Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()

The intention is to allow for OIDs for which libcrypto has no information, but are still fetchable for OSSL_ALGORITHM implementations that specify an OID amongst their names. Fixes #14278 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
author: Richard Levitte <levitte@openssl.org> 2021-03-10 12:58:53 +0100
committer: Richard Levitte <levitte@openssl.org> 2021-04-18 10:10:24 +0200
commit: ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch)
tree: 67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto/pkcs7
parent: 42423ac9611e0cbb02c93b3c5661328f324f9d08 (diff)
2 files changed, 23 insertions, 13 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 832b4a39b3..c8e6c798b4 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -8,12 +8,13 @@
  */
 
 #include <stdio.h>
-#include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
+#include "internal/cryptlib.h"
+#include "internal/sizes.h"
 #include "pk7_local.h"
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
@@ -57,7 +58,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
                                 const PKCS7_CTX *ctx)
 {
     BIO *btmp;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
     EVP_MD *fetched = NULL;
     const EVP_MD *md;
 
@@ -66,7 +67,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
         goto err;
     }
 
-    name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm));
+    OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0);
 
     (void)ERR_set_mark();
     fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name,
@@ -404,7 +405,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
     PKCS7_RECIP_INFO *ri = NULL;
     unsigned char *ek = NULL, *tkey = NULL;
     int eklen = 0, tkeylen = 0;
-    const char *name;
+    char name[OSSL_MAX_NAME_SIZE];
     const PKCS7_CTX *p7_ctx;
     OSSL_LIB_CTX *libctx;
     const char *propq;
@@ -448,7 +449,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
         enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
 
-        name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
+        OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
 
         (void)ERR_set_mark();
         evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
@@ -469,7 +470,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
         enc_alg = p7->d.enveloped->enc_data->algorithm;
         /* data_body is NULL if the optional EncryptedContent is missing. */
         data_body = p7->d.enveloped->enc_data->enc_data;
-        name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm));
+        OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
 
         (void)ERR_set_mark();
         evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
@@ -505,7 +506,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 goto err;
             }
 
-            name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm));
+            OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0);
 
             (void)ERR_set_mark();
             evp_md = EVP_MD_fetch(libctx, name, propq);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 6b941c53c4..bf959a28d2 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -187,7 +187,8 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
 
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
 {
-    int i, j, nid;
+    int i, j;
+    ASN1_OBJECT *obj;
     X509_ALGOR *alg;
     STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
     STACK_OF(X509_ALGOR) *md_sk;
@@ -207,27 +208,35 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
         return 0;
     }
 
-    nid = OBJ_obj2nid(psi->digest_alg->algorithm);
-
+    obj = psi->digest_alg->algorithm;
     /* If the digest is not currently listed, add it */
     j = 0;
     for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
         alg = sk_X509_ALGOR_value(md_sk, i);
-        if (OBJ_obj2nid(alg->algorithm) == nid) {
+        if (OBJ_cmp(obj, alg->algorithm) == 0) {
             j = 1;
             break;
         }
     }
     if (!j) {                   /* we need to add another algorithm */
+        int nid;
+
         if ((alg = X509_ALGOR_new()) == NULL
             || (alg->parameter = ASN1_TYPE_new()) == NULL) {
             X509_ALGOR_free(alg);
             ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        alg->algorithm = OBJ_nid2obj(nid);
+        /*
+         * If there is a constant copy of the ASN1 OBJECT in libcrypto, then
+         * use that.  Otherwise, use a dynamically duplicated copy
+         */
+        if ((nid = OBJ_obj2nid(obj)) != NID_undef)
+            alg->algorithm = OBJ_nid2obj(nid);
+        else
+            alg->algorithm = OBJ_dup(obj);
         alg->parameter->type = V_ASN1_NULL;
-        if (!sk_X509_ALGOR_push(md_sk, alg)) {
+        if (alg->algorithm == NULL || !sk_X509_ALGOR_push(md_sk, alg)) {
             X509_ALGOR_free(alg);
             return 0;
         }
author	Richard Levitte <levitte@openssl.org>	2021-03-10 12:58:53 +0100
committer	Richard Levitte <levitte@openssl.org>	2021-04-18 10:10:24 +0200
commit	ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch)
tree	67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto/pkcs7
parent	42423ac9611e0cbb02c93b3c5661328f324f9d08 (diff)