|
|
da742c |
From 2d0b58759ba823bbc372ac19fea5080f4261c26e Mon Sep 17 00:00:00 2001
|
|
|
da742c |
From: Ondrej Holy <oholy@redhat.com>
|
|
|
da742c |
Date: Tue, 16 Nov 2021 16:12:33 +0100
|
|
|
da742c |
Subject: [PATCH] winpr/ssl: Load legacy provider when initializing OpenSSL 3.0
|
|
|
da742c |
|
|
|
da742c |
With OpenSSL 3.O, FreeRDP log contains errors like:
|
|
|
da742c |
|
|
|
da742c |
```
|
|
|
da742c |
4036740A4C7F0000:error:0308010C:digital envelope routines:
|
|
|
da742c |
inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346:
|
|
|
da742c |
Global default library context, Algorithm (MD4 : 85), Properties ()
|
|
|
da742c |
```
|
|
|
da742c |
|
|
|
da742c |
This leads to connection failures in some cases. This is because algorithms
|
|
|
da742c |
like MD4 are now part of the legacy provider, which is not loaded by
|
|
|
da742c |
default. Let's explicitly load that provider. With this change, also the
|
|
|
da742c |
other provides has to be explicitely loaded.
|
|
|
da742c |
---
|
|
|
da742c |
winpr/libwinpr/utils/ssl.c | 12 ++++++++++++
|
|
|
da742c |
1 file changed, 12 insertions(+)
|
|
|
da742c |
|
|
|
da742c |
diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
|
|
|
da742c |
index 74ef156e7..392f8e227 100644
|
|
|
da742c |
--- a/winpr/libwinpr/utils/ssl.c
|
|
|
da742c |
+++ b/winpr/libwinpr/utils/ssl.c
|
|
|
da742c |
@@ -33,6 +33,10 @@
|
|
|
da742c |
#include <openssl/ssl.h>
|
|
|
da742c |
#include <openssl/err.h>
|
|
|
da742c |
|
|
|
da742c |
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
|
da742c |
+#include <openssl/provider.h>
|
|
|
da742c |
+#endif
|
|
|
da742c |
+
|
|
|
da742c |
#include "../log.h"
|
|
|
da742c |
#define TAG WINPR_TAG("utils.ssl")
|
|
|
da742c |
|
|
|
da742c |
@@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags)
|
|
|
da742c |
WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
|
|
|
da742c |
|
|
|
da742c |
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
|
da742c |
+ OSSL_PROVIDER_load(NULL, "fips");
|
|
|
da742c |
if (!EVP_default_properties_is_fips_enabled(NULL))
|
|
|
da742c |
#else
|
|
|
da742c |
if (FIPS_mode() != 1)
|
|
|
da742c |
@@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO
|
|
|
da742c |
return FALSE;
|
|
|
da742c |
|
|
|
da742c |
#endif
|
|
|
da742c |
+
|
|
|
da742c |
+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
|
da742c |
+ /* The legacy provider is needed for MD4. */
|
|
|
da742c |
+ OSSL_PROVIDER_load(NULL, "legacy");
|
|
|
da742c |
+ OSSL_PROVIDER_load(NULL, "default");
|
|
|
da742c |
+#endif
|
|
|
da742c |
+
|
|
|
da742c |
g_winpr_openssl_initialized_by_winpr = TRUE;
|
|
|
da742c |
return winpr_enable_fips(flags);
|
|
|
da742c |
}
|
|
|
da742c |
--
|
|
|
da742c |
2.33.1
|
|
|
da742c |
|