In X509_check_issued() do the same dance around x509v3_cache_extensions()

author claudio <claudio@openbsd.org>

Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)

committer claudio <claudio@openbsd.org>

Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)
author claudio <claudio@openbsd.org>
Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)
committer claudio <claudio@openbsd.org>
Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)
diff --git a/lib/libcrypto/x509/x509_purp.c b/lib/libcrypto/x509/x509_purp.c

index 3f0081f..86ee274 100644 (file)
--- a/lib/libcrypto/x509/x509_purp.c
+++ b/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.6 2021/09/02 12:41:44 job Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.7 2021/09/13 15:26:53 claudio Exp $ */
  /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   * project 2001.
   */
@@ -871,10 +871,18 @@ X509_check_issued(X509 *issuer, X509 *subject)
         if (X509_NAME_cmp(X509_get_subject_name(issuer),
             X509_get_issuer_name(subject)))
                 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-       x509v3_cache_extensions(issuer);
+       if (!(issuer->ex_flags & EXFLAG_SET)) {
+               CRYPTO_w_lock(CRYPTO_LOCK_X509);
+               x509v3_cache_extensions(issuer);
+               CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+       }
         if (issuer->ex_flags & EXFLAG_INVALID)
                 return X509_V_ERR_UNSPECIFIED;
-       x509v3_cache_extensions(subject);
+       if (!(subject->ex_flags & EXFLAG_SET)) {
+               CRYPTO_w_lock(CRYPTO_LOCK_X509);
+               x509v3_cache_extensions(subject);
+               CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+       }
         if (subject->ex_flags & EXFLAG_INVALID)
                 return X509_V_ERR_UNSPECIFIED;
author	claudio <claudio@openbsd.org>
	Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)
committer	claudio <claudio@openbsd.org>
	Mon, 13 Sep 2021 15:26:53 +0000 (15:26 +0000)