Add X509_ALGOR_set0_by_nid()

X509_ALGOR_set0() is annoyingly unergonomic since it takes an ASN1_OBJECT
rather than a nid.  This means that almost all callers call OBJ_obj2nid()
and they often do this inline without error checking so that the resulting
X509_ALGOR object is corrupted and may lead to incorrect encodings.

Provide an internal alternative X509_ALGOR_set0_by_nid() that takes a nid
instead of an ASN1_OBJECT and performs proper error checking. This will be
used to convert callers of X509_ALGOR_set0() in the library.

ok jsing

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index 44fe6ad805..63082d1b19 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_local.h,v 1.10 2023/10/11 13:05:18 tb Exp $ */
+/*      $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -380,6 +380,8 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
 int name_cmp(const char *name, const char *cmp);
 
 int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
+    void *parameter_value);
 
 int X509_policy_check(const STACK_OF(X509) *certs,
     const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,