From 9640ba50d45b37607b5bf595087a89c3f3994edc Mon Sep 17 00:00:00 2001 From: Ondrej Holy Date: Tue, 16 Nov 2021 16:12:33 +0100 Subject: [PATCH] winpr/ssl: Load legacy provider when initializing OpenSSL 3.0 With OpenSSL 3.O, FreeRDP log contains errors like: ``` 4036740A4C7F0000:error:0308010C:digital envelope routines: inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346: Global default library context, Algorithm (MD4 : 85), Properties () ``` This leads to connection failures in some cases. This is because algorithms like MD4 are now part of the legacy provider, which is not loaded by default. Let's explicitly load that provider. With this change, also the other provides has to be explicitely loaded. (cherry picked from commit 1783d65541ba5d23c27dbda76b835868f482c996) --- winpr/libwinpr/utils/ssl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c index 0fce0496c..301f9401c 100644 --- a/winpr/libwinpr/utils/ssl.c +++ b/winpr/libwinpr/utils/ssl.c @@ -33,6 +33,10 @@ #include #include +#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) +#include +#endif + #include "../log.h" #define TAG WINPR_TAG("utils.ssl") @@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags) WLog_DBG(TAG, "Ensuring openssl fips mode is enabled"); #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) + OSSL_PROVIDER_load(NULL, "fips"); if (!EVP_default_properties_is_fips_enabled(NULL)) #else if (FIPS_mode() != 1) @@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO return FALSE; #endif + +#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) + /* The legacy provider is needed for MD4. */ + OSSL_PROVIDER_load(NULL, "legacy"); + OSSL_PROVIDER_load(NULL, "default"); +#endif + g_winpr_openssl_initialized_by_winpr = TRUE; return TRUE; }