From: Pauli <pauli@openssl.org>
Date: Thu, 8 Jul 2021 01:24:05 +0000 (+1000)
Subject: apps: add a function opt_legacy_okay() that indicates if legacy paths are permitted... 
X-Git-Tag: openssl-3.0.0-beta2~78
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff215713655e721be505cc884aed5d1230c7759e;p=thirdparty%2Fopenssl.git

apps: add a function opt_legacy_okay() that indicates if legacy paths are permitted or not

By default they are.  However, if a provider, provider path or a property query has been specified
they are not.  Likewise, if a library context or a property query has been
specified by the command, they are not.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
---

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index a767023197a..a29d5829907 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -15,6 +15,12 @@
 # define _POSIX_C_SOURCE 2
 #endif
 
+#ifndef OPENSSL_NO_ENGINE
+/* We need to use some deprecated APIs */
+# define OPENSSL_SUPPRESS_DEPRECATED
+# include <openssl/engine.h>
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -3295,3 +3301,29 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
                      opt_getprog(), alg != NULL ? alg : "asymmetric");
     return res;
 }
+
+/*
+ * Return non-zero if the legacy path is still an option.
+ * This decision is based on the global command line operations and the
+ * behaviour thus far.
+ */
+int opt_legacy_okay(void)
+{
+    int provider_options = opt_provider_option_given();
+    int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *e = ENGINE_get_first();
+
+    if (e != NULL) {
+        ENGINE_free(e);
+        return 1;
+    }
+#endif
+    /*
+     * Having a provider option specified or a custom library context or
+     * property query, is a sure sign we're not using legacy.
+     */
+    if (provider_options || libctx)
+        return 0;
+    return 1;
+}