Keccak_(X4_)Dispatch Initialize_ptr assignment is thread unsafe

[zxjtan]

Keccak_(X4_)Dispatch Initialize_ptr assignment is thread unsafe due to race condition. Keccak_Dispatch in xkcp_sha3.c and Keccak_X4_Dispatch in xkcp_sha3x4.c.

Example execution:

• Thread 0 executes Keccak_X4_Dispatch until and including this line, setting Keccak_X4_Initialize_ptr = &KeccakP1600times4_InitializeAll_avx2;. Pauses here for the rest of this example.
• Thread 1 calls gen_matrix() -> shake128x4_inc_init() -> keccak_x4_inc_reset() -> (*Keccak_X4_Initialize_ptr)().
  • Here, Keccak_X4_Initialize_ptr is &KeccakP1600times4_InitializeAll_avx2, which just memsets without issue and returns.
• Thread 1 goes back up to gen_matrix(), next line is to call shake128x4_absorb_once() -> shake128x4_inc_absorb(), which is a macro for OQS_SHA3_shake128_x4_inc_absorb and a tail call for keccak_x4_inc_absorb(), which tries to call (*Keccak_X4_AddBytes_ptr)().
  • Keccak_X4_AddBytes_ptr is still NULL because Thread 0 paused before setting it! Hence, calls 0x0 and segfaults.

Made a fix using pthread_once in #1549 but not cross-platform, open to other fixes

Environment:

• OS: CentOS Stream 9
• OpenSSL 1.1.1
• Clang 12
• liboqs version 0.8.0