2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "crypto/ctype.h"
13 #include "internal/cryptlib.h"
14 #include "internal/thread_once.h"
15 #include "internal/tsan_assist.h"
16 #include <openssl/lhash.h>
17 #include <openssl/asn1.h>
18 #include "crypto/objects.h"
19 #include <openssl/bn.h>
20 #include "crypto/asn1.h"
21 #include "obj_local.h"
23 /* obj_dat.h is generated from objects.txt and obj_mac.{num,h} by obj_dat.pl */
26 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, sn
);
27 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, ln
);
28 DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, obj
);
40 static LHASH_OF(ADDED_OBJ
) *added
= NULL
;
41 static CRYPTO_RWLOCK
*ossl_obj_lock
= NULL
;
42 #ifdef TSAN_REQUIRES_LOCKING
43 static CRYPTO_RWLOCK
*ossl_obj_nid_lock
= NULL
;
46 static CRYPTO_ONCE ossl_obj_lock_init
= CRYPTO_ONCE_STATIC_INIT
;
48 static ossl_inline
void objs_free_locks(void)
50 CRYPTO_THREAD_lock_free(ossl_obj_lock
);
52 #ifdef TSAN_REQUIRES_LOCKING
53 CRYPTO_THREAD_lock_free(ossl_obj_nid_lock
);
54 ossl_obj_nid_lock
= NULL
;
58 DEFINE_RUN_ONCE_STATIC(obj_lock_initialise
)
60 ossl_obj_lock
= CRYPTO_THREAD_lock_new();
61 if (ossl_obj_lock
== NULL
)
64 #ifdef TSAN_REQUIRES_LOCKING
65 ossl_obj_nid_lock
= CRYPTO_THREAD_lock_new();
66 if (ossl_obj_nid_lock
== NULL
) {
74 static ossl_inline
int ossl_init_added_lock(void)
76 #ifndef OPENSSL_NO_AUTOLOAD_CONFIG
77 /* Make sure we've loaded config before checking for any "added" objects */
78 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG
, NULL
);
80 return RUN_ONCE(&ossl_obj_lock_init
, obj_lock_initialise
);
83 static ossl_inline
int ossl_obj_write_lock(int lock
)
87 if (!ossl_init_added_lock())
89 return CRYPTO_THREAD_write_lock(ossl_obj_lock
);
92 static ossl_inline
int ossl_obj_read_lock(int lock
)
96 if (!ossl_init_added_lock())
98 return CRYPTO_THREAD_read_lock(ossl_obj_lock
);
101 static ossl_inline
void ossl_obj_unlock(int lock
)
104 CRYPTO_THREAD_unlock(ossl_obj_lock
);
107 static int sn_cmp(const ASN1_OBJECT
*const *a
, const unsigned int *b
)
109 return strcmp((*a
)->sn
, nid_objs
[*b
].sn
);
112 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, sn
);
114 static int ln_cmp(const ASN1_OBJECT
*const *a
, const unsigned int *b
)
116 return strcmp((*a
)->ln
, nid_objs
[*b
].ln
);
119 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, ln
);
121 static unsigned long added_obj_hash(const ADDED_OBJ
*ca
)
123 const ASN1_OBJECT
*a
;
125 unsigned long ret
= 0;
131 ret
= a
->length
<< 20L;
132 p
= (unsigned char *)a
->data
;
133 for (i
= 0; i
< a
->length
; i
++)
134 ret
^= p
[i
] << ((i
* 3) % 24);
137 ret
= OPENSSL_LH_strhash(a
->sn
);
140 ret
= OPENSSL_LH_strhash(a
->ln
);
150 ret
|= ((unsigned long)ca
->type
) << 30L;
154 static int added_obj_cmp(const ADDED_OBJ
*ca
, const ADDED_OBJ
*cb
)
159 i
= ca
->type
- cb
->type
;
166 i
= (a
->length
- b
->length
);
169 return memcmp(a
->data
, b
->data
, (size_t)a
->length
);
173 else if (b
->sn
== NULL
)
176 return strcmp(a
->sn
, b
->sn
);
180 else if (b
->ln
== NULL
)
183 return strcmp(a
->ln
, b
->ln
);
185 return a
->nid
- b
->nid
;
192 static void cleanup1_doall(ADDED_OBJ
*a
)
195 a
->obj
->flags
|= ASN1_OBJECT_FLAG_DYNAMIC
|
196 ASN1_OBJECT_FLAG_DYNAMIC_STRINGS
| ASN1_OBJECT_FLAG_DYNAMIC_DATA
;
199 static void cleanup2_doall(ADDED_OBJ
*a
)
204 static void cleanup3_doall(ADDED_OBJ
*a
)
206 if (--a
->obj
->nid
== 0)
207 ASN1_OBJECT_free(a
