obj_xref.c 5.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
  1. /*
  2. * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/objects.h>
  10. #include "obj_xref.h"
  11. #include "internal/nelem.h"
  12. #include "internal/thread_once.h"
  13. #include <openssl/err.h>
  14. static STACK_OF(nid_triple) *sig_app, *sigx_app;
  15. static CRYPTO_RWLOCK *sig_lock;
  16. static int sig_cmp(const nid_triple *a, const nid_triple *b)
  17. {
  18. return a->sign_id - b->sign_id;
  19. }
  20. DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
  21. IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
  22. static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b)
  23. {
  24. return (*a)->sign_id - (*b)->sign_id;
  25. }
  26. DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
  27. static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b)
  28. {
  29. int ret;
  30. ret = (*a)->hash_id - (*b)->hash_id;
  31. /* The "b" side of the comparison carries the algorithms already
  32. * registered. A NID_undef for 'hash_id' there means that the
  33. * signature algorithm doesn't need a digest to operate OK. In
  34. * such case, any hash_id/digest algorithm on the test side (a),
  35. * incl. NID_undef, is acceptable. signature algorithm NID
  36. * (pkey_id) must match in any case.
  37. */
  38. if ((ret != 0) && ((*b)->hash_id != NID_undef))
  39. return ret;
  40. return (*a)->pkey_id - (*b)->pkey_id;
  41. }
  42. IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
  43. static CRYPTO_ONCE sig_init = CRYPTO_ONCE_STATIC_INIT;
  44. DEFINE_RUN_ONCE_STATIC(o_sig_init)
  45. {
  46. sig_lock = CRYPTO_THREAD_lock_new();
  47. return sig_lock != NULL;
  48. }
  49. static ossl_inline int obj_sig_init(void)
  50. {
  51. return RUN_ONCE(&sig_init, o_sig_init);
  52. }
  53. static int ossl_obj_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid,
  54. int lock)
  55. {
  56. nid_triple tmp;
  57. const nid_triple *rv;
  58. int idx;
  59. if (signid == NID_undef)
  60. return 0;
  61. tmp.sign_id = signid;
  62. rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
  63. if (rv == NULL) {
  64. if (!obj_sig_init())
  65. return 0;
  66. if (lock && !CRYPTO_THREAD_read_lock(sig_lock)) {
  67. ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
  68. return 0;
  69. }
  70. if (sig_app != NULL) {
  71. idx = sk_nid_triple_find(sig_app, &tmp);
  72. if (idx >= 0)
  73. rv = sk_nid_triple_value(sig_app, idx);
  74. }
  75. if (lock)
  76. CRYPTO_THREAD_unlock(sig_lock);
  77. if (rv == NULL)
  78. return 0;
  79. }
  80. if (pdig_nid != NULL)
  81. *pdig_nid = rv->hash_id;
  82. if (ppkey_nid != NULL)
  83. *ppkey_nid = rv->pkey_id;
  84. return 1;
  85. }
  86. int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
  87. {
  88. return ossl_obj_find_sigid_algs(signid, pdig_nid, ppkey_nid, 1);
  89. }
  90. int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
  91. {
  92. nid_triple tmp;
  93. const nid_triple *t = &tmp;
  94. const nid_triple **rv;
  95. int idx;
  96. /* permitting searches for sig algs without digest: */
  97. if (pkey_nid == NID_undef)
  98. return 0;
  99. tmp.hash_id = dig_nid;
  100. tmp.pkey_id = pkey_nid;
  101. rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
  102. if (rv == NULL) {
  103. if (!obj_sig_init())
  104. return 0;
  105. if (!CRYPTO_THREAD_read_lock(sig_lock)) {
  106. ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
  107. return 0;
  108. }
  109. if (sigx_app != NULL) {
  110. idx = sk_nid_triple_find(sigx_app, &tmp);
  111. if (idx >= 0) {
  112. t = sk_nid_triple_value(sigx_app, idx);
  113. rv = &t;
  114. }
  115. }
  116. CRYPTO_THREAD_unlock(sig_lock);
  117. if (rv == NULL)
  118. return 0;
  119. }
  120. if (psignid != NULL)
  121. *psignid = (*rv)->sign_id;
  122. return 1;
  123. }
  124. int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
  125. {
  126. nid_triple *ntr;
  127. int dnid = NID_undef, pnid = NID_undef, ret = 0;
  128. if (signid == NID_undef || pkey_id == NID_undef)
  129. return 0;
  130. if (!obj_sig_init())
  131. return 0;
  132. if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL)
  133. return 0;
  134. ntr->sign_id = signid;
  135. ntr->hash_id = dig_id;
  136. ntr->pkey_id = pkey_id;
  137. if (!CRYPTO_THREAD_write_lock(sig_lock)) {
  138. ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
  139. OPENSSL_free(ntr);
  140. return 0;
  141. }
  142. /* Check that the entry doesn't exist or exists as desired */
  143. if (ossl_obj_find_sigid_algs(signid, &dnid, &pnid, 0)) {
  144. ret = dnid == dig_id && pnid == pkey_id;
  145. goto err;
  146. }
  147. if (sig_app == NULL) {
  148. sig_app = sk_nid_triple_new(sig_sk_cmp);
  149. if (sig_app == NULL)
  150. goto err;
  151. }
  152. if (sigx_app == NULL) {
  153. sigx_app = sk_nid_triple_new(sigx_cmp);
  154. if (sigx_app == NULL)
  155. goto err;
  156. }
  157. /*
  158. * Better might be to find where to insert the element and insert it there.
  159. * This would avoid the sorting steps below.
  160. */
  161. if (!sk_nid_triple_push(sig_app, ntr))
  162. goto err;
  163. if (!sk_nid_triple_push(sigx_app, ntr)) {
  164. ntr = NULL; /* This is referenced by sig_app still */
  165. goto err;
  166. }
  167. sk_nid_triple_sort(sig_app);
  168. sk_nid_triple_sort(sigx_app);
  169. ntr = NULL;
  170. ret = 1;
  171. err:
  172. OPENSSL_free(ntr);
  173. CRYPTO_THREAD_unlock(sig_lock);
  174. return ret;
  175. }
  176. static void sid_free(nid_triple *tt)
  177. {
  178. OPENSSL_free(tt);
  179. }
  180. void OBJ_sigid_free(void)
  181. {
  182. sk_nid_triple_pop_free(sig_app, sid_free);
  183. sk_nid_triple_free(sigx_app);
  184. CRYPTO_THREAD_lock_free(sig_lock);
  185. sig_app = NULL;
  186. sigx_app = NULL;
  187. sig_lock = NULL;
  188. }