From patchwork Mon Oct 31 23:06:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Norman Hamer X-Patchwork-Id: 1697556 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=f8xDUt30; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=absolute.com header.i=@absolute.com header.a=rsa-sha256 header.s=abstkey header.b=TosqD8zt; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=AbsoluteCloud.onmicrosoft.com header.i=@AbsoluteCloud.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-AbsoluteCloud-onmicrosoft-com header.b=LYSQQ473; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4N1TMS0tNLz23lC for ; Tue, 1 Nov 2022 10:07:45 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=1JuR1LW20JUp89fhjV+AAUcKrZsz/0W7Wvsabd+vuN4=; b=f8xDUt30Z5SbYk lRLgRbL1z7EJBHIeVevD1a3p9IRPKhuwkgNcl4EqEAoDpetPT8XXRpHo92mWhmpgBQL6DbHvNBnyy B3lxbScH7dSE/mASmFBGd0L+UI/AWmJnnEp5emQnvn6wzZoXKpEHJiDrdtODguCFjV88vBsJiBut6 IlZIR1omJxe3qPbBHAAqOLCYbdhJaF6/YZeVvc6JNdw5VHPt6RwQIkQVWreZdW2mVrtjY46DpbSnu x2xC1RYDzlKId60brnXpbR3FWsqpIXPs7lmCp4zhoaICL4gDFHYujYID+qzH9UKH0iYzYpPd/UpoV 78tCWmS1hDMyOXgUkZIw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1opdrS-00GVGN-Rd; Mon, 31 Oct 2022 23:06:30 +0000 Received: from mx0c-0037f201.pphosted.com ([67.231.159.46]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1opdrQ-00GVFu-FW for hostap@lists.infradead.org; Mon, 31 Oct 2022 23:06:30 +0000 Received: from pps.filterd (m0169703.ppops.net [127.0.0.1]) by mx0c-0037f201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 29VJRGII002834 for ; Mon, 31 Oct 2022 16:06:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=absolute.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=abstkey; bh=2S7jd3MydF8VGqkTFqCgG6qGtHsYc8fpvd7HSARzBM4=; b=TosqD8zt89iu+dAkQbxMAGWYLFyc4582eDQl9mL0CHkGXGYPsmoRnChdf9TpDONz4Gaq c2F5C6scI+kFTa4zD4F04PXdMPYHXgcro1hm7++IzrL+brgJsxDHvcivs5513EqF6mHn rH403Ayk0AQQWV+LT9iEmpoT+HpNKFQYtclLuHa3ghHKLhEJQ1HfA92bfQK7rYEi8eJD vodVv5rA+y1w6VGUSRP9SXA4iCK+oC+qJvrc/hJZVpOFX21QgGXBlUG06h5h9RA2TGI5 UFv2iSNeDAPOHWZM1ndcmqDjE+bvcoTJpxSoxmnZ2RV0ZGVvxHIaV6GjKEr0CXzcfVlY QA== Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177]) by mx0c-0037f201.pphosted.com (PPS) with ESMTPS id 3kh3bc4f0a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 31 Oct 2022 16:06:26 