->obj
);
211 void ossl_obj_cleanup_int(void)
214 lh_ADDED_OBJ_set_down_load(added
, 0);
215 lh_ADDED_OBJ_doall(added
, cleanup1_doall
); /* zero counters */
216 lh_ADDED_OBJ_doall(added
, cleanup2_doall
); /* set counters */
217 lh_ADDED_OBJ_doall(added
, cleanup3_doall
); /* free objects */
218 lh_ADDED_OBJ_free(added
);
224 int OBJ_new_nid(int num
)
226 static TSAN_QUALIFIER
int new_nid
= NUM_NID
;
227 #ifdef TSAN_REQUIRES_LOCKING
230 if (!CRYPTO_THREAD_write_lock(ossl_obj_nid_lock
)) {
231 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_WRITE_LOCK
);
236 CRYPTO_THREAD_unlock(ossl_obj_nid_lock
);
239 return tsan_add(&new_nid
, num
);
243 static int ossl_obj_add_object(const ASN1_OBJECT
*obj
, int lock
)
245 ASN1_OBJECT
*o
= NULL
;
246 ADDED_OBJ
*ao
[4] = { NULL
, NULL
, NULL
, NULL
}, *aop
;
249 if ((o
= OBJ_dup(obj
)) == NULL
)
251 if ((ao
[ADDED_NID
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
254 && (ao
[ADDED_DATA
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
)
256 && (ao
[ADDED_SNAME
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
)
258 && (ao
[ADDED_LNAME
] = OPENSSL_malloc(sizeof(*ao
[0]))) == NULL
))
261 if (!ossl_obj_write_lock(lock
)) {
262 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_WRITE_LOCK
);
266 added
= lh_ADDED_OBJ_new(added_obj_hash
, added_obj_cmp
);
268 ERR_raise(ERR_LIB_OBJ
, ERR_R_CRYPTO_LIB
);
273 for (i
= ADDED_DATA
; i
<= ADDED_NID
; i
++) {
277 aop
= lh_ADDED_OBJ_insert(added
, ao
[i
]);
278 /* memory leak, but should not normally matter */
283 ~(ASN1_OBJECT_FLAG_DYNAMIC
| ASN1_OBJECT_FLAG_DYNAMIC_STRINGS
|
284 ASN1_OBJECT_FLAG_DYNAMIC_DATA
);
286 ossl_obj_unlock(lock
);
290 ossl_obj_unlock(lock
);
292 for (i
= ADDED_DATA
; i
<= ADDED_NID
; i
++)
298 ASN1_OBJECT
*OBJ_nid2obj(int n
)
300 ADDED_OBJ ad
, *adp
= NULL
;
304 || (n
> 0 && n
< NUM_NID
&& nid_objs
[n
].nid
!= NID_undef
))
305 return (ASN1_OBJECT
*)&(nid_objs
[n
]);
310 if (!ossl_obj_read_lock(1)) {
311 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
315 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
320 ERR_raise(ERR_LIB_OBJ
, OBJ_R_UNKNOWN_NID
);
324 const char *OBJ_nid2sn(int n
)
326 ASN1_OBJECT
*ob
= OBJ_nid2obj(n
);
328 return ob
== NULL
? NULL
: ob
->sn
;
331 const char *OBJ_nid2ln(int n
)
333 ASN1_OBJECT
*ob
= OBJ_nid2obj(n
);
335 return ob
== NULL
? NULL
: ob
->ln
;
338 static int obj_cmp(const ASN1_OBJECT
*const *ap
, const unsigned int *bp
)
341 const ASN1_OBJECT
*a
= *ap
;
342 const ASN1_OBJECT
*b
= &nid_objs
[*bp
];
344 j
= (a
->length
- b
->length
);
349 return memcmp(a
->data
, b
->data
, a
->length
);
352 IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT
*, unsigned int, obj
);
354 static int ossl_obj_obj2nid(const ASN1_OBJECT
*a
, const int lock
)
357 const unsigned int *op
;
362 if (a
->nid
!= NID_undef
)
367 op
= OBJ_bsearch_obj(&a
, obj_objs
, NUM_OBJ
);
369 return nid_objs
[*op
].nid
;
370 if (!ossl_obj_read_lock(lock
)) {
371 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
375 ad
.type
= ADDED_DATA
;
376 ad
.obj
= (ASN1_OBJECT
*)a
; /* casting away const is harmless here */
377 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
381 ossl_obj_unlock(lock
);
386 * Convert an object name into an ASN1_OBJECT if "noname" is not set then
387 * search for short and long names first. This will convert the "dotted" form
388 * into an object: unlike OBJ_txt2nid it can be used with any objects, not
389 * just registered ones.
391 ASN1_OBJECT
*OBJ_txt2obj(const char *s
, int no_name
)
394 ASN1_OBJECT
*op
= NULL
;
397 const unsigned char *cp
;
401 if ((nid
= OBJ_sn2nid(s
)) != NID_undef
402 || (nid
= OBJ_ln2nid(s
)) != NID_undef
) {
403 return OBJ_nid2obj(nid
);
405 if (!ossl_isdigit(*s
)) {
406 ERR_raise(ERR_LIB_OBJ
, OBJ_R_UNKNOWN_OBJECT_NAME
);
411 /* Work out size of content octets */
412 i
= a2d_ASN1_OBJECT(NULL
, 0, s
, -1);
416 /* Work out total size */
417 j
= ASN1_object_size(0, i
, V_ASN1_OBJECT
);
421 if ((buf
= OPENSSL_malloc(j
)) == NULL
)
425 /* Write out tag+length */
426 ASN1_put_object(&p
, 0, i
, V_ASN1_OBJECT
, V_ASN1_UNIVERSAL
);
427 /* Write out contents */
428 a2d_ASN1_OBJECT(p
, i
, s
, -1);
431 op
= d2i_ASN1_OBJECT(NULL
, &cp
, j
);
436 int OBJ_obj2txt(char *buf
, int buf_len
, const ASN1_OBJECT
*a
, int no_name
)
438 int i
, n
= 0, len
, nid
, first
, use_bn
;
441 const unsigned char *p
;
442 char tbuf
[DECIMAL_SIZE(i
) + DECIMAL_SIZE(l
) + 2];
445 /* Ensure that, at every state, |buf| is NUL-terminated. */
446 if (buf
!= NULL
&& buf_len
> 0)
449 if (a
== NULL
|| a
->data
== NULL
)
452 if (!no_name
&& (nid
= OBJ_obj2nid(a
)) != NID_undef
) {
458 OPENSSL_strlcpy(buf
, s
, buf_len
);
459 return (int)strlen(s
);
470 * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
472 * > 3.5. OBJECT IDENTIFIER values
474 * > An OBJECT IDENTIFIER value is an ordered list of non-negative
475 * > numbers. For the SMIv2, each number in the list is referred to as a
476 * > sub-identifier, there are at most 128 sub-identifiers in a value,
477 * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
480 * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
481 * i.e. 586 bytes long.
483 * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
492 unsigned char c
= *p
++;
495 if (len
== 0 && (c
& 0x80) != 0)
498 if (!BN_add_word(bl
, c
& 0x7f))
505 if (!use_bn
&& l
> (ULONG_MAX
>> 7L)) {
506 if (bl
== NULL
&& (bl
= BN_new()) == NULL
)
508 if (!BN_set_word(bl
, l
))
513 if (!BN_lshift(bl
, bl
, 7))
525 if (!BN_sub_word(bl
, 80))
534 if (buf
!= NULL
&& buf_len
> 1) {
544 bndec
= BN_bn2dec(bl
);
554 OPENSSL_strlcpy(buf
, bndec
, buf_len
);
567 BIO_snprintf(tbuf
, sizeof(tbuf
), ".%lu", l
);
569 if (buf
&& buf_len
> 0) {
570 OPENSSL_strlcpy(buf
, tbuf
, buf_len
);
592 int OBJ_txt2nid(const char *s
)
594 ASN1_OBJECT
*obj
= OBJ_txt2obj(s
, 0);
598 nid
= OBJ_obj2nid(obj
);
599 ASN1_OBJECT_free(obj
);
604 int OBJ_ln2nid(const char *s
)
607 const ASN1_OBJECT
*oo
= &o
;
609 const unsigned int *op
;
613 op
= OBJ_bsearch_ln(&oo
, ln_objs
, NUM_LN
);
615 return nid_objs
[*op
].nid
;
616 if (!ossl_obj_read_lock(1)) {
617 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
621 ad
.type
= ADDED_LNAME
;
623 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
631 int OBJ_sn2nid(const char *s
)
634 const ASN1_OBJECT
*oo
= &o
;
636 const unsigned int *op
;
640 op
= OBJ_bsearch_sn(&oo
, sn_objs
, NUM_SN
);
642 return nid_objs
[*op
].nid
;
643 if (!ossl_obj_read_lock(1)) {
644 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_READ_LOCK
);
648 ad
.type
= ADDED_SNAME
;
650 adp
= lh_ADDED_OBJ_retrieve(added
, &ad
);
658 const void *OBJ_bsearch_(const void *key
, const void *base
, int num
, int size
,
659 int (*cmp
) (const void *, const void *))
661 return OBJ_bsearch_ex_(key
, base
, num
, size
, cmp
, 0);
664 const void *OBJ_bsearch_ex_(const void *key
, const void *base
, int num
,
666 int (*cmp
) (const void *, const void *),
669 const char *p
= ossl_bsearch(key
, base
, num
, size
, cmp
, flags
);
671 #ifdef CHARSET_EBCDIC
673 * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
674 * don't have perl (yet), we revert to a *LINEAR* search when the object
675 * wasn't found in the binary search.
678 const char *base_
= base
;
679 int l
, h
, i
= 0, c
= 0;
682 for (i
= 0; i
< num
; ++i
) {
683 p1
= &(base_
[i
* size
]);
684 c
= (*cmp
) (key
, p1
);
686 || (c
< 0 && (flags
& OBJ_BSEARCH_VALUE_ON_NOMATCH
)))
695 * Parse a BIO sink to create some extra oid's objects.
696 * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
698 int OBJ_create_objects(BIO
*in
)
702 char *o
, *s
, *l
= NULL
;
706 i
= BIO_gets(in
, buf
, 512);
710 if (!ossl_isalnum(buf
[0]))
713 while (ossl_isdigit(*s
) || *s
== '.')
717 while (ossl_isspace(*s
))
723 while (*l
!= '\0' && !ossl_isspace(*l
))
727 while (ossl_isspace(*l
))
741 if (!OBJ_create(o
, s
, l
))
747 int OBJ_create(const char *oid
, const char *sn
, const char *ln
)
749 ASN1_OBJECT
*tmpoid
= NULL
;
752 /* With no arguments at all, nothing can be done */
753 if (oid
== NULL
&& sn
== NULL
&& ln
== NULL
) {
754 ERR_raise(ERR_LIB_OBJ
, ERR_R_PASSED_INVALID_ARGUMENT
);
758 /* Check to see if short or long name already present */
759 if ((sn
!= NULL
&& OBJ_sn2nid(sn
) != NID_undef
)
760 || (ln
!= NULL
&& OBJ_ln2nid(ln
) != NID_undef
)) {
761 ERR_raise(ERR_LIB_OBJ
, OBJ_R_OID_EXISTS
);
766 /* Convert numerical OID string to an ASN1_OBJECT structure */
767 tmpoid
= OBJ_txt2obj(oid
, 1);
771 /* Create a no-OID ASN1_OBJECT */
772 tmpoid
= ASN1_OBJECT_new();
775 if (!ossl_obj_write_lock(1)) {
776 ERR_raise(ERR_LIB_OBJ
, ERR_R_UNABLE_TO_GET_WRITE_LOCK
);
777 ASN1_OBJECT_free(tmpoid
);
781 /* If NID is not NID_undef then object already exists */
783 && ossl_obj_obj2nid(tmpoid
, 0) != NID_undef
) {
784 ERR_raise(ERR_LIB_OBJ
, OBJ_R_OID_EXISTS
);
788 tmpoid
->nid
= OBJ_new_nid(1);
789 if (tmpoid
->nid
== NID_undef
)
792 tmpoid
->sn
= (char *)sn
;
793 tmpoid
->ln
= (char *)ln
;
795 ok
= ossl_obj_add_object(tmpoid
, 0);
802 ASN1_OBJECT_free(tmpoid
);
806 size_t OBJ_length(const ASN1_OBJECT
*obj
)
813 const unsigned char *OBJ_get0_data(const ASN1_OBJECT
*obj
)
820 int OBJ_add_object(const ASN1_OBJECT
*obj
)
822 return ossl_obj_add_object(obj
, 1);
825 int OBJ_obj2nid(const ASN1_OBJECT
*a
)
827 return ossl_obj_obj2nid(a
, 1);