[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed Jul 29 07:32:20 UTC 2020


The branch master has been updated
       via  79410c5f8b139c423be436810b4fe4de4637fc24 (commit)
      from  5cd9962272388fc9a51711495a8c6a3f230ab5ce (commit)


- Log -----------------------------------------------------------------
commit 79410c5f8b139c423be436810b4fe4de4637fc24
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Jul 28 11:14:14 2020 +1000

    namemap: fix threading issue
    
    The locking was too fine grained when adding entries to a namemap.
    Refactored the working code into unlocked functions and call these with
    appropriate locking.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12545)

-----------------------------------------------------------------------

Summary of changes:
 crypto/core_namemap.c | 87 ++++++++++++++++++++++++++++++---------------------
 1 file changed, 52 insertions(+), 35 deletions(-)

diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index e17b3ac0e2..b08fb84556 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -143,11 +143,24 @@ void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
     CRYPTO_THREAD_unlock(namemap->lock);
 }
 
+static int namemap_name2num_n(const OSSL_NAMEMAP *namemap,
+                              const char *name, size_t name_len)
+{
+    NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
+
+    if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL)
+        return 0;
+    namenum_tmpl.number = 0;
+    namenum_entry =
+        lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
+    OPENSSL_free(namenum_tmpl.name);
+    return namenum_entry != NULL ? namenum_entry->number : 0;
+}
+
 int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
                             const char *name, size_t name_len)
 {
-    NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
-    int number = 0;
+    int number;
 
 #ifndef FIPS_MODULE
     if (namemap == NULL)
@@ -157,16 +170,9 @@ int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
     if (namemap == NULL)
         return 0;
 
-    if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL)
-        return 0;
-    namenum_tmpl.number = 0;
     CRYPTO_THREAD_read_lock(namemap->lock);
-    namenum_entry =
-        lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
-    if (namenum_entry != NULL)
-        number = namenum_entry->number;
+    number = namemap_name2num_n(namemap, name, name_len);
     CRYPTO_THREAD_unlock(namemap->lock);
-    OPENSSL_free(namenum_tmpl.name);
 
     return number;
 }
@@ -205,45 +211,50 @@ const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
     return data.name;
 }
 
-int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
-                            const char *name, size_t name_len)
+static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
+                              const char *name, size_t name_len)
 {
     NAMENUM_ENTRY *namenum = NULL;
     int tmp_number;
 
-#ifndef FIPS_MODULE
-    if (namemap == NULL)
-        namemap = ossl_namemap_stored(NULL);
-#endif
-
-    if (name == NULL || name_len == 0 || namemap == NULL)
-        return 0;
-
-    if ((tmp_number = ossl_namemap_name2num_n(namemap, name, name_len)) != 0)
-        return tmp_number;       /* Pretend success */
-
-    CRYPTO_THREAD_write_lock(namemap->lock);
+    /* If it already exists, we don't add it */
+    if ((tmp_number = namemap_name2num_n(namemap, name, name_len)) != 0)
+        return tmp_number;
 
     if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL
         || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL)
         goto err;
 
-    namenum->number = tmp_number =
+    namenum->number =
         number != 0 ? number : 1 + tsan_counter(&namemap->max_number);
     (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
 
     if (lh_NAMENUM_ENTRY_error(namemap->namenum))
         goto err;
-
-    CRYPTO_THREAD_unlock(namemap->lock);
-
-    return tmp_number;
+    return namenum->number;
 
  err:
     namenum_free(namenum);
+    return 0;
+}
 
+int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
+                            const char *name, size_t name_len)
+{
+    int tmp_number;
+
+#ifndef FIPS_MODULE
+    if (namemap == NULL)
+        namemap = ossl_namemap_stored(NULL);
+#endif
+
+    if (name == NULL || name_len == 0 || namemap == NULL)
+        return 0;
+
+    CRYPTO_THREAD_write_lock(namemap->lock);
+    tmp_number = namemap_add_name_n(namemap, number, name, name_len);
     CRYPTO_THREAD_unlock(namemap->lock);
-    return 0;
+    return tmp_number;
 }
 
 int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name)
@@ -266,6 +277,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
         return 0;
     }
 
+    CRYPTO_THREAD_write_lock(namemap->lock);
     /*
      * Check that no name is an empty string, and that all names have at
      * most one numeric identity together.
@@ -278,11 +290,11 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
         else
             l = q - p;           /* offset to the next separator */
 
-        this_number = ossl_namemap_name2num_n(namemap, p, l);
+        this_number = namemap_name2num_n(namemap, p, l);
 
         if (*p == '\0' || *p == separator) {
             ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
-            return 0;
+            goto err;
         }
         if (number == 0) {
             number = this_number;
@@ -290,7 +302,7 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
             ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
                            "\"%.*s\" has an existing different identity %d (from \"%s\")",
                            l, p, this_number, names);
-            return 0;
+            goto err;
         }
     }
 
@@ -303,18 +315,23 @@ int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
         else
             l = q - p;           /* offset to the next separator */
 
-        this_number = ossl_namemap_add_name_n(namemap, number, p, l);
+        this_number = namemap_add_name_n(namemap, number, p, l);
         if (number == 0) {
             number = this_number;
         } else if (this_number != number) {
             ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
                            "Got number %d when expecting %d",
                            this_number, number);
-            return 0;
+            goto err;
         }
     }
 
+    CRYPTO_THREAD_unlock(namemap->lock);
     return number;
+
+ err:
+    CRYPTO_THREAD_unlock(namemap->lock);
+    return 0;
 }
 
 /*-


More information about the openssl-commits mailing list