diff --git a/net/freerdp1/Makefile b/net/freerdp1/Makefile index 4c2778406ba0..a6d5a26edc37 100644 --- a/net/freerdp1/Makefile +++ b/net/freerdp1/Makefile @@ -3,7 +3,7 @@ PORTNAME= freerdp PORTVERSION= 1.2.0 -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= net comms ipv6 PKGNAMESUFFIX= 1 diff --git a/net/freerdp1/files/patch-git_1b5f5747 b/net/freerdp1/files/patch-git_1b5f5747 new file mode 100644 index 000000000000..39ec082de833 --- /dev/null +++ b/net/freerdp1/files/patch-git_1b5f5747 @@ -0,0 +1,30 @@ +--- winpr/libwinpr/bcrypt/CMakeLists.txt.orig 2014-09-11 22:46:32 UTC ++++ winpr/libwinpr/bcrypt/CMakeLists.txt +@@ -17,8 +17,3 @@ + + winpr_module_add(bcrypt.c) + +-winpr_include_directory_add( +- ${OPENSSL_INCLUDE_DIR} +- ${ZLIB_INCLUDE_DIRS}) +- +-winpr_library_add(${ZLIB_LIBRARIES}) +--- winpr/libwinpr/crypto/CMakeLists.txt.orig 2014-09-11 22:46:32 UTC ++++ winpr/libwinpr/crypto/CMakeLists.txt +@@ -20,6 +20,16 @@ winpr_module_add( + crypto.h + cert.c) + ++if(OPENSSL_FOUND) ++ winpr_include_directory_add(${OPENSSL_INCLUDE_DIR}) ++ winpr_library_add(${OPENSSL_LIBRARIES}) ++endif() ++ ++if(MBEDTLS_FOUND) ++ winpr_include_directory_add(${MBEDTLS_INCLUDE_DIR}) ++ winpr_library_add(${MBEDTLS_LIBRARIES}) ++endif() ++ + if(WIN32) + winpr_library_add(crypt32) + endif() diff --git a/net/freerdp1/files/patch-include_freerdp_crypto_crypto.h b/net/freerdp1/files/patch-include_freerdp_crypto_crypto.h new file mode 100644 index 000000000000..1f5d4495e524 --- /dev/null +++ b/net/freerdp1/files/patch-include_freerdp_crypto_crypto.h @@ -0,0 +1,23 @@ +--- include/freerdp/crypto/crypto.h.orig 2018-11-06 02:55:10 UTC ++++ include/freerdp/crypto/crypto.h +@@ -61,12 +61,20 @@ struct crypto_rc4_struct + + struct crypto_des3_struct + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *des3_ctx; ++#else + EVP_CIPHER_CTX des3_ctx; ++#endif + }; + + struct crypto_hmac_struct + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX *hmac_ctx; ++#else + HMAC_CTX hmac_ctx; ++#endif + }; + + struct crypto_cert_struct diff --git a/net/freerdp1/files/patch-libfreerdp_common_assistance.c b/net/freerdp1/files/patch-libfreerdp_common_assistance.c new file mode 100644 index 000000000000..3db652d46915 --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_common_assistance.c @@ -0,0 +1,156 @@ +--- libfreerdp/common/assistance.c.orig 2018-11-06 05:10:45 UTC ++++ libfreerdp/common/assistance.c +@@ -478,7 +478,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + int cbPassStubW; + int EncryptedSize; + BYTE PasswordHash[16]; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *rc4Ctx; ++#else + EVP_CIPHER_CTX rc4Ctx; ++#endif + BYTE *pbIn, *pbOut; + int cbOut, cbIn, cbFinal; + WCHAR* PasswordW = NULL; +@@ -516,9 +520,16 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + *((UINT32*) pbIn) = cbPassStubW; + CopyMemory(&pbIn[4], PassStubW, cbPassStubW); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ rc4Ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(rc4Ctx); ++ ++ status = EVP_EncryptInit_ex(rc4Ctx, EVP_rc4(), NULL, NULL, NULL); ++#else + EVP_CIPHER_CTX_init(&rc4Ctx); + + status = EVP_EncryptInit_ex(&rc4Ctx, EVP_rc4(), NULL, NULL, NULL); ++#endif + + if (!status) + { +@@ -526,7 +537,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_EncryptInit_ex(rc4Ctx, NULL, NULL, PasswordHash, NULL); ++#else + status = EVP_EncryptInit_ex(&rc4Ctx, NULL, NULL, PasswordHash, NULL); ++#endif + + if (!status) + { +@@ -537,7 +552,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + cbOut = cbFinal = 0; + cbIn = EncryptedSize; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_EncryptUpdate(rc4Ctx, pbOut, &cbOut, pbIn, cbIn); ++#else + status = EVP_EncryptUpdate(&rc4Ctx, pbOut, &cbOut, pbIn, cbIn); ++#endif + + if (!status) + { +@@ -545,7 +564,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_EncryptFinal_ex(rc4Ctx, pbOut + cbOut, &cbFinal); ++#else + status = EVP_EncryptFinal_ex(&rc4Ctx, pbOut + cbOut, &cbFinal); ++#endif + + if (!status) + { +@@ -553,7 +576,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_free(rc4Ctx); ++#else + EVP_CIPHER_CTX_cleanup(&rc4Ctx); ++#endif + + free(pbIn); + free(PasswordW); +@@ -571,7 +598,11 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + int cbPasswordW; + int cchOutW = 0; + WCHAR* pbOutW = NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *aesDec; ++#else + EVP_CIPHER_CTX aesDec; ++#endif + WCHAR* PasswordW = NULL; + BYTE *pbIn, *pbOut; + int cbOut, cbIn, cbFinal; +@@ -598,17 +629,31 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + + ZeroMemory(InitializationVector, sizeof(InitializationVector)); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ aesDec = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(aesDec); ++ ++ status = EVP_DecryptInit_ex(aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL); ++#else + EVP_CIPHER_CTX_init(&aesDec); + + status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL); ++#endif + + if (status != 1) + return -1; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_set_key_length(aesDec, (128 / 8)); ++ EVP_CIPHER_CTX_set_padding(aesDec, 0); ++ ++ status = EVP_DecryptInit_ex(aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector); ++#else + EVP_CIPHER_CTX_set_key_length(&aesDec, (128 / 8)); + EVP_CIPHER_CTX_set_padding(&aesDec, 0); + + status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector); ++#endif + + if (status != 1) + return -1; +@@ -621,12 +666,20 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + if (!pbOut) + return -1; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_DecryptUpdate(aesDec, pbOut, &cbOut, pbIn, cbIn); ++#else + status = EVP_DecryptUpdate(&aesDec, pbOut, &cbOut, pbIn, cbIn); ++#endif + + if (status != 1) + return -1; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_DecryptFinal_ex(aesDec, pbOut + cbOut, &cbFinal); ++#else + status = EVP_DecryptFinal_ex(&aesDec, pbOut + cbOut, &cbFinal); ++#endif + + if (status != 1) + { +@@ -634,7 +687,11 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + return -1; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_free(aesDec); ++#else + EVP_CIPHER_CTX_cleanup(&aesDec); ++#endif + + cbOut += cbFinal; + cbFinal = 0; diff --git a/net/freerdp1/files/patch-libfreerdp_core_certificate.c b/net/freerdp1/files/patch-libfreerdp_core_certificate.c new file mode 100644 index 000000000000..2ff354296410 --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_core_certificate.c @@ -0,0 +1,59 @@ +--- libfreerdp/core/certificate.