diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-09-14 09:34:32 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-09-15 14:08:33 +0200 |
commit | 3f9c95824593b8d57ac0227591e4c338fc98c5f9 (patch) | |
tree | ece0520bc4f34895061f4fececb9878f204a5485 /providers/common | |
parent | 42ea0a86e89d84c2d649b268ebbfb43a9344d33e (diff) |
providers: Do not use global EVP_CIPHERs and EVP_MDs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16600)
(cherry picked from commit e59bfbaa2dbd680f77e1121e382502bd522a466c)
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/provider_util.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 662175c2f3..fcfbab632d 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -16,6 +16,7 @@ #include <openssl/proverr.h> #ifndef FIPS_MODULE # include <openssl/engine.h> +# include "crypto/evp.h" #endif #include "prov/provider_util.h" #include "internal/nelem.h" @@ -90,8 +91,14 @@ int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc, ERR_set_mark(); pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery); #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */ - if (pc->cipher == NULL) - pc->cipher = EVP_get_cipherbyname(p->data); + if (pc->cipher == NULL) { + const EVP_CIPHER *cipher; + + cipher = EVP_get_cipherbyname(p->data); + /* Do not use global EVP_CIPHERs */ + if (cipher != NULL && cipher->origin != EVP_ORIG_GLOBAL) + pc->cipher = cipher; + } #endif if (pc->cipher != NULL) ERR_pop_to_mark(); @@ -159,8 +166,14 @@ int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, ERR_set_mark(); ossl_prov_digest_fetch(pd, ctx, p->data, propquery); #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */ - if (pd->md == NULL) - pd->md = EVP_get_digestbyname(p->data); + if (pd->md == NULL) { + const EVP_MD *md; + + md = EVP_get_digestbyname(p->data); + /* Do not use global EVP_MDs */ + if (md != NULL && md->origin != EVP_ORIG_GLOBAL) + pd->md = md; + } #endif if (pd->md != NULL) ERR_pop_to_mark(); |