1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/obj.h>
58
59 #include <inttypes.h>
60 #include <limits.h>
61 #include <string.h>
62
63 #include <openssl/asn1.h>
64 #include <openssl/bytestring.h>
65 #include <openssl/err.h>
66 #include <openssl/lhash.h>
67 #include <openssl/mem.h>
68 #include <openssl/thread.h>
69
70 #include "../asn1/internal.h"
71 #include "../internal.h"
72 #include "../lhash/internal.h"
73
74 // obj_data.h must be included after the definition of |ASN1_OBJECT|.
75 #include "obj_dat.h"
76
77
78 DEFINE_LHASH_OF(ASN1_OBJECT)
79
80 static struct CRYPTO_STATIC_MUTEX global_added_lock = CRYPTO_STATIC_MUTEX_INIT;
81 // These globals are protected by |global_added_lock|.
82 static LHASH_OF(ASN1_OBJECT) *global_added_by_data = NULL;
83 static LHASH_OF(ASN1_OBJECT) *global_added_by_nid = NULL;
84 static LHASH_OF(ASN1_OBJECT) *global_added_by_short_name = NULL;
85 static LHASH_OF(ASN1_OBJECT) *global_added_by_long_name = NULL;
86
87 static struct CRYPTO_STATIC_MUTEX global_next_nid_lock =
88 CRYPTO_STATIC_MUTEX_INIT;
89 static unsigned global_next_nid = NUM_NID;
90
obj_next_nid(void)91 static int obj_next_nid(void) {
92 int ret;
93
94 CRYPTO_STATIC_MUTEX_lock_write(&global_next_nid_lock);
95 ret = global_next_nid++;
96 CRYPTO_STATIC_MUTEX_unlock_write(&global_next_nid_lock);
97
98 return ret;
99 }
100
OBJ_dup(const ASN1_OBJECT * o)101 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) {
102 ASN1_OBJECT *r;
103 unsigned char *data = NULL;
104 char *sn = NULL, *ln = NULL;
105
106 if (o == NULL) {
107 return NULL;
108 }
109
110 if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
111 // TODO(fork): this is a little dangerous.
112 return (ASN1_OBJECT *)o;
113 }
114
115 r = ASN1_OBJECT_new();
116 if (r == NULL) {
117 OPENSSL_PUT_ERROR(OBJ, ERR_R_ASN1_LIB);
118 return NULL;
119 }
120 r->ln = r->sn = NULL;
121
122 data = OPENSSL_malloc(o->length);
123 if (data == NULL) {
124 goto err;
125 }
126 if (o->data != NULL) {
127 OPENSSL_memcpy(data, o->data, o->length);
128 }
129
130 // once data is attached to an object, it remains const
131 r->data = data;
132 r->length = o->length;
133 r->nid = o->nid;
134
135 if (o->ln != NULL) {
136 ln = OPENSSL_strdup(o->ln);
137 if (ln == NULL) {
138 goto err;
139 }
140 }
141
142 if (o->sn != NULL) {
143 sn = OPENSSL_strdup(o->sn);
144 if (sn == NULL) {
145 goto err;
146 }
147 }
148
149 r->sn = sn;
150 r->ln = ln;
151
152 r->flags =
153 o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
154 ASN1_OBJECT_FLAG_DYNAMIC_DATA);
155 return r;
156
157 err:
158 OPENSSL_free(ln);
159 OPENSSL_free(sn);
160 OPENSSL_free(data);
161 OPENSSL_free(r);
162 return NULL;
163 }
164
OBJ_cmp(const ASN1_OBJECT * a,const ASN1_OBJECT * b)165 int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
166 int ret;
167
168 ret = a->length - b->length;
169 if (ret) {
170 return ret;
171 }
172 return OPENSSL_memcmp(a->data, b->data, a->length);
173 }
174
OBJ_get0_data(const ASN1_OBJECT * obj)175 const uint8_t *OBJ_get0_data(const ASN1_OBJECT *obj) {
176 if (obj == NULL) {
177 return NULL;
178 }
179
180 return obj->data;
181 }
182
OBJ_length(const ASN1_OBJECT * obj)183 size_t OBJ_length(const ASN1_OBJECT *obj) {
184 if (obj == NULL || obj->length < 0) {
185 return 0;
186 }
187
188 return (size_t)obj->length;
189 }
190
191 // obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is
192 // an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an
193 // unsigned int in the array.
