/* Copyright (c) 2015, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "internal.h" #if defined(OPENSSL_WINDOWS_THREADS) OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include OPENSSL_MSVC_PRAGMA(warning(pop)) #include #include #include #include OPENSSL_STATIC_ASSERT(sizeof(CRYPTO_MUTEX) >= sizeof(SRWLOCK), "CRYPTO_MUTEX is too small"); #if defined(__GNUC__) || defined(__clang__) OPENSSL_STATIC_ASSERT(alignof(CRYPTO_MUTEX) >= alignof(SRWLOCK), "CRYPTO_MUTEX has insufficient alignment"); #endif static BOOL CALLBACK call_once_init(INIT_ONCE *once, void *arg, void **out) { void (**init)(void) = (void (**)(void))arg; (**init)(); return TRUE; } void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { if (!InitOnceExecuteOnce(once, call_once_init, &init, NULL)) { abort(); } } void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { InitializeSRWLock((SRWLOCK *) lock); } void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { AcquireSRWLockShared((SRWLOCK *) lock); } void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { AcquireSRWLockExclusive((SRWLOCK *) lock); } void CRYPTO_MUTEX_unlock_read(CRYPTO_MUTEX *lock) { ReleaseSRWLockShared((SRWLOCK *) lock); } void CRYPTO_MUTEX_unlock_write(CRYPTO_MUTEX *lock) { ReleaseSRWLockExclusive((SRWLOCK *) lock); } void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { // SRWLOCKs require no cleanup. } void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock) { AcquireSRWLockShared(&lock->lock); } void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock) { AcquireSRWLockExclusive(&lock->lock); } void CRYPTO_STATIC_MUTEX_unlock_read(struct CRYPTO_STATIC_MUTEX *lock) { ReleaseSRWLockShared(&lock->lock); } void CRYPTO_STATIC_MUTEX_unlock_write(struct CRYPTO_STATIC_MUTEX *lock) { ReleaseSRWLockExclusive(&lock->lock); } static SRWLOCK g_destructors_lock = SRWLOCK_INIT; static thread_local_destructor_t g_destructors[NUM_OPENSSL_THREAD_LOCALS]; static CRYPTO_once_t g_thread_local_init_once = CRYPTO_ONCE_INIT; static DWORD g_thread_local_key; static int g_thread_local_failed; static void thread_local_init(void) { g_thread_local_key = TlsAlloc(); g_thread_local_failed = (g_thread_local_key == TLS_OUT_OF_INDEXES); } static void NTAPI thread_local_destructor(PVOID module, DWORD reason, PVOID reserved) { // Only free memory on |DLL_THREAD_DETACH|, not |DLL_PROCESS_DETACH|. In // VS2015's debug runtime, the C runtime has been unloaded by the time // |DLL_PROCESS_DETACH| runs. See https://crbug.com/575795. This is consistent // with |pthread_key_create| which does not call destructors on process exit, // only thread exit. if (reason != DLL_THREAD_DETACH) { return; } CRYPTO_once(&g_thread_local_init_once, thread_local_init); if (g_thread_local_failed) { return; } void **pointers = (void**) TlsGetValue(g_thread_local_key); if (pointers == NULL) { return; } thread_local_destructor_t destructors[NUM_OPENSSL_THREAD_LOCALS]; AcquireSRWLockExclusive(&g_destructors_lock); OPENSSL_memcpy(destructors, g_destructors, sizeof(destructors)); ReleaseSRWLockExclusive(&g_destructors_lock); for (unsigned i = 0; i < NUM_OPENSSL_THREAD_LOCALS; i++) { if (destructors[i] != NULL) { destructors[i](pointers[i]); } } OPENSSL_free(pointers); } // Thread Termination Callbacks. // // Windows doesn't support a per-thread destructor with its TLS primitives. // So, we build it manually by inserting a function to be called on each // thread's exit. This magic is from http://www.codeproject.com/threads/tls.asp // and it works for VC++ 7.0 and later. // // Force a reference to _tls_used to make the linker create the TLS directory // if it's not already there. (E.g. if __declspec(thread) is not used). Force // a reference to p_thread_callback_boringssl to prevent whole program // optimization from discarding the variable. // // Note, in the prefixed build, |p_thread_callback_boringssl| may be a macro. #define STRINGIFY(x) #x #define EXPAND_AND_STRINGIFY(x) STRINGIFY(x) #ifdef _WIN64 __pragma(comment(linker, "/INCLUDE:_tls_used")) __pragma(comment( linker, "/INCLUDE:" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl))) #else __pragma(comment(linker, "/INCLUDE:__tls_used")) __pragma(comment( linker, "/INCLUDE:_" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl))) #endif // .CRT$XLA to .CRT$XLZ is an array of PIMAGE_TLS_CALLBACK pointers that are // called automatically by the OS loader code (not the CRT) when the module is // loaded and on thread creation. They are NOT called if the module has been // loaded by a LoadLibrary() call. It must have implicitly been loaded at // process startup. // // By implicitly loaded, I mean that it is directly referenced by the main EXE // or by one of its dependent DLLs. Delay-loaded DLL doesn't count as being // implicitly loaded. // // See VC\crt\src\tlssup.c for reference. // The linker must not discard p_thread_callback_boringssl. (We force a // reference to this variable with a linker /INCLUDE:symbol pragma to ensure // that.) If this variable is discarded, the OnThreadExit function will never // be called. #ifdef _WIN64 // .CRT section is merged with .rdata on x64 so it must be constant data. #pragma const_seg(".CRT$XLC") // When defining a const variable, it must have external linkage to be sure the // linker doesn't discard it. extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; // Reset the default section. #pragma const_seg() #else #pragma data_seg(".CRT$XLC") PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; // Reset the default section. #pragma data_seg() #endif // _WIN64 static void **get_thread_locals(void) { // |TlsGetValue| clears the last error even on success, so that callers may // distinguish it successfully returning NULL or failing. It is documented to // never fail if the argument is a valid index from |TlsAlloc|, so we do not // need to handle this. // // However, this error-mangling behavior interferes with the caller's use of // |GetLastError|. In particular |SSL_get_error| queries the error queue to // determine whether the caller should look at the OS's errors. To avoid // destroying state, save and restore the Windows error. // // https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx DWORD last_error = GetLastError(); void **ret = TlsGetValue(g_thread_local_key); SetLastError(last_error); return ret; } void *CRYPTO_get_thread_local(thread_local_data_t index) { CRYPTO_once(&g_thread_local_init_once, thread_local_init); if (g_thread_local_failed) { return NULL; } void **pointers = get_thread_locals(); if (pointers == NULL) { return NULL; } return pointers[index]; } int CRYPTO_set_thread_local(thread_local_data_t index, void *value, thread_local_destructor_t destructor) { CRYPTO_once(&g_thread_local_init_once, thread_local_init); if (g_thread_local_failed) { destructor(value); return 0; } void **pointers = get_thread_locals(); if (pointers == NULL) { pointers = OPENSSL_malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); if (pointers == NULL) { destructor(value); return 0; } OPENSSL_memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); if (TlsSetValue(g_thread_local_key, pointers) == 0) { OPENSSL_free(pointers); destructor(value); return 0; } } AcquireSRWLockExclusive(&g_destructors_lock); g_destructors[index] = destructor; ReleaseSRWLockExclusive(&g_destructors_lock); pointers[index] = value; return 1; } #endif // OPENSSL_WINDOWS_THREADS