| Message ID | SJ0PR15MB463053C4448094F67B13567EBF379@SJ0PR15MB4630.namprd15.prod.outlook.com |
|---|---|
| State | Accepted |
| Headers | show
Return-Path:
<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=f8xDUt30;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=absolute.com header.i=@absolute.com header.a=rsa-sha256
header.s=abstkey header.b=TosqD8zt;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=AbsoluteCloud.onmicrosoft.com
header.i=@AbsoluteCloud.onmicrosoft.com header.a=rsa-sha256
header.s=selector1-AbsoluteCloud-onmicrosoft-com header.b=LYSQQ473;
dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4N1TMS0tNLz23lC
for <incoming@patchwork.ozlabs.org>; Tue, 1 Nov 2022 10:07:45 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To
:From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Owner; bh=1JuR1LW20JUp89fhjV+AAUcKrZsz/0W7Wvsabd+vuN4=; b=f8xDUt30Z5SbYk
lRLgRbL1z7EJBHIeVevD1a3p9IRPKhuwkgNcl4EqEAoDpetPT8XXRpHo92mWhmpgBQL6DbHvNBnyy
B3lxbScH7dSE/mASmFBGd0L+UI/AWmJnnEp5emQnvn6wzZoXKpEHJiDrdtODguCFjV88vBsJiBut6
IlZIR1omJxe3qPbBHAAqOLCYbdhJaF6/YZeVvc6JNdw5VHPt6RwQIkQVWreZdW2mVrtjY46DpbSnu
x2xC1RYDzlKId60brnXpbR3FWsqpIXPs7lmCp4zhoaICL4gDFHYujYID+qzH9UKH0iYzYpPd/UpoV
78tCWmS1hDMyOXgUkZIw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
id 1opdrS-00GVGN-Rd; Mon, 31 Oct 2022 23:06:30 +0000
Received: from mx0c-0037f201.pphosted.com ([67.231.159.46])
by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
id 1opdrQ-00GVFu-FW
for hostap@lists.infradead.org; Mon, 31 Oct 2022 23:06:30 +0000
Received: from pps.filterd (m0169703.ppops.net [127.0.0.1])
by mx0c-0037f201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
29VJRGII002834
for <hostap@lists.infradead.org>; Mon, 31 Oct 2022 16:06:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=absolute.com;
h=from : to : subject
: date : message-id : content-type : content-transfer-encoding :
mime-version; s=abstkey; bh=2S7jd3MydF8VGqkTFqCgG6qGtHsYc8fpvd7HSARzBM4=;
b=TosqD8zt89iu+dAkQbxMAGWYLFyc4582eDQl9mL0CHkGXGYPsmoRnChdf9TpDONz4Gaq
c2F5C6scI+kFTa4zD4F04PXdMPYHXgcro1hm7++IzrL+brgJsxDHvcivs5513EqF6mHn
rH403Ayk0AQQWV+LT9iEmpoT+HpNKFQYtclLuHa3ghHKLhEJQ1HfA92bfQK7rYEi8eJD
vodVv5rA+y1w6VGUSRP9SXA4iCK+oC+qJvrc/hJZVpOFX21QgGXBlUG06h5h9RA2TGI5
UFv2iSNeDAPOHWZM1ndcmqDjE+bvcoTJpxSoxmnZ2RV0ZGVvxHIaV6GjKEr0CXzcfVlY QA==
Received: from nam11-co1-obe.outbound.protection.outlook.com
(mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177])
by mx0c-0037f201.pphosted.com (PPS) with ESMTPS id 3kh3bc4f0a-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <hostap@lists.infradead.org>; Mon, 31 Oct 2022 16:06:26 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=ZSNc4Jb4IXmdn7VI+zTpEsJWpNPG0KwNbh7Vpilqj8Kxjus/J71KR8Z0jFfvK0nnRW9UWTRInJ+SKdzcLSmvoPqE/8Qqp28wnhl4DpFfu+iT3xmjHvT2ABCk82qOHtKgcyhK259g2BlJgQpRjrfyeZQ0cD7L9YdCWuCjPH5/+8xY1ndjuSpC2uh9SL8EBBhZuqeQpAFbOXN10LNlDIhx+QO0dOu7sXRW96ZllE0MLoAsVe8Igbz4LTarTTRfnm68q+B1NXEWIqwyaBslkNHml5GKTBCtSloQIQxWqciNS61SZAYT/HpGFRKZ4n6JxBjzhOrx0ehSt8fMaYS8WsJdeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=2S7jd3MydF8VGqkTFqCgG6qGtHsYc8fpvd7HSARzBM4=;
