Move legacy ciphers into the legacy provider

DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider.
Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c).
3 test recipes failed due to using app/openssl calls that used legacy ciphers.
These calls have been updated to supply both the default and legacy providers.
Fixed openssl app '-provider' memory leak

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11419)

4 files changed, 27 insertions, 2 deletions

diff --git a/apps/include/apps.h b/apps/include/apps.h
index 90f9c2bbe6..f43c12dbf1 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -286,5 +286,6 @@ extern VERIFY_CB_ARGS verify_args;
 OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
                                      const OSSL_PARAM *paramdefs);
 void app_params_free(OSSL_PARAM *params);
+void app_providers_cleanup(void);
 
 #endif
diff --git a/apps/include/opt.h b/apps/include/opt.h
index b4257cca7d..9f82b6f04f 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -275,8 +275,8 @@
 
 # define OPT_PROV_OPTIONS \
         OPT_SECTION("Provider"), \
-        { "provider", OPT_PROV_PROVIDER, 's', "Provder to load (can be specified multiple times)" }, \
-        { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path" }
+        { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
+        { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }
 
 # define OPT_PROV_CASES \
         OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index ac01e8826b..ca24328a2e 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -10,12 +10,17 @@
 #include "apps.h"
 #include <openssl/err.h>
 #include <openssl/provider.h>
+#include <openssl/safestack.h>
+
+DEFINE_STACK_OF(OSSL_PROVIDER)
 
 /*
  * See comments in opt_verify for explanation of this.
  */
 enum prov_range { OPT_PROV_ENUM };
 
+static STACK_OF(OSSL_PROVIDER) *app_providers = NULL;
+
 static int opt_provider_load(const char *provider)
 {
     OSSL_PROVIDER *prov;
@@ -26,9 +31,27 @@ static int opt_provider_load(const char *provider)
                           opt_getprog(), provider);
         return 0;
     }
+    if (app_providers == NULL)
+        app_providers = sk_OSSL_PROVIDER_new_null();
+    if (app_providers == NULL
+        || !sk_OSSL_PROVIDER_push(app_providers, prov)) {
+        app_providers_cleanup();
+        return 0;
+    }
     return 1;
 }
 
+static void provider_free(OSSL_PROVIDER *prov)
+{
+    OSSL_PROVIDER_unload(prov);
+}
+
+void app_providers_cleanup(void)
+{
+    sk_OSSL_PROVIDER_pop_free(app_providers, provider_free);
+    app_providers = NULL;
+}
+
 static int opt_provider_path(const char *path)
 {
     if (path != NULL && *path == '\0')
diff --git a/apps/openssl.c b/apps/openssl.c
index cafe4046e6..558f662e14 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -368,6 +368,7 @@ int main(int argc, char *argv[])
     }
     ret = 1;
  end:
+    app_providers_cleanup();
     OPENSSL_free(default_config_file);
     lh_FUNCTION_free(prog);
     OPENSSL_free(arg.argv);