obj_cmp(const void * key,const void * element)194 static int obj_cmp(const void *key, const void *element) {
195 uint16_t nid = *((const uint16_t *)element);
196 const ASN1_OBJECT *a = key;
197 const ASN1_OBJECT *b = &kObjects[nid];
198
199 if (a->length < b->length) {
200 return -1;
201 } else if (a->length > b->length) {
202 return 1;
203 }
204 return OPENSSL_memcmp(a->data, b->data, a->length);
205 }
206
OBJ_obj2nid(const ASN1_OBJECT * obj)207 int OBJ_obj2nid(const ASN1_OBJECT *obj) {
208 if (obj == NULL) {
209 return NID_undef;
210 }
211
212 if (obj->nid != 0) {
213 return obj->nid;
214 }
215
216 CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
217 if (global_added_by_data != NULL) {
218 ASN1_OBJECT *match;
219
220 match = lh_ASN1_OBJECT_retrieve(global_added_by_data, obj);
221 if (match != NULL) {
222 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
223 return match->nid;
224 }
225 }
226 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
227
228 const uint16_t *nid_ptr =
229 bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder),
230 sizeof(kNIDsInOIDOrder[0]), obj_cmp);
231 if (nid_ptr == NULL) {
232 return NID_undef;
233 }
234
235 return kObjects[*nid_ptr].nid;
236 }
237
OBJ_cbs2nid(const CBS * cbs)238 int OBJ_cbs2nid(const CBS *cbs) {
239 if (CBS_len(cbs) > INT_MAX) {
240 return NID_undef;
241 }
242
243 ASN1_OBJECT obj;
244 OPENSSL_memset(&obj, 0, sizeof(obj));
245 obj.data = CBS_data(cbs);
246 obj.length = (int)CBS_len(cbs);
247
248 return OBJ_obj2nid(&obj);
249 }
250
251 // short_name_cmp is called to search the kNIDsInShortNameOrder array. The
252 // |key| argument is name that we're looking for and |element| is a pointer to
253 // an unsigned int in the array.
short_name_cmp(const void * key,const void * element)254 static int short_name_cmp(const void *key, const void *element) {
255 const char *name = (const char *)key;
256 uint16_t nid = *((const uint16_t *)element);
257
258 return strcmp(name, kObjects[nid].sn);
259 }
260
OBJ_sn2nid(const char * short_name)261 int OBJ_sn2nid(const char *short_name) {
262 CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
263 if (global_added_by_short_name != NULL) {
264 ASN1_OBJECT *match, template;
265
266 template.sn = short_name;
267 match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &template);
268 if (match != NULL) {
269 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
270 return match->nid;
271 }
272 }
273 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
274
275 const uint16_t *nid_ptr =
276 bsearch(short_name, kNIDsInShortNameOrder,
277 OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder),
278 sizeof(kNIDsInShortNameOrder[0]), short_name_cmp);
279 if (nid_ptr == NULL) {
280 return NID_undef;
281 }
282
283 return kObjects[*nid_ptr].nid;
284 }
285
286 // long_name_cmp is called to search the kNIDsInLongNameOrder array. The
287 // |key| argument is name that we're looking for and |element| is a pointer to
288 // an unsigned int in the array.
