/src/openssl/crypto/objects/obj_xref.c

Source (jump to first uncovered line)
/*
 * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/objects.h>
#include "obj_xref.h"
#include "internal/nelem.h"
#include "internal/thread_once.h"
#include <openssl/err.h>

static STACK_OF(nid_triple) *sig_app, *sigx_app;
static CRYPTO_RWLOCK *sig_lock;

static int sig_cmp(const nid_triple *a, const nid_triple *b)
{
    return a->sign_id - b->sign_id;
}

DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);

static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b)
{
    return (*a)->sign_id - (*b)->sign_id;
}

DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);

static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b)
{
    int ret;

    ret = (*a)->hash_id - (*b)->hash_id;
    /* The "b" side of the comparison carries the algorithms already
     * registered. A NID_undef for 'hash_id' there means that the
     * signature algorithm doesn't need a digest to operate OK. In
     * such case, any hash_id/digest algorithm on the test side (a),
     * incl. NID_undef, is acceptable. signature algorithm NID
     * (pkey_id) must match in any case.
     */
    if ((ret != 0) && ((*b)->hash_id != NID_undef))
        return ret;
    return (*a)->pkey_id - (*b)->pkey_id;
}

IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);

static CRYPTO_ONCE sig_init = CRYPTO_ONCE_STATIC_INIT;

DEFINE_RUN_ONCE_STATIC(o_sig_init)
{
    sig_lock = CRYPTO_THREAD_lock_new();
    return sig_lock != NULL;
}

static ossl_inline int obj_sig_init(void)
{
    return RUN_ONCE(&sig_init, o_sig_init);
}

static int ossl_obj_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid,
                                    int lock)
{
    nid_triple tmp;
    const nid_triple *rv;
    int idx;

    if (signid == NID_undef)
        return 0;

    tmp.sign_id = signid;
    rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
    if (rv == NULL) {
        if (!obj_sig_init())
            return 0;
        if (lock && !CRYPTO_THREAD_read_lock(sig_lock)) {
            ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
            return 0;
        }
        if (sig_app != NULL) {
            idx = sk_nid_triple_find(sig_app, &tmp);
            if (idx >= 0)
                rv = sk_nid_triple_value(sig_app, idx);
        }
        if (lock)
            CRYPTO_THREAD_unlock(sig_lock);
        if (rv == NULL)
            return 0;
    }

    if (pdig_nid != NULL)
        *pdig_nid = rv->hash_id;
    if (ppkey_nid != NULL)
        *ppkey_nid = rv->pkey_id;
    return 1;
}

int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
{
    return ossl_obj_find_sigid_algs(signid, pdig_nid, ppkey_nid, 1);
}

int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
{
    nid_triple tmp;
    const nid_triple *t = &tmp;
    const nid_triple **rv;
    int idx;

    /* permitting searches for sig algs without digest: */
    if (pkey_nid == NID_undef)
        return 0;

    tmp.hash_id = dig_nid;
    tmp.pkey_id = pkey_nid;

    rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
    if (rv == NULL) {
        if (!obj_sig_init())
            return 0;
        if (!CRYPTO_THREAD_read_lock(sig_lock)) {
            ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
            return 0;
        }
        if (sigx_app != NULL) {
            idx = sk_nid_triple_find(sigx_app, &tmp);
            if (idx >= 0) {
                t = sk_nid_triple_value(sigx_app, idx);
                rv = &t;
            }
        }
        CRYPTO_THREAD_unlock(sig_lock);
        if (rv == NULL)
            return 0;
    }

    if (psignid != NULL)
        *psignid = (*rv)->sign_id;
    return 1;
}

int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
{
    nid_triple *ntr;
    int dnid = NID_undef, pnid = NID_undef, ret = 0;

    if (signid == NID_undef || pkey_id == NID_undef)
        return 0;

    if (!obj_sig_init())
        return 0;

    if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL)
        return 0;
    ntr->sign_id = signid;
    ntr->hash_id = dig_id;
    ntr->pkey_id = pkey_id;

    if (!CRYPTO_THREAD_write_lock(sig_lock)) {
        ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
        OPENSSL_free(ntr);
        return 0;
    }

    /* Check that the entry doesn't exist or exists as desired */
    if (ossl_obj_find_sigid_algs(signid, &dnid, &pnid, 0)) {
        ret = dnid == dig_id && pnid == pkey_id;
        goto err;
    }

    if (sig_app == NULL) {
        sig_app = sk_nid_triple_new(sig_sk_cmp);
        if (sig_app == NULL)
            goto err;
    }
    if (sigx_app == NULL) {
        sigx_app = sk_nid_triple_new(sigx_cmp);
        if (sigx_app == NULL)
            goto err;
    }

