From c99364a313795b2baaa40bd0683a05ae2e1cd993 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Sun, 17 Mar 2024 14:46:22 +1000 Subject: Fix X509_ALGOR_set_md() This API allocates internally and can leave a corrupted |alg| behind. Change it to return an int so that callers can check for an error. Also fix its only caller in rsa_md_to_algor(). This is an ABI change but will not break any callers. Also add a small regress test for this API. Change-Id: I7a5d1729dcd4c7726c3d4ead3740d478231f3611 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67187 Commit-Queue: Theo Buehler Commit-Queue: David Benjamin Reviewed-by: Bob Beck Reviewed-by: David Benjamin --- include/openssl/x509.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 414451f..a072d6f 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -2696,7 +2696,7 @@ OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj, // X509_ALGOR_set_md sets |alg| to the hash function |md|. Note this // AlgorithmIdentifier represents the hash function itself, not a signature -// algorithm that uses |md|. +// algorithm that uses |md|. It returns one on success and zero on error. // // Due to historical specification mistakes (see Section 2.1 of RFC 4055), the // parameters field is sometimes omitted and sometimes a NULL value. When used @@ -2707,7 +2707,7 @@ OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj, // // TODO(davidben): Rename this function, or perhaps just add a bespoke API for // constructing PSS and move on. -OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +OPENSSL_EXPORT int X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); // X509_ALGOR_cmp returns zero if |a| and |b| are equal, and some non-zero value // otherwise. Note this function can only be used for equality checks, not an -- cgit v1.1