summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/objects (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Improve error handling in OBJ_add_object()tb2023-09-051-13/+7
| | | | | | | | | | | | | | | | | There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly. Adding an object with a NID of NID_undef basically amounts to disabling a built-in OID. It does so in an incoherent fashion and the caller can't easily tell success from failure of the operation. Arguably the result is a corrupted objects table. Let's not allow adding such an object in an attempt at keeping things slightly more coherent. Issue noted and initial diff by schwarze while writing documentation ok schwarze
* Garbage collect two commented abort()tb2023-08-171-3/+1
|
* Make the local ASN1_OBJECTs consttb2023-08-171-2/+2
| | | | ok jsing
* Remove some unnecessary else branchestb2023-08-171-7/+5
|
* Remove some parents from return statementstb2023-08-171-8/+8
|
* Use cmp instead of i for the result of a comparisontb2023-08-171-5/+5
| | | | ok jsing
* Use OBJ_cmp() instead of inlining two variantstb2023-08-171-12/+4
| | | | | | | | | | This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
* Avoid memcmp(NULL, x, 0) in OBJ_cmp()tb2023-08-171-6/+7
| | | | | | | | If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing
* Remove OBJ_add_sigid() and OBJ_sigid_free()tb2023-07-282-17/+2
| | | | | | | | Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing
* Align argument names of OBJ_add_sigid() with the other functions.tb2023-07-221-2/+2
|
* Rewrite obj_xref.ctb2023-07-224-419/+291
| | | | | | | | | | | | Instead of having two unreadable tables placed in a header generated by a janky perl script from an ugly text file, use a single table inlined in the C file. This table is used to translate between signature algorithm OIDs and pairs of OIDs of a message digest and a cipher. The table has fewer than fifty entries and isn't used in a hot path. Using binary search is overkill. Just do two linear searches, one for each translation. None of the original code remains apart from the API. ok jsing
* Neuter OBJ_add_sigid() and OBJ_sigid_free()tb2023-07-221-93/+11
| | | | | | | | | | These functions will be removed in the upcoming bump. Nothing uses them, so it won't hurt if they become noops. This allows us to garbage collect the sig_app and sigx_app stacks and make a first step towards simplifying the OBJ_bsearch_() dances. Also sprinkle some const correctness... because we can. intermediate step towards a diff that is ok jsing
* Hide symbols in objectsbeck2023-07-085-5/+37
| | | | ok tb@
* Move check_defer() and obj_cleanup_defer to evp/names.ctb2023-06-291-6/+1
| | | | | | | | | | These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
* regentb2023-06-151-1/+9
|
* Add RSA with the sha3s to obj_xref.txttb2023-06-151-0/+4
| | | | ok jsing
* regen obj_xref.htb2023-06-151-12/+14
| | | | (this and the Ed25519 addition to obj_xref.txt were ok jsing)
* Add Ed25519 to the obj_xref table.tb2023-06-151-3/+6
| | | | | Also move part of for RSA-PSS to the top since it doesn't only apply to RSA-PSS.
* Simplify OBJ_obj2txt()tb2023-05-231-7/+1
| | | | | | | | | | Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and the latter condition is implied by aobj->data. Cleaner solution for obj_dat.c r1.52 suggested by/ok jsing
* Always NUL terminate buf in OBJ_obj2txt()tb2023-05-231-1/+4
| | | | | | | | | | | OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string even on failure. This had long been the case before it was lost in a recent rewrite. If obj and obj->data are both non-NULL this is already taken care of by i2t_ASN1_OBJECT_internal(), so many callers were still safe. ok miod
* Add NIDs for truncated SHA-2, SHA-3 and related thingstb2023-04-252-7/+72
| | | | From jsing
* spelling fixes; from paul tagliamontejmc2022-12-262-4/+4
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make internal header file names consistenttb2022-11-262-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Add ED25519 aliases for NID, SN and OBJtb2022-11-131-3/+1
| | | | The Ed25519 versions already existed, but OpenSSL chose to uppercase the D.
* Stop pretending that obj_mac.h is optional.jsing2022-11-111-896/+1
| | | | | | | | This is effectively: unifdef -m -DUSE_OBJ_MAC objects/objects.h ok beck@, with extreme prejudice.
* Map objects for ED25519 to Ed25519.jsing2022-11-101-1/+7
| | | | | | | OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to provide both. ok tb@
* In case lh_OBJ_NAME_insert returns NULL due to a failed malloc, onpmbuhl2022-11-081-1/+2
| | | | | | is leaked in OBJ_NAME_add. ok tb Found by CodeChecker.
* Add OID for RPKI signedTAL objectsjob2022-09-152-0/+2
| | | | | | | | | IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@
* Add NID for signingCertificateV2kn2022-07-162-0/+2
| | | | | | https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Add NID for HKDFtb2022-05-052-0/+4
| | | | ok beck jsing
* Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()jsing2022-03-191-30/+3
| | | | | | | | | | | The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it. ok inoguchi@ tb@
* Rewrite ASN1_OBJECT content to ascii/text conversion.jsing2022-03-021-76/+5
| | | | | | | | | | Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead. ok inoguchi@ tb@
* Limit OID text conversion to 64 bits per arc.jsing2022-02-121-55/+16
| | | | | | | | | | | | | | | | The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text. While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size. Identified via oss-fuzz timeouts - should fix #41028 and #44372. ok tb@
* Make OBJ_obj2nid() work correctly with NID_undef.jsing2022-02-111-3/+3
| | | | | | | | | | Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value. Somewhat based on OpenSSL 0fb99904809. ok tb@
* Hide OBJ_bsearch_ from public visibility,tb2022-01-141-84/+4
| | | | | | | | | This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing
* Remove check_defer and obj_cleanup_defer from public visibilitytb2022-01-141-1/+3
| | | | ok inoguchi jsing
* Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb2022-01-141-3/+1
| | | | | This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
* Prepare to provide OBJ_length() and OBJ_get0_data()tb2022-01-082-2/+28
| | | | | | | | OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing
* tiny whitespace tweaktb2022-01-081-2/+2
|
* include asn1_locl.h where it will be needed for the bump.tb2022-01-072-2/+6
| | | | discussed with jsing
* Make the certificate transparency code build with the rest of the librarybeck2021-11-242-0/+10
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
* Add ASPA OIDjob2021-11-092-0/+2
| | | | | | draft-ietf-sidrops-aspa-profile OK tb@
* Add tlsfeature NIDjob2021-10-262-0/+2
| | | | OK beck@ tb@
* Add BGPSec Router (RFC 8209) Key Purpose OIDjob2021-09-112-0/+2
| | | | OK tb@
* Remove assignment of value that is never read.beck2021-09-011-2/+1
| | | | ok tb@
* Adjust libcrypto obj_xref.txt to obj_xref.hinoguchi2021-05-191-2/+2
| | | | | | | | | | | | To generate current obj_xref.h, third item of lines id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001. obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time, and these third item were coded different value each other. This adjusts obj_xref.txt to current obj_xref.h. ok tb@
* Improve libcrypto obj_xref.h generatorinoguchi2021-05-141-0/+4
| | | | | | | Modify objxref.pl to output $OpenBSD$ header and __BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS . ok and comment from tb@
* Add obj_xref for ECDH schemes in RFC 5753inoguchi2021-05-122-1/+34
| | | | | | | | | | Found missing sigoid_srt record in crypto/objects/obj_xref.h, and this causes error while executing openssl cms -encrypt with EC key/cert. Added required definitions to obj_xref.txt and obj_xref.h. Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc. ok tb@
* Add draft-ietf-sidrops-rpki-rsc OIDjob2021-05-092-0/+2
| | | | | | | | Listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-20 18:01:56 +0000