b=OFbnjUgTFfQQGuATEpcTE2ceaYavzFtppQrtwBKKLdqd1cm18tgjZ+zlYSE0AphNww6SsBkzqu6glt0Jxpe0Aqh3D4ZluLyM3WjShgi4a57eahOdye+TBY/A1N11szhvmV8qHwAZsqrlLaz2Ts7LCXvO9VwSCdcVJOqASmPe74Cl8Swri6LeU3IPKkE+7vpm5U/9aAAvysPhTjLOQcHSLQ+Y+6X85sxP9BijKmbkadI0AKBUkpo6bTlCx3cf7KGCK4Sq04zGt4apKSFEfx4scQzjsX1zzeVbIYYasWkygv72UjY/mxnRYuV5Tonmt/AF201UNldLgU1gs2iYpI5JyQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=absolute.com; dmarc=pass action=none header.from=absolute.com;
dkim=pass header.d=absolute.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=AbsoluteCloud.onmicrosoft.com; s=selector1-AbsoluteCloud-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=2S7jd3MydF8VGqkTFqCgG6qGtHsYc8fpvd7HSARzBM4=;
b=LYSQQ473AP+j4KSWjcsKRNIx+y2pbjG+GY511xO9RH5ZvbOAnvCHTF6sqBmpqQDp6GG7XpIHkOfMME9p09HGdxNzvTu3ksp6FOtKRXkwvfJ9Dw4T0QNGzd/I5s3zl7/gBk4d4bU7tJ/xsAYAWX3cgDLr6kfbchjZnfQpf+matXc=
Received: from SJ0PR15MB4630.namprd15.prod.outlook.com (2603:10b6:a03:37b::9)
by BN8PR15MB2962.namprd15.prod.outlook.com (2603:10b6:408:8c::33) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Mon, 31 Oct
2022 23:06:23 +0000
Received: from SJ0PR15MB4630.namprd15.prod.outlook.com
([fe80::36ba:5453:2ceb:d1f6]) by SJ0PR15MB4630.namprd15.prod.outlook.com
([fe80::36ba:5453:2ceb:d1f6%5]) with mapi id 15.20.5769.019; Mon, 31 Oct 2022
23:06:23 +0000
From: Norman Hamer <NHamer@absolute.com>
To: "hostap@lists.infradead.org" <hostap@lists.infradead.org>
Subject: [PATCH] Load OpenSSL 3.0 legacy provider but let default be loaded
Thread-Topic: [PATCH] Load OpenSSL 3.0 legacy provider but let default be
loaded
Thread-Index: AdjtfUp+yIJDtSjYRmmRuwhTx1SWMA==
Date: Mon, 31 Oct 2022 23:06:22 +0000
Message-ID:
<SJ0PR15MB463053C4448094F67B13567EBF379@SJ0PR15MB4630.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR15MB4630:EE_|BN8PR15MB2962:EE_
x-ms-office365-filtering-correlation-id: 29bdd7a3-8997-42ec-47c4-08dabb948792
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
Nx1I9WKVMC4GF69PTAyPsBHS0Q5Xzi8HnT4EawtBTx0tQBt7/nQTJdWX8qpfuPTVIaivbwp2Di3pHMtG11e7uLYwEmZRKxZbEvt9AWX9dA/KJ3dcKB7u6Gglq8hHlZy1nCR4z5wDTEA7kgGQTEGaN74JrwVnFbMobQiCl/rEpVoMtm/QqqmCAm8CC4DPodFaBDp5YVR/yz6BeXYxA0eZ6HDhxJoxRiKbhLhebOmke972zCzD38CqUjXPO4mpT+SACIrN+y1yRaCqcLURlmORMZ6RUjcz2MfouHyQwPkjpwDqHcZLxSpxW/EIaaMpcZlI7VLzWDvlEBXrsLJnv+ZUGT9FoCNtqPE+nf+K73GwNaRDCmQ0zhxRPoDqkXpgWANeOs0RRVbofRZw+jNC230p90CD3eQxk1w4dYhJTa8eKzC4im7viGEgIZNyUstNwqALUBiEsGg9UhZxvo5vuQskKANkQfrZSu2qUr1+UktF4bta/sOqYxS2IUfJa+jVz6TOa9mS7Cgox3DjoBrK2W0WtbtBEzTnwCZCqwYgMPcOvRBRYggLIrPf8EZxLU1MZxY1yMIF4LjuP5z+Pb3RLoGcpzRU+APdUXbz8rLWv3faYPBQStGjLgyId8X+9WgV794b2P1wd7jnUsCmo3H9FlBENirIoQfFmP8ALYADYzU6kT27M0dncYZ4HPU12IXqiTpLjlycsCmfWZNSZAMF453rdmLmQSKz4iZe4mtL74T6TCwRdKG3B0Pi28TEwUg9/cQt0OXCwBGfPFt2YzhDnMBwWQ==
