mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-11-01 19:07:47 +00:00
106 lines
3.0 KiB
Diff
106 lines
3.0 KiB
Diff
From ff2eccbdf9541fc3491e8a5a302eb661208bb827 Mon Sep 17 00:00:00 2001
|
|
From: Jouni Malinen <quic_jouni@quicinc.com>
|
|
Date: Tue, 11 Jan 2022 12:43:19 +0200
|
|
Subject: [PATCH] OpenSSL: Load legacy provider when needed for OpenSSL 3.0
|
|
|
|
Number of the older algorithms have now been moved into a separate
|
|
provider in OpenSSL 3.0 and they are not available by default.
|
|
Explicitly load the legacy provider when such an algorithm is needed for
|
|
the first time.
|
|
|
|
In addition, at least for now, load the legacy providers when initiating
|
|
TLS context to maintain existing functionality for various private key
|
|
formats.
|
|
|
|
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
|
|
---
|
|
src/crypto/crypto_openssl.c | 28 ++++++++++++++++++++++++++++
|
|
src/crypto/tls_openssl.c | 4 ++++
|
|
2 files changed, 32 insertions(+)
|
|
|
|
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
|
|
index bac260e11..0372fc3f7 100644
|
|
--- a/src/crypto/crypto_openssl.c
|
|
+++ b/src/crypto/crypto_openssl.c
|
|
@@ -24,6 +24,9 @@
|
|
#include <openssl/x509.h>
|
|
#include <openssl/pem.h>
|
|
#endif /* CONFIG_ECC */
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
+#include <openssl/provider.h>
|
|
+#endif /* OpenSSL version >= 3.0 */
|
|
|
|
#include "common.h"
|
|
#include "utils/const_time.h"
|
|
@@ -117,6 +120,26 @@ static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x)
|
|
}
|
|
#endif /* OpenSSL version < 1.1.0 */
|
|
|
|
+
|
|
+void openssl_load_legacy_provider(void)
|
|
+{
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
+ static bool loaded = false;
|
|
+ OSSL_PROVIDER *legacy;
|
|
+
|
|
+ if (loaded)
|
|
+ return;
|
|
+
|
|
+ legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
|
+
|
|
+ if (legacy) {
|
|
+ OSSL_PROVIDER_load(NULL, "default");
|
|
+ loaded = true;
|
|
+ }
|
|
+#endif /* OpenSSL version >= 3.0 */
|
|
+}
|
|
+
|
|
+
|
|
static BIGNUM * get_group5_prime(void)
|
|
{
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
|
@@ -223,6 +246,7 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
|
|
#ifndef CONFIG_FIPS
|
|
int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
|
|
{
|
|
+ openssl_load_legacy_provider();
|
|
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
|
|
}
|
|
#endif /* CONFIG_FIPS */
|
|
@@ -234,6 +258,8 @@ int des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
|
|
int i, plen, ret = -1;
|
|
EVP_CIPHER_CTX *ctx;
|
|
|
|
+ openssl_load_legacy_provider();
|
|
+
|
|
/* Add parity bits to the key */
|
|
next = 0;
|
|
for (i = 0; i < 7; i++) {
|
|
@@ -271,6 +297,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
|
|
int res = -1;
|
|
unsigned char skip_buf[16];
|
|
|
|
+ openssl_load_legacy_provider();
|
|
+
|
|
ctx = EVP_CIPHER_CTX_new();
|
|
if (!ctx ||
|
|
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
|
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
|
index 203b0f781..ad651bdc8 100644
|
|
--- a/src/crypto/tls_openssl.c
|
|
+++ b/src/crypto/tls_openssl.c
|
|
@@ -957,6 +957,10 @@ void * tls_init(const struct tls_config *conf)
|
|
const char *ciphers;
|
|
|
|
if (tls_openssl_ref_count == 0) {
|
|
+ void openssl_load_legacy_provider(void);
|
|
+
|
|
+ openssl_load_legacy_provider();
|
|
+
|
|
tls_global = context = tls_context_new(conf);
|
|
if (context == NULL)
|
|
return NULL;
|
|
--
|
|
2.34.1
|
|
|