From d75f6fd37c90033bcb088aa5518ce6263f10d56b Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 24 May 2025 07:41:14 +0000 Subject: Provide openssl_init_crypto_constructor() and invoke via a constructor. There are a very large number of entry points to libcrypto, which means it is easy to run code prior to OPENSSL_init_crypto() being invoked. This means that CPU capability detection will not have been run, leading to poor choices with regards to the use of accelerated implementations. Now that our CPU capability detection code has been cleaned up and is safe, provide an openssl_init_crypto_constructor() that runs CPU capability detection and invoke it as a library constructor. This should only be used to invoke code that does not do memory allocation or trigger signals. ok tb@ --- src/lib/libcrypto/crypto_init.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'src/lib/libcrypto/crypto_init.c') diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c index 44c4846762..79c100f668 100644 --- a/src/lib/libcrypto/crypto_init.c +++ b/src/lib/libcrypto/crypto_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_init.c,v 1.24 2025/05/24 07:23:14 jsing Exp $ */ +/* $OpenBSD: crypto_init.c,v 1.25 2025/05/24 07:41:14 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * @@ -37,6 +37,8 @@ static pthread_once_t crypto_init_once = PTHREAD_ONCE_INIT; static pthread_t crypto_init_thread; static int crypto_init_cleaned_up; +void openssl_init_crypto_constructor(void) __attribute__((constructor)); + #ifndef HAVE_CRYPTO_CPU_CAPS_INIT void crypto_cpu_caps_init(void) @@ -44,6 +46,17 @@ crypto_cpu_caps_init(void) } #endif +/* + * This function is invoked as a constructor when the library is loaded. The + * code run from here must not allocate memory or trigger signals. The only + * safe code is to read data and update global variables. + */ +void +openssl_init_crypto_constructor(void) +{ + crypto_cpu_caps_init(); +} + void OPENSSL_init(void) { @@ -55,8 +68,6 @@ OPENSSL_init_crypto_internal(void) { crypto_init_thread = pthread_self(); - crypto_cpu_caps_init(); - ERR_load_crypto_strings(); } -- cgit v1.2.3-55-g6feb