Don't hold a lock when calling a callback in ossl_namemap_doall_names

We don't want to hold a read lock when calling a user supplied callback. That callback could do anything so the risk of a deadlock is high. Instead we collect all the names first inside the read lock, and then subsequently call the user callback outside the read lock. Fixes #14225 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14250)
author: Matt Caswell <matt@openssl.org> 2021-02-19 17:03:43 +0000
committer: Pauli <ppzgs1@gmail.com> 2021-02-25 08:37:22 +1000
commit: d84f5515faf3fe00ed5eeca7e7b8b041be863e90 (patch)
tree: b2e8245e0a152f16b5bb2c5260e47781a6261c9d /crypto/evp/p_lib.c
parent: 6be27456e1346121b1fed797e92353733b59e16e (diff)
1 files changed, 10 insertions, 9 deletions
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 653a3b7743..9f3256c191 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -982,20 +982,20 @@ int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name)
     return EVP_KEYMGMT_is_a(pkey->keymgmt, name);
 }
 
-void EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey,
-                               void (*fn)(const char *name, void *data),
-                               void *data)
+int EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey,
+                              void (*fn)(const char *name, void *data),
+                              void *data)
 {
     if (!evp_pkey_is_typed(pkey))
-        return;
+        return 0;
 
     if (!evp_pkey_is_provided(pkey)) {
         const char *name = OBJ_nid2sn(EVP_PKEY_id(pkey));
 
         fn(name, data);
-        return;
+        return 1;
     }
-    EVP_KEYMGMT_names_do_all(pkey->keymgmt, fn, data);
+    return EVP_KEYMGMT_names_do_all(pkey->keymgmt, fn, data);
 }
 
 int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
@@ -1182,7 +1182,8 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op,
                  * We have the namemap number - now we need to find the
                  * associated nid
                  */
-                ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid);
+                if (!ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid))
+                    return 0;
                 *(int *)arg2 = nid;
             }
             return rv;
@@ -1526,8 +1527,8 @@ int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt)
      */
     const char *str[2] = { NULL, NULL };
 
-    EVP_KEYMGMT_names_do_all(keymgmt, find_ameth, &str);
-    if (str[1] != NULL) {
+    if (!EVP_KEYMGMT_names_do_all(keymgmt, find_ameth, &str)
+            || str[1] != NULL) {
         ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
         return 0;
     }
author	Matt Caswell <matt@openssl.org>	2021-02-19 17:03:43 +0000
committer	Pauli <ppzgs1@gmail.com>	2021-02-25 08:37:22 +1000
commit	d84f5515faf3fe00ed5eeca7e7b8b041be863e90 (patch)
tree	b2e8245e0a152f16b5bb2c5260e47781a6261c9d /crypto/evp/p_lib.c
parent	6be27456e1346121b1fed797e92353733b59e16e (diff)