openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.

We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is enabled, by default. To use other providers (e.g. fips or even custom ones), the option can be disabled and the providers to load/activate can be configured in openssl.cnf. For instance, the following has the same effect as enabling the option: openssl_conf = openssl_init [openssl_init] providers = providers [providers] default = activate legacy = activate [activate] activate = yes
2025-10-04 00:00:14 -04:00 · 2021-09-30 09:41:57 +02:00 · 2021-09-30 09:41:57 +02:00 · f556fce16b
commit f556fce16b
parent 8baa431501
2 changed files with 38 additions and 0 deletions
--- a/conf/plugins/openssl.opt
+++ b/conf/plugins/openssl.opt
@ -3,3 +3,8 @@ charon.plugins.openssl.engine_id = pkcs11

 charon.plugins.openssl.fips_mode = 0
 	Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+
+charon.plugins.openssl.load_legacy = yes
+	Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or
+	Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the
+	default provider is loaded, or those configured in the OpenSSL config.
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@ -16,6 +16,7 @@

 #include <library.h>
 #include <utils/debug.h>
+#include <collections/array.h>
 #include <threading/thread.h>
 #include <threading/mutex.h>
 #include <threading/thread_value.h>
@ -31,6 +32,9 @@
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif

 #include "openssl_plugin.h"
 #include "openssl_util.h"
@ -70,6 +74,13 @@ struct private_openssl_plugin_t {
 	 * public functions
 	 */
 	openssl_plugin_t public;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	/**
+	 * Loaded providers
+	 */
+	array_t *providers;
+#endif
 };

 /**
@ -876,6 +887,15 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
 	private_openssl_plugin_t *this)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	OSSL_PROVIDER *provider;
+	while (array_remove(this->providers, ARRAY_TAIL, &provider))
+	{
+		OSSL_PROVIDER_unload(provider);
+	}
+	array_destroy(this->providers);
+#endif /* OPENSSL_VERSION_NUMBER */
+
 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
 * can't call it as we couldn't re-initialize the library (as required by the
 * unit tests and the Android app) */
@ -952,6 +972,19 @@ plugin_t *openssl_plugin_create()
 #endif /* OPENSSL_NO_ENGINE */
 #endif /* OPENSSL_VERSION_NUMBER */

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
+								TRUE, lib->ns))
+	{
+		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
+		array_insert_create(&this->providers, ARRAY_TAIL,
+							OSSL_PROVIDER_load(NULL, "legacy"));
+		/* explicitly load the default provider, as mentioned by crypto(7) */
+		array_insert_create(&this->providers, ARRAY_TAIL,
+							OSSL_PROVIDER_load(NULL, "default"));
+	}
+#endif /* OPENSSL_VERSION_NUMBER */
+
 #ifdef OPENSSL_FIPS
 	/* we do this here as it may have been enabled via openssl.conf */
 	fips_mode = FIPS_mode();