Simplify OBJ_nid2ln()

If nid is in the range of built-in NIDs, return the corresponding
long name, unless some genius left a hole. Otherwise perform a yolo
check if there are any user-added objects

Simplify OBJ_nid2ln()

If nid is in the range of built-in NIDs, return the corresponding
long name, unless some genius left a hole. Otherwise perform a yolo
check if there are any user-added objects with matching nid in the
global hash.

This changes behavior in that we now push an OBJ_R_UNKNOWN_NID error
onto the stack even if there are no user-added objects.

ok jsing

show more ...

Simplify OBJ_ln2nid()

This is s/sn/ln/g of the previous commit and eliminates another
OBJ_bsearch_() user, the last one in this file. The bsearch() uses
in this file are possibly the only ones that

Simplify OBJ_ln2nid()

This is s/sn/ln/g of the previous commit and eliminates another
OBJ_bsearch_() user, the last one in this file. The bsearch() uses
in this file are possibly the only ones that actually make sense
since we're searching tables of roughly 1000 entries.

ok jsing

show more ...

Simplify OBJ_sn2nid()

Another OBJ_bsearch_() elimination.

OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve
an object identifier with matching "short name" from the global h

Simplify OBJ_sn2nid()

Another OBJ_bsearch_() elimination.

OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve
an object identifier with matching "short name" from the global hash of
added objects and then searches the table of built-in objects.

ok jsing

show more ...

Simplify OBJ_obj2nid()

Continue with OBJ_bsearch_() elimination.

OBJ_obj2nid() first checks if the object identifier passed in has a nid
and if so, it returns that. Otherwise, it looks into the glo

Simplify OBJ_obj2nid()

Continue with OBJ_bsearch_() elimination.

OBJ_obj2nid() first checks if the object identifier passed in has a nid
and if so, it returns that. Otherwise, it looks into the global hash of
added objects (of course without locking) for a match and then returns
the nid thereof. As a last attempt, it searches the table of built-in
object identifiers.

The last two steps can be cleaned up and simplified quite a bit by using
C99 initializers, bsearch() and an appropriate comparison function. Then
it becomes obvious that bsearch() already returns a pointer to the nid
we're looking for, so there is no point in converting that into its
corresponding obj and returning the nid thereof.

ok jsing

show more ...

Remove silly parentheses

Improve error handling in OBJ_add_object()

There is no need for a helper function to obfuscate lh_ADDED_OBJ_new().
Just call the real thing directly.

Adding an object with a NID of NID_undef basica

Improve error handling in OBJ_add_object()

There is no need for a helper function to obfuscate lh_ADDED_OBJ_new().
Just call the real thing directly.

Adding an object with a NID of NID_undef basically amounts to disabling
a built-in OID. It does so in an incoherent fashion and the caller can't
easily tell success from failure of the operation. Arguably the result is
a corrupted objects table.

Let's not allow adding such an object in an attempt at keeping things
slightly more coherent.

Issue noted and initial diff by schwarze while writing documentation

ok schwarze

show more ...

Garbage collect two commented abort()

Make the local ASN1_OBJECTs const

ok jsing

Remove some unnecessary else branches

Remove some parents from return statements

Use cmp instead of i for the result of a comparison

ok jsing

Use OBJ_cmp() instead of inlining two variants

This also avoids more undefined behavior with memcmp().

ok jsing

PS: Unsolicited advice for no one in particular: there is this awesome tool
called g

Use OBJ_cmp() instead of inlining two variants

This also avoids more undefined behavior with memcmp().

ok jsing

PS: Unsolicited advice for no one in particular: there is this awesome tool
called grep. If someone reports an issue, you might want to use it to find
more instances.

show more ...

Hide symbols in objects

ok tb@

Simplify OBJ_obj2txt()

Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL
or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other
caller, i2t_ASN1_OBJECT(

Simplify OBJ_obj2txt()

Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL
or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other
caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and
the latter condition is implied by aobj->data.

Cleaner solution for obj_dat.c r1.52
suggested by/ok jsing

show more ...

Always NUL terminate buf in OBJ_obj2txt()

OBJ_obj2txt() is often called without error checking and is used for
reporting unexpected or malformed objects. As such, we should ensure
buf is a string ev

Always NUL terminate buf in OBJ_obj2txt()

OBJ_obj2txt() is often called without error checking and is used for
reporting unexpected or malformed objects. As such, we should ensure
buf is a string even on failure. This had long been the case before it
was lost in a recent rewrite. If obj and obj->data are both non-NULL
this is already taken care of by i2t_ASN1_OBJECT_internal(), so many
callers were still safe.

ok miod

show more ...

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()

The current OBJ_txt2obj() implementation converts the text to ASN.1
object content octets, builds a full DER encoding from it, then fe

Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()

The current OBJ_txt2obj() implementation converts the text to ASN.1
object content octets, builds a full DER encoding from it, then feeds
the entire thing back through the DER to ASN.1 object conversion. Rather
than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function
that converts the text to ASN.1 object content octets, then creates a new
ASN1_OBJECT and attaches the content octets to it.

ok inoguchi@ tb@

show more ...

Rewrite ASN1_OBJECT content to ascii/text conversion.

Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and
CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calli

Rewrite ASN1_OBJECT content to ascii/text conversion.

Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and
CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling
OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls
back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion
code into asn1/a_object.c and have OBJ_txt2obj() call that instead.

ok inoguchi@ tb@

show more ...

Limit OID text conversion to 64 bits per arc.

The current implementation uses an unsigned long, then switches to BN once
the arc exceeds its size. However, the complexity of BN_bn2dec() is
quadratic

Limit OID text conversion to 64 bits per arc.

The current implementation uses an unsigned long, then switches to BN once
the arc exceeds its size. However, the complexity of BN_bn2dec() is
quadratic in the length of number being converted. This means that OIDs
with excessively large arcs take a lot of computation to convert to text.

While the X.660 specification states that arcs are unbounded, in reality
they are not overly large numbers - 640K^W64 bits ought to be enough for
any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail
if an arc exceeds this size.

Identified via oss-fuzz timeouts - should fix #41028 and #44372.

ok tb@

show more ...

Make OBJ_obj2nid() work correctly with NID_undef.

Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to
doing a lookup on an empty value and having NID_undef conflict with an
uni

Make OBJ_obj2nid() work correctly with NID_undef.

Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to
doing a lookup on an empty value and having NID_undef conflict with an
uninitialised NID value.

Somewhat based on OpenSSL 0fb99904809.

ok tb@

show more ...

Prepare to provide OBJ_length() and OBJ_get0_data()

OBJ_length() turns the int obj->length into a size_t, so add
an overflow check. While obj->length should never be negative,
who knows...

ok jsing

include asn1_locl.h where it will be needed for the bump.

discussed with jsing

Remove assignment of value that is never read.

ok tb@

snprintf/vsnprintf return < 0 on error, rather than -1.