    /*
     * Better might be to find where to insert the element and insert it there.
     * This would avoid the sorting steps below.
     */
    if (!sk_nid_triple_push(sig_app, ntr))
        goto err;
    if (!sk_nid_triple_push(sigx_app, ntr)) {
        ntr = NULL;             /* This is referenced by sig_app still */
        goto err;
    }

    sk_nid_triple_sort(sig_app);
    sk_nid_triple_sort(sigx_app);

    ntr = NULL;
    ret = 1;
 err:
    OPENSSL_free(ntr);
    CRYPTO_THREAD_unlock(sig_lock);
    return ret;
}

static void sid_free(nid_triple *tt)
{
    OPENSSL_free(tt);
}

void OBJ_sigid_free(void)
{
    sk_nid_triple_pop_free(sig_app, sid_free);
    sk_nid_triple_free(sigx_app);
    CRYPTO_THREAD_lock_free(sig_lock);
    sig_app = NULL;
    sigx_app = NULL;
    sig_lock = NULL;
}

Coverage Report

Created: 2025-06-13 06:55

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/objects.h>
11		#include "obj_xref.h"
12		#include "internal/nelem.h"
13		#include "internal/thread_once.h"
14		#include <openssl/err.h>
15
16		static STACK_OF(nid_triple) sig_app, sigx_app;
17		static CRYPTO_RWLOCK *sig_lock;
18
19		static int sig_cmp(const nid_triple a, const nid_triple b)
20	0	{
21	0	return a->sign_id - b->sign_id;
22	0	}
23
24		DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
25		IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
26
27		static int sig_sk_cmp(const nid_triple const a, const nid_triple const b)
28	0	{
29	0	return (a)->sign_id - (b)->sign_id;
30	0	}
31
32		DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple , const nid_triple , sigx);
33
34		static int sigx_cmp(const nid_triple const a, const nid_triple const b)
35	0	{
36	0	int ret;
37
38	0	ret = (a)->hash_id - (b)->hash_id;
39		/* The "b" side of the comparison carries the algorithms already
40		* registered. A NID_undef for 'hash_id' there means that the
41		* signature algorithm doesn't need a digest to operate OK. In
42		* such case, any hash_id/digest algorithm on the test side (a),
43		* incl. NID_undef, is acceptable. signature algorithm NID
44		* (pkey_id) must match in any case.
45		*/
46	0	if ((ret != 0) && ((*b)->hash_id != NID_undef))
47	0	return ret;
48	0	return (a)->pkey_id - (b)->pkey_id;
49	0	}
50
51		IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple , const nid_triple , sigx);
52
53		static CRYPTO_ONCE sig_init = CRYPTO_ONCE_STATIC_INIT;
54
55		DEFINE_RUN_ONCE_STATIC(o_sig_init)
56	0	{
57	0	sig_lock = CRYPTO_THREAD_lock_new();
58	0	return sig_lock != NULL;
59	0	}
60
61		static ossl_inline int obj_sig_init(void)
62	0	{
63	0	return RUN_ONCE(&sig_init, o_sig_init);
64	0	}
65
66		static int ossl_obj_find_sigid_algs(int signid, int pdig_nid, int ppkey_nid,
67		int lock)
68	0	{
69	0	nid_triple tmp;
70	0	const nid_triple *rv;
71	0	int idx;
72
73	0	if (signid == NID_undef)
74	0	return 0;
75
76	0	tmp.sign_id = signid;
77	0	rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
78	0	if (rv == NULL) {
79	0	if (!obj_sig_init())
80	0	return 0;
81	0	if (lock && !CRYPTO_THREAD_read_lock(sig_lock)) {
82	0	ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
83	0	return 0;
84	0	}
85	0	if (sig_app != NULL) {
86	0	idx = sk_nid_triple_find(sig_app, &tmp);
87	0	if (idx >= 0)
88	0	rv = sk_nid_triple_value(sig_app, idx);
89	0	}
90	0	if (lock)
