On Tue, 26 Aug 2014 17:19:24 +0000 Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> On Tue, Aug 26, 2014 at 10:12:06AM -0400, Salz, Rich wrote: > > > > Find a C version (which I have written) of the utility at: > > > http://git.alpinelinux.org/cgit/aports/plain/main/openssl/c_rehash.c > > > > That's pretty cool. We'd need to modify it to not use the XXXat > > functions or fnmatch, but definitely something we should consider > > for a future release. > > Does this version fix the atomicity problems of the original? > > The Perl version deletes all the symlinks and then rebuilds them, > leaving a time window during which verification fails. > > The algorithm should be improved to never delete links which are > subsequently recreated. I almost answered "it's fixed". But it's not. IIRC, the version had it fixed, but it did not handle hash collisions nicely. This certainly is possibly to do, but needs some extra care when there's collisions and the entries need renaming instead of deletion. The time window is certainly a lot less in C-version, but it still exists. I'll look into fixing this too. Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
