A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.5.3 2022-03-19T17:49:32+00:00 2022-03-19T17:49:32+00:00 jsing 2022-03-19T17:49:32+00:00 urn:sha1:2b63d13b51dbcbb4817452fa7523918d166ddd55 The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it. ok inoguchi@ tb@ 2022-03-02T11:28:00+00:00 jsing 2022-03-02T11:28:00+00:00 urn:sha1:82fb0381802967c4e0623e7f4bde8e684c08dbc6 Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead. ok inoguchi@ tb@ 2022-02-12T03:01:59+00:00 jsing 2022-02-12T03:01:59+00:00 urn:sha1:a562dcd988173746db99ce701ce9570ccfcbc9b8 The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text. While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size. Identified via oss-fuzz timeouts - should fix #41028 and #44372. ok tb@ 2022-02-11T16:39:16+00:00 jsing 2022-02-11T16:39:16+00:00 urn:sha1:5fce02c42e4ad8d8f3ab223ed16a8fe28d08812f Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value. Somewhat based on OpenSSL 0fb99904809. ok tb@ 2022-01-14T08:56:00+00:00 tb 2022-01-14T08:56:00+00:00 urn:sha1:0f827b239b8d7b269d7e4b1971f951e519deee9d This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing 2022-01-14T08:52:05+00:00 tb 2022-01-14T08:52:05+00:00 urn:sha1:e89d2c52c857051a753158839e37d659e0a2b77f ok inoguchi jsing 2022-01-14T07:49:49+00:00 tb 2022-01-14T07:49:49+00:00 urn:sha1:82ec18edf4e632f36b6f79c239fdb6961d421a82 This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits). 2022-01-08T21:36:39+00:00 tb 2022-01-08T21:36:39+00:00 urn:sha1:1d65cb0d3a77508bfc0bdcbc93feeea4c4cb6c2a OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing 2022-01-08T15:34:59+00:00 tb 2022-01-08T15:34:59+00:00 urn:sha1:a86a04576d7e4fd3e48b1285a0a5593180210f5e 2022-01-07T11:13:55+00:00 tb 2022-01-07T11:13:55+00:00 urn:sha1:204a46a7c8e5bf3414ba115aae9636162c92a39a discussed with jsing