Core/Crypto: Fixed loading legacy openssl provider for RC4 on windows

src/common/Cryptography/ARC4.cpp

@@ -18,24 +18,16 @@
 #include "ARC4.h"
 #include "Errors.h"
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#include <openssl/provider.h>
-#endif
-
 Trinity::Crypto::ARC4::ARC4() : _ctx(EVP_CIPHER_CTX_new())
 {
-    EVP_CIPHER const* cipher;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    _libCtx = OSSL_LIB_CTX_new();
-    _legacyProvider = OSSL_PROVIDER_load(_libCtx, "legacy");
-
-    cipher = EVP_CIPHER_fetch(_libCtx, "RC4", "");
+    _cipher = EVP_CIPHER_fetch(nullptr, "RC4", nullptr);
 #else
-    cipher = EVP_rc4();
+    _cipher = EVP_rc4();
 #endif
 
     EVP_CIPHER_CTX_init(_ctx);
-    int result = EVP_EncryptInit_ex(_ctx, cipher, nullptr, nullptr, nullptr);
+    int result = EVP_EncryptInit_ex(_ctx, _cipher, nullptr, nullptr, nullptr);
     ASSERT(result == 1);
 }
 
@@ -44,8 +36,7 @@ Trinity::Crypto::ARC4::~ARC4()
     EVP_CIPHER_CTX_free(_ctx);
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    OSSL_PROVIDER_unload(_legacyProvider);
-    OSSL_LIB_CTX_free(_libCtx);
+    EVP_CIPHER_free(_cipher);
 #endif
 }
 

src/common/Cryptography/ARC4.h

@@ -38,10 +38,7 @@ namespace Trinity::Crypto
             template <typename Container>
             void UpdateData(Container& c) { UpdateData(std::data(c), std::size(c)); }
         private:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-            OSSL_LIB_CTX* _libCtx;
-            OSSL_PROVIDER* _legacyProvider;
-#endif
+            EVP_CIPHER* _cipher;
             EVP_CIPHER_CTX* _ctx;
     };
 }

src/common/Cryptography/OpenSSLCrypto.cpp

@@ -39,13 +39,19 @@ static void threadIdCallback(CRYPTO_THREADID * id)
     (void)id;
     CRYPTO_THREADID_set_numeric(id, std::hash<std::thread::id>()(std::this_thread::get_id()));
 }
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+OSSL_PROVIDER* LegacyProvider;
+OSSL_PROVIDER* DefaultProvider;
+#endif
 
-void OpenSSLCrypto::threadsSetup()
+void OpenSSLCrypto::threadsSetup([[maybe_unused]] boost::filesystem::path const& providerModulePath)
 {
 #ifdef VALGRIND
     ValgrindRandomSetup();
 #endif
 
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL
     cryptoLocks.resize(CRYPTO_num_locks());
     for(int i = 0 ; i < CRYPTO_num_locks(); ++i)
     {
@@ -57,10 +63,18 @@ void OpenSSLCrypto::threadsSetup()
 
     (void)&lockingCallback;
     CRYPTO_set_locking_callback(lockingCallback);
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if TRINITY_PLATFORM == TRINITY_PLATFORM_WINDOWS
+    OSSL_PROVIDER_set_default_search_path(nullptr, providerModulePath.string().c_str());
+#endif
+    LegacyProvider = OSSL_PROVIDER_load(nullptr, "legacy");
+    DefaultProvider = OSSL_PROVIDER_load(nullptr, "default");
+#endif
 }
 
 void OpenSSLCrypto::threadsCleanup()
 {
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL
     CRYPTO_set_locking_callback(nullptr);
     CRYPTO_THREADID_set_callback(nullptr);
     for(int i = 0 ; i < CRYPTO_num_locks(); ++i)
@@ -68,8 +82,12 @@ void OpenSSLCrypto::threadsCleanup()
         delete cryptoLocks[i];
     }
     cryptoLocks.resize(0);
-}
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OSSL_PROVIDER_unload(LegacyProvider);
+    OSSL_PROVIDER_unload(DefaultProvider);
+    OSSL_PROVIDER_set_default_search_path(nullptr, nullptr);
 #endif
+}
 
 #ifdef VALGRIND
 #include <openssl/rand.h>

src/common/Cryptography/OpenSSLCrypto.h

@@ -19,7 +19,7 @@
 #define TRINITY_OPENSSL_CRYPTO_H
 
 #include "Define.h"
-#include <openssl/opensslv.h>
+#include <boost/filesystem/path.hpp>
 
 /**
 * A group of functions which setup openssl crypto module to work properly in multithreaded enviroment
@@ -27,17 +27,10 @@
 */
 namespace OpenSSLCrypto
 {
-
-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010000fL
     /// Needs to be called before threads using openssl are spawned
-    TC_COMMON_API void threadsSetup();
+    TC_COMMON_API void threadsSetup(boost::filesystem::path const& providerModulePath);
     /// Needs to be called after threads using openssl are despawned
     TC_COMMON_API void threadsCleanup();
-#else
-    void threadsSetup() { };
-    void threadsCleanup() { };
-#endif
-
 }
 
 #endif

src/server/bnetserver/Main.cpp

@@ -34,6 +34,7 @@
 #include "IPLocation.h"
 #include "LoginRESTService.h"
 #include "MySQLThreading.h"
+#include "OpenSSLCrypto.h"
 #include "ProcessPriority.h"
 #include "RealmList.h"
 #include "SecretMgr.h"
@@ -41,6 +42,7 @@
 #include "SslContext.h"
 #include "Util.h"
 #include <boost/asio/signal_set.hpp>
+#include <boost/dll/runtime_symbol_info.hpp>
 #include <boost/program_options.hpp>
 #include <boost/filesystem/operations.hpp>
 #include <google/protobuf/stubs/common.h>
@@ -134,10 +136,9 @@ int main(int argc, char** argv)
     for (std::string const& key : overriddenKeys)
         TC_LOG_INFO("server.authserver", "Configuration field '%s' was overridden with environment variable.", key.c_str());
 
-    // Seed the OpenSSL's PRNG here.
-    // That way it won't auto-seed when calling BigNumber::SetRand and slow down the first world login
-    BigNumber seed;
-    seed.SetRand(16 * 8);
+    OpenSSLCrypto::threadsSetup(boost::dll::program_location().remove_filename());
+
+    std::shared_ptr<void> opensslHandle(nullptr, [](void*) { OpenSSLCrypto::threadsCleanup(); });
 
     // bnetserver PID file creation
     std::string pidFile = sConfigMgr->GetStringDefault("PidFile", "");

src/server/worldserver/Main.cpp

@@ -56,6 +56,7 @@
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #include <boost/asio/signal_set.hpp>
+#include <boost/dll/runtime_symbol_info.hpp>
 #include <boost/filesystem/operations.hpp>
 #include <boost/program_options.hpp>
 #include <google/protobuf/stubs/common.h>
@@ -216,7 +217,7 @@ extern int main(int argc, char** argv)
     for (std::string const& key : overriddenKeys)
         TC_LOG_INFO("server.worldserver", "Configuration field '%s' was overridden with environment variable.", key.c_str());
 
-    OpenSSLCrypto::threadsSetup();
+    OpenSSLCrypto::threadsSetup(boost::dll::program_location().remove_filename());
 
     std::shared_ptr<void> opensslHandle(nullptr, [](void*) { OpenSSLCrypto::threadsCleanup(); });