openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.

We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is
enabled, by default.  To use other providers (e.g. fips or even custom
ones), the option can be disabled and the providers to load/activate can
be configured in openssl.cnf.  For instance, the following has the same
effect as enabling the option:

    openssl_conf = openssl_init

    [openssl_init]
    providers = providers

    [providers]
    default = activate
    legacy = activate

    [activate]
    activate = yes

conf/plugins/openssl.opt

@@ -3,3 +3,8 @@ charon.plugins.openssl.engine_id = pkcs11
 
 charon.plugins.openssl.fips_mode = 0
 	Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+
+charon.plugins.openssl.load_legacy = yes
+	Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or
+	Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the
+	default provider is loaded, or those configured in the OpenSSL config.

src/libstrongswan/plugins/openssl/openssl_plugin.c

@@ -16,6 +16,7 @@
 
 #include <library.h>
 #include <utils/debug.h>
+#include <collections/array.h>
 #include <threading/thread.h>
 #include <threading/mutex.h>
 #include <threading/thread_value.h>
@@ -31,6 +32,9 @@
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+#endif
 
 #include "openssl_plugin.h"
 #include "openssl_util.h"
@@ -70,6 +74,13 @@ struct private_openssl_plugin_t {
 	 * public functions
 	 */
 	openssl_plugin_t public;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	/**
+	 * Loaded providers
+	 */
+	array_t *providers;
+#endif
 };
 
 /**
@@ -876,6 +887,15 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
 	private_openssl_plugin_t *this)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	OSSL_PROVIDER *provider;
+	while (array_remove(this->providers, ARRAY_TAIL, &provider))
+	{
+		OSSL_PROVIDER_unload(provider);
+	}
+	array_destroy(this->providers);
+#endif /* OPENSSL_VERSION_NUMBER */
+
 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
  * can't call it as we couldn't re-initialize the library (as required by the
  * unit tests and the Android app) */
@@ -952,6 +972,19 @@ plugin_t *openssl_plugin_create()
 #endif /* OPENSSL_NO_ENGINE */
 #endif /* OPENSSL_VERSION_NUMBER */
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
+								TRUE, lib->ns))
+	{
+		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
+		array_insert_create(&this->providers, ARRAY_TAIL,
+							OSSL_PROVIDER_load(NULL, "legacy"));
+		/* explicitly load the default provider, as mentioned by crypto(7) */
+		array_insert_create(&this->providers, ARRAY_TAIL,
+							OSSL_PROVIDER_load(NULL, "default"));
+	}
+#endif /* OPENSSL_VERSION_NUMBER */
+
 #ifdef OPENSSL_FIPS
 	/* we do this here as it may have been enabled via openssl.conf */
 	fips_mode = FIPS_mode();