diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-03-10 12:58:53 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-04-18 10:10:24 +0200 |
| commit | ad57a13bb86949a9e9adc7a2960e3f39e3e5b284 (patch) | |
| tree | 67bfce29a5498715b5979c7b8f19baa3f313ddd8 /crypto | |
| parent | TEST: Modify how the retrieved digest name for SM2 digestsign is checked (diff) | |
| download | openssl-ad57a13bb86949a9e9adc7a2960e3f39e3e5b284.tar.xz openssl-ad57a13bb86949a9e9adc7a2960e3f39e3e5b284.zip | |
Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()
The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.
Fixes #14278
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cms/cms_dh.c | 8 | ||||
| -rw-r--r-- | crypto/cms/cms_ec.c | 12 | ||||
| -rw-r--r-- | crypto/cms/cms_env.c | 5 | ||||
| -rw-r--r-- | crypto/cms/cms_lib.c | 5 | ||||
| -rw-r--r-- | crypto/cms/cms_pwri.c | 7 | ||||
| -rw-r--r-- | crypto/cms/cms_sd.c | 17 | ||||
| -rw-r--r-- | crypto/crmf/crmf_lib.c | 7 | ||||
| -rw-r--r-- | crypto/crmf/crmf_pbm.c | 16 | ||||
| -rw-r--r-- | crypto/dh/dh_kdf.c | 9 | ||||
| -rw-r--r-- | crypto/evp/ctrl_params_translate.c | 3 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 15 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_lib.c | 21 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_sign.c | 11 |
13 files changed, 76 insertions, 60 deletions
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 95ce8e8351..36714766d2 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -12,8 +12,9 @@ #include <openssl/dh.h> #include <openssl/err.h> #include <openssl/core_names.h> -#include "cms_local.h" +#include "internal/sizes.h" #include "crypto/evp.h" +#include "cms_local.h" static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) @@ -87,7 +88,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) int keylen, plen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) goto err; @@ -117,8 +118,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) if (kekctx == NULL) goto err; - name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm)); - if (name == NULL) + if (!OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0)) goto err; kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index 096eafd815..4994260af8 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -11,8 +11,9 @@ #include <openssl/cms.h> #include <openssl/err.h> #include <openssl/decoder.h> -#include "cms_local.h" +#include "internal/sizes.h" #include "crypto/evp.h" +#include "cms_local.h" static EVP_PKEY *pkey_type2param(int ptype, const void *pval, OSSL_LIB_CTX *libctx, const char *propq) @@ -36,14 +37,13 @@ static EVP_PKEY *pkey_type2param(int ptype, const void *pval, OSSL_DECODER_CTX_free(ctx); } else if (ptype == V_ASN1_OBJECT) { const ASN1_OBJECT *poid = pval; - const char *groupname; + char groupname[OSSL_MAX_NAME_SIZE]; /* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID */ pctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", propq); if (pctx == NULL || EVP_PKEY_paramgen_init(pctx) <= 0) goto err; - groupname = OBJ_nid2sn(OBJ_obj2nid(poid)); - if (groupname == NULL + if (!OBJ_obj2txt(groupname, sizeof(groupname), poid, 0) || !EVP_PKEY_CTX_set_group_name(pctx, groupname)) { ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR); goto err; @@ -159,7 +159,7 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) int plen, keylen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) return 0; @@ -180,7 +180,7 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); if (kekctx == NULL) goto err; - name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm)); + OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0); kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) goto err; diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 79efd67ba3..29bbd0c36d 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -14,6 +14,7 @@ #include <openssl/err.h> #include <openssl/cms.h> #include <openssl/evp.h> +#include "internal/sizes.h" #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/x509.h" @@ -538,7 +539,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (cms->d.envelopedData->encryptedContentInfo->havenocert && !cms->d.envelopedData->encryptedContentInfo->debug) { X509_ALGOR *calg = ec->contentEncryptionAlgorithm; - const char *name = OBJ_nid2sn(OBJ_obj2nid(calg->algorithm)); + char name[OSSL_MAX_NAME_SIZE]; + + OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0); (void)ERR_set_mark(); fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq); diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 33127cc88c..cfde2215bd 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -15,6 +15,7 @@ #include <openssl/asn1.h> #include <openssl/cms.h> #include <openssl/cms.h> +#include "internal/sizes.h" #include "crypto/x509.h" #include "cms_local.h" @@ -403,10 +404,10 @@ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, const ASN1_OBJECT *digestoid; const EVP_MD *digest = NULL; EVP_MD *fetched_digest = NULL; - const char *alg; + char alg[OSSL_MAX_NAME_SIZE]; X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); - alg = OBJ_nid2sn(OBJ_obj2nid(digestoid)); + OBJ_obj2txt(alg, sizeof(alg), digestoid, 0); (void)ERR_set_mark(); fetched_digest = EVP_MD_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index cea1e404c0..a278280563 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -15,8 +15,9 @@ #include <openssl/cms.h> #include <openssl/rand.h> #include <openssl/aes.h> -#include "cms_local.h" +#include "internal/sizes.h" #include "crypto/asn1.h" +#include "cms_local.