diff options
| author | jsing <> | 2018-11-28 15:51:32 +0000 |
|---|---|---|
| committer | jsing <> | 2018-11-28 15:51:32 +0000 |
| commit | 9929fb92ec5eef94190c43b92a4901712953b553 (patch) | |
| tree | 89f569e7886b1100fcaafc0b6975a9aec0badcd4 /src/lib | |
| parent | 1ea05fdbfec108dafe131398c5f4f7d549fe0fda (diff) | |
| download | openbsd-9929fb92ec5eef94190c43b92a4901712953b553.tar.gz openbsd-9929fb92ec5eef94190c43b92a4901712953b553.tar.bz2 openbsd-9929fb92ec5eef94190c43b92a4901712953b553.zip | |
Correct lock initialisation for libcrypto.
The current crypto_lock_init() function is not called early enough, meaning
that locks are already in use before it gets called. Worse, locks could be
in use when they are then initialised. Furthermore, since functions like
CRYPTO_lock() are public API, these could be called directly bypassing
initialisation.
Avoid these issues by using static initialisers.
ok bcook@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/crypto_init.c | 5 | ||||
| -rw-r--r-- | src/lib/libcrypto/crypto_lock.c | 66 |
2 files changed, 55 insertions, 16 deletions
diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c index 3745e2e718..67e7920890 100644 --- a/src/lib/libcrypto/crypto_init.c +++ b/src/lib/libcrypto/crypto_init.c | |||
| @@ -23,6 +23,7 @@ | |||
| 23 | #include <openssl/conf.h> | 23 | #include <openssl/conf.h> |
| 24 | #include <openssl/evp.h> | 24 | #include <openssl/evp.h> |
| 25 | #include <openssl/err.h> | 25 | #include <openssl/err.h> |
| 26 | |||
| 26 | #include "cryptlib.h" | 27 | #include "cryptlib.h" |
| 27 | 28 | ||
| 28 | int OpenSSL_config(const char *); | 29 | int OpenSSL_config(const char *); |
| @@ -30,17 +31,15 @@ int OpenSSL_no_config(void); | |||
| 30 | 31 | ||
| 31 | static pthread_t crypto_init_thread; | 32 | static pthread_t crypto_init_thread; |
| 32 | 33 | ||
| 33 | void crypto_init_locks(void); | ||
| 34 | |||
| 35 | static void | 34 | static void |
| 36 | OPENSSL_init_crypto_internal(void) | 35 | OPENSSL_init_crypto_internal(void) |
| 37 | { | 36 | { |
| 38 | crypto_init_thread = pthread_self(); | 37 | crypto_init_thread = pthread_self(); |
| 38 | |||
| 39 | OPENSSL_cpuid_setup(); | 39 | OPENSSL_cpuid_setup(); |
| 40 | ERR_load_crypto_strings(); | 40 | ERR_load_crypto_strings(); |
| 41 | OpenSSL_add_all_ciphers(); | 41 | OpenSSL_add_all_ciphers(); |
| 42 | OpenSSL_add_all_digests(); | 42 | OpenSSL_add_all_digests(); |
| 43 | crypto_init_locks(); | ||
| 44 | } | 43 | } |
| 45 | 44 | ||
| 46 | int | 45 | int |
diff --git a/src/lib/libcrypto/crypto_lock.c b/src/lib/libcrypto/crypto_lock.c index 3d615cf485..5d317a81c0 100644 --- a/src/lib/libcrypto/crypto_lock.c +++ b/src/lib/libcrypto/crypto_lock.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_lock.c,v 1.1 2018/11/11 06:41:28 bcook Exp $ */ | 1 | /* $OpenBSD: crypto_lock.c,v 1.2 2018/11/28 15:51:32 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Brent Cook <bcook@openbsd.org> | 3 | * Copyright (c) 2018 Brent Cook <bcook@openbsd.org> |
| 4 | * | 4 | * |
| @@ -19,16 +19,54 @@ | |||
| 19 | 19 | ||
| 20 | #include <openssl/crypto.h> | 20 | #include <openssl/crypto.h> |
| 21 | 21 | ||
| 22 | static pthread_mutex_t locks[CRYPTO_NUM_LOCKS]; | 22 | static pthread_mutex_t locks[] = { |
| 23 | PTHREAD_MUTEX_INITIALIZER, | ||
| 24 | PTHREAD_MUTEX_INITIALIZER, | ||
| 25 | PTHREAD_MUTEX_INITIALIZER, | ||
| 26 | PTHREAD_MUTEX_INITIALIZER, | ||
| 27 | PTHREAD_MUTEX_INITIALIZER, | ||
| 28 | PTHREAD_MUTEX_INITIALIZER, | ||
| 29 | PTHREAD_MUTEX_INITIALIZER, | ||
| 30 | PTHREAD_MUTEX_INITIALIZER, | ||
| 31 | PTHREAD_MUTEX_INITIALIZER, | ||
| 32 | PTHREAD_MUTEX_INITIALIZER, | ||
| 33 | PTHREAD_MUTEX_INITIALIZER, | ||
| 34 | PTHREAD_MUTEX_INITIALIZER, | ||
| 35 | PTHREAD_MUTEX_INITIALIZER, | ||
| 36 | PTHREAD_MUTEX_INITIALIZER, | ||
| 37 | PTHREAD_MUTEX_INITIALIZER, | ||
| 38 | PTHREAD_MUTEX_INITIALIZER, | ||
| 39 | PTHREAD_MUTEX_INITIALIZER, | ||
| 40 | PTHREAD_MUTEX_INITIALIZER, | ||
| 41 | PTHREAD_MUTEX_INITIALIZER, | ||
| 42 | PTHREAD_MUTEX_INITIALIZER, | ||
| 43 | PTHREAD_MUTEX_INITIALIZER, | ||
| 44 | PTHREAD_MUTEX_INITIALIZER, | ||
| 45 | PTHREAD_MUTEX_INITIALIZER, | ||
| 46 | PTHREAD_MUTEX_INITIALIZER, | ||
| 47 | PTHREAD_MUTEX_INITIALIZER, | ||
| 48 | PTHREAD_MUTEX_INITIALIZER, | ||
| 49 | PTHREAD_MUTEX_INITIALIZER, | ||
| 50 | PTHREAD_MUTEX_INITIALIZER, | ||
| 51 | PTHREAD_MUTEX_INITIALIZER, | ||
| 52 | PTHREAD_MUTEX_INITIALIZER, | ||
| 53 | PTHREAD_MUTEX_INITIALIZER, | ||
| 54 | PTHREAD_MUTEX_INITIALIZER, | ||
| 55 | PTHREAD_MUTEX_INITIALIZER, | ||
| 56 | PTHREAD_MUTEX_INITIALIZER, | ||
| 57 | PTHREAD_MUTEX_INITIALIZER, | ||
| 58 | PTHREAD_MUTEX_INITIALIZER, | ||
| 59 | PTHREAD_MUTEX_INITIALIZER, | ||
| 60 | PTHREAD_MUTEX_INITIALIZER, | ||
| 61 | PTHREAD_MUTEX_INITIALIZER, | ||
| 62 | PTHREAD_MUTEX_INITIALIZER, | ||
| 63 | PTHREAD_MUTEX_INITIALIZER, | ||
| 64 | }; | ||
| 23 | 65 | ||
| 24 | void | 66 | #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ |
| 25 | crypto_init_locks(void) | 67 | __attribute__((__unused__)) |
| 26 | { | ||
| 27 | int i; | ||
| 28 | 68 | ||
| 29 | for (i = 0; i < CRYPTO_NUM_LOCKS; i++) | 69 | CTASSERT((sizeof(locks) / sizeof(*locks)) == CRYPTO_NUM_LOCKS); |
| 30 | pthread_mutex_init(&locks[i], NULL); | ||
| 31 | } | ||
| 32 | 70 | ||
| 33 | void | 71 | void |
| 34 | CRYPTO_lock(int mode, int type, const char *file, int line) | 72 | CRYPTO_lock(int mode, int type, const char *file, int line) |
| @@ -37,19 +75,21 @@ CRYPTO_lock(int mode, int type, const char *file, int line) | |||
| 37 | return; | 75 | return; |
| 38 | 76 | ||
| 39 | if (mode & CRYPTO_LOCK) | 77 | if (mode & CRYPTO_LOCK) |
| 40 | pthread_mutex_lock(&locks[type]); | 78 | (void) pthread_mutex_lock(&locks[type]); |
| 41 | else | 79 | else if (mode & CRYPTO_UNLOCK) |
| 42 | pthread_mutex_unlock(&locks[type]); | 80 | (void) pthread_mutex_unlock(&locks[type]); |
| 43 | } | 81 | } |
| 44 | 82 | ||
| 45 | int | 83 | int |
| 46 | CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, | 84 | CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, |
| 47 | int line) | 85 | int line) |
| 48 | { | 86 | { |
| 49 | int ret = 0; | 87 | int ret; |
| 88 | |||
| 50 | CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE, type, file, line); | 89 | CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE, type, file, line); |
| 51 | ret = *pointer + amount; | 90 | ret = *pointer + amount; |
| 52 | *pointer = ret; | 91 | *pointer = ret; |
| 53 | CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE, type, file, line); | 92 | CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE, type, file, line); |
| 93 | |||
| 54 | return (ret); | 94 | return (ret); |
| 55 | } | 95 | } |