From: Pauli <pauli@openssl.org>
Date: Tue, 22 Jun 2021 23:46:42 +0000 (+1000)
Subject: doc: Document that the OBJ creation functions don't lock.
X-Git-Tag: openssl-3.0.0-beta2~228
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0218bcdd3feab456135207c140998305df73ab7b;p=thirdparty%2Fopenssl.git

doc: Document that the OBJ creation functions don't lock.

Neither OBJ_create() nor OBJ_add_sigid() use locks.  They are not thread safe.
They can and will cause the other OBJ_ query functions to fail in mysterious
ways if called concurrently with them.

There is no problem calling multiple query functions concurrently.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15865)
---

diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod
index 4f35e8b2684..58fc94f6dd9 100644
--- a/doc/man3/OBJ_nid2obj.pod
+++ b/doc/man3/OBJ_nid2obj.pod
@@ -181,6 +181,10 @@ Instead I<buf> must point to a valid buffer and I<buf_len> should
 be set to a positive value. A buffer length of 80 should be more
 than enough to handle any OID encountered in practice.
 
+Neither OBJ_create() nor OBJ_add_sigid() do any locking and are thus not
+thread safe.  Moreover, none of the other functions should be called while
+concurrent calls to these two functions are possible.
+
 =head1 SEE ALSO
 
 L<ERR_get_error(3)>
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 0eb2f5d243b..5812ece7f8d 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -264,6 +264,7 @@ It will treat as success the case where the OID already exists (even if the
 short name I<sn> or long name I<ln> provided as arguments differ from those
 associated with the existing OID, in which case the new names are not
 associated).
+This function is not thread safe.
 
 The core_obj_add_sigid() function registers a new composite signature algorithm
 (I<sign_name>) consisting of an underlying signature algorithm (I<pkey_name>)
@@ -277,6 +278,7 @@ to identify the object. It will treat as success the case where the composite
 signature algorithm already exists (even if registered against a different
 underlying signature or digest algorithm). It returns 1 on success or 0 on
 failure.
+This function is not thread safe.
 
 CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(),
 CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(),