Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()

The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.

Fixes #14278

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

2 files changed, 11 insertions, 12 deletions

diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index cb443ff850..4a4c30c386 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -594,7 +594,6 @@ X509
     unsigned char *iv = NULL; /* initial vector for symmetric encryption */
     unsigned char *outbuf = NULL; /* decryption output buffer */
     const unsigned char *p = NULL; /* needed for decoding ASN1 */
-    int symmAlg = 0; /* NIDs for symmetric algorithm */
     int n, outlen = 0;
     EVP_PKEY_CTX *pkctx = NULL; /* private key context */
 
@@ -603,12 +602,8 @@ X509
         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
         return NULL;
     }
-    if ((symmAlg = OBJ_obj2nid(ecert->symmAlg->algorithm)) == 0) {
-        ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER);
-        return NULL;
-    }
     /* select symmetric cipher based on algorithm given in message */
-    if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) {
+    if ((cipher = EVP_get_cipherbyobj(ecert->symmAlg->algorithm)) == NULL) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER);
         goto end;
     }
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index 78ab486e2d..40a41c28b2 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -17,8 +17,6 @@
 #include <openssl/rand.h>
 #include <openssl/evp.h>
 
-#include "crmf_local.h"
-
 /* explicit #includes not strictly needed since implied by the above: */
 #include <openssl/asn1t.h>
 #include <openssl/crmf.h>
@@ -27,6 +25,10 @@
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 
+#include "internal/sizes.h"
+
+#include "crmf_local.h"
+
 /*-
  * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4)
  * |slen| SHOULD be at least 8 (16 is common)
@@ -130,7 +132,8 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
                       unsigned char **out, size_t *outlen)
 {
     int mac_nid, hmac_md_nid = NID_undef;
-    const char *mdname;
+    char mdname[OSSL_MAX_NAME_SIZE];
+    char hmac_mdname[OSSL_MAX_NAME_SIZE];
     EVP_MD *owf = NULL;
     EVP_MD_CTX *ctx = NULL;
     unsigned char basekey[EVP_MAX_MD_SIZE];
@@ -155,7 +158,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
      * compute the key used in the MAC process.  All implementations MUST
      * support SHA-1.
      */
-    mdname = OBJ_nid2sn(OBJ_obj2nid(pbmp->owf->algorithm));
+    OBJ_obj2txt(mdname, sizeof(mdname), pbmp->owf->algorithm, 0);
     if ((owf = EVP_MD_fetch(libctx, mdname, propq)) == NULL) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
         goto err;
@@ -200,13 +203,14 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
     mac_nid = OBJ_obj2nid(pbmp->mac->algorithm);
 
     if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL)
-            || (mdname = OBJ_nid2sn(hmac_md_nid)) == NULL) {
+        || !OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname),
+                        OBJ_nid2obj(hmac_md_nid), 0)) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM);
         goto err;
     }
 
     macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
-                                                    (char *)mdname, 0);
+                                                    (char *)hmac_mdname, 0);
     if ((mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL
             || (mctx = EVP_MAC_CTX_new(mac)) == NULL
             || !EVP_MAC_CTX_set_params(mctx, macparams)