From 0143dc1cb6404f13f6fee6da192a486038e79a9f Mon Sep 17 00:00:00 2001 From: Norman Hamer Date: Mon, 31 Oct 2022 23:06:22 +0000 Subject: [PATCH] OpenSSL: Load OpenSSL 3.0 legacy provider but let default be loaded The default provider is being loaded here explicitly only because OSSL_PROVIDER_load() disables the fallback provider loading (on either success or failure). If the legacy provider fails to load, which it may in some configurations, it will never load the default provider. Just use the formulation which attempts to load without changing the fallback behavior. "default" will still be/only be loaded if no other provider (notably FIPS) is loaded to provide algorithms. Signed-off-by: Norman Hamer --- src/crypto/crypto_openssl.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index c8013a892..8f220bb1a 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -182,7 +182,6 @@ static int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, #if OPENSSL_VERSION_NUMBER >= 0x30000000L -static OSSL_PROVIDER *openssl_default_provider = NULL; static OSSL_PROVIDER *openssl_legacy_provider = NULL; #endif /* OpenSSL version >= 3.0 */ @@ -192,9 +191,7 @@ void openssl_load_legacy_provider(void) if (openssl_legacy_provider) return; - openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); - if (openssl_legacy_provider && !openssl_default_provider) - openssl_default_provider = OSSL_PROVIDER_load(NULL, "default"); + openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL, "legacy", 1); #endif /* OpenSSL version >= 3.0 */ } @@ -206,10 +203,6 @@ static void openssl_unload_legacy_provider(void) OSSL_PROVIDER_unload(openssl_legacy_provider); openssl_legacy_provider = NULL; } - if (openssl_default_provider) { - OSSL_PROVIDER_unload(openssl_default_provider); - openssl_default_provider = NULL; - } #endif /* OpenSSL version >= 3.0 */ }