root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Ensure that our fips internal provider is always loaded 

The fips provider has an internal provider. In some circumstances we
could end up trying to find it, but failing because it hasn't been loaded
yet. We just always ensure it is loaded early to avoid this.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27408)

(cherry picked from commit 6ff4c1d874)
This commit is contained in:
Matt Caswell 2025-04-16 12:20:10 +01:00 committed by Tomas Mraz
parent 83a0e62091
commit aa824cb9e8
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/provider_core.c
View File

@ -1511,6 +1511,16 @@ static int provider_activate_fallbacks(struct provider_store_st *store)
return ret; return ret;
} }
int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx)
{
struct provider_store_st *store = get_provider_store(ctx);
if (store == NULL)
return 0;
return provider_activate_fallbacks(store);
}
int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
int (*cb)(OSSL_PROVIDER *provider, int (*cb)(OSSL_PROVIDER *provider,
void *cbdata), void *cbdata),

3
include/internal/provider.h
View File

@ -61,6 +61,9 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
/* Return pointer to the provider's context */ /* Return pointer to the provider's context */
void *ossl_provider_ctx(const OSSL_PROVIDER *prov); void *ossl_provider_ctx(const OSSL_PROVIDER *prov);
/* Force loading of fallback providers if necessary */
int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx);
/* Iterate over all loaded providers */ /* Iterate over all loaded providers */
int ossl_provider_doall_activated(OSSL_LIB_CTX *, int ossl_provider_doall_activated(OSSL_LIB_CTX *,
int (*cb)(OSSL_PROVIDER *provider, int (*cb)(OSSL_PROVIDER *provider,

10
providers/fips/fipsprov.c
View File

@ -17,6 +17,7 @@
#include <openssl/proverr.h> #include <openssl/proverr.h>
#include <openssl/indicator.h> #include <openssl/indicator.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include "internal/provider.h"
#include "prov/implementations.h" #include "prov/implementations.h"
#include "prov/names.h" #include "prov/names.h"
#include "prov/provider_ctx.h" #include "prov/provider_ctx.h"
@ -886,6 +887,15 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
if (!ossl_thread_register_fips(libctx)) if (!ossl_thread_register_fips(libctx))
goto err; goto err;
/*
* Ensure our internal provider is loaded. We use this whenever the FIPS
* provider internally uses the EVP API. We proactively load this now
* rather than waiting for lazy loading to ensure it is always present when
* we need it.
*/
if (!ossl_provider_activate_fallbacks(libctx))
goto err;
/* /*
* We did initial set up of selftest_params in a local copy, because we * We did initial set up of selftest_params in a local copy, because we
* could not create fgbl until c_CRYPTO_zalloc was defined in the loop * could not create fgbl until c_CRYPTO_zalloc was defined in the loop