[PATCH] Load OpenSSL 3.0 legacy provider but let default be loaded

Norman Hamer NHamer at absolute.com
Mon Oct 31 16:06:22 PDT 2022


The default provider is being loaded here explicitly only because OSSL_PROVIDER_load disables
the fallback provider loading (on either success or failure). If the legacy provider fails to
load, which it may in some configurations, it will never load the default provider.

Just use the formulation which attempts to load without changing the fallback behavior.

"default" will still be/only be loaded if no other provider (notably FIPS) is loaded to provide algorithms

Signed-off-by: Norman Hamer <nhamer at absolute.com>
---
 src/crypto/crypto_openssl.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 2c591890a..700638761 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -182,7 +182,6 @@ static int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
 
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-static OSSL_PROVIDER *openssl_default_provider = NULL;
 static OSSL_PROVIDER *openssl_legacy_provider = NULL;
 #endif /* OpenSSL version >= 3.0 */
 
@@ -192,9 +191,7 @@ void openssl_load_legacy_provider(void)
 	if (openssl_legacy_provider)
 		return;
 
-	openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
-	if (openssl_legacy_provider && !openssl_default_provider)
-		openssl_default_provider = OSSL_PROVIDER_load(NULL, "default");
+	openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL, "legacy", 1);
 #endif /* OpenSSL version >= 3.0 */
 }
 
@@ -206,10 +203,6 @@ static void openssl_unload_legacy_provider(void)
 		OSSL_PROVIDER_unload(openssl_legacy_provider);
 		openssl_legacy_provider = NULL;
 	}
-	if (openssl_default_provider) {
-		OSSL_PROVIDER_unload(openssl_default_provider);
-		openssl_default_provider = NULL;
-	}
 #endif /* OpenSSL version >= 3.0 */
 }
 
-- 
2.28.0.windows.1




More information about the Hostap mailing list