long_name_cmp(const void * key,const void * element)289 static int long_name_cmp(const void *key, const void *element) {
290 const char *name = (const char *)key;
291 uint16_t nid = *((const uint16_t *)element);
292
293 return strcmp(name, kObjects[nid].ln);
294 }
295
OBJ_ln2nid(const char * long_name)296 int OBJ_ln2nid(const char *long_name) {
297 CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
298 if (global_added_by_long_name != NULL) {
299 ASN1_OBJECT *match, template;
300
301 template.ln = long_name;
302 match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &template);
303 if (match != NULL) {
304 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
305 return match->nid;
306 }
307 }
308 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
309
310 const uint16_t *nid_ptr = bsearch(
311 long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder),
312 sizeof(kNIDsInLongNameOrder[0]), long_name_cmp);
313 if (nid_ptr == NULL) {
314 return NID_undef;
315 }
316
317 return kObjects[*nid_ptr].nid;
318 }
319
OBJ_txt2nid(const char * s)320 int OBJ_txt2nid(const char *s) {
321 ASN1_OBJECT *obj;
322 int nid;
323
324 obj = OBJ_txt2obj(s, 0 /* search names */);
325 nid = OBJ_obj2nid(obj);
326 ASN1_OBJECT_free(obj);
327 return nid;
328 }
329
OBJ_nid2cbb(CBB * out,int nid)330 OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) {
331 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
332 CBB oid;
333
334 if (obj == NULL ||
335 !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) ||
336 !CBB_add_bytes(&oid, obj->data, obj->length) ||
337 !CBB_flush(out)) {
338 return 0;
339 }
340
341 return 1;
342 }
343
OBJ_nid2obj(int nid)344 ASN1_OBJECT *OBJ_nid2obj(int nid) {
345 if (nid >= 0 && nid < NUM_NID) {
346 if (nid != NID_undef && kObjects[nid].nid == NID_undef) {
347 goto err;
348 }
349 return (ASN1_OBJECT *)&kObjects[nid];
350 }
351
352 CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
353 if (global_added_by_nid != NULL) {
354 ASN1_OBJECT *match, template;
355
356 template.nid = nid;
357 match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &template);
358 if (match != NULL) {
359 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
360 return match;
361 }
362 }
363 CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
364
365 err:
366 OPENSSL_PUT_ERROR(OBJ, OBJ_R_UNKNOWN_NID);
367 return NULL;
368 }
369
OBJ_nid2sn(int nid)370 const char *OBJ_nid2sn(int nid) {
371 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
372 if (obj == NULL) {
373 return NULL;
374 }
375
376 return obj->sn;
377 }
378
OBJ_nid2ln(int nid)379 const char *OBJ_nid2ln(int nid) {
380 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
381 if (obj == NULL) {
382 return NULL;
383 }
384
385 return obj->ln;
386 }
387
create_object_with_text_oid(int (* get_nid)(void),const char * oid,const char * short_name,const char * long_name)388 static ASN1_OBJECT *create_object_with_text_oid(int (*get_nid)(void),
389 const char *oid,
390 const char *short_name,
391 const char *long_name) {
392 uint8_t *buf;
393 size_t len;
394 CBB cbb;
395 if (!CBB_init(&cbb, 32) ||
396 !CBB_add_asn1_oid_from_text(&cbb, oid, strlen(oid)) ||
397 !CBB_finish(&cbb, &buf, &len)) {
398 OPENSSL_PUT_ERROR(OBJ, OBJ_R_INVALID_OID_STRING);
399 CBB_cleanup(&cbb);
400 return NULL;
401 }
402
403 ASN1_OBJECT *ret = ASN1_OBJECT_create(get_nid ? get_nid() : NID_undef, buf,
404 len, short_name, long_name);
405 OPENSSL_free(buf);
406 return ret;
407 }
408
OBJ_txt2obj(const char * s,int dont_search_names)409 ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names) {
410 if (!dont_search_names) {
411 int nid = OBJ_sn2nid(s);
412 if (nid == NID_undef) {
413 nid = OBJ_ln2nid(s);
414 }
415
416 if (nid != NID_undef) {
417 return OBJ_nid2obj(nid);
418 }
419 }
420
421 return create_object_with_text_oid(NULL, s, NULL, NULL);
422 }
423
strlcpy_int(char * dst,const char * src,int dst_size)424 static int strlcpy_int(char *dst, const char *src, int dst_size) {
425 size_t ret = OPENSSL_strlcpy(dst, src, dst_size < 0 ? 0 : (size_t)dst_size);
426 if (ret > INT_MAX) {
427 OPENSSL_PUT_ERROR(OBJ, ERR_R_OVERFLOW);
428 return -1;
429 }
430 return (int)ret;
431 }
432
OBJ_obj2txt(char * out,int out_len,const ASN1_OBJECT * obj,int always_return_oid)433 int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
434 int always_return_oid) {
435 // Python depends on the empty OID successfully encoding as the empty
436 // string.
