new crypto provider: lmcry_ossl
The new ossl crypto provider encapsulates the ability to use log
encryption in the omfile module. It provides the same functionality
as gcry, additionaly:
* Algorithm are not hardcoded. We simply provide everything what
can be fetched via the EVP_CIPHER_fetch() call. The same applies
to the mode parameter.
* It does not add extra dependency to a new package. Distro
maintainers who are already using openssl do not need add
anything in particular. By default, if rsyslog is compiled
with --enable-openssl, the ossl crypto provider will also be
included in both omfile and also rscryutil.
* Side-channel vulnerability in libgcrypt - the Marvin Attack
https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
Some might be worried about other side-channel vulnerabilities
against it, like the Minerva Attack[1], and the Raccoon Attack[2],
given the way they handled one of the oldest, well known, and
most straightforward side-channel attacks. They did downgrade
their threat model as a result of Marvin too:
https://gnupg.org/documentation/security.html.
