From: Pauli <pauli@openssl.org>
Date: Thu, 27 Apr 2023 00:55:48 +0000 (+1000)
Subject: pbe: sort stack before using find
X-Git-Tag: openssl-3.2.0-alpha1~943
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb7a7f099ecbabbf65c42856ec9fb9d898b15907;p=thirdparty%2Fopenssl.git

pbe: sort stack before using find

There is no lock for the sort.  This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
---

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index d943dfeaddf..9901d66a777 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -259,6 +259,8 @@ int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid,
     pbelu.pbe_nid = pbe_nid;
 
     if (pbe_algs != NULL) {
+        /* Ideally, this would be done under lock */
+        sk_EVP_PBE_CTL_sort(pbe_algs);
         i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
         pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
     }