Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()

Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there
is no missing error checking for OBJ_nid2obj() and no nested functions.
Slightly more importantly, this plugs two long standing potential leaks
in this function (or previously rsa_cms_encrypt()) due to missing error
checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr
would leak.

ok jsing

diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c
index 46681c6..228793b 100644 (file)
--- a/lib/libcrypto/rsa/rsa_ameth.c
+++ b/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.50 2023/11/09 08:20:10 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.51 2023/11/09 08:29:53 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -941,14 +941,16 @@ rsa_alg_set_oaep_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkey_ctx)
                        goto err;
                if (!ASN1_OCTET_STRING_set(ostr, label, labellen))
                        goto err;
-               X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
-                   V_ASN1_OCTET_STRING, ostr);
+               if (!X509_ALGOR_set0_by_nid(oaep->pSourceFunc, NID_pSpecified,
+                   V_ASN1_OCTET_STRING, ostr))
+                       goto err;
                ostr = NULL;
        }
 
        if ((astr = ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, NULL)) == NULL)
                goto err;
-       X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, astr);
+       if (!X509_ALGOR_set0_by_nid(alg, NID_rsaesOaep, V_ASN1_SEQUENCE, astr))
+               goto err;
        astr = NULL;
 
        ret = 1;