On 21/11/2024 13:06, Davide Caratti wrote:
yes. The problem is in md4_vector() [1], the legacy provider has a
non-NULL pointer and EVP_md4() fetches correctly. However, when
pkcs11-provider is installed,
EVP_DigestInit_ex() fails. I tried this patch [2] on upstream
wpa_supplicant, and it seem to fix at least my local test. The patch
loads the default provider after loading the legacy provider (and
unloads it before exiting), and took inspiration from [3] and [4].
@Dmitry Belyavskiy , does it make sense for you? if so I could submit
it to upstream wpa_supplicant. Or maybe it deserves a test in eduroam
first.
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -188,15 +188,21 @@ static int EC_GROUP_get_curve(const EC_GROUP
*group, BIGNUM *p, BIGNUM *a,
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static OSSL_PROVIDER *openssl_legacy_provider = NULL;
+static OSSL_PROVIDER *openssl_default_provider = NULL;
+
#endif /* OpenSSL version >= 3.0 */
void openssl_load_legacy_provider(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (openssl_legacy_provider)
- return;
+ goto load_default_provider;
openssl_legacy_provider = OSSL_PROVIDER_try_load(NULL,
"legacy", 1);
+load_default_provider:
+ if (openssl_default_provider)
+ return;
+ openssl_default_provider = OSSL_PROVIDER_try_load(NULL,
"default", 1);
#endif /* OpenSSL version >= 3.0 */
}
@@ -208,6 +214,10 @@ static void openssl_unload_legacy_provider(void)
OSSL_PROVIDER_unload(openssl_legacy_provider);
openssl_legacy_provider = NULL;
}
+ if (openssl_default_provider) {
+ OSSL_PROVIDER_unload(openssl_default_provider);
+ openssl_default_provider = NULL;
+ }
#endif /* OpenSSL version >= 3.0 */
}
thanks,
Thank you for your work on this!
Could you create a scratch build? I don't use it myself anymore, but I
know some people who can test it.
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue