openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity
openssl/crypto
History
Hugo Landau 3147785eb2 Fix corruption when searching for CRLs in hashed directories 
The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.

This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.

Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.

Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)
 		2023-01-24 11:23:17 +11:00
..
aes Add vpaes-loongarch64.pl module. 2022-10-12 18:02:12 +11:00
aria Change loops conditions to make zero loop risk more obvious. 2022-05-24 14:11:20 +10:00
asn1 PKCS12 - Add additional libctx and propq support. 2023-01-16 17:17:31 +01:00
async Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
bf crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
bio Add BIO poll descriptors 2023-01-13 13:20:14 +00:00
bn bn2bin(): Don't accept len < 0 2023-01-20 07:38:40 +00:00
buffer Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
camellia Rename x86-32 assembly files from .s to .S. 2022-05-24 13:16:06 +10:00
cast remove unused macro in cast_local.h and des_local.h 2023-01-17 12:41:11 +01:00
chacha Fix big-endian issue in chacha20 SVE implementation on aarch64 2023-01-16 17:03:34 +01:00
cmac Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
cmp cmp_client.c: fix handling of total_timeout for RR and GENM transactions 2023-01-23 10:54:29 +01:00
cms Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID 2022-12-22 11:01:06 +01:00
comp Add zlib oneshot compression 2022-11-07 11:23:13 +01:00
conf stack: Do not add error if pop/shift/value accesses outside of the stack 2022-10-21 18:02:35 +02:00
crmf Compensate for CMP-related TODOs removed by PR #15539 2022-12-07 21:57:36 +01:00
ct Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
des remove unused macro in cast_local.h and des_local.h 2023-01-17 12:41:11 +01:00
dh DH_check[_params]() use libctx of the dh for prime checks 2022-11-18 06:57:17 +00:00
dsa Implement deterministic ECDSA sign (RFC6979) 2022-11-30 07:31:53 +00:00
dso crypto/dso/dso_vms.c: Better definition of DSO_MALLOC() 2022-10-28 12:11:30 +02:00
ec Support all five EdDSA instances from RFC 8032 2023-01-13 07:09:09 +00:00
encode_decode Coverity 1515953: negative loop bound 2022-10-14 12:53:02 +11:00
engine crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
err Write SSL_R alerts to error state to keep updated strings 2023-01-05 19:48:01 +01:00
ess Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
evp Fix BIO_f_cipher() flushing 2022-12-22 11:01:06 +01:00
ffc Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4() 2023-01-23 10:40:26 +01:00
hmac
hpke prevent HPKE sender setting seq unwisely 2022-12-08 10:59:03 +01:00
http crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
idea crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
kdf
lhash Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch 2022-10-07 10:05:50 +02:00
md2
md4
md5 Rename x86-32 assembly files from .s to .S. 2022-05-24 13:16:06 +10:00
mdc2
modes Do not build P10-specific AES-GCM assembler on AIX 2022-12-14 12:53:05 +01:00
objects Allow OBJ_create() to create an OBJ and NID with a NULL OID 2022-12-13 15:40:16 +01:00
ocsp Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
pem When using PEM_read_bio_PrivateKey_ex() the public key is optional 2022-11-25 10:32:18 +01:00
perlasm Add two new build targets to enable the possibility of using clang-cl as 2022-11-24 06:36:47 +00:00
pkcs7 smime/pkcs7: disable the Bleichenbacher workaround 2022-12-12 11:30:52 +01:00
pkcs12 PKCS12 - Add additional libctx and propq support. 2023-01-16 17:17:31 +01:00
poly1305 Generate the preprocessed .s files for chacha and poly 1305 on ia64 2022-05-27 08:10:49 +02:00
property Correct property EBNF for unquoted strings 2023-01-20 10:15:53 +11:00
rand Release the drbg in the global default context before engines 2022-11-02 11:01:20 +01:00
rc2 remove unused macro in rc2_local.h and rc5_local.h 2023-01-12 13:30:29 +01:00
rc4 Rename x86-32 assembly files from .s to .S. 2022-05-24 13:16:06 +10:00
rc5 remove unused macro in rc2_local.h and rc5_local.h 2023-01-12 13:30:29 +01:00
ripemd Avoid putting ripemd_prov.c in libcommon otherwise it is regarded as fips source 2022-10-19 13:21:01 +02:00
rsa Make RSA_generate_multi_prime_key() not segfault if e is NULL. 2023-01-12 10:46:22 -05:00
seed
sha crypto/sha/asm/sha512-ia64.pl: When checking assembler file names, ignore case 2022-11-04 10:37:13 +01:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
sm2 Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
sm3 Add ROTATE inline asm support for SM3 2022-06-22 12:46:50 +02:00
sm4 Fix SM4 test failures on big-endian ARM processors 2023-01-06 14:08:13 +01:00
srp add a check for the return of sk_SRP_gN_new_null() so that capture the potential memory error in time 2022-10-20 19:04:44 +11:00
stack Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO 2022-10-21 18:02:35 +02:00
store crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
thread Don't set cancel state/type 2022-12-01 15:34:38 +01:00
ts crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
