Move aws-lc shutdown to destructor from cleanup (#182)

awslabs · Apr 26, 2024 · 3dcc6ff · 3dcc6ff
1 parent b1359f3
commit 3dcc6ff
Showing 1 changed file with 29 additions and 7 deletions.
diff --git a/source/unix/openssl_platform_init.c b/source/unix/openssl_platform_init.c
@@ -555,8 +555,6 @@ static enum aws_libcrypto_version s_resolve_libcrypto_lib(void) {
     return AWS_LIBCRYPTO_NONE;
 }
 
-static void *s_libcrypto_module = NULL;
-
 static enum aws_libcrypto_version s_resolve_libcrypto(void) {
     /* Try to auto-resolve against what's linked in/process space */
     AWS_LOGF_DEBUG(AWS_LS_CAL_LIBCRYPTO_RESOLVE, "searching process and loaded modules");
@@ -644,6 +642,35 @@ void aws_cal_platform_init(struct aws_allocator *allocator) {
 #endif
 }
 
+/*
+ * Shutdown any resources before unloading CRT (ex. dlclose).
+ * This is currently aws-lc specific.
+ * Ex. why we need it:
+ * aws-lc uses thread local data extensively and registers thread atexit
+ * callback to clean it up.
+ * there are cases where crt gets dlopen'ed and then dlclose'ed within a larger program
+ * (ex. nodejs workers).
+ * with glibc, dlclose actually removes symbols from global space (musl does not).
+ * once crt is unloaded, thread atexit will no longer point at a valid aws-lc
+ * symbol and will happily crash when thread is closed.
+ * AWSLC_thread_local_shutdown was added by aws-lc to let teams remove thread
+ * local data manually before lib is unloaded.
+ * We can't call AWSLC_thread_local_shutdown in cal cleanup because it renders
+ * aws-lc unusable and there is no way to reinitilize aws-lc to a working state,
+ * i.e. everything that depends on aws-lc stops working after shutdown (ex. curl).
+ * So instead rely on GCC/Clang destructor extension to shutdown right before
+ * crt gets unloaded. Does not work on msvc, but thats a bridge we can cross at
+ * a later date (since we dont support aws-lc on win right now)
+ * TODO: do already init'ed check on lc similar to what we do for s2n, so we
+ * only shutdown when we initialized aws-lc. currently not possible because
+ * there is no way to check that aws-lc has been initialized.
+ */
+void __attribute__((destructor)) s_cal_crypto_shutdown(void) {
+#if defined(OPENSSL_IS_AWSLC)
+    AWSLC_thread_local_shutdown();
+#endif
+}
+
 void aws_cal_platform_clean_up(void) {
 #if !defined(OPENSSL_IS_AWSLC) && !defined(OPENSSL_IS_BORINGSSL)
     if (CRYPTO_get_locking_callback() == s_locking_fn) {
@@ -662,13 +689,8 @@ void aws_cal_platform_clean_up(void) {
 
 #if defined(OPENSSL_IS_AWSLC)
     AWSLC_thread_local_clear();
-    AWSLC_thread_local_shutdown();
 #endif
 
-    if (s_libcrypto_module) {
-        dlclose(s_libcrypto_module);
-    }
-
     s_libcrypto_allocator = NULL;
 }