OpenSSL: Load legacy provider when needed for OpenSSL 3.0
Number of the older algorithms have now been moved into a separate provider in OpenSSL 3.0 and they are not available by default. Explicitly load the legacy provider when such an algorithm is needed for the first time. In addition, at least for now, load the legacy providers when initiating TLS context to maintain existing functionality for various private key formats. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
ddcdd62866
commit
ff2eccbdf9
2 changed files with 32 additions and 0 deletions
|
@ -24,6 +24,9 @@
|
|||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#endif /* CONFIG_ECC */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
#include <openssl/provider.h>
|
||||
#endif /* OpenSSL version >= 3.0 */
|
||||
|
||||
#include "common.h"
|
||||
#include "utils/const_time.h"
|
||||
|
@ -117,6 +120,26 @@ static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
|
|||
}
|
||||
#endif /* OpenSSL version < 1.1.0 */
|
||||
|
||||
|
||||
void openssl_load_legacy_provider(void)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
static bool loaded = false;
|
||||
OSSL_PROVIDER *legacy;
|
||||
|
||||
if (loaded)
|
||||
return;
|
||||
|
||||
legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
||||
|
||||
if (legacy) {
|
||||
OSSL_PROVIDER_load(NULL, "default");
|
||||
loaded = true;
|
||||
}
|
||||
#endif /* OpenSSL version >= 3.0 */
|
||||
}
|
||||
|
||||
|
||||
static BIGNUM * get_group5_prime(void)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||
|
@ -223,6 +246,7 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
|
|||
#ifndef CONFIG_FIPS
|
||||
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
||||
{
|
||||
openssl_load_legacy_provider();
|
||||
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
|
||||
}
|
||||
#endif /* CONFIG_FIPS */
|
||||
|
@ -234,6 +258,8 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
|||
int i, plen, ret = -1;
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
|
||||
openssl_load_legacy_provider();
|
||||
|
||||
/* Add parity bits to the key */
|
||||
next = 0;
|
||||
for (i = 0; i < 7; i++) {
|
||||
|
@ -271,6 +297,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
|
|||
int res = -1;
|
||||
unsigned char skip_buf[16];
|
||||
|
||||
openssl_load_legacy_provider();
|
||||
|
||||
ctx = EVP_CIPHER_CTX_new();
|
||||
if (!ctx ||
|
||||
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
||||
|
|
|
@ -957,6 +957,10 @@ void * tls_init(const struct tls_config *conf)
|
|||
const char *ciphers;
|
||||
|
||||
if (tls_openssl_ref_count == 0) {
|
||||
void openssl_load_legacy_provider(void);
|
||||
|
||||
openssl_load_legacy_provider();
|
||||
|
||||
tls_global = context = tls_context_new(conf);
|
||||
if (context == NULL)
|
||||
return NULL;
|
||||
|
|
Loading…
Reference in a new issue