apps: add a function opt_legacy_okay() that indicates if legacy paths are permitted...

By default they are.  However, if a provider, provider path or a property query has been specified
they are not.  Likewise, if a library context or a property query has been
specified by the command, they are not.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index a767023197a2e60ced608a6f8f1ed73137e81cdb..a29d58299073446227e4204315ef7e115e73599b 100644 (file)
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -15,6 +15,12 @@
 # define _POSIX_C_SOURCE 2
 #endif
 
+#ifndef OPENSSL_NO_ENGINE
+/* We need to use some deprecated APIs */
+# define OPENSSL_SUPPRESS_DEPRECATED
+# include <openssl/engine.h>
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -3295,3 +3301,29 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
                      opt_getprog(), alg != NULL ? alg : "asymmetric");
     return res;
 }
+
+/*
+ * Return non-zero if the legacy path is still an option.
+ * This decision is based on the global command line operations and the
+ * behaviour thus far.
+ */
+int opt_legacy_okay(void)
+{
+    int provider_options = opt_provider_option_given();
+    int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *e = ENGINE_get_first();
+
+    if (e != NULL) {
+        ENGINE_free(e);
+        return 1;
+    }
+#endif
+    /*
+     * Having a provider option specified or a custom library context or
+     * property query, is a sure sign we're not using legacy.
+     */
+    if (provider_options || libctx)
+        return 0;
+    return 1;
+}