* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:
- BIO_meth_new() and related functions are now defined by LibreSSL, the
versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
functions should be used instead in winpr's hash.c.
* Added tests for freerdp_[static|dynamic]_collection_* functions
* Added settings unit test for clone functions
* Fix argument for winpr_RAND and winpr_RAND_pseudo
Using void* eliminates all assumptions of which type the buffer is.
This eliminates unnecessary warnings.
This partially reverts commit 67f3fff2. The legacy provider is now loaded
from the `winpr_InitializeSSL` function, so it is not needed to load it from
the `winpr_RC4_New` function again.
* winpr/crypto: Exit cleanly when EVP_EncryptInit_ex fails
The `EVP_EncryptInit_ex` function may fail in certain configurations.
Consequently, FreeRDP segfaults in `EVP_CIPHER_CTX_set_key_length`.
Let's handle the `EVP_EncryptInit_ex` failures and exit cleanly in
such case.
* winpr/crypto: Load legacy provider to fix rc4 with OpenSSL 3.0
Currently, the `EVP_EncryptInit_ex` function fails for rc4 with OpenSSL 3.0.
This is becuase rc4 is provided by the legacy provider which is not loaded
by default. Let's explicitly load the legacy provider to make FreeRDP work
with OpenSSL 3.0.
Relates: https://github.com/openssl/openssl/issues/14392
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6604
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.
Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.
Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.
Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.
Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.