Fix a crash with multi-threaded applications using the FIPS module

The FIPS implementation of the ossl_ctx_thread_stop function needs to
use an OSSL_LIB_CTX - but gets passed a provctx as an argument. It was
assuming that these are the same thing (which was true at one point
during development) - but that is no longer the case. The fix is to
get the OSSL_LIB_CTX out of the provctx.

Fixes #13469

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)

diff --git a/crypto/initthread.c b/crypto/initthread.c
index 8a7afbfd860c167e33fcc0a7a64d17be46fdc487..f172c53cd6598bbaab41ccea52268de99bff3746 100644 (file)
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -14,6 +14,8 @@
 #include "internal/thread_once.h"
 
 #ifdef FIPS_MODULE
+#include "prov/provider_ctx.h"
+
 /*
  * Thread aware code may want to be told about thread stop events. We register
  * to hear about those thread stop events when we see a new thread has started.
@@ -281,7 +283,7 @@ static const OSSL_LIB_CTX_METHOD thread_event_ossl_ctx_method = {
 void ossl_ctx_thread_stop(void *arg)
 {
     THREAD_EVENT_HANDLER **hands;
-    OSSL_LIB_CTX *ctx = arg;
+    OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(arg);
     CRYPTO_THREAD_LOCAL *local
         = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX,
                                 &thread_event_ossl_ctx_method);
@@ -289,7 +291,7 @@ void ossl_ctx_thread_stop(void *arg)
     if (local == NULL)
         return;
     hands = init_get_thread_local(local, 0, 0);
-    init_thread_stop(arg, hands);
+    init_thread_stop(ctx, hands);
     OPENSSL_free(hands);
 }
 #endif /* FIPS_MODULE */