From f21b5b64cbbc279ef31389e6ae312690575187da Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 29 Jul 2018 14:37:17 +0200 Subject: [PATCH] x509v3/v3_purp.c: re-implement lock-free check for extensions cache validity. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6786) --- crypto/include/internal/x509_int.h | 1 + crypto/x509v3/v3_purp.c | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 124cc533bc..1638de4c32 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -182,6 +182,7 @@ struct x509_st { unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; CRYPTO_RWLOCK *lock; + volatile int ex_cached; } /* X509 */ ; /* diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index d804106788..5a535e2ade 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -13,6 +13,7 @@ #include #include #include "internal/x509_int.h" +#include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -353,6 +354,10 @@ static void x509v3_cache_extensions(X509 *x) X509_EXTENSION *ex; int i; + /* fast lock-free check, see end of the function for details. */ + if (tsan_load((TSAN_QUALIFIER int *)&x->ex_cached)) + return; + CRYPTO_THREAD_write_lock(x->lock); if (x->ex_flags & EXFLAG_SET) { CRYPTO_THREAD_unlock(x->lock); @@ -494,6 +499,12 @@ static void x509v3_cache_extensions(X509 *x) x509_init_sig_info(x); x->ex_flags |= EXFLAG_SET; CRYPTO_THREAD_unlock(x->lock); + /* + * It has to be placed after memory barrier, which is implied by unlock. + * Worst thing that can happen is that another thread proceeds to lock + * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function. + */ + tsan_store((TSAN_QUALIFIER int *)&x->ex_cached, 1); } /*- -- 2.25.1