Don't keep the store open in by_store_ctrl_ex - 3.0#28385
Closed
mattcaswell wants to merge 4 commits intoopenssl:openssl-3.0from
Closed
Don't keep the store open in by_store_ctrl_ex - 3.0#28385mattcaswell wants to merge 4 commits intoopenssl:openssl-3.0from
mattcaswell wants to merge 4 commits intoopenssl:openssl-3.0from
Conversation
Previously openssl#27529 made a change to `by_store_ctrl_ex` in order to open the OSSL_STORE early. The reason given in that PR is: "This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and get to see possible errors when the URI is loaded" That PR then kept the store open until cache_objects is called and then reused it. Unfortunately by the time cache_objects() is called we could be in a multi-threaded scenario where the X509_STORE is being shared by multiple threads. We then get a race condition where multiple threads are all using (and ultimately closing) the same `OSSL_STORE_CTX`. The purpose of keeping the `OSSL_STORE` object between by_store_ctrl_ex() and `cache_objects` is presumably an optimisation to avoid having to open the store twice. But this does not work because of the above issue. We just take the hit and open it again. Fixes openssl#28171
Check we don't have any threading issues when accessing an X509_STORE simultaneously
When looking in the stack of objects in the store we need to ensure we are holding a read lock for the store. Issue detected via thread sanitizer after the test from the previous commit was added.
mattcaswell
added
approval: review pending
mattcaswell
changed the title
t8m
requested changes
Aug 29, 2025
Sashan
added
approval: done
openssl-machine
added
approval: ready to merge
Collaborator
|
This pull request is ready to merge |
Member
Author
|
Pushed. Thanks for the reviews. |
openssl-machine
pushed a commit
that referenced
this pull request
Sep 4, 2025
Previously #27529 made a change to `by_store_ctrl_ex` in order to open the OSSL_STORE early. The reason given in that PR is: "This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and get to see possible errors when the URI is loaded" That PR then kept the store open until cache_objects is called and then reused it. Unfortunately by the time cache_objects() is called we could be in a multi-threaded scenario where the X509_STORE is being shared by multiple threads. We then get a race condition where multiple threads are all using (and ultimately closing) the same `OSSL_STORE_CTX`. The purpose of keeping the `OSSL_STORE` object between by_store_ctrl_ex() and `cache_objects` is presumably an optimisation to avoid having to open the store twice. But this does not work because of the above issue. We just take the hit and open it again. Fixes #28171 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #28385)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 4, 2025
Check we don't have any threading issues when accessing an X509_STORE simultaneously Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #28385)
openssl-machine
pushed a commit
that referenced
this pull request
Sep 4, 2025
When looking in the stack of objects in the store we need to ensure we are holding a read lock for the store. Issue detected via thread sanitizer after the test from the previous commit was added. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #28385)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of #28198 to the 3.0 branch.
Previously #27529 made a change to by_store_ctrl_ex in order to open the OSSL_STORE early. The reason given in that PR is:
"This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and get to see possible errors when the URI is loaded"
That PR then kept the store open until cache_objects is called and then reused it. Unfortunately by the time cache_objects() is called we could be in a multi-threaded scenario where the X509_STORE is being shared by multiple threads. We then get a race condition where multiple threads are all using (and ultimately closing) the same OSSL_STORE_CTX.
The purpose of keeping the OSSL_STORE object between by_store_ctrl_ex() and cache_objects is presumably an optimisation to avoid having to open the store twice. But this does not work because of the above issue.
We just take the hit and open it again.