Merge pull request #9427 from douzzer/20251113-ZD20815

20251113-ZD20815
2026-01-26 12:32:19 +01:00 · 2025-11-14 11:50:16 +10:00
parent 6ff57b8045 7916db78e8
commit 10a60fc41b
5 changed files with 112 additions and 41 deletions
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -969,6 +969,7 @@ __ARCH_STRSTR_NO_REDIRECT
 __ARM_ARCH_7M__
 __ARM_FEATURE_CRYPTO
 __ASSEMBLER__
+__ATOMIC_CONSUME
 __ATOMIC_RELAXED
 __AVR_ARCH__
 __AVR__
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7559,7 +7559,7 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
 * Return the private key of the WOLFSSL_CTX struct
 * @return WOLFSSL_EVP_PKEY* The caller doesn *NOT*` free the returned object.
 */
-WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
+WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(WOLFSSL_CTX* ctx)
 {
    WOLFSSL_EVP_PKEY* res;
    const unsigned char *key;
@@ -7605,12 +7605,25 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
        wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask);
    #endif
-        res = wolfSSL_d2i_PrivateKey(type,
-                (WOLFSSL_EVP_PKEY**)&ctx->privateKeyPKey, &key,
+        res = wolfSSL_d2i_PrivateKey(type, NULL, &key,
                (long)ctx->privateKey->length);
    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
        wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask);
    #endif
+        if (res) {
+#ifdef WOLFSSL_ATOMIC_OPS
+            WOLFSSL_EVP_PKEY *current_pkey = NULL;
+            if (! wolfSSL_Atomic_Ptr_CompareExchange(
+                    (void **)&ctx->privateKeyPKey,
+                    (void **)&current_pkey, res))
+            {
+                wolfSSL_EVP_PKEY_free(res);
+                res = current_pkey;
+            }
+#else
+            ctx->privateKeyPKey = res;
+#endif
+        }
    }

    return res;
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -1271,12 +1271,15 @@ char* wc_strdup_ex(const char *src, int memType) {
 }
 #endif

-#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
+#ifdef WOLFSSL_ATOMIC_OPS
+
+#if defined(WOLFSSL_USER_DEFINED_ATOMICS)
+
+#elif defined(SINGLE_THREADED)
+
+#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED)
+/* direct calls using gcc-style compiler built-ins */

-#ifdef HAVE_C___ATOMIC
-/* Atomic ops using standard C lib */
-#ifdef __cplusplus
-/* C++ using direct calls to compiler built-in functions */
 void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i)
 {
    *c = i;
@@ -1357,7 +1360,16 @@ int wolfSSL_Atomic_Uint_CompareExchange(
        c, expected_i, new_i, 0 /* weak */, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE);
 }

-#else
+int wolfSSL_Atomic_Ptr_CompareExchange(
+    void **c, void **expected_ptr, void *new_ptr)
+{
+    return __atomic_compare_exchange_n(
+        c, expected_ptr, new_ptr, 0 /* weak */,
+        __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE);
+}
+
+#elif defined(HAVE_C___ATOMIC) && defined(WOLFSSL_HAVE_ATOMIC_H) && \
+        !defined(__cplusplus)

 /* Default C Implementation */
 void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i)
@@ -1444,9 +1456,19 @@ int wolfSSL_Atomic_Uint_CompareExchange(
        c, expected_i, new_i, memory_order_seq_cst, memory_order_acquire);
 }

-#endif /* __cplusplus */
+int wolfSSL_Atomic_Ptr_CompareExchange(
+    void **c, void **expected_ptr, void *new_ptr)
+{
+    /* use gcc-built-in __atomic_compare_exchange_n(), not
+     * atomic_compare_exchange_strong_explicit(), to sidestep _Atomic type
+     * requirements.
+     */
+    return __atomic_compare_exchange_n(
+        c, expected_ptr, new_ptr, 0 /* weak */,
+        __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE);
+}

-#elif defined(_MSC_VER)
+#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)

 void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i)
 {
@@ -1527,8 +1549,8 @@ unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c,
 int wolfSSL_Atomic_Uint_CompareExchange(
    wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i)
 {
-    long actual_i = InterlockedCompareExchange
-        ((wolfSSL_Atomic_Int *)c, (long)new_i, (long)*expected_i);
+    long actual_i = InterlockedCompareExchange(
+        (wolfSSL_Atomic_Int *)c, (long)new_i, (long)*expected_i);
    if (actual_i == (long)*expected_i) {
        return 1;
    }
@@ -1538,6 +1560,32 @@ int wolfSSL_Atomic_Uint_CompareExchange(
    }
 }

