Commit 8db2649384 for openssl.org
commit 8db264938403d29ee57963b8ae105375bc138702
Author: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Thu Jan 13 17:19:24 2022 +0100
X509_ALGOR_set_md(): Add return value to indicate success or failure
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17495)
diff --git a/CHANGES.md b/CHANGES.md
index b6e40fa1fc..236eaf73e6 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -123,6 +123,10 @@ OpenSSL 4.0
*David von Oheimb*
+* `X509_ALGOR_set_md()` now returns a value indicating success or failure.
+
+ *David von Oheimb*
+
* Drop darwin-i386{,-cc} and darwin-ppc{,64}{,-cc} targets from Configurations.
*Daniel Kubec and Eugene Syromiatnikov*
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index f8faf7209b..ccd5ffabb7 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -85,12 +85,12 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
}
/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
{
int type = md->flags & EVP_MD_FLAG_DIGALGID_ABSENT ? V_ASN1_UNDEF
: V_ASN1_NULL;
- (void)X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), type, NULL);
+ return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), type, NULL);
}
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
@@ -148,7 +148,10 @@ int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md)
return 1;
if ((alg = X509_ALGOR_new()) == NULL)
return 0;
- X509_ALGOR_set_md(alg, md);
+ if (!X509_ALGOR_set_md(alg, md)) {
+ X509_ALGOR_free(alg);
+ return 0;
+ }
*palg = alg;
return 1;
}
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
index aff9af63ca..0dada2d08b 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -39,7 +39,8 @@ CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md,
dd->version = 0;
dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
- X509_ALGOR_set_md(dd->digestAlgorithm, md);
+ if (!X509_ALGOR_set_md(dd->digestAlgorithm, md))
+ goto err;
return cms;
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 8e60e6e559..2fd66e08ac 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -625,7 +625,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (ossl_cms_adjust_md(pk, &md, flags) != 1)
goto err;
- X509_ALGOR_set_md(si->digestAlgorithm, md);
+ if (!X509_ALGOR_set_md(si->digestAlgorithm, md))
+ goto err;
/* See if digest is present in digestAlgorithms */
for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
@@ -639,12 +640,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
break;
}
if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
- if ((alg = X509_ALGOR_new()) == NULL) {
- ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
- goto err;
- }
- X509_ALGOR_set_md(alg, md);
- if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
+ if ((alg = X509_ALGOR_new()) == NULL
+ || !X509_ALGOR_set_md(alg, md)
+ || !sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
X509_ALGOR_free(alg);
ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
goto err;
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index 0486beffc4..03bd5a0937 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -186,12 +186,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
if (!EVP_MD_is_a(hash_alg, SN_sha256)) {
alg = X509_ALGOR_new();
- if (alg == NULL) {
- ERR_raise(ERR_LIB_ESS, ERR_R_ASN1_LIB);
- goto err;
- }
- X509_ALGOR_set_md(alg, hash_alg);
- if (alg->algorithm == NULL) {
+ if (alg == NULL || !X509_ALGOR_set_md(alg, hash_alg) || alg->algorithm == NULL) {
ERR_raise(ERR_LIB_ESS, ERR_R_ASN1_LIB);
goto err;
}
diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod
index 6133735ea5..11198fb80d 100644
--- a/doc/man3/X509_ALGOR_dup.pod
+++ b/doc/man3/X509_ALGOR_dup.pod
@@ -15,7 +15,7 @@ X509_ALGOR_copy - AlgorithmIdentifier functions
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
const void **ppval, const X509_ALGOR *alg);
- void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+ int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
@@ -49,16 +49,19 @@ a duplicate of each (and free any thing pointed to from within *dest).
X509_ALGOR_dup() returns a valid B<X509_ALGOR> structure or NULL if an error
occurred.
-X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error.
+X509_ALGOR_set0(), X509_ALGOR_set_md(), and X509_ALGOR_copy()
+return 1 on success or 0 on error.
-X509_ALGOR_get0() and X509_ALGOR_set_md() return no values.
+X509_ALGOR_get0() returns no values.
X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and
nonzero otherwise.
=head1 HISTORY
-The X509_ALGOR_copy() was added in 1.1.1e.
+X509_ALGOR_copy() was added in OpenSSL 1.1.1e.
+
+X509_ALGOR_set_md() returns a value since OpenSSL 4.0.
=head1 COPYRIGHT
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 1a62dfad8a..0ecf8c9049 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -488,7 +488,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
void *pval);
void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
const void **ppval, const X509_ALGOR *algor);
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);