[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Fri Aug 10 19:53:51 UTC 2018

The branch OpenSSL_1_1_0-stable has been updated
       via  9553d9691ca67d6cd31573c7f6e567b182800511 (commit)
       via  80158ae42fffe3354b160c5818f48b6a9b651538 (commit)
      from  a0f443a05dd68b9949b39b3310a595babcae4624 (commit)


- Log -----------------------------------------------------------------
commit 9553d9691ca67d6cd31573c7f6e567b182800511
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Jul 29 14:37:17 2018 +0200

    x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6891)
    
    (back-ported from commit f21b5b64cbbc279ef31389e6ae312690575187da)

commit 80158ae42fffe3354b160c5818f48b6a9b651538
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Jul 29 14:13:32 2018 +0200

    x509v3/v3_purp.c: resolve Thread Sanitizer nit.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6891)
    
    (cherry picked from commit 0da7358b0757fa35f2c3a8f51fa036466ae50fd7)

-----------------------------------------------------------------------

Summary of changes:
 crypto/include/internal/x509_int.h |  1 +
 crypto/x509v3/v3_purp.c            | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 2845026..9a6322c 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -166,6 +166,7 @@ struct x509_st {
     unsigned char sha1_hash[SHA_DIGEST_LENGTH];
     X509_CERT_AUX *aux;
     CRYPTO_RWLOCK *lock;
+    volatile int ex_cached;
 } /* X509 */ ;
 
 /*
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 144de0c..7ac0672 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -350,10 +350,10 @@ static void x509v3_cache_extensions(X509 *x)
     ASN1_BIT_STRING *ns;
     EXTENDED_KEY_USAGE *extusage;
     X509_EXTENSION *ex;
-
     int i;
 
-    if (x->ex_flags & EXFLAG_SET)
+    /* fast lock-free check, see end of the function for details. */
+    if (x->ex_cached)
         return;
 
     CRYPTO_THREAD_write_lock(x->lock);
@@ -496,6 +496,12 @@ static void x509v3_cache_extensions(X509 *x)
     }
     x->ex_flags |= EXFLAG_SET;
     CRYPTO_THREAD_unlock(x->lock);
+    /*
+     * It has to be placed after memory barrier, which is implied by unlock.
+     * Worst thing that can happen is that another thread proceeds to lock
+     * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function.
+     */
+    x->ex_cached = 1;
 }
 
 /*-