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/core/certificate.c +@@ -32,6 +32,7 @@ + #include + + #include "certificate.h" ++#include "../crypto/opensslcompat.h" + + #define TAG "com.freerdp.core" + +@@ -652,6 +653,9 @@ rdpRsaKey* key_new(const char* keyfile) + FILE* fp; + RSA* rsa; + rdpRsaKey* key; ++ const BIGNUM *rsa_e = NULL; ++ const BIGNUM *rsa_n = NULL; ++ const BIGNUM *rsa_d = NULL; + key = (rdpRsaKey*)calloc(1, sizeof(rdpRsaKey)); + + if (!key) +@@ -692,31 +696,31 @@ rdpRsaKey* key_new(const char* keyfile) + ERR_print_errors_fp(stderr); + goto out_free_rsa; + } +- +- if (BN_num_bytes(rsa->e) > 4) ++ RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); ++ if (BN_num_bytes(rsa_e) > 4) + { + DEBUG_WARN("%s: RSA public exponent too large in %s\n", __FUNCTION__, keyfile); + goto out_free_rsa; + } + +- key->ModulusLength = BN_num_bytes(rsa->n); ++ key->ModulusLength = BN_num_bytes(rsa_n); + key->Modulus = (BYTE*)malloc(key->ModulusLength); + + if (!key->Modulus) + goto out_free_rsa; + +- BN_bn2bin(rsa->n, key->Modulus); ++ BN_bn2bin(rsa_n, key->Modulus); + crypto_reverse(key->Modulus, key->ModulusLength); +- key->PrivateExponentLength = BN_num_bytes(rsa->d); ++ key->PrivateExponentLength = BN_num_bytes(rsa_d); + key->PrivateExponent = (BYTE*)malloc(key->PrivateExponentLength); + + if (!key->PrivateExponent) + goto out_free_modulus; + +- BN_bn2bin(rsa->d, key->PrivateExponent); ++ BN_bn2bin(rsa_d, key->PrivateExponent); + crypto_reverse(key->PrivateExponent, key->PrivateExponentLength); + memset(key->exponent, 0, sizeof(key->exponent)); +- BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e)); ++ BN_bn2bin(rsa_e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa_e)); + crypto_reverse(key->exponent, sizeof(key->exponent)); + RSA_free(rsa); + return key; diff --git a/net/freerdp1/files/patch-libfreerdp_core_tcp.c b/net/freerdp1/files/patch-libfreerdp_core_tcp.c new file mode 100644 index 000000000000..8dc04bf8cdda --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_core_tcp.c @@ -0,0 +1,338 @@ +--- libfreerdp/core/tcp.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/core/tcp.c +@@ -71,6 +71,7 @@ + #include + + #include "tcp.h" ++#include "../crypto/opensslcompat.h" + + /* Simple Socket BIO */ + +@@ -86,13 +87,14 @@ static int transport_bio_simple_write(BIO* bio, const + { + int error; + int status = 0; ++ int socket = (int)BIO_get_data(bio); + + if (!buf) + return 0; + + BIO_clear_flags(bio, BIO_FLAGS_WRITE); + +- status = _send((SOCKET) bio->num, buf, size, 0); ++ status = _send(socket, buf, size, 0); + + if (status <= 0) + { +@@ -116,13 +118,14 @@ static int transport_bio_simple_read(BIO* bio, char* b + { + int error; + int status = 0; ++ int socket = (int)BIO_get_data(bio); + + if (!buf) + return 0; + + BIO_clear_flags(bio, BIO_FLAGS_READ); + +- status = _recv((SOCKET) bio->num, buf, size, 0); ++ status = _recv(socket, buf, size, 0); + if (status > 0) + return status; + +@@ -160,6 +163,7 @@ static int transport_bio_simple_gets(BIO* bio, char* s + static long transport_bio_simple_ctrl(BIO* bio, int cmd, long arg1, void* arg2) + { + int status = -1; ++ int socket = (int)BIO_get_data(bio); + + switch (cmd) + { +@@ -167,29 +171,29 @@ static long transport_bio_simple_ctrl(BIO* bio, int cm + if (arg2) + { + transport_bio_simple_free(bio); +- bio->flags = BIO_FLAGS_SHOULD_RETRY; +- bio->num = *((int*) arg2); +- bio->shutdown = (int) arg1; +- bio->init = 1; ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); ++ BIO_set_data(bio, *((int *) arg2)); ++ BIO_set_shutdown(bio, (int) arg1); ++ BIO_set_init(bio, 1); + status = 1; + } + break; + + case BIO_C_GET_FD: +- if (bio->init) ++ if (BIO_get_init(bio)) + { + if (arg2) +- *((int*) arg2) = bio->num; +- status = bio->num; ++ *((int*) arg2) = socket; ++ status = socket; + } + break; + + case BIO_CTRL_GET_CLOSE: +- status = bio->shutdown; ++ status = BIO_get_shutdown(bio); + break; + + case BIO_CTRL_SET_CLOSE: +- bio->shutdown = (int) arg1; ++ BIO_set_shutdown(bio, (int) arg1); + status = 1; + break; + +@@ -211,47 +215,49 @@ static long transport_bio_simple_ctrl(BIO* bio, int cm + + static int transport_bio_simple_new(BIO* bio) + { +- bio->init = 0; +- bio->num = 0; +- bio->ptr = NULL; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; ++ ++ BIO_set_init(bio, 0); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + return 1; + } + + static int transport_bio_simple_free(BIO* bio) + { ++ int socket = (int)BIO_get_data(bio); + if (!bio) + return 0; + +- if (bio->shutdown) ++ if (BIO_get_shutdown(bio)) + { +- if (bio->init) +- closesocket((SOCKET) bio->num); ++ if (BIO_get_init(bio)) ++ closesocket(socket); + +- bio->init = 0; +- bio->flags = 0; ++ BIO_set_init(bio, 0); ++ BIO_set_flags(bio, 0); ++ BIO_set_data(bio, 0); + } + + return 1; + } + +-static BIO_METHOD transport_bio_simple_socket_methods = +-{ +- BIO_TYPE_SIMPLE, +- "SimpleSocket", +- transport_bio_simple_write, +- transport_bio_simple_read, +- transport_bio_simple_puts, +- transport_bio_simple_gets, +- transport_bio_simple_ctrl, +- transport_bio_simple_new, +- transport_bio_simple_free, +- NULL, +-}; +- + BIO_METHOD* BIO_s_simple_socket(void) + { +- return &transport_bio_simple_socket_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_SIMPLE, "SimpleSocket"))) ++ return NULL; ++ BIO_meth_set_write(bio_methods, transport_bio_simple_write); ++ BIO_meth_set_read(bio_methods, transport_bio_simple_read); ++ BIO_meth_set_puts(bio_methods, transport_bio_simple_puts); ++ BIO_meth_set_gets(bio_methods, transport_bio_simple_gets); ++ BIO_meth_set_ctrl(bio_methods, transport_bio_simple_ctrl); ++ BIO_meth_set_create(bio_methods, transport_bio_simple_new); ++ BIO_meth_set_destroy(bio_methods, transport_bio_simple_free); ++ } ++ return bio_methods; + } + + /* Buffered Socket BIO */ +@@ -264,7 +270,8 @@ long transport_bio_buffered_callback(BIO* bio, int mod + static int transport_bio_buffered_write(BIO* bio, const char* buf, int num) + { + int status, ret; +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); ++ BIO *next_bio = NULL; + int nchunks, committedBytes, i; + DataChunk chunks[2]; + +@@ -283,23 +290,24 @@ static int transport_bio_buffered_write(BIO* bio, cons + + committedBytes = 0; + nchunks = ringbuffer_peek(&tcp->xmitBuffer, chunks, ringbuffer_used(&tcp->xmitBuffer)); ++ next_bio = BIO_next(bio); + + for (i = 0; i < nchunks; i++) + { + while (chunks[i].size) + { +- status = BIO_write(bio->next_bio, chunks[i].data, chunks[i].size); ++ status = BIO_write(next_bio, chunks[i].data, chunks[i].size); + + if (status <= 0) + { +- if (!BIO_should_retry(bio->next_bio)) ++ if (!BIO_should_retry(next_bio)) + { + BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY); + ret = -1; /* fatal error */ + goto out; + } + +- if (BIO_should_write(bio->next_bio)) ++ if (BIO_should_write(next_bio)) + { + BIO_set_flags(bio, BIO_FLAGS_WRITE); + tcp->writeBlocked = TRUE; +@@ -321,16 +329,17 @@ out: + static int transport_bio_buffered_read(BIO* bio, char* buf, int size) + { + int status; +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); ++ BIO* next_bio = BIO_next(bio); + + tcp->readBlocked = FALSE; + BIO_clear_flags(bio, BIO_FLAGS_READ); + +- status = BIO_read(bio->next_bio, buf, size); ++ status = BIO_read(next_bio, buf, size); + + if (status <= 0) + { +- if (!BIO_should_retry(bio->next_bio)) ++ if (!BIO_should_retry(next_bio)) + { + BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY); + goto out; +@@ -338,7 +347,7 @@ static int transport_bio_buffered_read(BIO* bio, char* + + BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + +- if (BIO_should_read(bio->next_bio)) ++ if (BIO_should_read(next_bio)) + { + BIO_set_flags(bio, BIO_FLAGS_READ); + tcp->readBlocked = TRUE; +@@ -362,7 +371,7 @@ static int transport_bio_buffered_gets(BIO* bio, char* + + static long transport_bio_buffered_ctrl(BIO* bio, int cmd, long arg1, void* arg2) + { +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); + + switch (cmd) + { +@@ -376,7 +385,7 @@ static long transport_bio_buffered_ctrl(BIO* bio, int + return 0; + + default: +- return BIO_ctrl(bio->next_bio, cmd, arg1, arg2); ++ return BIO_ctrl(BIO_next(bio), cmd, arg1, arg2); + } + + return 0; +@@ -384,10 +393,9 @@ static long transport_bio_buffered_ctrl(BIO* bio, int + + static int transport_bio_buffered_new(BIO* bio) + { +- bio->init = 1; +- bio->num = 0; +- bio->ptr = NULL; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; ++ BIO_set_init(bio, 1); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + return 1; + } + +@@ -396,29 +404,28 @@ static int transport_bio_buffered_free(BIO* bio) + return 1; + } + +-static BIO_METHOD transport_bio_buffered_socket_methods = +-{ +- BIO_TYPE_BUFFERED, +- "BufferedSocket", +- transport_bio_buffered_write, +- transport_bio_buffered_read, +- transport_bio_buffered_puts, +- transport_bio_buffered_gets, +- transport_bio_buffered_ctrl, +- transport_bio_buffered_new, +- transport_bio_buffered_free, +- NULL, +-}; +- + BIO_METHOD* BIO_s_buffered_socket(void) + { +- return &transport_bio_buffered_socket_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_BUFFERED, "BufferedSocket"))) ++ return NULL; ++ BIO_meth_set_write(bio_methods, transport_bio_buffered_write); ++ BIO_meth_set_read(bio_methods, transport_bio_buffered_read); ++ BIO_meth_set_puts(bio_methods, transport_bio_buffered_puts); ++ BIO_meth_set_gets(bio_methods, transport_bio_buffered_gets); ++ BIO_meth_set_ctrl(bio_methods, transport_bio_buffered_ctrl); ++ BIO_meth_set_create(bio_methods, transport_bio_buffered_new); ++ BIO_meth_set_destroy(bio_methods, transport_bio_buffered_free); ++ } ++ return bio_methods; + } + + BOOL transport_bio_buffered_drain(BIO *bio) + { + int status; +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); + + if (!ringbuffer_used(&tcp->xmitBuffer)) + return 1; +@@ -527,7 +534,10 @@ BOOL tcp_connect(rdpTcp* tcp, const char* hostname, in + if (!tcp->socketBio) + return FALSE; + +- if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_int_port(tcp->socketBio, &port) < 0) ++ char strport[10]; ++ /* XXX HACK */ ++ snprintf(strport, 10, "%d", port); ++ if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_port(tcp->socketBio, strport) < 0) + return FALSE; + + BIO_set_nbio(tcp->socketBio, 1); +@@ -620,7 +630,7 @@ BOOL tcp_connect(rdpTcp* tcp, const char* hostname, in + if (!tcp->bufferedBio) + return FALSE; + +- tcp->bufferedBio->ptr = tcp; ++ BIO_set_data(tcp->bufferedBio, tcp); + + tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio); + +@@ -771,7 +781,7 @@ int tcp_attach(rdpTcp* tcp, int sockfd) + if (!tcp->bufferedBio) + return FALSE; + +- tcp->bufferedBio->ptr = tcp; ++ BIO_set_data(tcp->bufferedBio, tcp); + + tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio); + } diff --git a/net/freerdp1/files/patch-libfreerdp_core_transport.c b/net/freerdp1/files/patch-libfreerdp_core_transport.c new file mode 100644 index 000000000000..6aec41b8d367 --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_core_transport.c @@ -0,0 +1,92 @@ +--- libfreerdp/core/transport.