provider: disable fall-backs if OSSL_PROVIDER_load() fails.

If an attempt is made to load a provider and it fails, the fall-back mechanism should be disabled to prevent the user getting some weird happening. E.g. a failure to load the FIPS provider should not allow the default to load as a fall-back. The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be loaded without disabling the fall-back mechanism if it fails. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12625)
author: Pauli <paul.dale@oracle.com> 2020-08-13 10:02:01 +1000
committer: Pauli <paul.dale@oracle.com> 2020-08-14 18:17:47 +1000
commit: ebe3f24b3d53e503bd37a2a08a8b1f896014c30d (patch)
tree: 156ad137c65c0d07aec2b93c55bba095ca845c5f /include/openssl/provider.h
parent: 0e53cd5207615038de8496684d9aa3a18d50c388 (diff)
download: openssl-new-ebe3f24b3d53e503bd37a2a08a8b1f896014c30d.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index 5470984e13..ad9d8e6569 100644
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -21,6 +21,7 @@ int OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *, const char *path);
 
 /* Load and unload a provider */
 OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name);
+OSSL_PROVIDER *OSSL_PROVIDER_try_load(OPENSSL_CTX *, const char *name);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OPENSSL_CTX *, const char *name);
 int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
author	Pauli <paul.dale@oracle.com>	2020-08-13 10:02:01 +1000
committer	Pauli <paul.dale@oracle.com>	2020-08-14 18:17:47 +1000
commit	ebe3f24b3d53e503bd37a2a08a8b1f896014c30d (patch)
tree	156ad137c65c0d07aec2b93c55bba095ca845c5f /include/openssl/provider.h
parent	0e53cd5207615038de8496684d9aa3a18d50c388 (diff)
download	openssl-new-ebe3f24b3d53e503bd37a2a08a8b1f896014c30d.tar.gz