From: Dr. David von Oheimb Date: Fri, 6 Aug 2021 10:11:13 +0000 (+0200) Subject: Fix malloc failure handling of X509_ALGOR_set0() X-Git-Tag: openssl-3.2.0-alpha1~3070 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04bc3c1277b8b20dc29f96933f7be592c0535aa8;p=thirdparty%2Fopenssl.git Fix malloc failure handling of X509_ALGOR_set0() Also update and slightly extend the respective documentation and simplify some code. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16251) --- diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 302045cfcdf..df251719f67 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -247,16 +247,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, goto err; } - if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) - paramtype = V_ASN1_NULL; - else - paramtype = V_ASN1_UNDEF; - - if (algor1) - X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); - if (algor2) - X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); - + paramtype = pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL ? + V_ASN1_NULL : V_ASN1_UNDEF; + if (algor1 != NULL + && !X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL)) + goto err; + if (algor2 != NULL + && !X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL)) + goto err; } buf_len = ASN1_item_i2d(data, &buf_in, it); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index f56ec92f65b..e78cf7a68b3 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -33,12 +33,9 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) if (alg == NULL) return 0; - if (ptype != V_ASN1_UNDEF) { - if (alg->parameter == NULL) - alg->parameter = ASN1_TYPE_new(); - if (alg->parameter == NULL) - return 0; - } + if (ptype != V_ASN1_UNDEF && alg->parameter == NULL + && (alg->parameter = ASN1_TYPE_new()) == NULL) + return 0; ASN1_OBJECT_free(alg->algorithm); alg->algorithm = aobj; @@ -68,7 +65,7 @@ X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void *pval) err: X509_ALGOR_free(alg); - ASN1_OBJECT_free(algo); + /* ASN1_OBJECT_free(algo) is not needed due to OBJ_nid2obj() */ return NULL; } @@ -89,18 +86,12 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, } /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ - void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) { - int param_type; - - if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) - param_type = V_ASN1_UNDEF; - else - param_type = V_ASN1_NULL; - - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL); + int type = md->flags & EVP_MD_FLAG_DIGALGID_ABSENT ? V_ASN1_UNDEF + : V_ASN1_NULL; + (void)X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), type, NULL); } int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) @@ -150,13 +141,15 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) /* allocate and set algorithm ID from EVP_MD, default SHA1 */ int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md) { + X509_ALGOR *alg; + /* Default is SHA1 so no need to create it - still success */ if (md == NULL || EVP_MD_is_a(md, "SHA1")) return 1; - *palg = X509_ALGOR_new(); - if (*palg == NULL) + if ((alg = X509_ALGOR_new()) == NULL) return 0; - X509_ALGOR_set_md(*palg, md); + X509_ALGOR_set_md(alg, md); + *palg = alg; return 1; } diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index 6de6d55e58d..a7f47a6a3db 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -50,8 +50,9 @@ CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, cd->version = 0; - X509_ALGOR_set0(cd->compressionAlgorithm, - OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL); + (void)X509_ALGOR_set0(cd->compressionAlgorithm, + OBJ_nid2obj(NID_zlib_compression), + V_ASN1_UNDEF, NULL); /* cannot fail */ cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index f14546c7037..2ff85d979bc 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -238,8 +238,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), - V_ASN1_UNDEF, NULL); + (void)X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), + V_ASN1_UNDEF, NULL); /* cannot fail */ } /* See if custom parameters set */ @@ -316,10 +316,10 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) goto err; ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), - V_ASN1_SEQUENCE, wrap_str); - - rv = 1; + rv = X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), + V_ASN1_SEQUENCE, wrap_str); + if (!rv) + ASN1_STRING_free(wrap_str); err: OPENSSL_free(penc); diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index b07af92bad8..fd6c5d70779 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -281,8 +281,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), - V_ASN1_UNDEF, NULL); + (void)X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), + V_ASN1_UNDEF, NULL); /* cannot fail */ } /* See if custom parameters set */ @@ -365,9 +365,9 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) goto err; ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str); - - rv = 1; + rv = X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str); + if (!rv) + ASN1_STRING_free(wrap_str); err: OPENSSL_free(penc); @@ -394,7 +394,7 @@ int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) { assert(verify == 0 || verify == 1); - if (verify == 0) { + if (!verify) { int snid, hnid; X509_ALGOR *alg1, *alg2; EVP_PKEY *pkey = si->pkey; @@ -407,7 +407,7 @@ int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + return X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, NULL); } return 1; } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index ca8f84f14a1..6374e20c4f5 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -730,8 +730,8 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, kekri->kekid->other->keyAttr = otherType; } - X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, - OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid), + V_ASN1_UNDEF, NULL); /* cannot fail */ return ri; diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index eafa1788dec..64fab3e3928 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -123,10 +123,10 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } + if (pad_mode == RSA_PKCS1_PADDING) + return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, NULL); + /* Not supported */ if (pad_mode != RSA_PKCS1_OAEP_PADDING) return 0; @@ -160,8 +160,9 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) } /* create string with pss parameter encoding. */ if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) - goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); + goto err; + if (!X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os)) + goto err; os = NULL; rv = 1; err: @@ -196,18 +197,21 @@ static int rsa_cms_sign(CMS_SignerInfo *si) if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } + if (pad_mode == RSA_PKCS1_PADDING) + return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, NULL); + /* We don't support it */ if (pad_mode != RSA_PKCS1_PSS_PADDING) return 0; os = ossl_rsa_ctx_to_pss_string(pkctx); if (os == NULL) return 0; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); - return 1; + if (X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), + V_ASN1_SEQUENCE, os)) + return 1; + ASN1_STRING_free(os); + return 0; } static int rsa_cms_verify(CMS_SignerInfo *si) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 7a77a0870ae..8985be4fb4f 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -354,6 +354,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (md == NULL) { int def_nid; + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) goto err; md = EVP_get_digestbynid(def_nid); @@ -363,11 +364,6 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - if (!md) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); - goto err; - } - if (md == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); goto err; @@ -388,8 +384,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { - alg = X509_ALGOR_new(); - if (alg == NULL) + if ((alg = X509_ALGOR_new()) == NULL) goto merr; X509_ALGOR_set_md(alg, md); if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 9f9bf75aeda..1e3d220b830 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -561,17 +561,23 @@ static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, return 2; } +static int ecd_item_sign(X509_ALGOR *alg1, X509_ALGOR *alg2, int nid) +{ + /* Note that X509_ALGOR_set0(..., ..., V_ASN1_UNDEF, ...) cannot fail */ + /* Set algorithms identifiers */ + (void)X509_ALGOR_set0(alg1, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + if (alg2 != NULL) + (void)X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + /* Algorithm identifiers set: carry on as normal */ + return 3; +} + static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *str) { - /* Set algorithms identifiers */ - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - if (alg2) - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - /* Algorithm identifiers set: carry on as normal */ - return 3; + return ecd_item_sign(alg1, alg2, NID_ED25519); } static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg, @@ -587,12 +593,7 @@ static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *str) { - /* Set algorithm identifier */ - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); - if (alg2 != NULL) - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); - /* Algorithm identifier set: carry on as normal */ - return 3; + return ecd_item_sign(alg1, alg2, NID_ED448); } static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg, diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index c32a6666260..61ecade42d9 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -305,7 +305,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) static int pkcs7_ecdsa_or_dsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, int verify) { - if (verify == 0) { + if (!verify) { int snid, hnid; X509_ALGOR *alg1, *alg2; EVP_PKEY *pkey = si->pkey; @@ -318,19 +318,20 @@ static int pkcs7_ecdsa_or_dsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, return -1; if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey))) return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + return X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, NULL); } return 1; } static int pkcs7_rsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, int verify) { - if (verify == 0) { + if (!verify) { X509_ALGOR *alg = NULL; PKCS7_SIGNER_INFO_get0_algs(si, NULL, NULL, &alg); if (alg != NULL) - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); + return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, NULL); } return 1; } @@ -342,10 +343,10 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, /* We now need to add another PKCS7_SIGNER_INFO entry */ if (!ASN1_INTEGER_set(p7i->version, 1)) - goto err; + return 0; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509))) - goto err; + return 0; /* * because ASN1_INTEGER_set is used to set a 'long' we will do things the @@ -354,7 +355,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(x509)))) - goto err; + return 0; /* lets keep the pkey around for a while */ EVP_PKEY_up_ref(pkey); @@ -362,8 +363,9 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, /* Set the algorithms */ - X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(dgst)), - V_ASN1_NULL, NULL); + if (!X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(dgst)), + V_ASN1_NULL, NULL)) + return 0; if (EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "DSA")) return pkcs7_ecdsa_or_dsa_sign_verify_setup(p7i, 0); @@ -380,7 +382,6 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, } } ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - err: return 0; } @@ -598,10 +599,11 @@ static int pkcs7_rsa_encrypt_decrypt_setup(PKCS7_RECIP_INFO *ri, int decrypt) { X509_ALGOR *alg = NULL; - if (decrypt == 0) { + if (!decrypt) { PKCS7_RECIP_INFO_get0_alg(ri, &alg); if (alg != NULL) - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); + return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, NULL); } return 1; } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 043f5097233..55b7216d63d 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -636,23 +636,29 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, if (pad_mode == RSA_PKCS1_PADDING) return 2; if (pad_mode == RSA_PKCS1_PSS_PADDING) { - ASN1_STRING *os1 = NULL; - os1 = ossl_rsa_ctx_to_pss_string(pkctx); - if (!os1) + ASN1_STRING *os1 = ossl_rsa_ctx_to_pss_string(pkctx); + + if (os1 == NULL) return 0; /* Duplicate parameters if we have to */ - if (alg2) { + if (alg2 != NULL) { ASN1_STRING *os2 = ASN1_STRING_dup(os1); - if (!os2) { - ASN1_STRING_free(os1); - return 0; + + if (os2 == NULL) + goto err; + if (!X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), + V_ASN1_SEQUENCE, os2)) { + ASN1_STRING_free(os2); + goto err; } - X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os2); } - X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os1); + if (!X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), + V_ASN1_SEQUENCE, os1)) + goto err; return 3; + err: + ASN1_STRING_free(os1); + return 0; } return 2; } diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod index 7696fc61cc8..bcda8b29180 100644 --- a/doc/man3/X509_ALGOR_dup.pod +++ b/doc/man3/X509_ALGOR_dup.pod @@ -2,7 +2,10 @@ =head1 NAME -X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions +X509_ALGOR_dup, +X509_ALGOR_set0, X509_ALGOR_get0, +X509_ALGOR_set_md, X509_ALGOR_cmp, +X509_ALGOR_copy - AlgorithmIdentifier functions =head1 SYNOPSIS @@ -18,23 +21,24 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_ =head1 DESCRIPTION -X509_ALGOR_dup() returns a copy of B. +X509_ALGOR_dup() returns a copy of I. -X509_ALGOR_set0() sets the algorithm OID of B to B and the -associated parameter type to B with value B. If B is -B the parameter is omitted, otherwise B and B have -the same meaning as the B and B parameters to ASN1_TYPE_set(). +X509_ALGOR_set0() sets the algorithm OID of I to I and the +associated parameter type to I with value I. If I is +B the parameter is omitted, otherwise I and I have +the same meaning as the I and I parameters to ASN1_TYPE_set(). All the supplied parameters are used internally so must B be freed after -this call. +this call succeeded; +otherwise ownership remains with the caller and I remains untouched. X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the -algorithm OID in B<*paobj> and the associated parameter in B<*pptype> -and B<*ppval> from the B B. +algorithm OID in I<*paobj> and the associated parameter in I<*pptype> +and I<*ppval> from the B I. -X509_ALGOR_set_md() sets the B B to appropriate -values for the message digest B. +X509_ALGOR_set_md() sets the B I to appropriate +values for the message digest I. -X509_ALGOR_cmp() compares B and B and returns 0 if they have identical +X509_ALGOR_cmp() compares I and I and returns 0 if they have identical encodings and nonzero otherwise. X509_ALGOR_copy() copies the source values into the dest structs; making