diff options
author | Pauli <paul.dale@oracle.com> | 2020-08-13 10:02:01 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-08-14 18:17:47 +1000 |
commit | ebe3f24b3d53e503bd37a2a08a8b1f896014c30d (patch) | |
tree | 156ad137c65c0d07aec2b93c55bba095ca845c5f /crypto/provider.c | |
parent | 0e53cd5207615038de8496684d9aa3a18d50c388 (diff) |
provider: disable fall-backs if OSSL_PROVIDER_load() fails.
If an attempt is made to load a provider and it fails, the fall-back mechanism
should be disabled to prevent the user getting some weird happening. E.g. a
failure to load the FIPS provider should not allow the default to load as a
fall-back.
The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be
loaded without disabling the fall-back mechanism if it fails.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12625)
Diffstat (limited to 'crypto/provider.c')
-rw-r--r-- | crypto/provider.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/provider.c b/crypto/provider.c index 40c837d8c0..e05279b89d 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -13,7 +13,7 @@ #include <openssl/core_names.h> #include "internal/provider.h" -OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) +OSSL_PROVIDER *OSSL_PROVIDER_try_load(OPENSSL_CTX *libctx, const char *name) { OSSL_PROVIDER *prov = NULL; @@ -30,6 +30,14 @@ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) return prov; } +OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) +{ + /* Any attempt to load a provider disables auto-loading of defaults */ + if (ossl_provider_disable_fallback_loading(libctx)) + return OSSL_PROVIDER_try_load(libctx, name); + return NULL; +} + int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov) { ossl_provider_free(prov); |