437 if (obj == NULL || obj->length == 0) {
438 return strlcpy_int(out, "", out_len);
439 }
440
441 if (!always_return_oid) {
442 int nid = OBJ_obj2nid(obj);
443 if (nid != NID_undef) {
444 const char *name = OBJ_nid2ln(nid);
445 if (name == NULL) {
446 name = OBJ_nid2sn(nid);
447 }
448 if (name != NULL) {
449 return strlcpy_int(out, name, out_len);
450 }
451 }
452 }
453
454 CBS cbs;
455 CBS_init(&cbs, obj->data, obj->length);
456 char *txt = CBS_asn1_oid_to_text(&cbs);
457 if (txt == NULL) {
458 if (out_len > 0) {
459 out[0] = '\0';
460 }
461 return -1;
462 }
463
464 int ret = strlcpy_int(out, txt, out_len);
465 OPENSSL_free(txt);
466 return ret;
467 }
468
hash_nid(const ASN1_OBJECT * obj)469 static uint32_t hash_nid(const ASN1_OBJECT *obj) {
470 return obj->nid;
471 }
472
cmp_nid(const ASN1_OBJECT * a,const ASN1_OBJECT * b)473 static int cmp_nid(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
474 return a->nid - b->nid;
475 }
476
hash_data(const ASN1_OBJECT * obj)477 static uint32_t hash_data(const ASN1_OBJECT *obj) {
478 return OPENSSL_hash32(obj->data, obj->length);
479 }
480
cmp_data(const ASN1_OBJECT * a,const ASN1_OBJECT * b)481 static int cmp_data(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
482 int i = a->length - b->length;
483 if (i) {
484 return i;
485 }
486 return OPENSSL_memcmp(a->data, b->data, a->length);
487 }
488
hash_short_name(const ASN1_OBJECT * obj)489 static uint32_t hash_short_name(const ASN1_OBJECT *obj) {
490 return OPENSSL_strhash(obj->sn);
491 }
492
cmp_short_name(const ASN1_OBJECT * a,const ASN1_OBJECT * b)493 static int cmp_short_name(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
494 return strcmp(a->sn, b->sn);
495 }
496
hash_long_name(const ASN1_OBJECT * obj)497 static uint32_t hash_long_name(const ASN1_OBJECT *obj) {
498 return OPENSSL_strhash(obj->ln);
499 }
500
cmp_long_name(const ASN1_OBJECT * a,const ASN1_OBJECT * b)501 static int cmp_long_name(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
502 return strcmp(a->ln, b->ln);
503 }
504
505 // obj_add_object inserts |obj| into the various global hashes for run-time
506 // added objects. It returns one on success or zero otherwise.
obj_add_object(ASN1_OBJECT * obj)507 static int obj_add_object(ASN1_OBJECT *obj) {
508 obj->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
509 ASN1_OBJECT_FLAG_DYNAMIC_DATA);
510
511 CRYPTO_STATIC_MUTEX_lock_write(&global_added_lock);
512 if (global_added_by_nid == NULL) {
513 global_added_by_nid = lh_ASN1_OBJECT_new(hash_nid, cmp_nid);
514 }
515 if (global_added_by_data == NULL) {
516 global_added_by_data = lh_ASN1_OBJECT_new(hash_data, cmp_data);
517 }
518 if (global_added_by_short_name == NULL) {
519 global_added_by_short_name =
520 lh_ASN1_OBJECT_new(hash_short_name, cmp_short_name);
521 }
522 if (global_added_by_long_name == NULL) {
523 global_added_by_long_name = lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name);
524 }
525
526 int ok = 0;
527 if (global_added_by_nid == NULL ||
528 global_added_by_data == NULL ||
529 global_added_by_short_name == NULL ||
530 global_added_by_long_name == NULL) {
531 goto err;
532 }
533
534 // We don't pay attention to |old_object| (which contains any previous object
535 // that was evicted from the hashes) because we don't have a reference count
536 // on ASN1_OBJECT values. Also, we should never have duplicates nids and so
537 // should always have objects in |global_added_by_nid|.
538 ASN1_OBJECT *old_object;
539 ok = lh_ASN1_OBJECT_insert(global_added_by_nid, &old_object, obj);
540 if (obj->length != 0 && obj->data != NULL) {
541 ok &= lh_ASN1_OBJECT_insert(global_added_by_data, &old_object, obj);
542 }
543 if (obj->sn != NULL) {
544 ok &= lh_ASN1_OBJECT_insert(global_added_by_short_name, &old_object, obj);
545 }
546 if (obj->ln != NULL) {
547 ok &= lh_ASN1_OBJECT_insert(global_added_by_long_name, &old_object, obj);
548 }
549
550 err:
551 CRYPTO_STATIC_MUTEX_unlock_write(&global_added_lock);
552 return ok;
553 }
554
OBJ_create(const char * oid,const char * short_name,const char * long_name)555 int OBJ_create(const char *oid, const char *short_name, const char *long_name) {
556 ASN1_OBJECT *op =
557 create_object_with_text_oid(obj_next_nid, oid, short_name, long_name);
558 if (op == NULL ||
559 !obj_add_object(op)) {
560 return NID_undef;
561 }
562 return op->nid;
563 }
564
OBJ_cleanup(void)565 void OBJ_cleanup(void) {}
566