Host: FreeBSD 14.0-CURRENT #10 main-n263871-fd774e065c5d: Thu Jun 29 05:26:55 CEST 2023 amd64 Host has OpenSSL 3. ALL ports recompiled to meet OpenSSL 3 library requirements (portmaster -df ...). Following https://wiki.freebsd.org/bhyve/Windows. When booting a Win10 guest via bhyve and trying to to connect via RDP, the connect with net/freerdp fails with the error shown below. xfreerdp /v:192.168.0.128:5900 /u:ohartmann [13:21:44:952] [3013:7a612700] [WARN][com.winpr.utils.ssl] - OpenSSL LEGACY provider failed to load, no md4 support available! [13:21:44:952] [3013:7a612700] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:12800067:DSO support routines::could not load the shared library [13:21:44:952] [3013:7a612700] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:12800067:DSO support routines::could not load the shared library [13:21:44:952] [3013:7a612700] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:07880025:common libcrypto routines::reason(524325) [13:21:44:952] [3013:7a612700] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] [13:21:44:961] [3013:7a612700] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 36: Operation now in progress [13:21:44:961] [3013:7a612700] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D] [13:21:44:962] [3013:7a612700] [ERROR][com.freerdp.core] - freerdp_post_connect failed bhyve guest setup: [...] bhyve -c 4 -m 4G -w -H \ -s 0,hostbridge \ -s 3,ahci-hd,/pool/home/ohartmann/bhyve/win10/disk_win10.img \ -s 5,virtio-net,tap0 \ -s 29,fbuf,tcp=0.0.0.0:5900,tcp=[::]:5900,w=1920,h=1200,wait \ -s 30,xhci,tablet \ -s 31,lpc -l com1,stdio \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ windows10
Current version doesn't support OpenSSL 3. Check this: https://github.com/FreeRDP/FreeRDP/pull/8920
It looks like like /usr/lib/ossl-modules/legacy.so is not built correctly. dlopen("/usr/lib/ossl-modules/legacy.so") fails with: Undefined symbol "ossl_md4_functions" Looking at secure/lib/libcrypto/modules/legacy/Makefile, legacy.so is only built from legacyprov.c, but in upstream OpenSSL, legacy.a is built from the following: providers/liblegacy.a: crypto/des/liblegacy-lib-des_enc.o \ crypto/des/liblegacy-lib-fcrypt_b.o \ crypto/liblegacy-lib-cpuid.o \ crypto/liblegacy-lib-ctype.o \ crypto/liblegacy-lib-x86_64cpuid.o \ crypto/md5/liblegacy-lib-md5-x86_64.o \ crypto/md5/liblegacy-lib-md5_dgst.o \ crypto/md5/liblegacy-lib-md5_one.o \ crypto/md5/liblegacy-lib-md5_sha1.o \ providers/common/liblegacy-lib-provider_util.o \ providers/implementations/ciphers/liblegacy-lib-cipher_blowfish.o \ providers/implementations/ciphers/liblegacy-lib-cipher_blowfish_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_cast5.o \ providers/implementations/ciphers/liblegacy-lib-cipher_cast5_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_des.o \ providers/implementations/ciphers/liblegacy-lib-cipher_des_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_desx.o \ providers/implementations/ciphers/liblegacy-lib-cipher_desx_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_idea.o \ providers/implementations/ciphers/liblegacy-lib-cipher_idea_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_rc2.o \ providers/implementations/ciphers/liblegacy-lib-cipher_rc2_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_rc4.o \ providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5.o \ providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hmac_md5_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_rc4_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_seed.o \ providers/implementations/ciphers/liblegacy-lib-cipher_seed_hw.o \ providers/implementations/ciphers/liblegacy-lib-cipher_tdes_common.o \ providers/implementations/digests/liblegacy-lib-md4_prov.o \ providers/implementations/digests/liblegacy-lib-mdc2_prov.o \ providers/implementations/digests/liblegacy-lib-ripemd_prov.o \ providers/implementations/digests/liblegacy-lib-wp_prov.o \ providers/implementations/kdfs/liblegacy-lib-pbkdf1.o \ providers/liblegacy-lib-prov_running.o
I have the same problem with OpenVPN, trying to load the legacy provider to handle talking to peers that only support blowfish cipher. So this is not a freerdp issue, but something about how openssl itself is built. Test with: gert@fbsd14:~ $ openssl list -provider legacy -providers list: unable to load provider legacy Hint: use -provider-path option or OPENSSL_MODULES environment variable. 002041DFDB420000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/ossl-modules/legacy.so): /usr/lib/ossl-modules/legacy.so: Undefined symbol "ossl_md4_functions" 002041DFDB420000:error:12800067:DSO support routines:DSO_load:could not load the shared library:/usr/src/crypto/openssl/crypto/dso/dso_lib.c:152: 002041DFDB420000:error:07880025:common libcrypto routines:provider_init:reason(524325):/usr/src/crypto/openssl/crypto/provider_core.c:912:name=legacy
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271656 references a commit as of yesterday that fixes legacy provider building. Will test.
So waiting testing on recent current?
I can confirm that with src updated to commit commit c81495a621c461 (HEAD when I pulled yesterday), after a buildworld/installworld, legacy provider loading works again. Both "openssl list -provider legacy -providers" and "openvpn --provider legacy default --show-tls" are back to normal.
(In reply to Gert Doering from comment #6) Thanks!
I have a similar problem with a R package that needs lagacy algorythms (14 1400093): https://github.com/jeroen/openssl/issues/119 Could anyone take a quick look to check its relationship? Thanks.