Error check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl()

These are four versions of near identical code: PKCS#7 and CMS controls
for DSA and EC. The checks are rather incomplete and should probably be
merged somehow (see the Ed25519 version in ecx_methods(). For now, only
replace X509_ALGOR_set0() with its internal by_nid() version and, while
there, spell NULL correctly.

ok jca

2 files changed, 16 insertions, 7 deletions

diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 2fb80108bc..866e5ec476 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.58 2024/04/13 13:57:54 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.59 2024/04/13 14:02:51 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -71,6 +71,7 @@
 #include "bn_local.h"
 #include "dsa_local.h"
 #include "evp_local.h"
+#include "x509_local.h"
 
 static int
 dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
@@ -636,8 +637,9 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                                 return -1;
                         if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
                                 return -1;
-                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
-                            0);
+                        if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF,
+                            NULL))
+                                return -1;
                 }
                 return 1;
 
@@ -655,7 +657,9 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                                 return -1;
                         if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
                                 return -1;
-                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF,
+                            NULL))
+                                return -1;
                 }
                 return 1;
 
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 7ca5b18020..ebedab3325 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.51 2024/01/04 17:01:26 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.52 2024/04/13 14:02:51 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -69,6 +69,7 @@
 #include "asn1_local.h"
 #include "ec_local.h"
 #include "evp_local.h"
+#include "x509_local.h"
 
 #ifndef OPENSSL_NO_CMS
 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
@@ -637,7 +638,9 @@ ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                                 return -1;
                         if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
                                 return -1;
-                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF,
+                            NULL))
+                            return -1;
                 }
                 return 1;
 
@@ -655,7 +658,9 @@ ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                                 return -1;
                         if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
                                 return -1;
-                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        if (!X509_ALGOR_set0_by_nid(alg2, snid, V_ASN1_UNDEF,
+                            NULL))
+                            return -1;
                 }
                 return 1;