Update POCO to 1.11.0

vendor/POCO/Crypto/cmake/PocoCryptoConfig.cmake

@@ -1,3 +1,4 @@
 include(CMakeFindDependencyMacro)
 find_dependency(PocoFoundation)
+find_dependency(OpenSSL REQUIRED COMPONENTS Crypto)
 include("${CMAKE_CURRENT_LIST_DIR}/PocoCryptoTargets.cmake")

vendor/POCO/Crypto/include/Poco/Crypto/Crypto.h

@@ -43,20 +43,16 @@ enum RSAPaddingMode
 	/// The padding mode used for RSA public key encryption.
 {
 	RSA_PADDING_PKCS1,
-		/// PKCS #1 v1.5 padding. This currently is the most widely used mode. 
-		
+		/// PKCS #1 v1.5 padding. This currently is the most widely used mode.
+
 	RSA_PADDING_PKCS1_OAEP,
-		/// EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty 
+		/// EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
 		/// encoding parameter. This mode is recommended for all new applications.
-		
-	RSA_PADDING_SSLV23,
-		/// PKCS #1 v1.5 padding with an SSL-specific modification that denotes 
-		/// that the server is SSL3 capable. 
-		
+
 	RSA_PADDING_NONE
-		/// Raw RSA encryption. This mode should only be used to implement cryptographically 
-		/// sound padding modes in the application code. Encrypting user data directly with RSA 
-		/// is insecure. 
+		/// Raw RSA encryption. This mode should only be used to implement cryptographically
+		/// sound padding modes in the application code. Encrypting user data directly with RSA
+		/// is insecure.
 };
 
 

vendor/POCO/Crypto/include/Poco/Crypto/EVPPKey.h

@@ -177,7 +177,15 @@ private:
 			EVP_PKEY* pKey = getFunc ? EVP_PKEY_new() : (EVP_PKEY*)*ppKey;
 			if (pKey)
 			{
+#if defined(_MSC_VER)
+#pragma warning(push)
+#pragma warning(disable:4996) // deprecation warnings
+#endif				
 				pFile = fopen(keyFile.c_str(), "r");
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif
+
 				if (pFile)
 				{
 					pem_password_cb* pCB = pass.empty() ? (pem_password_cb*)0 : &passCB;
@@ -195,9 +203,10 @@ private:
 							poco_assert_dbg (typeid(K*) == typeid(EVP_PKEY*));
 							*ppKey = (K*)pKey;
 						}
-						if(!*ppKey) goto error;
+						if (!*ppKey) goto error;
 						return true;
 					}
+					if (getFunc) EVP_PKEY_free(pKey);
 					goto error;
 				}
 				else

vendor/POCO/Crypto/include/Poco/Crypto/X509Certificate.h

@@ -20,6 +20,7 @@
 
 #include "Poco/Crypto/Crypto.h"
 #include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/DigestEngine.h"
 #include "Poco/DateTime.h"
 #include "Poco/SharedPtr.h"
 #include <vector>
@@ -126,6 +127,11 @@ public:
 	Poco::DateTime expiresOn() const;
 		/// Returns the date and time the certificate expires.
 
+	Poco::DigestEngine::Digest fingerprint(const std::string& algorithm = "SHA1") const;
+		/// Computes and returns the fingerprint of the certificate,
+		/// using the given algorithm. The algorithm must be supported
+		/// by OpenSSL, e.g., "SHA1" or "SHA256".
+
 	void save(std::ostream& stream) const;
 		/// Writes the certificate to the given stream.
 		/// The certificate is written in PEM format.

vendor/POCO/Crypto/src/CipherImpl.cpp

@@ -151,7 +151,7 @@ namespace
 	int CryptoTransformImpl::setPadding(int padding)
 	{
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
-		return EVP_CIPHER_CTX_block_size(_pContext);
+		return EVP_CIPHER_CTX_set_padding(_pContext, padding);
 #else
 		return EVP_CIPHER_CTX_set_padding(&_context, padding);
 #endif

vendor/POCO/Crypto/src/ECDSADigestEngine.cpp

@@ -16,6 +16,7 @@
 #include "Poco/Crypto/ECDSADigestEngine.h"
 #include "Poco/Crypto/CryptoException.h"
 #include <openssl/ecdsa.h>
+#include <openssl/bn.h>
 
