Clarify documentation of X509_ALGOR_{set0,set_md}()

The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from upstream, which means it is as sloppy as the code and as vague as your average upstream manpage. Be precise on what X509_ALGOR_set0() does on different inputs and document return values and failure modes. X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a way that can fail, leaving alg in a corrupted state. Document when that can occur and how to avoid or detect that, but do not go too far, because EVP_MD_meth_new(), one potential source of failures, is a whole another can of worms. joint work with schwarze
author: tb <> 2023-10-09 16:03:57 +0000
committer: tb <> 2023-10-09 16:03:57 +0000
commit: 54a81b9e7be0eccb2197e86698f8ed9a9000b046 (patch)
tree: ed572206365cdd923495da951c81dc4054218bbf /src
parent: 70724bb12c878f2cfe14beeac390e4f2867ba008 (diff)
download: openbsd-54a81b9e7be0eccb2197e86698f8ed9a9000b046.tar.gz
openbsd-54a81b9e7be0eccb2197e86698f8ed9a9000b046.tar.bz2
openbsd-54a81b9e7be0eccb2197e86698f8ed9a9000b046.zip
1 files changed, 45 insertions, 7 deletions
diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3
index 2cfe36184d..f20aea768b 100644
--- a/src/lib/libcrypto/man/X509_ALGOR_dup.3
+++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_ALGOR_dup.3,v 1.16 2021/07/06 16:05:44 schwarze Exp $
+.\"     $OpenBSD: X509_ALGOR_dup.3,v 1.17 2023/10/09 16:03:57 tb Exp $
 .\"     OpenSSL 4692340e Jun 7 15:49:08 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 6 2021 $
+.Dd $Mdocdate: October 9 2023 $
 .Dt X509_ALGOR_DUP 3
 .Os
 .Sh NAME
@@ -147,8 +147,20 @@ with value
 If
 .Fa ptype
 is
+.Dv V_ASN1_UNDEF ,
+the parameter is omitted and
+.Fa pval
+is ignored.
+If
+.Fa ptype
+is zero,
+.Fa pval
+is ignored and the existing parameter is left unchanged, or if
+.Fa alg
+does not contain a parameter, a new, empty parameter of type
 .Dv V_ASN1_UNDEF
-the parameter is omitted, otherwise
+is added.
+Otherwise
 .Fa ptype
 and
 .Fa pval
@@ -158,9 +170,13 @@ and
 .Fa value
 parameters to
 .Xr ASN1_TYPE_set 3 .
-All the supplied parameters are used internally so must
+Ownership of
-.Sy NOT
+.Fa aobj
-be freed after this call.
+and, unless it is ignored, of
+.Fa pval
+is transferred to
+.Fa alg
+on success.
 .Pp
 .Fn X509_ALGOR_get0
 is the inverse of
@@ -179,6 +195,21 @@ sets
 .Fa alg
 to appropriate values for the message digest
 .Fa md .
+If the
+.Dv EVP_MD_FLAG_DIGALGID_ABSENT
+flag is not set on
+.Fa md ,
+.Fn X509_ALGOR_set_md
+can leave
+.Fa alg
+in a corrupted state due to memory allocation failure.
+This problem can be avoided by preallocating with an error-checked call to
+.Fn X509_ALGOR_set0 alg NULL 0 NULL ,
+or the failure can be identified by
+.Fn X509_ALGOR_get0 &aobj NULL NULL alg
+returning a
+.Dv NULL
+.Fa aobj .
 .Pp
 .Fn X509_ALGOR_cmp
 compares
@@ -196,7 +227,11 @@ object or
 if an error occurs.
 .Pp
 .Fn X509_ALGOR_set0
-returns 1 for success or 0 for failure.
+returns 1 for success or 0 if
+.Fa alg
+is
+.Dv NULL
+or memory allocation fails.
 .Pp
 .Fn X509_ALGOR_cmp
 returns 0 if
@@ -240,3 +275,6 @@ and has been available since
 .Fn X509_ALGOR_set_md
 first appeared in OpenSSL 1.0.1 and has been available since
 .Ox 5.3 .
