From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 13 Jun 2022 13:50:18 +0000 (+0200)
Subject: Avoid reusing the init_lock for a different purpose
X-Git-Tag: openssl-3.2.0-alpha1~2536
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=e9a806b2c265da3a4ca472acb4a4286d9c1b5c9d

Avoid reusing the init_lock for a different purpose

Otherwise we might cause a recursive locking.

Fixes #18535

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18545)
---

diff --git a/crypto/init.c b/crypto/init.c
index ed6a6bb084..983d76e457 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -44,6 +44,9 @@ struct ossl_init_stop_st {
 };
 
 static OPENSSL_INIT_STOP *stop_handlers = NULL;
+/* Guards access to the optsdone variable on platforms without atomics */
+static CRYPTO_RWLOCK *optsdone_lock = NULL;
+/* Guards simultaneous INIT_LOAD_CONFIG calls with non-NULL settings */
 static CRYPTO_RWLOCK *init_lock = NULL;
 static CRYPTO_THREAD_LOCAL in_init_config_local;
 
@@ -58,8 +61,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
     ossl_malloc_setup_failures();
 #endif
 
-    if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
+    if ((optsdone_lock = CRYPTO_THREAD_lock_new()) == NULL
+        || (init_lock = CRYPTO_THREAD_lock_new()) == NULL)
         goto err;
+
     OPENSSL_cpuid_setup();
 
     if (!ossl_init_thread())
@@ -73,6 +78,8 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
 
 err:
     OSSL_TRACE(INIT, "ossl_init_base failed!\n");
+    CRYPTO_THREAD_lock_free(optsdone_lock);
+    optsdone_lock = NULL;
     CRYPTO_THREAD_lock_free(init_lock);
     init_lock = NULL;
 
@@ -367,6 +374,8 @@ void OPENSSL_cleanup(void)
     }
     stop_handlers = NULL;
 
+    CRYPTO_THREAD_lock_free(optsdone_lock);
+    optsdone_lock = NULL;
     CRYPTO_THREAD_lock_free(init_lock);
     init_lock = NULL;
 
@@ -465,7 +474,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     /*
      * We ignore failures from this function. It is probably because we are
      * on a platform that doesn't support lockless atomic loads (we may not
-     * have created init_lock yet so we can't use it). This is just an
+     * have created optsdone_lock yet so we can't use it). This is just an
      * optimisation to skip the full checks in this function if we don't need
      * to, so we carry on regardless in the event of failure.
      *
@@ -502,12 +511,12 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
         return 1;
 
     /*
-     * init_lock should definitely be set up now, so we can now repeat the
+     * optsdone_lock should definitely be set up now, so we can now repeat the
      * same check from above but be sure that it will work even on platforms
      * without lockless CRYPTO_atomic_load
      */
     if (!aloaddone) {
-        if (!CRYPTO_atomic_load(&optsdone, &tmp, init_lock))
+        if (!CRYPTO_atomic_load(&optsdone, &tmp, optsdone_lock))
             return 0;
         if ((tmp & opts) == opts)
             return 1;
@@ -637,7 +646,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
     }
 #endif
 
-    if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, init_lock))
+    if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, optsdone_lock))
         return 0;
 
     return 1;