From fb7a7f099ecbabbf65c42856ec9fb9d898b15907 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Thu, 27 Apr 2023 10:55:48 +1000
Subject: [PATCH] pbe: sort stack before using find

There is no lock for the sort.  This is no worse than the
existing code which sorted silently without a lock.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20842)
---
 crypto/evp/evp_pbe.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index d943dfeadd..9901d66a77 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -259,6 +259,8 @@ int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid,
     pbelu.pbe_nid = pbe_nid;
 
     if (pbe_algs != NULL) {
+        /* Ideally, this would be done under lock */
+        sk_EVP_PBE_CTL_sort(pbe_algs);
         i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
         pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
     }