From 236d5d8f72cd2cfcddf0e01bd7dfa7960c9d9e14 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 12 Feb 2025 10:08:09 +1100 Subject: [PATCH] fips: FIPS ignores property queries for internal algorithm fetches Reviewed-by: Tim Hudson Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26714) --- crypto/evp/evp_fetch.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 915d55c9830..349b06ed723 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -250,7 +250,7 @@ static void destruct_evp_method(void *method, void *data) static void * inner_evp_generic_fetch(struct evp_method_data_st *methdata, OSSL_PROVIDER *prov, int operation_id, - const char *name, const char *properties, + const char *name, ossl_unused const char *properties, void *(*new_method)(int name_id, const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov), @@ -259,7 +259,17 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, { OSSL_METHOD_STORE *store = get_evp_method_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); +#ifdef FIPS_MODULE + /* + * The FIPS provider has its own internal library context where only it + * is loaded. Consequently, property queries aren't relevant because + * there is only one fetchable algorithm and it is assumed that the + * FIPS-ness is handled by the using algorithm. + */ + const char *const propq = ""; +#else const char *const propq = properties != NULL ? properties : ""; +#endif /* FIPS_MODULE */ uint32_t meth_id = 0; void *method = NULL; int unsupported, name_id; -- 2.47.2