Add X509_ALGOR_set0_by_nid()

X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT rather than a nid. This means that almost all callers call OBJ_obj2nid() and they often do this inline without error checking so that the resulting X509_ALGOR object is corrupted and may lead to incorrect encodings. Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid instead of an ASN1_OBJECT and performs proper error checking. This will be used to convert callers of X509_ALGOR_set0() in the library. ok jsing
author: tb <> 2023-11-01 20:37:42 +0000
committer: tb <> 2023-11-01 20:37:42 +0000
commit: 9502a579475daabba44f561af5927b9423bfd082 (patch)
tree: 096fff81e30ca03dd34347beb2f73d664206a18b
parent: 718563113a50e94a6425cdd51e05876a3d29a3ba (diff)
download: openbsd-9502a579475daabba44f561af5927b9423bfd082.tar.gz
openbsd-9502a579475daabba44f561af5927b9423bfd082.tar.bz2
openbsd-9502a579475daabba44f561af5927b9423bfd082.zip
2 files changed, 33 insertions, 2 deletions
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
index 76b78028ad..5ad1263b27 100644
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_algor.c,v 1.36 2023/11/01 20:26:24 tb Exp $ */
+/* $OpenBSD: x_algor.c,v 1.37 2023/11/01 20:37:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -159,6 +159,19 @@ X509_ALGOR_set0_obj(X509_ALGOR *alg, ASN1_OBJECT *aobj)
 }
 static int
+X509_ALGOR_set_obj_by_nid(X509_ALGOR *alg, int nid)
+{
+        ASN1_OBJECT *aobj;
+        if ((aobj = OBJ_nid2obj(nid)) == NULL)
+                return 0;
+        if (!X509_ALGOR_set0_obj(alg, aobj))
+                return 0;
+        return 1;
+}
+static int
 X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type,
    void *parameter_value)
 {
@@ -181,6 +194,22 @@ X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type,
 }
 int
+X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
+    void *parameter_value)
+{
+        if (alg == NULL)
+                return 0;
+        if (!X509_ALGOR_set_obj_by_nid(alg, nid))
+                return 0;
+        if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value))
+                return 0;
+        return 1;
+}
+int
 X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int parameter_type,
    void *parameter_value)
 {
diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index 44fe6ad805..63082d1b19 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_local.h,v 1.10 2023/10/11 13:05:18 tb Exp $ */
+/*      $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2013.
 */
@@ -380,6 +380,8 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
 int name_cmp(const char *name, const char *cmp);
 int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
+    void *parameter_value);
 int X509_policy_check(const STACK_OF(X509) *certs,
    const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,
author	tb <>	2023-11-01 20:37:42 +0000
committer	tb <>	2023-11-01 20:37:42 +0000
commit	9502a579475daabba44f561af5927b9423bfd082 (patch)
tree	096fff81e30ca03dd34347beb2f73d664206a18b
parent	718563113a50e94a6425cdd51e05876a3d29a3ba (diff)
download	openbsd-9502a579475daabba44f561af5927b9423bfd082.tar.gz openbsd-9502a579475daabba44f561af5927b9423bfd082.tar.bz2 openbsd-9502a579475daabba44f561af5927b9423bfd082.zip

diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c index 76b78028ad..5ad1263b27 100644 --- a/src/lib/libcrypto/asn1/x_algor.c +++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x_algor.c,v 1.36 2023/11/01 20:26:24 tb Exp $ */	1	/* $OpenBSD: x_algor.c,v 1.37 2023/11/01 20:37:42 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -159,6 +159,19 @@ X509_ALGOR_set0_obj(X509_ALGOR alg, ASN1_OBJECT aobj)
159	}	159	}
160		160
161	static int	161	static int
		162	X509_ALGOR_set_obj_by_nid(X509_ALGOR *alg, int nid)
		163	{
		164	ASN1_OBJECT *aobj;
		165
		166	if ((aobj = OBJ_nid2obj(nid)) == NULL)
		167	return 0;
		168	if (!X509_ALGOR_set0_obj(alg, aobj))
		169	return 0;
		170
		171	return 1;
		172	}
		173
		174	static int
162	X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type,	175	X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type,
163	void *parameter_value)	176	void *parameter_value)
164	{	177	{
@@ -181,6 +194,22 @@ X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type,
181	}	194	}
182		195
183	int	196	int
		197	X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
		198	void *parameter_value)
		199	{
		200	if (alg == NULL)
		201	return 0;
		202
		203	if (!X509_ALGOR_set_obj_by_nid(alg, nid))
		204	return 0;
		205
		206	if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value))
		207	return 0;
		208
		209	return 1;
		210	}
		211
		212	int
184	X509_ALGOR_set0(X509_ALGOR alg, ASN1_OBJECT aobj, int parameter_type,	213	X509_ALGOR_set0(X509_ALGOR alg, ASN1_OBJECT aobj, int parameter_type,
185	void *parameter_value)	214	void *parameter_value)
186	{	215	{


diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h index 44fe6ad805..63082d1b19 100644 --- a/src/lib/libcrypto/x509/x509_local.h +++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_local.h,v 1.10 2023/10/11 13:05:18 tb Exp $ */	1	/* $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2013.	3	* project 2013.
4	*/	4	*/
@@ -380,6 +380,8 @@ int x509_check_cert_time(X509_STORE_CTX ctx, X509 x, int quiet);
380	int name_cmp(const char name, const char cmp);	380	int name_cmp(const char name, const char cmp);
381		381
382	int X509_ALGOR_set_evp_md(X509_ALGOR alg, const EVP_MD md);	382	int X509_ALGOR_set_evp_md(X509_ALGOR alg, const EVP_MD md);
		383	int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
		384	void *parameter_value);
383		385
384	int X509_policy_check(const STACK_OF(X509) *certs,	386	int X509_policy_check(const STACK_OF(X509) *certs,
385	const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,	387	const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,