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, ossl_ssize_t passlen) @@ -286,7 +287,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, int r = 0; X509_ALGOR *algtmp, *kekalg = NULL; EVP_CIPHER_CTX *kekctx = NULL; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; EVP_CIPHER *kekcipher; unsigned char *key = NULL; size_t keylen; @@ -315,7 +316,7 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, return 0; } - name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm)); + OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0); kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), name, ossl_cms_ctx_get0_propq(cms_ctx)); diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 2b232aa700..898916d548 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -15,12 +15,13 @@ #include <openssl/err.h> #include <openssl/cms.h> #include <openssl/ess.h> -#include "cms_local.h" +#include "internal/sizes.h" #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/cms.h" #include "crypto/ess.h" #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ +#include "cms_local.h" /* CMS SignedData Utilities */ @@ -328,9 +329,12 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, /* See if digest is present in digestAlgorithms */ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { const ASN1_OBJECT *aoid; + char name[OSSL_MAX_NAME_SIZE]; + alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); X509_ALGOR_get0(&aoid, NULL, NULL, alg); - if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) + OBJ_obj2txt(name, sizeof(name), aoid, 0); + if (EVP_MD_is_a(md, name)) break; } @@ -724,9 +728,10 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) int alen; size_t siglen; const CMS_CTX *ctx = si->cms_ctx; - const char *md_name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm)); + char md_name[OSSL_MAX_NAME_SIZE]; - if (md_name == NULL) + if (!OBJ_obj2txt(md_name, sizeof(md_name), + si->digestAlgorithm->algorithm, 0)) return 0; if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { @@ -781,7 +786,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; const EVP_MD *md; EVP_MD *fetched_md = NULL; const CMS_CTX *ctx = si->cms_ctx; @@ -796,7 +801,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (!ossl_cms_si_check_attributes(si)) return -1; - name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm)); + OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0); (void)ERR_set_mark(); fetched_md = EVP_MD_fetch(libctx, name, propq); diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index cb443ff850..4a4c30c386 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -594,7 +594,6 @@ X509 unsigned char *iv = NULL; /* initial vector for symmetric encryption */ unsigned char *outbuf = NULL; /* decryption output buffer */ const unsigned char *p = NULL; /* needed for decoding ASN1 */ - int symmAlg = 0; /* NIDs for symmetric algorithm */ int n, outlen = 0; EVP_PKEY_CTX *pkctx = NULL; /* private key context */ @@ -603,12 +602,8 @@ X509 ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return NULL; } - if ((symmAlg = OBJ_obj2nid(ecert->symmAlg->algorithm)) == 0) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); - return NULL; - } /* select symmetric cipher based on algorithm given in message */ - if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) { + if ((cipher = EVP_get_cipherbyobj(ecert->symmAlg->algorithm)) == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); goto end; } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 78ab486e2d..40a41c28b2 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -17,8 +17,6 @@ #include <openssl/rand.h> #include <openssl/evp.h> -#include "crmf_local.h" - /* explicit #includes not strictly needed since implied by the above: */ #include <openssl/asn1t.h> #include <openssl/crmf.h> @@ -27,6 +25,10 @@ #include <openssl/params.h> #include <openssl/core_names.h> +#include "internal/sizes.h" + +#include "crmf_local.h" + /*- * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4) * |slen| SHOULD be at least 8 (16 is common) @@ -130,7 +132,8 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, unsigned char **out, size_t *outlen) { int mac_nid, hmac_md_nid = NID_undef; - const char *mdname; + char mdname[OSSL_MAX_NAME_SIZE]; + char hmac_mdname[OSSL_MAX_NAME_SIZE]; EVP_MD *owf = NULL; EVP_MD_CTX *ctx = NULL; unsigned char basekey[EVP_MAX_MD_SIZE]; @@ -155,7 +158,7 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, * compute the key used in the MAC process. All implementations MUST * support SHA-1. */ - mdname = OBJ_nid2sn(OBJ_obj2nid(pbmp->owf->algorithm)); + OBJ_obj2txt(mdname, sizeof(mdname), pbmp->owf->algorithm, 0); if ((owf = EVP_MD_fetch(libctx, mdname, propq)) == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; @@ -200,13 +203,14 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, mac_nid = OBJ_obj2nid(pbmp->mac->algorithm); if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL) - || (mdname = OBJ_nid2sn(hmac_md_nid)) == NULL) { + || !OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname), + OBJ_nid2obj(hmac_md_nid), 0)) { ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)mdname, 0); + (char *)hmac_mdname, 0); if ((mac = EVP_MAC_fetch(libctx, "HMAC", propq)) == NULL || (mctx = EVP_MAC_CTX_new(mac)) == NULL || !EVP_MAC_CTX_set_params(mctx, macparams) diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index d18e24eccb..619571537a 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -66,16 +66,11 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - int nid; - const char *key_alg = NULL; + char key_alg[OSSL_MAX_NAME_SIZE]; const OSSL_PROVIDER *prov = EVP_MD_provider(md); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - nid = OBJ_obj2nid(key_oid); - if (nid == NID_undef) - return 0; - key_alg = OBJ_nid2sn(nid); - if (key_alg == NULL) + if (!OBJ_obj2txt(key_alg, sizeof(key_alg), key_oid, 0)) return 0; return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg, diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 65414f6ede..8f4ffd3bc4 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -954,7 +954,8 @@ static int fix_oid(enum state state, * default_fixup_args() will then be able to convert that to the * corresponding OSSL_PARAM. */ - ctx->p2 = (char *)OBJ_nid2sn(OBJ_obj2nid(ctx->p2)); + OBJ_obj2txt(ctx->name_buf, sizeof(ctx->name_buf), ctx->p2, 0); + ctx->p2 = (char *)ctx->name_buf; ctx->p1 = 0; /* let default_fixup_args() figure out the length */ } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 832b4a39b3..c8e6c798b4 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -8,12 +8,13 @@ */ #include <stdio.h> -#include "internal/cryptlib.h" #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/err.h> +#include "internal/cryptlib.h" +#include "internal/sizes.h" #include "pk7_local.h" static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, @@ -57,7 +58,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, const PKCS7_CTX *ctx) { BIO *btmp; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; EVP_MD *fetched = NULL; const EVP_MD *md; @@ -66,7 +67,7 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, goto err; } - name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm)); + OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0); (void)ERR_set_mark(); fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, @@ -404,7 +405,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) PKCS7_RECIP_INFO *ri = NULL; unsigned char *ek = NULL, *tkey = NULL; int eklen = 0, tkeylen = 0; - const char *name; + char name[OSSL_MAX_NAME_SIZE]; const PKCS7_CTX *p7_ctx; OSSL_LIB_CTX *libctx; const char *propq; @@ -448,7 +449,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; - name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)); + OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); (void)ERR_set_mark(); evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); @@ -469,7 +470,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) enc_alg = p7->d.enveloped->enc_data->algorithm; /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; - name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)); + OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); (void)ERR_set_mark(); evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); @@ -505,7 +506,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } - name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm)); + OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0); (void)ERR_set_mark(); evp_md = EVP_MD_fetch(libctx, name, propq); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 6b941c53c4..bf959a28d2 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -187,7 +187,8 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { - int i, j, nid; + int i, j; + ASN1_OBJECT *obj; X509_ALGOR *alg; STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; STACK_OF(X509_ALGOR) *md_sk; @@ -207,27 +208,35 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) return 0; } - nid = OBJ_obj2nid(psi->digest_alg->algorithm); - + obj = psi->digest_alg->algorithm; /* If the digest is not currently listed, add it */ j = 0; for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { alg = sk_X509_ALGOR_value(md_sk, i); - if (OBJ_obj2nid(alg->algorithm) == nid) { + if (OBJ_cmp(obj, alg->algorithm) == 0) { j = 1; break; } } if (!j) { /* we need to add another algorithm */ + int nid; + if ((alg = X509_ALGOR_new()) == NULL || (alg->parameter = ASN1_TYPE_new()) == NULL) { X509_ALGOR_free(alg); ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); return 0; } - alg->algorithm = OBJ_nid2obj(nid); + /* + * If there is a constant copy of the ASN1 OBJECT in libcrypto, then + * use that. Otherwise, use a dynamically duplicated copy + */ + if ((nid = OBJ_obj2nid(obj)) != NID_undef) + alg->algorithm = OBJ_nid2obj(nid); + else + alg->algorithm = OBJ_dup(obj); alg->parameter->type = V_ASN1_NULL; - if (!sk_X509_ALGOR_push(md_sk, alg)) { + if (alg->algorithm == NULL || !sk_X509_ALGOR_push(md_sk, alg)) { X509_ALGOR_free(alg); return 0; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index e29420232f..6d00a471a2 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -8,14 +8,15 @@ */ #include "e_os.h" -#include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/ts.h> #include <openssl/pkcs7.h> #include <openssl/crypto.h> -#include "ts_local.h" +#include "internal/cryptlib.h" +#include "internal/sizes.h" #include "crypto/ess.h" +#include "ts_local.h" DEFINE_STACK_OF_CONST(EVP_MD) @@ -447,7 +448,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) TS_REQ *request = ctx->request; TS_MSG_IMPRINT *msg_imprint; X509_ALGOR *md_alg; - int md_alg_id; + char md_alg_name[OSSL_MAX_NAME_SIZE]; const ASN1_OCTET_STRING *digest; const EVP_MD *md = NULL; int i; @@ -461,10 +462,10 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) msg_imprint = request->msg_imprint; md_alg = msg_imprint->hash_algo; - md_alg_id = OBJ_obj2nid(md_alg->algorithm); + OBJ_obj2txt(md_alg_name, sizeof(md_alg_name), md_alg->algorithm, 0); for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) { const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); - if (md_alg_id == EVP_MD_type(current_md)) + if (EVP_MD_is_a(current_md, md_alg_name)) md = current_md; } if (!md) { |