diff options
author | Matt Caswell <matt@openssl.org> | 2021-02-19 17:03:43 +0000 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2021-02-25 08:37:22 +1000 |
commit | d84f5515faf3fe00ed5eeca7e7b8b041be863e90 (patch) | |
tree | b2e8245e0a152f16b5bb2c5260e47781a6261c9d /crypto/evp | |
parent | 6be27456e1346121b1fed797e92353733b59e16e (diff) |
Don't hold a lock when calling a callback in ossl_namemap_doall_names
We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk of a deadlock is high.
Instead we collect all the names first inside the read lock, and then
subsequently call the user callback outside the read lock.
Fixes #14225
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/asymcipher.c | 10 | ||||
-rw-r--r-- | crypto/evp/digest.c | 4 | ||||
-rw-r--r-- | crypto/evp/evp_enc.c | 4 | ||||
-rw-r--r-- | crypto/evp/evp_fetch.c | 8 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 20 | ||||
-rw-r--r-- | crypto/evp/evp_local.h | 6 | ||||
-rw-r--r-- | crypto/evp/evp_rand.c | 10 | ||||
-rw-r--r-- | crypto/evp/exchange.c | 10 | ||||
-rw-r--r-- | crypto/evp/kdf_lib.c | 10 | ||||
-rw-r--r-- | crypto/evp/kem.c | 10 | ||||
-rw-r--r-- | crypto/evp/keymgmt_meth.c | 10 | ||||
-rw-r--r-- | crypto/evp/mac_lib.c | 10 | ||||
-rw-r--r-- | crypto/evp/names.c | 6 | ||||
-rw-r--r-- | crypto/evp/p_lib.c | 19 | ||||
-rw-r--r-- | crypto/evp/signature.c | 10 |
15 files changed, 85 insertions, 62 deletions
diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index 6ff49a0526..f096c19345 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -434,12 +434,14 @@ void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, } -void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data) +int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data) { if (cipher->prov != NULL) - evp_names_do_all(cipher->prov, cipher->name_id, fn, data); + return evp_names_do_all(cipher->prov, cipher->name_id, fn, data); + + return 1; } const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 7346169be6..e322654241 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -881,8 +881,8 @@ static void *evp_md_from_dispatch(int name_id, #ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ md->type = NID_undef; - evp_names_do_all(prov, name_id, set_legacy_nid, &md->type); - if (md->type == -1) { + if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type) + || md->type == -1) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); EVP_MD_free(md); return NULL; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b6aa36c5c2..ebb876a8dc 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1395,8 +1395,8 @@ static void *evp_cipher_from_dispatch(const int name_id, #ifndef FIPS_MODULE /* TODO(3.x) get rid of the need for legacy NIDs */ cipher->nid = NID_undef; - evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid); - if (cipher->nid == -1) { + if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid) + || cipher->nid == -1) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); EVP_CIPHER_free(cipher); return NULL; diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 2f0d0e15b0..589c15fb1e 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -530,12 +530,12 @@ int evp_is_a(OSSL_PROVIDER *prov, int number, return ossl_namemap_name2num(namemap, name) == number; } -void evp_names_do_all(OSSL_PROVIDER *prov, int number, - void (*fn)(const char *name, void *data), - void *data) +int evp_names_do_all(OSSL_PROVIDER *prov, int number, + void (*fn)(const char *name, void *data), + void *data) { OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - ossl_namemap_doall_names(namemap, number, fn, data); + return ossl_namemap_doall_names(namemap, number, fn, data); } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index f6598a8b3f..fc2c65b578 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -644,12 +644,14 @@ const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) #endif } -void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data) +int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data) { if (cipher->prov != NULL) - evp_names_do_all(cipher->prov, cipher->name_id, fn, data); + return evp_names_do_all(cipher->prov, cipher->name_id, fn, data); + + return 1; } const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher) @@ -685,12 +687,14 @@ const char *EVP_MD_name(const EVP_MD *md) #endif } -void EVP_MD_names_do_all(const EVP_MD *md, - void (*fn)(const char *name, void *data), - void *data) +int EVP_MD_names_do_all(const EVP_MD *md, + void (*fn)(const char *name, void *data), + void *data) { if (md->prov != NULL) - evp_names_do_all(md->prov, md->name_id, fn, data); + return evp_names_do_all(md->prov, md->name_id, fn, data); + + return 1; } const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 0112cdca02..e0031a1d04 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -317,7 +317,7 @@ void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx); const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id); int evp_is_a(OSSL_PROVIDER *prov, int number, const char *legacy_name, const char *name); -void evp_names_do_all(OSSL_PROVIDER *prov, int number, - void (*fn)(const char *name, void *data), - void *data); +int evp_names_do_all(OSSL_PROVIDER *prov, int number, + void (*fn)(const char *name, void *data), + void *data); int evp_cipher_cache_constants(EVP_CIPHER *cipher); diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 4d18194a0b..b27f4e11a0 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -451,12 +451,14 @@ void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, evp_rand_from_dispatch, evp_rand_free); } -void EVP_RAND_names_do_all(const EVP_RAND *rand, - void (*fn)(const char *name, void *data), - void *data) +int EVP_RAND_names_do_all(const EVP_RAND *rand, + void (*fn)(const char *name, void *data), + void *data) { if (rand->prov != NULL) - evp_names_do_all(rand->prov, rand->name_id, fn, data); + return evp_names_do_all(rand->prov, rand->name_id, fn, data); + + return 1; } static int evp_rand_instantiate_locked diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index b82b7f8219..67f4c5389f 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -460,12 +460,14 @@ void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, (void (*)(void *))EVP_KEYEXCH_free); } -void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, - void (*fn)(const char *name, void *data), - void *data) +int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, + void (*fn)(const char *name, void *data), + void *data) { if (keyexch->prov != NULL) - evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data); + return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data); + + return 1; } const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch) diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index a8565ed25b..36f8eb2ea8 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -172,10 +172,12 @@ int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) return 1; } -void EVP_KDF_names_do_all(const EVP_KDF *kdf, - void (*fn)(const char *name, void *data), - void *data) +int EVP_KDF_names_do_all(const EVP_KDF *kdf, + void (*fn)(const char *name, void *data), + void *data) { if (kdf->prov != NULL) - evp_names_do_all(kdf->prov, kdf->name_id, fn, data); + return evp_names_do_all(kdf->prov, kdf->name_id, fn, data); + + return 1; } diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index 989ffa2414..2b81cc1586 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -349,12 +349,14 @@ void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, (void (*)(void *))EVP_KEM_free); } -void EVP_KEM_names_do_all(const EVP_KEM *kem, - void (*fn)(const char *name, void *data), - void *data) +int EVP_KEM_names_do_all(const EVP_KEM *kem, + void (*fn)(const char *name, void *data), + void *data) { if (kem->prov != NULL) - evp_names_do_all(kem->prov, kem->name_id, fn, data); + return evp_names_do_all(kem->prov, kem->name_id, fn, data); + + return 1; } const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem) diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index c8c3d705c7..aecb7ec368 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -269,12 +269,14 @@ void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, (void (*)(void *))EVP_KEYMGMT_free); } -void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, - void (*fn)(const char *name, void *data), - void *data) +int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, + void (*fn)(const char *name, void *data), + void *data) { if (keymgmt->prov != NULL) - evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data); + return evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data); + + return 1; } /* diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index c5c12598d3..de4d3623ff 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -174,10 +174,12 @@ int EVP_MAC_is_a(const EVP_MAC *mac, const char *name) return evp_is_a(mac->prov, mac->name_id, NULL, name); } -void EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data) +int EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data) { if (mac->prov != NULL) - evp_names_do_all(mac->prov, mac->name_id, fn, data); + return evp_names_do_all(mac->prov, mac->name_id, fn, data); + + return 1; } diff --git a/crypto/evp/names.c b/crypto/evp/names.c index cb59813857..97fd1b8302 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -98,7 +98,8 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, if (id == 0) return NULL; - ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp); + if (!ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp)) + return NULL; return cp; } @@ -143,7 +144,8 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name) if (id == 0) return NULL; - ossl_namemap_doall_names(namemap, id, digest_from_name, &dp); + if (!ossl_namemap_doall_names(namemap, id, digest_from_name, &dp)) + return NULL; return dp; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 653a3b7743..9f3256c191 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -982,20 +982,20 @@ int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) return EVP_KEYMGMT_is_a(pkey->keymgmt, name); } -void EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey, - void (*fn)(const char *name, void *data), - void *data) +int EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey, + void (*fn)(const char *name, void *data), + void *data) { if (!evp_pkey_is_typed(pkey)) - return; + return 0; if (!evp_pkey_is_provided(pkey)) { const char *name = OBJ_nid2sn(EVP_PKEY_id(pkey)); fn(name, data); - return; + return 1; } - EVP_KEYMGMT_names_do_all(pkey->keymgmt, fn, data); + return EVP_KEYMGMT_names_do_all(pkey->keymgmt, fn, data); } int EVP_PKEY_can_sign(const EVP_PKEY *pkey) @@ -1182,7 +1182,8 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op, * We have the namemap number - now we need to find the * associated nid */ - ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid); + if (!ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid)) + return 0; *(int *)arg2 = nid; } return rv; @@ -1526,8 +1527,8 @@ int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt) */ const char *str[2] = { NULL, NULL }; - EVP_KEYMGMT_names_do_all(keymgmt, find_ameth, &str); - if (str[1] != NULL) { + if (!EVP_KEYMGMT_names_do_all(keymgmt, find_ameth, &str) + || str[1] != NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 89dc7e465f..4a1692ce98 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -329,12 +329,14 @@ void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, } -void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, - void (*fn)(const char *name, void *data), - void *data) +int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, + void (*fn)(const char *name, void *data), + void *data) { if (signature->prov != NULL) - evp_names_do_all(signature->prov, signature->name_id, fn, data); + return evp_names_do_all(signature->prov, signature->name_id, fn, data); + + return 1; } const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig) |