[packages/freerdp] - added openssl patch (adjust for openssl 3) - fixed duplicate description
qboosh
qboosh at pld-linux.org
Tue Feb 14 16:05:45 CET 2023
commit 73569c1f74c3d06c9df6c0985323bcb314be1fd8
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Tue Feb 14 16:07:19 2023 +0100
- added openssl patch (adjust for openssl 3)
- fixed duplicate description
freerdp-openssl.patch | 308 ++++++++++++++++++++++++++++++++++++++++++++++++++
freerdp.spec | 6 +-
2 files changed, 312 insertions(+), 2 deletions(-)
---
diff --git a/freerdp.spec b/freerdp.spec
index 09ac012..de03378 100644
--- a/freerdp.spec
+++ b/freerdp.spec
@@ -1,4 +1,4 @@
-# NOTE: for freerdp 2.0 snapshots see freerdp2.spec
+# NOTE: for freerdp 2.x see freerdp2.spec
#
# Conditional build:
%bcond_without alsa # ALSA sound support
@@ -25,6 +25,7 @@ Source0: http://pub.freerdp.com/releases/%{name}-%{version}.tar.gz
Patch0: %{name}-ffmpeg.patch
Patch1: ffmpeg3.patch
Patch2: ffmpeg4.patch
+Patch3: %{name}-openssl.patch
URL: http://www.freerdp.com/
%{?with_directfb:BuildRequires: DirectFB-devel}
%{?with_alsa:BuildRequires: alsa-lib-devel}
@@ -80,7 +81,7 @@ DirectFB based Remote Desktop Protocol klient.
dfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.
-%description -l pl.UTF-8
+%description dfb -l pl.UTF-8
Klient protokołu RDP oparty na DirectFB.
dfreerdp może łączyć się z serwerami RDP, takimi jak maszyny z
@@ -192,6 +193,7 @@ Wtyczki PulseAudio do obsługi dźwięku RDP.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
cat << EOF > xfreerdp.desktop
[Desktop Entry]
diff --git a/freerdp-openssl.patch b/freerdp-openssl.patch
new file mode 100644
index 0000000..5cfe0eb
--- /dev/null
+++ b/freerdp-openssl.patch
@@ -0,0 +1,308 @@
+--- freerdp-1.0.2/libfreerdp-core/crypto.h.orig 2013-01-02 22:46:59.000000000 +0100
++++ freerdp-1.0.2/libfreerdp-core/crypto.h 2023-02-14 16:04:15.755244644 +0100
+@@ -64,12 +64,12 @@ struct crypto_rc4_struct
+
+ struct crypto_des3_struct
+ {
+- EVP_CIPHER_CTX des3_ctx;
++ EVP_CIPHER_CTX * des3_ctx;
+ };
+
+ struct crypto_hmac_struct
+ {
+- HMAC_CTX hmac_ctx;
++ HMAC_CTX * hmac_ctx;
+ };
+
+ struct crypto_cert_struct
+--- freerdp-1.0.2/libfreerdp-core/crypto.c.orig 2013-01-02 22:46:59.000000000 +0100
++++ freerdp-1.0.2/libfreerdp-core/crypto.c 2023-02-14 16:04:27.131849678 +0100
+@@ -75,31 +75,31 @@ void crypto_rc4_free(CryptoRc4 rc4)
+ CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec)
+ {
+ CryptoDes3 des3 = xmalloc(sizeof(*des3));
+- EVP_CIPHER_CTX_init(&des3->des3_ctx);
+- EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+- EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
++ des3->des3_ctx = EVP_CIPHER_CTX_new();
++ EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
++ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
+ return des3;
+ }
+
+ CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec)
+ {
+ CryptoDes3 des3 = xmalloc(sizeof(*des3));
+- EVP_CIPHER_CTX_init(&des3->des3_ctx);
+- EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+- EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
++ des3->des3_ctx = EVP_CIPHER_CTX_new();
++ EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
++ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
+ return des3;
+ }
+
+ void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
+ {
+ int len;
+- EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
++ EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
+ }
+
+ void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
+ {
+ int len;
+- EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
++ EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
+
+ if (length != len)
+ abort(); /* TODO */
+@@ -109,37 +109,37 @@ void crypto_des3_free(CryptoDes3 des3)
+ {
+ if (des3 == NULL)
+ return;
+- EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
++ EVP_CIPHER_CTX_free(des3->des3_ctx);
+ xfree(des3);
+ }
+
+ CryptoHmac crypto_hmac_new(void)
+ {
+ CryptoHmac hmac = xmalloc(sizeof(*hmac));
+- HMAC_CTX_init(&hmac->hmac_ctx);
++ hmac->hmac_ctx = HMAC_CTX_new();
+ return hmac;
+ }
+
