Load legacy provider when initializing OpenSSL 3.0
See: https://github.com/FreeRDP/FreeRDP/pull/7448
This commit is contained in:
parent
3e17678387
commit
03115cf349
@ -34,6 +34,9 @@ Source0: https://github.com/FreeRDP/FreeRDP/archive/%{version}/FreeRDP-%{
|
|||||||
Patch0: Fixed-7436-Datatype-mismatch-to-crypto_base64_decode.patch
|
Patch0: Fixed-7436-Datatype-mismatch-to-crypto_base64_decode.patch
|
||||||
Patch1: Fixed-7436-Datatype-mismatch.patch
|
Patch1: Fixed-7436-Datatype-mismatch.patch
|
||||||
|
|
||||||
|
# https://github.com/FreeRDP/FreeRDP/pull/7448
|
||||||
|
Patch2: winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: alsa-lib-devel
|
BuildRequires: alsa-lib-devel
|
||||||
@ -301,6 +304,7 @@ find %{buildroot} -name "*.a" -delete
|
|||||||
%changelog
|
%changelog
|
||||||
* Fri Nov 26 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-2
|
* Fri Nov 26 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-2
|
||||||
- Fix datatype mismatch / big-endian breakage
|
- Fix datatype mismatch / big-endian breakage
|
||||||
|
- Load legacy provider when initializing OpenSSL 3.0
|
||||||
|
|
||||||
* Wed Nov 10 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-1
|
* Wed Nov 10 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-1
|
||||||
- Update to 2.4.1 (CVE-2021-41159, CVE-2021-41160).
|
- Update to 2.4.1 (CVE-2021-41159, CVE-2021-41160).
|
||||||
|
61
winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
Normal file
61
winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
From 2d0b58759ba823bbc372ac19fea5080f4261c26e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ondrej Holy <oholy@redhat.com>
|
||||||
|
Date: Tue, 16 Nov 2021 16:12:33 +0100
|
||||||
|
Subject: [PATCH] winpr/ssl: Load legacy provider when initializing OpenSSL 3.0
|
||||||
|
|
||||||
|
With OpenSSL 3.O, FreeRDP log contains errors like:
|
||||||
|
|
||||||
|
```
|
||||||
|
4036740A4C7F0000:error:0308010C:digital envelope routines:
|
||||||
|
inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346:
|
||||||
|
Global default library context, Algorithm (MD4 : 85), Properties ()
|
||||||
|
```
|
||||||
|
|
||||||
|
This leads to connection failures in some cases. This is because algorithms
|
||||||
|
like MD4 are now part of the legacy provider, which is not loaded by
|
||||||
|
default. Let's explicitly load that provider. With this change, also the
|
||||||
|
other provides has to be explicitely loaded.
|
||||||
|
---
|
||||||
|
winpr/libwinpr/utils/ssl.c | 12 ++++++++++++
|
||||||
|
1 file changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
|
||||||
|
index 74ef156e7..392f8e227 100644
|
||||||
|
--- a/winpr/libwinpr/utils/ssl.c
|
||||||
|
+++ b/winpr/libwinpr/utils/ssl.c
|
||||||
|
@@ -33,6 +33,10 @@
|
||||||
|
#include <openssl/ssl.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
|
||||||
|
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
|
+#include <openssl/provider.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#include "../log.h"
|
||||||
|
#define TAG WINPR_TAG("utils.ssl")
|
||||||
|
|
||||||
|
@@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags)
|
||||||
|
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
|
||||||
|
|
||||||
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
|
+ OSSL_PROVIDER_load(NULL, "fips");
|
||||||
|
if (!EVP_default_properties_is_fips_enabled(NULL))
|
||||||
|
#else
|
||||||
|
if (FIPS_mode() != 1)
|
||||||
|
@@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
|
+ /* The legacy provider is needed for MD4. */
|
||||||
|
+ OSSL_PROVIDER_load(NULL, "legacy");
|
||||||
|
+ OSSL_PROVIDER_load(NULL, "default");
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
g_winpr_openssl_initialized_by_winpr = TRUE;
|
||||||
|
return winpr_enable_fips(flags);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.33.1
|
||||||
|
|
Loading…
Reference in New Issue
Block a user