Don't create an OPENSSL_CTX twice
authorMatt Caswell <matt@openssl.org>
Tue, 18 Jun 2019 17:36:36 +0000 (18:36 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 19 Jun 2019 08:59:10 +0000 (09:59 +0100)
The fips provider was creating the OPENSSL_CTX twice due to a previous
merge error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9184)

providers/fips/fipsprov.c

index a30ece8..61729e5 100644 (file)
@@ -216,18 +216,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
                        void **provctx)
 {
     FIPS_GLOBAL *fgbl;
-    OPENSSL_CTX *ctx = OPENSSL_CTX_new();
-
-    if (ctx == NULL)
-        return 0;
-
-    fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
-                                &fips_prov_ossl_ctx_method);
-
-    if (fgbl == NULL)
-        goto err;
-
-    fgbl->prov = provider;
+    OPENSSL_CTX *ctx;
 
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
@@ -256,6 +245,14 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
     if (ctx == NULL)
         return 0;
 
+    fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
+                                &fips_prov_ossl_ctx_method);
+
+    if (fgbl == NULL)
+        goto err;
+
+    fgbl->prov = provider;
+
     *out = fips_dispatch_table;
     *provctx = ctx;