25.3.14 Stable: Bump OpenSSL to 3.5.6

base/poco/Crypto/include/Poco/Crypto/OpenSSLInitializer.h

@@ -19,6 +19,7 @@
 
 
 #include <openssl/crypto.h>
+#include <openssl/provider.h>
 #include "Poco/AtomicCounter.h"
 #include "Poco/Crypto/Crypto.h"
 #include "Poco/Mutex.h"
@@ -83,6 +84,8 @@ namespace Crypto
     private:
         static Poco::FastMutex * _mutexes;
         static Poco::AtomicCounter _rc;
+
+        static OSSL_PROVIDER * legacy_provider;
     };
 
 

base/poco/Crypto/src/OpenSSLInitializer.cpp

@@ -19,6 +19,7 @@
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
+#include <openssl/provider.h>
 #if OPENSSL_VERSION_NUMBER >= 0x0907000L
 #include <openssl/conf.h>
 #endif
@@ -36,6 +37,7 @@ namespace Crypto {
 
 Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
 Poco::AtomicCounter OpenSSLInitializer::_rc;
+OSSL_PROVIDER * OpenSSLInitializer::legacy_provider;
 
 
 OpenSSLInitializer::OpenSSLInitializer()
@@ -67,21 +69,25 @@ void OpenSSLInitializer::initialize()
 		SSL_library_init();
 		SSL_load_error_strings();
 		OpenSSL_add_all_algorithms();
-		
+
 		char seed[SEEDSIZE];
 		RandomInputStream rnd;
 		rnd.read(seed, sizeof(seed));
 		RAND_seed(seed, SEEDSIZE);
-
+
+        legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
+        if (!legacy_provider)
+            throw std::runtime_error("Failed to load OpenSSL legacy provider");
+
 		int nMutexes = CRYPTO_num_locks();
 		_mutexes = new Poco::FastMutex[nMutexes];
 		CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
 // Not needed on Windows (see SF #110: random unhandled exceptions when linking with ssl).
 // https://sourceforge.net/p/poco/bugs/110/
 //
 // From http://www.openssl.org/docs/crypto/threads.html :
-// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(), 
-//  then a default implementation is used - on Windows and BeOS this uses the system's 
+// "If the application does not register such a callback using CRYPTO_THREADID_set_callback(),
+//  then a default implementation is used - on Windows and BeOS this uses the system's
 //  default thread identifying APIs"
 		CRYPTO_set_id_callback(&OpenSSLInitializer::id);
 		CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
@@ -100,7 +106,8 @@ void OpenSSLInitializer::uninitialize()
 		CRYPTO_set_locking_callback(0);
 		CRYPTO_set_id_callback(0);
 		delete [] _mutexes;
-
+
+        OSSL_PROVIDER_unload(legacy_provider);
 		CONF_modules_free();
 	}
 }

base/poco/NetSSL_OpenSSL/src/Context.cpp

@@ -466,7 +466,7 @@ void Context::flushSessionCache()
 	poco_assert (isForServerUse());
 
 	Poco::Timestamp now;
-	SSL_CTX_flush_sessions(_pSSLContext, static_cast<long>(now.epochTime()));
+	SSL_CTX_flush_sessions_ex(_pSSLContext, static_cast<long>(now.epochTime()));
 }