[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Sat Apr 21 13:42:22 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via bf21fe935a979c08292d06553ef8c9a49382208c (commit)
from 5fc89c1af837026b5812526ef6f519bf7ca42f16 (commit)
- Log -----------------------------------------------------------------
commit bf21fe935a979c08292d06553ef8c9a49382208c
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sat Apr 21 15:41:42 2018 +0200
Ensure the thread keys are always allocated in the same order
Back-port of #5911
Fixes: #5899
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6037)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/b_addr.c | 3 +-
crypto/engine/eng_lib.c | 3 +-
crypto/err/err.c | 40 ++++++++++++++++++---
crypto/ex_data.c | 3 +-
crypto/include/internal/cryptlib_int.h | 1 +
crypto/include/internal/err_int.h | 2 ++
crypto/init.c | 65 +++++++++++++++++++++-------------
include/openssl/crypto.h | 4 ++-
8 files changed, 89 insertions(+), 32 deletions(-)
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 24097d7..5384d73 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -604,7 +604,8 @@ static int addrinfo_wrap(int family, int socktype,
DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
{
- OPENSSL_init_crypto(0, NULL);
+ if (!OPENSSL_init_crypto(0, NULL))
+ return 0;
bio_lookup_lock = CRYPTO_THREAD_lock_new();
return bio_lookup_lock != NULL;
}
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index cbefc7e..1b88d6f 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -18,7 +18,8 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE(do_engine_lock_init)
{
- OPENSSL_init_crypto(0, NULL);
+ if (!OPENSSL_init_crypto(0, NULL))
+ return 0;
global_engine_lock = CRYPTO_THREAD_lock_new();
return global_engine_lock != NULL;
}
diff --git a/crypto/err/err.c b/crypto/err/err.c
index c439928..06f16d3 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -254,7 +254,8 @@ static void ERR_STATE_free(ERR_STATE *s)
DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
{
- OPENSSL_init_crypto(0, NULL);
+ if (!OPENSSL_init_crypto(0, NULL))
+ return 0;
err_string_lock = CRYPTO_THREAD_lock_new();
return err_string_lock != NULL;
}
@@ -653,7 +654,10 @@ DEFINE_RUN_ONCE_STATIC(err_do_init)
ERR_STATE *ERR_get_state(void)
{
- ERR_STATE *state = NULL;
+ ERR_STATE *state;
+
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+ return NULL;
if (!RUN_ONCE(&err_init, err_do_init))
return NULL;
@@ -686,13 +690,41 @@ ERR_STATE *ERR_get_state(void)
return state;
}
+/*
+ * err_shelve_state returns the current thread local error state
+ * and freezes the error module until err_unshelve_state is called.
+ */
+int err_shelve_state(void **state)
+{
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+ return 0;
+
+ if (!RUN_ONCE(&err_init, err_do_init))
+ return 0;
+
+ *state = CRYPTO_THREAD_get_local(&err_thread_local);
+ if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+ return 0;
+
+ return 1;
+}
+
+/*
+ * err_unshelve_state restores the error state that was returned
+ * by err_shelve_state previously.
+ */
+void err_unshelve_state(void* state)
+{
+ if (state != (void*)-1)
+ CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state);
+}
+
int ERR_get_next_error_library(void)
{
int ret;
- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+ if (!RUN_ONCE(&err_string_init, do_err_strings_init))
return 0;
- }
CRYPTO_THREAD_write_lock(err_string_lock);
ret = int_err_library_number++;
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 22c4d3d..f12a9ef 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -38,7 +38,8 @@ static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
{
- OPENSSL_init_crypto(0, NULL);
+ if (!OPENSSL_init_crypto(0, NULL))
+ return 0;
ex_data_lock = CRYPTO_THREAD_lock_new();
return ex_data_lock != NULL;
}
diff --git a/crypto/include/internal/cryptlib_int.h b/crypto/include/internal/cryptlib_int.h
index 8e2a719..4db47ee 100644
--- a/crypto/include/internal/cryptlib_int.h
+++ b/crypto/include/internal/cryptlib_int.h
@@ -24,6 +24,7 @@ int ossl_init_thread_start(uint64_t opts);
* use".
