-
Notifications
You must be signed in to change notification settings - Fork 32
Expand file tree
/
Copy pathopenssl3-replace-default.patch
More file actions
86 lines (84 loc) · 3 KB
/
openssl3-replace-default.patch
File metadata and controls
86 lines (84 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c
index 068e0b7..e9ae469 100644
--- a/crypto/provider_predefined.c
+++ b/crypto/provider_predefined.c
@@ -5,28 +5,69 @@
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
- */
+*/
#include <openssl/core.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/dso.h"
#include "provider_local.h"
-OSSL_provider_init_fn ossl_default_provider_init;
+/* For the replace default model we actually do not want OpenSSL built with FIPS.
+ * It pushes FIPS related logic into OpenSSL itself, when that should really be
+ * handled by wolfCrypt. */
+#ifdef FIPS_MODULE
+#error "For wolfProvider replace default mode, do not build OpenSSL with FIPS"
+#endif
+
+static DSO *d = NULL;
+
+/* Common function to dynamically load libwolfprov and call wolfssl_provider_init */
+static int load_wolfprov_and_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
+ void **provctx) {
+ int ret = 0;
+ OSSL_provider_init_fn *wolfssl_provider_init_fn = NULL;
+
+ if (!d) {
+ d = DSO_new();
+ if (!d) {
+ fprintf(stderr, "DSO_new() failed\n");
+ return 0;
+ }
+
+ if (!DSO_load(d, "wolfprov", NULL, 0)) {
+ fprintf(stderr, "Could not load libwolfprov.so. Is the libwolfprov package installed?\n");
+ DSO_free(d);
+ d = NULL;
+ return 0;
+ }
+ }
+
+ wolfssl_provider_init_fn = (OSSL_provider_init_fn*)DSO_bind_func(d, "wolfssl_provider_init");
+ if (!wolfssl_provider_init_fn) {
+ fprintf(stderr, "Failed to find wolfssl_provider_init symbol\n");
+ return 0;
+ }
+
+ // Intentionally preserve the DSO 'd' here, since it needs to stay loaded
+ ret = wolfssl_provider_init_fn(handle, in, out, provctx);
+
+ return ret;
+}
+
OSSL_provider_init_fn ossl_base_provider_init;
OSSL_provider_init_fn ossl_null_provider_init;
-OSSL_provider_init_fn ossl_fips_intern_provider_init;
-#ifdef STATIC_LEGACY
-OSSL_provider_init_fn ossl_legacy_provider_init;
-#endif
+
+/* For replace default mode, we will always be the selected provider for attempts
+ * to load either the "fips" or "default" providers by name.*/
const OSSL_PROVIDER_INFO ossl_predefined_providers[] = {
-#ifdef FIPS_MODULE
- { "fips", NULL, ossl_fips_intern_provider_init, NULL, 1 },
-#else
- { "default", NULL, ossl_default_provider_init, NULL, 1 },
+ { "fips", NULL, load_wolfprov_and_init, NULL, 0 },
+ { "default", NULL, load_wolfprov_and_init, NULL, 1 },
# ifdef STATIC_LEGACY
- { "legacy", NULL, ossl_legacy_provider_init, NULL, 0 },
+ { "legacy", NULL, load_wolfprov_and_init, NULL, 0 },
# endif
{ "base", NULL, ossl_base_provider_init, NULL, 0 },
{ "null", NULL, ossl_null_provider_init, NULL, 0 },
-#endif
{ NULL, NULL, NULL, NULL, 0 }
};