From: Matt Caswell <matt@openssl.org>
Date: Tue, 26 Jan 2021 15:23:19 +0000 (+0000)
Subject: Avoid races by caching exported ciphers in the init function
X-Git-Tag: openssl-3.0.0-alpha12~161
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b233ea82765e80038e4884564153f9c8543d9396;p=thirdparty%2Fopenssl.git

Avoid races by caching exported ciphers in the init function

TSAN was reporting a race of the exported ciphers cache that we create in
the default and fips providers. This was because we cached it in the query
function rather than the init function, so this would cause a race if multiple
threads queried at the same time. In practice it probably wouldn't make much
difference since different threads should come up with the same answer.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
---

diff --git a/providers/defltprov.c b/providers/defltprov.c
index 2a1ebb6218c..c246ed42be3 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -472,7 +472,6 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id,
     case OSSL_OP_DIGEST:
         return deflt_digests;
     case OSSL_OP_CIPHER:
-        ossl_prov_cache_exported_algorithms(deflt_ciphers, exported_ciphers);
         return exported_ciphers;
     case OSSL_OP_MAC:
         return deflt_macs;
@@ -570,6 +569,7 @@ int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle,
     ossl_prov_ctx_set0_core_bio_method(*provctx, corebiometh);
 
     *out = deflt_dispatch_table;
+    ossl_prov_cache_exported_algorithms(deflt_ciphers, exported_ciphers);
 
     return 1;
 }
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index deffb88ba6b..dc1bd7b4726 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -434,8 +434,6 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id,
     case OSSL_OP_DIGEST:
         return fips_digests;
     case OSSL_OP_CIPHER:
-        ossl_prov_cache_exported_algorithms(fips_ciphers,
-                                            exported_fips_ciphers);
         return exported_fips_ciphers;
     case OSSL_OP_MAC:
         return fips_macs;
@@ -626,6 +624,8 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
 
     fgbl->handle = handle;
 
+    ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
+
     selftest_params.libctx = libctx;
     if (!SELF_TEST_post(&selftest_params, 0)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE);