Upgrade OpenSSL to 1.1.1m for Windows, Mac, Android and iOS (#102)

* Update the OpenSSL library for Android, iOS and Mac Signed-off-by: Junbo Liang <[email protected]>
o3de · Mar 21, 2022 · 2eb975f · 2eb975f
1 parent 303ce98
commit 2eb975f
Show file tree

Hide file tree

Showing 15 changed files with 254 additions and 160 deletions.
diff --git a/package-system/OpenSSL/FindOpenSSL.cmake.template b/package-system/OpenSSL/FindOpenSSL.cmake.template
@@ -6,29 +6,65 @@
 #
 #
 
-set(TARGET_WITH_NAMESPACE "3rdParty::OpenSSL")
-if (TARGET $${TARGET_WITH_NAMESPACE})
+set(OPENSSL_O3DE_NAMESPACE "3rdParty::OpenSSL")
+if (TARGET $${OPENSSL_O3DE_NAMESPACE})
     return()
 endif()
 
+set(SSL_TARGETNAME "OpenSSL::SSL")
+set(CRYPTO_TARGETNAME "OpenSSL::Crypto")
+
+# we're trying to be a drop-in replacement for the FindOpenSSL.cmake that is shipped
+# with CMake itself, so we set the same variables with the same uppercase for compatibility
+# for questions about these variables, see https://cmake.org/cmake/help/latest/module/FindOpenSSL.html
+set(OPENSSL_FOUND True)
 set(OPENSSL_INCLUDE_DIR $${CMAKE_CURRENT_LIST_DIR}/OpenSSL/include)
-set(OPENSSL_LIBS_DIR $${CMAKE_CURRENT_LIST_DIR}/OpenSSL/$$<$$<CONFIG:debug>:debug/>lib)
+# c-only packages can be released containing only Release executables
+set(OPENSSL_LIBS_DIR $${CMAKE_CURRENT_LIST_DIR}/OpenSSL/lib)
+set(OPENSSL_CRYPTO_LIBRARY $${OPENSSL_LIBS_DIR}/libcrypto$${CMAKE_STATIC_LIBRARY_SUFFIX})
+set(OPENSSL_CRYPTO_LIBRARIES
+    $${OPENSSL_CRYPTO_LIBRARY}
+    ${CRYPTO_LIBRARY_DEPENDENCIES})
+set(OPENSSL_SSL_LIBRARY $${OPENSSL_LIBS_DIR}/libssl$${CMAKE_STATIC_LIBRARY_SUFFIX})
+set(OPENSSL_SSL_LIBRARIES 
+    $${OPENSSL_SSL_LIBRARY}
+    $${OPENSSL_CRYPTO_LIBRARIES})
+set(OPENSSL_LIBRARIES $${OPENSSL_SSL_LIBRARIES})
+set(OPENSSL_VERSION "1.1.1m")
 
-set(OPENSSL_COMPILE_DEFINITIONS
-    OPENSSL_ENABLED
-${CUSTOM_ADDITIONAL_COMPILE_DEFINITIONS})
+add_library($${CRYPTO_TARGETNAME} STATIC IMPORTED GLOBAL)
+set_target_properties($${CRYPTO_TARGETNAME} PROPERTIES IMPORTED_LINK_INTERFACE_LANGUAGES "C")
+set_target_properties($${CRYPTO_TARGETNAME} PROPERTIES IMPORTED_LOCATION "$${OPENSSL_CRYPTO_LIBRARY}")
 
-set(OPENSSL_LIBRARY
-    "$${OPENSSL_LIBS_DIR}/libssl$${CMAKE_STATIC_LIBRARY_SUFFIX}"
-    "$${OPENSSL_LIBS_DIR}/libcrypto$${CMAKE_STATIC_LIBRARY_SUFFIX}"
-${CUSTOM_ADDITIONAL_LIBRARIES})
+# anyone who links to the CRYPTO target also links to its dependencies:
+target_link_libraries($${CRYPTO_TARGETNAME} INTERFACE ${CRYPTO_LIBRARY_DEPENDENCIES})
 
-add_library($${TARGET_WITH_NAMESPACE} INTERFACE IMPORTED GLOBAL)
+add_library($${SSL_TARGETNAME} STATIC IMPORTED GLOBAL)
+set_target_properties($${SSL_TARGETNAME} PROPERTIES IMPORTED_LINK_INTERFACE_LANGUAGES "C")
+set_target_properties($${SSL_TARGETNAME} PROPERTIES IMPORTED_LOCATION "$${OPENSSL_SSL_LIBRARY}")
 
-ly_target_include_system_directories(TARGET $${TARGET_WITH_NAMESPACE} INTERFACE $${OPENSSL_INCLUDE_DIR})
+# anyone who links to the SSL target also links to CRYPTO since SSL depends on CRYPTO:
+target_link_libraries($${SSL_TARGETNAME} INTERFACE $${CRYPTO_TARGETNAME})
 
-target_link_libraries($${TARGET_WITH_NAMESPACE} INTERFACE $${OPENSSL_LIBRARY})
+# cmake < 3.21 and visual studio < 16.10 don't properly implement SYSTEM includes
+# so we use O3DEs patched implementation if it is available and fallback to default if not.
+# this is futureproof so that when O3DE no longer needs to define this and CMake's system 
+# works without fixes, O3DE can erase this implementation and this script will still function.
+if (COMMAND ly_target_include_system_directories)
+    ly_target_include_system_directories(TARGET $${SSL_TARGETNAME} INTERFACE $${OPENSSL_INCLUDE_DIR})
+    ly_target_include_system_directories(TARGET $${CRYPTO_TARGETNAME} INTERFACE $${OPENSSL_INCLUDE_DIR})
+else()
+    target_include_directories($${SSL_TARGETNAME} SYSTEM INTERFACE $${OPENSSL_INCLUDE_DIR})
+    target_include_directories($${CRYPTO_TARGETNAME} SYSTEM INTERFACE $${OPENSSL_INCLUDE_DIR})
+endif()
 
-target_compile_definitions($${TARGET_WITH_NAMESPACE} INTERFACE $${OPENSSL_COMPILE_DEFINITIONS})
+# alias the O3DE name to the official name:
+add_library($${OPENSSL_O3DE_NAMESPACE} ALIAS $${SSL_TARGETNAME})
 
-set(OPENSSL_FOUND TRUE)
+# if we're not in O3DE, it's also extremely helpful to show a message to logs that indicate that this
+# library was successfully picked up, as opposed to the system one.
+# A good way to know if you're in O3DE or not is that O3DE sets various cache variables before 
+# calling find_package, specifically, LY_VERSION_ENGINE_NAME is always set very early:
+if (NOT LY_VERSION_ENGINE_NAME)
+    message(STATUS "Using O3DE's OpenSSL ($${OPENSSL_VERSION}) from $${CMAKE_CURRENT_LIST_DIR}")
+endif()
diff --git a/package-system/OpenSSL/FindOpenSSL_linux.cmake.template b/package-system/OpenSSL/FindOpenSSL_linux.cmake.template
diff --git a/package-system/OpenSSL/build_package_image.py b/package-system/OpenSSL/build_package_image.py
@@ -22,25 +22,22 @@ def main():
     parser.add_argument(
         '--platform-name',
         dest='platformName',
-        choices=['windows', 'android', 'mac', 'ios', 'linux'],
+        choices=['windows', 'android', 'mac', 'ios'],
         default=VcpkgBuilder.defaultPackagePlatformName(),
     )
     args = parser.parse_args()
 
     packageSystemDir = Path(__file__).resolve().parents[1]
     opensslPackageSourceDir = packageSystemDir / 'OpenSSL'
     outputDir = packageSystemDir / f'OpenSSL-{args.platformName}'
-    opensslPatch = opensslPackageSourceDir / 'set_openssl_port_to_1_1_1_b.patch'
+    opensslPatch = opensslPackageSourceDir / 'set_openssl_port_to_1_1_1_m.patch'
 
     enableStdioOnIOS = opensslPackageSourceDir / 'enable-stdio-on-iOS.patch'
 
