#
b203e67e |
| 14-Dec-2023 |
tb <tb@openbsd.org> |
Simplify OBJ_nid2ln()
If nid is in the range of built-in NIDs, return the corresponding long name, unless some genius left a hole. Otherwise perform a yolo check if there are any user-added objects
Simplify OBJ_nid2ln()
If nid is in the range of built-in NIDs, return the corresponding long name, unless some genius left a hole. Otherwise perform a yolo check if there are any user-added objects with matching nid in the global hash.
This changes behavior in that we now push an OBJ_R_UNKNOWN_NID error onto the stack even if there are no user-added objects.
ok jsing
show more ...
|
#
dc45ccdd |
| 13-Dec-2023 |
tb <tb@openbsd.org> |
Simplify OBJ_ln2nid()
This is s/sn/ln/g of the previous commit and eliminates another OBJ_bsearch_() user, the last one in this file. The bsearch() uses in this file are possibly the only ones that
Simplify OBJ_ln2nid()
This is s/sn/ln/g of the previous commit and eliminates another OBJ_bsearch_() user, the last one in this file. The bsearch() uses in this file are possibly the only ones that actually make sense since we're searching tables of roughly 1000 entries.
ok jsing
show more ...
|
#
63389b84 |
| 13-Dec-2023 |
tb <tb@openbsd.org> |
Simplify OBJ_sn2nid()
Another OBJ_bsearch_() elimination.
OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve an object identifier with matching "short name" from the global h
Simplify OBJ_sn2nid()
Another OBJ_bsearch_() elimination.
OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve an object identifier with matching "short name" from the global hash of added objects and then searches the table of built-in objects.
ok jsing
show more ...
|
#
f4a64515 |
| 13-Dec-2023 |
tb <tb@openbsd.org> |
Simplify OBJ_obj2nid()
Continue with OBJ_bsearch_() elimination.
OBJ_obj2nid() first checks if the object identifier passed in has a nid and if so, it returns that. Otherwise, it looks into the glo
Simplify OBJ_obj2nid()
Continue with OBJ_bsearch_() elimination.
OBJ_obj2nid() first checks if the object identifier passed in has a nid and if so, it returns that. Otherwise, it looks into the global hash of added objects (of course without locking) for a match and then returns the nid thereof. As a last attempt, it searches the table of built-in object identifiers.
The last two steps can be cleaned up and simplified quite a bit by using C99 initializers, bsearch() and an appropriate comparison function. Then it becomes obvious that bsearch() already returns a pointer to the nid we're looking for, so there is no point in converting that into its corresponding obj and returning the nid thereof.
ok jsing
show more ...
|
#
63440589 |
| 27-Nov-2023 |
tb <tb@openbsd.org> |
Remove silly parentheses
|
#
281c2125 |
| 05-Sep-2023 |
tb <tb@openbsd.org> |
Improve error handling in OBJ_add_object()
There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly.
Adding an object with a NID of NID_undef basica
Improve error handling in OBJ_add_object()
There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly.
Adding an object with a NID of NID_undef basically amounts to disabling a built-in OID. It does so in an incoherent fashion and the caller can't easily tell success from failure of the operation. Arguably the result is a corrupted objects table.
Let's not allow adding such an object in an attempt at keeping things slightly more coherent.
Issue noted and initial diff by schwarze while writing documentation
ok schwarze
show more ...
|
#
6071e9eb |
| 17-Aug-2023 |
tb <tb@openbsd.org> |
Garbage collect two commented abort()
|
#
812e19bf |
| 17-Aug-2023 |
tb <tb@openbsd.org> |
Make the local ASN1_OBJECTs const
ok jsing
|
#
b0b039de |
| 17-Aug-2023 |
tb <tb@openbsd.org> |
Remove some unnecessary else branches
|
#
a55266cc |
| 17-Aug-2023 |
tb <tb@openbsd.org> |
Remove some parents from return statements
|
#
acdf279e |
| 17-Aug-2023 |
tb <tb@openbsd.org> |
Use cmp instead of i for the result of a comparison
ok jsing
|
#
8128758f |
| 17-Aug-2023 |
tb <tb@openbsd.org> |
Use OBJ_cmp() instead of inlining two variants
This also avoids more undefined behavior with memcmp().
ok jsing
PS: Unsolicited advice for no one in particular: there is this awesome tool called g
Use OBJ_cmp() instead of inlining two variants
This also avoids more undefined behavior with memcmp().
ok jsing
PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
show more ...
|
#
1e9308c1 |
| 08-Jul-2023 |
beck <beck@openbsd.org> |
Hide symbols in objects
ok tb@
|
#
fcb77b6b |
| 23-May-2023 |
tb <tb@openbsd.org> |
Simplify OBJ_obj2txt()
Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(
Simplify OBJ_obj2txt()
Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and the latter condition is implied by aobj->data.
Cleaner solution for obj_dat.c r1.52 suggested by/ok jsing
show more ...
|
#
04bfea2a |
| 23-May-2023 |
tb <tb@openbsd.org> |
Always NUL terminate buf in OBJ_obj2txt()
OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string ev
Always NUL terminate buf in OBJ_obj2txt()
OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string even on failure. This had long been the case before it was lost in a recent rewrite. If obj and obj->data are both non-NULL this is already taken care of by i2t_ASN1_OBJECT_internal(), so many callers were still safe.
ok miod
show more ...
|
#
71743258 |
| 26-Dec-2022 |
jmc <jmc@openbsd.org> |
spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct
ok tb
|
#
c9675a23 |
| 26-Nov-2022 |
tb <tb@openbsd.org> |
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_l
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually.
discussed with jsing, no objection bcook
show more ...
|
#
cb5f613c |
| 19-Mar-2022 |
jsing <jsing@openbsd.org> |
Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()
The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then fe
Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()
The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it.
ok inoguchi@ tb@
show more ...
|
#
09967094 |
| 02-Mar-2022 |
jsing <jsing@openbsd.org> |
Rewrite ASN1_OBJECT content to ascii/text conversion.
Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calli
Rewrite ASN1_OBJECT content to ascii/text conversion.
Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead.
ok inoguchi@ tb@
show more ...
|
#
e0f0c337 |
| 12-Feb-2022 |
jsing <jsing@openbsd.org> |
Limit OID text conversion to 64 bits per arc.
The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic
Limit OID text conversion to 64 bits per arc.
The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text.
While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size.
Identified via oss-fuzz timeouts - should fix #41028 and #44372.
ok tb@
show more ...
|
#
0709e0c5 |
| 11-Feb-2022 |
jsing <jsing@openbsd.org> |
Make OBJ_obj2nid() work correctly with NID_undef.
Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uni
Make OBJ_obj2nid() work correctly with NID_undef.
Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value.
Somewhat based on OpenSSL 0fb99904809.
ok tb@
show more ...
|
#
460715d7 |
| 08-Jan-2022 |
tb <tb@openbsd.org> |
Prepare to provide OBJ_length() and OBJ_get0_data()
OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows...
ok jsing
|
#
ec30313d |
| 07-Jan-2022 |
tb <tb@openbsd.org> |
include asn1_locl.h where it will be needed for the bump.
discussed with jsing
|
#
6ed312b1 |
| 01-Sep-2021 |
beck <beck@openbsd.org> |
Remove assignment of value that is never read.
ok tb@
|
#
515e489c |
| 03-Jul-2019 |
deraadt <deraadt@openbsd.org> |
snprintf/vsnprintf return < 0 on error, rather than -1.
|