6565#define WP_NAME "libwolfprov"
6666
6767static OSSL_LIB_CTX * wp_ctx ;
68- static OSSL_LIB_CTX * oss_ctx ;
68+ /* oss_ctx is NULL = use OpenSSL's global default library context. The global
69+ * ctx auto-loads the default provider on first use, so we don't have to
70+ * explicitly load it (which can run into per-ctx algorithm registration
71+ * quirks across OpenSSL builds). wolfProvider stays in its own isolated
72+ * wp_ctx with an explicit search path. */
73+ #define oss_ctx ((OSSL_LIB_CTX*)NULL)
6974static OSSL_PROVIDER * wp_prov ;
70- static OSSL_PROVIDER * def_prov ;
7175static WC_RNG g_rng ;
7276
7377static int load_all (const char * wp_path )
7478{
7579 wp_ctx = OSSL_LIB_CTX_new ();
76- oss_ctx = OSSL_LIB_CTX_new ();
77- if (wp_ctx == NULL || oss_ctx == NULL ) return 0 ;
80+ if (wp_ctx == NULL ) return 0 ;
7881
7982 OSSL_PROVIDER_set_default_search_path (wp_ctx , wp_path );
8083 wp_prov = OSSL_PROVIDER_load (wp_ctx , WP_NAME );
@@ -83,9 +86,12 @@ static int load_all(const char* wp_path)
8386 ERR_print_errors_fp (stderr );
8487 return 0 ;
8588 }
86- def_prov = OSSL_PROVIDER_load (oss_ctx , "default" );
87- if (def_prov == NULL ) {
88- fprintf (stderr , "Failed to load OpenSSL default provider\n" );
89+ /* Sanity check: the global default provider should advertise ML-KEM-512
90+ * when running against OpenSSL 3.5+. Fail fast with a clear message if
91+ * not (e.g. when the wrong libcrypto is loaded at runtime). */
92+ if (!OSSL_PROVIDER_available (NULL , "default" )) {
93+ fprintf (stderr , "OpenSSL default provider unavailable in global "
94+ "context\n" );
8995 return 0 ;
9096 }
9197 if (wc_InitRng (& g_rng ) != 0 ) {
@@ -99,9 +105,7 @@ static void unload_all(void)
99105{
100106 wc_FreeRng (& g_rng );
101107 if (wp_prov ) OSSL_PROVIDER_unload (wp_prov );
102- if (def_prov ) OSSL_PROVIDER_unload (def_prov );
103108 if (wp_ctx ) OSSL_LIB_CTX_free (wp_ctx );
104- if (oss_ctx ) OSSL_LIB_CTX_free (oss_ctx );
105109}
106110
107111/* Map "ML-KEM-512/768/1024" to wolfSSL type enum. */
0 commit comments