diff --git a/config/patches/openssl3/0001-fix-preprocessor-concatenation.patch b/config/patches/openssl3/0001-fix-preprocessor-concatenation.patch new file mode 100644 index 000000000..d0d149ecc --- /dev/null +++ b/config/patches/openssl3/0001-fix-preprocessor-concatenation.patch @@ -0,0 +1,116 @@ +From d5dacfca529711ba95662dc7411493ac6f1d99c7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Hugo=20Beauz=C3=A9e-Luyssen?= +Date: Mon, 27 Jan 2025 08:36:07 +0100 +Subject: [PATCH] crypto: fix preprocessor concatenation + +String litteral don't need the '##' operator, which causes build +failures: +crypto/defaults.c:kepi:23: error: pasting ""SOFTWARE\\WOW6432Node\\OpenSSL"" and ""-"" does not give a valid preprocessing token +--- + crypto/cversion.c | 2 +- + crypto/defaults.c | 38 ++++++++++++++++++++------------------ + 2 files changed, 21 insertions(+), 19 deletions(-) + +diff --git a/crypto/cversion.c b/crypto/cversion.c +index 87154645b0..ae439c668b 100644 +--- a/crypto/cversion.c ++++ b/crypto/cversion.c +@@ -72,7 +72,7 @@ DEFINE_RUN_ONCE_STATIC(version_strings_setup) + } + + # define TOSTR(x) #x +-# define OSSL_WINCTX_STRING "OSSL_WINCTX: \"" ## TOSTR(OSSL_WINCTX) ## "\"" ++# define OSSL_WINCTX_STRING "OSSL_WINCTX: \"" TOSTR(OSSL_WINCTX) "\"" + + #endif + +diff --git a/crypto/defaults.c b/crypto/defaults.c +index 908539cf31..3272087228 100644 +--- a/crypto/defaults.c ++++ b/crypto/defaults.c +@@ -19,7 +19,7 @@ + # define MAKESTR(x) TOSTR(x) + # define NOQUOTE(x) x + # if defined(OSSL_WINCTX) +-# define REGISTRY_KEY "SOFTWARE\\WOW6432Node\\OpenSSL" ##"-"## MAKESTR(OPENSSL_VERSION_MAJOR) ##"."## MAKESTR(OPENSSL_VERSION_MINOR) ##"-"## MAKESTR(OSSL_WINCTX) ++# define REGISTRY_KEY "SOFTWARE\\WOW6432Node\\OpenSSL" "-" MAKESTR(OPENSSL_VERSION_MAJOR) "." MAKESTR(OPENSSL_VERSION_MINOR) "-" MAKESTR(OSSL_WINCTX) + # endif + + /** +@@ -60,44 +60,46 @@ static char *modulesdirptr = NULL; + * + * @return A pointer to a char array containing the registry directories. + */ +-static char *get_windows_regdirs(char *dst, LPCTSTR valuename) ++static char *get_windows_regdirs(char *dst, DWORD dstsizebytes, LPCWSTR valuename) + { + char *retval = NULL; + # ifdef REGISTRY_KEY +- DWORD keysize; ++ DWORD keysizebytes; + DWORD ktype; + HKEY hkey; + LSTATUS ret; + DWORD index = 0; +- LPCTCH tempstr = NULL; +- ++ LPCWSTR tempstr = NULL; ++ + ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, + TEXT(REGISTRY_KEY), KEY_WOW64_32KEY, + KEY_QUERY_VALUE, &hkey); + if (ret != ERROR_SUCCESS) + goto out; + +- ret = RegQueryValueEx(hkey, valuename, NULL, &ktype, NULL, +- &keysize); ++ // Always use wide call so we can avoid extra encoding conversions on the output ++ ret = RegQueryValueExW(hkey, valuename, NULL, &ktype, NULL, ++ &keysizebytes); + if (ret != ERROR_SUCCESS) + goto out; +- if (ktype != REG_EXPAND_SZ) ++ if (ktype != REG_EXPAND_SZ && ktype != REG_SZ) + goto out; +- if (keysize > MAX_PATH) ++ if (keysizebytes > MAX_PATH*sizeof(WCHAR)) + goto out; + +- keysize++; +- tempstr = OPENSSL_zalloc(keysize * sizeof(TCHAR)); ++ // RegQueryValueExW does not guarantee the buffer is null terminated, ++ // so we make space for one in the allocation ++ tempstr = OPENSSL_zalloc(keysizebytes+sizeof(WCHAR)); + + if (tempstr == NULL) + goto out; + +- if (RegQueryValueEx(hkey, valuename, +- NULL, &ktype, tempstr, &keysize) != ERROR_SUCCESS) ++ if (RegQueryValueExW(hkey, valuename, ++ NULL, &ktype, (LPBYTE)tempstr, &keysizebytes) != ERROR_SUCCESS) + goto out; + +- if (!WideCharToMultiByte(CP_UTF8, 0, tempstr, -1, dst, keysize, +- NULL, NULL)) ++ if (!WideCharToMultiByte(CP_UTF8, 0, tempstr, -1, dst, dstsizebytes, ++ NULL, NULL)) + goto out; + + retval = dst; +@@ -117,9 +119,9 @@ static CRYPTO_ONCE defaults_setup_init = CRYPTO_ONCE_STATIC_INIT; + */ + DEFINE_RUN_ONCE_STATIC(do_defaults_setup) + { +- get_windows_regdirs(openssldir, TEXT("OPENSSLDIR")); +- get_windows_regdirs(enginesdir, TEXT("ENGINESDIR")); +- get_windows_regdirs(modulesdir, TEXT("MODULESDIR")); ++ get_windows_regdirs(openssldir, sizeof(openssldir), L"OPENSSLDIR"); ++ get_windows_regdirs(enginesdir, sizeof(enginesdir), L"ENGINESDIR"); ++ get_windows_regdirs(modulesdir, sizeof(modulesdir), L"MODULESDIR"); + + /* + * Set our pointers only if the directories are fetched properly +-- +2.34.1 + diff --git a/config/software/openssl3.rb b/config/software/openssl3.rb index 003bd2698..ee7ae4907 100644 --- a/config/software/openssl3.rb +++ b/config/software/openssl3.rb @@ -10,7 +10,7 @@ # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and +# See the License for the specific language governing permissions andopenssl # limitations under the License. # @@ -23,7 +23,7 @@ dependency "zlib" dependency "cacerts" -default_version "3.3.2" +default_version "3.4.0" source url: "https://www.openssl.org/source/openssl-#{version}.tar.gz", extract: :lax_tar @@ -37,10 +37,12 @@ version("3.3.0") { source sha256: "53e66b043322a606abf0087e7699a0e033a37fa13feb9742df35c3a33b18fb02" } version("3.3.1") { source sha256: "777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e" } version("3.3.2") { source sha256: "2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281" } +version("3.4.0") { source sha256: "e15dda82fe2fe8139dc2ac21a36d4ca01d5313c75f99f46c4e8a27709b7294bf" } relative_path "openssl-#{version}" build do + patch source: "0001-fix-preprocessor-concatenation.patch" env = with_standard_compiler_flags(with_embedded_path) if windows? @@ -79,6 +81,11 @@ if windows? configure_args << "zlib-dynamic" + if ENV['AGENT_FLAVOR'] == "fips" + configure_args << '--openssldir="C:/Program Files/Datadog/Datadog Agent/embedded3/ssl"' + # Provide a context name for our configuration through the registry + configure_args << "-DOSSL_WINCTX=datadog-fips-agent" + end else configure_args << "zlib" end