retdec-build · pull · Jun 20, 2025 · Apr 16, 2025 · Apr 17, 2025 · Apr 18, 2025
diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml
@@ -164,6 +164,7 @@ jobs:
 
   linux-arm64:
     runs-on: linux-arm64
+    if: github.repository == 'openssl/openssl'
     steps:
     - uses: actions/checkout@v4
     - name: config
@@ -179,6 +180,7 @@ jobs:
 
   linux-ppc64le:
     runs-on: linux-ppc64le
+    if: github.repository == 'openssl/openssl'
     steps:
     - uses: actions/checkout@v4
     - name: config
@@ -196,6 +198,7 @@ jobs:
 
   linux-s390x:
     runs-on: linux-s390x
+    if: github.repository == 'openssl/openssl'
     steps:
     - uses: actions/checkout@v4
     - name: config
@@ -213,6 +216,7 @@ jobs:
 
   linux-riscv64:
     runs-on: linux-riscv64
+    if: github.repository == 'openssl/openssl'
     steps:
     - uses: actions/checkout@v4
     - name: config

diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
@@ -129,6 +129,11 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
     int idx;
     ASN1_STRING_TABLE fnd;
 
+    if (nid <= 0) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG
     /* "stable" can be impacted by config, so load the config file first */
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
@@ -190,6 +195,11 @@ int ASN1_STRING_TABLE_add(int nid,
 {
     ASN1_STRING_TABLE *tmp;
 
+    if (nid <= 0 || (minsize >= 0 && maxsize >= 0 && minsize > maxsize)) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
     tmp = stable_get(nid);
     if (tmp == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);

diff --git a/crypto/async/async.c b/crypto/async/async.c
@@ -17,6 +17,7 @@
 
 /* This must be the first #include file */
 #include "async_local.h"
+#include "internal/threads_common.h"
 
 #include <openssl/err.h>
 #include "crypto/cryptlib.h"
@@ -27,9 +28,6 @@
 #define ASYNC_JOB_PAUSED    2
 #define ASYNC_JOB_STOPPING  3
 
-static CRYPTO_THREAD_LOCAL ctxkey;
-static CRYPTO_THREAD_LOCAL poolkey;
-
 static void async_delete_thread_state(void *arg);
 
 static async_ctx *async_ctx_new(void)
@@ -46,7 +44,8 @@ static async_ctx *async_ctx_new(void)
     async_fibre_init_dispatcher(&nctx->dispatcher);
     nctx->currjob = NULL;
     nctx->blocked = 0;
-    if (!CRYPTO_THREAD_set_local(&ctxkey, nctx))
+    if (!CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_CTX_KEY,
+                                    CRYPTO_THREAD_NO_CONTEXT, nctx))
         goto err;
 
     return nctx;
@@ -58,7 +57,8 @@ static async_ctx *async_ctx_new(void)
 
 async_ctx *async_get_ctx(void)
 {
-    return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
+    return (async_ctx *)CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_CTX_KEY,
+                                                   CRYPTO_THREAD_NO_CONTEXT);
 }
 
 static int async_ctx_free(void)
@@ -67,7 +67,8 @@ static int async_ctx_free(void)
 
     ctx = async_get_ctx();
 
-    if (!CRYPTO_THREAD_set_local(&ctxkey, NULL))
+    if (!CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_CTX_KEY,
+                                    CRYPTO_THREAD_NO_CONTEXT, NULL))
         return 0;
 
     OPENSSL_free(ctx);
@@ -101,15 +102,17 @@ static ASYNC_JOB *async_get_pool_job(void) {
     ASYNC_JOB *job;
     async_pool *pool;
 
-    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    pool = (async_pool *)CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_POOL_KEY,
+                                                    CRYPTO_THREAD_NO_CONTEXT);
     if (pool == NULL) {
         /*
          * Pool has not been initialised, so init with the defaults, i.e.
          * no max size and no pre-created jobs
          */
         if (ASYNC_init_thread(0, 0) == 0)
             return NULL;
-        pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+        pool = (async_pool *)CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_POOL_KEY,
+                                                        CRYPTO_THREAD_NO_CONTEXT);
     }
 
     job = sk_ASYNC_JOB_pop(pool->jobs);
@@ -133,7 +136,8 @@ static ASYNC_JOB *async_get_pool_job(void) {
 static void async_release_job(ASYNC_JOB *job) {
     async_pool *pool;
 
-    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    pool = (async_pool *)CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_POOL_KEY,
+                                                    CRYPTO_THREAD_NO_CONTEXT);
     if (pool == NULL) {
         ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR);
         return;
@@ -327,21 +331,11 @@ static void async_empty_pool(async_pool *pool)
 
 int async_init(void)
 {
-    if (!CRYPTO_THREAD_init_local(&ctxkey, NULL))
-        return 0;
-
-    if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) {
-        CRYPTO_THREAD_cleanup_local(&ctxkey);
-        return 0;
-    }
-
     return async_local_init();
 }
 
 void async_deinit(void)
 {
-    CRYPTO_THREAD_cleanup_local(&ctxkey);
-    CRYPTO_THREAD_cleanup_local(&poolkey);
     async_local_deinit();
 }
 