+.Sh BUGS
+.Fn X509_ALGOR_set_md
+can fail but cannot communicate failure to the caller.
author	tb <>	2023-10-09 16:03:57 +0000
committer	tb <>	2023-10-09 16:03:57 +0000
commit	54a81b9e7be0eccb2197e86698f8ed9a9000b046 (patch)
tree	ed572206365cdd923495da951c81dc4054218bbf /src
parent	70724bb12c878f2cfe14beeac390e4f2867ba008 (diff)
download	openbsd-54a81b9e7be0eccb2197e86698f8ed9a9000b046.tar.gz openbsd-54a81b9e7be0eccb2197e86698f8ed9a9000b046.tar.bz2 openbsd-54a81b9e7be0eccb2197e86698f8ed9a9000b046.zip

diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3 index 2cfe36184d..f20aea768b 100644 --- a/src/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_ALGOR_dup.3,v 1.16 2021/07/06 16:05:44 schwarze Exp $	1	.\" $OpenBSD: X509_ALGOR_dup.3,v 1.17 2023/10/09 16:03:57 tb Exp $
2	.\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400	2	.\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -65,7 +65,7 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: July 6 2021 $	68	.Dd $Mdocdate: October 9 2023 $
69	.Dt X509_ALGOR_DUP 3	69	.Dt X509_ALGOR_DUP 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
@@ -147,8 +147,20 @@ with value
147	If	147	If
148	.Fa ptype	148	.Fa ptype
149	is	149	is
		150	.Dv V_ASN1_UNDEF ,
		151	the parameter is omitted and
		152	.Fa pval
		153	is ignored.
		154	If
		155	.Fa ptype
		156	is zero,
		157	.Fa pval
		158	is ignored and the existing parameter is left unchanged, or if
		159	.Fa alg
		160	does not contain a parameter, a new, empty parameter of type
150	.Dv V_ASN1_UNDEF	161	.Dv V_ASN1_UNDEF
151	the parameter is omitted, otherwise	162	is added.
		163	Otherwise
152	.Fa ptype	164	.Fa ptype
153	and	165	and
154	.Fa pval	166	.Fa pval
@@ -158,9 +170,13 @@ and
158	.Fa value	170	.Fa value
159	parameters to	171	parameters to
160	.Xr ASN1_TYPE_set 3 .	172	.Xr ASN1_TYPE_set 3 .
161	All the supplied parameters are used internally so must	173	Ownership of
162	.Sy NOT	174	.Fa aobj
163	be freed after this call.	175	and, unless it is ignored, of
		176	.Fa pval
		177	is transferred to
		178	.Fa alg
		179	on success.
164	.Pp	180	.Pp
165	.Fn X509_ALGOR_get0	181	.Fn X509_ALGOR_get0
166	is the inverse of	182	is the inverse of
@@ -179,6 +195,21 @@ sets
179	.Fa alg	195	.Fa alg
180	to appropriate values for the message digest	196	to appropriate values for the message digest
181	.Fa md .	197	.Fa md .
		198	If the
		199	.Dv EVP_MD_FLAG_DIGALGID_ABSENT
		200	flag is not set on
		201	.Fa md ,
		202	.Fn X509_ALGOR_set_md
		203	can leave
		204	.Fa alg
		205	in a corrupted state due to memory allocation failure.
		206	This problem can be avoided by preallocating with an error-checked call to
		207	.Fn X509_ALGOR_set0 alg NULL 0 NULL ,
		208	or the failure can be identified by
		209	.Fn X509_ALGOR_get0 &aobj NULL NULL alg
		210	returning a
		211	.Dv NULL
		212	.Fa aobj .
182	.Pp	213	.Pp
183	.Fn X509_ALGOR_cmp	214	.Fn X509_ALGOR_cmp
184	compares	215	compares
@@ -196,7 +227,11 @@ object or
196	if an error occurs.	227	if an error occurs.
197	.Pp	228	.Pp
198	.Fn X509_ALGOR_set0	229	.Fn X509_ALGOR_set0
199	returns 1 for success or 0 for failure.	230	returns 1 for success or 0 if
		231	.Fa alg
		232	is
		233	.Dv NULL
		234	or memory allocation fails.
200	.Pp	235	.Pp
201	.Fn X509_ALGOR_cmp	236	.Fn X509_ALGOR_cmp
202	returns 0 if	237	returns 0 if
@@ -240,3 +275,6 @@ and has been available since
240	.Fn X509_ALGOR_set_md	275	.Fn X509_ALGOR_set_md
241	first appeared in OpenSSL 1.0.1 and has been available since	276	first appeared in OpenSSL 1.0.1 and has been available since
242	.Ox 5.3 .	277	.Ox 5.3 .
		278	.Sh BUGS
		279	.Fn X509_ALGOR_set_md
		280	can fail but cannot communicate failure to the caller.