summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/objects (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Garbage collect two commented abort()tb2023-08-171-3/+1
|
* Make the local ASN1_OBJECTs consttb2023-08-171-2/+2
| | | | ok jsing
* Remove some unnecessary else branchestb2023-08-171-7/+5
|
* Remove some parents from return statementstb2023-08-171-8/+8
|
* Use cmp instead of i for the result of a comparisontb2023-08-171-5/+5
| | | | ok jsing
* Use OBJ_cmp() instead of inlining two variantstb2023-08-171-12/+4
| | | | | | | | | | This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
* Avoid memcmp(NULL, x, 0) in OBJ_cmp()tb2023-08-171-6/+7
| | | | | | | | If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing
* Remove OBJ_add_sigid() and OBJ_sigid_free()tb2023-07-282-17/+2
| | | | | | | | Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing
* Align argument names of OBJ_add_sigid() with the other functions.tb2023-07-221-2/+2
|
* Rewrite obj_xref.ctb2023-07-224-419/+291
| | | | | | | | | | | | Instead of having two unreadable tables placed in a header generated by a janky perl script from an ugly text file, use a single table inlined in the C file. This table is used to translate between signature algorithm OIDs and pairs of OIDs of a message digest and a cipher. The table has fewer than fifty entries and isn't used in a hot path. Using binary search is overkill. Just do two linear searches, one for each translation. None of the original code remains apart from the API. ok jsing
* Neuter OBJ_add_sigid() and OBJ_sigid_free()tb2023-07-221-93/+11
| | | | | | | | | | These functions will be removed in the upcoming bump. Nothing uses them, so it won't hurt if they become noops. This allows us to garbage collect the sig_app and sigx_app stacks and make a first step towards simplifying the OBJ_bsearch_() dances. Also sprinkle some const correctness... because we can. intermediate step towards a diff that is ok jsing
* Hide symbols in objectsbeck2023-07-085-5/+37
| | | | ok tb@
* Move check_defer() and obj_cleanup_defer to evp/names.ctb2023-06-291-6/+1
| | | | | | | | | | These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
* regentb2023-06-151-1/+9
|
* Add RSA with the sha3s to obj_xref.txttb2023-06-151-0/+4
| | | | ok jsing
* regen obj_xref.htb2023-06-151-12/+14
| | | | (this and the Ed25519 addition to obj_xref.txt were ok jsing)
* Add Ed25519 to the obj_xref table.tb2023-06-151-3/+6
| | | | | Also move part of for RSA-PSS to the top since it doesn't only apply to RSA-PSS.
* Simplify OBJ_obj2txt()tb2023-05-231-7/+1
| | | | | | | | | | Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and the latter condition is implied by aobj->data. Cleaner solution for obj_dat.c r1.52 suggested by/ok jsing
* Always NUL terminate buf in OBJ_obj2txt()tb2023-05-231-1/+4
| | | | | | | | | | | OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string even on failure. This had long been the case before it was lost in a recent rewrite. If obj and obj->data are both non-NULL this is already taken care of by i2t_ASN1_OBJECT_internal(), so many callers were still safe. ok miod
* Add NIDs for truncated SHA-2, SHA-3 and related thingstb2023-04-252-7/+72
| | | | From jsing
* spelling fixes; from paul tagliamontejmc2022-12-262-4/+4
| | | | | | | i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
* Make internal header file names consistenttb2022-11-262-4/+4
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Add ED25519 aliases for NID, SN and OBJtb2022-11-131-3/+1
| | | | The Ed25519 versions already existed, but OpenSSL chose to uppercase the D.
* Stop pretending that obj_mac.h is optional.jsing2022-11-111-896/+1
| | | | | | | | This is effectively: unifdef -m -DUSE_OBJ_MAC objects/objects.h ok beck@, with extreme prejudice.
* Map objects for ED25519 to Ed25519.jsing2022-11-101-1/+7
| | | | | | | OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to provide both. ok tb@
* In case lh_OBJ_NAME_insert returns NULL due to a failed malloc, onpmbuhl2022-11-081-1/+2
| | | | | | is leaked in OBJ_NAME_add. ok tb Found by CodeChecker.
