diff options
author | Matt Caswell <matt@openssl.org> | 2019-08-14 18:09:28 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-29 10:50:47 +0100 |
commit | ed71e917e9fb763adfb36a9cee0e0935aee898e2 (patch) | |
tree | 131efda0c1fef9f5cae39690847351a8eca258d9 /crypto | |
parent | 505f46602043c7c28884e4c13f3cfa9419ae2f15 (diff) | |
download | openssl-ed71e917e9fb763adfb36a9cee0e0935aee898e2.tar.gz |
Fix data races in EVP_CIPHER_fetch and EVP_MD_fetch
Don't modify the cipher/md we just fetched - it could be shared by multiple
threads.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9590)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/digest.c | 23 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 27 |
2 files changed, 22 insertions, 28 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index b829b814dd..dc7f922a11 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -630,6 +630,17 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, return NULL; } +#ifndef FIPS_MODE + /* + * FIPS module note: since internal fetches will be entirely + * provider based, we know that none of its code depends on legacy + * NIDs or any functionality that use them. + * + * TODO(3.x) get rid of the need for legacy NIDs + */ + md->type = OBJ_sn2nid(name); +#endif + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_DIGEST_NEWCTX: @@ -736,18 +747,6 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, evp_md_from_dispatch, evp_md_up_ref, evp_md_free); -#ifndef FIPS_MODE - /* TODO(3.x) get rid of the need for legacy NIDs */ - if (md != NULL) { - /* - * FIPS module note: since internal fetches will be entirely - * provider based, we know that none of its code depends on legacy - * NIDs or any functionality that use them. - */ - md->type = OBJ_sn2nid(algorithm); - } -#endif - return md; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 5723fe888e..96a15ef897 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1251,10 +1251,6 @@ static void *evp_cipher_from_dispatch(const char *name, EVP_CIPHER *cipher = NULL; int fnciphcnt = 0, fnctxcnt = 0; - /* - * The legacy NID is set by EVP_CIPHER_fetch() if the name exists in - * the object database. - */ if ((cipher = EVP_CIPHER_meth_new(0, 0, 0)) == NULL || (cipher->name = OPENSSL_strdup(name)) == NULL) { EVP_CIPHER_meth_free(cipher); @@ -1262,6 +1258,17 @@ static void *evp_cipher_from_dispatch(const char *name, return NULL; } +#ifndef FIPS_MODE + /* + * FIPS module note: since internal fetches will be entirely + * provider based, we know that none of its code depends on legacy + * NIDs or any functionality that use them. + * + * TODO(3.x) get rid of the need for legacy NIDs + */ + cipher->nid = OBJ_sn2nid(name); +#endif + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_CIPHER_NEWCTX: @@ -1382,18 +1389,6 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, evp_cipher_from_dispatch, evp_cipher_up_ref, evp_cipher_free); -#ifndef FIPS_MODE - /* TODO(3.x) get rid of the need for legacy NIDs */ - if (cipher != NULL) { - /* - * FIPS module note: since internal fetches will be entirely - * provider based, we know that none of its code depends on legacy - * NIDs or any functionality that use them. - */ - cipher->nid = OBJ_sn2nid(algorithm); - } -#endif - return cipher; } |