IABSD.fr/src/lib/libcrypto/objects

Branch :


Log

Author Commit Date CI Message
4d5c6b99 2025-05-20 07:47:43 Fix previous - names use underscores and not hyphens.
c46aa735 2025-05-20 05:42:40 Add ML-KEM768 Hybrid Kems to obj_mac.num ok tb@, joshua@
95a83615 2025-05-20 05:41:47 Add ML-KEM768 Hybrid Kems to objects.txt ok tb@, joshua@
27854fe4 2025-05-10 05:54:38 Use err_local.h rather than err.h in most places ok jsing
14166274 2025-02-26 10:48:25 obj_dat: remove parens from return
a429d9dd 2025-02-26 09:52:55 obj_dat: don't shift a->length into the sign bit For an OID of excessive length >= 2^12, a->length << 20L is undefined, so add a cast to the target type of (unsigned long). From Kenjiro Nakayama
c18c38bc 2025-02-26 09:49:54 obj_dat: don't shift ca->type into the sign bit This is undefined for a ca->type of ADDED_LNAME (2) and ADDED_NID (3) when ca->type << 30L results in a shift into the sign bit, so add a cast to the target type of unsigned long. From Kenjiro Nakayama
9c6dcd48 2024-08-28 06:53:24 Fix underlying pkey of RSA-PSS There are currently very few differences between the rsa_asn1_meth for plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously necessary differnces for base_method, pkey_id, pem_str and info (and the fact that RSA has support for legacy private key encoding). This had the lucky side effect that it didn't really matter which ameth one ended up using after OBJ_find_sigid_algs(). With the upcoming support for X509_get_signature_infO() for RSA-PSS, this needs to change as for RSA-PSS we need to decode the PSS parameters for extracting the "security level", whereas for RSA we can just use the hash length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption to rassaPss. ok jsing PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this has been the case since we added Ed25519 support to obj_xref.
343bd8e2 2024-07-14 14:32:45 Remove lhash_local.h. lhash_local.h was previously needed since conf/conf_api.c and objects/obj_dat.c were fiddling with lhash internals when deleting via a callback. Since we no longer need to do that, inline the structs in lhash.c and remove the header. ok tb@
22e71e43 2024-07-09 16:12:33 Choose fixed NID for TLS1-PRF
18d6a5cd 2024-07-09 16:12:08 Add NID for TLS1-PRF ok jsing
3dca7526 2024-06-24 06:43:22 libcrypto: constify most error string tables These constitute the bulk of the remaining global mutable state in libcrypto. This commit moves most of them into data.rel.ro, leaving out ERR_str_{functs,libraries,reasons} (which require a slightly different approach) and SYS_str_reasons which is populated on startup. The main observation is that if ERR_load_strings() is called with a 0 lib argument, the ERR_STRING_DATA argument is not actually modified. We could use this fact to cast away const on the caller side and be done with it. We can make this cleaner by adding a helper ERR_load_const_strings() which explicitly avoids the assignment to str->error overriding the error code already set in the table. In order for this to work, we need to sprinkle some const in err/err.c. CMS called ERR_load_strings() with non-0 lib argument, but this didn't actually modify the error data since it ored in the value already stored in the table. Annoyingly, we need to cast const away once, namely in the call to lh_insert() in int_err_set_item(). Fixing this would require changing the public API and is going to be tricky since it requires that the LHASH_DOALL_FN_* types adjust. ok jsing
1b9cf3a3 2024-05-08 16:35:05 fix line wrapping in function definition
b9351927 2024-03-02 11:11:11 Make LHASH_OF() and STACK_OF() use opaque structs This removes internals of these two special snowflakes and will allow further simplifications. Unfortunately, there are some pieces of software that actually use LHASH_OF() (looking at you, pound, Ruby, and openssl(1)), so we get to keep exposing this garbage, at least for now. Expose lh_error() as a symbol to replace a macro reaching into _LHASH. lh_down_load() is no longer available. _LHASH and _STACK are now opaque, LHASH_NODE becomes internal-only. from jsing
