OpenSSL: Load OpenSSL 3.0 legacy provider but let default be loaded

The default provider is being loaded here explicitly only because
OSSL_PROVIDER_load() disables the fallback provider loading (on either
success or failure). If the legacy provider fails to load, which it may
in some configurations, it will never load the default provider.

Just use the formulation which attempts to load without changing the
fallback behavior.

"default" will still be/only be loaded if no other provider (notably
FIPS) is loaded to provide algorithms.

Signed-off-by: Norman Hamer <nhamer@absolute.com>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index c8013a89274fd4cb4f12f00961d83644828ecde7..8f220bb1a88038753342636b9af9775a75eec217 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -182,7 +182,6 @@ static int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
 
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-static OSSL_PROVIDER *openssl_default_provider = NULL;
 static OSSL_PROVIDER *openssl_legacy_provider = NULL;
 #endif /* OpenSSL version >= 3.0 */
 
@@ -192,9 +191,7 @@ void openssl_load_legacy_provider(void)
        if (openssl_legacy_provider)
                return;
 
-       openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
-       if (openssl_legacy_provider && !openssl_default_provider)
-               openssl_default_provider = OSSL_PROVIDER_load(NULL, "default");
+       openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL, "legacy", 1);
 #endif /* OpenSSL version >= 3.0 */
 }
 
@@ -206,10 +203,6 @@ static void openssl_unload_legacy_provider(void)
                OSSL_PROVIDER_unload(openssl_legacy_provider);
                openssl_legacy_provider = NULL;
        }
-       if (openssl_default_provider) {
-               OSSL_PROVIDER_unload(openssl_default_provider);
-               openssl_default_provider = NULL;
-       }
 #endif /* OpenSSL version >= 3.0 */
 }