From a5d27c2907ed9658df228dc0b3b5743e20f1557f Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 24 Jun 2021 23:51:53 +1000 Subject: doc: Document that the OBJ creation functions are now thread safe. With the OBJ_ thread locking in place, these documentation changes are not required. This reverts commit 0218bcdd3feab456135207c140998305df73ab7b. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15713) (cherry picked from commit 06394a6cc7c784b46bc6d1e65a1ff39637093934) Reviewed-by: Hugo Landau --- doc/man3/OBJ_nid2obj.pod | 8 ++------ doc/man7/provider-base.pod | 7 +++++-- 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index 94eb6cc589..748e76a584 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -142,6 +142,8 @@ These functions cannot return B because an B can represent both an internal, constant, OID and a dynamically-created one. The latter cannot be constant because it needs to be freed after use. +These functions were not thread safe in OpenSSL 3.0 and before. + =head1 RETURN VALUES OBJ_nid2obj() returns an B structure or B is an @@ -180,12 +182,6 @@ Create a new object directly: obj = OBJ_txt2obj("1.2.3.4", 1); -=head1 BUGS - -Neither OBJ_create() nor OBJ_add_sigid() do any locking and are thus not -thread safe. Moreover, none of the other functions should be called while -concurrent calls to these two functions are possible. - =head1 SEE ALSO L diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 977f8566fe..a1822b916a 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -265,7 +265,6 @@ It will treat as success the case where the OID already exists (even if the short name I or long name I provided as arguments differ from those associated with the existing OID, in which case the new names are not associated). -This function is not thread safe. The core_obj_add_sigid() function registers a new composite signature algorithm (I) consisting of an underlying signature algorithm (I) @@ -280,7 +279,6 @@ signature algorithm already exists (even if registered against a different underlying signature or digest algorithm). For I, NULL or an empty string is permissible for signature algorithms that do not need a digest to operate correctly. The function returns 1 on success or 0 on failure. -This function is not thread safe. CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_free(), CRYPTO_clear_free(), CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(), @@ -609,6 +607,11 @@ or maximum. A -1 indicates that the group should not be used in that protocol. =back +=head1 NOTES + +The core_obj_create() and core_obj_add_sigid() functions were not thread safe +in OpenSSL 3.0. + =head1 EXAMPLES This is an example of a simple provider made available as a -- cgit v1.2.3