From f81a360d11e04b5de68d8a7a7f1bed9b65d2c8ed Mon Sep 17 00:00:00 2001
From: Serhij S <div@altertech.com>
Date: Tue, 16 Jan 2024 03:40:52 +0100
Subject: [PATCH] openssl upgrade, v3 fips support

---
 Cargo.lock    | 47 ++++++++++++++++++++++++++++-------------------
 Cargo.toml    |  5 +++--
 src/acl.rs    |  1 -
 src/server.rs |  7 +------
 4 files changed, 32 insertions(+), 28 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 8980134..498025b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -204,6 +204,12 @@ version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
 
+[[package]]
+name = "bitflags"
+version = "2.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
+
 [[package]]
 name = "bitvec"
 version = "1.0.1"
@@ -389,9 +395,12 @@ checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c"
 
 [[package]]
 name = "cc"
-version = "1.0.72"
+version = "1.0.83"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee"
+checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
+dependencies = [
+ "libc",
+]
 
 [[package]]
 name = "cfg-if"
@@ -434,7 +443,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4bd1061998a501ee7d4b6d449020df3266ca3124b941ec56cf2005c3779ca142"
 dependencies = [
  "atty",
- "bitflags",
+ "bitflags 1.2.1",
  "clap_derive",
  "indexmap 1.9.1",
  "lazy_static",
@@ -671,9 +680,9 @@ dependencies = [
 
 [[package]]
 name = "eva-common"
-version = "0.3.17"
+version = "0.3.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3293de4e85bc6f3036cf1f99d2638edf3a3fc61f1adb821b50566bd12b117b7"
+checksum = "45237f4a1916d547cc08ccea491f2d974d71f77719d793dad34fae72e757e257"
 dependencies = [
  "async-channel",
  "async-recursion",
@@ -686,6 +695,7 @@ dependencies = [
  "once_cell",
  "openssl",
  "ordered-float",
+ "parking_lot",
  "rmp-serde",
  "rust_decimal",
  "serde",
@@ -1258,7 +1268,7 @@ version = "0.22.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e4916f159ed8e5de0082076562152a76b7a1f64a01fd9d1e0fea002c37624faf"
 dependencies = [
- "bitflags",
+ "bitflags 1.2.1",
  "cc",
  "cfg-if",
  "libc",
@@ -1272,7 +1282,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e322c04a9e3440c327fca7b6c8a63e6890a32fa2ad689db972425f07e0d22abb"
 dependencies = [
  "autocfg",
- "bitflags",
+ "bitflags 1.2.1",
  "cfg-if",
  "libc",
  "memoffset 0.6.5",
@@ -1356,11 +1366,11 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 
 [[package]]
 name = "openssl"
-version = "0.10.42"
+version = "0.10.62"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12fc0523e3bd51a692c8850d075d74dc062ccf251c0110668cbd921917118a13"
+checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671"
 dependencies = [
- "bitflags",
+ "bitflags 2.4.1",
  "cfg-if",
  "foreign-types",
  "libc",
@@ -1388,20 +1398,19 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
 [[package]]
 name = "openssl-src"
-version = "111.22.0+1.1.1q"
+version = "300.2.1+3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f31f0d509d1c1ae9cada2f9539ff8f37933831fd5098879e482aa687d659853"
+checksum = "3fe476c29791a5ca0d1273c697e96085bbabbbea2ef7afd5617e78a4b40332d3"
 dependencies = [
  "cc",
 ]
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.76"
+version = "0.9.98"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5230151e44c0f05157effb743e8d517472843121cf9243e8b81393edb5acd9ce"
+checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7"
 dependencies = [
- "autocfg",
  "cc",
  "libc",
  "openssl-src",
@@ -1709,7 +1718,7 @@ version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
 dependencies = [
- "bitflags",
+ "bitflags 1.2.1",
 ]
 
 [[package]]
@@ -1854,7 +1863,7 @@ version = "0.36.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4feacf7db682c6c329c4ede12649cd36ecab0f3be5b7d74e6a20304725db4549"
 dependencies = [
- "bitflags",
+ "bitflags 1.2.1",
  "errno 0.2.8",
  "io-lifetimes",
  "libc",
@@ -1868,7 +1877,7 @@ version = "0.37.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f79bef90eb6d984c72722595b5b1348ab39275a5e5123faca6863bf07d75a4e0"
 dependencies = [
- "bitflags",
+ "bitflags 1.2.1",
  "errno 0.3.8",
  "io-lifetimes",
  "libc",
@@ -1916,7 +1925,7 @@ version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "23a2ac85147a3a11d77ecf1bc7166ec0b92febfa4461c37944e180f319ece467"
 dependencies = [
- "bitflags",
+ "bitflags 1.2.1",
  "core-foundation",
  "core-foundation-sys",
  "libc",
diff --git a/Cargo.toml b/Cargo.toml
index df4f59b..d69b1b9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -47,7 +47,7 @@ log = "0.4.14"
 hex = "0.4.2"
 nix = "0.25.0"
 tokio-native-tls = "0.3.0"
-openssl = "0.10.42"
+openssl = "0.10.62"
 async-channel = "1.7.1"
 serde = { version =  "1.0.143", features = ["derive"] }
 serde_yaml = "0.8.26"
@@ -77,7 +77,7 @@ parking_lot = "0.12.1"
 async-trait = "0.1.74"
 eva-sdk = "0.3.10"
 once_cell = "1.18.0"
-eva-common = "0.3.17"
+eva-common = { version = "0.3.22", features = ["services"] }
 
 [features]
 #default = ["server"]
@@ -89,4 +89,5 @@ server = ["base64", "bcrypt", "clap", "clap_derive", "colored", "chrono", "fork"
     "hostname", "hyper", "serde_json", "syslog", "jemallocator", "submap/native-digest"]
 crypto = ["aes-gcm", "rand"]
 openssl-vendored = ["openssl/vendored", "eva-common/openssl-no-fips"]
+openssl3 = ["eva-common/openssl3"]
 std-alloc = []
diff --git a/src/acl.rs b/src/acl.rs
index 8974dc6..538a1a7 100644
--- a/src/acl.rs
+++ b/src/acl.rs
@@ -1,4 +1,3 @@
-// TODO migrate to eva-common when released
 use crate::Error;
 use log::{info, trace};
 use once_cell::sync::Lazy;
diff --git a/src/server.rs b/src/server.rs
index 1904afb..e9879b8 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -1544,12 +1544,7 @@ fn main() {
             .expect("Unable to parse config path");
         let config: Config = serde_yaml::from_str(&cfg).unwrap();
         if config.proto.fips {
-            #[cfg(not(feature = "openssl-vendored"))]
-            openssl::fips::enable(true).expect("Can not enable OpenSSL FIPS 140");
-            #[cfg(not(feature = "openssl-vendored"))]
-            info!("OpenSSL FIPS 140 enabled");
-            #[cfg(feature = "openssl-vendored")]
-            panic!("FIPS can not be enabled, consider using a native OS distribution");
+            eva_common::services::enable_fips().unwrap();
         }
         if opts.daemonize {
             if let Ok(fork::Fork::Child) = fork::daemon(true, false) {