+ void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length)
+ {
+- HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
++ HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
+ }
+
+ void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length)
+ {
+- HMAC_Update(&hmac->hmac_ctx, data, length);
++ HMAC_Update(hmac->hmac_ctx, data, length);
+ }
+
+ void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
+ {
+- HMAC_Final(&hmac->hmac_ctx, out_data, &length);
++ HMAC_Final(hmac->hmac_ctx, out_data, &length);
+ }
+
+ void crypto_hmac_free(CryptoHmac hmac)
+ {
+ if (hmac == NULL)
+ return;
+- HMAC_CTX_cleanup(&hmac->hmac_ctx);
++ HMAC_CTX_free(hmac->hmac_ctx);
+ xfree(hmac);
+ }
+
+@@ -236,7 +236,7 @@ static void crypto_rsa_common(const uint
+ uint8* input_reverse;
+ uint8* modulus_reverse;
+ uint8* exponent_reverse;
+- BIGNUM mod, exp, x, y;
++ BIGNUM *mod, *exp, *x, *y;
+
+ input_reverse = (uint8*) xmalloc(2 * key_length + exponent_size);
+ modulus_reverse = input_reverse + key_length;
+@@ -250,26 +250,26 @@ static void crypto_rsa_common(const uint
+ crypto_reverse(input_reverse, length);
+
+ ctx = BN_CTX_new();
+- BN_init(&mod);
+- BN_init(&exp);
+- BN_init(&x);
+- BN_init(&y);
+-
+- BN_bin2bn(modulus_reverse, key_length, &mod);
+- BN_bin2bn(exponent_reverse, exponent_size, &exp);
+- BN_bin2bn(input_reverse, length, &x);
+- BN_mod_exp(&y, &x, &exp, &mod, ctx);
++ mod = BN_new();
++ exp = BN_new();
++ x = BN_new();
++ y = BN_new();
++
++ BN_bin2bn(modulus_reverse, key_length, mod);
++ BN_bin2bn(exponent_reverse, exponent_size, exp);
++ BN_bin2bn(input_reverse, length, x);
++ BN_mod_exp(y, x, &exp, &mod, ctx);
+
+- output_length = BN_bn2bin(&y, output);
++ output_length = BN_bn2bin(y, output);
+ crypto_reverse(output, output_length);
+
+ if (output_length < (int) key_length)
+ memset(output + output_length, 0, key_length - output_length);
+
+- BN_free(&y);
+- BN_clear_free(&x);
+- BN_free(&exp);
+- BN_free(&mod);
++ BN_free(y);
++ BN_clear_free(x);
++ BN_free(exp);
++ BN_free(mod);
+ BN_CTX_free(ctx);
+ xfree(input_reverse);
+ }
+--- freerdp-1.0.2/libfreerdp-core/ntlmssp.c.orig 2013-01-02 22:46:59.000000000 +0100
++++ freerdp-1.0.2/libfreerdp-core/ntlmssp.c 2023-02-14 16:04:30.035167283 +0100
+@@ -456,7 +456,7 @@ void ntlmssp_compute_lm_hash(char* passw
+ char text[14];
+ char des_key1[8];
+ char des_key2[8];
+- des_key_schedule ks;
++ DES_key_schedule ks;
+
+ /* LM("password") = E52CAC67419A9A224A3B108F3FA6CB6D */
+
+@@ -530,7 +530,7 @@ void ntlmssp_compute_lm_response(char* p
+ char des_key1[8];
+ char des_key2[8];
+ char des_key3[8];
+- des_key_schedule ks;
++ DES_key_schedule ks;
+
+ /* A LM hash is 16-bytes long, but the LM response uses a LM hash null-padded to 21 bytes */
+ memset(hash, '\0', 21);
+@@ -1154,19 +1154,20 @@ static void ntlmssp_output_version(STREA
+
+ void ntlmssp_compute_message_integrity_check(NTLMSSP* ntlmssp)
+ {
+- HMAC_CTX hmac_ctx;
++ HMAC_CTX *hmac_ctx;
+
+ /*
+ * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
+ * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
+ */
+
+- HMAC_CTX_init(&hmac_ctx);
+- HMAC_Init_ex(&hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
+- HMAC_Update(&hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
+- HMAC_Update(&hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
+- HMAC_Update(&hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
+- HMAC_Final(&hmac_ctx, ntlmssp->message_integrity_check, NULL);
++ hmac_ctx = HMAC_CTX_new();
++ HMAC_Init_ex(hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
++ HMAC_Update(hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
++ HMAC_Update(hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
++ HMAC_Update(hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
++ HMAC_Final(hmac_ctx, ntlmssp->message_integrity_check, NULL);
++ HMAC_CTX_free(hmac_ctx);
+ }
+
+ /**
+@@ -1181,17 +1182,17 @@ void ntlmssp_compute_message_integrity_c
+
+ void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_msg, uint8* signature)
+ {
+- HMAC_CTX hmac_ctx;
++ HMAC_CTX *hmac_ctx;
+ uint8 digest[16];
+ uint8 checksum[8];
+ uint32 version = 1;
+
+ /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
+- HMAC_CTX_init(&hmac_ctx);
+- HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
+- HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
+- HMAC_Update(&hmac_ctx, msg->data, msg->length);
+- HMAC_Final(&hmac_ctx, digest, NULL);
++ hmac_ctx = HMAC_CTX_new();
++ HMAC_Init_ex(hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
++ HMAC_Update(hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
++ HMAC_Update(hmac_ctx, msg->data, msg->length);
++ HMAC_Final(hmac_ctx, digest, NULL);
+
+ /* Allocate space for encrypted message */
+ freerdp_blob_alloc(encrypted_msg, msg->length);
+@@ -1207,7 +1208,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
+ memcpy(&signature[4], (void*) checksum, 8);
+ memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4);
+
+- HMAC_CTX_cleanup(&hmac_ctx);
++ HMAC_CTX_free(hmac_ctx);
+
+ ntlmssp->send_seq_num++;
+ }
+@@ -1225,7 +1226,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
+
+ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* msg, uint8* signature)
+ {
+- HMAC_CTX hmac_ctx;
++ HMAC_CTX *hmac_ctx;
+ uint8 digest[16];
+ uint8 checksum[8];
+ uint32 version = 1;
+@@ -1238,11 +1239,11 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
+ crypto_rc4(ntlmssp->recv_rc4_seal, encrypted_msg->length, encrypted_msg->data, msg->data);
+
+ /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
+- HMAC_CTX_init(&hmac_ctx);
+- HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
+- HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
+- HMAC_Update(&hmac_ctx, msg->data, msg->length);
+- HMAC_Final(&hmac_ctx, digest, NULL);
++ hmac_ctx = HMAC_CTX_new();
++ HMAC_Init_ex(hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
++ HMAC_Update(hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
++ HMAC_Update(hmac_ctx, msg->data, msg->length);
++ HMAC_Final(hmac_ctx, digest, NULL);
+
+ /* RC4-encrypt first 8 bytes of digest */
+ crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum);
+@@ -1252,6 +1253,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
+ memcpy(&expected_signature[4], (void*) checksum, 8);
+ memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4);
+
++ HMAC_CTX_free(hmac_ctx);
++
+ if (memcmp(signature, expected_signature, 16) != 0)
+ {
+ /* signature verification failed! */
+@@ -1259,8 +1262,6 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
+ return 0;
+ }
+
+- HMAC_CTX_cleanup(&hmac_ctx);
+-
+ ntlmssp->recv_seq_num++;
+ return 1;
+ }
+--- freerdp-1.0.2/libfreerdp-core/certificate.c.orig 2013-01-02 22:46:59.000000000 +0100
++++ freerdp-1.0.2/libfreerdp-core/certificate.c 2023-02-14 16:04:32.955151464 +0100
+@@ -525,21 +525,21 @@ rdpKey* key_new(const char* keyfile)
+ return NULL;
+ }
+
+- if (BN_num_bytes(rsa->e) > 4)
++ if (BN_num_bytes(RSA_get0_e(rsa)) > 4)
+ {
+ RSA_free(rsa);
+ printf("RSA public exponent too large in %s", keyfile);
+ return NULL;
+ }
+
+- freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n));
+- BN_bn2bin(rsa->n, key->modulus.data);
++ freerdp_blob_alloc(&key->modulus, BN_num_bytes(RSA_get0_n(rsa)));
++ BN_bn2bin(RSA_get0_n(rsa), key->modulus.data);
+ crypto_reverse(key->modulus.data, key->modulus.length);
+- freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d));
+- BN_bn2bin(rsa->d, key->private_exponent.data);
++ freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(RSA_get0_d(rsa)));
++ BN_bn2bin(RSA_get0_d(rsa), key->private_exponent.data);
+ crypto_reverse(key->private_exponent.data, key->private_exponent.length);
+ memset(key->exponent, 0, sizeof(key->exponent));
+- BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
++ BN_bn2bin(RSA_get0_e(rsa), key->exponent + sizeof(key->exponent) - BN_num_bytes(RSA_get0_e(rsa)));
+ crypto_reverse(key->exponent, sizeof(key->exponent));
+
+ RSA_free(rsa);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/freerdp.git/commitdiff/73569c1f74c3d06c9df6c0985323bcb314be1fd8
More information about the pld-cvs-commit
mailing list