new crypto provider: lmcry_ossl
The new ossl crypto provider encapsulates the ability to use log
encryption in the omfile module. It provides the same functionality
as gcry, additionaly:
* Algorithm are not hardcoded. We simply provide everything what
can be fetched via the EVP_CIPHER_fetch() call. The same applies
to the mode parameter.
* It does not add extra dependency to a new package. Distro
maintainers who are already using openssl do not need add
anything in particular. By default, if rsyslog is compiled
with --enable-openssl, the ossl crypto provider will also be
included in both omfile and also rscryutil.
* Side-channel vulnerability in libgcrypt - the Marvin Attack
https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
Some might be worried about other side-channel vulnerabilities
against it, like the Minerva Attack[1], and the Raccoon Attack[2],
given the way they handled one of the oldest, well known, and
most straightforward side-channel attacks. They did downgrade
their threat model as a result of Marvin too:
https://gnupg.org/documentation/security.html.
could only happen if file handle 0 was returned, what actuallyy
could not happen, as stdin is kept open by this command line tool.
Still fixing it to get rid of Coverity scan diagnostic.
Detected by Coverity scan, CID 185323
This permits an atomic check for error conditions and helps avoid
inconsistency between check and use of file name, which can also
pose security issues (not in the previous code, as the check was only
used for error-reporting).
Detected by Coverty scan, CID 185400
As it seems, different C compilers have different rules/interpretations
on inline functions. The current code base did not properly obey all C99
rules. We fix this by converting some functions to macros and others to
include the necessary C99 plumbing. We also remove some inline attributes
for functions where this seems to be to agressive (aka "function to big").
This fixes build problems in some environments and is a general code
cleanup measure.