x-forefront-antispam-report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR15MB4630.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(366004)(136003)(346002)(376002)(39850400004)(396003)(451199015)(86362001)(2906002)(55016003)(83380400001)(8676002)(71200400001)(8936002)(52536014)(41300700001)(5660300002)(33656002)(38070700005)(66946007)(66556008)(66476007)(66446008)(64756008)(76116006)(6916009)(316002)(186003)(26005)(478600001)(6506007)(7696005)(38100700002)(9686003)(122000001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
QzU0fQBf2UkOBHkPmR+Vi617cbtDZ7uPm3xsDIjOCVog6yRb5xSNidaAlmWINx0BGTgOUPagPgDPZ8GICOtLvWrd2s3k98fFFZ0bo6Z7bwZUIS0QMuBhPkSBdKcBHX1C7IodKwSS4Vo51xRDVlrwhaF68YVQ77Fj5NGaW5CfQd4EmrjFvcdve/+p0caGvbHNDN70LqrWfDfTmHAkpTfbgVUpepvkXjqChA3TXlkUtbXqjPZ+xP6USZ7BO1g86GxoSdyv/Ogq09xWr/saILl6+jC+nBRHXZWPZAMmQYjU3T7xYhbvzqMZ0xsbaOtgjg7YdrnkEn466VAqaF44ZovW8Kxp7GCMv9w3ynKbVU2Q6C8QizZnT8j5KIlUTbb0S873D4/VuYUMl0PRMf0K43fP2Wc28MyNeplwmniwj6tPPKhmGSFpuxOhTIFD2PIzw/G+9IxpjJ8IR3HDeUM/+hxLf1Tq1Z1CZOwcqPyiZjtIuNh55Zxe2YCMvUv8Q7ER6ybq9qIXxPDyVyKGLrSvf8fKuPAdisdyq8aDsbCnqTKLNJhg8RIpFQeiD6rbI5MCcjDX7DNsfgCIRTEfnl3f4tKhoT8EMYiLarihjgxXZk27lKLDHej1/x2imqwyQhS/UAi4vy5H8R7Ii+E9rsKcv+4AbjXF04fadNtpQOBZ3KVdzKvZKf50BxQ6ezvuyQ4xoC1dfu9AQMRSWZ1OQfzveWkDpQHsiS9ec9IB3IoyBaPqNoyUEtNTd/zQwHIGqqfEdguDALNnMduPAM1GBIdWf6W+RqwuUo3O4l1chAFXx6I2+sZQxEtUvHEtS1+TFzU2mu4ncAgup8o/g29fE7lbHz4QSU2nzdQqgUnZJe9+DO0HVJ3Rm7fkUNzZ5k81r6bYtn0VZq+phv8/mTV5B0H6VgDXvN2lhF02WFZXisHcJIajl4/lLGcWIXSsKtwslyqzJpdgOy8e0gxKpu0V+HPKN4nTHH92amDSXFbIW0LqQjY6Vluf1Xw8opuHsLbcqfAulFkxKGi3vJS654TawWSvoilwpOuOfeHhvZzlRuXeol3t7R+UPytgWOwyfV2Xwm0f0CtnHFZVqvKK2pHV16E5MdTOU80xJYMZ8vVpO8huP3Q4jK52ltmfozSw2Q6KBb2E/lSRCAsT4aJ9XLtTTtsGFgDCNK+eqXPF7bfV3KGMtRAyP/QtuuUcMt9Soelvmvvmlbz3VqO8YyWahAC+Anf0MVOrE/oXgeRsMw9C0qaPSfIasvu7YMBxIIs/+RiTdee1rp/qtjUWZR1D0zMoaf+4vF5mQHHRqcPktireDWWw4T7O9ro8b4CPYraPW3hKL4GwIwreM5VqPlv9XKXLFHK8+j4hWmZqH5Kmn7tCp2rhGRkrOALVbaVcFmGPprb0xncjDqp+sT6t/YMPbwoD5nOQyrtbXO2NYSeT9pQonWNA8Cfzre3cfY75HGV1skg1VrUhKvbSs0muSFM/D0X3/XVeHowyvJSOjS+6b15eWocI5isGmya6/mpaYejlLw/kaOXbaI4HwIov50UmqHCaBaHORSmXu2AJesyd+hn1xpt3n1yq/YJk1hySkRZl1hHQxMIWyPJ1
MIME-Version: 1.0
X-OriginatorOrg: absolute.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR15MB4630.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
29bdd7a3-8997-42ec-47c4-08dabb948792
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2022 23:06:22.9942
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b5039c9e-612b-4c15-9c25-2850fb9ce9e7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname:
dXt6h9ojPmgzyjiw2SLVlc4CkXp8NxfDoxMJAfOfaQtdFZ9ygQyAXoBgxBUS5nayQs2I+80AJ2oJsfC/Dm5WoA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR15MB2962
X-Proofpoint-ORIG-GUID: K51KPebU65z1MtHZxnUP8pHQlMHdv4bn
X-Proofpoint-GUID: K51KPebU65z1MtHZxnUP8pHQlMHdv4bn
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
definitions=2022-10-31_21,2022-10-31_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
adultscore=0 phishscore=0
mlxscore=0 suspectscore=0 lowpriorityscore=0 bulkscore=0
priorityscore=1501 clxscore=1015 malwarescore=0 spamscore=0
impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx
scancount=1 engine=8.12.0-2210170000 definitions=main-2210310144
X-Proofpoint-SSN: Sensitivity3
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20221031_160628_903499_8BB07356
X-CRM114-Status: GOOD ( 18.59 )
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: The default provider is being loaded here explicitly only
because OSSL_PROVIDER_load disables the fallback provider loading (on
either
success or failure). If the legacy provider fails to load, which [...]
Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 SPF_NONE SPF: sender does not publish an SPF Record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
Load OpenSSL 3.0 legacy provider but let default be loaded
|
expand
|
On Mon, Oct 31, 2022 at 11:06:22PM +0000, Norman Hamer wrote: > The default provider is being loaded here explicitly only because OSSL_PROVIDER_load disables > the fallback provider loading (on either success or failure). If the legacy provider fails to > load, which it may in some configurations, it will never load the default provider. > > Just use the formulation which attempts to load without changing the fallback behavior. > > "default" will still be/only be loaded if no other provider (notably FIPS) is loaded to provide algorithms Thanks, applied.
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 2c591890a..700638761 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -182,7 +182,6 @@ static int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, #if OPENSSL_VERSION_NUMBER >= 0x30000000L -static OSSL_PROVIDER *openssl_default_provider = NULL; static OSSL_PROVIDER *openssl_legacy_provider = NULL; #endif /* OpenSSL version >= 3.0 */ @@ -192,9 +191,7 @@ void openssl_load_legacy_provider(void) if (openssl_legacy_provider) return; - openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); - if (openssl_legacy_provider && !openssl_default_provider) - openssl_default_provider = OSSL_PROVIDER_load(NULL, "default"); + openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL, "legacy", 1); #endif /* OpenSSL version >= 3.0 */ } @@ -206,10 +203,6 @@ static void openssl_unload_legacy_provider(void) OSSL_PROVIDER_unload(openssl_legacy_provider); openssl_legacy_provider = NULL; } - if (openssl_default_provider) { - OSSL_PROVIDER_unload(openssl_default_provider); - openssl_default_provider = NULL; - } #endif /* OpenSSL version >= 3.0 */ }
The default provider is being loaded here explicitly only because OSSL_PROVIDER_load disables the fallback provider loading (on either success or failure). If the legacy provider fails to load, which it may in some configurations, it will never load the default provider. Just use the formulation which attempts to load without changing the fallback behavior. "default" will still be/only be loaded if no other provider (notably FIPS) is loaded to provide algorithms Signed-off-by: Norman Hamer <nhamer@absolute.com> --- src/crypto/crypto_openssl.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-)