2 files changed, 36 insertions, 27 deletions
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 3f454435de..abcac83e47 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_sd.c,v 1.35 2025/07/27 07:16:20 tb Exp $ */
+/* $OpenBSD: cms_sd.c,v 1.36 2025/07/31 02:24:21 tb Exp $ */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
@@ -990,6 +990,8 @@ LCRYPTO_ALIAS(CMS_add_smimecap);
 * Add AlgorithmIdentifier OID of type |nid| to the SMIMECapability attribute
 * set |*out_algs| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has
 * an integer parameter of value |keysize|, otherwise parameters are omitted.
+ *
+ * See also PKCS7_simple_smimecap().
 */
 int
 CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **out_algs, int nid, int keysize)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 8b6fbf9d23..f2e17806db 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_attr.c,v 1.21 2025/07/31 02:21:01 tb Exp $ */
+/* $OpenBSD: pk7_attr.c,v 1.22 2025/07/31 02:24:21 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -65,6 +65,7 @@
 #include "asn1_local.h"
 #include "err_local.h"
+#include "x509_local.h"
 int
 PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
@@ -122,40 +123,46 @@ PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
 }
 LCRYPTO_ALIAS(PKCS7_get_smimecap);
-/* Basic smime-capabilities OID and optional integer arg */
+/*
+ * Add AlgorithmIdentifier OID of type |nid| to the SMIMECapability attribute
+ * set |sk| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has an
+ * integer parameter of value |keysize|, otherwise parameters are omitted.
+ *
+ * See also CMS_add_simple_smimecap().
+ */
 int
-PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int keysize)
 {
-        X509_ALGOR *alg;
+        X509_ALGOR *alg = NULL;
+        ASN1_INTEGER *parameter = NULL;
-        if (!(alg = X509_ALGOR_new())) {
+        int parameter_type = V_ASN1_UNDEF;
-                PKCS7error(ERR_R_MALLOC_FAILURE);
+        int ret = 0;
-                return 0;
-        }
-        ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm = OBJ_nid2obj(nid);
-        if (arg > 0) {
-                ASN1_INTEGER *nbit;
-                if (!(alg->parameter = ASN1_TYPE_new()))
+        if (keysize > 0) {
+                if ((parameter = ASN1_INTEGER_new()) == NULL)
                        goto err;
-                if (!(nbit = ASN1_INTEGER_new()))
+                if (!ASN1_INTEGER_set(parameter, keysize))
                        goto err;
-                if (!ASN1_INTEGER_set(nbit, arg)) {
+                parameter_type = V_ASN1_INTEGER;
-                        ASN1_INTEGER_free(nbit);
-                        goto err;
-                }
-                alg->parameter->value.integer = nbit;
-                alg->parameter->type = V_ASN1_INTEGER;
        }
-        if (sk_X509_ALGOR_push(sk, alg) == 0)
+        if ((alg = X509_ALGOR_new()) == NULL)
                goto err;
-        return 1;
+        if (!X509_ALGOR_set0_by_nid(alg, nid, parameter_type, parameter))
+                goto err;
+        parameter = NULL;
+        if (sk_X509_ALGOR_push(sk, alg) <= 0)
+                goto err;
+        alg = NULL;
+        ret = 1;
-err:
+ err:
-        PKCS7error(ERR_R_MALLOC_FAILURE);
        X509_ALGOR_free(alg);
-        return 0;
+        ASN1_INTEGER_free(parameter);
+        return ret;
 }
 LCRYPTO_ALIAS(PKCS7_simple_smimecap);

diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c index 3f454435de..abcac83e47 100644 --- a/src/lib/libcrypto/cms/cms_sd.c +++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cms_sd.c,v 1.35 2025/07/27 07:16:20 tb Exp $ */	1	/* $OpenBSD: cms_sd.c,v 1.36 2025/07/31 02:24:21 tb Exp $ */
2	/*	2	/*
3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4	* project.	4	* project.
@@ -990,6 +990,8 @@ LCRYPTO_ALIAS(CMS_add_smimecap);
990	* Add AlgorithmIdentifier OID of type \|nid\| to the SMIMECapability attribute	990	* Add AlgorithmIdentifier OID of type \|nid\| to the SMIMECapability attribute
991	* set \|*out_algs\| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has	991	* set \|*out_algs\| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has
992	* an integer parameter of value \|keysize\|, otherwise parameters are omitted.	992	* an integer parameter of value \|keysize\|, otherwise parameters are omitted.
