Skip to content

Don't keep the store open in by_store_ctrl_ex - 3.0 #28385

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Don't keep the store open in by_store_ctrl_ex - 3.0 #28385

wants to merge 4 commits into from

Conversation

@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Aug 29, 2025

This is a backport of #28198 to the 3.0 branch.

Previously #27529 made a change to by_store_ctrl_ex in order to open the OSSL_STORE early. The reason given in that PR is:

"This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and get to see possible errors when the URI is loaded"

That PR then kept the store open until cache_objects is called and then reused it. Unfortunately by the time cache_objects() is called we could be in a multi-threaded scenario where the X509_STORE is being shared by multiple threads. We then get a race condition where multiple threads are all using (and ultimately closing) the same OSSL_STORE_CTX.

The purpose of keeping the OSSL_STORE object between by_store_ctrl_ex() and cache_objects is presumably an optimisation to avoid having to open the store twice. But this does not work because of the above issue.

We just take the hit and open it again.

@mattcaswell
Don't keep the store open in by_store_ctrl_ex
80e1fca 
Previously openssl#27529 made a change to `by_store_ctrl_ex` in order to open
the OSSL_STORE early. The reason given in that PR is:

"This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and
get to see possible errors when the URI is loaded"

That PR then kept the store open until cache_objects is called and then
reused it. Unfortunately by the time cache_objects() is called we could be
in a multi-threaded scenario where the X509_STORE is being shared by
multiple threads. We then get a race condition where multiple threads are
all using (and ultimately closing) the same `OSSL_STORE_CTX`.

The purpose of keeping the `OSSL_STORE` object between by_store_ctrl_ex()
and `cache_objects` is presumably an optimisation to avoid having to open
the store twice. But this does not work because of the above issue.

We just take the hit and open it again.

Fixes openssl#28171
@mattcaswell
Add a test for accessing an X509_STORE from multiple threads
108d91b 
Check we don't have any threading issues when accessing an X509_STORE
simultaneously
@mattcaswell
Fix a race in by_store_subject
058ea42 
When looking in the stack of objects in the store we need to ensure we
are holding a read lock for the store.

Issue detected via thread sanitizer after the test from the previous
commit was added.
@mattcaswell mattcaswell added approval: review pending This pull request needs review by a committer triaged: bug The issue/pr is/fixes a bug branch: 3.0 Applies to openssl-3.0 branch severity: regression The issue/pr is a regression from previous released version tests: present The PR has suitable tests present labels Aug 29, 2025
@mattcaswell mattcaswell changed the title Fix by store race 30 Don't keep the store open in by_store_ctrl_ex - 3.0 Aug 29, 2025
@mattcaswell mattcaswell mentioned this pull request Aug 29, 2025
Closed
@mattcaswell mattcaswell requested review from Sashan and t8m August 29, 2025 14:39
t8m
t8m approved these changes Aug 29, 2025
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved if CI passes

t8m
t8m requested changes Aug 29, 2025
View reviewed changes
@mattcaswell mattcaswell requested a review from t8m August 29, 2025 15:13
t8m
t8m approved these changes Aug 29, 2025
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved if CI passes

@quarckster quarckster mentioned this pull request Sep 2, 2025
Closed
Sashan
Sashan approved these changes Sep 3, 2025
View reviewed changes
Copy link
Contributor

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me thanks.

@Sashan Sashan added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Sep 3, 2025
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Sep 4, 2025
@openssl-machine
Copy link
Collaborator

openssl-machine commented Sep 4, 2025

This pull request is ready to merge

@mattcaswell
Copy link
Member Author

mattcaswell commented Sep 4, 2025

Pushed. Thanks for the reviews.

@mattcaswell mattcaswell closed this Sep 4, 2025
openssl-machine pushed a commit that referenced this pull request Sep 4, 2025
@mattcaswell
Don't keep the store open in by_store_ctrl_ex
c0d968f 
Previously #27529 made a change to `by_store_ctrl_ex` in order to open
the OSSL_STORE early. The reason given in that PR is:

"This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and
get to see possible errors when the URI is loaded"

That PR then kept the store open until cache_objects is called and then
reused it. Unfortunately by the time cache_objects() is called we could be
in a multi-threaded scenario where the X509_STORE is being shared by
multiple threads. We then get a race condition where multiple threads are
all using (and ultimately closing) the same `OSSL_STORE_CTX`.

The purpose of keeping the `OSSL_STORE` object between by_store_ctrl_ex()
and `cache_objects` is presumably an optimisation to avoid having to open
the store twice. But this does not work because of the above issue.

We just take the hit and open it again.

Fixes #28171

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from #28385)
openssl-machine pushed a commit that referenced this pull request Sep 4, 2025
@mattcaswell
Add a test for accessing an X509_STORE from multiple threads
170f575 
Check we don't have any threading issues when accessing an X509_STORE
simultaneously

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from #28385)
openssl-machine pushed a commit that referenced this pull request Sep 4, 2025
@mattcaswell
Fix a race in by_store_subject
c87359d 
When looking in the stack of objects in the store we need to ensure we
are holding a read lock for the store.

Issue detected via thread sanitizer after the test from the previous
commit was added.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from #28385)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sashan Sashan Sashan approved these changes

@t8m t8m t8m approved these changes

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: 3.0 Applies to openssl-3.0 branch severity: regression The issue/pr is a regression from previous released version tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mattcaswell @openssl-machine @Sashan @t8m