Browse Source

Fix a crash with multi-threaded applications using the FIPS module

The FIPS implementation of the ossl_ctx_thread_stop function needs to
use an OSSL_LIB_CTX - but gets passed a provctx as an argument. It was
assuming that these are the same thing (which was true at one point
during development) - but that is no longer the case. The fix is to
get the OSSL_LIB_CTX out of the provctx.

Fixes #13469

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13660)
master
Matt Caswell 1 year ago
parent
commit
f6b72c7d75
1 changed files with 4 additions and 2 deletions
  1. +4
    -2
      crypto/initthread.c

+ 4
- 2
crypto/initthread.c View File

@ -14,6 +14,8 @@
#include "internal/thread_once.h"
#ifdef FIPS_MODULE
#include "prov/provider_ctx.h"
/*
* Thread aware code may want to be told about thread stop events. We register
* to hear about those thread stop events when we see a new thread has started.
@ -281,7 +283,7 @@ static const OSSL_LIB_CTX_METHOD thread_event_ossl_ctx_method = {
void ossl_ctx_thread_stop(void *arg)
{
THREAD_EVENT_HANDLER **hands;
OSSL_LIB_CTX *ctx = arg;
OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(arg);
CRYPTO_THREAD_LOCAL *local
= ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX,
&thread_event_ossl_ctx_method);
@ -289,7 +291,7 @@ void ossl_ctx_thread_stop(void *arg)
if (local == NULL)
return;
hands = init_get_thread_local(local, 0, 0);
init_thread_stop(arg, hands);
init_thread_stop(ctx, hands);
OPENSSL_free(hands);
}
#endif /* FIPS_MODULE */


Loading…
Cancel
Save