Don't try and do ossl_provider_find in ossl_provider_new

We leave it to the caller to confirm that the provider does not exist in the store. If it does exist then later adding it to the store will fail. It is possible that the provider could be added to the store in between the caller checking, and the caller calling ossl_provider_new. We leave it to the caller to properly handle the failure when it attempts to add the provider to the store. This is simpler than having ossl_provider_new try to handle it. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16980)
2025-01-24 13:55:42 +08:00 · 2021-11-08 16:47:38 +00:00 · 2021-11-08 16:47:38 +00:00 · dc6d9ede62
commit dc6d9ede62
parent 464c2b988e
1 changed files with 5 additions and 8 deletions
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@ -505,6 +505,11 @@ static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate)
 }
 #endif

+/*
+ * We assume that the requested provider does not already exist in the store.
+ * The caller should check. If it does exist then adding it to the store later
+ * will fail.
+ */
 OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
                                 OSSL_provider_init_fn *init_function,
                                 int noconfig)
@ -516,14 +521,6 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
    if ((store = get_provider_store(libctx)) == NULL)
        return NULL;

-    if ((prov = ossl_provider_find(libctx, name,
-                                   noconfig)) != NULL) { /* refcount +1 */
-        ossl_provider_free(prov); /* refcount -1 */
-        ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS,
-                       "name=%s", name);
-        return NULL;
-    }
-
    memset(&template, 0, sizeof(template));
    if (init_function == NULL) {
        const OSSL_PROVIDER_INFO *p;