provider: disable fall-backs if OSSL_PROVIDER_load() fails.
authorPauli <paul.dale@oracle.com>
Thu, 13 Aug 2020 00:02:01 +0000 (10:02 +1000)
committerPauli <paul.dale@oracle.com>
Fri, 14 Aug 2020 08:17:47 +0000 (18:17 +1000)
commitebe3f24b3d53e503bd37a2a08a8b1f896014c30d
tree156ad137c65c0d07aec2b93c55bba095ca845c5f
parent0e53cd5207615038de8496684d9aa3a18d50c388
provider: disable fall-backs if OSSL_PROVIDER_load() fails.

If an attempt is made to load a provider and it fails, the fall-back mechanism
should be disabled to prevent the user getting some weird happening.  E.g. a
failure to load the FIPS provider should not allow the default to load as a
fall-back.

The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be
loaded without disabling the fall-back mechanism if it fails.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12625)
crypto/provider.c
crypto/provider_core.c
doc/man3/OSSL_PROVIDER.pod
include/internal/provider.h
include/openssl/provider.h
util/libcrypto.num