mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5281 from akallabeth/assistance_ssl_init_fix

Browse Source 
Fixed #5276: Enable SSL before parsing assistance file.
This commit is contained in:
David Fort 2019-03-28 19:04:25 +01:00 committed by GitHub
commit c5156443e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libfreerdp/common/assistance.c
View File

@ -28,6 +28,7 @@
#include <winpr/crypto.h>
#include <winpr/print.h>
#include <winpr/windows.h>
#include <winpr/ssl.h>
#include <freerdp/log.h>
#include <freerdp/client/file.h>
@ -1223,6 +1224,7 @@ BOOL freerdp_assistance_populate_settings_from_assistance_file(rdpAssistanceFile
rdpAssistanceFile* freerdp_assistance_file_new(void)
{
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
return (rdpAssistanceFile*) calloc(1, sizeof(rdpAssistanceFile));
}

53
winpr/libwinpr/utils/ssl.c
View File

@ -237,6 +237,32 @@ static BOOL _winpr_openssl_cleanup_locking(void)
#endif /* OpenSSL < 1.1.0 */
static BOOL winpr_enable_fips(DWORD flags)
{
if (flags & WINPR_SSL_INIT_ENABLE_FIPS)
{
#if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
WLog_ERR(TAG, "Openssl fips mode not available on openssl versions less than 1.0.1!");
return FALSE;
#else
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
if (FIPS_mode() != 1)
{
if (FIPS_mode_set(1))
WLog_INFO(TAG, "Openssl fips mode ENabled!");
else
{
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
return FALSE;
}
}
#endif
}
return TRUE;
}
static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVOID* context)
{
@ -276,26 +302,7 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
#endif
g_winpr_openssl_initialized_by_winpr = TRUE;
if (flags & WINPR_SSL_INIT_ENABLE_FIPS)
{
#if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
WLog_ERR(TAG, "Openssl fips mode ENable not available on openssl versions less than 1.0.1!");
#else
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
if (FIPS_mode() != 1)
{
if (FIPS_mode_set(1))
WLog_INFO(TAG, "Openssl fips mode ENabled!");
else
WLog_ERR(TAG, "Openssl fips mode ENable failed!");
}
#endif
}
return TRUE;
return winpr_enable_fips(flags);
}
@ -304,7 +311,11 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
BOOL winpr_InitializeSSL(DWORD flags)
{
static INIT_ONCE once = INIT_ONCE_STATIC_INIT;
return InitOnceExecuteOnce(&once, _winpr_openssl_initialize, &flags, NULL);
if (!InitOnceExecuteOnce(&once, _winpr_openssl_initialize, &flags, NULL))
return FALSE;
return winpr_enable_fips(flags);
}
BOOL winpr_CleanupSSL(DWORD flags)