openssl/crypto/asn1/asn_moid.c

/*
 * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "crypto/ctype.h"
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
#include <openssl/x509.h>
#include "crypto/asn1.h"
#include "crypto/objects.h"

/* Simple ASN1 OID module: add all objects in a given section */

static int do_create(const char *value, const char *name);

static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
{
    int i;
    const char *oid_section;
    STACK_OF(CONF_VALUE) *sktmp;
    CONF_VALUE *oval;

    oid_section = CONF_imodule_get_value(md);
    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION);
        return 0;
    }
    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
        oval = sk_CONF_VALUE_value(sktmp, i);
        if (!do_create(oval->value, oval->name)) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_ADDING_OBJECT);
            return 0;
        }
    }
    return 1;
}

static void oid_module_finish(CONF_IMODULE *md)
{
}

void ASN1_add_oid_module(void)
{
    CONF_module_add("oid_section", oid_module_init, oid_module_finish);
}

/*-
 * Create an OID based on a name value pair. Accept two formats.
 * shortname = 1.2.3.4
 * shortname = some long name, 1.2.3.4
 */

static int do_create(const char *value, const char *name)
{
    int nid;
    const char *ln, *ostr, *p;
    char *lntmp = NULL;

    p = strrchr(value, ',');
    if (p == NULL) {
        ln = name;
        ostr = value;
    } else {
        ln = value;
        ostr = p + 1;
        if (*ostr == '\0')
            return 0;
        while (ossl_isspace(*ostr))
            ostr++;
        while (ossl_isspace(*ln))
            ln++;
        p--;
        while (ossl_isspace(*p)) {
            if (p == ln)
                return 0;
            p--;
        }
        p++;
        if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL)
            return 0;
        memcpy(lntmp, ln, p - ln);
        lntmp[p - ln] = '\0';
        ln = lntmp;
    }

    nid = OBJ_create(ostr, name, ln);

    OPENSSL_free(lntmp);

    return nid != NID_undef;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`/*`
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11839) 2020-05-15 21:09:49 +08:00			`* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.`
Experimental configuration code. Incomplete, largely untested and subject to change/deletion. 2002-01-05 09:37:16 +08:00			`*`
Following the license change, modify the boilerplates in crypto/asn1/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7772) 2018-12-06 20:17:34 +08:00			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
Copyright consolidation 08/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 02:51:34 +08:00			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
Experimental configuration code. Incomplete, largely untested and subject to change/deletion. 2002-01-05 09:37:16 +08:00			`*/`

			`#include <stdio.h>`
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333) 2019-09-28 06:45:33 +08:00			`#include "crypto/ctype.h"`
Experimental configuration code. Incomplete, largely untested and subject to change/deletion. 2002-01-05 09:37:16 +08:00			`#include <openssl/crypto.h>`
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org> 2015-05-14 22:56:48 +08:00			`#include "internal/cryptlib.h"`
Experimental configuration code. Incomplete, largely untested and subject to change/deletion. 2002-01-05 09:37:16 +08:00			`#include <openssl/conf.h>`
			`#include <openssl/x509.h>`
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333) 2019-09-28 06:45:33 +08:00			`#include "crypto/asn1.h"`
			`#include "crypto/objects.h"`
Experimental configuration code. Incomplete, largely untested and subject to change/deletion. 2002-01-05 09:37:16 +08:00
			`/* Simple ASN1 OID module: add all objects in a given section */`