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZSNc4Jb4IXmdn7VI+zTpEsJWpNPG0KwNbh7Vpilqj8Kxjus/J71KR8Z0jFfvK0nnRW9UWTRInJ+SKdzcLSmvoPqE/8Qqp28wnhl4DpFfu+iT3xmjHvT2ABCk82qOHtKgcyhK259g2BlJgQpRjrfyeZQ0cD7L9YdCWuCjPH5/+8xY1ndjuSpC2uh9SL8EBBhZuqeQpAFbOXN10LNlDIhx+QO0dOu7sXRW96ZllE0MLoAsVe8Igbz4LTarTTRfnm68q+B1NXEWIqwyaBslkNHml5GKTBCtSloQIQxWqciNS61SZAYT/HpGFRKZ4n6JxBjzhOrx0ehSt8fMaYS8WsJdeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2S7jd3MydF8VGqkTFqCgG6qGtHsYc8fpvd7HSARzBM4=; b=OFbnjUgTFfQQGuATEpcTE2ceaYavzFtppQrtwBKKLdqd1cm18tgjZ+zlYSE0AphNww6SsBkzqu6glt0Jxpe0Aqh3D4ZluLyM3WjShgi4a57eahOdye+TBY/A1N11szhvmV8qHwAZsqrlLaz2Ts7LCXvO9VwSCdcVJOqASmPe74Cl8Swri6LeU3IPKkE+7vpm5U/9aAAvysPhTjLOQcHSLQ+Y+6X85sxP9BijKmbkadI0AKBUkpo6bTlCx3cf7KGCK4Sq04zGt4apKSFEfx4scQzjsX1zzeVbIYYasWkygv72UjY/mxnRYuV5Tonmt/AF201UNldLgU1gs2iYpI5JyQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=absolute.com; dmarc=pass action=none header.from=absolute.com; dkim=pass header.d=absolute.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AbsoluteCloud.onmicrosoft.com; s=selector1-AbsoluteCloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2S7jd3MydF8VGqkTFqCgG6qGtHsYc8fpvd7HSARzBM4=; b=LYSQQ473AP+j4KSWjcsKRNIx+y2pbjG+GY511xO9RH5ZvbOAnvCHTF6sqBmpqQDp6GG7XpIHkOfMME9p09HGdxNzvTu3ksp6FOtKRXkwvfJ9Dw4T0QNGzd/I5s3zl7/gBk4d4bU7tJ/xsAYAWX3cgDLr6kfbchjZnfQpf+matXc= Received: from SJ0PR15MB4630.namprd15.prod.outlook.com (2603:10b6:a03:37b::9) by BN8PR15MB2962.namprd15.prod.outlook.com (2603:10b6:408:8c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Mon, 31 Oct 2022 23:06:23 +0000 Received: from SJ0PR15MB4630.namprd15.prod.outlook.com ([fe80::36ba:5453:2ceb:d1f6]) by SJ0PR15MB4630.namprd15.prod.outlook.com ([fe80::36ba:5453:2ceb:d1f6%5]) with mapi id 15.20.5769.019; Mon, 31 Oct 2022 23:06:23 +0000 From: Norman Hamer To: "hostap@lists.infradead.org" Subject: [PATCH] Load OpenSSL 3.0 legacy provider but let default be loaded Thread-Topic: [PATCH] Load OpenSSL 3.0 legacy provider but let default be loaded Thread-Index: AdjtfUp+yIJDtSjYRmmRuwhTx1SWMA== Date: Mon, 31 Oct 2022 23:06:22 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ0PR15MB4630:EE_|BN8PR15MB2962:EE_ x-ms-office365-filtering-correlation-id: 29bdd7a3-8997-42ec-47c4-08dabb948792 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Nx1I9WKVMC4GF69PTAyPsBHS0Q5Xzi8HnT4EawtBTx0tQBt7/nQTJdWX8qpfuPTVIaivbwp2Di3pHMtG11e7uLYwEmZRKxZbEvt9AWX9dA/KJ3dcKB7u6Gglq8hHlZy1nCR4z5wDTEA7kgGQTEGaN74JrwVnFbMobQiCl/rEpVoMtm/QqqmCAm8CC4DPodFaBDp5YVR/yz6BeXYxA0eZ6HDhxJoxRiKbhLhebOmke972zCzD38CqUjXPO4mpT+SACIrN+y1yRaCqcLURlmORMZ6RUjcz2MfouHyQwPkjpwDqHcZLxSpxW/EIaaMpcZlI7VLzWDvlEBXrsLJnv+ZUGT9FoCNtqPE+nf+K73GwNaRDCmQ0zhxRPoDqkXpgWANeOs0RRVbofRZw+jNC230p90CD3eQxk1w4dYhJTa8eKzC4im7viGEgIZNyUstNwqALUBiEsGg9UhZxvo5vuQskKANkQfrZSu2qUr1+UktF4bta/sOqYxS2IUfJa+jVz6TOa9mS7Cgox3DjoBrK2W0WtbtBEzTnwCZCqwYgMPcOvRBRYggLIrPf8EZxLU1MZxY1yMIF4LjuP5z+Pb3RLoGcpzRU+APdUXbz8rLWv3faYPBQStGjLgyId8X+9WgV794b2P1wd7jnUsCmo3H9FlBENirIoQfFmP8ALYADYzU6kT27M0dncYZ4HPU12IXqiTpLjlycsCmfWZNSZAMF453rdmLmQSKz4iZe4mtL74T6TCwRdKG3B0Pi28TEwUg9/cQt0OXCwBGfPFt2YzhDnMBwWQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR15MB4630.