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/core/transport.c +@@ -54,6 +54,7 @@ + #include "fastpath.h" + #include "transport.h" + #include "rdp.h" ++#include "../crypto/opensslcompat.h" + + #define TAG FREERDP_TAG("core") + +@@ -122,7 +123,7 @@ static int transport_bio_tsg_write(BIO* bio, const cha + { + int status; + rdpTsg* tsg; +- tsg = (rdpTsg*) bio->ptr; ++ tsg = (rdpTsg*) BIO_get_data(bio); + BIO_clear_flags(bio, BIO_FLAGS_WRITE); + status = tsg_write(tsg, (BYTE*) buf, num); + +@@ -142,9 +143,9 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, + { + int status; + rdpTsg* tsg; +- tsg = (rdpTsg*) bio->ptr; ++ tsg = (rdpTsg*) BIO_get_data(bio); + BIO_clear_flags(bio, BIO_FLAGS_READ); +- status = tsg_read(bio->ptr, (BYTE*) buf, size); ++ status = tsg_read(tsg, (BYTE*) buf, size); + + if (status < 0) + { +@@ -180,10 +181,9 @@ static long transport_bio_tsg_ctrl(BIO* bio, int cmd, + + static int transport_bio_tsg_new(BIO* bio) + { +- bio->init = 1; +- bio->num = 0; +- bio->ptr = NULL; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; ++ BIO_set_init(bio, 1); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + return 1; + } + +@@ -194,23 +194,22 @@ static int transport_bio_tsg_free(BIO* bio) + + #define BIO_TYPE_TSG 65 + +-static BIO_METHOD transport_bio_tsg_methods = +-{ +- BIO_TYPE_TSG, +- "TSGateway", +- transport_bio_tsg_write, +- transport_bio_tsg_read, +- transport_bio_tsg_puts, +- transport_bio_tsg_gets, +- transport_bio_tsg_ctrl, +- transport_bio_tsg_new, +- transport_bio_tsg_free, +- NULL, +-}; +- + BIO_METHOD* BIO_s_tsg(void) + { +- return &transport_bio_tsg_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway"))) ++ return NULL; ++ BIO_meth_set_write(bio_methods, transport_bio_tsg_write); ++ BIO_meth_set_read(bio_methods, transport_bio_tsg_read); ++ BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts); ++ BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets); ++ BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl); ++ BIO_meth_set_create(bio_methods, transport_bio_tsg_new); ++ BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free); ++ } ++ return bio_methods; + } + + BOOL transport_connect_tls(rdpTransport* transport) +@@ -426,7 +425,7 @@ BOOL transport_tsg_connect(rdpTransport* transport, co + return FALSE; + + transport->frontBio = BIO_new(BIO_s_tsg()); +- transport->frontBio->ptr = tsg; ++ BIO_set_data(transport->frontBio, tsg); + return TRUE; + } + diff --git a/net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt b/net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt new file mode 100644 index 000000000000..784fd0bccdbc --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt @@ -0,0 +1,12 @@ +--- libfreerdp/crypto/CMakeLists.txt.orig 2018-11-15 22:43:06 UTC ++++ libfreerdp/crypto/CMakeLists.txt +@@ -26,7 +26,8 @@ freerdp_module_add( + base64.c + certificate.c + crypto.c +- tls.c) ++ tls.c ++ opensslcompat.c) + + freerdp_include_directory_add(${OPENSSL_INCLUDE_DIR}) + freerdp_include_directory_add(${ZLIB_INCLUDE_DIRS}) diff --git a/net/freerdp1/files/patch-libfreerdp_crypto_crypto.c b/net/freerdp1/files/patch-libfreerdp_crypto_crypto.c new file mode 100644 index 000000000000..7ae6e5e1c3d6 --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_crypto_crypto.c @@ -0,0 +1,189 @@ +--- libfreerdp/crypto/crypto.c.orig 2018-11-06 02:56:44 UTC ++++ libfreerdp/crypto/crypto.c +@@ -92,9 +92,16 @@ CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, c + if (!des3) + return NULL; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ des3->des3_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(des3->des3_ctx); ++ EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); ++ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); ++#else + EVP_CIPHER_CTX_init(&des3->des3_ctx); + EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); + EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); ++#endif + return des3; + } + +@@ -103,23 +110,37 @@ CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, c + CryptoDes3 des3 = malloc(sizeof(*des3)); + if (!des3) + return NULL; +- ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ des3->des3_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(des3->des3_ctx); ++ EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); ++ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); ++#else + EVP_CIPHER_CTX_init(&des3->des3_ctx); + EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); + EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); ++#endif + return des3; + } + + void crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data) + { + int len; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); ++#else + EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); ++#endif + } + + void crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data) + { + int len; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); ++#else + EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); ++#endif + + if (length != len) + abort(); /* TODO */ +@@ -129,7 +150,12 @@ void crypto_des3_free(CryptoDes3 des3) + { + if (des3 == NULL) + return; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_cleanup(des3->des3_ctx); ++ EVP_CIPHER_CTX_free(des3->des3_ctx); ++#else + EVP_CIPHER_CTX_cleanup(&des3->des3_ctx); ++#endif + free(des3); + } + +@@ -139,28 +165,48 @@ CryptoHmac crypto_hmac_new(void) + if (!hmac) + return NULL; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ hmac->hmac_ctx = HMAC_CTX_new(); ++#else + HMAC_CTX_init(&hmac->hmac_ctx); ++#endif + return hmac; + } + + void crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE* data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL); ++#else + HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL); ++#endif + } + + void crypto_hmac_md5_init(CryptoHmac hmac, const BYTE* data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_md5(), NULL); ++#else + HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_md5(), NULL); ++#endif + } + + void crypto_hmac_update(CryptoHmac hmac, const BYTE* data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Update(hmac->hmac_ctx, data, length); ++#else + HMAC_Update(&hmac->hmac_ctx, data, length); ++#endif + } + + void crypto_hmac_final(CryptoHmac hmac, BYTE* out_data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Final(hmac->hmac_ctx, out_data, &length); ++#else + HMAC_Final(&hmac->hmac_ctx, out_data, &length); ++#endif + } + + void crypto_hmac_free(CryptoHmac hmac) +@@ -168,7 +214,11 @@ void crypto_hmac_free(CryptoHmac hmac) + if (hmac == NULL) + return; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX_free(hmac->hmac_ctx); ++#else + HMAC_CTX_cleanup(&hmac->hmac_ctx); ++#endif + free(hmac); + } + +@@ -236,7 +286,11 @@ static int crypto_rsa_common(const BYTE* input, int le + BYTE* input_reverse; + BYTE* modulus_reverse; + BYTE* exponent_reverse; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ BIGNUM *mod, *exp, *x, *y; ++#else + BIGNUM mod, exp, x, y; ++#endif + + input_reverse = (BYTE*) malloc(2 * key_length + exponent_size); + if (!input_reverse) +@@ -254,6 +308,18 @@ static int crypto_rsa_common(const BYTE* input, int le + ctx = BN_CTX_new(); + if (!ctx) + goto out_free_input_reverse; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ mod = BN_new(); ++ exp = BN_new(); ++ x = BN_new(); ++ y = BN_new(); ++ ++ BN_bin2bn(modulus_reverse, key_length, mod); ++ BN_bin2bn(exponent_reverse, exponent_size, exp); ++ BN_bin2bn(input_reverse, length, x); ++ BN_mod_exp(y, x, exp, mod, ctx); ++ output_length = BN_bn2bin(y, output); ++#else + BN_init(&mod); + BN_init(&exp); + BN_init(&x); +@@ -263,17 +329,24 @@ static int crypto_rsa_common(const BYTE* input, int le + BN_bin2bn(exponent_reverse, exponent_size, &exp); + BN_bin2bn(input_reverse, length, &x); + BN_mod_exp(&y, &x, &exp, &mod, ctx); +- + output_length = BN_bn2bin(&y, output); ++#endif + crypto_reverse(output, output_length); + + if (output_length < (int) key_length) + memset(output + output_length, 0, key_length - output_length); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ BN_free(y); ++ BN_clear_free(x); ++ BN_free(exp); ++ BN_free(mod); ++#else + BN_free(&y); + BN_clear_free(&x); + BN_free(&exp); + BN_free(&mod); ++#endif + BN_CTX_free(ctx); + + out_free_input_reverse: diff --git a/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c b/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c new file mode 100644 index 000000000000..544f0ab3064c --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c @@ -0,0 +1,47 @@ +--- libfreerdp/crypto/opensslcompat.c.orig 2018-11-15 22:42:44 UTC ++++ libfreerdp/crypto/opensslcompat.c +@@ -0,0 +1,44 @@ ++/** ++ * FreeRDP: A Remote Desktop Protocol Implementation ++ * OpenSSL Compatibility ++ * ++ * Copyright (C) 2016 Norbert Federa ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include "opensslcompat.h" ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++BIO_METHOD* BIO_meth_new(int type, const char* name) ++{ ++ BIO_METHOD* m; ++ if (!(m = calloc(1, sizeof(BIO_METHOD)))) ++ return NULL; ++ m->type = type; ++ m->name = name; ++ return m; ++} ++ ++void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++ ++#endif /* OPENSSL < 1.1.0 */ diff --git a/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h b/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h new file mode 100644 index 000000000000..f2ddc9e9a6b7 --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h @@ -0,0 +1,64 @@ +--- libfreerdp/crypto/opensslcompat.h.orig 2018-11-15 22:42:46 UTC ++++ libfreerdp/crypto/opensslcompat.h +@@ -0,0 +1,61 @@ ++/** ++ * FreeRDP: A Remote Desktop Protocol Implementation ++ * OpenSSL Compatibility ++ * ++ * Copyright (C) 2016 Norbert Federa ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#ifndef FREERDP_CRYPTO_OPENSSLCOMPAT_H ++#define FREERDP_CRYPTO_OPENSSLCOMPAT_H ++ ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif ++ ++#include ++ ++#include ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include ++#include ++#include ++ ++#define BIO_get_data(b) (b)->ptr ++#define BIO_set_data(b,v) (b)->ptr = v ++#define BIO_get_init(b) (b)->init ++#define BIO_set_init(b,v) (b)->init = v ++#define BIO_get_next(b,v) (b)->next_bio ++#define BIO_set_next(b,v) (b)->next_bio = v ++#define BIO_get_shutdown(b) (b)->shutdown ++#define BIO_set_shutdown(b,v) (b)->shutdown = v ++#define BIO_get_retry_reason(b) (b)->retry_reason ++#define BIO_set_retry_reason(b,v) (b)->retry_reason = v ++ ++#define BIO_meth_set_write(b,f) (b)->bwrite = (f) ++#define BIO_meth_set_read(b,f) (b)->bread = (f) ++#define BIO_meth_set_puts(b,f) (b)->bputs = (f) ++#define BIO_meth_set_gets(b,f) (b)->bgets = (f) ++#define BIO_meth_set_ctrl(b,f) (b)->ctrl = (f) ++#define BIO_meth_set_create(b,f) (b)->create = (f) ++#define BIO_meth_set_destroy(b,f) (b)->destroy = (f) ++#define BIO_meth_set_callback_ctrl(b,f) (b)->callback_ctrl = (f) ++ ++BIO_METHOD* BIO_meth_new(int type, const char* name); ++void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d); ++ ++#endif /* OPENSSL < 1.1.0 */ ++#endif /* FREERDP_CRYPTO_OPENSSLCOMPAT_H */ diff --git a/net/freerdp1/files/patch-libfreerdp_crypto_tls.c b/net/freerdp1/files/patch-libfreerdp_crypto_tls.c new file mode 100644 index 000000000000..12340a8ae2d6 --- /dev/null +++ b/net/freerdp1/files/patch-libfreerdp_crypto_tls.c @@ -0,0 +1,396 @@ +--- libfreerdp/crypto/tls.