-    cmakeFindFile = opensslPackageSourceDir / f'FindOpenSSL_{args.platformName}.cmake.template'
-    if not cmakeFindFile.exists():
-        cmakeFindFile = opensslPackageSourceDir / 'FindOpenSSL.cmake.template'
+    cmakeFindFile = opensslPackageSourceDir / 'FindOpenSSL.cmake.template'
     cmakeFindFileTemplate = cmakeFindFile.open().read()
 
     useStaticLibsForPlatform = {
-        'linux': False,
         'android': True,
         'mac': True,
         'ios': True,
@@ -50,7 +47,7 @@ def main():
     with TemporaryDirectory() as tempdir:
         tempdir = Path(tempdir)
         builder = VcpkgBuilder(packageName='OpenSSL', portName='openssl', vcpkgDir=tempdir, targetPlatform=args.platformName, static=useStaticLibsForPlatform[args.platformName])
-        builder.cloneVcpkg('f44fb85b341b8f58815b95c84d8488126b251570')
+        builder.cloneVcpkg('b86c0c35b88e2bf3557ff49dc831689c2f085090')
         builder.bootstrap()
         builder.patch(opensslPatch)
         builder.patch(enableStdioOnIOS)
@@ -64,23 +61,21 @@ def main():
         builder.writePackageInfoFile(
             outputDir,
             settings={
-                'PackageName': f'OpenSSL-1.1.1b-rev2-{args.platformName}',
+                'PackageName': f'OpenSSL-1.1.1m-rev1-{args.platformName}',
                 'URL': 'https://github.com/openssl/openssl',
                 'License': 'OpenSSL',
                 'LicenseFile': 'OpenSSL/LICENSE'
             },
         )
 
-        extraLibs = []
-        compileDefs = []
+        crypto_library_dependencies = ''
         if args.platformName == 'windows':
-            extraLibs.append('crypt32.lib')
+            crypto_library_dependencies = 'crypt32.lib ws2_32.lib'
         builder.writeCMakeFindFile(
             outputDir,
             template=cmakeFindFileTemplate,
             templateEnv={
-                'CUSTOM_ADDITIONAL_LIBRARIES':extraLibs,
-                'CUSTOM_ADDITIONAL_COMPILE_DEFINITIONS':compileDefs,
+                'CRYPTO_LIBRARY_DEPENDENCIES':crypto_library_dependencies
             },
         )
 

diff --git a/package-system/OpenSSL/enable-stdio-on-iOS.patch b/package-system/OpenSSL/enable-stdio-on-iOS.patch
@@ -1,13 +1,13 @@
-From 994b564a93e21d37b2d470dbc3773855184804e6 Mon Sep 17 00:00:00 2001
-Date: Tue, 20 Apr 2021 18:15:26 -0700
+From 3176985bc5136e5b7658ab22d85e406c5da4bd82 Mon Sep 17 00:00:00 2001
+Date: Fri, 11 Mar 2022 13:25:09 -0800
 Subject: [PATCH] Enable stdio on iOS
 
 ---
  ports/openssl/unix/CMakeLists.txt | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/ports/openssl/unix/CMakeLists.txt b/ports/openssl/unix/CMakeLists.txt
-index 14633c9..2c73753 100644
+index 7bf45e27b..8cdb65fc3 100644
 --- a/ports/openssl/unix/CMakeLists.txt
 +++ b/ports/openssl/unix/CMakeLists.txt
 @@ -23,7 +23,7 @@ elseif(CMAKE_SYSTEM_NAME STREQUAL "iOS")
@@ -20,5 +20,5 @@ index 14633c9..2c73753 100644
      if(VCPKG_TARGET_ARCHITECTURE MATCHES "arm64")
          set(PLATFORM darwin64-arm64-cc)
 -- 
-2.30.1
+2.34.0.windows.1
 
