diff options
| author | Matt Caswell <matt@openssl.org> | 2021-02-19 17:03:43 +0000 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2021-02-25 08:37:22 +1000 |
| commit | d84f5515faf3fe00ed5eeca7e7b8b041be863e90 (patch) | |
| tree | b2e8245e0a152f16b5bb2c5260e47781a6261c9d /doc/man3 | |
| parent | 6be27456e1346121b1fed797e92353733b59e16e (diff) | |
Don't hold a lock when calling a callback in ossl_namemap_doall_names
We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk of a deadlock is high.
Instead we collect all the names first inside the read lock, and then
subsequently call the user callback outside the read lock.
Fixes #14225
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)
Diffstat (limited to 'doc/man3')
| -rw-r--r-- | doc/man3/EVP_ASYM_CIPHER_free.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_DigestInit.pod | 11 | ||||
| -rw-r--r-- | doc/man3/EVP_EncryptInit.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_KDF.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_KEM_free.pod | 7 | ||||
| -rw-r--r-- | doc/man3/EVP_KEYEXCH_free.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_KEYMGMT.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_MAC.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_PKEY_is_a.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_RAND.pod | 9 | ||||
| -rw-r--r-- | doc/man3/EVP_SIGNATURE_free.pod | 9 | ||||
| -rw-r--r-- | doc/man3/OSSL_DECODER.pod | 9 | ||||
| -rw-r--r-- | doc/man3/OSSL_ENCODER.pod | 9 | ||||
| -rw-r--r-- | doc/man3/OSSL_STORE_LOADER.pod | 9 |
14 files changed, 85 insertions, 41 deletions
diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod index 1476103b94..bf6c9f7c3e 100644 --- a/doc/man3/EVP_ASYM_CIPHER_free.pod +++ b/doc/man3/EVP_ASYM_CIPHER_free.pod @@ -23,9 +23,9 @@ EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params void (*fn)(EVP_ASYM_CIPHER *cipher, void *arg), void *arg); - void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data); + int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip); const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip); @@ -76,6 +76,9 @@ or B<NULL> for failure. EVP_ASYM_CIPHER_up_ref() returns 1 for success or 0 otherwise. +EVP_ASYM_CIPHER_names_do_all() returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. + EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() return a constant B<OSSL_PARAM> array or NULL on error. diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 025bee4f46..c4cecad3a7 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -64,9 +64,9 @@ EVP_MD_do_all_provided const char *EVP_MD_name(const EVP_MD *md); int EVP_MD_number(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); - void EVP_MD_names_do_all(const EVP_MD *md, - void (*fn)(const char *name, void *data), - void *data); + int EVP_MD_names_do_all(const EVP_MD *md, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); int EVP_MD_type(const EVP_MD *md); int EVP_MD_pkey_type(const EVP_MD *md); @@ -542,6 +542,11 @@ Returns either an B<EVP_MD> structure or NULL if an error occurs. This function has no return value. +=item EVP_MD_names_do_all() + +Returns 1 if the callback was called for all names. A return value of 0 means +that the callback was not called for any names. + =back =head1 NOTES diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 9bac8a2b78..7cc9cebb51 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -125,9 +125,9 @@ EVP_CIPHER_do_all_provided int EVP_CIPHER_nid(const EVP_CIPHER *e); int EVP_CIPHER_number(const EVP_CIPHER *e); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); - void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data); + int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, + void (*fn)(const char *name, void *data), + void *data); const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_block_size(const EVP_CIPHER *e); @@ -461,6 +461,9 @@ than zero for success and zero or a negative number on failure. EVP_CIPHER_CTX_rand_key() returns 1 for success. +EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. +A return value of 0 means that the callback was not called for any names. + =head1 CIPHER LISTING All algorithms have a fixed key length unless otherwise stated. diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 103eafe8c1..3afc0bd9b1 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -36,9 +36,9 @@ EVP_KDF_gettable_params - EVP KDF routines void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KDF *kdf, void *arg), void *arg); - void EVP_KDF_names_do_all(const EVP_KDF *kdf, - void (*fn)(const char *name, void *data), - void *data); + int EVP_KDF_names_do_all(const EVP_KDF *kdf, + void (*fn)(const char *name, void *data), + void *data); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); @@ -252,6 +252,9 @@ that the algorithm produces a variable amount of output; 0 to indicate failure. EVP_KDF_name() returns the name of the KDF, or NULL on error. +EVP_KDF_names_do_all() returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. + The remaining functions return 1 for success and 0 or a negative value for failure. In particular, a return value of -2 indicates the operation is not supported by the KDF algorithm. diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod index 714a86e7ff..a485f85815 100644 --- a/doc/man3/EVP_KEM_free.pod +++ b/doc/man3/EVP_KEM_free.pod @@ -21,8 +21,8 @@ EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *kem); void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEM *kem, void *arg), void *arg); - void EVP_KEM_names_do_all(const EVP_KEM *kem, - void (*fn)(const char *name, void *data), void *data); + int EVP_KEM_names_do_all(const EVP_KEM *kem, + void (*fn)(const char *name, void *data), void *data); const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); @@ -70,6 +70,9 @@ failure. EVP_KEM_up_ref() returns 1 for success or 0 otherwise. +EVP_KEM_names_do_all() returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. + EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return a constant B<OSSL_PARAM> array or NULL on error. diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index 9b133e03f0..ab8f38e077 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -22,9 +22,9 @@ EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYEXCH *exchange, void *arg), void *arg); - void EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, - void (*fn)(const char *name, void *data), - void *data); + int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); @@ -73,6 +73,9 @@ or NULL for failure. EVP_KEYEXCH_up_ref() returns 1 for success or 0 otherwise. +EVP_KEYEXCH_names_do_all() returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. + EVP_KEYEXCH_is_a() returns 1 of I<exchange> was identifiable, otherwise 0. diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index e47591b217..e103b58e90 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -35,9 +35,9 @@ EVP_KEYMGMT_gen_settable_params void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), void *arg); - void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, - void (*fn)(const char *name, void *data), - void *data); + int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt); @@ -110,6 +110,9 @@ error. EVP_KEYMGMT_up_ref() returns 1 on success, or 0 on error. +EVP_KEYMGMT_names_do_all() returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. + EVP_KEYMGMT_free() doesn't return any value. EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 29f81831e4..ff7003b906 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -25,9 +25,9 @@ EVP_MAC_do_all_provided - EVP MAC routines int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); int EVP_MAC_number(const EVP_MAC *mac); const char *EVP_MAC_name(const EVP_MAC *mac); - void EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data); + int EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); @@ -291,6 +291,9 @@ NULL if allocation failed. EVP_MAC_up_ref() returns 1 on success, 0 on error. +EVP_MAC_names_do_all() returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. + EVP_MAC_free() returns nothing at all. EVP_MAC_is_a() returns 1 if the given method can be identified with diff --git a/doc/man3/EVP_PKEY_is_a.pod b/doc/man3/EVP_PKEY_is_a.pod index 6ca64de6b3..228c312cee 100644 --- a/doc/man3/EVP_PKEY_is_a.pod +++ b/doc/man3/EVP_PKEY_is_a.pod @@ -12,9 +12,9 @@ EVP_PKEY_get0_first_alg_name int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name); int EVP_PKEY_can_sign(const EVP_PKEY *pkey); - void EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey, - void (*fn)(const char *name, void *data), - void *data); + int EVP_PKEY_typenames_do_all(const EVP_PKEY *pkey, + void (*fn)(const char *name, void *data), + void *data); const char *EVP_PKEY_get0_first_alg_name(const EVP_PKEY *key); =head1 DESCRIPTION @@ -46,6 +46,9 @@ supports signing, otherwise 0. EVP_PKEY_get0_first_alg_name() returns the name that is found or NULL on error. +EVP_PKEY_typenames_do_all() returns 1 if the callback was called for all names. +A return value of 0 means that the callback was not called for any names. + =head1 EXAMPLES =head2 EVP_PKEY_is_a() diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index 97114af0fb..df92629780 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -41,9 +41,9 @@ EVP_RAND_STATE_ERROR - EVP RAND routines void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_RAND *rand, void *arg), void *arg); - void EVP_RAND_names_do_all(const EVP_RAND *rand, - void (*fn)(const char *name, void *data), - void *data); + int EVP_RAND_names_do_all(const EVP_RAND *rand, + void (*fn)(const char *name, void *data), + void *data); int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, @@ -335,6 +335,9 @@ for the specified algorithm. EVP_RAND_up_ref() returns 1 on success, 0 on error. +EVP_RAND_names_do_all() returns 1 if the callback was called for all names. A +return value of 0 means that the callback was not called for any names. + EVP_RAND_CTX_new() returns either the newly allocated B<EVP_RAND_CTX> structure or NULL if an error occurred. diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod index 5e745747e9..f5f06c8b4d 100644 --- a/doc/man3/EVP_SIGNATURE_free.pod +++ b/doc/man3/EVP_SIGNATURE_free.pod @@ -23,9 +23,9 @@ EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params void (*fn)(EVP_SIGNATURE *signature, void *arg), void *arg); - void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, - void (*fn)(const char *name, void *data), - void *data); + int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); @@ -76,6 +76,9 @@ or B<NULL> for failure. EVP_SIGNATURE_up_ref() returns 1 for success or 0 otherwise. +EVP_SIGNATURE_names_do_all() returns 1 if the callback was called for all names. +A return value of 0 means that the callback was not called for any names. + EVP_SIGNATURE_gettable_ctx_params() and EVP_SIGNATURE_settable_ctx_params() return a constant B<OSSL_PARAM> array or NULL on error. diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod index 9bc2a035ae..d12dede535 100644 --- a/doc/man3/OSSL_DECODER.pod +++ b/doc/man3/OSSL_DECODER.pod @@ -33,9 +33,9 @@ OSSL_DECODER_get_params void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(OSSL_DECODER *decoder, void *arg), void *arg); - void OSSL_DECODER_names_do_all(const OSSL_DECODER *decoder, - void (*fn)(const char *name, void *data), - void *data); + int OSSL_DECODER_names_do_all(const OSSL_DECODER *decoder, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *OSSL_DECODER_gettable_params(OSSL_DECODER *decoder); int OSSL_DECODER_get_params(OSSL_DECODER_CTX *ctx, const OSSL_PARAM params[]); @@ -107,6 +107,9 @@ otherwise 0. OSSL_DECODER_number() returns an integer. +OSSL_DECODER_names_do_all() returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. + =head1 NOTES OSSL_DECODER_fetch() may be called implicitly by other fetching diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index 2c68d1a761..8515ff12f5 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -33,9 +33,9 @@ OSSL_ENCODER_get_params void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(OSSL_ENCODER *encoder, void *arg), void *arg); - void OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, - void (*fn)(const char *name, void *data), - void *data); + int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, + void (*fn)(const char *name, void *data), + void *data); const OSSL_PARAM *OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder); int OSSL_ENCODER_get_params(OSSL_ENCODER_CTX *ctx, const OSSL_PARAM params[]); @@ -108,6 +108,9 @@ otherwise 0. OSSL_ENCODER_number() returns an integer. +OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. + =head1 SEE ALSO L<provider(7)>, L<OSSL_ENCODER_CTX(3)>, L<OSSL_ENCODER_to_bio(3)>, diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index ad1a40a0a4..203286c70d 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -48,9 +48,9 @@ unregister STORE loaders for different URI schemes void (*fn)(OSSL_STORE_LOADER *loader, void *arg), void *arg); - void OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, - void (*fn)(const char *name, void *data), - void *data); + int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, + void (*fn)(const char *name, void *data), + void *data); Deprecated since OpenSSL 3.0, can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, see @@ -312,6 +312,9 @@ or NULL on error. OSSL_STORE_LOADER_up_ref() returns 1 on success, or 0 on error. +OSSL_STORE_LOADER_names_do_all() returns 1 if the callback was called for all +names. A return value of 0 means that the callback was not called for any names. + OSSL_STORE_LOADER_free() doesn't return any value. OSSL_STORE_LOADER_provider() returns a pointer to a provider object, or |