diff options
author | Richard Levitte <levitte@openssl.org> | 2021-03-10 12:58:53 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-04-18 10:10:24 +0200 |
commit | ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch) | |
tree | 67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto/crmf | |
parent | 42423ac9611e0cbb02c93b3c5661328f324f9d08 (diff) | |
download | openssl-new-ad57a13bb86949a9e9adc7a2960e3f39e3e5b284.tar.gz |
Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()
The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.
Fixes #14278
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Diffstat (limited to 'crypto/crmf')
-rw-r--r-- | crypto/crmf/crmf_lib.c | 7 | ||||
-rw-r--r-- | crypto/crmf/crmf_pbm.c | 16 |
2 files changed, 11 insertions, 12 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index cb443ff850..4a4c30c386 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -594,7 +594,6 @@ X509 unsigned char *iv = NULL; /* initial vector for symmetric encryption */ unsigned char *outbuf = NULL; /* decryption output buffer */ const unsigned char *p = NULL; /* needed for decoding ASN1 */ - int symmAlg = 0; /* NIDs for symmetric algorithm */ int n, outlen = 0; EVP_PKEY_CTX *pkctx = NULL; /* private key context */ @@ -603,12 +602,8 @@ X509 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } - if ((symmAlg = OBJ_obj2nid(ecert->symmAlg->algorithm)) == 0) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); - return NULL; - } /* select symmetric cipher based on algorithm given in message */ - if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) { + if ((cipher = EVP_get_cipherbyobj(ecert->symmAlg->algorithm)) == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); goto end; } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 78ab486e2d..40a41c28b2 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -17,8 +17,6 @@ #include <openssl/rand.h> #include <openssl/evp.h> -#include "crmf_local.h" - /* explicit #includes not strictly needed since implied by the above: */ #include <openssl/asn1t.h> #include <openssl/crmf.h> @@ -27,6 +25,10 @@ #include <openssl/params.h> #include <openssl/core_names.h> +#include "internal/sizes.h" + +#include "crmf_local.h" + /*- * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4) * |slen| SHOULD be at least 8 (16 is common) @@ -130,7 +132,8 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, unsigned char **out, size_t *outlen) { int mac_nid, hmac_md_nid = NID_undef; - const char *mdname; + char mdname[OSSL_MAX_NAME_SIZE]; + char hmac_mdname[OSSL_MAX_NAME_SIZE]; EVP_MD *owf = NULL; EVP_MD_CTX *ctx = NULL; unsigned char basekey[EVP_MAX_MD_SIZE]; @@ -155,7 +158,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, * compute the key used in the MAC process. All implementations MUST * support SHA-1. */ - mdname = OBJ_nid2sn(OBJ_obj2nid(pbmp->owf->algorithm)); + OBJ_obj2txt(mdname, sizeof(mdname), pbmp->owf->algorithm, 0); if ((owf = EVP_MD_fetch(libctx, mdname, propq)) == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; @@ -200,13 +203,14 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, mac_nid = OBJ_obj2nid(pbmp->mac->algorithm); if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL) - || (mdname = OBJ_nid2sn(hmac_md_nid)) == NULL) { + || !OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname), + OBJ_nid2obj(hmac_md_nid), 0)) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)mdname, 0); + (char *)hmac_mdname, 0); if ((mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL || (mctx = EVP_MAC_CTX_new(mac)) == NULL || !EVP_MAC_CTX_set_params(mctx, macparams) |