morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #5276: Enable SSL before parsing assistance file.

Browse Source 
The assistance file requires primitives from the ssl wrapper.
Enable these before parsing the file.
Additionally split the FIPS mode enablement from the one time
initializer to avoid ignoring that flag.
This commit is contained in:
Armin Novak
2019-02-25 10:37:30 +01:00
parent fd27451768
commit 49936a7ba6
2 changed files with 34 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libfreerdp/common/assistance.c
View File

@@ -28,6 +28,7 @@
#include <winpr/crypto.h>
#include <winpr/print.h>
#include <winpr/windows.h>
#include <winpr/ssl.h>
#include <freerdp/log.h>
#include <freerdp/client/file.h>
@@ -1223,6 +1224,7 @@ BOOL freerdp_assistance_populate_settings_from_assistance_file(rdpAssistanceFile
rdpAssistanceFile* freerdp_assistance_file_new(void)
{
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
return (rdpAssistanceFile*) calloc(1, sizeof(rdpAssistanceFile));
}

53
winpr/libwinpr/utils/ssl.c
View File

@@ -237,6 +237,32 @@ static BOOL _winpr_openssl_cleanup_locking(void)
#endif /* OpenSSL < 1.1.0 */
static BOOL winpr_enable_fips(DWORD flags)
{
if (flags & WINPR_SSL_INIT_ENABLE_FIPS)
{
#if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
WLog_ERR(TAG, "Openssl fips mode not available on openssl versions less than 1.0.1!");
return FALSE;
#else
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
if (FIPS_mode() != 1)
{
if (FIPS_mode_set(1))
WLog_INFO(TAG, "Openssl fips mode ENabled!");
else
{
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
return FALSE;
}
}
#endif
}
return TRUE;
}
static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVOID* context)
{
@@ -276,26 +302,7 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
#endif
g_winpr_openssl_initialized_by_winpr = TRUE;
if (flags & WINPR_SSL_INIT_ENABLE_FIPS)
{
#if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
#else
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
if (FIPS_mode() != 1)
{
if (FIPS_mode_set(1))
WLog_INFO(TAG, "Openssl fips mode ENabled!");
else
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
}
#endif
}
return TRUE;
return winpr_enable_fips(flags);
}
@@ -304,7 +311,11 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
BOOL winpr_InitializeSSL(DWORD flags)
{
static INIT_ONCE once = INIT_ONCE_STATIC_INIT;
return InitOnceExecuteOnce(&once, _winpr_openssl_initialize, &flags, NULL);
if (!InitOnceExecuteOnce(&once, _winpr_openssl_initialize, &flags, NULL))
return FALSE;
return winpr_enable_fips(flags);
}
BOOL winpr_CleanupSSL(DWORD flags)