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(366004)(136003)(346002)(376002)(39850400004)(396003)(451199015)(86362001)(2906002)(55016003)(83380400001)(8676002)(71200400001)(8936002)(52536014)(41300700001)(5660300002)(33656002)(38070700005)(66946007)(66556008)(66476007)(66446008)(64756008)(76116006)(6916009)(316002)(186003)(26005)(478600001)(6506007)(7696005)(38100700002)(9686003)(122000001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: QzU0fQBf2UkOBHkPmR+Vi617cbtDZ7uPm3xsDIjOCVog6yRb5xSNidaAlmWINx0BGTgOUPagPgDPZ8GICOtLvWrd2s3k98fFFZ0bo6Z7bwZUIS0QMuBhPkSBdKcBHX1C7IodKwSS4Vo51xRDVlrwhaF68YVQ77Fj5NGaW5CfQd4EmrjFvcdve/+p0caGvbHNDN70LqrWfDfTmHAkpTfbgVUpepvkXjqChA3TXlkUtbXqjPZ+xP6USZ7BO1g86GxoSdyv/Ogq09xWr/saILl6+jC+nBRHXZWPZAMmQYjU3T7xYhbvzqMZ0xsbaOtgjg7YdrnkEn466VAqaF44ZovW8Kxp7GCMv9w3ynKbVU2Q6C8QizZnT8j5KIlUTbb0S873D4/VuYUMl0PRMf0K43fP2Wc28MyNeplwmniwj6tPPKhmGSFpuxOhTIFD2PIzw/G+9IxpjJ8IR3HDeUM/+hxLf1Tq1Z1CZOwcqPyiZjtIuNh55Zxe2YCMvUv8Q7ER6ybq9qIXxPDyVyKGLrSvf8fKuPAdisdyq8aDsbCnqTKLNJhg8RIpFQeiD6rbI5MCcjDX7DNsfgCIRTEfnl3f4tKhoT8EMYiLarihjgxXZk27lKLDHej1/x2imqwyQhS/UAi4vy5H8R7Ii+E9rsKcv+4AbjXF04fadNtpQOBZ3KVdzKvZKf50BxQ6ezvuyQ4xoC1dfu9AQMRSWZ1OQfzveWkDpQHsiS9ec9IB3IoyBaPqNoyUEtNTd/zQwHIGqqfEdguDALNnMduPAM1GBIdWf6W+RqwuUo3O4l1chAFXx6I2+sZQxEtUvHEtS1+TFzU2mu4ncAgup8o/g29fE7lbHz4QSU2nzdQqgUnZJe9+DO0HVJ3Rm7fkUNzZ5k81r6bYtn0VZq+phv8/mTV5B0H6VgDXvN2lhF02WFZXisHcJIajl4/lLGcWIXSsKtwslyqzJpdgOy8e0gxKpu0V+HPKN4nTHH92amDSXFbIW0LqQjY6Vluf1Xw8opuHsLbcqfAulFkxKGi3vJS654TawWSvoilwpOuOfeHhvZzlRuXeol3t7R+UPytgWOwyfV2Xwm0f0CtnHFZVqvKK2pHV16E5MdTOU80xJYMZ8vVpO8huP3Q4jK52ltmfozSw2Q6KBb2E/lSRCAsT4aJ9XLtTTtsGFgDCNK+eqXPF7bfV3KGMtRAyP/QtuuUcMt9Soelvmvvmlbz3VqO8YyWahAC+Anf0MVOrE/oXgeRsMw9C0qaPSfIasvu7YMBxIIs/+RiTdee1rp/qtjUWZR1D0zMoaf+4vF5mQHHRqcPktireDWWw4T7O9ro8b4CPYraPW3hKL4GwIwreM5VqPlv9XKXLFHK8+j4hWmZqH5Kmn7tCp2rhGRkrOALVbaVcFmGPprb0xncjDqp+sT6t/YMPbwoD5nOQyrtbXO2NYSeT9pQonWNA8Cfzre3cfY75HGV1skg1VrUhKvbSs0muSFM/D0X3/XVeHowyvJSOjS+6b15eWocI5isGmya6/mpaYejlLw/kaOXbaI4HwIov50UmqHCaBaHORSmXu2AJesyd+hn1xpt3n1yq/YJk1hySkRZl1hHQxMIWyPJ1 MIME-Version: 1.0 X-OriginatorOrg: absolute.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ0PR15MB4630.namprd15.