From d5a216b5d189ec352945f87cf4d85200ce83c317 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 13 Apr 2024 14:02:51 +0000 Subject: [PATCH] Error check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl() These are four versions of near identical code: PKCS#7 and CMS controls for DSA and EC. The checks are rather incomplete and should probably be merged somehow (see the Ed25519 version in ecx_methods(). For now, only replace X509_ALGOR_set0() with its internal by_nid() version and, while there, spell NULL correctly. ok jca --- lib/libcrypto/dsa/dsa_ameth.c | 12 ++++++++---- lib/libcrypto/ec/ec_ameth.c | 11 ++++++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/lib/libcrypto/dsa/dsa_ameth.c b/lib/libcrypto/dsa/dsa_ameth.c index 2fb80108bce..866e5ec476b 100644 --- a/lib/libcrypto/dsa/dsa_ameth.c +++ b/lib/libcrypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.58 2024/04/13 13:57:54 tb Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.59 2024/04/13 14:02:51 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -71,6 +71,7 @@ #include "bn_local.h" #include "dsa_local.h" #include "evp_local.h" +#include "x509_local.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) @@ -636,8 +637,9 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, - 0); + if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF, + NULL)) + return -1; } return 1; @@ -655,7 +657,9 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF, + NULL)) + return -1; } return 1; diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c index 7ca5b18020c..ebedab33254 100644 --- a/lib/libcrypto/ec/ec_ameth.c +++ b/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.51 2024/01/04 17:01:26 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.52 2024/04/13 14:02:51 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -69,6 +69,7 @@ #include "asn1_local.h" #include "ec_local.h" #include "evp_local.h" +#include "x509_local.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); @@ -637,7 +638,9 @@ ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF, + NULL)) + return -1; } return 1; @@ -655,7 +658,9 @@ ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF, + NULL)) + return -1; } return 1; -- 2.20.1