From 2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 4 Jul 2019 10:21:53 +0100
Subject: [PATCH] Prevent the use of RUN_ONCE inside the FIPS module

FIPS module code *always* runs within the scope of an associated
OPENSSL_CTX. When the module is loaded the OPENSSL_CTX gets created, and
when the module is unloaded the OPENSSL_CX gets freed. A module may be
loaded multiple times within the scope of different OPENSSL_CTX objects.
"Global" data should always be stored within the OPENSSL_CTX. In this
way it will always get cleaned up properly when the module is unloaded.

All current code within the FIPS module works this way. To avoid
"accidents" we disabled the RUN_ONCE code inside the FIPS module.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9308)
---
 include/internal/thread_once.h | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h
index 69a1754f1a..0b38ade6c6 100644
--- a/include/internal/thread_once.h
+++ b/include/internal/thread_once.h
@@ -9,6 +9,13 @@
 
 #include <openssl/crypto.h>
 
+/*
+ * Initialisation of global data should never happen via "RUN_ONCE" inside the
+ * FIPS module. Global data should instead always be associated with a specific
+ * OPENSSL_CTX object. In this way data will get cleaned up correctly when the
+ * module gets unloaded.
+ */
+#ifndef FIPS_MODE
 /*
  * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly
  * once. It takes no arguments and returns and int result (1 for success or
@@ -23,7 +30,7 @@
  *     return 0;
  * }
  */
-#define DEFINE_RUN_ONCE(init)                   \
+# define DEFINE_RUN_ONCE(init)                   \
     static int init(void);                     \
     int init##_ossl_ret_ = 0;                   \
     void init##_ossl_(void)                     \
@@ -36,7 +43,7 @@
  * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly
  * once that has been defined in another file via DEFINE_RUN_ONCE().
  */
-#define DECLARE_RUN_ONCE(init)                  \
+# define DECLARE_RUN_ONCE(init)                  \
     extern int init##_ossl_ret_;                \
     void init##_ossl_(void);
 
@@ -55,7 +62,7 @@
  *     return 0;
  * }
  */
-#define DEFINE_RUN_ONCE_STATIC(init)            \
+# define DEFINE_RUN_ONCE_STATIC(init)            \
     static int init(void);                     \
     static int init##_ossl_ret_ = 0;            \
     static void init##_ossl_(void)              \
@@ -96,7 +103,7 @@
  *     return 0;
  * }
  */
-#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \
+# define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \
     static int initalt(void);                     \
     static void initalt##_ossl_(void)             \
     {                                             \
@@ -115,7 +122,7 @@
  *
  * (*) by convention, since the init function must return 1 on success.
  */
-#define RUN_ONCE(once, init)                                            \
+# define RUN_ONCE(once, init)                                            \
     (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
 
 /*
@@ -133,5 +140,7 @@
  *
  * (*) by convention, since the init function must return 1 on success.
  */
-#define RUN_ONCE_ALT(once, initalt, init)                               \
+# define RUN_ONCE_ALT(once, initalt, init)                               \
     (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0)
+
+#endif /* FIPS_MODE */
-- 
2.34.1