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 29bdd7a3-8997-42ec-47c4-08dabb948792 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2022 23:06:22.9942 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b5039c9e-612b-4c15-9c25-2850fb9ce9e7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dXt6h9ojPmgzyjiw2SLVlc4CkXp8NxfDoxMJAfOfaQtdFZ9ygQyAXoBgxBUS5nayQs2I+80AJ2oJsfC/Dm5WoA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR15MB2962 X-Proofpoint-ORIG-GUID: K51KPebU65z1MtHZxnUP8pHQlMHdv4bn X-Proofpoint-GUID: K51KPebU65z1MtHZxnUP8pHQlMHdv4bn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-31_21,2022-10-31_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 phishscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 bulkscore=0 priorityscore=1501 clxscore=1015 malwarescore=0 spamscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2210310144 X-Proofpoint-SSN: Sensitivity3 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221031_160628_903499_8BB07356 X-CRM114-Status: GOOD ( 18.59 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The default provider is being loaded here explicitly only because OSSL_PROVIDER_load disables the fallback provider loading (on either success or failure). If the legacy provider fails to load, which [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The default provider is being loaded here explicitly only because OSSL_PROVIDER_load disables the fallback provider loading (on either success or failure). If the legacy provider fails to load, which it may in some configurations, it will never load the default provider. Just use the formulation which attempts to load without changing the fallback behavior. "default" will still be/only be loaded if no other provider (notably FIPS) is loaded to provide algorithms Signed-off-by: Norman Hamer --- src/crypto/crypto_openssl.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 2c591890a..700638761 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -182,7 +182,6 @@ static int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, #if OPENSSL_VERSION_NUMBER >= 0x30000000L -static OSSL_PROVIDER *openssl_default_provider = NULL; static OSSL_PROVIDER *openssl_legacy_provider = NULL; #endif /* OpenSSL version >= 3.0 */ @@ -192,9 +191,7 @@ void openssl_load_legacy_provider(void) if (openssl_legacy_provider) return; - openssl_legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); - if (openssl_legacy_provider && !openssl_default_provider) - openssl_default_provider = OSSL_PROVIDER_load(NULL, "default"); + openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL, "legacy", 1); #endif /* OpenSSL version >= 3.0 */ } @@ -206,10 +203,6 @@ static void openssl_unload_legacy_provider(void) OSSL_PROVIDER_unload(openssl_legacy_provider); openssl_legacy_provider = NULL; } - if (openssl_default_provider) { - OSSL_PROVIDER_unload(openssl_default_provider); - openssl_default_provider = NULL; - } #endif /* OpenSSL version >= 3.0 */ }