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/crypto/tls.c +@@ -34,6 +34,7 @@ + #include + #include + #include "../core/tcp.h" ++#include "opensslcompat.h" + + #ifdef HAVE_POLL_H + #include +@@ -55,7 +56,7 @@ static int bio_rdp_tls_write(BIO* bio, const char* buf + { + int error; + int status; +- BIO_RDP_TLS* tls = (BIO_RDP_TLS*) bio->ptr; ++ BIO_RDP_TLS* tls = (BIO_RDP_TLS*) BIO_get_data(bio); + + if (!buf || !tls) + return 0; +@@ -82,12 +83,12 @@ static int bio_rdp_tls_write(BIO* bio, const char* buf + + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL); +- bio->retry_reason = BIO_RR_SSL_X509_LOOKUP; ++ BIO_set_retry_reason(bio, BIO_RR_SSL_X509_LOOKUP); + break; + + case SSL_ERROR_WANT_CONNECT: + BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL); +- bio->retry_reason = BIO_RR_CONNECT; ++ BIO_set_retry_reason(bio, BIO_RR_CONNECT); + break; + + case SSL_ERROR_SYSCALL: +@@ -116,7 +117,7 @@ static int bio_rdp_tls_read(BIO* bio, char* buf, int s + { + int error; + int status; +- BIO_RDP_TLS* tls = (BIO_RDP_TLS*) bio->ptr; ++ BIO_RDP_TLS* tls = (BIO_RDP_TLS*) BIO_get_data(bio); + + if (!buf || !tls) + return 0; +@@ -143,17 +144,17 @@ static int bio_rdp_tls_read(BIO* bio, char* buf, int s + + case SSL_ERROR_WANT_X509_LOOKUP: + BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL); +- bio->retry_reason = BIO_RR_SSL_X509_LOOKUP; ++ BIO_set_retry_reason(bio, BIO_RR_SSL_X509_LOOKUP); + break; + + case SSL_ERROR_WANT_ACCEPT: + BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL); +- bio->retry_reason = BIO_RR_ACCEPT; ++ BIO_set_retry_reason(bio, BIO_RR_ACCEPT); + break; + + case SSL_ERROR_WANT_CONNECT: + BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL); +- bio->retry_reason = BIO_RR_CONNECT; ++ BIO_set_retry_reason(bio, BIO_RR_CONNECT); + break; + + case SSL_ERROR_SSL: +@@ -203,9 +204,11 @@ static int bio_rdp_tls_gets(BIO* bio, char* str, int s + + static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long num, void* ptr) + { +- BIO* rbio; ++ BIO* ssl_rbio; ++ BIO* ssl_wbio; ++ BIO* next_bio; + int status = -1; +- BIO_RDP_TLS* tls = (BIO_RDP_TLS*) bio->ptr; ++ BIO_RDP_TLS* tls = (BIO_RDP_TLS*) BIO_get_data(bio); + + if (!tls) + return 0; +@@ -213,28 +216,32 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n + if (!tls->ssl && (cmd != BIO_C_SET_SSL)) + return 0; + ++ next_bio = BIO_next(bio); ++ ssl_rbio = tls->ssl ? SSL_get_rbio(tls->ssl) : NULL; ++ ssl_wbio = tls->ssl ? SSL_get_wbio(tls->ssl) : NULL; ++ + switch (cmd) + { + case BIO_CTRL_RESET: + SSL_shutdown(tls->ssl); + +- if (tls->ssl->handshake_func == tls->ssl->method->ssl_connect) ++ if (SSL_in_connect_init(tls->ssl)) + SSL_set_connect_state(tls->ssl); +- else if (tls->ssl->handshake_func == tls->ssl->method->ssl_accept) ++ else if (SSL_in_accept_init(tls->ssl)) + SSL_set_accept_state(tls->ssl); + + SSL_clear(tls->ssl); + +- if (bio->next_bio) +- status = BIO_ctrl(bio->next_bio, cmd, num, ptr); +- else if (tls->ssl->rbio) +- status = BIO_ctrl(tls->ssl->rbio, cmd, num, ptr); ++ if (next_bio) ++ status = BIO_ctrl(next_bio, cmd, num, ptr); ++ else if (ssl_rbio) ++ status = BIO_ctrl(ssl_rbio, cmd, num, ptr); + else + status = 1; + break; + + case BIO_C_GET_FD: +- status = BIO_ctrl(tls->ssl->rbio, cmd, num, ptr); ++ status = BIO_ctrl(ssl_rbio, cmd, num, ptr); + break; + + case BIO_CTRL_INFO: +@@ -259,36 +266,41 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n + break; + + case BIO_CTRL_GET_CLOSE: +- status = bio->shutdown; ++ status = BIO_get_shutdown(bio); + break; + + case BIO_CTRL_SET_CLOSE: +- bio->shutdown = (int) num; ++ BIO_set_shutdown(bio, (int) num); + status = 1; + break; + + case BIO_CTRL_WPENDING: +- status = BIO_ctrl(tls->ssl->wbio, cmd, num, ptr); ++ status = BIO_ctrl(ssl_wbio, cmd, num, ptr); + break; + + case BIO_CTRL_PENDING: + status = SSL_pending(tls->ssl); + if (status == 0) +- status = BIO_pending(tls->ssl->rbio); ++ status = BIO_pending(ssl_rbio); + break; + + case BIO_CTRL_FLUSH: + BIO_clear_retry_flags(bio); +- status = BIO_ctrl(tls->ssl->wbio, cmd, num, ptr); ++ status = BIO_ctrl(ssl_wbio, cmd, num, ptr); + BIO_copy_next_retry(bio); + status = 1; + break; + + case BIO_CTRL_PUSH: +- if (bio->next_bio && (bio->next_bio != tls->ssl->rbio)) ++ if (next_bio && (next_bio != ssl_rbio)) + { +- SSL_set_bio(tls->ssl, bio->next_bio, bio->next_bio); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ SSL_set_bio(tls->ssl, next_bio, next_bio); + CRYPTO_add(&(bio->next_bio->references), 1, CRYPTO_LOCK_BIO); ++#else ++ BIO_up_ref(next_bio); ++ SSL_set_bio(tls->ssl, next_bio, next_bio); ++#endif + } + status = 1; + break; +@@ -296,13 +308,17 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n + case BIO_CTRL_POP: + if (bio == ptr) + { +- if (tls->ssl->rbio != tls->ssl->wbio) +- BIO_free_all(tls->ssl->wbio); ++ if (ssl_rbio != ssl_wbio) ++ BIO_free_all(ssl_wbio); + +- if (bio->next_bio) ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ if (next_bio) + CRYPTO_add(&(bio->next_bio->references), -1, CRYPTO_LOCK_BIO); + + tls->ssl->wbio = tls->ssl->rbio = NULL; ++#else ++ SSL_set_bio(tls->ssl, NULL, NULL); ++#endif + } + status = 1; + break; +@@ -316,29 +332,34 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n + break; + + case BIO_C_SET_SSL: +- bio->shutdown = (int) num; ++ BIO_set_shutdown(bio, (int) num); + +- if (ptr) ++ if (ptr) { + tls->ssl = (SSL*) ptr; ++ ssl_rbio = SSL_get_rbio(tls->ssl); ++ ssl_wbio = SSL_get_wbio(tls->ssl); ++ } + +- rbio = SSL_get_rbio(tls->ssl); +- +- if (rbio) ++ if (ssl_rbio) + { +- if (bio->next_bio) +- BIO_push(rbio, bio->next_bio); ++ if (next_bio) ++ BIO_push(ssl_rbio, next_bio); + +- bio->next_bio = rbio; +- CRYPTO_add(&(rbio->references), 1, CRYPTO_LOCK_BIO); ++ BIO_set_next(bio, ssl_rbio); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ CRYPTO_add(&(ssl_rbio->references), 1, CRYPTO_LOCK_BIO); ++#else ++ BIO_up_ref(ssl_rbio); ++#endif + } + +- bio->init = 1; ++ BIO_set_init(bio, 1); + status = 1; + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_WRITE | BIO_FLAGS_IO_SPECIAL); +- bio->retry_reason = 0; ++ BIO_set_retry_reason(bio, 0); + + status = SSL_do_handshake(tls->ssl); + +@@ -356,7 +377,7 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n + + case SSL_ERROR_WANT_CONNECT: + BIO_set_flags(bio, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY); +- bio->retry_reason = bio->next_bio->retry_reason; ++ BIO_set_retry_reason(bio, BIO_get_retry_reason(next_bio)); + break; + + default: +@@ -367,7 +388,7 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long n + break; + + default: +- status = BIO_ctrl(tls->ssl->rbio, cmd, num, ptr); ++ status = BIO_ctrl(ssl_rbio, cmd, num, ptr); + break; + } + +@@ -378,17 +399,16 @@ static int bio_rdp_tls_new(BIO* bio) + { + BIO_RDP_TLS* tls; + +- bio->init = 0; +- bio->num = 0; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; +- bio->next_bio = NULL; ++ BIO_set_init(bio, 0); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + + tls = calloc(1, sizeof(BIO_RDP_TLS)); + + if (!tls) + return 0; + +- bio->ptr = (void*) tls; ++ BIO_set_data(bio, (void*) tls); + + return 1; + } +@@ -400,21 +420,21 @@ static int bio_rdp_tls_free(BIO* bio) + if (!bio) + return 0; + +- tls = (BIO_RDP_TLS*) bio->ptr; ++ tls = (BIO_RDP_TLS*) BIO_get_data(bio); + + if (!tls) + return 0; + +- if (bio->shutdown) ++ if (BIO_get_shutdown(bio)) + { +- if (bio->init && tls->ssl) ++ if (BIO_get_init(bio) && tls->ssl) + { + SSL_shutdown(tls->ssl); + SSL_free(tls->ssl); + } + +- bio->init = 0; +- bio->flags = 0; ++ BIO_set_init(bio, 0); ++ BIO_set_flags(bio, 0); + } + + free(tls); +@@ -430,7 +450,7 @@ static long bio_rdp_tls_callback_ctrl(BIO* bio, int cm + if (!bio) + return 0; + +- tls = (BIO_RDP_TLS*) bio->ptr; ++ tls = (BIO_RDP_TLS*) BIO_get_data(bio); + + if (!tls) + return 0; +@@ -443,7 +463,7 @@ static long bio_rdp_tls_callback_ctrl(BIO* bio, int cm + break; + + default: +- status = BIO_callback_ctrl(tls->ssl->rbio, cmd, fp); ++ status = BIO_callback_ctrl(SSL_get_rbio(tls->ssl), cmd, fp); + break; + } + +@@ -452,23 +472,26 @@ static long bio_rdp_tls_callback_ctrl(BIO* bio, int cm + + #define BIO_TYPE_RDP_TLS 68 + +-static BIO_METHOD bio_rdp_tls_methods = +-{ +- BIO_TYPE_RDP_TLS, +- "RdpTls", +- bio_rdp_tls_write, +- bio_rdp_tls_read, +- bio_rdp_tls_puts, +- bio_rdp_tls_gets, +- bio_rdp_tls_ctrl, +- bio_rdp_tls_new, +- bio_rdp_tls_free, +- bio_rdp_tls_callback_ctrl, +-}; +- + BIO_METHOD* BIO_s_rdp_tls(void) + { +- return &bio_rdp_tls_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_RDP_TLS, "RdpTls"))) ++ return NULL; ++ ++ BIO_meth_set_write(bio_methods, bio_rdp_tls_write); ++ BIO_meth_set_read(bio_methods, bio_rdp_tls_read); ++ BIO_meth_set_puts(bio_methods, bio_rdp_tls_puts); ++ BIO_meth_set_gets(bio_methods, bio_rdp_tls_gets); ++ BIO_meth_set_ctrl(bio_methods, bio_rdp_tls_ctrl); ++ BIO_meth_set_create(bio_methods, bio_rdp_tls_new); ++ BIO_meth_set_destroy(bio_methods, bio_rdp_tls_free); ++ BIO_meth_set_callback_ctrl(bio_methods, bio_rdp_tls_callback_ctrl); ++ } ++ ++ return bio_methods; + } + + BIO* BIO_new_rdp_tls(SSL_CTX* ctx, int client) +@@ -825,6 +848,8 @@ BOOL tls_disconnect(rdpTls* tls) + if (!tls->ssl) + return TRUE; + ++ /* Not functional with newer OpenSSL */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (tls->alertDescription != TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY) + { + /** +@@ -855,6 +880,7 @@ BOOL tls_disconnect(rdpTls* tls) + { + SSL_shutdown(tls->ssl); + } ++#endif + + return TRUE; + } +@@ -868,7 +894,7 @@ BIO *findBufferedBio(BIO *front) + { + if (BIO_method_type(ret) == BIO_TYPE_BUFFERED) + return ret; +- ret = ret->next_bio; ++ ret = BIO_next(ret); + } + + return ret; +@@ -896,7 +922,7 @@ int tls_write_all(rdpTls* tls, const BYTE* data, int l + return -1; + } + +- tcp = (rdpTcp*) bufferedBio->ptr; ++ tcp = (rdpTcp*) BIO_get_data(bufferedBio); + + do + { diff --git a/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.c b/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.c new file mode 100644 index 000000000000..e95843135763 --- /dev/null +++ b/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.c @@ -0,0 +1,57 @@ +--- winpr/libwinpr/crypto/crypto.c.orig 2018-11-06 02:41:23 UTC ++++ winpr/libwinpr/crypto/crypto.c +@@ -177,20 +177,37 @@ BOOL CryptProtectMemory(LPVOID pData, DWORD cbData, DW + + SecureZeroMemory(randomKey, sizeof(randomKey)); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ pMemBlock->enc = EVP_CIPHER_CTX_new(); ++ pMemBlock->dec = EVP_CIPHER_CTX_new(); ++ ++ EVP_CIPHER_CTX_init(pMemBlock->enc); ++ EVP_EncryptInit_ex(pMemBlock->enc, EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv); ++ ++ EVP_CIPHER_CTX_init(pMemBlock->dec); ++ EVP_DecryptInit_ex(pMemBlock->dec, EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv); ++#else + EVP_CIPHER_CTX_init(&(pMemBlock->enc)); + EVP_EncryptInit_ex(&(pMemBlock->enc), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv); + + EVP_CIPHER_CTX_init(&(pMemBlock->dec)); + EVP_DecryptInit_ex(&(pMemBlock->dec), EVP_aes_256_cbc(), NULL, pMemBlock->key, pMemBlock->iv); ++#endif + + /* AES Encryption */ + + cbOut = pMemBlock->cbData + AES_BLOCK_SIZE - 1; + pCipherText = (BYTE*) malloc(cbOut); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_EncryptInit_ex(pMemBlock->enc, NULL, NULL, NULL, NULL); ++ EVP_EncryptUpdate(pMemBlock->enc, pCipherText, &cbOut, pMemBlock->pData, pMemBlock->cbData); ++ EVP_EncryptFinal_ex(pMemBlock->enc, pCipherText + cbOut, &cbFinal); ++#else + EVP_EncryptInit_ex(&(pMemBlock->enc), NULL, NULL, NULL, NULL); + EVP_EncryptUpdate(&(pMemBlock->enc), pCipherText, &cbOut, pMemBlock->pData, pMemBlock->cbData); + EVP_EncryptFinal_ex(&(pMemBlock->enc), pCipherText + cbOut, &cbFinal); ++#endif + + CopyMemory(pMemBlock->pData, pCipherText, pMemBlock->cbData); + free(pCipherText); +@@ -233,9 +250,15 @@ BOOL CryptUnprotectMemory(LPVOID pData, DWORD cbData, + ListDictionary_Remove(g_ProtectedMemoryBlocks, pData); + + /* AES Cleanup */ +- ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_cleanup(pMemBlock->enc); ++ EVP_CIPHER_CTX_cleanup(pMemBlock->dec); ++ EVP_CIPHER_CTX_free(pMemBlock->enc); ++ EVP_CIPHER_CTX_free(pMemBlock->dec); ++#else + EVP_CIPHER_CTX_cleanup(&(pMemBlock->enc)); + EVP_CIPHER_CTX_cleanup(&(pMemBlock->dec)); ++#endif + + free(pMemBlock); + diff --git a/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.h b/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.h new file mode 100644 index 000000000000..4130effdd5cc --- /dev/null +++ b/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.h @@ -0,0 +1,16 @@ +--- winpr/libwinpr/crypto/crypto.h.orig 2018-11-06 02:39:40 UTC ++++ winpr/libwinpr/crypto/crypto.h +@@ -41,8 +41,13 @@ struct _WINPR_PROTECTED_MEMORY_BLOCK + BYTE key[32]; + BYTE iv[32]; + BYTE salt[8]; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *enc; ++ EVP_CIPHER_CTX *dec; ++#else + EVP_CIPHER_CTX enc; + EVP_CIPHER_CTX dec; ++#endif + }; + typedef struct _WINPR_PROTECTED_MEMORY_BLOCK WINPR_PROTECTED_MEMORY_BLOCK; + diff --git a/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm.c b/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm.c new file mode 100644 index 000000000000..30fcadc2ba11 --- /dev/null +++ b/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm.c @@ -0,0 +1,70 @@ +--- winpr/libwinpr/sspi/NTLM/ntlm.c.orig 2014-09-11 22:46:32 UTC ++++ winpr/libwinpr/sspi/NTLM/ntlm.c +@@ -793,7 +793,11 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHan + int length; + void* data; + UINT32 SeqNo; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX *hmac; ++#else + HMAC_CTX hmac; ++#endif + BYTE digest[16]; + BYTE checksum[8]; + BYTE* signature; +@@ -827,12 +831,21 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHan + + CopyMemory(data, data_buffer->pvBuffer, length); + /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */ ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ hmac = HMAC_CTX_new(); ++ HMAC_Init_ex(hmac, context->SendSigningKey, 16, EVP_md5(), NULL); ++ HMAC_Update(hmac, (void*) &(SeqNo), 4); ++ HMAC_Update(hmac, (void*) data, length); ++ HMAC_Final(hmac, digest, NULL); ++ HMAC_CTX_free(hmac); ++#else + HMAC_CTX_init(&hmac); + HMAC_Init_ex(&hmac, context->SendSigningKey, 16, EVP_md5(), NULL); + HMAC_Update(&hmac, (void*) &(SeqNo), 4); + HMAC_Update(&hmac, (void*) data, length); + HMAC_Final(&hmac, digest, NULL); + HMAC_CTX_cleanup(&hmac); ++#endif + + /* Encrypt message using with RC4, result overwrites original buffer */ + +@@ -869,7 +882,11 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHan + int length; + void* data; + UINT32 SeqNo; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX *hmac; ++#else + HMAC_CTX hmac; ++#endif + BYTE digest[16]; + BYTE checksum[8]; + UINT32 version = 1; +@@ -911,12 +928,21 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHan + CopyMemory(data_buffer->pvBuffer, data, length); + + /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */ ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ hmac = HMAC_CTX_new(); ++ HMAC_Init_ex(hmac, context->RecvSigningKey, 16, EVP_md5(), NULL); ++ HMAC_Update(hmac, (void*) &(SeqNo), 4); ++ HMAC_Update(hmac, (void*) data_buffer->pvBuffer, data_buffer->cbBuffer); ++ HMAC_Final(hmac, digest, NULL); ++ HMAC_CTX_free(hmac); ++#else + HMAC_CTX_init(&hmac); + HMAC_Init_ex(&hmac, context->RecvSigningKey, 16, EVP_md5(), NULL); + HMAC_Update(&hmac, (void*) &(SeqNo), 4); + HMAC_Update(&hmac, (void*) data_buffer->pvBuffer, data_buffer->cbBuffer); + HMAC_Final(&hmac, digest, NULL); + HMAC_CTX_cleanup(&hmac); ++#endif + #ifdef WITH_DEBUG_NTLM + WLog_DBG(TAG, "Encrypted Data Buffer (length = %d)", length); + winpr_HexDump(TAG, WLOG_DEBUG, data, length); diff --git a/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm__compute.c b/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm__compute.c new file mode 100644 index 000000000000..1929176be9dc --- /dev/null +++ b/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm__compute.c @@ -0,0 +1,34 @@ +--- winpr/libwinpr/sspi/NTLM/ntlm_compute.c.orig 2014-09-11 22:46:32 UTC ++++ winpr/libwinpr/sspi/NTLM/ntlm_compute.c +@@ -673,11 +673,24 @@ void ntlm_init_rc4_seal_states(NTLM_CONTEXT* context) + + void ntlm_compute_message_integrity_check(NTLM_CONTEXT* context) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX *hmac_ctx; ++#else + HMAC_CTX hmac_ctx; ++#endif + /* + * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE, + * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey + */ ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ hmac_ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL); ++ HMAC_Update(hmac_ctx, (BYTE*) context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer); ++ HMAC_Update(hmac_ctx, (BYTE*) context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer); ++ HMAC_Update(hmac_ctx, (BYTE*) context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer); ++ HMAC_Final(hmac_ctx, context->MessageIntegrityCheck, NULL); ++ HMAC_CTX_free(hmac_ctx); ++#else + HMAC_CTX_init(&hmac_ctx); + HMAC_Init_ex(&hmac_ctx, context->ExportedSessionKey, 16, EVP_md5(), NULL); + HMAC_Update(&hmac_ctx, (BYTE*) context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer); +@@ -685,5 +698,6 @@ void ntlm_compute_message_integrity_check(NTLM_CONTEXT + HMAC_Update(&hmac_ctx, (BYTE*) context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer); + HMAC_Final(&hmac_ctx, context->MessageIntegrityCheck, NULL); + HMAC_CTX_cleanup(&hmac_ctx); ++#endif + } + diff --git a/net/freerdp1/files/patch-winpr_tools_makecert_makecert.c b/net/freerdp1/files/patch-winpr_tools_makecert_makecert.c new file mode 100644 index 000000000000..e479fa8ef071 --- /dev/null +++ b/net/freerdp1/files/patch-winpr_tools_makecert_makecert.c @@ -0,0 +1,18 @@ +--- winpr/tools/makecert/makecert.c.orig 2018-11-06 05:00:05 UTC ++++ winpr/tools/makecert/makecert.c +@@ -27,6 +27,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -757,7 +758,6 @@ void makecert_context_free(MAKECERT_CONTEXT* context) + + CRYPTO_cleanup_all_ex_data(); + +- CRYPTO_mem_leaks(context->bio); + BIO_free(context->bio); + + free(context);