From 29ea07ef66be59c8ab62058b2ce3e92765e2be10 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 13 Sep 2021 14:48:15 +0200
Subject: [PATCH 02/11] OpenSSL backend: make legacy for OpenSSL3 optional and
 report loaded providers

---
 lib/crypto_backend/crypto_openssl.c | 48 +++++++++++++++++++----------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c
index a5ec4048..92eeb33c 100644
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -45,6 +45,7 @@
 static OSSL_PROVIDER *ossl_legacy = NULL;
 static OSSL_PROVIDER *ossl_default = NULL;
 static OSSL_LIB_CTX  *ossl_ctx = NULL;
+static char backend_version[256] = "OpenSSL";
 #endif
 
 #define CONST_CAST(x) (x)(uintptr_t)
@@ -133,12 +134,30 @@ static void HMAC_CTX_free(HMAC_CTX *md)
 	free(md);
 }
 #else
+static void openssl_backend_exit(void)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+	if (ossl_legacy)
+		OSSL_PROVIDER_unload(ossl_legacy);
+	if (ossl_default)
+		OSSL_PROVIDER_unload(ossl_default);
+	if (ossl_ctx)
+		OSSL_LIB_CTX_free(ossl_ctx);
+
+	ossl_legacy = NULL;
+	ossl_default = NULL;
+	ossl_ctx = NULL;
+#endif
+}
+
 static int openssl_backend_init(void)
 {
 /*
  * OpenSSL >= 3.0.0 provides some algorithms in legacy provider
  */
 #if OPENSSL_VERSION_MAJOR >= 3
+	int r;
+
 	ossl_ctx = OSSL_LIB_CTX_new();
 	if (!ossl_ctx)
 		return -EINVAL;
@@ -151,30 +170,27 @@ static int openssl_backend_init(void)
 
 	/* Optional */
 	ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0);
+
+	r = snprintf(backend_version, sizeof(backend_version), "%s %s%s",
+		OpenSSL_version(OPENSSL_VERSION),
+		ossl_default ? "[default]" : "",
+		ossl_legacy  ? "[legacy]" : "");
+	if (r < 0 || (size_t)r >= sizeof(backend_version)) {
+		openssl_backend_exit();
+		return -EINVAL;
+	}
 #endif
 	return 0;
 }
 
-static void openssl_backend_exit(void)
+static const char *openssl_backend_version(void)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
-	if (ossl_legacy)
-		OSSL_PROVIDER_unload(ossl_legacy);
-	if (ossl_default)
-		OSSL_PROVIDER_unload(ossl_default);
-	if (ossl_ctx)
-		OSSL_LIB_CTX_free(ossl_ctx);
-
-	ossl_legacy = NULL;
-	ossl_default = NULL;
-	ossl_ctx = NULL;
+	return backend_version;
+#else
+	return OpenSSL_version(OPENSSL_VERSION);
 #endif
 }
-
-static const char *openssl_backend_version(void)
-{
-    return OpenSSL_version(OPENSSL_VERSION);
-}
 #endif
 
 int crypt_backend_init(void)
-- 
2.27.0