From: Matt Caswell Date: Tue, 9 Nov 2021 14:20:31 +0000 (+0000) Subject: Correctly activate the provider in OSSL_PROVIDER_try_load X-Git-Tag: openssl-3.2.0-alpha1~3345 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e8ed3e596162d7490b26fb12e58af5208f52402;p=thirdparty%2Fopenssl.git Correctly activate the provider in OSSL_PROVIDER_try_load If during OSSL_PROVIDER_try_load() we attempt to load a provider, but adding to the store gives back a different provider, then we need to ensure this different provider has its activation count increased. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16980) --- diff --git a/crypto/provider.c b/crypto/provider.c index 974c636bc10..114b4269294 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -39,6 +39,12 @@ OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name, ossl_provider_free(prov); return NULL; } + if (actual != prov) { + if (!ossl_provider_activate(actual, 1, 0)) { + ossl_provider_free(actual); + return NULL; + } + } return actual; } diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 7acfe495646..c13c887c3d4 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -224,11 +224,22 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { ossl_provider_deactivate(prov, 1); ok = 0; + } else if (actual != prov + && !ossl_provider_activate(actual, 1, 0)) { + ossl_provider_free(actual); + ok = 0; } else { if (pcgbl->activated_providers == NULL) pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); - sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); - ok = 1; + if (pcgbl->activated_providers == NULL + || !sk_OSSL_PROVIDER_push(pcgbl->activated_providers, + actual)) { + ossl_provider_deactivate(actual, 1); + ossl_provider_free(actual); + ok = 0; + } else { + ok = 1; + } } } if (!ok)