diff options
author | Richard Levitte <levitte@openssl.org> | 2021-03-10 12:58:53 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-04-18 10:10:24 +0200 |
commit | ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch) | |
tree | 67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto/pkcs7 | |
parent | 42423ac9611e0cbb02c93b3c5661328f324f9d08 (diff) |
Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()
The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.
Fixes #14278
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Diffstat (limited to 'crypto/pkcs7')
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 15 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_lib.c | 21 |
2 files changed, 23 insertions, 13 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 832b4a39b3..c8e6c798b4 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -8,12 +8,13 @@ */ #include <stdio.h> -#include "internal/cryptlib.h" #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/err.h> +#include "internal/cryptlib.h" +#include "internal/sizes.h" #include "pk7_local.h" static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, @@ -57,7 +58,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, const PKCS7_CTX *ctx) { BIO *btmp; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; EVP_MD *fetched = NULL; const EVP_MD *md; @@ -66,7 +67,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, goto err; } - name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm)); + OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0); (void)ERR_set_mark(); fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, @@ -404,7 +405,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7_RECIP_INFO *ri = NULL; unsigned char *ek = NULL, *tkey = NULL; int eklen = 0, tkeylen = 0; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; const PKCS7_CTX *p7_ctx; OSSL_LIB_CTX *libctx; const char *propq; @@ -448,7 +449,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; - name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)); + OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); (void)ERR_set_mark(); evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); @@ -469,7 +470,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) enc_alg = p7->d.enveloped->enc_data->algorithm; /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; - name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)); + OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); (void)ERR_set_mark(); evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); @@ -505,7 +506,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } - name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm)); + OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0); (void)ERR_set_mark(); evp_md = EVP_MD_fetch(libctx, name, propq); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 6b941c53c4..bf959a28d2 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -187,7 +187,8 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { - int i, j, nid; + int i, j; + ASN1_OBJECT *obj; X509_ALGOR *alg; STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; STACK_OF(X509_ALGOR) *md_sk; @@ -207,27 +208,35 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) return 0; } - nid = OBJ_obj2nid(psi->digest_alg->algorithm); - + obj = psi->digest_alg->algorithm; /* If the digest is not currently listed, add it */ j = 0; for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { alg = sk_X509_ALGOR_value(md_sk, i); - if (OBJ_obj2nid(alg->algorithm) == nid) { + if (OBJ_cmp(obj, alg->algorithm) == 0) { j = 1; break; } } if (!j) { /* we need to add another algorithm */ + int nid; + if ((alg = X509_ALGOR_new()) == NULL || (alg->parameter = ASN1_TYPE_new()) == NULL) { X509_ALGOR_free(alg); ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); return 0; } - alg->algorithm = OBJ_nid2obj(nid); + /* + * If there is a constant copy of the ASN1 OBJECT in libcrypto, then + * use that. Otherwise, use a dynamically duplicated copy + */ + if ((nid = OBJ_obj2nid(obj)) != NID_undef) + alg->algorithm = OBJ_nid2obj(nid); + else + alg->algorithm = OBJ_dup(obj); alg->parameter->type = V_ASN1_NULL; - if (!sk_X509_ALGOR_push(md_sk, alg)) { + if (alg->algorithm == NULL || !sk_X509_ALGOR_push(md_sk, alg)) { X509_ALGOR_free(alg); return 0; } |