f09dc5a5 2024-03-02 09:51:36 Remove unused OBJ_create_and_add_object() This is an alias for OBJ_create(). I haven't dug into its history. ok jsing
d9ccd25c 2024-03-02 09:50:47 Remove no longer supported OBJ_NAME_TYPEs OBJ_NAME_TYPE_PKEY_METH and OBJ_NAME_TYPE_COMP_METH were never used as far as I can tell. Unfortunately, PHP and Python still use the weirdly named OBJ_NAME_do_all*() API to list available ciphers and digests, so the MD and CIPHER variants need to remain public. ok jsing
fb2db234 2024-03-02 09:49:45 Make OBJ_add_object() static This is another implementation detail that should never have leaked out of the library. Only OBJ_create() ever used this. ok jsing
f329cdbc 2024-03-02 09:47:16 Remove OBJ_bsearch_() The only reason this has still been part of the public API was that libssl used it for cipher lookup. This was fixed by replacing the lookup by proper bsearch() -- why OpenSSL felt the need to reinvent ANSI C API badly will forever remain a mystery. The stack code in libcrypto still uses a version of this. This should be rewritten. It will be a bit easier once sk_find_ex() is removed. ok jsing
91d01677 2024-03-02 09:43:10 Switch name member of OBJ_NAME to const void * Because this is the type it should have had from the get go. ok jsing
54848e15 2024-03-02 09:41:02 Remove unused public OBJ_NAME_* API This functionality has been disabled for a few months. Now it is high time to garbage collect it. ok jsing
2eb0a250 2024-02-26 15:00:30 Neuter OBJ_bsearch{_,ex_}() Make these functions always fail. A copy of OBJ_bsearch_ex_() is kept in stack.c, where it is still used by internal_find() for sk_find{,_ex}(). sk_find_ex() will be removed in the upcoming bump, and then we can simplify or rewrite what's still needed. ok jsing
d1290289 2024-01-29 20:37:03 Add id-ct-rpkiSignedPrefixList NID References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
c82d7e52 2024-01-29 20:36:19 Add id-ct-rpkiSignedPrefixList OID References: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/ https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 OK tb@
0dadb9f5 2024-01-27 16:08:43 Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3 This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3 signature algorithms. With this diff, ECDSA certificates and CMS products using ECDSA with SHA-3 can be generated using the openssl command line tool. ok jsing
f0504870 2024-01-27 07:28:28 Allocate a fixed NID for the acmeIdentifer OID ok job jsing
046ee52f 2024-01-27 07:27:41 Add data for the RFC 8737 acmeIdentifier This teaches the object database OID, long and short names for the ACME identifier X.509v3 extension defined in RFC 8737. ok job jsing
20273a99 2024-01-24 14:05:10 Stop fiddling with hash table internals from lhash doall callers. It is now safe to call delete from an lhash doall callback - stop fiddling wit hash table internals from lhash doall callers that previously has to workaround this themselves. ok tb@
cb82efff 2024-01-13 12:18:52 The OBJ_NAME API joins the party in evp_names.c ... and another file without license disappears.
75591f2f 2024-01-13 11:57:51 Remove obj_cleanup_defer With check_defer() gone, this is never set to anything but 0, so the two conditional branches it is still involved in are dead code.
f5d53f8d 2024-01-13 11:55:31 Garbage collect check_defer() This was a mechanism to ensure that OBJ_cleanup() doesn't remove the ASN1_OBJECT associated with a custom cipher or digest (that was added with EVP_add_{cipher,digest}(), while the latter is still referenced in the OBJ_NAME table. It had the effect that OBJ_cleanup() wasn't actually called ever from OPENSSL_cleanup() (it is only called if you load the OID conf module). Oh, and of course it was once part of the public API. I fixed that two years ago, almost exactly to the day. Still mentioned in OBJ_create.3.
