[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Jun 24 05:50:55 UTC 2021

The branch master has been updated
       via  0218bcdd3feab456135207c140998305df73ab7b (commit)
      from  13757e128378af79b3522002b4ae6b2a0678cf96 (commit)

- Log -----------------------------------------------------------------
commit 0218bcdd3feab456135207c140998305df73ab7b
Author: Pauli <pauli at openssl.org>
Date:   Wed Jun 23 09:46:42 2021 +1000

    doc: Document that the OBJ creation functions don't lock.
    Neither OBJ_create() nor OBJ_add_sigid() use locks.  They are not thread safe.
    They can and will cause the other OBJ_ query functions to fail in mysterious
    ways if called concurrently with them.
    There is no problem calling multiple query functions concurrently.
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15865)


Summary of changes:
 doc/man3/OBJ_nid2obj.pod   | 4 ++++
 doc/man7/provider-base.pod | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod
index 4f35e8b268..58fc94f6dd 100644
--- a/doc/man3/OBJ_nid2obj.pod
+++ b/doc/man3/OBJ_nid2obj.pod
@@ -181,6 +181,10 @@ Instead I<buf> must point to a valid buffer and I<buf_len> should
 be set to a positive value. A buffer length of 80 should be more
 than enough to handle any OID encountered in practice.
+Neither OBJ_create() nor OBJ_add_sigid() do any locking and are thus not
+thread safe.  Moreover, none of the other functions should be called while
+concurrent calls to these two functions are possible.
 =head1 SEE ALSO
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 0eb2f5d243..5812ece7f8 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -264,6 +264,7 @@ It will treat as success the case where the OID already exists (even if the
 short name I<sn> or long name I<ln> provided as arguments differ from those
 associated with the existing OID, in which case the new names are not
+This function is not thread safe.
 The core_obj_add_sigid() function registers a new composite signature algorithm
 (I<sign_name>) consisting of an underlying signature algorithm (I<pkey_name>)
@@ -277,6 +278,7 @@ to identify the object. It will treat as success the case where the composite
 signature algorithm already exists (even if registered against a different
 underlying signature or digest algorithm). It returns 1 on success or 0 on
+This function is not thread safe.
 CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(),
 CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(),

More information about the openssl-commits mailing list