make ASN1_OBJECT opaque

Reviewed-by: Matt Caswell <matt@openssl.org>
2024-12-05 07:54:47 +08:00 · 2015-03-15 16:26:04 +00:00 · 2015-03-15 16:26:04 +00:00 · 2e43027757
commit 2e43027757
parent 7b68c30da0
12 changed files with 56 additions and 20 deletions
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/bn.h>
+#include "internal/asn1_int.h"

 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 {
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@ -194,22 +194,6 @@ typedef struct asn1_const_ctx_st {
    int line;                   /* used in error processing */
 } ASN1_const_CTX;

-/*
- * These are used internally in the ASN1_OBJECT to keep track of whether the
- * names and data need to be free()ed
- */
-# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
-# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
-# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
-# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
-struct asn1_object_st {
-    const char *sn, *ln;
-    int nid;
-    int length;
-    const unsigned char *data;  /* data remains const after init */
-    int flags;                  /* Should we free this one */
-};
-
 # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
 /*
 * This indicates that the ASN1_STRING is not a real value but just a place
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@ -64,6 +64,7 @@
 #include <openssl/conf.h>
 #include <openssl/dso.h>
 #include <openssl/x509.h>
+#include "internal/asn1_int.h"

 /* Simple ASN1 OID module: add all objects in a given section */

--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#include "internal/asn1_int.h"

 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
                                 const ASN1_ITEM *it, int tag, int aclass);
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@ -176,7 +176,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
    default:
        /* Check it has an OID and it is valid */
        otmp = OBJ_nid2obj(nid);
-        if (!otmp || !otmp->data)
+        if (OBJ_get0_data(otmp) == NULL)
            nid = NID_undef;
        ASN1_OBJECT_free(otmp);
        return nid;
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@ -103,3 +103,19 @@ struct evp_pkey_asn1_method_st {
                      X509_ALGOR *alg1, X509_ALGOR *alg2,
                      ASN1_BIT_STRING *sig);
 } /* EVP_PKEY_ASN1_METHOD */ ;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@ -64,6 +64,7 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/bn.h>
+#include "internal/asn1_int.h"

 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #include "obj_dat.h"
@ -781,3 +782,17 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
    OPENSSL_free(buf);
    return (ok);
 }
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return 0;
+    return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return NULL;
+    return obj->data;
+}
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@ -61,6 +61,7 @@
 #include <openssl/lhash.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "internal/asn1_int.h"

 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 {
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@ -1107,6 +1107,9 @@ int OBJ_create(const char *oid, const char *sn, const char *ln);
 void OBJ_cleanup(void);
 int OBJ_create_objects(BIO *in);

+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
 int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@ -95,7 +95,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
            RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
            return (0);
        }
-        if (sig.algor->algorithm->length == 0) {
+        if (OBJ_length(sig.algor->algorithm) == 0) {
            RSAerr(RSA_F_RSA_SIGN,
                   RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
            return (0);
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@ -29,6 +29,9 @@ functions
 int OBJ_create(const char *oid,const char *sn,const char *ln);
 void OBJ_cleanup(void);

+ size_t OBJ_length(const ASN1_OBJECT *obj);
+ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
 =head1 DESCRIPTION

 The ASN1 object utility functions process ASN1_OBJECT structures which are
@ -70,6 +73,11 @@ OBJ_cleanup() cleans up OpenSSLs internal object table: this should
 be called before an application exits if any new objects were added
 using OBJ_create().

+OBJ_length() returns the size of the content octets of B<obj>.
+
+OBJ_get0_data() returns a pointer to the content octets of B<obj>.
+The returned pointer is an internal pointer which B<must not> be freed.
+
 =head1 NOTES

 Objects in OpenSSL can have a short name, a long name and a numerical
@ -96,6 +104,12 @@ Objects do not need to be in the internal tables to be processed,
 the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
 form of an OID.

+Some objects are used to reprsent algorithms which do not have a
+corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently
+exists for a particular algorithm). As a result they B<cannot> be encoded or
+decoded as part of ASN.1 structures. Applications can determine if there
+is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
+
 =head1 EXAMPLES

 Create an object for B<commonName>:
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@ -641,7 +641,7 @@ static int cca_rsa_verify(int type, const unsigned char *m,
            return 0;
        }

-        if (!algorithm.algorithm->length) {
+        if (!OBJ_length(algorithm.algorithm)) {
            CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
                       CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
            return 0;
@ -754,7 +754,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
            return 0;
        }

-        if (!algorithm.algorithm->length) {
+        if (!OBJ_length(algorithm.algorithm)) {
            CCA4758err(CCA4758_F_CCA_RSA_SIGN,
                       CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
            return 0;