CORE: Attach the provider context to the provider late
authorRichard Levitte <levitte@openssl.org>
Mon, 11 May 2020 09:10:41 +0000 (11:10 +0200)
committerRichard Levitte <levitte@openssl.org>
Tue, 12 May 2020 09:32:40 +0000 (11:32 +0200)
There are concerns that if |prov->provctx| is populated early,
sensitive information may leak from the provider.  Therefore, we use a
temporary variable, and only assign it to |prov->provctx| when the
provider init function has returned successfully.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11777)

crypto/provider_core.c

index b100e5a..1cbe369 100644 (file)
@@ -418,6 +418,7 @@ int OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *libctx, const char *path)
 static int provider_activate(OSSL_PROVIDER *prov)
 {
     const OSSL_DISPATCH *provider_dispatch = NULL;
+    void *tmp_provctx = NULL;    /* safety measure */
 #ifndef OPENSSL_NO_ERR
 # ifndef FIPS_MODULE
     OSSL_provider_get_reason_strings_fn *p_get_reason_strings = NULL;
@@ -488,7 +489,7 @@ static int provider_activate(OSSL_PROVIDER *prov)
     /* Call the initialise function for the provider. */
     if (prov->init_function == NULL
         || !prov->init_function(prov, core_dispatch, &provider_dispatch,
-                                &prov->provctx)) {
+                                &tmp_provctx)) {
         ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL,
                        "name=%s", prov->name);
 #ifndef FIPS_MODULE
@@ -497,6 +498,7 @@ static int provider_activate(OSSL_PROVIDER *prov)
 #endif
         return 0;
     }
+    prov->provctx = tmp_provctx;
 
     for (; provider_dispatch->function_id != 0; provider_dispatch++) {
         switch (provider_dispatch->function_id) {