diff options
Diffstat (limited to 'src/crypto-lib/libcryptofunction.cpp')
-rw-r--r-- | src/crypto-lib/libcryptofunction.cpp | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/src/crypto-lib/libcryptofunction.cpp b/src/crypto-lib/libcryptofunction.cpp index 362307cd..207cde86 100644 --- a/src/crypto-lib/libcryptofunction.cpp +++ b/src/crypto-lib/libcryptofunction.cpp @@ -49,6 +49,7 @@ // we want at least openssl 1.0.1 or 1.1.0 #define AM_MINIMUM_OPENSSL10_VERSION 0x1000100fL #define AM_MINIMUM_OPENSSL11_VERSION 0x1010000fL +#define AM_MINIMUM_OPENSSL30_VERSION 0x3000000fL QT_BEGIN_NAMESPACE_AM @@ -60,10 +61,15 @@ static AM_LIBCRYPTO_FUNCTION(ERR_load_crypto_strings, void(*)()); static AM_LIBCRYPTO_FUNCTION(OpenSSL_version_num, unsigned long(*)(), 0); static AM_LIBCRYPTO_FUNCTION(OPENSSL_init_crypto, int(*)(uint64_t, void *), 0); +struct OSSL_PROVIDER; +struct OSSL_LIB_CTX; +static AM_LIBCRYPTO_FUNCTION(OSSL_PROVIDER_load, OSSL_PROVIDER *(*)(OSSL_LIB_CTX *, const char *), nullptr); + QLibrary *Cryptography::LibCryptoFunctionBase::s_library = nullptr; bool Cryptography::LibCryptoFunctionBase::s_isOpenSSL11 = false; +bool Cryptography::LibCryptoFunctionBase::s_isOpenSSL30 = false; -bool Cryptography::LibCryptoFunctionBase::initialize() +bool Cryptography::LibCryptoFunctionBase::initialize(bool loadOpenSsl3LegacyProvider) { if (s_library) return true; @@ -98,6 +104,19 @@ bool Cryptography::LibCryptoFunctionBase::initialize() if (version > 0) { if (version >= AM_MINIMUM_OPENSSL11_VERSION) { s_isOpenSSL11 = true; + + if (version >= AM_MINIMUM_OPENSSL30_VERSION) { + s_isOpenSSL30 = true; + + if (loadOpenSsl3LegacyProvider) { + // openSSL 3.0 might need the legacy provider to read old PKCS12 certs + auto legacyLoaded = am_OSSL_PROVIDER_load(nullptr, "legacy"); + auto defaultLoaded = am_OSSL_PROVIDER_load(nullptr, "default"); + if (!legacyLoaded || !defaultLoaded) + qCritical("Loaded libcrypto version 3, but couldn't load the 'legacy provider' as requested"); + } + } + return (am_OPENSSL_init_crypto(4 /*OPENSSL_INIT_ADD_ALL_CIPHERS*/ | 8 /*OPENSSL_INIT_ADD_ALL_DIGESTS*/ | 2 /*OPENSSL_INIT_LOAD_CRYPTO_STRINGS*/, |