From: Dr. David von Oheimb Date: Thu, 13 Jan 2022 16:19:24 +0000 (+0100) Subject: X509_ALGOR_set_md(): Add return value to indicate success or failure X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8db264938403d29ee57963b8ae105375bc138702;p=thirdparty%2Fopenssl.git X509_ALGOR_set_md(): Add return value to indicate success or failure Reviewed-by: Dmitry Belyavskiy Reviewed-by: Nikola Pajkovsky (Merged from https://github.com/openssl/openssl/pull/17495) --- diff --git a/CHANGES.md b/CHANGES.md index b6e40fa1fc8..236eaf73e6f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -123,6 +123,10 @@ OpenSSL 4.0 *David von Oheimb* +* `X509_ALGOR_set_md()` now returns a value indicating success or failure. + + *David von Oheimb* + * Drop darwin-i386{,-cc} and darwin-ppc{,64}{,-cc} targets from Configurations. *Daniel Kubec and Eugene Syromiatnikov* diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index f8faf7209b1..ccd5ffabb7e 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -85,12 +85,12 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, } /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ -void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) +int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) { int type = md->flags & EVP_MD_FLAG_DIGALGID_ABSENT ? V_ASN1_UNDEF : V_ASN1_NULL; - (void)X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), type, NULL); + return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), type, NULL); } int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) @@ -148,7 +148,10 @@ int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md) return 1; if ((alg = X509_ALGOR_new()) == NULL) return 0; - X509_ALGOR_set_md(alg, md); + if (!X509_ALGOR_set_md(alg, md)) { + X509_ALGOR_free(alg); + return 0; + } *palg = alg; return 1; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index aff9af63caf..0dada2d08bb 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -39,7 +39,8 @@ CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, dd->version = 0; dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); - X509_ALGOR_set_md(dd->digestAlgorithm, md); + if (!X509_ALGOR_set_md(dd->digestAlgorithm, md)) + goto err; return cms; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 8e60e6e559c..2fd66e08ac0 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -625,7 +625,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (ossl_cms_adjust_md(pk, &md, flags) != 1) goto err; - X509_ALGOR_set_md(si->digestAlgorithm, md); + if (!X509_ALGOR_set_md(si->digestAlgorithm, md)) + goto err; /* See if digest is present in digestAlgorithms */ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { @@ -639,12 +640,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, break; } if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { - if ((alg = X509_ALGOR_new()) == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB); - goto err; - } - X509_ALGOR_set_md(alg, md); - if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { + if ((alg = X509_ALGOR_new()) == NULL + || !X509_ALGOR_set_md(alg, md) + || !sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { X509_ALGOR_free(alg); ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB); goto err; diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 0486beffc40..03bd5a0937a 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -186,12 +186,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, if (!EVP_MD_is_a(hash_alg, SN_sha256)) { alg = X509_ALGOR_new(); - if (alg == NULL) { - ERR_raise(ERR_LIB_ESS, ERR_R_ASN1_LIB); - goto err; - } - X509_ALGOR_set_md(alg, hash_alg); - if (alg->algorithm == NULL) { + if (alg == NULL || !X509_ALGOR_set_md(alg, hash_alg) || alg->algorithm == NULL) { ERR_raise(ERR_LIB_ESS, ERR_R_ASN1_LIB); goto err; } diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod index 6133735ea59..11198fb80d7 100644 --- a/doc/man3/X509_ALGOR_dup.pod +++ b/doc/man3/X509_ALGOR_dup.pod @@ -15,7 +15,7 @@ X509_ALGOR_copy - AlgorithmIdentifier functions int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *alg); - void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); + int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); @@ -49,16 +49,19 @@ a duplicate of each (and free any thing pointed to from within *dest). X509_ALGOR_dup() returns a valid B structure or NULL if an error occurred. -X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error. +X509_ALGOR_set0(), X509_ALGOR_set_md(), and X509_ALGOR_copy() +return 1 on success or 0 on error. -X509_ALGOR_get0() and X509_ALGOR_set_md() return no values. +X509_ALGOR_get0() returns no values. X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and nonzero otherwise. =head1 HISTORY -The X509_ALGOR_copy() was added in 1.1.1e. +X509_ALGOR_copy() was added in OpenSSL 1.1.1e. + +X509_ALGOR_set_md() returns a value since OpenSSL 4.0. =head1 COPYRIGHT diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 1a62dfad8a2..0ecf8c9049c 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -488,7 +488,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); -void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);