 
 namespace Poco {

vendor/POCO/Crypto/src/PKCS12Container.cpp

@@ -13,6 +13,11 @@
 //
 
 
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_WARNINGS)
+#define _CRT_SECURE_NO_WARNINGS
+#endif
+
+
 #include "Poco/Crypto/PKCS12Container.h"
 #include "Poco/NumberFormatter.h"
 #include "Poco/StreamCopier.h"
@@ -155,6 +160,7 @@ void PKCS12Container::load(PKCS12* pPKCS12, const std::string& password)
 			{
 				_pX509Cert.reset(new X509Certificate(pCert, true));
 				_pkcsFriendlyName = extractFriendlyName(pCert);
+				X509_free(pCert);
 			}
 			else _pX509Cert.reset();
 
@@ -171,17 +177,22 @@ void PKCS12Container::load(PKCS12* pPKCS12, const std::string& password)
 						_caCertList.push_back(X509Certificate(pX509, true));
 						_caCertNames.push_back(extractFriendlyName(pX509));
 					}
-					else throw OpenSSLException("PKCS12Container::load()");
+					else
+					{
+						sk_X509_pop_free(pCA, X509_free);
+						PKCS12_free(pPKCS12);
+						throw OpenSSLException("PKCS12Container::load()");
+					}
 				}
+				sk_X509_pop_free(pCA, X509_free);
 			}
 		}
 		else
 		{
+			PKCS12_free(pPKCS12);
 			throw OpenSSLException();
 		}
 		PKCS12_free(pPKCS12);
-		sk_X509_pop_free(pCA, X509_free);
-		if (pCert) X509_free(pCert);
 		poco_assert_dbg (_caCertList.size() == _caCertNames.size());
 	}
 	else

vendor/POCO/Crypto/src/RSACipherImpl.cpp

@@ -50,8 +50,6 @@ namespace
 			return RSA_PKCS1_PADDING;
 		case RSA_PADDING_PKCS1_OAEP:
 			return RSA_PKCS1_OAEP_PADDING;
-		case RSA_PADDING_SSLV23:
-			return RSA_SSLV23_PADDING;
 		case RSA_PADDING_NONE:
 			return RSA_NO_PADDING;
 		default:
@@ -116,7 +114,6 @@ namespace
 		switch (_paddingMode)
 		{
 		case RSA_PADDING_PKCS1:
-		case RSA_PADDING_SSLV23:
 			size -= 11;
 			break;
 		case RSA_PADDING_PKCS1_OAEP:

vendor/POCO/Crypto/src/X509Certificate.cpp

@@ -349,6 +349,24 @@ Poco::DateTime X509Certificate::expiresOn() const
 }
 
 
+Poco::DigestEngine::Digest X509Certificate::fingerprint(const std::string& algorithm) const
+{
+	unsigned char buffer[EVP_MAX_MD_SIZE];
+	unsigned int length;
+	const EVP_MD* md = EVP_get_digestbyname(algorithm.c_str());
+	if (!md) throw Poco::InvalidArgumentException(algorithm);
+
+	if (X509_digest(_pCert, md, buffer, &length))
+	{
+		return Poco::DigestEngine::Digest(buffer, buffer + length);
+	}
+	else
+	{
+		throw OpenSSLException("failed to compute fingerprint");
+	}
+}
+
+
 bool X509Certificate::issuedBy(const X509Certificate& issuerCertificate) const
 {
 	X509* pCert = const_cast<X509*>(_pCert);

vendor/POCO/Crypto/testsuite/src/CryptoTest.cpp

@@ -357,6 +357,9 @@ void CryptoTest::testCertificate()
 	assertTrue (organizationName == "Applied Informatics Software Engineering GmbH");
 	assertTrue (organizationUnitName == "Development");
 
+	const auto fingerprint = cert.fingerprint();
+	assertTrue (Poco::DigestEngine::digestToHex(fingerprint) == "ac84e4eb72c861ccb20f2900f3f17a9ac11f6579");
+
 	// fails with recent OpenSSL versions:
 	// assert (cert.issuedBy(cert));