diff options
| author | Matt Caswell <matt@openssl.org> | 2021-08-17 10:32:49 +0100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-08-27 09:51:00 +1000 |
| commit | 6f25d3c47995c6e4948212950566dfbe541904df (patch) | |
| tree | 2ead73ebce4133114921b345d8c23c00237dcce6 /crypto/provider_conf.c | |
| parent | 4fdb0d2535323373650bd68e7a659f9320828857 (diff) | |
When activating providers via config check we've not already activated them
We skip the activation if we already configured them.
Fixes #16250
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16425)
Diffstat (limited to 'crypto/provider_conf.c')
| -rw-r--r-- | crypto/provider_conf.c | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index fe66e1158e..7689301b75 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -12,6 +12,7 @@ #include <openssl/err.h> #include <openssl/conf.h> #include <openssl/safestack.h> +#include <openssl/provider.h> #include "internal/provider.h" #include "internal/cryptlib.h" #include "provider_local.h" @@ -107,6 +108,26 @@ static int provider_conf_params(OSSL_PROVIDER *prov, return ok; } +static int prov_already_activated(const char *name, + STACK_OF(OSSL_PROVIDER) *activated) +{ + int i, max; + + if (activated == NULL) + return 0; + + max = sk_OSSL_PROVIDER_num(activated); + for (i = 0; i < max; i++) { + OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i); + + if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) { + return 1; + } + } + + return 0; +} + static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, const char *value, const CONF *cnf) { @@ -155,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, activate = 1; } - if (activate) { + if (activate && !prov_already_activated(name, pcgbl->activated_providers)) { /* * There is an attempt to activate a provider, so we should disable * loading of fallbacks. Otherwise a misconfiguration could mean the @@ -196,7 +217,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, if (!ok) ossl_provider_free(prov); - } else { + } else if (!activate) { OSSL_PROVIDER_INFO entry; memset(&entry, 0, sizeof(entry)); |