diff mbox series

[meta-oe,dunfell,3/5] freerdp: backport openssl 3.x patches

Message ID 20220111224714.1289840-3-marex@denx.de
State New
Headers show
Series [meta-oe,dunfell,1/5] freerdp: Upgrade to 2.2.0 | expand

Commit Message

Marek Vasut Jan. 11, 2022, 10:47 p.m. UTC 
From: Alexander Kanavin <alex.kanavin@gmail.com>

(cherry picked from commit 17ad891757f0a66fabcb7f224c4d36fe6d69ba3b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Marek Vasut <marex@denx.de>
---
 ...e-support-and-build-with-OpenSSL-3.0.patch | 43 +++++++++++++++++++
 ...d-calling-FIPS_mode-with-OpenSSL-3.0.patch | 28 ++++++++++++
 .../recipes-support/freerdp/freerdp_2.3.0.bb  |  2 +
 3 files changed, 73 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch

Comments

akuster808 Jan. 12, 2022, 4:43 a.m. UTC | #1 
On 1/11/22 2:47 PM, Marek Vasut wrote:
> From: Alexander Kanavin <alex.kanavin@gmail.com>
>
> (cherry picked from commit 17ad891757f0a66fabcb7f224c4d36fe6d69ba3b)
> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Signed-off-by: Marek Vasut <marex@denx.de>
> ---
>  ...e-support-and-build-with-OpenSSL-3.0.patch | 43 +++++++++++++++++++
>  ...d-calling-FIPS_mode-with-OpenSSL-3.0.patch | 28 ++++++++++++
>  .../recipes-support/freerdp/freerdp_2.3.0.bb  |  2 +
Dunfell done not support openssl3 so why should I take this patch?

-armin
>  3 files changed, 73 insertions(+)
>  create mode 100644 meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
>  create mode 100644 meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
>
> diff --git a/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
> new file mode 100644
> index 000000000..04fe644d4
> --- /dev/null
> +++ b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
> @@ -0,0 +1,43 @@
> +From f703b1184229796d504a2e833f72ace4cc605d15 Mon Sep 17 00:00:00 2001
> +From: Ondrej Holy <oholy@redhat.com>
> +Date: Wed, 12 May 2021 12:48:15 +0200
> +Subject: [PATCH 1/2] Fix FIPS mode support and build with OpenSSL 3.0
> +
> +FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
> +and `FIPS_mode_set` functions, which were removed there. Just a note that
> +the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
> +functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
> +Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
> +
> +See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
> +Upstream-Status: Backport
> +Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> +---
> + winpr/libwinpr/utils/ssl.c | 8 ++++++++
> + 1 file changed, 8 insertions(+)
> +
> +diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
> +index 3a8590390..03b23af43 100644
> +--- a/winpr/libwinpr/utils/ssl.c
> ++++ b/winpr/libwinpr/utils/ssl.c
> +@@ -244,9 +244,17 @@ static BOOL winpr_enable_fips(DWORD flags)
> + #else
> + 		WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
> + 
> ++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
> ++		if (!EVP_default_properties_is_fips_enabled(NULL))
> ++#else
> + 		if (FIPS_mode() != 1)
> ++#endif
> + 		{
> ++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
> ++			if (EVP_set_default_properties(NULL, "fips=yes"))
> ++#else
> + 			if (FIPS_mode_set(1))
> ++#endif
> + 				WLog_INFO(TAG, "Openssl fips mode ENabled!");
> + 			else
> + 			{
> +-- 
> +2.20.1
> +
> diff --git a/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
> new file mode 100644
> index 000000000..728638e15
> --- /dev/null
> +++ b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
> @@ -0,0 +1,28 @@
> +From 4dbf108c0ae5e997d5c432f3da4b4c5fd7b35373 Mon Sep 17 00:00:00 2001
> +From: Mike Gilbert <floppym@gentoo.org>
> +Date: Sun, 1 Aug 2021 12:14:43 -0400
> +Subject: [PATCH 2/2] winpr: avoid calling FIPS_mode() with OpenSSL 3.0
> +
> +Fixes: 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad
> +Upstream-Status: Backport
> +Signed-off-by: Alexander Kanavin <alex@linutronix.de>
> +---
> + winpr/libwinpr/utils/ssl.c | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
> +index 03b23af43..74ef156e7 100644
> +--- a/winpr/libwinpr/utils/ssl.c
> ++++ b/winpr/libwinpr/utils/ssl.c
> +@@ -364,6 +364,8 @@ BOOL winpr_FIPSMode(void)
> + {
> + #if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
> + 	return FALSE;
> ++#elif defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
> ++	return (EVP_default_properties_is_fips_enabled(NULL) == 1);
> + #else
> + 	return (FIPS_mode() == 1);
> + #endif
> +-- 
> +2.20.1
> +
> diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb b/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
> index e37e71b32..57170f68a 100644
> --- a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
> +++ b/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
> @@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}"
>  SRCREV = "14c7f7aed7dd4e2454ee0cd81028b9f790885021"
>  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
>      file://winpr-makecert-Build-with-install-RPATH.patch \
> +    file://0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch \
> +    file://0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch \
>  "
>  
>  S = "${WORKDIR}/git"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#94765): https://lists.openembedded.org/g/openembedded-devel/message/94765
> Mute This Topic: https://lists.openembedded.org/mt/88361254/3616698
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Marek Vasut Jan. 12, 2022, 4:59 a.m. UTC | #2 
On 1/12/22 05:43, akuster808 wrote:
> 
> 
> On 1/11/22 2:47 PM, Marek Vasut wrote:
>> From: Alexander Kanavin <alex.kanavin@gmail.com>
>>
>> (cherry picked from commit 17ad891757f0a66fabcb7f224c4d36fe6d69ba3b)
>> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
>> Signed-off-by: Khem Raj <raj.khem@gmail.com>
>> Signed-off-by: Marek Vasut <marex@denx.de>
>> ---
>>   ...e-support-and-build-with-OpenSSL-3.0.patch | 43 +++++++++++++++++++
>>   ...d-calling-FIPS_mode-with-OpenSSL-3.0.patch | 28 ++++++++++++
>>   .../recipes-support/freerdp/freerdp_2.3.0.bb  |  2 +
> Dunfell done not support openssl3 so why should I take this patch?

