From 208118668bc0a60ceeed07a77bd7a362f13c9a10 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 1 Nov 2023 20:37:42 +0000 Subject: [PATCH] Add X509_ALGOR_set0_by_nid() X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT rather than a nid. This means that almost all callers call OBJ_obj2nid() and they often do this inline without error checking so that the resulting X509_ALGOR object is corrupted and may lead to incorrect encodings. Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid instead of an ASN1_OBJECT and performs proper error checking. This will be used to convert callers of X509_ALGOR_set0() in the library. ok jsing --- lib/libcrypto/asn1/x_algor.c | 31 ++++++++++++++++++++++++++++++- lib/libcrypto/x509/x509_local.h | 4 +++- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/asn1/x_algor.c b/lib/libcrypto/asn1/x_algor.c index 76b78028ad5..5ad1263b278 100644 --- a/lib/libcrypto/asn1/x_algor.c +++ b/lib/libcrypto/asn1/x_algor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_algor.c,v 1.36 2023/11/01 20:26:24 tb Exp $ */ +/* $OpenBSD: x_algor.c,v 1.37 2023/11/01 20:37:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -158,6 +158,19 @@ X509_ALGOR_set0_obj(X509_ALGOR *alg, ASN1_OBJECT *aobj) return 1; } +static int +X509_ALGOR_set_obj_by_nid(X509_ALGOR *alg, int nid) +{ + ASN1_OBJECT *aobj; + + if ((aobj = OBJ_nid2obj(nid)) == NULL) + return 0; + if (!X509_ALGOR_set0_obj(alg, aobj)) + return 0; + + return 1; +} + static int X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type, void *parameter_value) @@ -180,6 +193,22 @@ X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type, return 1; } +int +X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type, + void *parameter_value) +{ + if (alg == NULL) + return 0; + + if (!X509_ALGOR_set_obj_by_nid(alg, nid)) + return 0; + + if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value)) + return 0; + + return 1; +} + int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int parameter_type, void *parameter_value) diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h index 44fe6ad805e..63082d1b19c 100644 --- a/lib/libcrypto/x509/x509_local.h +++ b/lib/libcrypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.10 2023/10/11 13:05:18 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -380,6 +380,8 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); int name_cmp(const char *name, const char *cmp); int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type, + void *parameter_value); int X509_policy_check(const STACK_OF(X509) *certs, const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags, -- 2.20.1