Load legacy provider when initializing OpenSSL 3.0
See: https://github.com/FreeRDP/FreeRDP/pull/7448
This commit is contained in:
parent
3e17678387
commit
03115cf349
@ -34,6 +34,9 @@ Source0: https://github.com/FreeRDP/FreeRDP/archive/%{version}/FreeRDP-%{
|
||||
Patch0: Fixed-7436-Datatype-mismatch-to-crypto_base64_decode.patch
|
||||
Patch1: Fixed-7436-Datatype-mismatch.patch
|
||||
|
||||
# https://github.com/FreeRDP/FreeRDP/pull/7448
|
||||
Patch2: winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: alsa-lib-devel
|
||||
@ -301,6 +304,7 @@ find %{buildroot} -name "*.a" -delete
|
||||
%changelog
|
||||
* Fri Nov 26 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-2
|
||||
- Fix datatype mismatch / big-endian breakage
|
||||
- Load legacy provider when initializing OpenSSL 3.0
|
||||
|
||||
* Wed Nov 10 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-1
|
||||
- Update to 2.4.1 (CVE-2021-41159, CVE-2021-41160).
|
||||
|
61
winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
Normal file
61
winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 2d0b58759ba823bbc372ac19fea5080f4261c26e Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Holy <oholy@redhat.com>
|
||||
Date: Tue, 16 Nov 2021 16:12:33 +0100
|
||||
Subject: [PATCH] winpr/ssl: Load legacy provider when initializing OpenSSL 3.0
|
||||
|
||||
With OpenSSL 3.O, FreeRDP log contains errors like:
|
||||
|
||||
```
|
||||
4036740A4C7F0000:error:0308010C:digital envelope routines:
|
||||
inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346:
|
||||
Global default library context, Algorithm (MD4 : 85), Properties ()
|
||||
```
|
||||
|
||||
This leads to connection failures in some cases. This is because algorithms
|
||||
like MD4 are now part of the legacy provider, which is not loaded by
|
||||
default. Let's explicitly load that provider. With this change, also the
|
||||
other provides has to be explicitely loaded.
|
||||
---
|
||||
winpr/libwinpr/utils/ssl.c | 12 ++++++++++++
|
||||
1 file changed, 12 insertions(+)
|
||||
|
||||
diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
|
||||
index 74ef156e7..392f8e227 100644
|
||||
--- a/winpr/libwinpr/utils/ssl.c
|
||||
+++ b/winpr/libwinpr/utils/ssl.c
|
||||
@@ -33,6 +33,10 @@
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
+#include <openssl/provider.h>
|
||||
+#endif
|
||||
+
|
||||
#include "../log.h"
|
||||
#define TAG WINPR_TAG("utils.ssl")
|
||||
|
||||
@@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags)
|
||||
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
|
||||
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
+ OSSL_PROVIDER_load(NULL, "fips");
|
||||
if (!EVP_default_properties_is_fips_enabled(NULL))
|
||||
#else
|
||||
if (FIPS_mode() != 1)
|
||||
@@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
|
||||
return FALSE;
|
||||
|
||||
#endif
|
||||
+
|
||||
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
+ /* The legacy provider is needed for MD4. */
|
||||
+ OSSL_PROVIDER_load(NULL, "legacy");
|
||||
+ OSSL_PROVIDER_load(NULL, "default");
|
||||
+#endif
|
||||
+
|
||||
g_winpr_openssl_initialized_by_winpr = TRUE;
|
||||
return winpr_enable_fips(flags);
|
||||
}
|
||||
--
|
||||
2.33.1
|
||||
|
Loading…
Reference in New Issue
Block a user