* Add OID for RPKI signedTAL objectsjob2022-09-152-0/+2
| | | | | | | | | IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@
* Add NID for signingCertificateV2kn2022-07-162-0/+2
| | | | | | https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
* Remove mkerr.pl remnants from LibreSSLkn2022-07-122-12/+2
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Add NID for HKDFtb2022-05-052-0/+4
| | | | ok beck jsing
* Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()jsing2022-03-191-30/+3
| | | | | | | | | | | The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it. ok inoguchi@ tb@
* Rewrite ASN1_OBJECT content to ascii/text conversion.jsing2022-03-021-76/+5
| | | | | | | | | | Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead. ok inoguchi@ tb@
* Limit OID text conversion to 64 bits per arc.jsing2022-02-121-55/+16
| | | | | | | | | | | | | | | | The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text. While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size. Identified via oss-fuzz timeouts - should fix #41028 and #44372. ok tb@
* Make OBJ_obj2nid() work correctly with NID_undef.jsing2022-02-111-3/+3
| | | | | | | | | | Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value. Somewhat based on OpenSSL 0fb99904809. ok tb@
* Hide OBJ_bsearch_ from public visibility,tb2022-01-141-84/+4
| | | | | | | | | This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing
* Remove check_defer and obj_cleanup_defer from public visibilitytb2022-01-141-1/+3
| | | | ok inoguchi jsing
* Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_APItb2022-01-141-3/+1
| | | | | This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
* Prepare to provide OBJ_length() and OBJ_get0_data()tb2022-01-082-2/+28
| | | | | | | | OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing
* tiny whitespace tweaktb2022-01-081-2/+2
|
* include asn1_locl.h where it will be needed for the bump.tb2022-01-072-2/+6
| | | | discussed with jsing
* Make the certificate transparency code build with the rest of the librarybeck2021-11-242-0/+10
| | | | | | Do not expose it yet, this will wait for an upcoming bump ok tb@
* Add ASPA OIDjob2021-11-092-0/+2
| | | | | | draft-ietf-sidrops-aspa-profile OK tb@
* Add tlsfeature NIDjob2021-10-262-0/+2
| | | | OK beck@ tb@
* Add BGPSec Router (RFC 8209) Key Purpose OIDjob2021-09-112-0/+2
| | | | OK tb@
* Remove assignment of value that is never read.beck2021-09-011-2/+1
| | | | ok tb@
* Adjust libcrypto obj_xref.txt to obj_xref.hinoguchi2021-05-191-2/+2
| | | | | | | | | | | | To generate current obj_xref.h, third item of lines id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001. obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time, and these third item were coded different value each other. This adjusts obj_xref.txt to current obj_xref.h. ok tb@
* Improve libcrypto obj_xref.h generatorinoguchi2021-05-141-0/+4
| | | | | | | Modify objxref.pl to output $OpenBSD$ header and __BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS . ok and comment from tb@
* Add obj_xref for ECDH schemes in RFC 5753inoguchi2021-05-122-1/+34
| | | | | | | | | | Found missing sigoid_srt record in crypto/objects/obj_xref.h, and this causes error while executing openssl cms -encrypt with EC key/cert. Added required definitions to obj_xref.txt and obj_xref.h. Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc. ok tb@
* Add draft-ietf-sidrops-rpki-rsc OIDjob2021-05-092-0/+2
| | | | | | | | Listed under 'SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)' https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
* Add OID for draft-ietf-opsawg-finding-geofeedsjob2021-02-032-0/+2
| | | | | | | | | https://tools.ietf.org/html/draft-ietf-opsawg-finding-geofeeds describes a mechanism to authenticate RFC 8805 Geofeed data files through the RPKI. OpenSSL counterpart https://github.com/openssl/openssl/pull/14050 OK tb@ jsing@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 15:04:23 +0000