Don't try and do ossl_provider_find in ossl_provider_new

We leave it to the caller to confirm that the provider does not exist
in the store. If it does exist then later adding it to the store will
fail.

It is possible that the provider could be added to the store in
between the caller checking, and the caller calling ossl_provider_new.
We leave it to the caller to properly handle the failure when it
attempts to add the provider to the store. This is simpler than
having ossl_provider_new try to handle it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16980)

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 884d71564a472493f5baef0adf7f8bf9c6fa2619..bdc1a54c6569ca82cf269caac40faac81ba5098c 100644 (file)
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -505,6 +505,11 @@ static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate)
 }
 #endif
 
+/*
+ * We assume that the requested provider does not already exist in the store.
+ * The caller should check. If it does exist then adding it to the store later
+ * will fail.
+ */
 OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
                                  OSSL_provider_init_fn *init_function,
                                  int noconfig)
@@ -516,14 +521,6 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
     if ((store = get_provider_store(libctx)) == NULL)
         return NULL;
 
-    if ((prov = ossl_provider_find(libctx, name,
-                                   noconfig)) != NULL) { /* refcount +1 */
-        ossl_provider_free(prov); /* refcount -1 */
-        ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS,
-                       "name=%s", name);
-        return NULL;
-    }
-
     memset(&template, 0, sizeof(template));
     if (init_function == NULL) {
         const OSSL_PROVIDER_INFO *p;