The patches are dropped in 4/5 again since the openssl patches are part 
of freerdp 2.4.1 . I picked them as-is to avoid too many changes to the 
cherry-picked commits.
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
new file mode 100644
index 000000000..04fe644d4
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
@@ -0,0 +1,43 @@ 
+From f703b1184229796d504a2e833f72ace4cc605d15 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 12 May 2021 12:48:15 +0200
+Subject: [PATCH 1/2] Fix FIPS mode support and build with OpenSSL 3.0
+
+FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
+and `FIPS_mode_set` functions, which were removed there. Just a note that
+the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
+functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
+Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
+
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ winpr/libwinpr/utils/ssl.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
+index 3a8590390..03b23af43 100644
+--- a/winpr/libwinpr/utils/ssl.c
++++ b/winpr/libwinpr/utils/ssl.c
+@@ -244,9 +244,17 @@ static BOOL winpr_enable_fips(DWORD flags)
+ #else
+ 		WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
+ 
++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
++		if (!EVP_default_properties_is_fips_enabled(NULL))
++#else
+ 		if (FIPS_mode() != 1)
++#endif
+ 		{
++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
++			if (EVP_set_default_properties(NULL, "fips=yes"))
++#else
+ 			if (FIPS_mode_set(1))
++#endif
+ 				WLog_INFO(TAG, "Openssl fips mode ENabled!");
+ 			else
+ 			{
+-- 
+2.20.1
+
diff --git a/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
new file mode 100644
index 000000000..728638e15
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
@@ -0,0 +1,28 @@ 
+From 4dbf108c0ae5e997d5c432f3da4b4c5fd7b35373 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 1 Aug 2021 12:14:43 -0400
+Subject: [PATCH 2/2] winpr: avoid calling FIPS_mode() with OpenSSL 3.0
+
+Fixes: 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ winpr/libwinpr/utils/ssl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
+index 03b23af43..74ef156e7 100644
+--- a/winpr/libwinpr/utils/ssl.c
++++ b/winpr/libwinpr/utils/ssl.c
+@@ -364,6 +364,8 @@ BOOL winpr_FIPSMode(void)
+ {
+ #if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
+ 	return FALSE;
++#elif defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
++	return (EVP_default_properties_is_fips_enabled(NULL) == 1);
+ #else
+ 	return (FIPS_mode() == 1);
+ #endif
+-- 
+2.20.1
+
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb b/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
index e37e71b32..57170f68a 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
@@ -16,6 +16,8 @@  PKGV = "${GITPKGVTAG}"
 SRCREV = "14c7f7aed7dd4e2454ee0cd81028b9f790885021"
 SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
     file://winpr-makecert-Build-with-install-RPATH.patch \
+    file://0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch \
+    file://0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch \
 "
 
 S = "${WORKDIR}/git"