Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()

The intention is to allow for OIDs for which libcrypto has no information, but are still fetchable for OSSL_ALGORITHM implementations that specify an OID amongst their names. Fixes #14278 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
author: Richard Levitte <levitte@openssl.org> 2021-03-10 12:58:53 +0100
committer: Richard Levitte <levitte@openssl.org> 2021-04-18 10:10:24 +0200
commit: ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch)
tree: 67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto/cms
parent: 42423ac9611e0cbb02c93b3c5661328f324f9d08 (diff)
6 files changed, 32 insertions, 22 deletions
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index 95ce8e8351..36714766d2 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -12,8 +12,9 @@
 #include <openssl/dh.h>
 #include <openssl/err.h>
 #include <openssl/core_names.h>
-#include "cms_local.h"
+#include "internal/sizes.h"
 #include "crypto/evp.h"
+#include "cms_local.h"
 
 static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
                               X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
@@ -87,7 +88,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     int keylen, plen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         goto err;
@@ -117,8 +118,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     if (kekctx == NULL)
         goto err;
 
-    name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm));
-    if (name == NULL)
+    if (!OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0))
         goto err;
 
     kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index 096eafd815..4994260af8 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -11,8 +11,9 @@
 #include <openssl/cms.h>
 #include <openssl/err.h>
 #include <openssl/decoder.h>
-#include "cms_local.h"
+#include "internal/sizes.h"
 #include "crypto/evp.h"
+#include "cms_local.h"
 
 static EVP_PKEY *pkey_type2param(int ptype, const void *pval,
                                  OSSL_LIB_CTX *libctx, const char *propq)
@@ -36,14 +37,13 @@ static EVP_PKEY *pkey_type2param(int ptype, const void *pval,
         OSSL_DECODER_CTX_free(ctx);
     } else if (ptype == V_ASN1_OBJECT) {
         const ASN1_OBJECT *poid = pval;
-        const char *groupname;
+        char groupname[OSSL_MAX_NAME_SIZE];
 
         /* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID */
         pctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", propq);
         if (pctx == NULL || EVP_PKEY_paramgen_init(pctx) <= 0)
             goto err;
-        groupname = OBJ_nid2sn(OBJ_obj2nid(poid));
-        if (groupname == NULL
+        if (!OBJ_obj2txt(groupname, sizeof(groupname), poid, 0)
                 || !EVP_PKEY_CTX_set_group_name(pctx, groupname)) {
             ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR);
             goto err;
@@ -159,7 +159,7 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     int plen, keylen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         return 0;
@@ -180,7 +180,7 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
     if (kekctx == NULL)
         goto err;
-    name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm));
+    OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0);
     kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
     if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
         goto err;
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 79efd67ba3..29bbd0c36d 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -14,6 +14,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/evp.h>
+#include "internal/sizes.h"
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 #include "crypto/x509.h"
@@ -538,7 +539,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
     if (cms->d.envelopedData->encryptedContentInfo->havenocert
             && !cms->d.envelopedData->encryptedContentInfo->debug) {
         X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
-        const char *name = OBJ_nid2sn(OBJ_obj2nid(calg->algorithm));
+        char name[OSSL_MAX_NAME_SIZE];
+
+        OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0);
 
         (void)ERR_set_mark();
         fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 33127cc88c..cfde2215bd 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -15,6 +15,7 @@
 #include <openssl/asn1.h>
 #include <openssl/cms.h>
 #include <openssl/cms.h>
+#include "internal/sizes.h"
 #include "crypto/x509.h"
 #include "cms_local.h"
 
@@ -403,10 +404,10 @@ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
     const ASN1_OBJECT *digestoid;
     const EVP_MD *digest = NULL;
     EVP_MD *fetched_digest = NULL;
-    const char *alg;
+    char alg[OSSL_MAX_NAME_SIZE];
 
     X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
-    alg = OBJ_nid2sn(OBJ_obj2nid(digestoid));
+    OBJ_obj2txt(alg, sizeof(alg), digestoid, 0);
 
     (void)ERR_set_mark();
     fetched_digest = EVP_MD_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index cea1e404c0..a278280563 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -15,8 +15,9 @@
 #include <openssl/cms.h>
 #include <openssl/rand.h>
 #include <openssl/aes.h>
-#include "cms_local.h"
+#include "internal/sizes.h"
 #include "crypto/asn1.h"
+#include "cms_local.h"
 
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
                                     unsigned char *pass, ossl_ssize_t passlen)
@@ -286,7 +287,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
     int r = 0;
     X509_ALGOR *algtmp, *kekalg = NULL;
     EVP_CIPHER_CTX *kekctx = NULL;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
     EVP_CIPHER *kekcipher;
     unsigned char *key = NULL;
     size_t keylen;
@@ -315,7 +316,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
         return 0;
     }
 
-    name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm));
+    OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0);
     kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), name,
                                  ossl_cms_ctx_get0_propq(cms_ctx));
 
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 2b232aa700..898916d548 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -15,12 +15,13 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/ess.h>
-#include "cms_local.h"
+#include "internal/sizes.h"
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 #include "crypto/cms.h"
 #include "crypto/ess.h"
 #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */
+#include "cms_local.h"
 
 /* CMS SignedData Utilities */
 
@@ -328,9 +329,12 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
     /* See if digest is present in digestAlgorithms */
     for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
         const ASN1_OBJECT *aoid;
+        char name[OSSL_MAX_NAME_SIZE];
+
         alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
         X509_ALGOR_get0(&aoid, NULL, NULL, alg);
-        if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+        OBJ_obj2txt(name, sizeof(name), aoid, 0);
+        if (EVP_MD_is_a(md, name))
             break;
     }
 
@@ -724,9 +728,10 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
     int alen;
     size_t siglen;
     const CMS_CTX *ctx = si->cms_ctx;
-    const char *md_name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
+    char md_name[OSSL_MAX_NAME_SIZE];
 
-    if (md_name == NULL)
+    if (!OBJ_obj2txt(md_name, sizeof(md_name),
+                     si->digestAlgorithm->algorithm, 0))
         return 0;
 
     if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
@@ -781,7 +786,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
     EVP_MD_CTX *mctx = NULL;
     unsigned char *abuf = NULL;
     int alen, r = -1;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
     const EVP_MD *md;
     EVP_MD *fetched_md = NULL;
     const CMS_CTX *ctx = si->cms_ctx;
@@ -796,7 +801,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
     if (!ossl_cms_si_check_attributes(si))
         return -1;
 
-    name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
+    OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0);
 
     (void)ERR_set_mark();
     fetched_md = EVP_MD_fetch(libctx, name, propq);
author	Richard Levitte <levitte@openssl.org>	2021-03-10 12:58:53 +0100
committer	Richard Levitte <levitte@openssl.org>	2021-04-18 10:10:24 +0200
commit	ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch)
tree	67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto/cms
parent	42423ac9611e0cbb02c93b3c5661328f324f9d08 (diff)