diff options
| -rw-r--r-- | crypto/evp/evp_cnf.c | 4 | ||||
| -rw-r--r-- | crypto/evp/evp_fetch.c | 17 | ||||
| -rw-r--r-- | include/crypto/evp.h | 2 |
3 files changed, 16 insertions, 7 deletions
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 415712dffa..0e7fe64cf9 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -46,8 +46,8 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) * fips_mode is deprecated and should not be used in new * configurations. */ - if (!EVP_default_properties_enable_fips(NCONF_get0_libctx((CONF *)cnf), - m > 0)) { + if (!evp_default_properties_enable_fips_int( + NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 3067928030..5303cf8859 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -479,15 +479,16 @@ int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq) return evp_set_default_properties_int(libctx, propq, 1, 0); } -static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq) +static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq, + int loadconfig) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); OSSL_PROPERTY_LIST *pl1, *pl2; if (propq == NULL) return 1; if (plp == NULL || *plp == NULL) - return EVP_set_default_properties(libctx, propq); + return evp_set_default_properties_int(libctx, propq, 0, 0); if ((pl1 = ossl_parse_query(libctx, propq, 1)) == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR); return 0; @@ -518,11 +519,17 @@ int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx) return evp_default_property_is_enabled(libctx, "fips"); } -int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable) +int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, + int loadconfig) { const char *query = (enable != 0) ? "fips=yes" : "-fips"; - return evp_default_properties_merge(libctx, query); + return evp_default_properties_merge(libctx, query, loadconfig); +} + +int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable) +{ + return evp_default_properties_enable_fips_int(libctx, enable, 1); } char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig) diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 68aab33cae..41ac80ed9d 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -891,6 +891,8 @@ int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); # endif /* !defined(FIPS_MODULE) */ int evp_method_store_flush(OSSL_LIB_CTX *libctx); +int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, + int loadconfig); int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, int loadconfig, int mirrored); char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); |