mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
3147785eb2
openssl/crypto/x509
History
Hugo Landau 3147785eb2 Fix corruption when searching for CRLs in hashed directories 
The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.

This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.

Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.

Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)
2023-01-24 11:23:17 +11:00
..
build.info x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
by_dir.c Fix corruption when searching for CRLs in hashed directories 2023-01-24 11:23:17 +11:00
by_file.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
by_store.c crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
ext_dat.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_cache.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
pcy_data.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
pcy_lib.c
pcy_local.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_map.c x509: fix double locking problem 2022-12-08 11:10:58 +01:00
pcy_node.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
pcy_tree.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
standard_exts.h Update copyright year 2021-04-08 13:04:41 +01:00
t_crl.c Update copyright year 2021-05-06 13:03:23 +01:00
t_req.c Add X509 version constants. 2021-04-28 11:40:06 +02:00
t_x509.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_addr.c Fix coverity issues in X509v3_addr 2022-11-21 12:41:25 +01:00
v3_admis.c Fix incorrect error return value in i2r_ADMISSION_SYNTAX() 2023-01-19 14:15:19 +01:00
v3_admis.h
v3_akeya.c
v3_akid.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_asid.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_bcons.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_bitst.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_conf.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_cpols.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_crld.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_enum.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_extku.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_genn.c
v3_ia5.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_info.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_int.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_ist.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_lib.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_ncons.c punycode: update to use WPACKET instead of using custom range checking 2022-11-11 08:14:47 +11:00
v3_pci.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_pcia.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_pcons.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_pku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pmaps.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_prn.c
v3_purp.c x509/v3_purp.c: rename 'require_ca' parameters to the more adequate 'non_leaf' 2022-11-18 15:10:01 +01:00
v3_san.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_skid.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_sxnet.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_tlsf.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_utf8.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3_utl.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
v3err.c Update copyright year 2022-05-03 13:34:51 +01:00
x509_att.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_cmp.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_d2.c Fix the checks of X509_LOOKUP_* functions 2022-06-23 12:42:25 +02:00
x509_def.c Add support for loading root CAs from Windows crypto API 2022-09-14 14:10:18 +01:00
x509_err.c x509_att.c: improve error checking and reporting and coding style 2022-08-24 11:25:04 +02:00
x509_ext.c
x509_local.h Update copyright year 2021-04-08 13:04:41 +01:00
x509_lu.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_meth.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_obj.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_r2x.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_req.c Fix regression in i2d_re_X509_REQ_tbs() 2022-10-05 16:12:38 +02:00
x509_set.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
x509_trust.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_txt.c X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc 2023-01-23 11:00:04 +01:00
x509_v3.c Refine the documents of several APIs 2022-12-16 18:59:28 +01:00
x509_vfy.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509_vpm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509cset.c Update copyright year 2021-04-08 13:04:41 +01:00
x509name.c Refine the documents of several APIs 2022-12-16 18:59:28 +01:00
x509rset.c
x509spki.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x509type.c Update copyright year 2021-06-17 13:24:59 +01:00
x_all.c Add d2i_PUBKEY_ex_fp and d2i_PUBKEY_ex_bio. 2022-11-02 11:25:48 +01:00
x_attrib.c
x_crl.c crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
x_exten.c
x_name.c x509: fix -Wunused-but-set-variable 2022-10-21 15:56:32 +02:00
x_pubkey.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
x_req.c crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
x_x509.c crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
x_x509a.c Update copyright year 2021-07-29 15:41:35 +01:00