From: Matt Caswell Date: Mon, 8 Nov 2021 16:47:38 +0000 (+0000) Subject: Don't try and do ossl_provider_find in ossl_provider_new X-Git-Tag: openssl-3.2.0-alpha1~3348 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc6d9ede6241e6858f8fa78435d6c8eb9cf85aa1;p=thirdparty%2Fopenssl.git Don't try and do ossl_provider_find in ossl_provider_new We leave it to the caller to confirm that the provider does not exist in the store. If it does exist then later adding it to the store will fail. It is possible that the provider could be added to the store in between the caller checking, and the caller calling ossl_provider_new. We leave it to the caller to properly handle the failure when it attempts to add the provider to the store. This is simpler than having ossl_provider_new try to handle it. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16980) --- diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 884d71564a4..bdc1a54c656 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -505,6 +505,11 @@ static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate) } #endif +/* + * We assume that the requested provider does not already exist in the store. + * The caller should check. If it does exist then adding it to the store later + * will fail. + */ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, OSSL_provider_init_fn *init_function, int noconfig) @@ -516,14 +521,6 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, if ((store = get_provider_store(libctx)) == NULL) return NULL; - if ((prov = ossl_provider_find(libctx, name, - noconfig)) != NULL) { /* refcount +1 */ - ossl_provider_free(prov); /* refcount -1 */ - ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, - "name=%s", name); - return NULL; - } - memset(&template, 0, sizeof(template)); if (init_function == NULL) { const OSSL_PROVIDER_INFO *p;