*/
# define OPENSSL_INIT_ZLIB 0x00010000L
+# define OPENSSL_INIT_BASE_ONLY 0x00040000L
/* OPENSSL_INIT_THREAD flags */
# define OPENSSL_INIT_THREAD_ASYNC 0x01
diff --git a/crypto/include/internal/err_int.h b/crypto/include/internal/err_int.h
index 7fec3ed..4a7e43a 100644
--- a/crypto/include/internal/err_int.h
+++ b/crypto/include/internal/err_int.h
@@ -13,5 +13,7 @@
int err_load_crypto_strings_int(void);
void err_cleanup(void);
void err_delete_thread_state(void);
+int err_shelve_state(void **);
+void err_unshelve_state(void *);
#endif
diff --git a/crypto/init.c b/crypto/init.c
index 1553113..5ed321f 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -75,22 +75,36 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
* We use a dummy thread local key here. We use the destructor to detect
* when the thread is going to stop (where that feature is available)
*/
- CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap);
+ if (!CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap))
+ return 0;
+ if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
+ goto err;
#ifndef OPENSSL_SYS_UEFI
- atexit(OPENSSL_cleanup);
+ if (atexit(OPENSSL_cleanup) != 0)
+ goto err;
#endif
- if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
- return 0;
OPENSSL_cpuid_setup();
- /*
- * BIG FAT WARNING!
- * Everything needed to be initialized in this function before threads
- * come along MUST happen before base_inited is set to 1, or we will
- * see race conditions.
- */
base_inited = 1;
+ return 1;
+
+err:
+#ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
+#endif
+ CRYPTO_THREAD_lock_free(init_lock);
+ init_lock = NULL;
+
+ CRYPTO_THREAD_cleanup_local(&threadstopkey);
+ return 0;
+}
+static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
+{
+#ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
+#endif
#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE)
# ifdef DSO_WIN32
{
@@ -102,6 +116,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
| GET_MODULE_HANDLE_EX_FLAG_PIN,
(void *)&base_inited, &handle);
+# ifdef OPENSSL_INIT_DEBUG
+ fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+ (ret == TRUE ? "No!" : "Yes."));
+# endif
return (ret == TRUE) ? 1 : 0;
}
# else
@@ -110,9 +128,12 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
* to remain loaded until the atexit() handler is run at process exit.
*/
{
- DSO *dso = NULL;
+ DSO *dso;
+ void *err;
+
+ if (!err_shelve_state(&err))
+ return 0;
- ERR_set_mark();
dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
@@ -124,7 +145,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
*/
# endif
DSO_free(dso);
- ERR_pop_to_mark();
+ err_unshelve_state(err);
}
# endif
#endif
@@ -514,22 +535,18 @@ void OPENSSL_cleanup(void)
*/
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
{
- static int stoperrset = 0;
-
if (stopped) {
- if (!stoperrset) {
- /*
- * We only ever set this once to avoid getting into an infinite
- * loop where the error system keeps trying to init and fails so
- * sets an error etc
- */
- stoperrset = 1;
+ if (!(opts & OPENSSL_INIT_BASE_ONLY))
CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
- }
return 0;
}
- if (!base_inited && !RUN_ONCE(&base, ossl_init_base))
+ if (!RUN_ONCE(&base, ossl_init_base))
+ return 0;
+
+ if (!(opts & OPENSSL_INIT_BASE_ONLY)
+ && !RUN_ONCE(&load_crypto_nodelete,
+ ossl_init_load_crypto_nodelete))
return 0;
if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 1ba7f25..7fc60b3 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -371,7 +371,9 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L
# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L
# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L
-/* OPENSSL_INIT flag 0x00010000 reserved for internal use */
+/* OPENSSL_INIT_ZLIB 0x00010000L */
+/* currently unused 0x00020000L */
+/* OPENSSL_INIT_BASE_ONLY 0x00040000L */
/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
/* Max OPENSSL_INIT flag value is 0x80000000 */
More information about the openssl-commits
mailing list