A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.6.0 2022-09-15T08:20:34+00:00 2022-09-15T08:20:34+00:00 job 2022-09-15T08:20:34+00:00 urn:sha1:5e986ba9f9b316020df4d510e27b6b7d1a19effe IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@ 2022-07-16T17:30:33+00:00 kn 2022-07-16T17:30:33+00:00 urn:sha1:b06e85f2d9817f2e6e0ae80132f1718c07eff7cd https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb 2022-07-12T14:42:50+00:00 kn 2022-07-12T14:42:50+00:00 urn:sha1:89e42d5857196a8071fbafb5565388d0e20ec32b This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb 2022-05-05T07:45:57+00:00 tb 2022-05-05T07:45:57+00:00 urn:sha1:a81b07d91dc7420deb58c64b599ae7935ff27658 ok beck jsing 2022-03-19T17:49:32+00:00 jsing 2022-03-19T17:49:32+00:00 urn:sha1:2b63d13b51dbcbb4817452fa7523918d166ddd55 The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it. ok inoguchi@ tb@ 2022-03-02T11:28:00+00:00 jsing 2022-03-02T11:28:00+00:00 urn:sha1:82fb0381802967c4e0623e7f4bde8e684c08dbc6 Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead. ok inoguchi@ tb@ 2022-02-12T03:01:59+00:00 jsing 2022-02-12T03:01:59+00:00 urn:sha1:a562dcd988173746db99ce701ce9570ccfcbc9b8 The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text. While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size. Identified via oss-fuzz timeouts - should fix #41028 and #44372. ok tb@ 2022-02-11T16:39:16+00:00 jsing 2022-02-11T16:39:16+00:00 urn:sha1:5fce02c42e4ad8d8f3ab223ed16a8fe28d08812f Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value. Somewhat based on OpenSSL 0fb99904809. ok tb@ 2022-01-14T08:56:00+00:00 tb 2022-01-14T08:56:00+00:00 urn:sha1:0f827b239b8d7b269d7e4b1971f951e519deee9d This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing 2022-01-14T08:52:05+00:00 tb 2022-01-14T08:52:05+00:00 urn:sha1:e89d2c52c857051a753158839e37d659e0a2b77f ok inoguchi jsing