91	0	CRYPTO_THREAD_unlock(sig_lock);
92	0	if (rv == NULL)
93	0	return 0;
94	0	}
95
96	0	if (pdig_nid != NULL)
97	0	*pdig_nid = rv->hash_id;
98	0	if (ppkey_nid != NULL)
99	0	*ppkey_nid = rv->pkey_id;
100	0	return 1;
101	0	}
102
103		int OBJ_find_sigid_algs(int signid, int pdig_nid, int ppkey_nid)
104	0	{
105	0	return ossl_obj_find_sigid_algs(signid, pdig_nid, ppkey_nid, 1);
106	0	}
107
108		int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
109	0	{
110	0	nid_triple tmp;
111	0	const nid_triple *t = &tmp;
112	0	const nid_triple **rv;
113	0	int idx;
114
115		/* permitting searches for sig algs without digest: */
116	0	if (pkey_nid == NID_undef)
117	0	return 0;
118
119	0	tmp.hash_id = dig_nid;
120	0	tmp.pkey_id = pkey_nid;
121
122	0	rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
123	0	if (rv == NULL) {
124	0	if (!obj_sig_init())
125	0	return 0;
126	0	if (!CRYPTO_THREAD_read_lock(sig_lock)) {
127	0	ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_READ_LOCK);
128	0	return 0;
129	0	}
130	0	if (sigx_app != NULL) {
131	0	idx = sk_nid_triple_find(sigx_app, &tmp);
132	0	if (idx >= 0) {
133	0	t = sk_nid_triple_value(sigx_app, idx);
134	0	rv = &t;
135	0	}
136	0	}
137	0	CRYPTO_THREAD_unlock(sig_lock);
138	0	if (rv == NULL)
139	0	return 0;
140	0	}
141
142	0	if (psignid != NULL)
143	0	psignid = (rv)->sign_id;
144	0	return 1;
145	0	}
146
147		int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
148	0	{
149	0	nid_triple *ntr;
150	0	int dnid = NID_undef, pnid = NID_undef, ret = 0;
151
152	0	if (signid == NID_undef \|\| pkey_id == NID_undef)
153	0	return 0;
154
155	0	if (!obj_sig_init())
156	0	return 0;
157
158	0	if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL)
159	0	return 0;
160	0	ntr->sign_id = signid;
161	0	ntr->hash_id = dig_id;
162	0	ntr->pkey_id = pkey_id;
163
164	0	if (!CRYPTO_THREAD_write_lock(sig_lock)) {
165	0	ERR_raise(ERR_LIB_OBJ, ERR_R_UNABLE_TO_GET_WRITE_LOCK);
166	0	OPENSSL_free(ntr);
167	0	return 0;
168	0	}
169
170		/* Check that the entry doesn't exist or exists as desired */
171	0	if (ossl_obj_find_sigid_algs(signid, &dnid, &pnid, 0)) {
172	0	ret = dnid == dig_id && pnid == pkey_id;
173	0	goto err;
174	0	}
175
176	0	if (sig_app == NULL) {
177	0	sig_app = sk_nid_triple_new(sig_sk_cmp);
178	0	if (sig_app == NULL)
179	0	goto err;
180	0	}
181	0	if (sigx_app == NULL) {
182	0	sigx_app = sk_nid_triple_new(sigx_cmp);
183	0	if (sigx_app == NULL)
184	0	goto err;
185	0	}
186
187		/*
188		* Better might be to find where to insert the element and insert it there.
189		* This would avoid the sorting steps below.
190		*/
191	0	if (!sk_nid_triple_push(sig_app, ntr))
192	0	goto err;
193	0	if (!sk_nid_triple_push(sigx_app, ntr)) {
194	0	ntr = NULL; /* This is referenced by sig_app still */
195	0	goto err;
196	0	}
197
198	0	sk_nid_triple_sort(sig_app);
199	0	sk_nid_triple_sort(sigx_app);
200
201	0	ntr = NULL;
202	0	ret = 1;
203	0	err:
204	0	OPENSSL_free(ntr);
205	0	CRYPTO_THREAD_unlock(sig_lock);
206	0	return ret;
207	0	}
208
209		static void sid_free(nid_triple *tt)
210	0	{
211	0	OPENSSL_free(tt);
212	0	}
213
214		void OBJ_sigid_free(void)
215	1	{
216	1	sk_nid_triple_pop_free(sig_app, sid_free);
217	1	sk_nid_triple_free(sigx_app);
218	1	CRYPTO_THREAD_lock_free(sig_lock);
219	1	sig_app = NULL;
220	1	sigx_app = NULL;
221	1	sig_lock = NULL;
222	1	}