From 4e6930e029ff44d31b71c3415a9f5fc90c544a56 Mon Sep 17 00:00:00 2001
From: Daniel Skinstad Drabitzius <daniel.drabitzius@northern.tech>
Date: Thu, 3 Oct 2024 20:25:18 +0200
Subject: [PATCH 1/2] chore: remove redundant parenthesis

Ticket: None

Signed-off-by: Daniel Skinstad Drabitzius <daniel.drabitzius@northern.tech>
(cherry picked from commit a62364125c2656b44ce582c991a90dad66e4d695)
---
 src/common/crypto/platform/openssl/crypto.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/common/crypto/platform/openssl/crypto.cpp b/src/common/crypto/platform/openssl/crypto.cpp
index 44c7e4a77..70931c6b5 100644
--- a/src/common/crypto/platform/openssl/crypto.cpp
+++ b/src/common/crypto/platform/openssl/crypto.cpp
@@ -283,7 +283,7 @@ ExpectedPrivateKey LoadFrom(const Args &args) {
 
 ExpectedPrivateKey PrivateKey::Load(const Args &args) {
 	// Load OpenSSL config
-	if ((CONF_modules_load_file(nullptr, nullptr, 0) != OPENSSL_SUCCESS)) {
+	if (CONF_modules_load_file(nullptr, nullptr, 0) != OPENSSL_SUCCESS) {
 		log::Warning("Failed to load OpenSSL configuration file: " + GetOpenSSLErrorMessage());
 	}
 

From 717ed2a4461183cab122b95413ebc77c24f0e10a Mon Sep 17 00:00:00 2001
From: Daniel Skinstad Drabitzius <daniel.drabitzius@northern.tech>
Date: Thu, 3 Oct 2024 20:25:19 +0200
Subject: [PATCH 2/2] fix: explicitly initialize ssl

From the OpenSSL man pages:
Numerous internal OpenSSL functions call OPENSSL_init_ssl().
Therefore, in order to perform nondefault initialisation,
OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls.
See: https://docs.openssl.org/3.3/man3/OPENSSL_init_ssl/#description

This fixes errors where e.g. the openssl config configures ssl_conf,
which requires ssl to be initialized.

Ticket: MEN-7549
Changelog: Fix error while loading OpenSSL config file, by explicitly
initializing the SSL context prior to loading. Without the explicit
initialisation of SSL, the config might not be properly loaded if e.g.
it has sections specifying ssl settings. This was the case with the
example configuration for OpenSSL 1.1.1w from Debian Bullseye.

Signed-off-by: Daniel Skinstad Drabitzius <daniel.drabitzius@northern.tech>
(cherry picked from commit 4a3d82b834d5c7e7cbc850189d5e1afd54c53a74)
---
 src/common/crypto/platform/openssl/crypto.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/common/crypto/platform/openssl/crypto.cpp b/src/common/crypto/platform/openssl/crypto.cpp
index 70931c6b5..39d5baeb7 100644
--- a/src/common/crypto/platform/openssl/crypto.cpp
+++ b/src/common/crypto/platform/openssl/crypto.cpp
@@ -26,6 +26,7 @@
 #include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/ui.h>
+#include <openssl/ssl.h>
 #ifndef MENDER_CRYPTO_OPENSSL_LEGACY
 #include <openssl/provider.h>
 #include <openssl/store.h>
@@ -282,6 +283,13 @@ ExpectedPrivateKey LoadFrom(const Args &args) {
 #endif // ndef MENDER_CRYPTO_OPENSSL_LEGACY
 
 ExpectedPrivateKey PrivateKey::Load(const Args &args) {
+	// Numerous internal OpenSSL functions call OPENSSL_init_ssl().
+	// Therefore, in order to perform nondefault initialisation,
+	// OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function
+	// calls. See: https://docs.openssl.org/3.3/man3/OPENSSL_init_ssl/#description
+	if (OPENSSL_init_ssl(0, nullptr) != OPENSSL_SUCCESS) {
+		log::Warning("Error initializing libssl: " + GetOpenSSLErrorMessage());
+	}
 	// Load OpenSSL config
 	if (CONF_modules_load_file(nullptr, nullptr, 0) != OPENSSL_SUCCESS) {
 		log::Warning("Failed to load OpenSSL configuration file: " + GetOpenSSLErrorMessage());