diff --git a/package-system/OpenSSL/set_openssl_port_to_1_1_1_b.patch b/package-system/OpenSSL/set_openssl_port_to_1_1_1_b.patch
diff --git a/package-system/OpenSSL/set_openssl_port_to_1_1_1_m.patch b/package-system/OpenSSL/set_openssl_port_to_1_1_1_m.patch
@@ -0,0 +1,36 @@
+From 4fdbcfd46b65c2199e77b88f2478cf21ca19ee3c Mon Sep 17 00:00:00 2001
+Date: Fri, 11 Mar 2022 13:18:47 -0800
+Subject: [PATCH] Set OpenSSL version to 1.1.1m
+
+---
+ ports/openssl-unix/vcpkg.json    | 2 +-
+ ports/openssl-windows/vcpkg.json | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ports/openssl-unix/vcpkg.json b/ports/openssl-unix/vcpkg.json
+index 16ac635a7..e0694795f 100644
+--- a/ports/openssl-unix/vcpkg.json
++++ b/ports/openssl-unix/vcpkg.json
+@@ -1,6 +1,6 @@
+ {
+   "name": "openssl-unix",
+-  "version-string": "1.1.1h",
++  "version-string": "1.1.1m",
+   "port-version": 2,
+   "description": "Deprecated OpenSSL port",
+   "supports": "!(windows | uwp)",
+diff --git a/ports/openssl-windows/vcpkg.json b/ports/openssl-windows/vcpkg.json
+index 069235b15..be53ad5c2 100644
+--- a/ports/openssl-windows/vcpkg.json
++++ b/ports/openssl-windows/vcpkg.json
+@@ -1,6 +1,6 @@
+ {
+   "name": "openssl-windows",
+-  "version-string": "1.1.1h",
++  "version-string": "1.1.1m",
+   "port-version": 2,
+   "description": "Deprecated OpenSSL port",
+   "supports": "windows",
+-- 
+2.34.0.windows.1
+
diff --git a/package-system/OpenSSL/test/CMakeLists.txt b/package-system/OpenSSL/test/CMakeLists.txt
@@ -0,0 +1,19 @@
+#
+# Copyright (c) Contributors to the Open 3D Engine Project.
+# For complete copyright and license terms please see the LICENSE at the root of this distribution.
+# 
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+#
+#
+
+cmake_minimum_required(VERSION 3.20)
+
+PROJECT(test_OpenSSL VERSION 1.0 LANGUAGES C)
+
+find_package(OpenSSL)
+
+add_executable(test_OpenSSL test_OpenSSL.c)
+
+# note that we use 3rdParty::OpenSSL here.  This will ONLY work 
+# if the O3DE version of OpenSSL is used, which is what we are testing for.
+target_link_libraries(test_OpenSSL PRIVATE 3rdParty::OpenSSL)
diff --git a/package-system/OpenSSL/test/test_OpenSSL.c b/package-system/OpenSSL/test/test_OpenSSL.c
@@ -0,0 +1,35 @@
+/*
+ Copyright (c) Contributors to the Open 3D Engine Project.
+ For complete copyright and license terms please see the LICENSE at the root of this distribution.
+
+ SPDX-License-Identifier: Apache-2.0 OR MIT
+*/
+
+#include <stdio.h>
+#include <string.h>
+
+// this is just a super basic include and compile and link test
+// it doesn't exercise the library much, but if this compiles and links
+// its likely that further testing needs to be done in a real full project
+// rather than artificially
+
+// test whether a header is found
+#include <openssl/ssl.h>
+
+int main()
+{
+    if (OPENSSL_init_ssl(0, NULL) == 0)
+    {
+        printf("FAILURE! OPENSSL failed call to OPENSSL_init_ssl!\n");
+        return 1;
+    }
+
+    if (strcmp(OPENSSL_VERSION_TEXT, "OpenSSL 1.1.1m  14 Dec 2021") != 0)
+    {
+        printf("FAILURE! OpenSSL OPENSSL_VERSION_TEXT returned invalid text (%s)!\n", OPENSSL_VERSION_TEXT);
+        return 1;
+    }
+
+    printf("Success: All is ok!\n");
+    return 0;
+}