Correctly activate the provider in OSSL_PROVIDER_try_load If during OSSL_PROVIDER_try_load() we attempt to load a provider, but adding to the store gives back a different provider, then we need to ensure this different provider has its activation count increased. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16980)
diff --git a/crypto/provider.c b/crypto/provider.c index 974c636..114b426 100644 --- a/crypto/provider.c +++ b/crypto/provider.c
@@ -39,6 +39,12 @@ ossl_provider_free(prov); return NULL; } + if (actual != prov) { + if (!ossl_provider_activate(actual, 1, 0)) { + ossl_provider_free(actual); + return NULL; + } + } return actual; }
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 7acfe49..c13c887 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c
@@ -224,11 +224,22 @@ } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { ossl_provider_deactivate(prov, 1); ok = 0; + } else if (actual != prov + && !ossl_provider_activate(actual, 1, 0)) { + ossl_provider_free(actual); + ok = 0; } else { if (pcgbl->activated_providers == NULL) pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); - sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); - ok = 1; + if (pcgbl->activated_providers == NULL + || !sk_OSSL_PROVIDER_push(pcgbl->activated_providers, + actual)) { + ossl_provider_deactivate(actual, 1); + ossl_provider_free(actual); + ok = 0; + } else { + ok = 1; + } } } if (!ok)