1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/obj.h>
58
59 #include <inttypes.h>
60 #include <limits.h>
61 #include <string.h>
62
63 #include <openssl/asn1.h>
64 #include <openssl/bytestring.h>
65 #include <openssl/err.h>
66 #include <openssl/lhash.h>
67 #include <openssl/mem.h>
68 #include <openssl/thread.h>
69
70 #include "../asn1/internal.h"
71 #include "../internal.h"
72 #include "../lhash/internal.h"
73
74 // obj_data.h must be included after the definition of |ASN1_OBJECT|.
75 #include "obj_dat.h"
76
77
78 DEFINE_LHASH_OF(ASN1_OBJECT)
79
80 static CRYPTO_MUTEX global_added_lock = CRYPTO_MUTEX_INIT;
81 // These globals are protected by |global_added_lock|.
82 static LHASH_OF(ASN1_OBJECT) *global_added_by_data = NULL;
83 static LHASH_OF(ASN1_OBJECT) *global_added_by_nid = NULL;
84 static LHASH_OF(ASN1_OBJECT) *global_added_by_short_name = NULL;
85 static LHASH_OF(ASN1_OBJECT) *global_added_by_long_name = NULL;
86
87 static CRYPTO_MUTEX global_next_nid_lock = CRYPTO_MUTEX_INIT;
88 static unsigned global_next_nid = NUM_NID;
89
obj_next_nid(void)90 static int obj_next_nid(void) {
91 CRYPTO_MUTEX_lock_write(&global_next_nid_lock);
92 int ret = global_next_nid++;
93 CRYPTO_MUTEX_unlock_write(&global_next_nid_lock);
94 return ret;
95 }
96
OBJ_dup(const ASN1_OBJECT * o)97 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) {
98 ASN1_OBJECT *r;
99 unsigned char *data = NULL;
100 char *sn = NULL, *ln = NULL;
101
102 if (o == NULL) {
103 return NULL;
104 }
105
106 if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
107 // TODO(fork): this is a little dangerous.
108 return (ASN1_OBJECT *)o;
109 }
110
111 r = ASN1_OBJECT_new();
112 if (r == NULL) {
113 OPENSSL_PUT_ERROR(OBJ, ERR_R_ASN1_LIB);
114 return NULL;
115 }
116 r->ln = r->sn = NULL;
117
118 // once data is attached to an object, it remains const
119 r->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(o->data, o->length));
120 if (o->length != 0 && r->data == NULL) {
121 goto err;
122 }
123
124 r->length = o->length;
125 r->nid = o->nid;
126
127 if (o->ln != NULL) {
128 ln = OPENSSL_strdup(o->ln);
129 if (ln == NULL) {
130 goto err;
131 }
132 }
133
134 if (o->sn != NULL) {
135 sn = OPENSSL_strdup(o->sn);
136 if (sn == NULL) {
137 goto err;
138 }
139 }
140
141 r->sn = sn;
142 r->ln = ln;
143
144 r->flags =
145 o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
146 ASN1_OBJECT_FLAG_DYNAMIC_DATA);
147 return r;
148
149 err:
150 OPENSSL_free(ln);
151 OPENSSL_free(sn);
152 OPENSSL_free(data);
153 OPENSSL_free(r);
154 return NULL;
155 }
156
OBJ_cmp(const ASN1_OBJECT * a,const ASN1_OBJECT * b)157 int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
158 if (a->length < b->length) {
159 return -1;
160 } else if (a->length > b->length) {
161 return 1;
162 }
163 return OPENSSL_memcmp(a->data, b->data, a->length);
164 }
165
OBJ_get0_data(const ASN1_OBJECT * obj)166 const uint8_t *OBJ_get0_data(const ASN1_OBJECT *obj) {
167 if (obj == NULL) {
168 return NULL;
169 }
170
171 return obj->data;
172 }
173
OBJ_length(const ASN1_OBJECT * obj)174 size_t OBJ_length(const ASN1_OBJECT *obj) {
175 if (obj == NULL || obj->length < 0) {
176 return 0;
177 }
178
179 return (size_t)obj->length;
180 }
181
get_builtin_object(int nid)182 static const ASN1_OBJECT *get_builtin_object(int nid) {
183 // |NID_undef| is stored separately, so all the indices are off by one. The
184 // caller of this function must have a valid built-in, non-undef NID.
185 BSSL_CHECK(nid > 0 && nid < NUM_NID);
186 return &kObjects[nid - 1];
187 }
188
189 // obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is
190 // an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an
191 // unsigned int in the array.
obj_cmp(const void * key,const void * element)192 static int obj_cmp(const void *key, const void *element) {
193 uint16_t nid = *((const uint16_t *)element);
194 return OBJ_cmp(reinterpret_cast<const ASN1_OBJECT *>(key),
195 get_builtin_object(nid));
196 }
197
OBJ_obj2nid(const ASN1_OBJECT * obj)198 int OBJ_obj2nid(const ASN1_OBJECT *obj) {
199 if (obj == NULL) {
200 return NID_undef;
201 }
202
203 if (obj->nid != 0) {
204 return obj->nid;
205 }
206
207 CRYPTO_MUTEX_lock_read(&global_added_lock);
208 if (global_added_by_data != NULL) {
209 ASN1_OBJECT *match;
210
211 match = lh_ASN1_OBJECT_retrieve(global_added_by_data, obj);
212 if (match != NULL) {
213 CRYPTO_MUTEX_unlock_read(&global_added_lock);
214 return match->nid;
215 }
216 }
217 CRYPTO_MUTEX_unlock_read(&global_added_lock);
218
219 const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(
220 bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder),
221 sizeof(kNIDsInOIDOrder[0]), obj_cmp));
222 if (nid_ptr == NULL) {
223 return NID_undef;
224 }
225
226 return get_builtin_object(*nid_ptr)->nid;
227 }
228
OBJ_cbs2nid(const CBS * cbs)229 int OBJ_cbs2nid(const CBS *cbs) {
230 if (CBS_len(cbs) > INT_MAX) {
231 return NID_undef;
232 }
233
234 ASN1_OBJECT obj;
235 OPENSSL_memset(&obj, 0, sizeof(obj));
236 obj.data = CBS_data(cbs);
237 obj.length = (int)CBS_len(cbs);
238
239 return OBJ_obj2nid(&obj);
240 }
241
242 // short_name_cmp is called to search the kNIDsInShortNameOrder array. The
243 // |key| argument is name that we're looking for and |element| is a pointer to
244 // an unsigned int in the array.
short_name_cmp(const void * key,const void * element)245 static int short_name_cmp(const void *key, const void *element) {
246 const char *name = (const char *)key;
247 uint16_t nid = *((const uint16_t *)element);
248
249 return strcmp(name, get_builtin_object(nid)->sn);
250 }
251
OBJ_sn2nid(const char * short_name)252 int OBJ_sn2nid(const char *short_name) {
253 CRYPTO_MUTEX_lock_read(&global_added_lock);
254 if (global_added_by_short_name != NULL) {
255 ASN1_OBJECT *match, templ;
256
257 templ.sn = short_name;
258 match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &templ);
259 if (match != NULL) {
260 CRYPTO_MUTEX_unlock_read(&global_added_lock);
261 return match->nid;
262 }
263 }
264 CRYPTO_MUTEX_unlock_read(&global_added_lock);
265
266 const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(
267 bsearch(short_name, kNIDsInShortNameOrder,
268 OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder),
269 sizeof(kNIDsInShortNameOrder[0]), short_name_cmp));
270 if (nid_ptr == NULL) {
271 return NID_undef;
272 }
273
274 return get_builtin_object(*nid_ptr)->nid;
275 }
276
277 // long_name_cmp is called to search the kNIDsInLongNameOrder array. The
278 // |key| argument is name that we're looking for and |element| is a pointer to
279 // an unsigned int in the array.
long_name_cmp(const void * key,const void * element)280 static int long_name_cmp(const void *key, const void *element) {
281 const char *name = (const char *)key;
282 uint16_t nid = *((const uint16_t *)element);
283
284 return strcmp(name, get_builtin_object(nid)->ln);
285 }
286
OBJ_ln2nid(const char * long_name)287 int OBJ_ln2nid(const char *long_name) {
288 CRYPTO_MUTEX_lock_read(&global_added_lock);
289 if (global_added_by_long_name != NULL) {
290 ASN1_OBJECT *match, templ;
291
292 templ.ln = long_name;
293 match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &templ);
294 if (match != NULL) {
295 CRYPTO_MUTEX_unlock_read(&global_added_lock);
296 return match->nid;
297 }
298 }
299 CRYPTO_MUTEX_unlock_read(&global_added_lock);
300
301 const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(bsearch(
302 long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder),
303 sizeof(kNIDsInLongNameOrder[0]), long_name_cmp));
304 if (nid_ptr == NULL) {
305 return NID_undef;
306 }
307
308 return get_builtin_object(*nid_ptr)->nid;
309 }
310
OBJ_txt2nid(const char * s)311 int OBJ_txt2nid(const char *s) {
312 ASN1_OBJECT *obj;
313 int nid;
314
315 obj = OBJ_txt2obj(s, 0 /* search names */);
316 nid = OBJ_obj2nid(obj);
317 ASN1_OBJECT_free(obj);
318 return nid;
319 }
320
OBJ_nid2cbb(CBB * out,int nid)321 OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) {
322 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
323 CBB oid;
324
325 if (obj == NULL || !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) ||
326 !CBB_add_bytes(&oid, obj->data, obj->length) || !CBB_flush(out)) {
327 return 0;
328 }
329
330 return 1;
331 }
332
OBJ_get_undef(void)333 const ASN1_OBJECT *OBJ_get_undef(void) {
334 static const ASN1_OBJECT kUndef = {
335 /*sn=*/SN_undef,
336 /*ln=*/LN_undef,
337 /*nid=*/NID_undef,
338 /*length=*/0,
339 /*data=*/NULL,
340 /*flags=*/0,
341 };
342 return &kUndef;
343 }
344
OBJ_nid2obj(int nid)345 ASN1_OBJECT *OBJ_nid2obj(int nid) {
346 if (nid == NID_undef) {
347 return (ASN1_OBJECT *)OBJ_get_undef();
348 }
349
350 if (nid > 0 && nid < NUM_NID) {
351 const ASN1_OBJECT *obj = get_builtin_object(nid);
352 if (nid != NID_undef && obj->nid == NID_undef) {
353 goto err;
354 }
355 return (ASN1_OBJECT *)obj;
356 }
357
358 CRYPTO_MUTEX_lock_read(&global_added_lock);
359 if (global_added_by_nid != NULL) {
360 ASN1_OBJECT *match, templ;
361
362 templ.nid = nid;
363 match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &templ);
364 if (match != NULL) {
365 CRYPTO_MUTEX_unlock_read(&global_added_lock);
366 return match;
367 }
368 }
369 CRYPTO_MUTEX_unlock_read(&global_added_lock);
370
371 err:
372 OPENSSL_PUT_ERROR(OBJ, OBJ_R_UNKNOWN_NID);
373 return NULL;
374 }
375
OBJ_nid2sn(int nid)376 const char *OBJ_nid2sn(int nid) {
377 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
378 if (obj == NULL) {
379 return NULL;
380 }
381
382 return obj->sn;
383 }
384
OBJ_nid2ln(int nid)385 const char *OBJ_nid2ln(int nid) {
386 const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
387 if (obj == NULL) {
388 return NULL;
389 }
390
391 return obj->ln;
392 }
393
create_object_with_text_oid(int (* get_nid)(void),const char * oid,const char * short_name,const char * long_name)394 static ASN1_OBJECT *create_object_with_text_oid(int (*get_nid)(void),
395 const char *oid,
396 const char *short_name,
397 const char *long_name) {
398 uint8_t *buf;
399 size_t len;
400 CBB cbb;
401 if (!CBB_init(&cbb, 32) ||
402 !CBB_add_asn1_oid_from_text(&cbb, oid, strlen(oid)) ||
403 !CBB_finish(&cbb, &buf, &len)) {
404 OPENSSL_PUT_ERROR(OBJ, OBJ_R_INVALID_OID_STRING);
405 CBB_cleanup(&cbb);
406 return NULL;
407 }
408
409 ASN1_OBJECT *ret = ASN1_OBJECT_create(get_nid ? get_nid() : NID_undef, buf,
410 len, short_name, long_name);
411 OPENSSL_free(buf);
412 return ret;
413 }
414
OBJ_txt2obj(const char * s,int dont_search_names)415 ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names) {
416 if (!dont_search_names) {
417 int nid = OBJ_sn2nid(s);
418 if (nid == NID_undef) {
419 nid = OBJ_ln2nid(s);
420 }
421
422 if (nid != NID_undef) {
423 return OBJ_nid2obj(nid);
424 }
425 }
426
427 return create_object_with_text_oid(NULL, s, NULL, NULL);
428 }
429
strlcpy_int(char * dst,const char * src,int dst_size)430 static int strlcpy_int(char *dst, const char *src, int dst_size) {
431 size_t ret = OPENSSL_strlcpy(dst, src, dst_size < 0 ? 0 : (size_t)dst_size);
432 if (ret > INT_MAX) {
433 OPENSSL_PUT_ERROR(OBJ, ERR_R_OVERFLOW);
434 return -1;
435 }
436 return (int)ret;
437 }
438
OBJ_obj2txt(char * out,int out_len,const ASN1_OBJECT * obj,int always_return_oid)439 int OBJ_obj2txt(char *out, int out_len, const ASN1_OBJECT *obj,
440 int always_return_oid) {
441 // Python depends on the empty OID successfully encoding as the empty
442 // string.