txt_db txt_db: fix -Wunused-but-set-variable 2022-10-21 15:56:32 +02:00
ui Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
whrlpool Rename x86-32 assembly files from .s to .S. 2022-05-24 13:16:06 +10:00
x509 Fix corruption when searching for CRLs in hashed directories 2023-01-24 11:23:17 +11:00
LPdir_nyi.c
LPdir_unix.c Update copyright year 2022-05-03 13:34:51 +01:00
LPdir_vms.c
LPdir_win.c
LPdir_win32.c
LPdir_wince.c
README-sparse_array.md
alphacpuid.pl
arm64cpuid.pl Update copyright year 2022-05-03 13:34:51 +01:00
arm_arch.h Apply SM4 optimization patch to Kunpeng-920 2022-11-02 08:45:10 +11:00
armcap.c Fix the code used to detect aarch64 capabilities when we don't have getauxval() 2022-12-06 17:17:32 +01:00
armv4cpuid.pl
asn1_dsa.c
bsearch.c
build.info Implement deterministic ECDSA sign (RFC6979) 2022-11-30 07:31:53 +00:00
c64xpluscpuid.pl
context.c Add functions supporting thread pool only when it is enabled 2022-11-22 17:08:23 +01:00
core_algorithm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
core_fetch.c "Reserve" the method store when constructing methods 2022-07-20 07:28:17 +01:00
core_namemap.c Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats 2022-06-22 09:36:14 +02:00
cpt_err.c err: add additional errors 2022-01-12 20:10:21 +11:00
cpuid.c Update copyright year 2022-05-03 13:34:51 +01:00
cryptlib.c Update copyright year 2022-05-03 13:34:51 +01:00
ctype.c Fixed typos in documentation and comments 2023-01-04 12:53:05 +01:00
cversion.c
der_writer.c der_writer: Use uint32_t instead of long. 2022-06-27 10:58:40 +02:00
deterministic_nonce.c Address coverity issue CID 1517105 2022-12-16 18:57:42 +01:00
dllmain.c Update copyright year 2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
getenv.c Update copyright year 2022-05-03 13:34:51 +01:00
ia64cpuid.S
info.c info.c: Fix typos in seed macro name and description string 2023-01-10 12:15:42 +01:00
init.c Add ZSTD compression support (RFC8478bis) 2022-10-18 09:30:21 -04:00
initthread.c Update copyright year 2022-05-03 13:34:51 +01:00
loongarch64cpuid.pl Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
loongarch_arch.h Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
loongarchcap.c Add LoongArch64 cpuid and OPENSSL_loongarchcap_P 2022-10-12 18:02:12 +11:00
mem.c ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE 2022-08-27 09:40:09 +02:00
mem_clr.c
mem_sec.c Do not check definition of a macro and use it in a single condition 2023-01-12 10:46:52 +01:00
mips_arch.h
o_dir.c Update copyright year 2022-05-03 13:34:51 +01:00
o_fopen.c crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
o_init.c Update copyright year 2022-05-03 13:34:51 +01:00
o_str.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
o_time.c
packet.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
param_build.c OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocated 2023-01-11 23:38:13 +01:00
param_build_set.c Update copyright year 2022-05-03 13:34:51 +01:00
params.c In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1 2023-01-11 23:38:13 +01:00
params_dup.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_from_text.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
pariscid.pl
passphrase.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ppccap.c Update copyright year 2022-05-03 13:34:51 +01:00
ppccpuid.pl Update copyright year 2022-05-03 13:34:51 +01:00
provider.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
provider_child.c For child libctx / provider, don't count self-references in parent 2022-05-05 15:06:11 +02:00
provider_conf.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
provider_core.c Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests. 2022-12-06 18:24:06 +01:00
provider_local.h
provider_predefined.c
punycode.c punycode: update to use WPACKET instead of using custom range checking 2022-11-11 08:14:47 +11:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
riscv32cpuid.pl Add RISC-V 32 cpuid support 2022-09-05 10:20:30 +10:00
riscv64cpuid.pl Add basic RISC-V cpuid and OPENSSL_riscvcap 2022-05-19 16:32:49 +10:00
riscvcap.c Add basic RISC-V cpuid and OPENSSL_riscvcap 2022-05-19 16:32:49 +10:00
s390x_arch.h Update copyright year 2022-05-03 13:34:51 +01:00
s390xcap.c s390: Add new machine generation 2022-04-12 13:04:57 +02:00
s390xcpuid.pl
self_test_core.c Update copyright year 2022-05-03 13:34:51 +01:00
sleep.c Rename ossl_sleep() to OSSL_sleep() and make it public 2022-10-06 08:01:09 +02:00
sparccpuid.S
sparcv9cap.c
sparse_array.c Coverity 1507376: Dereference after null check 2022-07-22 14:42:13 +02:00
threads_lib.c Define threads_lib.c functions only for OPENSSL_SYS_UNIX 2022-11-14 07:47:53 +00:00
threads_none.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
threads_pthread.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
threads_win.c CRYPTO_THREAD_lock_new(): Avoid infinite recursion on allocation error 2022-10-05 10:20:10 +11:00
time.c time: move OSSL_TIME to libcrypto 2022-09-13 21:13:22 +10:00
trace.c Avoid ifdefs in trace categories 2022-12-22 11:33:48 +01:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl