2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "crypto/ctype.h"
13 #include "internal/cryptlib.h"
14 #include "internal/thread_once.h"
15 #include "internal/tsan_assist.h"
16 #include <openssl/lhash.h>
17 #include <openssl/asn1.h>
18 #include "crypto/objects.h"
19 #include <openssl/bn.h>
20 #include "crypto/asn1.h"
21 #include "obj_local.h"
23 /* obj_dat.h is generated from objects.txt and obj_mac.{num,h} by obj_dat.pl */
26 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, sn
);
27 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, ln
);
28 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, obj
);
40 static LHASH_OF(ADDED_OBJ
) *added
= NULL
;
41 static CRYPTO_RWLOCK
*ossl_obj_lock
= NULL
;
42 #ifdef TSAN_REQUIRES_LOCKING
43 static CRYPTO_RWLOCK
*ossl_obj_nid_lock
= NULL
;
46 static CRYPTO_ONCE ossl_obj_lock_init
= CRYPTO_ONCE_STATIC_INIT
;
48 static ossl_inline
void objs_free_locks(void)
50 CRYPTO_THREAD_lock_free(ossl_obj_lock
);
52 #ifdef TSAN_REQUIRES_LOCKING
53 CRYPTO_THREAD_lock_free(ossl_obj_nid_lock
);
54 ossl_obj_nid_lock
= NULL
;
58 DEFINE_RUN_ONCE_STATIC(obj_lock_initialise
)
60 ossl_obj_lock
= CRYPTO_THREAD_lock_new();
61 if (ossl_obj_lock
== NULL
)
64 #ifdef TSAN_REQUIRES_LOCKING
65 ossl_obj_nid_lock
= CRYPTO_THREAD_lock_new();
66 if (ossl_obj_nid_lock
== NULL
) {
74 static ossl_inline
int ossl_init_added_lock(void)
76 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG
77 /* Make sure we've loaded config before checking for any "added" objects */
78 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG
, NULL
);
80 return RUN_ONCE(&ossl_obj_lock_init
, obj_lock_initialise
);
83 static ossl_inline
int ossl_obj_write_lock(int lock
)
87 if (!ossl_init_added_lock())
89 return CRYPTO_THREAD_write_lock(ossl_obj_lock
);
92 static ossl_inline
int ossl_obj_read_lock(int lock
)
96 if (!ossl_init_added_lock())
98 return CRYPTO_THREAD_read_lock(ossl_obj_lock
);
101 static ossl_inline
void ossl_obj_unlock(int lock
)
104 CRYPTO_THREAD_unlock(ossl_obj_lock
);
107 static int sn_cmp(const ASN1_OBJECT
*const *a
, const unsigned int *b
)
109 return strcmp((*a
)->sn
, nid_objs
[*b
].sn
);
112 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, sn
);
114 static int ln_cmp(const ASN1_OBJECT
*const *a
, const unsigned int *b
)
116 return strcmp((*a
)->ln
, nid_objs
[*b
].ln
);
119 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, ln
);
121 static unsigned long added_obj_hash(const ADDED_OBJ
*ca
)
123 const ASN1_OBJECT
*a
;
125 unsigned long ret
= 0;
131 ret
= (unsigned long)a
->length
<< 20UL;
132 p
= (unsigned char *)a
->data
;
133 for (i
= 0; i
< a
->length
; i
++)
134 ret
^= p
[i
] << ((i
* 3) % 24);
137 ret
= OPENSSL_LH_strhash(a
->sn
);
140 ret
= OPENSSL_LH_strhash(a
->ln
);
150 ret
|= ((unsigned long)ca
->type
) << 30L;
154 static int added_obj_cmp(const ADDED_OBJ
*ca
, const ADDED_OBJ
*cb
)
159 i
= ca
->type
- cb
->type
;
166 i
= (a
->length
- b
->length
);
169 return memcmp(a
->data
, b
->data
, (size_t)a
->length
);
173 else if (b
->sn
== NULL
)
176 return strcmp(a
->sn
, b
->sn
);
180 else if (b
->ln
== NULL
)
183 return strcmp(a
->ln
, b
->ln
);
185 return a
->nid
- b
->nid
;
192 static void cleanup1_doall(ADDED_OBJ
*a
)
195 a
->obj
->flags
|= ASN1_OBJECT_FLAG_DYNAMIC
|
196 ASN1_OBJECT_FLAG_DYNAMIC_STRINGS
| ASN1_OBJECT_FLAG_DYNAMIC_DATA
;
199 static void cleanup2_doall(ADDED_OBJ
*a
)
204 static void cleanup3_doall(ADDED_OBJ
*a
)
206 if (--a
->obj
->nid
== 0)
207 ASN1_OBJECT_free(a
->obj
);
211 void ossl_obj_cleanup_int(void)
214 lh_ADDED_OBJ_set_down_load(added
, 0);
215 lh_ADDED_OBJ_doall(added
, cleanup1_doall
); /* zero counters */
216 lh_ADDED_OBJ_doall(added
, cleanup2_doall
); /* set counters */
217 lh_ADDED_OBJ_doall(added
, cleanup3_doall
); /* free objects */
218 lh_ADDED_OBJ_free(added
);
225 * Requires that the ossl_obj_lock be held
226 * if TSAN_REQUIRES_LOCKING defined
228 static int obj_new_nid_unlocked(int num
)
230 static TSAN_QUALIFIER
int new_nid
= NUM_NID
;
231 #ifdef TSAN_REQUIRES_LOCKING
239 return tsan_add(&new_nid
, num
);
243 int OBJ_new_nid(int num
)
245 #ifdef TSAN_REQUIRES_LOCKING
248 if (!ossl_obj_write_lock(1)) {
249 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_WRITE_LOCK
);
253 i
= obj_new_nid_unlocked(num
);
259 return obj_new_nid_unlocked(num
);
263 static int ossl_obj_add_object(const ASN1_OBJECT
*obj
, int lock
)
265 ASN1_OBJECT
*o
= NULL
;
266 ADDED_OBJ
*ao
[4] = { NULL
, NULL
, NULL
, NULL
}, *aop
;
269 if ((o
= OBJ_dup(obj
)) == NULL
)
271 if ((ao
[ADDED_NID
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
274 && (ao
[ADDED_DATA
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
)
276 && (ao
[ADDED_SNAME
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
)
278 && (ao
[ADDED_LNAME
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
))
281 if (!ossl_obj_write_lock(lock
)) {
282 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_WRITE_LOCK
);
286 added
= lh_ADDED_OBJ_new(added_obj_hash
, added_obj_cmp
);
288 ERR_raise(ERR_LIB_OBJ
, ERR_R_CRYPTO_LIB
);
293 for (i
= ADDED_DATA
; i
<= ADDED_NID
; i
++) {
297 aop
= lh_ADDED_OBJ_insert(added
, ao
[i
]);
298 /* memory leak, but should not normally matter */
303 ~(ASN1_OBJECT_FLAG_DYNAMIC
| ASN1_OBJECT_FLAG_DYNAMIC_STRINGS
|
304 ASN1_OBJECT_FLAG_DYNAMIC_DATA
);
306 ossl_obj_unlock(lock
);
310 ossl_obj_unlock(lock
);
312 for (i
= ADDED_DATA
; i
<= ADDED_NID
; i
++)
318 ASN1_OBJECT
*OBJ_nid2obj(int n
)
320 ADDED_OBJ ad
, *adp
= NULL
;
324 || (n
> 0 && n
< NUM_NID
&& nid_objs
[n
].nid
!= NID_undef
))
325 return (ASN1_OBJECT
*)&(nid_objs
[n
]);
330 if (!ossl_obj_read_lock(1)) {
331 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
335 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
340 ERR_raise(ERR_LIB_OBJ
, OBJ_R_UNKNOWN_NID
);
344 const char *OBJ_nid2sn(int n
)
346 ASN1_OBJECT
*ob
= OBJ_nid2obj(n
);
348 return ob
== NULL
? NULL
: ob
->sn
;
351 const char *OBJ_nid2ln(int n
)
353 ASN1_OBJECT
*ob
= OBJ_nid2obj(n
);
355 return ob
== NULL
? NULL
: ob
->ln
;
358 static int obj_cmp(const ASN1_OBJECT
*const *ap
, const unsigned int *bp
)
361 const ASN1_OBJECT
*a
= *ap
;
362 const ASN1_OBJECT
*b
= &nid_objs
[*bp
];
364 j
= (a
->length
- b
->length
);
369 return memcmp(a
->data
, b
->data
, a
->length
);
372 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, obj
);
374 static int ossl_obj_obj2nid(const ASN1_OBJECT
*a
, const int lock
)
377 const unsigned int *op
;
382 if (a
->nid
!= NID_undef
)
387 op
= OBJ_bsearch_obj(&a
, obj_objs
, NUM_OBJ
);
389 return nid_objs
[*op
].nid
;
390 if (!ossl_obj_read_lock(lock
)) {
391 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
395 ad
.type
= ADDED_DATA
;
396 ad
.obj
= (ASN1_OBJECT
*)a
; /* casting away const is harmless here */
397 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
401 ossl_obj_unlock(lock
);
406 * Convert an object name into an ASN1_OBJECT if "noname" is not set then
407 * search for short and long names first. This will convert the "dotted" form
408 * into an object: unlike OBJ_txt2nid it can be used with any objects, not
409 * just registered ones.
411 ASN1_OBJECT
*OBJ_txt2obj(const char *s
, int no_name
)
414 ASN1_OBJECT
*op
= NULL
;
417 const unsigned char *cp
;
421 if ((nid
= OBJ_sn2nid(s
)) != NID_undef
422 || (nid
= OBJ_ln2nid(s
)) != NID_undef
) {
423 return OBJ_nid2obj(nid
);
425 if (!ossl_isdigit(*s
)) {
426 ERR_raise(ERR_LIB_OBJ
, OBJ_R_UNKNOWN_OBJECT_NAME
);
431 /* Work out size of content octets */
432 i
= a2d_ASN1_OBJECT(NULL
, 0, s
, -1);
436 /* Work out total size */
437 j
= ASN1_object_size(0, i
, V_ASN1_OBJECT
);
441 if ((buf
= OPENSSL_malloc(j
)) == NULL
)
445 /* Write out tag+length */
446 ASN1_put_object(&p
, 0, i
, V_ASN1_OBJECT
, V_ASN1_UNIVERSAL
);
447 /* Write out contents */
448 a2d_ASN1_OBJECT(p
, i
, s
, -1);
451 op
= d2i_ASN1_OBJECT(NULL
, &cp
, j
);
456 int OBJ_obj2txt(char *buf
, int buf_len
, const ASN1_OBJECT
*a
, int no_name
)
458 int i
, n
= 0, len
, nid
, first
, use_bn
;
461 const unsigned char *p
;
462 char tbuf
[DECIMAL_SIZE(i
) + DECIMAL_SIZE(l
) + 2];
465 /* Ensure that, at every state, |buf| is NUL-terminated. */
466 if (buf
!= NULL
&& buf_len
> 0)
469 if (a
== NULL
|| a
->data
== NULL
)
472 if (!no_name
&& (nid
= OBJ_obj2nid(a
)) != NID_undef
) {
478 OPENSSL_strlcpy(buf
, s
, buf_len
);
479 return (int)strlen(s
);
490 * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
492 * > 3.5. OBJECT IDENTIFIER values
494 * > An OBJECT IDENTIFIER value is an ordered list of non-negative
495 * > numbers. For the SMIv2, each number in the list is referred to as a
496 * > sub-identifier, there are at most 128 sub-identifiers in a value,
497 * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
500 * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
501 * i.e. 586 bytes long.
503 * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
512 unsigned char c
= *p
++;
515 if (len
== 0 && (c
& 0x80) != 0)
518 if (!BN_add_word(bl
, c
& 0x7f))
525 if (!use_bn
&& l
> (ULONG_MAX
>> 7L)) {
526 if (bl
== NULL
&& (bl
= BN_new()) == NULL
)
528 if (!BN_set_word(bl
, l
))
533 if (!BN_lshift(bl
, bl
, 7))
545 if (!BN_sub_word(bl
, 80))
554 if (buf
!= NULL
&& buf_len
> 1) {
564 bndec
= BN_bn2dec(bl
);
574 OPENSSL_strlcpy(buf
, bndec
, buf_len
);
587 BIO_snprintf(tbuf
, sizeof(tbuf
), ".%lu", l
);
589 if (buf
&& buf_len
> 0) {
590 OPENSSL_strlcpy(buf
, tbuf
, buf_len
);
612 int OBJ_txt2nid(const char *s
)
614 ASN1_OBJECT
*obj
= OBJ_txt2obj(s
, 0);
618 nid
= OBJ_obj2nid(obj
);
619 ASN1_OBJECT_free(obj
);
624 int OBJ_ln2nid(const char *s
)
627 const ASN1_OBJECT
*oo
= &o
;
629 const unsigned int *op
;
633 op
= OBJ_bsearch_ln(&oo
, ln_objs
, NUM_LN
);
635 return nid_objs
[*op
].nid
;
636 if (!ossl_obj_read_lock(1)) {
637 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
641 ad
.type
= ADDED_LNAME
;
643 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
651 int OBJ_sn2nid(const char *s
)
654 const ASN1_OBJECT
*oo
= &o
;
656 const unsigned int *op
;
660 op
= OBJ_bsearch_sn(&oo
, sn_objs
, NUM_SN
);
662 return nid_objs
[*op
].nid
;
663 if (!ossl_obj_read_lock(1)) {
664 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
668 ad
.type
= ADDED_SNAME
;
670 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
678 const void *OBJ_bsearch_(const void *key
, const void *base
, int num
, int size
,
679 int (*cmp
) (const void *, const void *))
681 return OBJ_bsearch_ex_(key
, base
, num
, size
, cmp
, 0);
684 const void *OBJ_bsearch_ex_(const void *key
, const void *base
, int num
,
686 int (*cmp
) (const void *, const void *),
689 const char *p
= ossl_bsearch(key
, base
, num
, size
, cmp
, flags
);
691 #ifdef CHARSET_EBCDIC
693 * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
694 * don't have perl (yet), we revert to a *LINEAR* search when the object
695 * wasn't found in the binary search.
698 const char *base_
= base
;
699 int l
, h
, i
= 0, c
= 0;
702 for (i
= 0; i
< num
; ++i
) {
703 p1
= &(base_
[i
* size
]);
704 c
= (*cmp
) (key
, p1
);
706 || (c
< 0 && (flags
& OBJ_BSEARCH_VALUE_ON_NOMATCH
)))
715 * Parse a BIO sink to create some extra oid's objects.
716 * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
718 int OBJ_create_objects(BIO
*in
)
722 char *o
, *s
, *l
= NULL
;
726 i
= BIO_gets(in
, buf
, 512);
730 if (!ossl_isalnum(buf
[0]))
733 while (ossl_isdigit(*s
) || *s
== '.')
737 while (ossl_isspace(*s
))
743 while (*l
!= '\0' && !ossl_isspace(*l
))
747 while (ossl_isspace(*l
))
761 if (!OBJ_create(o
, s
, l
))
767 int OBJ_create(const char *oid
, const char *sn
, const char *ln
)
769 ASN1_OBJECT
*tmpoid
= NULL
;
772 /* With no arguments at all, nothing can be done */
773 if (oid
== NULL
&& sn
== NULL
&& ln
== NULL
) {
774 ERR_raise(ERR_LIB_OBJ
, ERR_R_PASSED_INVALID_ARGUMENT
);
778 /* Check to see if short or long name already present */
779 if ((sn
!= NULL
&& OBJ_sn2nid(sn
) != NID_undef
)
780 || (ln
!= NULL
&& OBJ_ln2nid(ln
) != NID_undef
)) {
781 ERR_raise(ERR_LIB_OBJ
, OBJ_R_OID_EXISTS
);
786 /* Convert numerical OID string to an ASN1_OBJECT structure */
787 tmpoid
= OBJ_txt2obj(oid
, 1);
791 /* Create a no-OID ASN1_OBJECT */
792 tmpoid
= ASN1_OBJECT_new();
793 if (tmpoid
== NULL
) {
794 ERR_raise(ERR_LIB_OBJ
, ERR_R_ASN1_LIB
);
799 if (!ossl_obj_write_lock(1)) {
800 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_WRITE_LOCK
);
801 ASN1_OBJECT_free(tmpoid
);
805 /* If NID is not NID_undef then object already exists */
807 && ossl_obj_obj2nid(tmpoid
, 0) != NID_undef
) {
808 ERR_raise(ERR_LIB_OBJ
, OBJ_R_OID_EXISTS
);
812 tmpoid
->nid
= obj_new_nid_unlocked(1);
814 if (tmpoid
->nid
== NID_undef
)
817 tmpoid
->sn
= (char *)sn
;
818 tmpoid
->ln
= (char *)ln
;
820 ok
= ossl_obj_add_object(tmpoid
, 0);
827 ASN1_OBJECT_free(tmpoid
);
831 size_t OBJ_length(const ASN1_OBJECT
*obj
)
838 const unsigned char *OBJ_get0_data(const ASN1_OBJECT
*obj
)
845 int OBJ_add_object(const ASN1_OBJECT
*obj
)
847 return ossl_obj_add_object(obj
, 1);
850 int OBJ_obj2nid(const ASN1_OBJECT
*a
)
852 return ossl_obj_obj2nid(a
, 1);