443 if (obj == NULL || obj->length == 0) {
444 return strlcpy_int(out, "", out_len);
445 }
446
447 if (!always_return_oid) {
448 int nid = OBJ_obj2nid(obj);
449 if (nid != NID_undef) {
450 const char *name = OBJ_nid2ln(nid);
451 if (name == NULL) {
452 name = OBJ_nid2sn(nid);
453 }
454 if (name != NULL) {
455 return strlcpy_int(out, name, out_len);
456 }
457 }
458 }
459
460 CBS cbs;
461 CBS_init(&cbs, obj->data, obj->length);
462 char *txt = CBS_asn1_oid_to_text(&cbs);
463 if (txt == NULL) {
464 if (out_len > 0) {
465 out[0] = '\0';
466 }
467 return -1;
468 }
469
470 int ret = strlcpy_int(out, txt, out_len);
471 OPENSSL_free(txt);
472 return ret;
473 }
474
hash_nid(const ASN1_OBJECT * obj)475 static uint32_t hash_nid(const ASN1_OBJECT *obj) { return obj->nid; }
476
cmp_nid(const ASN1_OBJECT * a,const ASN1_OBJECT * b)477 static int cmp_nid(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
478 return a->nid - b->nid;
479 }
480
hash_data(const ASN1_OBJECT * obj)481 static uint32_t hash_data(const ASN1_OBJECT *obj) {
482 return OPENSSL_hash32(obj->data, obj->length);
483 }
484
hash_short_name(const ASN1_OBJECT * obj)485 static uint32_t hash_short_name(const ASN1_OBJECT *obj) {
486 return OPENSSL_strhash(obj->sn);
487 }
488
cmp_short_name(const ASN1_OBJECT * a,const ASN1_OBJECT * b)489 static int cmp_short_name(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
490 return strcmp(a->sn, b->sn);
491 }
492
hash_long_name(const ASN1_OBJECT * obj)493 static uint32_t hash_long_name(const ASN1_OBJECT *obj) {
494 return OPENSSL_strhash(obj->ln);
495 }
496
cmp_long_name(const ASN1_OBJECT * a,const ASN1_OBJECT * b)497 static int cmp_long_name(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
498 return strcmp(a->ln, b->ln);
499 }
500
501 // obj_add_object inserts |obj| into the various global hashes for run-time
502 // added objects. It returns one on success or zero otherwise.
obj_add_object(ASN1_OBJECT * obj)503 static int obj_add_object(ASN1_OBJECT *obj) {
504 obj->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
505 ASN1_OBJECT_FLAG_DYNAMIC_DATA);
506
507 CRYPTO_MUTEX_lock_write(&global_added_lock);
508 if (global_added_by_nid == NULL) {
509 global_added_by_nid = lh_ASN1_OBJECT_new(hash_nid, cmp_nid);
510 }
511 if (global_added_by_data == NULL) {
512 global_added_by_data = lh_ASN1_OBJECT_new(hash_data, OBJ_cmp);
513 }
514 if (global_added_by_short_name == NULL) {
515 global_added_by_short_name =
516 lh_ASN1_OBJECT_new(hash_short_name, cmp_short_name);
517 }
518 if (global_added_by_long_name == NULL) {
519 global_added_by_long_name =
520 lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name);
521 }
522
523 int ok = 0;
524 if (global_added_by_nid == NULL || //
525 global_added_by_data == NULL || //
526 global_added_by_short_name == NULL || //
527 global_added_by_long_name == NULL) {
528 goto err;
529 }
530
531 // We don't pay attention to |old_object| (which contains any previous object
532 // that was evicted from the hashes) because we don't have a reference count
533 // on ASN1_OBJECT values. Also, we should never have duplicates nids and so
534 // should always have objects in |global_added_by_nid|.
535 ASN1_OBJECT *old_object;
536 ok = lh_ASN1_OBJECT_insert(global_added_by_nid, &old_object, obj);
537 if (obj->length != 0 && obj->data != NULL) {
538 ok &= lh_ASN1_OBJECT_insert(global_added_by_data, &old_object, obj);
539 }
540 if (obj->sn != NULL) {
541 ok &= lh_ASN1_OBJECT_insert(global_added_by_short_name, &old_object, obj);
542 }
543 if (obj->ln != NULL) {
544 ok &= lh_ASN1_OBJECT_insert(global_added_by_long_name, &old_object, obj);
545 }
546
547 err:
548 CRYPTO_MUTEX_unlock_write(&global_added_lock);
549 return ok;
550 }
551
OBJ_create(const char * oid,const char * short_name,const char * long_name)552 int OBJ_create(const char *oid, const char *short_name, const char *long_name) {
553 ASN1_OBJECT *op =
554 create_object_with_text_oid(obj_next_nid, oid, short_name, long_name);
555 if (op == NULL || !obj_add_object(op)) {
556 return NID_undef;
557 }
558 return op->nid;
559 }
560
OBJ_cleanup(void)561 void OBJ_cleanup(void) {}
562