Constify some input buffers in asn1 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215) 2016-06-12 17:17:50 +08:00			`static int do_create(const char value, const char name);`
Extend OID config module format. 2004-03-27 21:30:14 +08:00
Constification, add config to /dev/crypto. 2002-01-19 00:51:05 +08:00			`static int oid_module_init(CONF_IMODULE md, const CONF cnf)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`int i;`
			`const char *oid_section;`
			`STACK_OF(CONF_VALUE) *sktmp;`
			`CONF_VALUE *oval;`
Use p==NULL not !p (in if statements, mainly) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-05-07 01:43:59 +08:00
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`oid_section = CONF_imodule_get_value(md);`
Use p==NULL not !p (in if statements, mainly) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-05-07 01:43:59 +08:00			`if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {`
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318) 2020-11-04 19:23:19 +08:00			`ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION);`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return 0;`
			`}`
			`for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {`
			`oval = sk_CONF_VALUE_value(sktmp, i);`
			`if (!do_create(oval->value, oval->name)) {`
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318) 2020-11-04 19:23:19 +08:00			`ERR_raise(ERR_LIB_ASN1, ASN1_R_ADDING_OBJECT);`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return 0;`
			`}`
			`}`
			`return 1;`
			`}`
Cleanup ASN1 OID module when it exits. 2004-03-06 07:47:56 +08:00
			`static void oid_module_finish(CONF_IMODULE *md)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`}`
Experimental configuration code. Incomplete, largely untested and subject to change/deletion. 2002-01-05 09:37:16 +08:00
			`void ASN1_add_oid_module(void)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`CONF_module_add("oid_section", oid_module_init, oid_module_finish);`
			`}`
Extend OID config module format. 2004-03-27 21:30:14 +08:00
Further comment changes for reformat (master) Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-16 17:21:50 +08:00			`/*-`
			`* Create an OID based on a name value pair. Accept two formats.`
Extend OID config module format. 2004-03-27 21:30:14 +08:00			`* shortname = 1.2.3.4`
			`* shortname = some long name, 1.2.3.4`
			`*/`

Constify some input buffers in asn1 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215) 2016-06-12 17:17:50 +08:00			`static int do_create(const char value, const char name)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`{`
			`int nid;`
Constify some input buffers in asn1 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215) 2016-06-12 17:17:50 +08:00			`const char ln, ostr, *p;`
asn1/asn_moid.c: overhaul do_create. Original could allocate nid and then bail out on malloc failure. Instead allocate first then attempt to create object. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998) 2018-08-18 05:04:03 +08:00			`char *lntmp = NULL;`

Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`p = strrchr(value, ',');`
asn1/asn_moid.c: overhaul do_create. Original could allocate nid and then bail out on malloc failure. Instead allocate first then attempt to create object. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998) 2018-08-18 05:04:03 +08:00			`if (p == NULL) {`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ln = name;`
			`ostr = value;`
			`} else {`
asn1/asn_moid.c: overhaul do_create. Original could allocate nid and then bail out on malloc failure. Instead allocate first then attempt to create object. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998) 2018-08-18 05:04:03 +08:00			`ln = value;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ostr = p + 1;`
asn1/asn_moid.c: overhaul do_create. Original could allocate nid and then bail out on malloc failure. Instead allocate first then attempt to create object. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998) 2018-08-18 05:04:03 +08:00			`if (*ostr == '\0')`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return 0;`
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102) 2017-08-21 05:19:17 +08:00			`while (ossl_isspace(*ostr))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ostr++;`
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102) 2017-08-21 05:19:17 +08:00			`while (ossl_isspace(*ln))`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`ln++;`
			`p--;`
This has been added to avoid the situation where some host ctype.h functions return true for characters > 127. I.e. they are allowing extended ASCII characters through which then cause problems. E.g. marking superscript '2' as a number then causes the common (ch - '0') conversion to number to fail miserably. Likewise letters with diacritical marks can also cause problems. If a non-ASCII character set is being used (currently only EBCDIC), it is adjusted for. The implementation uses a single table with a bit for each of the defined classes. These functions accept an int argument and fail for values out of range or for characters outside of the ASCII set. They will work for both signed and unsigned character inputs. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4102) 2017-08-21 05:19:17 +08:00			`while (ossl_isspace(*p)) {`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`if (p == ln)`
			`return 0;`
			`p--;`
			`}`
			`p++;`
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301) 2022-09-29 19:57:34 +08:00			`if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL)`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`return 0;`
			`memcpy(lntmp, ln, p - ln);`
asn1/asn_moid.c: overhaul do_create. Original could allocate nid and then bail out on malloc failure. Instead allocate first then attempt to create object. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998) 2018-08-18 05:04:03 +08:00			`lntmp[p - ln] = '\0';`
			`ln = lntmp;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`}`
Extend OID config module format. 2004-03-27 21:30:14 +08:00
asn1/asn_moid.c: overhaul do_create. Original could allocate nid and then bail out on malloc failure. Instead allocate first then attempt to create object. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6998) 2018-08-18 05:04:03 +08:00			`nid = OBJ_create(ostr, name, ln);`

			`OPENSSL_free(lntmp);`

			`return nid != NID_undef;`
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org> 2015-01-22 11:40:55 +08:00			`}`