1 files changed, 16 insertions, 21 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index d3eada2ba6..216af18fcd 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_lib.c,v 1.26 2023/07/08 10:44:00 beck Exp $ */
+/* $OpenBSD: ocsp_lib.c,v 1.27 2024/08/28 06:26:06 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */
@@ -75,6 +75,7 @@
 #include <openssl/x509v3.h>
 #include "ocsp_local.h"
+#include "x509_local.h"
 /* Convert a certificate and its issuer to an OCSP_CERTID */
@@ -109,50 +110,44 @@ OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
 {
        int nid;
        unsigned int i;
-        X509_ALGOR *alg;
        OCSP_CERTID *cid = NULL;
        unsigned char md[EVP_MAX_MD_SIZE];
-        if (!(cid = OCSP_CERTID_new()))
+        if ((cid = OCSP_CERTID_new()) == NULL)
                goto err;
-        alg = cid->hashAlgorithm;
-        if (alg->algorithm != NULL)
-                ASN1_OBJECT_free(alg->algorithm);
        if ((nid = EVP_MD_type(dgst)) == NID_undef) {
                OCSPerror(OCSP_R_UNKNOWN_NID);
                goto err;
        }
-        if (!(alg->algorithm = OBJ_nid2obj(nid)))
+        if (!X509_ALGOR_set0_by_nid(cid->hashAlgorithm, nid, V_ASN1_NULL, NULL))
                goto err;
-        if ((alg->parameter = ASN1_TYPE_new()) == NULL)
-                goto err;
-        alg->parameter->type = V_ASN1_NULL;
-        if (!X509_NAME_digest(issuerName, dgst, md, &i))
+        if (!X509_NAME_digest(issuerName, dgst, md, &i)) {
-                goto digerr;
+                OCSPerror(OCSP_R_DIGEST_ERR);
-        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+                goto err;
+        }
+        if (!ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))
                goto err;
        /* Calculate the issuerKey hash, excluding tag and length */
        if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
                goto err;
-        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+        if (!ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))
                goto err;
-        if (serialNumber) {
+        if (serialNumber != NULL) {
                ASN1_INTEGER_free(cid->serialNumber);
-                if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
+                if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL)
                        goto err;
        }
        return cid;
-digerr:
+ err:
-        OCSPerror(OCSP_R_DIGEST_ERR);
+        OCSP_CERTID_free(cid);
-err:
-        if (cid)
-                OCSP_CERTID_free(cid);
        return NULL;
 }
 LCRYPTO_ALIAS(OCSP_cert_id_new);

diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c index d3eada2ba6..216af18fcd 100644 --- a/src/lib/libcrypto/ocsp/ocsp_lib.c +++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocsp_lib.c,v 1.26 2023/07/08 10:44:00 beck Exp $ */	1	/* $OpenBSD: ocsp_lib.c,v 1.27 2024/08/28 06:26:06 tb Exp $ */
2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL	2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3	* project. */	3	* project. */
4		4
@@ -75,6 +75,7 @@
75	#include <openssl/x509v3.h>	75	#include <openssl/x509v3.h>
76		76
77	#include "ocsp_local.h"	77	#include "ocsp_local.h"
		78	#include "x509_local.h"
78		79
79	/* Convert a certificate and its issuer to an OCSP_CERTID */	80	/* Convert a certificate and its issuer to an OCSP_CERTID */
80		81
@@ -109,50 +110,44 @@ OCSP_cert_id_new(const EVP_MD dgst, const X509_NAME issuerName,
109	{	110	{
110	int nid;	111	int nid;
111	unsigned int i;	112	unsigned int i;
112	X509_ALGOR *alg;
113	OCSP_CERTID *cid = NULL;	113	OCSP_CERTID *cid = NULL;
114	unsigned char md[EVP_MAX_MD_SIZE];	114	unsigned char md[EVP_MAX_MD_SIZE];
115		115
116	if (!(cid = OCSP_CERTID_new()))	116	if ((cid = OCSP_CERTID_new()) == NULL)
117	goto err;	117	goto err;
118		118
119	alg = cid->hashAlgorithm;
120	if (alg->algorithm != NULL)
121	ASN1_OBJECT_free(alg->algorithm);
122	if ((nid = EVP_MD_type(dgst)) == NID_undef) {	119	if ((nid = EVP_MD_type(dgst)) == NID_undef) {
123	OCSPerror(OCSP_R_UNKNOWN_NID);	120	OCSPerror(OCSP_R_UNKNOWN_NID);
124	goto err;	121	goto err;
125	}	122	}
126	if (!(alg->algorithm = OBJ_nid2obj(nid)))	123	if (!X509_ALGOR_set0_by_nid(cid->hashAlgorithm, nid, V_ASN1_NULL, NULL))
127	goto err;	124	goto err;
128	if ((alg->parameter = ASN1_TYPE_new()) == NULL)
129	goto err;
130	alg->parameter->type = V_ASN1_NULL;
131		125
132	if (!X509_NAME_digest(issuerName, dgst, md, &i))	126	if (!X509_NAME_digest(issuerName, dgst, md, &i)) {
133	goto digerr;	127	OCSPerror(OCSP_R_DIGEST_ERR);
134	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))	128	goto err;
		129	}
		130	if (!ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))
135	goto err;	131	goto err;
136		132
137	/* Calculate the issuerKey hash, excluding tag and length */	133	/* Calculate the issuerKey hash, excluding tag and length */
138	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))	134	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
139	goto err;	135	goto err;
140		136
141	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))	137	if (!ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))
142	goto err;	138	goto err;
143		139
144	if (serialNumber) {	140	if (serialNumber != NULL) {
145	ASN1_INTEGER_free(cid->serialNumber);	141	ASN1_INTEGER_free(cid->serialNumber);
146	if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))	142	if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL)
147	goto err;	143	goto err;
148	}	144	}
		145
149	return cid;	146	return cid;
150		147
151	digerr:	148	err:
152	OCSPerror(OCSP_R_DIGEST_ERR);	149	OCSP_CERTID_free(cid);
153	err:	150
154	if (cid)
155	OCSP_CERTID_free(cid);
156	return NULL;	151	return NULL;
157	}	152	}
158	LCRYPTO_ALIAS(OCSP_cert_id_new);	153	LCRYPTO_ALIAS(OCSP_cert_id_new);