/*
* Internal version that doesn't affect the store flags, and thereby avoid
* locking. Direct callers must remember to set the store flags when
- * appropriate
+ * appropriate. The libctx parameter is only necessary when FIPS_MODE is set
+ * (i.e. we are being called from inside the FIPS module) - it is ignored for
+ * other uses.
*/
-static int provider_activate(OSSL_PROVIDER *prov)
+static int provider_activate(OSSL_PROVIDER *prov, OPENSSL_CTX *libctx)
{
const OSSL_DISPATCH *provider_dispatch = NULL;
#endif
}
+ /*
+ * We call the initialise function for the provider.
+ *
+ * If FIPS_MODE is defined then we are inside the FIPS module and are about
+ * to recursively initialise ourselves. We need to do this so that we can
+ * get all the provider callback functions set up in order for us to be able
+ * to make EVP calls from within the FIPS module itself. Only algorithms
+ * from the FIPS module itself are available via the FIPS module EVP
+ * interface, i.e. we only ever have one provider available inside the FIPS
+ * module - the FIPS provider itself.
+ *
+ * For modules in general we cannot know what value will be used for the
+ * provctx - it is a "black box". But for the FIPS module we know that the
+ * provctx is really a library context. We default the provctx value to the
+ * same library context as was used for the EVP call that caused this call
+ * to "provider_activate".
+ */
+#ifdef FIPS_MODE
+ prov->provctx = libctx;
+#endif
if (prov->init_function == NULL
|| !prov->init_function(prov, core_dispatch, &provider_dispatch,
&prov->provctx)) {
int ossl_provider_activate(OSSL_PROVIDER *prov)
{
- if (provider_activate(prov)) {
+ if (provider_activate(prov, NULL)) {
CRYPTO_THREAD_write_lock(prov->store->lock);
prov->store->use_fallbacks = 0;
CRYPTO_THREAD_unlock(prov->store->lock);
*/
if (prov->flag_fallback) {
activated_fallback_count++;
- provider_activate(prov);
+ provider_activate(prov, ctx);
}
}
projects / openssl.git / blobdiff