Avoid holding a lock when calling OPENSSL_init_crypto

We move an OPENSSL_init_crypto call slightly earlier in the process to avoid calling it while holding the store lock. This can lead to deadlocks. Fixes the no-engine build. Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9547)

Avoid holding a lock when calling OPENSSL_init_crypto
We move an OPENSSL_init_crypto call slightly earlier in the process to avoid calling it while holding the store lock. This can lead to deadlocks. Fixes the no-engine build. Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9547)
5c5cdcd8 · Matt Caswell · b9a75806 · 5c5cdcd8
隐藏空白更改
内联并排

Showing with 8 addition and 8 deletion

crypto/provider_core.c crypto/provider_core.c +8 -8

未找到文件。
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -566,14 +566,6 @@ static int provider_forall_loaded(struct provider_store_st *store,
    int ret = 1;
    int num_provs;

-#ifndef FIPS_MODE
-    /*
-     * Make sure any providers are loaded from config before we try to use
-     * them.
-     */
-    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
-#endif
-
    num_provs = sk_OSSL_PROVIDER_num(store->providers);

    if (found_activated != NULL)
@@ -638,6 +630,14 @@ int ossl_provider_forall_loaded(OPENSSL_CTX *ctx,
    int ret = 1;
    struct provider_store_st *store = get_provider_store(ctx);

+#ifndef FIPS_MODE
+    /*
+     * Make sure any providers are loaded from config before we try to use
+     * them.
+     */
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
    if (store != NULL) {
        CRYPTO_THREAD_read_lock(store->lock);