[meta-oe][dunfell][PATCH 3/5] freerdp: backport openssl 3.x patches

From: Marek Vasut <marex@denx.de>
To: openembedded-devel@lists.openembedded.org
Cc: raj.khem@gmail.com, Alexander Kanavin <alex.kanavin@gmail.com>,
	Alexander Kanavin <alex@linutronix.de>,
	Marek Vasut <marex@denx.de>
Subject: [meta-oe][dunfell][PATCH 3/5] freerdp: backport openssl 3.x patches
Date: Tue, 11 Jan 2022 23:47:12 +0100	[thread overview]
Message-ID: <20220111224714.1289840-3-marex@denx.de> (raw)
In-Reply-To: <20220111224714.1289840-1-marex@denx.de>

From: Alexander Kanavin <alex.kanavin@gmail.com>

(cherry picked from commit 17ad891757f0a66fabcb7f224c4d36fe6d69ba3b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Marek Vasut <marex@denx.de>
---
 ...e-support-and-build-with-OpenSSL-3.0.patch | 43 +++++++++++++++++++
 ...d-calling-FIPS_mode-with-OpenSSL-3.0.patch | 28 ++++++++++++
 .../recipes-support/freerdp/freerdp_2.3.0.bb  |  2 +
 3 files changed, 73 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
new file mode 100644
index 000000000..04fe644d4
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
@@ -0,0 +1,43 @@
+From f703b1184229796d504a2e833f72ace4cc605d15 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 12 May 2021 12:48:15 +0200
+Subject: [PATCH 1/2] Fix FIPS mode support and build with OpenSSL 3.0
+
+FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
+and `FIPS_mode_set` functions, which were removed there. Just a note that
+the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
+functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
+Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
+
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ winpr/libwinpr/utils/ssl.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
+index 3a8590390..03b23af43 100644
+--- a/winpr/libwinpr/utils/ssl.c
++++ b/winpr/libwinpr/utils/ssl.c
+@@ -244,9 +244,17 @@ static BOOL winpr_enable_fips(DWORD flags)
+ #else
+ 		WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
+ 
++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
++		if (!EVP_default_properties_is_fips_enabled(NULL))
++#else
+ 		if (FIPS_mode() != 1)
++#endif
+ 		{
++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
++			if (EVP_set_default_properties(NULL, "fips=yes"))
++#else
+ 			if (FIPS_mode_set(1))
++#endif
+ 				WLog_INFO(TAG, "Openssl fips mode ENabled!");
+ 			else
+ 			{
+-- 
+2.20.1
+
diff --git a/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
new file mode 100644
index 000000000..728638e15
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
@@ -0,0 +1,28 @@
+From 4dbf108c0ae5e997d5c432f3da4b4c5fd7b35373 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 1 Aug 2021 12:14:43 -0400
+Subject: [PATCH 2/2] winpr: avoid calling FIPS_mode() with OpenSSL 3.0
+
+Fixes: 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ winpr/libwinpr/utils/ssl.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
+index 03b23af43..74ef156e7 100644
+--- a/winpr/libwinpr/utils/ssl.c
++++ b/winpr/libwinpr/utils/ssl.c
+@@ -364,6 +364,8 @@ BOOL winpr_FIPSMode(void)
+ {
+ #if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
+ 	return FALSE;
++#elif defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
++	return (EVP_default_properties_is_fips_enabled(NULL) == 1);
+ #else
+ 	return (FIPS_mode() == 1);
+ #endif
+-- 
+2.20.1
+
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb b/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
index e37e71b32..57170f68a 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
@@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}"
 SRCREV = "14c7f7aed7dd4e2454ee0cd81028b9f790885021"
 SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
     file://winpr-makecert-Build-with-install-RPATH.patch \
+    file://0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch \
+    file://0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch \
 "
 
 S = "${WORKDIR}/git"
-- 
2.34.1


