); int ret = 0; BIGNUM* bn = 0; @@ -83,15 +80,11 @@ RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa" throw; } if (!ret) throw Poco::InvalidArgumentException("Failed to create RSA context"); -#else - _pRSA = RSA_generate_key(keyLength, exponent, 0, 0); - if (!_pRSA) throw Poco::InvalidArgumentException("Failed to create RSA context"); -#endif } -RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile, - const std::string& privateKeyFile, +RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile, + const std::string& privateKeyFile, const std::string& privateKeyPassphrase): KeyPairImpl("rsa", KT_RSA_IMPL), _pRSA(0) { @@ -109,7 +102,7 @@ RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile, if (!pubKey) { int rc = BIO_reset(bio); - // BIO_reset() normally returns 1 for success and 0 or -1 for failure. + // BIO_reset() normally returns 1 for success and 0 or -1 for failure. // File BIOs are an exception, they return 0 for success and -1 for failure. if (rc != 0) throw Poco::FileException("Failed to load public key", publicKeyFile); pubKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0); @@ -174,7 +167,7 @@ RSAKeyImpl::RSAKeyImpl(std::istream* pPublicKeyStream, if (!publicKey) { int rc = BIO_reset(bio); - // BIO_reset() normally returns 1 for success and 0 or -1 for failure. + // BIO_reset() normally returns 1 for success and 0 or -1 for failure. // File BIOs are an exception, they return 0 for success and -1 for failure. if (rc != 1) throw Poco::FileException("Failed to load public key"); publicKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0); @@ -293,7 +286,7 @@ void RSAKeyImpl::save(const std::string& publicKeyFile, } BIO_free(bio); } - + if (!privateKeyFile.empty()) { BIO* bio = BIO_new(BIO_s_file()); @@ -306,8 +299,8 @@ void RSAKeyImpl::save(const std::string& publicKeyFile, if (privateKeyPassphrase.empty()) rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0); else - rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), - reinterpret_cast(const_cast(privateKeyPassphrase.c_str())), + rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), + reinterpret_cast(const_cast(privateKeyPassphrase.c_str())), static_cast(privateKeyPassphrase.length()), 0, 0); if (!rc) throw Poco::FileException("Failed to write private key to file", privateKeyFile); } @@ -350,10 +343,10 @@ void RSAKeyImpl::save(std::ostream* pPublicKeyStream, if (privateKeyPassphrase.empty()) rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0); else - rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), - reinterpret_cast(const_cast(privateKeyPassphrase.c_str())), + rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), + reinterpret_cast(const_cast(privateKeyPassphrase.c_str())), static_cast(privateKeyPassphrase.length()), 0, 0); - if (!rc) + if (!rc) { BIO_free(bio); throw Poco::FileException("Failed to write private key to stream"); diff --git a/Data/PostgreSQL/src/Extractor.cpp b/Data/PostgreSQL/src/Extractor.cpp index 04a219d9d..6b655812a 100644 --- a/Data/PostgreSQL/src/Extractor.cpp +++ b/Data/PostgreSQL/src/Extractor.cpp @@ -314,7 +314,7 @@ bool Extractor::extract(std::size_t pos, DateTime& val) int tzd = -1; DateTime dateTime; - if (!DateTimeParser::tryParse(outputParameter.pData(), dateTime, tzd)) + if (!DateTimeParser::tryParse("%Y-%m-%d %H:%M:%s", outputParameter.pData(), dateTime, tzd)) { return false; } diff --git a/NetSSL_OpenSSL/src/Context.cpp b/NetSSL_OpenSSL/src/Context.cpp index 0fa6e349b..d9b01722f 100644 --- a/NetSSL_OpenSSL/src/Context.cpp +++ b/NetSSL_OpenSSL/src/Context.cpp @@ -824,7 +824,7 @@ void Context::initECDH(const std::string& curve) throw SSLContextException("Cannot set ECDH groups", groups); } SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE); - #elif OPENSSL_VERSION_NUMBER >= 0x0090800fL + #else int nid = 0; if (!curve.empty()) { diff --git a/NetSSL_OpenSSL/src/SecureSocketImpl.cpp b/NetSSL_OpenSSL/src/SecureSocketImpl.cpp index 871e4d00d..d38ff39d2 100644 --- a/NetSSL_OpenSSL/src/SecureSocketImpl.cpp +++ b/NetSSL_OpenSSL/src/SecureSocketImpl.cpp @@ -157,12 +157,10 @@ void SecureSocketImpl::connectSSL(bool performHandshake) } SSL_set_bio(_pSSL, pBIO, pBIO); -#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT) if (!_peerHostName.empty()) { SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str()); } -#endif #if OPENSSL_VERSION_NUMBER >= 0x10001000L if(_pContext->ocspStaplingResponseVerificationEnabled()) diff --git a/doc/99100-ReleaseNotes.page b/doc/99100-ReleaseNotes.page index 4dfe98820..ca8c4214e 100644 --- a/doc/99100-ReleaseNotes.page +++ b/doc/99100-ReleaseNotes.page @@ -5,7 +5,35 @@ AAAIntroduction !!Summary of Changes - - TODO + - GH #2882: Handle negative DST offset + - GH #3268: Poco redis command set have a bug when you want to set nx ex or expireTime + - GH #3338: NamedMutex does not work on Linux distributions where fs.protected_regular=1 + - GH #3448: Basic support for OpenSSL 3.0.0 + - GH #3458: encryptString() crash on redhat/centos 8 with FIPS enabled using md5 default digest + - GH #3465: NetSSL_Win: bad error handling when decodeMessage() fails + - GH #3466: DefinePlatformSpecific.cmake: handle RelWithDebInfo and MinSizeRel configurations + - GH #3470: bug in JSON ParseHandler.cpp (RFC 7159 should be valid) + - GH #3472: Add Windows 11 detection to Environment_WIN32U + - GH #3483: Adds Windows 11 and Server 2022 to Environment::osDisplayName() + - GH #3485: Adds Visual Studio 2022 (v170) to buildwin.cmd + - GH #3495: Should the Array::operator[] throw? + - GH #3500: Sandbox all iFrames in PocoDoc + - GH #3504: OpenSSL 3 compatibility + - GH #3505: JSON::PrintHandler.value(bool) prints incorrect value + - GH #3507: Reference counting for bound configuration in Util::Option is broken + - GH #3508: #3507: Fix bound configuration reference counting in Poco::Util::Option. + - GH #3509: fix dst and utcOffset handling for Dublin time zone + - GH #3515: NetSSL_OpenSSL Testsuite: testInterop() and testProxy() fail due to changed certificate + - GH #3518: Expat version check in #defines incorrect. + - GH #3519: Add convertation to string in Redis Command#set + - GH #3524: [linux] Why is Poco::XML linked to Poco::Zip target? + - GH #3525: Bad management of file in case of OpenSSLException in X509Certificate::readPEM and X509Certificate::writePEM + - GH #3538: Upgrade bundled expat to 2.4.7 + - GH #3544: Add back NIOS2 double conversion detection to fix compile errors + - GH #3549: Test against the correct signatures in the JWT ES384 and ES512 tests + - GH #3553: Upgrade bundled zlib to 1.2.12 + - GH #3559: Poco::Data::PostgreSQL - DateTime extraction truncates fractional seconds + - GH #3563: Remove support for OpenSSL < 1.0 !!!Release 1.11.1