Don't hold a lock when calling a callback in ossl_namemap_doall_names

We don't want to hold a read lock when calling a user supplied callback.
That callback could do anything so the risk of a deadlock is high.
Instead we collect all the names first inside the read lock, and then
subsequently call the user callback outside the read lock.

Fixes #14225

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14250)

1 files changed, 6 insertions, 3 deletions

diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 29f81831e4..ff7003b906 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -25,9 +25,9 @@ EVP_MAC_do_all_provided - EVP MAC routines
  int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
  int EVP_MAC_number(const EVP_MAC *mac);
  const char *EVP_MAC_name(const EVP_MAC *mac);
- void EVP_MAC_names_do_all(const EVP_MAC *mac,
-                           void (*fn)(const char *name, void *data),
-                           void *data);
+ int EVP_MAC_names_do_all(const EVP_MAC *mac,
+                          void (*fn)(const char *name, void *data),
+                          void *data);
  const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
  int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
 
@@ -291,6 +291,9 @@ NULL if allocation failed.
 
 EVP_MAC_up_ref() returns 1 on success, 0 on error.
 
+EVP_MAC_names_do_all() returns 1 if the callback was called for all names. A
+return value of 0 means that the callback was not called for any names.
+
 EVP_MAC_free() returns nothing at all.
 
 EVP_MAC_is_a() returns 1 if the given method can be identified with