summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2024-04-07 06:34:42 +0000
committertb <>2024-04-07 06:34:42 +0000
commit7c47e205b5035b62d024838e10da7aa8d6858336 (patch)
treec1a640e970cbdd4d16061fe011a1e2818b540612 /src
parent0cc340b2b42f280b220fb9ace2acfe3d2a0f7187 (diff)
downloadopenbsd-7c47e205b5035b62d024838e10da7aa8d6858336.tar.gz
openbsd-7c47e205b5035b62d024838e10da7aa8d6858336.tar.bz2
openbsd-7c47e205b5035b62d024838e10da7aa8d6858336.zip
Rework CMS_add_simple_smimecap()
This is an API to add an OID attribute to the set of SMIMECapabilities. While attributes are complicated in general, this only supports simple capabilities encoded as an OID with an optional integer parameter (e.g., the key size of a cipher). Make this API transactional, i.e., don't leave a new empty set behind on failure or leak the key size if setting the parameter on the X509_ALGOR fails. Also convert to single exit and add a doc comment with a reference. ok beck
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c67
1 files changed, 43 insertions, 24 deletions
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 5a38bf59aa..b783941911 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_sd.c,v 1.31 2024/03/29 06:41:58 tb Exp $ */ 1/* $OpenBSD: cms_sd.c,v 1.32 2024/04/07 06:34:42 tb Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -1008,36 +1008,55 @@ CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
1008} 1008}
1009LCRYPTO_ALIAS(CMS_add_smimecap); 1009LCRYPTO_ALIAS(CMS_add_smimecap);
1010 1010
1011/*
1012 * Add AlgorithmIdentifier OID of type |nid| to the SMIMECapability attribute
1013 * set |*out_algs| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has
1014 * an integer parameter of value |keysize|, otherwise parameters are omitted.
1015 */
1011int 1016int
1012CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize) 1017CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **out_algs, int nid, int keysize)
1013{ 1018{
1014 X509_ALGOR *alg; 1019 STACK_OF(X509_ALGOR) *algs;
1015 ASN1_INTEGER *key = NULL; 1020 X509_ALGOR *alg = NULL;
1021 ASN1_INTEGER *parameter = NULL;
1022 int parameter_type = V_ASN1_UNDEF;
1023 int ret = 0;
1024
1025 if ((algs = *out_algs) == NULL)
1026 algs = sk_X509_ALGOR_new_null();
1027 if (algs == NULL)
1028 goto err;
1016 1029
1017 if (keysize > 0) { 1030 if (keysize > 0) {
1018 if ((key = ASN1_INTEGER_new()) == NULL) 1031 if ((parameter = ASN1_INTEGER_new()) == NULL)
1019 return 0; 1032 goto err;
1020 if (!ASN1_INTEGER_set(key, keysize)) { 1033 if (!ASN1_INTEGER_set(parameter, keysize))
1021 ASN1_INTEGER_free(key); 1034 goto err;
1022 return 0; 1035 parameter_type = V_ASN1_INTEGER;
1023 }
1024 }
1025 alg = X509_ALGOR_new();
1026 if (alg == NULL) {
1027 ASN1_INTEGER_free(key);
1028 return 0;
1029 } 1036 }
1030 1037
1031 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 1038 if ((alg = X509_ALGOR_new()) == NULL)
1032 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 1039 goto err;
1033 if (*algs == NULL) 1040 if (!X509_ALGOR_set0_by_nid(alg, nid, parameter_type, parameter))
1034 *algs = sk_X509_ALGOR_new_null(); 1041 goto err;
1035 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { 1042 parameter = NULL;
1036 X509_ALGOR_free(alg);
1037 return 0;
1038 }
1039 1043
1040 return 1; 1044 if (sk_X509_ALGOR_push(algs, alg) <= 0)
1045 goto err;
1046 alg = NULL;
1047
1048 *out_algs = algs;
1049 algs = NULL;
1050
1051 ret = 1;
1052
1053 err:
1054 if (algs != *out_algs)
1055 sk_X509_ALGOR_pop_free(algs, X509_ALGOR_free);
1056 X509_ALGOR_free(alg);
1057 ASN1_INTEGER_free(parameter);
1058
1059 return ret;
1041} 1060}
1042LCRYPTO_ALIAS(CMS_add_simple_smimecap); 1061LCRYPTO_ALIAS(CMS_add_simple_smimecap);
1043 1062
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 14:23:27 +0000