Skip to content

20260512-wc_init_state#10472

Open
douzzer wants to merge 1 commit into
wolfSSL:masterfrom
douzzer:20260512-wc_init_state
Open

20260512-wc_init_state#10472
douzzer wants to merge 1 commit into
wolfSSL:masterfrom
douzzer:20260512-wc_init_state

Conversation

@douzzer
Copy link
Copy Markdown
Contributor

@douzzer douzzer commented May 12, 2026

wolfcrypt/src/wc_port.c: fix&refactor thread safety mechanisms in wolfCrypt_Init() and wolfCrypt_Cleanup().

This PR fixes unmitigated races in the incumbent code whereby three or more threads racing each other are subject to UB, with one or more of the threads returning success with the library not actually initialized.

The new algorithm is airtight, always succeeding unless API abuse or memory corruption.

tested with

wolfssl-multi-test.sh ...
check-source-text all-gcc-c99 all-c89-clang-tidy clang-tidy-all-intelasm clang-tidy-all-async-quic single-threaded clang-tidy-all-sp-all

wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10472

Scan targets checked: wolfcrypt-bugs, wolfcrypt-src

No new issues found in the changed files. ✅

@douzzer douzzer force-pushed the 20260512-wc_init_state branch 2 times, most recently from 17b7825 to 74aea5b Compare May 13, 2026 04:06
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

MemBrowse Memory Report

gcc-arm-cortex-m4

  • FLASH: .text +128 B (+0.1%, 198,145 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m4-baremetal

  • FLASH: .text +192 B (+0.3%, 65,019 B / 262,144 B, total: 25% used)

gcc-arm-cortex-m4-tls12

  • FLASH: .text +128 B (+0.1%, 121,565 B / 262,144 B, total: 46% used)
    No memory changes detected for:
  • gcc-arm-cortex-m4-min-ecc

@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented May 13, 2026

retest this please

julek-wolfssl
julek-wolfssl requested changes May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@julek-wolfssl julek-wolfssl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This solution is quite complex. Can't we use the same approach of two vars (atomic + volatile) from wolfSSL_Init? The main improvement I can see in the relation between wolfSSL_Init and wolfSSL_Cleanup is that wolfSSL_Cleanup should not do anything if inits_count_mutex_valid is not 1.

@julek-wolfssl julek-wolfssl assigned douzzer and unassigned wolfSSL-Bot May 13, 2026
@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented May 13, 2026

This solution uses a single 32 bit atomic. That's the simplest implementation supported by the hardware.

We're only doing this because code review uncovered races in the previous implementation.

And the refactored implementation only looks complex because I added a bunch of error-checking.

@julek-wolfssl julek-wolfssl self-requested a review May 13, 2026 16:25
@douzzer
wolfcrypt/src/wc_port.c and wolfssl/wolfcrypt/wc_port.h: add
df7d3da 
* wc_local_InitUp()
* wc_local_InitUpDone()
* wc_local_InitDown()
* wc_local_InitDownDone()
* wc_init_state_t
* WC_DECLARE_INIT_STATE()
* WC_INIT_STATE_*
* union wc_init_state_bitfields
* WC_INIT_STATE_RAISE_BAD_STATE();

fix&refactor thread safety mechanisms in wolfCrypt_Init() and wolfCrypt_Cleanup(), and fix a few preexisting error-handling flubs in wolfCrypt_Init().
@douzzer douzzer force-pushed the 20260512-wc_init_state branch from 74aea5b to df7d3da Compare May 14, 2026 21:13
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10472

Scan targets checked: wolfcrypt-bugs, wolfcrypt-src

No new issues found in the changed files. ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@rizlik rizlik Awaiting requested review from rizlik

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

@julek-wolfssl julek-wolfssl Awaiting requested review from julek-wolfssl

Requested changes must be addressed to merge this pull request.

Assignees

@douzzer douzzer

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@douzzer @julek-wolfssl @wolfSSL-Fenrir-bot @wolfSSL-Bot