@@ -391,7 +385,8 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
         curr_size++;
     }
     pool->curr_size = curr_size;
-    if (!CRYPTO_THREAD_set_local(&poolkey, pool)) {
+    if (!CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_POOL_KEY,
+                                    CRYPTO_THREAD_NO_CONTEXT, pool)) {
         ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SET_POOL);
         goto err;
     }
@@ -406,13 +401,15 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
 
 static void async_delete_thread_state(void *arg)
 {
-    async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_POOL_KEY,
+                                                                CRYPTO_THREAD_NO_CONTEXT);
 
     if (pool != NULL) {
         async_empty_pool(pool);
         sk_ASYNC_JOB_free(pool->jobs);
         OPENSSL_free(pool);
-        CRYPTO_THREAD_set_local(&poolkey, NULL);
+        CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_ASYNC_POOL_KEY,
+                                   CRYPTO_THREAD_NO_CONTEXT, NULL);
     }
     async_local_cleanup();
     async_ctx_free();

diff --git a/crypto/build.info b/crypto/build.info
@@ -97,10 +97,10 @@ SOURCE[../providers/libfips.a]=$CORE_COMMON
 # Central utilities
 $UTIL_COMMON=\
         cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \
-        threads_pthread.c threads_win.c threads_none.c initthread.c \
-        context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
-        param_build_set.c der_writer.c threads_lib.c params_dup.c \
-        time.c
+        threads_pthread.c threads_win.c threads_none.c threads_common.c \
+        initthread.c context.c sparse_array.c asn1_dsa.c packet.c \
+        param_build.c param_build_set.c der_writer.c threads_lib.c \
+        params_dup.c time.c
 
 SOURCE[../libcrypto]=$UTIL_COMMON \
         mem.c mem_sec.c \

diff --git a/crypto/context.c b/crypto/context.c
@@ -16,6 +16,7 @@
 #include "internal/core.h"
 #include "internal/bio.h"
 #include "internal/provider.h"
+#include "internal/threads_common.h"
 #include "crypto/decoder.h"
 #include "crypto/context.h"
 
@@ -31,7 +32,6 @@ struct ossl_lib_ctx_st {
     void *global_properties;
     void *drbg;
     void *drbg_nonce;
-    CRYPTO_THREAD_LOCAL rcu_local_key;
 #ifndef FIPS_MODULE
     void *provider_conf;
     void *bio_core;
@@ -47,7 +47,6 @@ struct ossl_lib_ctx_st {
     void *threads;
 #endif
 #ifdef FIPS_MODULE
-    void *thread_event_handler;
     void *fips_prov;
 #endif
     STACK_OF(SSL_COMP) *comp_methods;
@@ -92,9 +91,6 @@ static int context_init(OSSL_LIB_CTX *ctx)
 {
     int exdata_done = 0;
 
-    if (!CRYPTO_THREAD_init_local(&ctx->rcu_local_key, NULL))
-        return 0;
-
     ctx->lock = CRYPTO_THREAD_lock_new();
     if (ctx->lock == NULL)
         goto err;
@@ -187,8 +183,7 @@ static int context_init(OSSL_LIB_CTX *ctx)
 #endif
 
 #ifdef FIPS_MODULE
-    ctx->thread_event_handler = ossl_thread_event_ctx_new(ctx);
-    if (ctx->thread_event_handler == NULL)
+    if (!ossl_thread_event_ctx_new(ctx))
         goto err;
 
     ctx->fips_prov = ossl_fips_prov_ossl_ctx_new(ctx);
@@ -226,7 +221,6 @@ static int context_init(OSSL_LIB_CTX *ctx)
         ossl_crypto_cleanup_all_ex_data_int(ctx);
 
     CRYPTO_THREAD_lock_free(ctx->lock);
-    CRYPTO_THREAD_cleanup_local(&ctx->rcu_local_key);
     memset(ctx, '\0', sizeof(*ctx));
     return 0;
 }
@@ -331,10 +325,7 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
 #endif
 
 #ifdef FIPS_MODULE
-    if (ctx->thread_event_handler != NULL) {
-        ossl_thread_event_ctx_free(ctx->thread_event_handler);
-        ctx->thread_event_handler = NULL;
-    }
+    ossl_thread_event_ctx_free(ctx);
 
     if (ctx->fips_prov != NULL) {
         ossl_fips_prov_ossl_ctx_free(ctx->fips_prov);
@@ -379,7 +370,6 @@ static int context_deinit(OSSL_LIB_CTX *ctx)
 
     CRYPTO_THREAD_lock_free(ctx->lock);
     ctx->lock = NULL;
-    CRYPTO_THREAD_cleanup_local(&ctx->rcu_local_key);
     return 1;
 }
 
@@ -615,9 +605,6 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
 #endif
 
 #ifdef FIPS_MODULE
-    case OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX:
-        return ctx->thread_event_handler;
-
     case OSSL_LIB_CTX_FIPS_PROV_INDEX:
         return ctx->fips_prov;
 #endif
@@ -656,14 +643,6 @@ const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx)
 #endif
 }
 
-CRYPTO_THREAD_LOCAL *ossl_lib_ctx_get_rcukey(OSSL_LIB_CTX *libctx)
-{
-    libctx = ossl_lib_ctx_get_concrete(libctx);
-    if (libctx == NULL)
-        return NULL;
-    return &libctx->rcu_local_key;
-}
-
 int OSSL_LIB_CTX_get_conf_diagnostics(OSSL_LIB_CTX *libctx)
 {
     libctx = ossl_lib_ctx_get_concrete(libctx);