GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that our fips internal provider is always loaded

Browse Source 
The fips provider has an internal provider. In some circumstances we
could end up trying to find it, but failing because it hasn't been loaded
yet. We just always ensure it is loaded early to avoid this.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)
This commit is contained in:
Matt Caswell
2025-04-16 12:20:10 +01:00
committed by Tomas Mraz
parent 606de509e3
commit 6ff4c1d874
3 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crypto/provider_core.c
+10
View File
@@ -1511,6 +1511,16 @@ static int provider_activate_fallbacks(struct provider_store_st *store)
return ret;
}
int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx)
{
struct provider_store_st *store = get_provider_store(ctx);
if (store == NULL)
return 0;
return provider_activate_fallbacks(store);
}
int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
int (*cb)(OSSL_PROVIDER *provider,
void *cbdata),
include/internal/provider.h
+3
View File
@@ -61,6 +61,9 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
/* Return pointer to the provider's context */
void *ossl_provider_ctx(const OSSL_PROVIDER *prov);
/* Force loading of fallback providers if necessary */
int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx);
/* Iterate over all loaded providers */
int ossl_provider_doall_activated(OSSL_LIB_CTX *,
int (*cb)(OSSL_PROVIDER *provider,
providers/fips/fipsprov.c
+10
View File
@@ -17,6 +17,7 @@
#include <openssl/proverr.h>
#include <openssl/indicator.h>
#include "internal/cryptlib.h"
#include "internal/provider.h"
#include "prov/implementations.h"
#include "prov/names.h"
#include "prov/provider_ctx.h"
@@ -904,6 +905,15 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
if (!ossl_thread_register_fips(libctx))
goto err;
/*
* Ensure our internal provider is loaded. We use this whenever the FIPS
* provider internally uses the EVP API. We proactively load this now
* rather than waiting for lazy loading to ensure it is always present when
* we need it.
*/
if (!ossl_provider_activate_fallbacks(libctx))
goto err;
/*
* We did initial set up of selftest_params in a local copy, because we
* could not create fgbl until c_CRYPTO_zalloc was defined in the loop