2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "crypto/ctype.h"
13 #include "internal/cryptlib.h"
14 #include "internal/thread_once.h"
15 #include "internal/tsan_assist.h"
16 #include <openssl/lhash.h>
17 #include <openssl/asn1.h>
18 #include "crypto/objects.h"
19 #include <openssl/bn.h>
20 #include "crypto/asn1.h"
21 #include "obj_local.h"
23 /* obj_dat.h is generated from objects.h by obj_dat.pl */
26 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
27 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
28 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
40 static LHASH_OF(ADDED_OBJ) *added = NULL;
41 static CRYPTO_RWLOCK *ossl_obj_lock = NULL;
42 #ifdef TSAN_REQUIRES_LOCKING
43 static CRYPTO_RWLOCK *ossl_obj_nid_lock = NULL;
46 static CRYPTO_ONCE ossl_obj_lock_init = CRYPTO_ONCE_STATIC_INIT;
48 static ossl_inline void objs_free_locks(void)
50 CRYPTO_THREAD_lock_free(ossl_obj_lock);
52 #ifdef TSAN_REQUIRES_LOCKING
53 CRYPTO_THREAD_lock_free(ossl_obj_nid_lock);
54 ossl_obj_nid_lock = NULL;
58 DEFINE_RUN_ONCE_STATIC(obj_lock_initialise)
60 /* Make sure we've loaded config before checking for any "added" objects */
61 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
63 ossl_obj_lock = CRYPTO_THREAD_lock_new();
64 if (ossl_obj_lock == NULL)
67 #ifdef TSAN_REQUIRES_LOCKING
68 ossl_obj_nid_lock = CRYPTO_THREAD_lock_new();
69 if (ossl_obj_nid_lock == NULL) {
77 static ossl_inline int ossl_init_added_lock(void)
79 return RUN_ONCE(&ossl_obj_lock_init, obj_lock_initialise);
82 static ossl_inline int ossl_obj_write_lock(int lock)
86 if (!ossl_init_added_lock())
88 return CRYPTO_THREAD_write_lock(ossl_obj_lock);
91 static ossl_inline int ossl_obj_read_lock(int lock)
95 if (!ossl_init_added_lock())
97 return CRYPTO_THREAD_read_lock(ossl_obj_lock);
100 static ossl_inline void ossl_obj_unlock(int lock)
103 CRYPTO_THREAD_unlock(ossl_obj_lock);
106 static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
108 return strcmp((*a)->sn, nid_objs[*b].sn);
111 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
113 static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
115 return strcmp((*a)->ln, nid_objs[*b].ln);
118 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
120 static unsigned long added_obj_hash(const ADDED_OBJ *ca)
122 const ASN1_OBJECT *a;
124 unsigned long ret = 0;
130 ret = a->length << 20L;
131 p = (unsigned char *)a->data;
132 for (i = 0; i < a->length; i++)
133 ret ^= p[i] << ((i * 3) % 24);
136 ret = OPENSSL_LH_strhash(a->sn);
139 ret = OPENSSL_LH_strhash(a->ln);
149 ret |= ((unsigned long)ca->type) << 30L;
153 static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
158 i = ca->type - cb->type;
165 i = (a->length - b->length);
168 return memcmp(a->data, b->data, (size_t)a->length);
172 else if (b->sn == NULL)
175 return strcmp(a->sn, b->sn);
179 else if (b->ln == NULL)
182 return strcmp(a->ln, b->ln);
184 return a->nid - b->nid;
191 static void cleanup1_doall(ADDED_OBJ *a)
194 a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC |
195 ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
198 static void cleanup2_doall(ADDED_OBJ *a)
203 static void cleanup3_doall(ADDED_OBJ *a)
205 if (--a->obj->nid == 0)
206 ASN1_OBJECT_free(a->obj);
210 void ossl_obj_cleanup_int(void)
213 lh_ADDED_OBJ_set_down_load(added, 0);
214 lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */
215 lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */
216 lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */
217 lh_ADDED_OBJ_free(added);
223 int OBJ_new_nid(int num)
225 static TSAN_QUALIFIER int new_nid = NUM_NID;
226 #ifdef TSAN_REQUIRES_LOCKING
229 if (!CRYPTO_THREAD_write_lock(ossl_obj_nid_lock)) {
230 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
235 CRYPTO_THREAD_unlock(ossl_obj_nid_lock);
238 return tsan_add(&new_nid, num);
242 static int ossl_obj_add_object(const ASN1_OBJECT *obj, int lock)
244 ASN1_OBJECT *o = NULL;
245 ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop;
248 if ((o = OBJ_dup(obj)) == NULL)
250 if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL
253 && (ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
255 && (ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
257 && (ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)) {
258 ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE);
262 if (!ossl_obj_write_lock(lock)) {
263 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
267 added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp);
269 ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE);
274 for (i = ADDED_DATA; i <= ADDED_NID; i++) {
278 aop = lh_ADDED_OBJ_insert(added, ao[i]);
279 /* memory leak, but should not normally matter */
284 ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
285 ASN1_OBJECT_FLAG_DYNAMIC_DATA);
287 ossl_obj_unlock(lock);
291 ossl_obj_unlock(lock);
293 for (i = ADDED_DATA; i <= ADDED_NID; i++)
299 ASN1_OBJECT *OBJ_nid2obj(int n)
301 ADDED_OBJ ad, *adp = NULL;
306 if (n >= 0 && n < NUM_NID && nid_objs[n].nid != NID_undef)
307 return (ASN1_OBJECT *)&(nid_objs[n]);
312 if (!ossl_obj_read_lock(1)) {
313 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
317 adp = lh_ADDED_OBJ_retrieve(added, &ad);
322 ERR_raise(ERR_LIB_OBJ, OBJ_R_UNKNOWN_NID);
326 const char *OBJ_nid2sn(int n)
328 ASN1_OBJECT *ob = OBJ_nid2obj(n);
330 return ob == NULL ? NULL : ob->sn;
333 const char *OBJ_nid2ln(int n)
335 ASN1_OBJECT *ob = OBJ_nid2obj(n);
337 return ob == NULL ? NULL : ob->ln;
340 static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
343 const ASN1_OBJECT *a = *ap;
344 const ASN1_OBJECT *b = &nid_objs[*bp];
346 j = (a->length - b->length);
351 return memcmp(a->data, b->data, a->length);
354 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
356 static int ossl_obj_obj2nid(const ASN1_OBJECT *a, const int lock)
359 const unsigned int *op;
364 if (a->nid != NID_undef)
369 op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
371 return nid_objs[*op].nid;
372 if (!ossl_obj_read_lock(lock)) {
373 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
377 ad.type = ADDED_DATA;
378 ad.obj = (ASN1_OBJECT *)a; /* casting away const is harmless here */
379 adp = lh_ADDED_OBJ_retrieve(added, &ad);
383 ossl_obj_unlock(lock);
388 * Convert an object name into an ASN1_OBJECT if "noname" is not set then
389 * search for short and long names first. This will convert the "dotted" form
390 * into an object: unlike OBJ_txt2nid it can be used with any objects, not
391 * just registered ones.
393 ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
396 ASN1_OBJECT *op = NULL;
399 const unsigned char *cp;
403 if ((nid = OBJ_sn2nid(s)) != NID_undef
404 || (nid = OBJ_ln2nid(s)) != NID_undef) {
405 return OBJ_nid2obj(nid);
407 if (!ossl_isdigit(*s)) {
408 ERR_raise(ERR_LIB_OBJ, OBJ_R_UNKNOWN_OBJECT_NAME);
413 /* Work out size of content octets */
414 i = a2d_ASN1_OBJECT(NULL, 0, s, -1);
418 /* Work out total size */
419 j = ASN1_object_size(0, i, V_ASN1_OBJECT);
423 if ((buf = OPENSSL_malloc(j)) == NULL) {
424 ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE);
429 /* Write out tag+length */
430 ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
431 /* Write out contents */
432 a2d_ASN1_OBJECT(p, i, s, -1);
435 op = d2i_ASN1_OBJECT(NULL, &cp, j);
440 int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
442 int i, n = 0, len, nid, first, use_bn;
445 const unsigned char *p;
446 char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2];
449 /* Ensure that, at every state, |buf| is NUL-terminated. */
450 if (buf != NULL && buf_len > 0)