5aae2062 2024-01-13 11:38:45 Remove the guts of the OBJ_NAME API With one exception, none of this is used anymore. All of it will be removed in the next major bump. The exception is OBJ_NAME_add(). scurity/xca ran into issues with their cert renewal logic because RSA certs had a way of mapping the signature algorithms to a hash, but a similar mechanism wasn't available for ECDSA certs. So xca uses EVP_add_digest_alias() to have corresponding aliases for ECDSA. This is a macro wrapping OBJ_NAME_add(). xca now has better logic using the more appropriate OBJ_find_sigid_algs() (which wasn't available back then). We will still add the alias entries that xca still adds ourselves to make sure there are no unexpected side effects. They make sense anyway. The diff will hopefully land in a few days. If your life depends on ECDSA cert renewal in xca please hold off on updating to a new snap. ok jsing
4f293816 2024-01-13 11:08:39 Reimplement {EVP_CIPHER,EVP_MD,OBJ_NAME}_do_all{,_sorted}(3) This implements the do_all API by simple loops over the tables of digests and ciphers. Since some ciphers are only available on some platforms, we need to skip them if necessary. We use loops in each of the functions rather the convoluted way of reducing some of the loops to others. Since the tables are sorted, as ensured by regress, both do_all() and do_all_sorted() walk the lists in order. In particular, we no longer need to allocate to be able to sort hash tables by name on the fly in a void function that may end up doing nothing because allocation failed. We still need to do an unchecked OPENSSL_init_crypto() call. But that's what prayer and clean living are there for (as beck put it). The OBJ_NAME API is completely misnamed. It has little to do with objects and a lot to do with EVP. Therefore we implement what will remain from its saner replacement in the evp directory, i.e., evp_names.c. ok jsing
bd5b787c 2023-12-15 01:51:23 Hoist OBJ_sn2nid() over OBJ_ln2nid() In all other places, the short name comes before the long name, so fix the only exception.
a82d74d5 2023-12-15 01:47:50 Coverity rightly points out that an unsigned int is always >= 0
874d382a 2023-12-14 18:32:49 OBJ_create: sorry Omar, aobj is a better name than op Done.
5a0b87fd 2023-12-14 18:31:03 OBJ_create: use a nid variable to avoid nested function call
718766e5 2023-12-14 18:16:13 OBJ_create: malloc() -> calloc()
5caa395d 2023-12-14 18:15:21 OBJ_create: test and assign as usual
30b1f96f 2023-12-14 18:12:51 OBJ_create: initialize buf and turn function into single exit
386630a6 2023-12-14 18:10:32 OBJ_create: rename ok to ret and make it last declaration
010af94e 2023-12-14 18:09:35 OBJ_create(): rename i to len
af5ed569 2023-12-14 18:08:18 OBJ_create(): remove pointless parentheses
3db1954f 2023-12-14 18:06:44 OBJ_create(): remove useless cast
2157d97e 2023-12-14 15:33:09 OPENSSL_assert() that the passed nid is within range discussed with deraadt and jsing
337c377e 2023-12-14 14:45:45 Move the txt to obj/nid conversions a bit down. No code change
2de383af 2023-12-14 14:33:23 Dedup OBJ_nid2{obj,sn,ln}() First get the obj corresponding to nid, then inspect its sn and ln. Shaves off 40 lines of code and will simplify locking.
fda3605f 2023-12-14 14:04:46 Simplify OBJ_nid2obj() This is now yet another identical copy of the same code... Next step will be to dedup. ok jsing
cefe4e31 2023-12-14 14:02:57 Simplify OBJ_nid2sn() This is exactly the same as the previous OBJ_nid2ln() change modulo s/ln/sn/g. ok jsing
b203e67e 2023-12-14 14:01:42 Simplify OBJ_nid2ln() If nid is in the range of built-in NIDs, return the corresponding long name, unless some genius left a hole. Otherwise perform a yolo check if there are any user-added objects with matching nid in the global hash. This changes behavior in that we now push an OBJ_R_UNKNOWN_NID error onto the stack even if there are no user-added objects. ok jsing
dc45ccdd 2023-12-13 23:34:45 Simplify OBJ_ln2nid() This is s/sn/ln/g of the previous commit and eliminates another OBJ_bsearch_() user, the last one in this file. The bsearch() uses in this file are possibly the only ones that actually make sense since we're searching tables of roughly 1000 entries. ok jsing
63389b84 2023-12-13 23:31:25 Simplify OBJ_sn2nid() Another OBJ_bsearch_() elimination. OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve an object identifier with matching "short name" from the global hash of added objects and then searches the table of built-in objects. ok jsing
