diff options
| author | Matt Caswell <matt@openssl.org> | 2021-06-22 15:39:40 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2021-06-24 14:48:15 +0100 |
| commit | 59a783d05ae379335f70261126d19859ae5a855d (patch) | |
| tree | e53202714c18129c1fd24b5bbf409bc0f6a60443 /doc | |
| parent | d382c4652570766fc7a9ccfc63e7a62aea3d5bcb (diff) | |
| download | openssl-new-59a783d05ae379335f70261126d19859ae5a855d.tar.gz | |
Fix a race in ossl_provider_add_to_store()
If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/internal/man3/ossl_provider_new.pod | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index 928cc9b844..09b2e04117 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -55,7 +55,8 @@ ossl_provider_get_capabilities */ int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild); int ossl_provider_deactivate(OSSL_PROVIDER *prov); - int ossl_provider_add_to_store(OSSL_PROVIDER *prov, int retain_fallbacks); + int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, + int retain_fallbacks); /* Return pointer to the provider's context */ void *ossl_provider_ctx(const OSSL_PROVIDER *prov); @@ -229,7 +230,13 @@ that count reaches zero, the activation flag is cleared. ossl_provider_add_to_store() adds the provider I<prov> to the provider store and makes it available to other threads. This will prevent future automatic loading -of fallback providers, unless I<retain_fallbacks> is true. +of fallback providers, unless I<retain_fallbacks> is true. If a provider of the +same name already exists in the store then it is not added but this function +still returns success. On success the I<actualprov> value is populated with a +pointer to the provider of the given name that is now in the store. The +reference passed in the I<prov> argument is consumed by this function. A +reference to the provider that should be used is passed back in the +I<actualprov> argument. ossl_provider_ctx() returns a context created by the provider. Outside of the provider, it's completely opaque, but it needs to be |