Rewrite obj_xref.c

Instead of having two unreadable tables placed in a header generated by a
janky perl script from an ugly text file, use a single table inlined in
the C file. This table is used to translate between signature algorithm
OIDs and pairs of OIDs of a message digest and a cipher. The table has
fewer than fifty entries and isn't used in a hot path. Using binary search
is overkill. Just do two linear searches, one for each translation. None
of the original code remains apart from the API.

ok jsing

4 files changed, 291 insertions, 419 deletions

diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c
index ac1459c123..7cd3141d14 100644
--- a/src/lib/libcrypto/objects/obj_xref.c
+++ b/src/lib/libcrypto/objects/obj_xref.c
@@ -1,147 +1,313 @@
-/* $OpenBSD: obj_xref.c,v 1.10 2023/07/22 18:12:09 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+/*      $OpenBSD: obj_xref.c,v 1.11 2023/07/22 18:32:05 tb Exp $ */
+
+/*
+ * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <openssl/objects.h>
-#include "obj_xref.h"
 
-DECLARE_STACK_OF(nid_triple)
-
-static int
-sig_cmp(const nid_triple *a, const nid_triple *b)
-{
-        return a->sign_id - b->sign_id;
-}
+/*
+ * Map between signature nids and pairs of (hash, pkey) nids. If the hash nid
+ * is NID_undef, this indicates to ASN1_item_{sign,verify}() that the pkey's
+ * ASN.1 method needs to handle algorithm identifiers and part of the message
+ * digest.
+ */
 
-static int
-sig_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
-{
-        nid_triple const *a = a_;
-        nid_triple const *b = b_;
-        return sig_cmp(a, b);
-}
+static const struct {
+        int sign_nid;
+        int hash_nid;
+        int pkey_nid;
+} nid_triple[] = {
+        {
+                .sign_nid = NID_md2WithRSAEncryption,
+                .hash_nid = NID_md2,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_md5WithRSAEncryption,
+                .hash_nid = NID_md5,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_shaWithRSAEncryption,
+                .hash_nid = NID_sha,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha1WithRSAEncryption,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_dsaWithSHA,
+                .hash_nid = NID_sha,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_dsaWithSHA1_2,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dsa_2,
+        },
+        {
+                .sign_nid = NID_mdc2WithRSA,
+                .hash_nid = NID_mdc2,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_md5WithRSA,
+                .hash_nid = NID_md5,
+                .pkey_nid = NID_rsa,
+        },
+        {
+                .sign_nid = NID_dsaWithSHA1,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_sha1WithRSA,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_rsa,
+        },
+        {
+                .sign_nid = NID_ripemd160WithRSA,
+                .hash_nid = NID_ripemd160,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_md4WithRSAEncryption,
+                .hash_nid = NID_md4,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA1,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_sha256WithRSAEncryption,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha384WithRSAEncryption,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha512WithRSAEncryption,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha224WithRSAEncryption,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_Recommended,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_Specified,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA224,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA256,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA384,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA512,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_dsa_with_SHA224,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_dsa_with_SHA256,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_2001,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_2001,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_94,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_94,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_94_cc,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_94_cc,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_2001_cc,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_2001_cc,
+        },
+        {
+                .sign_nid = NID_rsassaPss,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_256,
+                .hash_nid = NID_id_tc26_gost3411_2012_256,
+                .pkey_nid = NID_id_GostR3410_2001,
+        },
+        {
+                .sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_512,
+                .hash_nid = NID_id_tc26_gost3411_2012_512,
+                .pkey_nid = NID_id_GostR3410_2001,
+        },
+        {
+                .sign_nid = NID_Ed25519,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_Ed25519,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha1kdf_scheme,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha224kdf_scheme,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha256kdf_scheme,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha384kdf_scheme,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha512kdf_scheme,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha1kdf_scheme,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha224kdf_scheme,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha256kdf_scheme,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha384kdf_scheme,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha512kdf_scheme,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_224,
+                .hash_nid = NID_sha3_224,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_256,
+                .hash_nid = NID_sha3_256,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_384,
+                .hash_nid = NID_sha3_384,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_512,
+                .hash_nid = NID_sha3_512,
+                .pkey_nid = NID_rsaEncryption,
+        },
+};
 
-static const nid_triple *
-OBJ_bsearch_sig(nid_triple *key, nid_triple const *base, int num)
-{
-        return OBJ_bsearch_(key, base, num, sizeof(nid_triple),
-            sig_cmp_BSEARCH_CMP_FN);
-}
+#define N_NID_TRIPLES (sizeof(nid_triple) / sizeof(nid_triple[0]))
 
-static int
-sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
+int
+OBJ_find_sigid_algs(int sign_nid, int *hash_nid, int *pkey_nid)
 {
-        int ret;
+        size_t i;
 
-        ret = (*a)->hash_id - (*b)->hash_id;
-        if (ret)
-                return ret;
-        return (*a)->pkey_id - (*b)->pkey_id;
-}
+        for (i = 0; i < N_NID_TRIPLES; i++) {
+                if (sign_nid != nid_triple[i].sign_nid)
+                        continue;
 
-static int
-sigx_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
-{
-        const nid_triple * const *a = a_;
-        const nid_triple * const *b = b_;
-        return sigx_cmp(a, b);
-}
+                if (hash_nid != NULL)
+                        *hash_nid = nid_triple[i].hash_nid;
+                if (pkey_nid != NULL)
+                        *pkey_nid = nid_triple[i].pkey_nid;
 
-static const nid_triple * const*
-OBJ_bsearch_sigx(const nid_triple * *key, const nid_triple * const *base, int num)
-{
-        return OBJ_bsearch_(key, base, num, sizeof(const nid_triple *),
-            sigx_cmp_BSEARCH_CMP_FN);
-}
+                return 1;
+        }
 
-int
-OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
-{
-        nid_triple tmp;
-        const nid_triple *rv = NULL;
-        tmp.sign_id = signid;
-
-        if ((rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
-            sizeof(sigoid_srt) / sizeof(nid_triple))) == NULL)
-                return 0;
-        if (pdig_nid)
-                *pdig_nid = rv->hash_id;
-        if (ppkey_nid)
-                *ppkey_nid = rv->pkey_id;
-        return 1;
+        return 0;
 }
 LCRYPTO_ALIAS(OBJ_find_sigid_algs);
 
 int
-OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+OBJ_find_sigid_by_algs(int *sign_nid, int hash_nid, int pkey_nid)
 {
-        nid_triple tmp;
-        const nid_triple *t = &tmp;
-        const nid_triple *const *rv;
-
-        tmp.hash_id = dig_nid;
-        tmp.pkey_id = pkey_nid;
-
-        if ((rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,
-            sizeof(sigoid_srt_xref) / sizeof(nid_triple *))) == NULL)
-                return 0;
-        if (psignid)
-                *psignid = (*rv)->sign_id;
-        return 1;
+        size_t i;
+
+        for (i = 0; i < N_NID_TRIPLES; i++) {
+                if (hash_nid != nid_triple[i].hash_nid)
+                        continue;
+                if (pkey_nid != nid_triple[i].pkey_nid)
+                        continue;
+
+                if (sign_nid != NULL)
+                        *sign_nid = nid_triple[i].sign_nid;
+
+                return 1;
+        }
+
+        return 0;
 }
 LCRYPTO_ALIAS(OBJ_find_sigid_by_algs);
 
diff --git a/src/lib/libcrypto/objects/obj_xref.h b/src/lib/libcrypto/objects/obj_xref.h
deleted file mode 100644
index bff8c68573..0000000000
--- a/src/lib/libcrypto/objects/obj_xref.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/* $OpenBSD: obj_xref.h,v 1.7 2023/06/15 17:58:27 tb Exp $ */
-/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
-
-__BEGIN_HIDDEN_DECLS
-
-typedef struct
-        {
-        int sign_id;
-        int hash_id;
-        int pkey_id;
-        } nid_triple;
-
-static const nid_triple sigoid_srt[] =
-        {
-        {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
-        {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
-        {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
-        {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
-        {NID_dsaWithSHA, NID_sha, NID_dsa},
-        {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
-        {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
-        {NID_md5WithRSA, NID_md5, NID_rsa},
-        {NID_dsaWithSHA1, NID_sha1, NID_dsa},
-        {NID_sha1WithRSA, NID_sha1, NID_rsa},
-        {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
-        {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
-        {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
-        {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
-        {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
-        {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
-        {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
-        {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
-        {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
-        {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
-        {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
-        {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
-        {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
-        {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
-        {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
-        {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
-        {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
-        {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
-        {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
-        {NID_rsassaPss, NID_undef, NID_rsaEncryption},
-        {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001},
-        {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001},
-        {NID_Ed25519, NID_undef, NID_Ed25519},
-        {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
-        {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
-        {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
-        {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf},
-        {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf},
-        {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf},
-        {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf},
-        {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf},
-        {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf},
-        {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf},
-        {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption},
-        {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption},
-        {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption},
-        {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
-        };
-
-static const nid_triple * const sigoid_srt_xref[] =
-        {
-        &sigoid_srt[29],
-        &sigoid_srt[18],
-        &sigoid_srt[17],
-        &sigoid_srt[32],
-        &sigoid_srt[0],
-        &sigoid_srt[1],
-        &sigoid_srt[7],
-        &sigoid_srt[2],
-        &sigoid_srt[4],
-        &sigoid_srt[3],
-        &sigoid_srt[9],
-        &sigoid_srt[5],
-        &sigoid_srt[8],
-        &sigoid_srt[12],
-        &sigoid_srt[33],
-        &sigoid_srt[38],
-        &sigoid_srt[6],
-        &sigoid_srt[10],
-        &sigoid_srt[11],
-        &sigoid_srt[13],
-        &sigoid_srt[24],
-        &sigoid_srt[20],
-        &sigoid_srt[35],
-        &sigoid_srt[40],
-        &sigoid_srt[14],
-        &sigoid_srt[21],
-        &sigoid_srt[36],
-        &sigoid_srt[41],
-        &sigoid_srt[15],
-        &sigoid_srt[22],
-        &sigoid_srt[37],
-        &sigoid_srt[42],
-        &sigoid_srt[16],
-        &sigoid_srt[23],
-        &sigoid_srt[19],
-        &sigoid_srt[34],
-        &sigoid_srt[39],
-        &sigoid_srt[25],
-        &sigoid_srt[26],
-        &sigoid_srt[27],
-        &sigoid_srt[28],
-        &sigoid_srt[30],
-        &sigoid_srt[31],
-        &sigoid_srt[43],
-        &sigoid_srt[44],
-        &sigoid_srt[45],
-        &sigoid_srt[46],
-        };
-
-__END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/objects/obj_xref.txt b/src/lib/libcrypto/objects/obj_xref.txt
deleted file mode 100644
index 712b21a08e..0000000000
--- a/src/lib/libcrypto/objects/obj_xref.txt
+++ /dev/null
@@ -1,68 +0,0 @@
-# OID cross reference table.
-# Links signatures OIDs to their corresponding public key algorithms
-# and digests. The digest "undef" indicates the public key's ASN.1
-# method should handle AlgorithmIdentifiers and (at least part of) the
-# message digest explicitly.
-
-md2WithRSAEncryption    md2     rsaEncryption
-md5WithRSAEncryption    md5     rsaEncryption
-shaWithRSAEncryption    sha     rsaEncryption
-sha1WithRSAEncryption   sha1    rsaEncryption
-md4WithRSAEncryption    md4     rsaEncryption
-sha256WithRSAEncryption sha256  rsaEncryption
-sha384WithRSAEncryption sha384  rsaEncryption
-sha512WithRSAEncryption sha512  rsaEncryption
-sha224WithRSAEncryption sha224  rsaEncryption
-mdc2WithRSA             mdc2    rsaEncryption
-ripemd160WithRSA        ripemd160 rsaEncryption
-RSA_SHA3_224            sha3_224 rsaEncryption
-RSA_SHA3_256            sha3_256 rsaEncryption
-RSA_SHA3_384            sha3_384 rsaEncryption
-RSA_SHA3_512            sha3_512 rsaEncryption
-# For PSS the digest algorithm can vary and depends on the included
-# AlgorithmIdentifier.
-rsassaPss               undef   rsaEncryption
-
-Ed25519                 undef   Ed25519
-
-# Alternative deprecated OIDs. By using the older "rsa" OID this
-# type will be recognized by not normally used.
-
-md5WithRSA              md5     rsa
-sha1WithRSA             sha1    rsa
-
-dsaWithSHA              sha     dsa
-dsaWithSHA1             sha1    dsa
-
-dsaWithSHA1_2           sha1    dsa_2
-
-ecdsa_with_SHA1         sha1    X9_62_id_ecPublicKey
-ecdsa_with_SHA224       sha224  X9_62_id_ecPublicKey
-ecdsa_with_SHA256       sha256  X9_62_id_ecPublicKey
-ecdsa_with_SHA384       sha384  X9_62_id_ecPublicKey
-ecdsa_with_SHA512       sha512  X9_62_id_ecPublicKey
-ecdsa_with_Recommended  undef   X9_62_id_ecPublicKey
-ecdsa_with_Specified    undef   X9_62_id_ecPublicKey
-
-dsa_with_SHA224         sha224  dsa
-dsa_with_SHA256         sha256  dsa
-
-id_GostR3411_94_with_GostR3410_2001     id_GostR3411_94 id_GostR3410_2001
-id_GostR3411_94_with_GostR3410_94       id_GostR3411_94 id_GostR3410_94
-id_GostR3411_94_with_GostR3410_94_cc    id_GostR3411_94 id_GostR3410_94_cc
-id_GostR3411_94_with_GostR3410_2001_cc  id_GostR3411_94 id_GostR3410_2001_cc
-id_tc26_signwithdigest_gost3410_2012_256        id_tc26_gost3411_2012_256 id_GostR3410_2001
-id_tc26_signwithdigest_gost3410_2012_512        id_tc26_gost3411_2012_512 id_GostR3410_2001
-
-# ECDH KDFs and their corresponding message digests and schemes
-dhSinglePass_stdDH_sha1kdf_scheme               sha1    dh_std_kdf
-dhSinglePass_stdDH_sha224kdf_scheme             sha224  dh_std_kdf
-dhSinglePass_stdDH_sha256kdf_scheme             sha256  dh_std_kdf
-dhSinglePass_stdDH_sha384kdf_scheme             sha384  dh_std_kdf
-dhSinglePass_stdDH_sha512kdf_scheme             sha512  dh_std_kdf
-
-dhSinglePass_cofactorDH_sha1kdf_scheme          sha1    dh_cofactor_kdf
-dhSinglePass_cofactorDH_sha224kdf_scheme        sha224  dh_cofactor_kdf
-dhSinglePass_cofactorDH_sha256kdf_scheme        sha256  dh_cofactor_kdf
-dhSinglePass_cofactorDH_sha384kdf_scheme        sha384  dh_cofactor_kdf
-dhSinglePass_cofactorDH_sha512kdf_scheme        sha512  dh_cofactor_kdf
diff --git a/src/lib/libcrypto/objects/objxref.pl b/src/lib/libcrypto/objects/objxref.pl
deleted file mode 100644
index 8873c91ad9..0000000000
--- a/src/lib/libcrypto/objects/objxref.pl
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/usr/local/bin/perl
-
-use strict;
-
-my %xref_tbl;
-my %oid_tbl;
-
-my ($mac_file, $xref_file) = @ARGV;
-
-open(IN, $mac_file) || die "Can't open $mac_file";
-
-# Read in OID nid values for a lookup table.
-
-while (<IN>)
-        {
-        chomp;
-        my ($name, $num) = /^(\S+)\s+(\S+)$/;
-        $oid_tbl{$name} = $num;
-        }
-close IN;
-
-open(IN, $xref_file) || die "Can't open $xref_file";
-
-my $ln = 1;
-
-while (<IN>)
-        {
-        chomp;
-        s/#.*$//;
-        next if (/^\S*$/);
-        my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
-        check_oid($xr);
-        check_oid($p1);
-        check_oid($p2);
-        $xref_tbl{$xr} = [$p1, $p2, $ln];
-        }
-
-my @xrkeys = keys %xref_tbl;
-
-my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
-
-for(my $i = 0; $i <= $#srt1; $i++)
-        {
-        $xref_tbl{$srt1[$i]}[2] = $i;
-        }
-
-my @srt2 = sort
-        {
-        my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
-        my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
-        return $ap1 - $bp1 if ($ap1 != $bp1);
-        my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
-        my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
-
-        return $ap2 - $bp2;
-        } @xrkeys;
-
-my $pname = $0;
-
-$pname =~ s|^.[^/]/||;
-
-print <<EOF;
-/* \$OpenBSD\$ */
-/* AUTOGENERATED BY $pname, DO NOT EDIT */
-
-__BEGIN_HIDDEN_DECLS
-
-typedef struct
-        {
-        int sign_id;
-        int hash_id;
-        int pkey_id;
-        } nid_triple;
-
-static const nid_triple sigoid_srt[] =
-        {
-EOF
-
-foreach (@srt1)
-        {
-        my $xr = $_;
-        my ($p1, $p2) = @{$xref_tbl{$_}};
-        print "\t{NID_$xr, NID_$p1, NID_$p2},\n";
-        }
-
-print "\t};";
-print <<EOF;
-
-
-static const nid_triple * const sigoid_srt_xref[] =
-        {
-EOF
-
-foreach (@srt2)
-        {
-        my $x = $xref_tbl{$_}[2];
-        print "\t\&sigoid_srt\[$x\],\n";
-        }
-
-print "\t};\n\n";
-print "__END_HIDDEN_DECLS\n";
-
-sub check_oid
-        {
-        my ($chk) = @_;
-        if (!exists $oid_tbl{$chk})
-                {
-                die "Not Found \"$chk\"\n";
-                }
-        }
-