+int wolfSSL_Atomic_Ptr_CompareExchange(
+    void ** c, void **expected_ptr, void *new_ptr)
+{
+#ifdef _WIN64
+    LONG64 actual_ptr = InterlockedCompareExchange64(
+        (LONG64 *)c, (LONG64)new_ptr, (LONG64)*expected_ptr);
+    if (actual_ptr == (LONG64)*expected_ptr) {
+        return 1;
+    }
+    else {
+        *expected_ptr = (void *)actual_ptr;
+        return 0;
+    }
+#else /* !_WIN64 */
+    LONG actual_ptr = InterlockedCompareExchange(
+        (LONG *)c, (LONG)new_ptr, (LONG)*expected_ptr);
+    if (actual_ptr == (LONG)*expected_ptr) {
+        return 1;
+    }
+    else {
+        *expected_ptr = (void *)actual_ptr;
+        return 0;
+    }
+#endif /* !_WIN64 */
+}
+
 #endif

 #endif /* WOLFSSL_ATOMIC_OPS */
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -3228,7 +3228,7 @@ WOLFSSL_API int wolfSSL_want_write(WOLFSSL* ssl);
 #ifdef OPENSSL_EXTRA
 WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl);

-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(WOLFSSL_CTX* ctx);

 #include <stdarg.h> /* var_arg */
 WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format,
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -494,31 +494,26 @@
        #define WOLFSSL_ATOMIC_LOAD(x) (x)
        #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
        #define WOLFSSL_ATOMIC_OPS
-    #elif defined(HAVE_C___ATOMIC)
-        #ifdef __cplusplus
-            #if defined(__GNUC__) && defined(__ATOMIC_RELAXED)
-                /* C++ using direct calls to compiler built-in functions */
-                typedef volatile int wolfSSL_Atomic_Int;
-                typedef volatile unsigned int wolfSSL_Atomic_Uint;
-                #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
-                #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), \
-                                                               __ATOMIC_CONSUME)
-                #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), \
-                                                          val, __ATOMIC_RELEASE)
-                #define WOLFSSL_ATOMIC_OPS
-            #endif
-        #else
-            #ifdef WOLFSSL_HAVE_ATOMIC_H
-                /* Default C Implementation */
-                #include <stdatomic.h>
-                typedef atomic_int wolfSSL_Atomic_Int;
-                typedef atomic_uint wolfSSL_Atomic_Uint;
-                #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
-                #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
-                #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
-                #define WOLFSSL_ATOMIC_OPS
-            #endif /* WOLFSSL_HAVE_ATOMIC_H */
-        #endif
+    #elif defined(__GNUC__) && defined(__ATOMIC_CONSUME)
+        /* direct calls using gcc-style compiler built-ins */
+        typedef volatile int wolfSSL_Atomic_Int;
+        typedef volatile unsigned int wolfSSL_Atomic_Uint;
+        #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+        #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), \
+                                                       __ATOMIC_CONSUME)
+        #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), \
+                                                  val, __ATOMIC_RELEASE)
+        #define WOLFSSL_ATOMIC_OPS
+    #elif defined(HAVE_C___ATOMIC) && defined(WOLFSSL_HAVE_ATOMIC_H) && \
+        !defined(__cplusplus)
+        /* Default C Implementation */
+        #include <stdatomic.h>
+        typedef atomic_int wolfSSL_Atomic_Int;
+        typedef atomic_uint wolfSSL_Atomic_Uint;
+        #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+        #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
+        #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
+        #define WOLFSSL_ATOMIC_OPS
    #elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)
        /* Use MSVC compiler intrinsics for atomic ops */
        #ifdef _WIN32_WCE
@@ -534,8 +529,8 @@
        #define WOLFSSL_ATOMIC_OPS
    #endif

-    #ifndef WOLFSSL_ATOMIC_INITIALIZER
-        /* If we weren't able to implement atomics above, disable them here. */
+    /* If we weren't able to implement atomics above, disable them here. */
+    #ifndef WOLFSSL_ATOMIC_OPS
        #define WOLFSSL_NO_ATOMICS
    #endif
 #endif
@@ -586,6 +581,8 @@
        wolfSSL_Atomic_Uint* c, unsigned int i);
    WOLFSSL_API int wolfSSL_Atomic_Uint_CompareExchange(
        wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i);
+    WOLFSSL_API int wolfSSL_Atomic_Ptr_CompareExchange(
+        void** c, void **expected_ptr, void *new_ptr);
 #else
    /* Code using these fallback implementations in non-SINGLE_THREADED builds
     * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int
@@ -623,6 +620,18 @@
            return 0;
        }
    }
+    static WC_INLINE int wolfSSL_Atomic_Ptr_CompareExchange(
+        void **c, void *expected_ptr, void *new_ptr)
+    {
+        if (*(char **)c == *(char **)expected_ptr) {
+            *(char **)c = (char *)new_ptr;
+            return 1;
+        }
+        else {
+            *(char **)expected_ptr = *(char **)c;
+            return 0;
+        }
+    }
    static WC_INLINE unsigned int wolfSSL_Atomic_Uint_FetchAdd(
        unsigned int *c, unsigned int i)
    {