f4a64515 2023-12-13 23:28:47 Simplify OBJ_obj2nid() Continue with OBJ_bsearch_() elimination. OBJ_obj2nid() first checks if the object identifier passed in has a nid and if so, it returns that. Otherwise, it looks into the global hash of added objects (of course without locking) for a match and then returns the nid thereof. As a last attempt, it searches the table of built-in object identifiers. The last two steps can be cleaned up and simplified quite a bit by using C99 initializers, bsearch() and an appropriate comparison function. Then it becomes obvious that bsearch() already returns a pointer to the nid we're looking for, so there is no point in converting that into its corresponding obj and returning the nid thereof. ok jsing
63440589 2023-11-27 11:52:32 Remove silly parentheses
281c2125 2023-09-05 14:59:00 Improve error handling in OBJ_add_object() There is no need for a helper function to obfuscate lh_ADDED_OBJ_new(). Just call the real thing directly. Adding an object with a NID of NID_undef basically amounts to disabling a built-in OID. It does so in an incoherent fashion and the caller can't easily tell success from failure of the operation. Arguably the result is a corrupted objects table. Let's not allow adding such an object in an attempt at keeping things slightly more coherent. Issue noted and initial diff by schwarze while writing documentation ok schwarze
6071e9eb 2023-08-17 09:28:43 Garbage collect two commented abort()
812e19bf 2023-08-17 09:27:43 Make the local ASN1_OBJECTs const ok jsing
b0b039de 2023-08-17 09:26:09 Remove some unnecessary else branches
a55266cc 2023-08-17 09:24:50 Remove some parents from return statements
acdf279e 2023-08-17 09:22:56 Use cmp instead of i for the result of a comparison ok jsing
8128758f 2023-08-17 09:18:21 Use OBJ_cmp() instead of inlining two variants This also avoids more undefined behavior with memcmp(). ok jsing PS: Unsolicited advice for no one in particular: there is this awesome tool called grep. If someone reports an issue, you might want to use it to find more instances.
fdad50ce 2023-08-17 09:13:01 Avoid memcmp(NULL, x, 0) in OBJ_cmp() If a->length is 0, either a->data or b->data could be NULL and memcmp() will rely on undefined behavior to compare them as equal. So avoid this comparison in the first place. ok jsing
35f2f589 2023-07-28 10:25:05 Remove OBJ_add_sigid() and OBJ_sigid_free() Another bit of unused extensibility that was responsible for a lot of complexity until recently. This removes the remaining stubs from the public API. ok jsing
f0e1aa8e 2023-07-22 19:08:03 Align argument names of OBJ_add_sigid() with the other functions.
8e6e37e3 2023-07-22 18:32:05 Rewrite obj_xref.c Instead of having two unreadable tables placed in a header generated by a janky perl script from an ugly text file, use a single table inlined in the C file. This table is used to translate between signature algorithm OIDs and pairs of OIDs of a message digest and a cipher. The table has fewer than fifty entries and isn't used in a hot path. Using binary search is overkill. Just do two linear searches, one for each translation. None of the original code remains apart from the API. ok jsing
6afed99b 2023-07-22 18:12:09 Neuter OBJ_add_sigid() and OBJ_sigid_free() These functions will be removed in the upcoming bump. Nothing uses them, so it won't hurt if they become noops. This allows us to garbage collect the sig_app and sigx_app stacks and make a first step towards simplifying the OBJ_bsearch_() dances. Also sprinkle some const correctness... because we can. intermediate step towards a diff that is ok jsing
1e9308c1 2023-07-08 12:27:51 Hide symbols in objects ok tb@
95f31392 2023-06-29 06:11:33 Move check_defer() and obj_cleanup_defer to evp/names.c These formerly public symbols are the last things hidden by LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c Unfortunately, check_defer() needs to know about NUM_NIDS, so its implementation needs to remain in obj_dat.c, the only file that can include obj_dat.h due to NID tables. ok miod
443f5255 2023-06-15 17:58:27 regen
bf730856 2023-06-15 17:58:07 Add RSA with the sha3s to obj_xref.txt ok jsing
3cee6f62 2023-06-15 16:59:54 regen obj_xref.h (this and the Ed25519 addition to obj_xref.txt were ok jsing)
c87a585c 2023-06-15 16:58:38 Add Ed25519 to the obj_xref table. Also move part of for RSA-PSS to the top since it doesn't only apply to RSA-PSS.
