From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 3 Oct 2023 17:17:21 +0000 (-0600)
Subject: Call X509_ALGOR_get0() instead of dereferencing ASN1_OBJECT
X-Git-Tag: 1.6.0~55
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fe8fef29c4bcd8e7e44a7839f6da37d469c00138;p=thirdparty%2FFORT-validator.git

Call X509_ALGOR_get0() instead of dereferencing ASN1_OBJECT

Seems to be the formal way of doing it.
---

diff --git a/src/algorithm.c b/src/algorithm.c
index f5199bdb..fb8d0f63 100644
--- a/src/algorithm.c
+++ b/src/algorithm.c
@@ -37,14 +37,17 @@ validate_certificate_signature_algorithm(int nid, char const *what)
 int
 validate_certificate_public_key_algorithm(X509_ALGOR *pa)
 {
+	ASN1_OBJECT const *algorithm;
 	int nid;
 
+	X509_ALGOR_get0(&algorithm, NULL, NULL, pa);
+
 	/*
 	 * RFC says sha256WithRSAEncryption, but current IETF concensus (and
 	 * practice) say that the right one is rsaEncryption.
 	 * https://mailarchive.ietf.org/arch/browse/sidr/
 	 */
-	nid = OBJ_obj2nid(pa->algorithm);
+	nid = OBJ_obj2nid(algorithm);
 	if (nid == NID_rsaEncryption)
 		return 0;