diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-06-13 15:50:18 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-06-15 09:45:51 +0200 |
| commit | e9a806b2c265da3a4ca472acb4a4286d9c1b5c9d (patch) | |
| tree | 3f95d3b7623bdab0fb4da9c06b7e71b90690a091 /crypto/init.c | |
| parent | 979575c6ef10ab9b8d74d8c00852b2250eb78f29 (diff) | |
Avoid reusing the init_lock for a different purpose
Otherwise we might cause a recursive locking.
Fixes #18535
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18545)
Diffstat (limited to 'crypto/init.c')
| -rw-r--r-- | crypto/init.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/crypto/init.c b/crypto/init.c index ed6a6bb084..983d76e457 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -44,6 +44,9 @@ struct ossl_init_stop_st { }; static OPENSSL_INIT_STOP *stop_handlers = NULL; +/* Guards access to the optsdone variable on platforms without atomics */ +static CRYPTO_RWLOCK *optsdone_lock = NULL; +/* Guards simultaneous INIT_LOAD_CONFIG calls with non-NULL settings */ static CRYPTO_RWLOCK *init_lock = NULL; static CRYPTO_THREAD_LOCAL in_init_config_local; @@ -58,8 +61,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) ossl_malloc_setup_failures(); #endif - if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) + if ((optsdone_lock = CRYPTO_THREAD_lock_new()) == NULL + || (init_lock = CRYPTO_THREAD_lock_new()) == NULL) goto err; + OPENSSL_cpuid_setup(); if (!ossl_init_thread()) @@ -73,6 +78,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) err: OSSL_TRACE(INIT, "ossl_init_base failed!\n"); + CRYPTO_THREAD_lock_free(optsdone_lock); + optsdone_lock = NULL; CRYPTO_THREAD_lock_free(init_lock); init_lock = NULL; @@ -367,6 +374,8 @@ void OPENSSL_cleanup(void) } stop_handlers = NULL; + CRYPTO_THREAD_lock_free(optsdone_lock); + optsdone_lock = NULL; CRYPTO_THREAD_lock_free(init_lock); init_lock = NULL; @@ -465,7 +474,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) /* * We ignore failures from this function. It is probably because we are * on a platform that doesn't support lockless atomic loads (we may not - * have created init_lock yet so we can't use it). This is just an + * have created optsdone_lock yet so we can't use it). This is just an * optimisation to skip the full checks in this function if we don't need * to, so we carry on regardless in the event of failure. * @@ -502,12 +511,12 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) return 1; /* - * init_lock should definitely be set up now, so we can now repeat the + * optsdone_lock should definitely be set up now, so we can now repeat the * same check from above but be sure that it will work even on platforms * without lockless CRYPTO_atomic_load */ if (!aloaddone) { - if (!CRYPTO_atomic_load(&optsdone, &tmp, init_lock)) + if (!CRYPTO_atomic_load(&optsdone, &tmp, optsdone_lock)) return 0; if ((tmp & opts) == opts) return 1; @@ -637,7 +646,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) } #endif - if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, init_lock)) + if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, optsdone_lock)) return 0; return 1; |