Ensure any default_properties still apply even in the event of a provider load failure

We don't treat a failure to load a provider as a fatal error. If it is fatal then
we give up attempting to load the config file - including reading any default
properties. Additionally if an attempt has been made to load a provider then we
disable fallback loading.

Fixes #16166

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16168)

diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index 1d4e695fb89441354db6b5f9be0c5fc5c10d73ce..fe66e1158e771ce4fd2fd135513c4a782543347a 100644 (file)
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -156,6 +156,16 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
     }
 
     if (activate) {
+        /*
+        * There is an attempt to activate a provider, so we should disable
+        * loading of fallbacks. Otherwise a misconfiguration could mean the
+        * intended provider does not get loaded. Subsequent fetches could then
+        * fallback to the default provider - which may be the wrong thing.
+        */
+        if (!ossl_provider_disable_fallback_loading(libctx)) {
+            ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
         prov = ossl_provider_find(libctx, name, 1);
         if (prov == NULL)
             prov = ossl_provider_new(libctx, name, NULL, 1);
@@ -215,7 +225,11 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
 
     }
 
-    return ok;
+    /*
+     * Even if ok is 0, we still return success. Failure to load a provider is
+     * not fatal. We want to continue to load the rest of the config file.
+     */
+    return 1;
 }
 
 static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)