From ebe3f24b3d53e503bd37a2a08a8b1f896014c30d Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 13 Aug 2020 10:02:01 +1000 Subject: provider: disable fall-backs if OSSL_PROVIDER_load() fails. If an attempt is made to load a provider and it fails, the fall-back mechanism should be disabled to prevent the user getting some weird happening. E.g. a failure to load the FIPS provider should not allow the default to load as a fall-back. The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be loaded without disabling the fall-back mechanism if it fails. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12625) --- crypto/provider.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'crypto/provider.c') diff --git a/crypto/provider.c b/crypto/provider.c index 40c837d8c0..e05279b89d 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -13,7 +13,7 @@ #include #include "internal/provider.h" -OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) +OSSL_PROVIDER *OSSL_PROVIDER_try_load(OPENSSL_CTX *libctx, const char *name) { OSSL_PROVIDER *prov = NULL; @@ -30,6 +30,14 @@ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) return prov; } +OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) +{ + /* Any attempt to load a provider disables auto-loading of defaults */ + if (ossl_provider_disable_fallback_loading(libctx)) + return OSSL_PROVIDER_try_load(libctx, name); + return NULL; +} + int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov) { ossl_provider_free(prov); -- cgit v1.2.3