diff options
| author | Simon Chopin <simon.chopin@canonical.com> | 2021-11-30 13:56:56 +0100 |
|---|---|---|
| committer | Patrick <tingping@tingping.se> | 2021-11-30 08:35:04 -0600 |
| commit | bbd60a96ecd0e190625c68bedca4e46928ee2b4d (patch) | |
| tree | 13210fa25f482b13d732e4487b26fa5f00fe5aa2 /plugins/fishlim/fish.c | |
| parent | 8443755772160e61679e3122190da18ba10d8878 (diff) | |
fish: enable the legacy provider if build against OpenSSL3
OpenSSL 3.0 disables a number of "legacy" algorithms by default, and we
need to enable them manually using their provider system. Note that
explicitly loading a provider will disable the implicit default
provider, which is why we need to load it explicitly.
Closes #2629
Signed-off-by: Simon Chopin <simon.chopin@canonical.com>
V2:
* use a local OSSL_LIB_CTX to avoid leaking the legacy algorithms
into the main SSL context.
* Simplify the fish_init() error paths by calling fish_deinit()
Diffstat (limited to 'plugins/fishlim/fish.c')
| -rw-r--r-- | plugins/fishlim/fish.c | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/plugins/fishlim/fish.c b/plugins/fishlim/fish.c index c2c2b9da..5a27e4cb 100644 --- a/plugins/fishlim/fish.c +++ b/plugins/fishlim/fish.c @@ -87,6 +87,54 @@ static const signed char fish_unbase64[256] = { dest |= (uint8_t)*((source)++); \ } while (0); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include <openssl/provider.h> +static OSSL_PROVIDER *legacy_provider; +static OSSL_PROVIDER *default_provider; +static OSSL_LIB_CTX* *ossl_ctx; +#endif + +int fish_init(void) +{ +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + ossl_ctx = OSSL_LIB_CTX_new(); + if (!ossl_ctx) + return 0; + + legacy_provider = OSSL_PROVIDER_load(ossl_ctx, "legacy"); + if (!legacy_provider) { + fish_deinit(); + return 0; + } + + default_provider = OSSL_PROVIDER_load(ossl_ctx, "default"); + if (!default_provider) { + fish_deinit(); + return 0; + } +#endif + return 1; +} + +void fish_deinit(void) +{ +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (legacy_provider) { + OSSL_PROVIDER_unload(legacy_provider); + legacy_provider = NULL; + } + + if (default_provider) { + OSSL_PROVIDER_unload(default_provider); + default_provider = NULL; + } + + if (ossl_ctx) { + OSSL_LIB_CTX_free(ossl_ctx); + ossl_ctx = NULL; + } +#endif +} /** * Encode ECB FiSH Base64 @@ -228,9 +276,19 @@ char *fish_cipher(const char *plaintext, size_t plaintext_len, const char *key, plaintext_len -= 8; } +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + cipher = EVP_CIPHER_fetch(ossl_ctx, "BF-CBC", NULL); +#else cipher = (EVP_CIPHER *) EVP_bf_cbc(); +#endif + } else if (mode == EVP_CIPH_ECB_MODE) { + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + cipher = EVP_CIPHER_fetch(ossl_ctx, "BF-ECB", NULL); +#else cipher = (EVP_CIPHER *) EVP_bf_ecb(); +#endif } /* Zero Padding */ |