Bug 1952937

Summary: freerdp: Port to OpenSSL 3.0
Product: Red Hat Enterprise Linux 9 Reporter: Sahana Prasad <sahana>
Component: freerdpAssignee: Ondrej Holy <oholy>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Krajnak <mkrajnak>
Severity: unspecified Docs Contact:
Priority: high    
Version: CentOS StreamCC: bstinson, carl, fweimer, jwboyer, tpelka
Target Milestone: betaKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freerdp-2.2.0-8.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-07 21:44:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1958021    

Description Sahana Prasad 2021-04-23 15:36:47 UTC 
This bug is used to track the readiness of freerdp with OpenSSL 3.0

currently the build fails with some porting issues:

https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=218991

Kindly fix them to ensure this package builds with OpenSSL 3.0, as we will introduce OpenSSL 3.0 in RHEL-9

OpenSSL 3.0 package to test with:
http://download.eng.bos.redhat.com/rhel-9/nightly/RHEL-9-Beta/RHEL-9.0.0-20210414.0/compose/BaseOS/x86_64/os/Packages/openssl-3.0.0-0.alpha13.1.el9.x86_64.rpm

If you ave any further queries, kindly mail

rhel-crypto 

Thank you
Comment 1 Ondrej Holy 2021-04-26 15:39:42 UTC 
Just note that the only problem seems to be the "FIPS_mode_set" and "FIPS_mode" functions, which have been removed from OpenSSL 3.0 and the https://wiki.openssl.org/index.php/OpenSSL_3.0 document describes some ways how to fix that.
Comment 2 Sahana Prasad 2021-04-29 09:36:43 UTC 
we have a FIPS compatibility downstream patch that supports
# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)

There is no sidetag yet,
kindly use this build
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1571383
I will notify you where there is a sidetag.
Comment 3 Ondrej Holy 2021-04-29 13:03:32 UTC 
Ah, that explains why the RHEL build log contains only FIPS_mode_set failure, whereas the Fedora one contains also FIPS_mode failure. However, this downstream patch doesn't help here, since FIPS_mode_set needs to be replaced anyway. Just I am not super sure what is the right way, can the plain EVP_set_default_properties(NULL, "fips=yes") call be used as a replacement for FIPS_mode_set?
Comment 5 Ondrej Holy 2021-05-17 07:28:06 UTC 
The proposed upstream fix has been merged so I think that we can backport it now.