diff options
Diffstat (limited to 'winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch')
| -rw-r--r-- | winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch b/winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch new file mode 100644 index 0000000..9f20750 --- /dev/null +++ b/winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch @@ -0,0 +1,61 @@ +From 2d0b58759ba823bbc372ac19fea5080f4261c26e Mon Sep 17 00:00:00 2001 +From: Ondrej Holy <oholy@redhat.com> +Date: Tue, 16 Nov 2021 16:12:33 +0100 +Subject: [PATCH] winpr/ssl: Load legacy provider when initializing OpenSSL 3.0 + +With OpenSSL 3.O, FreeRDP log contains errors like: + +``` +4036740A4C7F0000:error:0308010C:digital envelope routines: +inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346: +Global default library context, Algorithm (MD4 : 85), Properties () +``` + +This leads to connection failures in some cases. This is because algorithms +like MD4 are now part of the legacy provider, which is not loaded by +default. Let's explicitly load that provider. With this change, also the +other provides has to be explicitely loaded. +--- + winpr/libwinpr/utils/ssl.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c +index 74ef156e7..392f8e227 100644 +--- a/winpr/libwinpr/utils/ssl.c ++++ b/winpr/libwinpr/utils/ssl.c +@@ -33,6 +33,10 @@ + #include <openssl/ssl.h> + #include <openssl/err.h> + ++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) ++#include <openssl/provider.h> ++#endif ++ + #include "../log.h" + #define TAG WINPR_TAG("utils.ssl") + +@@ -245,6 +249,7 @@ static BOOL winpr_enable_fips(DWORD flags) + WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled"); + + #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) ++ OSSL_PROVIDER_load(NULL, "fips"); + if (!EVP_default_properties_is_fips_enabled(NULL)) + #else + if (FIPS_mode() != 1) +@@ -305,6 +310,13 @@ static BOOL CALLBACK _winpr_openssl_initialize(PINIT_ONCE once, PVOID param, PVO + return FALSE; + + #endif ++ ++#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) ++ /* The legacy provider is needed for MD4. */ ++ OSSL_PROVIDER_load(NULL, "legacy"); ++ OSSL_PROVIDER_load(NULL, "default"); ++#endif ++ + g_winpr_openssl_initialized_by_winpr = TRUE; + return winpr_enable_fips(flags); + } +-- +2.33.1 + |