Two bugs in patches/openssl3-replace-default.patch (wolfProvider v1.1.1), in the
load_wolfprov_and_init() function patched into crypto/provider_predefined.c:
Bug 1 — Inverted error return values
OSSL_provider_init_fn must return 1 on success, 0 on failure
(ref).
All three error paths (DSO_new() failure, DSO_load() failure, DSO_bind_func() failure)
incorrectly return 1, causing OpenSSL to treat a failed provider load as success.
Bug 2 — Global static DSO *d leaked on repeated calls
Both "default" and "fips" provider entries call load_wolfprov_and_init(). On the
second call, d is non-NULL but the function unconditionally calls DSO_new(), overwriting
the previous handle and leaking it.
Suggested fix
- Change all error-path returns from
return 1 to return 0.
- Guard
DSO_new() / DSO_load() with if (!d) so the handle is allocated once and reused.
- Reset
d = NULL after DSO_free(d) on DSO_load failure so a retry is possible.
Two bugs in
patches/openssl3-replace-default.patch(wolfProvider v1.1.1), in theload_wolfprov_and_init()function patched intocrypto/provider_predefined.c:Bug 1 — Inverted error return values
OSSL_provider_init_fnmust return 1 on success, 0 on failure(ref).
All three error paths (
DSO_new()failure,DSO_load()failure,DSO_bind_func()failure)incorrectly
return 1, causing OpenSSL to treat a failed provider load as success.Bug 2 — Global
static DSO *dleaked on repeated callsBoth
"default"and"fips"provider entries callload_wolfprov_and_init(). On thesecond call,
dis non-NULL but the function unconditionally callsDSO_new(), overwritingthe previous handle and leaking it.
Suggested fix
return 1toreturn 0.DSO_new()/DSO_load()withif (!d)so the handle is allocated once and reused.d = NULLafterDSO_free(d)onDSO_loadfailure so a retry is possible.