From: Richard Levitte <levitte@openssl.org>
Date: Fri, 3 Jul 2020 12:12:54 +0000 (+0200)
Subject: CORE: perform post-condition in algorithm_do_this() under all circumstances
X-Git-Tag: openssl-3.0.0-alpha5~86
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd76b90ef6cf9bd344c9a6cd0de536a734d1b6a3;p=thirdparty%2Fopenssl.git

CORE: perform post-condition in algorithm_do_this() under all circumstances

When ossl_provider_query_operation() returned NULL, the post-condition
callback wasn't called, and could make algorithm_do_this() falsely
tell the caller that there was an error.  Because of this, a provider
that answered with NULL for a particular operation identity would
effectively block the same query on all following providers.

Fixes #12293

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12365)
---

diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c
index b035ecfbb4c..f4a20cb2d1c 100644
--- a/crypto/core_algorithm.c
+++ b/crypto/core_algorithm.c
@@ -58,13 +58,12 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata)
 
         map = ossl_provider_query_operation(provider, cur_operation,
                                             &no_store);
-        if (map == NULL)
-            continue;
-
-        while (map->algorithm_names != NULL) {
-            const OSSL_ALGORITHM *thismap = map++;
+        if (map != NULL) {
+            while (map->algorithm_names != NULL) {
+                const OSSL_ALGORITHM *thismap = map++;
 
-            data->fn(provider, thismap, no_store, data->data);
+                data->fn(provider, thismap, no_store, data->data);
+            }
         }
 
         /* Do we fulfill post-conditions? */