From 6e02d7e8a6ebf1a445208949ab1a329ac9ead697 Mon Sep 17 00:00:00 2001 From: Ondrej Holy Date: Wed, 22 Jun 2022 09:41:36 +0200 Subject: [PATCH] Fix gateway functionality with OpenSSL 3.0 Resolves: #2023262 --- ...RL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch | 67 +++++++++++++++++++ freerdp.spec | 8 ++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch diff --git a/Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch b/Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch new file mode 100644 index 0000000..ec9391b --- /dev/null +++ b/Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch @@ -0,0 +1,67 @@ +From 1a0f68d2058f361fc23ed9babcd618a838744bf8 Mon Sep 17 00:00:00 2001 +From: akarl +Date: Sun, 24 Apr 2022 21:16:52 +0200 +Subject: [PATCH] Implement BIO_CTRL_GET_KTLS_SEND and BIO_CTRL_GET_KTLS_SEND + +Openssl 3.0 requires to respond to this controls. According to there +documentation it should not need them, but in practice openssl's own source +is full of places where negative return values are not checked. + +(cherry picked from commit 9d7c20ce8fe50bd6de54e7480b5096761a510daf) +--- + libfreerdp/core/gateway/rdg.c | 18 +++++++++++++++++- + libfreerdp/core/gateway/tsg.c | 9 ++++++++- + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c +index 72019ede8..5d970f39e 100644 +--- a/libfreerdp/core/gateway/rdg.c ++++ b/libfreerdp/core/gateway/rdg.c +@@ -2483,7 +2483,23 @@ static long rdg_bio_ctrl(BIO* in_bio, int cmd, long arg1, void* arg2) + */ + status = BIO_ctrl(tlsOut->bio, cmd, arg1, arg2); + } +- ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ else if (cmd == BIO_CTRL_GET_KTLS_SEND) ++ { ++ /* Even though BIO_get_ktls_send says that returning negative values is valid ++ * openssl internal sources are full of if(!BIO_get_ktls_send && ) stuff. This has some ++ * nasty sideeffects. return 0 as proper no KTLS offloading flag ++ */ ++ status = 0; ++ } ++ else if (cmd == BIO_CTRL_GET_KTLS_RECV) ++ { ++ /* Even though BIO_get_ktls_recv says that returning negative values is valid ++ * there is no reason to trust trust negative values are implemented right everywhere ++ */ ++ status = 0; ++ } ++#endif + return status; + } + +diff --git a/libfreerdp/core/gateway/tsg.c b/libfreerdp/core/gateway/tsg.c +index c03f266f2..70fdf9e27 100644 +--- a/libfreerdp/core/gateway/tsg.c ++++ b/libfreerdp/core/gateway/tsg.c +@@ -2716,7 +2716,14 @@ static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) + status = 1; + } + break; +- ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ case BIO_CTRL_GET_KTLS_SEND: ++ status = 0; ++ break; ++ case BIO_CTRL_GET_KTLS_RECV: ++ status = 0; ++ break; ++#endif + default: + break; + } +-- +2.36.1 + diff --git a/freerdp.spec b/freerdp.spec index 9910f26..84913a5 100644 --- a/freerdp.spec +++ b/freerdp.spec @@ -22,7 +22,7 @@ Name: freerdp Version: 2.4.1 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 2 Summary: Free implementation of the Remote Desktop Protocol (RDP) License: ASL 2.0 @@ -37,6 +37,9 @@ Patch1: Fixed-7436-Datatype-mismatch.patch # https://github.com/FreeRDP/FreeRDP/pull/7448 Patch2: winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2023262 +Patch3: Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch + BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: alsa-lib-devel @@ -302,6 +305,9 @@ find %{buildroot} -name "*.a" -delete %{_libdir}/pkgconfig/winpr-tools2.pc %changelog +* Wed Jun 22 2022 Ondrej Holy - - 2:2.4.1-3 +- Fix gateway functionality with OpenSSL 3.0 (#2023262) + * Fri Nov 26 2021 Ondrej Holy - 2:2.4.1-2 - Fix datatype mismatch / big-endian breakage - Load legacy provider when initializing OpenSSL 3.0