x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6891)

(back-ported from commit f21b5b64cbbc279ef31389e6ae312690575187da)

diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 2845026dd82f0b028bbabaa5912c6094b9099e7c..9a6322c0c7aacd8d607ef39fa2c2264bb92465cd 100644 (file)
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -166,6 +166,7 @@ struct x509_st {
     unsigned char sha1_hash[SHA_DIGEST_LENGTH];
     X509_CERT_AUX *aux;
     CRYPTO_RWLOCK *lock;
+    volatile int ex_cached;
 } /* X509 */ ;
 
 /*

diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 47ca7da5ec8998b12662dc0aac1c1226d32647a4..7ac067229fbb7de21a90cb9b5dbc73ba3600a17b 100644 (file)
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -352,6 +352,10 @@ static void x509v3_cache_extensions(X509 *x)
     X509_EXTENSION *ex;
     int i;
 
+    /* fast lock-free check, see end of the function for details. */
+    if (x->ex_cached)
+        return;
+
     CRYPTO_THREAD_write_lock(x->lock);
     if (x->ex_flags & EXFLAG_SET) {
         CRYPTO_THREAD_unlock(x->lock);
@@ -492,6 +496,12 @@ static void x509v3_cache_extensions(X509 *x)
     }
     x->ex_flags |= EXFLAG_SET;
     CRYPTO_THREAD_unlock(x->lock);
+    /*
+     * It has to be placed after memory barrier, which is implied by unlock.
+     * Worst thing that can happen is that another thread proceeds to lock
+     * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function.
+     */
+    x->ex_cached = 1;
 }
 
 /*-