diff options
author | Theo Buehler <theorbuehler@gmail.com> | 2024-03-17 14:46:22 +1000 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-03-21 01:23:48 +0000 |
commit | c99364a313795b2baaa40bd0683a05ae2e1cd993 (patch) | |
tree | 6e61ce861d27bccf0e442621e03b0d01679e2005 /include | |
parent | a200650ac344338f9af86822266984804eb86370 (diff) | |
download | boringssl-c99364a313795b2baaa40bd0683a05ae2e1cd993.zip boringssl-c99364a313795b2baaa40bd0683a05ae2e1cd993.tar.gz boringssl-c99364a313795b2baaa40bd0683a05ae2e1cd993.tar.bz2 |
Fix X509_ALGOR_set_md()
This API allocates internally and can leave a corrupted |alg| behind.
Change it to return an int so that callers can check for an error.
Also fix its only caller in rsa_md_to_algor().
This is an ABI change but will not break any callers.
Also add a small regress test for this API.
Change-Id: I7a5d1729dcd4c7726c3d4ead3740d478231f3611
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67187
Commit-Queue: Theo Buehler <theorbuehler@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 414451f..a072d6f 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -2696,7 +2696,7 @@ OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj, // X509_ALGOR_set_md sets |alg| to the hash function |md|. Note this // AlgorithmIdentifier represents the hash function itself, not a signature -// algorithm that uses |md|. +// algorithm that uses |md|. It returns one on success and zero on error. // // Due to historical specification mistakes (see Section 2.1 of RFC 4055), the // parameters field is sometimes omitted and sometimes a NULL value. When used @@ -2707,7 +2707,7 @@ OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj, // // TODO(davidben): Rename this function, or perhaps just add a bespoke API for // constructing PSS and move on. -OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +OPENSSL_EXPORT int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); // X509_ALGOR_cmp returns zero if |a| and |b| are equal, and some non-zero value // otherwise. Note this function can only be used for equality checks, not an |