453 if (a == NULL || a->data == NULL)
456 if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
462 OPENSSL_strlcpy(buf, s, buf_len);
463 return (int)strlen(s);
477 unsigned char c = *p++;
480 if (len == 0 && (c & 0x80) != 0)
483 if (!BN_add_word(bl, c & 0x7f))
490 if (!use_bn && l > (ULONG_MAX >> 7L)) {
491 if (bl == NULL && (bl = BN_new()) == NULL)
493 if (!BN_set_word(bl, l))
498 if (!BN_lshift(bl, bl, 7))
510 if (!BN_sub_word(bl, 80))
519 if (buf != NULL && buf_len > 1) {
529 bndec = BN_bn2dec(bl);
539 OPENSSL_strlcpy(buf, bndec, buf_len);
552 BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
554 if (buf && buf_len > 0) {
555 OPENSSL_strlcpy(buf, tbuf, buf_len);
577 int OBJ_txt2nid(const char *s)
579 ASN1_OBJECT *obj = OBJ_txt2obj(s, 0);
583 nid = OBJ_obj2nid(obj);
584 ASN1_OBJECT_free(obj);
589 int OBJ_ln2nid(const char *s)
592 const ASN1_OBJECT *oo = &o;
594 const unsigned int *op;
598 op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
600 return nid_objs[*op].nid;
601 if (!ossl_obj_read_lock(1)) {
602 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
606 ad.type = ADDED_LNAME;
608 adp = lh_ADDED_OBJ_retrieve(added, &ad);
616 int OBJ_sn2nid(const char *s)
619 const ASN1_OBJECT *oo = &o;
621 const unsigned int *op;
625 op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
627 return nid_objs[*op].nid;
628 if (!ossl_obj_read_lock(1)) {
629 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
633 ad.type = ADDED_SNAME;
635 adp = lh_ADDED_OBJ_retrieve(added, &ad);
643 const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
644 int (*cmp) (const void *, const void *))
646 return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
649 const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
651 int (*cmp) (const void *, const void *),
654 const char *p = ossl_bsearch(key, base, num, size, cmp, flags);
656 #ifdef CHARSET_EBCDIC
658 * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
659 * don't have perl (yet), we revert to a *LINEAR* search when the object
660 * wasn't found in the binary search.
663 const char *base_ = base;
664 int l, h, i = 0, c = 0;
666 for (i = 0; i < num; ++i) {
667 p = &(base_[i * size]);
670 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
679 * Parse a BIO sink to create some extra oid's objects.
680 * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
682 int OBJ_create_objects(BIO *in)
686 char *o, *s, *l = NULL;
690 i = BIO_gets(in, buf, 512);
694 if (!ossl_isalnum(buf[0]))
697 while (ossl_isdigit(*s) || *s == '.')
701 while (ossl_isspace(*s))
707 while (*l != '\0' && !ossl_isspace(*l))
711 while (ossl_isspace(*l))
725 if (!OBJ_create(o, s, l))
731 int OBJ_create(const char *oid, const char *sn, const char *ln)
733 ASN1_OBJECT *tmpoid = NULL;
736 /* Check to see if short or long name already present */
737 if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
738 || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
739 ERR_raise(ERR_LIB_OBJ, OBJ_R_OID_EXISTS);
743 /* Convert numerical OID string to an ASN1_OBJECT structure */
744 tmpoid = OBJ_txt2obj(oid, 1);
748 if (!ossl_obj_write_lock(1)) {
749 ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
750 ASN1_OBJECT_free(tmpoid);
754 /* If NID is not NID_undef then object already exists */
755 if (ossl_obj_obj2nid(tmpoid, 0) != NID_undef) {
756 ERR_raise(ERR_LIB_OBJ, OBJ_R_OID_EXISTS);
760 tmpoid->nid = OBJ_new_nid(1);
761 tmpoid->sn = (char *)sn;
762 tmpoid->ln = (char *)ln;
764 ok = ossl_obj_add_object(tmpoid, 0);
771 ASN1_OBJECT_free(tmpoid);
775 size_t OBJ_length(const ASN1_OBJECT *obj)
782 const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
789 int OBJ_add_object(const ASN1_OBJECT *obj)
791 return ossl_obj_add_object(obj, 1);
794 int OBJ_obj2nid(const ASN1_OBJECT *a)
796 return ossl_obj_obj2nid(a, 1);