diff options
author | Pauli <paul.dale@oracle.com> | 2020-08-13 10:02:01 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-08-14 18:17:47 +1000 |
commit | ebe3f24b3d53e503bd37a2a08a8b1f896014c30d (patch) | |
tree | 156ad137c65c0d07aec2b93c55bba095ca845c5f /include/openssl/provider.h | |
parent | 0e53cd5207615038de8496684d9aa3a18d50c388 (diff) | |
download | openssl-new-ebe3f24b3d53e503bd37a2a08a8b1f896014c30d.tar.gz |
provider: disable fall-backs if OSSL_PROVIDER_load() fails.
If an attempt is made to load a provider and it fails, the fall-back mechanism
should be disabled to prevent the user getting some weird happening. E.g. a
failure to load the FIPS provider should not allow the default to load as a
fall-back.
The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be
loaded without disabling the fall-back mechanism if it fails.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12625)
Diffstat (limited to 'include/openssl/provider.h')
-rw-r--r-- | include/openssl/provider.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/provider.h b/include/openssl/provider.h index 5470984e13..ad9d8e6569 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -21,6 +21,7 @@ int OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *, const char *path); /* Load and unload a provider */ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name); +OSSL_PROVIDER *OSSL_PROVIDER_try_load(OPENSSL_CTX *, const char *name); int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov); int OSSL_PROVIDER_available(OPENSSL_CTX *, const char *name); int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx, |