		993	*
		994	* See also PKCS7_simple_smimecap().
993	*/	995	*/
994	int	996	int
995	CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **out_algs, int nid, int keysize)	997	CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **out_algs, int nid, int keysize)


diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c index 8b6fbf9d23..f2e17806db 100644 --- a/src/lib/libcrypto/pkcs7/pk7_attr.c +++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pk7_attr.c,v 1.21 2025/07/31 02:21:01 tb Exp $ */	1	/* $OpenBSD: pk7_attr.c,v 1.22 2025/07/31 02:24:21 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.	3	* project 2001.
4	*/	4	*/
@@ -65,6 +65,7 @@
65		65
66	#include "asn1_local.h"	66	#include "asn1_local.h"
67	#include "err_local.h"	67	#include "err_local.h"
		68	#include "x509_local.h"
68		69
69	int	70	int
70	PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO si, STACK_OF(X509_ALGOR) cap)	71	PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO si, STACK_OF(X509_ALGOR) cap)
@@ -122,40 +123,46 @@ PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
122	}	123	}
123	LCRYPTO_ALIAS(PKCS7_get_smimecap);	124	LCRYPTO_ALIAS(PKCS7_get_smimecap);
124		125
125	/* Basic smime-capabilities OID and optional integer arg */	126	/*
		127	* Add AlgorithmIdentifier OID of type \|nid\| to the SMIMECapability attribute
		128	* set \|sk\| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has an
		129	* integer parameter of value \|keysize\|, otherwise parameters are omitted.
		130	*
		131	* See also CMS_add_simple_smimecap().
		132	*/
126	int	133	int
127	PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)	134	PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int keysize)
128	{	135	{
129	X509_ALGOR *alg;	136	X509_ALGOR *alg = NULL;
130		137	ASN1_INTEGER *parameter = NULL;
131	if (!(alg = X509_ALGOR_new())) {	138	int parameter_type = V_ASN1_UNDEF;
132	PKCS7error(ERR_R_MALLOC_FAILURE);	139	int ret = 0;
133	return 0;
134	}
135	ASN1_OBJECT_free(alg->algorithm);
136	alg->algorithm = OBJ_nid2obj(nid);
137	if (arg > 0) {
138	ASN1_INTEGER *nbit;
139		140
140	if (!(alg->parameter = ASN1_TYPE_new()))	141	if (keysize > 0) {
		142	if ((parameter = ASN1_INTEGER_new()) == NULL)
141	goto err;	143	goto err;
142	if (!(nbit = ASN1_INTEGER_new()))	144	if (!ASN1_INTEGER_set(parameter, keysize))
143	goto err;	145	goto err;
144	if (!ASN1_INTEGER_set(nbit, arg)) {	146	parameter_type = V_ASN1_INTEGER;
145	ASN1_INTEGER_free(nbit);
146	goto err;
147	}
148	alg->parameter->value.integer = nbit;
149	alg->parameter->type = V_ASN1_INTEGER;
150	}	147	}
151	if (sk_X509_ALGOR_push(sk, alg) == 0)	148
		149	if ((alg = X509_ALGOR_new()) == NULL)
152	goto err;	150	goto err;
153	return 1;	151	if (!X509_ALGOR_set0_by_nid(alg, nid, parameter_type, parameter))
		152	goto err;
		153	parameter = NULL;
		154
		155	if (sk_X509_ALGOR_push(sk, alg) <= 0)
		156	goto err;
		157	alg = NULL;
		158
		159	ret = 1;
154		160
155	err:	161	err:
156	PKCS7error(ERR_R_MALLOC_FAILURE);
157	X509_ALGOR_free(alg);	162	X509_ALGOR_free(alg);
158	return 0;	163	ASN1_INTEGER_free(parameter);
		164
		165	return ret;
159	}	166	}
160	LCRYPTO_ALIAS(PKCS7_simple_smimecap);	167	LCRYPTO_ALIAS(PKCS7_simple_smimecap);
161		168