openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.

We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is
enabled, by default.  To use other providers (e.g. fips or even custom
ones), the option can be disabled and the providers to load/activate can
be configured in openssl.cnf.  For instance, the following has the same
effect as enabling the option:

    openssl_conf = openssl_init

    [openssl_init]
    providers = providers

    [providers]
    default = activate
    legacy = activate

    [activate]
    activate = yes

diff --git a/conf/plugins/openssl.opt b/conf/plugins/openssl.opt
index 55d8dcaa184aecae58629f4bad868dead39065e1..4ae8399deb3e303ca8cd772cfa0819594bc4dbf4 100644 (file)
--- a/conf/plugins/openssl.opt
+++ b/conf/plugins/openssl.opt
@@ -3,3 +3,8 @@ charon.plugins.openssl.engine_id = pkcs11
 
 charon.plugins.openssl.fips_mode = 0
        Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+
+charon.plugins.openssl.load_legacy = yes
+       Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or
+       Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the
+       default provider is loaded, or those configured in the OpenSSL config.

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 49b77f8acdbb6861ad4c589fd319dbac09abaf6d..35bc6d93f8be25ecb755c2048c9aed1c7bc087b0 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -16,6 +16,7 @@
 
 #include <library.h>
 #include <utils/debug.h>
+#include <collections/array.h>
 #include <threading/thread.h>
 #include <threading/mutex.h>
 #include <threading/thread_value.h>
@@ -31,6 +32,9 @@
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
 
 #include "openssl_plugin.h"
 #include "openssl_util.h"
@@ -70,6 +74,13 @@ struct private_openssl_plugin_t {
         * public functions
         */
        openssl_plugin_t public;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+       /**
+        * Loaded providers
+        */
+       array_t *providers;
+#endif
 };
 
 /**
@@ -876,6 +887,15 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
        private_openssl_plugin_t *this)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+       OSSL_PROVIDER *provider;
+       while (array_remove(this->providers, ARRAY_TAIL, &provider))
+       {
+               OSSL_PROVIDER_unload(provider);
+       }
+       array_destroy(this->providers);
+#endif /* OPENSSL_VERSION_NUMBER */
+
 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
  * can't call it as we couldn't re-initialize the library (as required by the
  * unit tests and the Android app) */
@@ -952,6 +972,19 @@ plugin_t *openssl_plugin_create()
 #endif /* OPENSSL_NO_ENGINE */
 #endif /* OPENSSL_VERSION_NUMBER */
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+       if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
+                                                               TRUE, lib->ns))
+       {
+               /* load the legacy provider for algorithms like MD4, DES, BF etc. */
+               array_insert_create(&this->providers, ARRAY_TAIL,
+                                                       OSSL_PROVIDER_load(NULL, "legacy"));
+               /* explicitly load the default provider, as mentioned by crypto(7) */
+               array_insert_create(&this->providers, ARRAY_TAIL,
+                                                       OSSL_PROVIDER_load(NULL, "default"));
+       }
+#endif /* OPENSSL_VERSION_NUMBER */
+
 #ifdef OPENSSL_FIPS
        /* we do this here as it may have been enabled via openssl.conf */
        fips_mode = FIPS_mode();