From adf90ca0f0e59cd2bbe98f5a8353dac76aa39e2b Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 9 Nov 2023 08:29:53 +0000 Subject: [PATCH] Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding() Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there is no missing error checking for OBJ_nid2obj() and no nested functions. Slightly more importantly, this plugs two long standing potential leaks in this function (or previously rsa_cms_encrypt()) due to missing error checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr would leak. ok jsing --- lib/libcrypto/rsa/rsa_ameth.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c index 46681c63485..228793b05c9 100644 --- a/lib/libcrypto/rsa/rsa_ameth.c +++ b/lib/libcrypto/rsa/rsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_ameth.c,v 1.50 2023/11/09 08:20:10 tb Exp $ */ +/* $OpenBSD: rsa_ameth.c,v 1.51 2023/11/09 08:29:53 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -941,14 +941,16 @@ rsa_alg_set_oaep_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkey_ctx) goto err; if (!ASN1_OCTET_STRING_set(ostr, label, labellen)) goto err; - X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), - V_ASN1_OCTET_STRING, ostr); + if (!X509_ALGOR_set0_by_nid(oaep->pSourceFunc, NID_pSpecified, + V_ASN1_OCTET_STRING, ostr)) + goto err; ostr = NULL; } if ((astr = ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, NULL)) == NULL) goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, astr); + if (!X509_ALGOR_set0_by_nid(alg, NID_rsaesOaep, V_ASN1_SEQUENCE, astr)) + goto err; astr = NULL; ret = 1; -- 2.20.1