fcb77b6b 2023-05-23 11:51:12 Simplify OBJ_obj2txt() Instead of adding a NUL termination to OBJ_obj2txt(), move the aobj == NULL or aobj->data == NULL checks to i2t_ASN1_OBJECT_internal(). The only other caller, i2t_ASN1_OBJECT(), fails on aobj == NULL and aobj->length == 0, and the latter condition is implied by aobj->data. Cleaner solution for obj_dat.c r1.52 suggested by/ok jsing
04bfea2a 2023-05-23 11:04:04 Always NUL terminate buf in OBJ_obj2txt() OBJ_obj2txt() is often called without error checking and is used for reporting unexpected or malformed objects. As such, we should ensure buf is a string even on failure. This had long been the case before it was lost in a recent rewrite. If obj and obj->data are both non-NULL this is already taken care of by i2t_ASN1_OBJECT_internal(), so many callers were still safe. ok miod
00cd692d 2023-04-25 15:46:54 Add NIDs for truncated SHA-2, SHA-3 and related things From jsing
71743258 2022-12-26 07:18:50 spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
c9675a23 2022-11-26 16:08:50 Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
6c6f701f 2022-11-13 14:03:13 Add ED25519 aliases for NID, SN and OBJ The Ed25519 versions already existed, but OpenSSL chose to uppercase the D.
b112a75f 2022-11-11 11:53:24 Stop pretending that obj_mac.h is optional. This is effectively: unifdef -m -DUSE_OBJ_MAC objects/objects.h ok beck@, with extreme prejudice.
d39f31be 2022-11-10 16:04:31 Map objects for ED25519 to Ed25519. OpenSSL used ED25519, even though the RFCs use Ed25519 - as such, we get to provide both. ok tb@
a6e77c87 2022-11-08 23:19:09 In case lh_OBJ_NAME_insert returns NULL due to a failed malloc, onp is leaked in OBJ_NAME_add. ok tb Found by CodeChecker.
d93fb5e8 2022-09-15 08:20:34 Add OID for RPKI signedTAL objects IANA made a permanent registration in the SMI Security for S/MIME CMS Content Type registry at https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1 for signed objects conforming to draft-ietf-sidrops-signed-tal. OK tb@
1f6d7615 2022-07-16 17:30:33 Add NID for signingCertificateV2 https://oidref.com/1.2.840.113549.1.9.16.2.47 OK tb
aeccd9ed 2022-07-12 14:42:48 Remove mkerr.pl remnants from LibreSSL This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
b36d8df0 2022-05-05 07:45:57 Add NID for HKDF ok beck jsing
cb5f613c 2022-03-19 17:49:32 Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj() The current OBJ_txt2obj() implementation converts the text to ASN.1 object content octets, builds a full DER encoding from it, then feeds the entire thing back through the DER to ASN.1 object conversion. Rather than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function that converts the text to ASN.1 object content octets, then creates a new ASN1_OBJECT and attaches the content octets to it. ok inoguchi@ tb@
09967094 2022-03-02 11:28:00 Rewrite ASN1_OBJECT content to ascii/text conversion. Rewrite the ASN1_OBJECT content to ascii/text conversion code using CBB and CBS. Currently there is a strange split with i2t_ASN1_OBJECT() calling OBJ_obj2txt() which implements the conversion, while OBJ_txt2obj() calls back into the misnamed a2d_ASN1_OBJECT() function. Move the conversion code into asn1/a_object.c and have OBJ_txt2obj() call that instead. ok inoguchi@ tb@
e0f0c337 2022-02-12 03:01:59 Limit OID text conversion to 64 bits per arc. The current implementation uses an unsigned long, then switches to BN once the arc exceeds its size. However, the complexity of BN_bn2dec() is quadratic in the length of number being converted. This means that OIDs with excessively large arcs take a lot of computation to convert to text. While the X.660 specification states that arcs are unbounded, in reality they are not overly large numbers - 640K^W64 bits ought to be enough for any arc. Remove BN entirely, switch from unsigned long to uin64_t and fail if an arc exceeds this size. Identified via oss-fuzz timeouts - should fix #41028 and #44372. ok tb@
0709e0c5 2022-02-11 16:39:16 Make OBJ_obj2nid() work correctly with NID_undef. Currently OBJ_obj2nid() with NID_undef returns NID_ccitt - this is due to doing a lookup on an empty value and having NID_undef conflict with an uninitialised NID value. Somewhat based on OpenSSL 0fb99904809. ok tb@
e7d5586a 2022-01-14 08:56:00 Hide OBJ_bsearch_ from public visibility, This removes OBJ_bsearch_ex_() from the exported symbols and makes OBJ_bsearch_() semi-private. It is still used in libssl. While here, remove some hideous unused macros ok inoguchi jsing
409e1e2a 2022-01-14 08:52:05 Remove check_defer and obj_cleanup_defer from public visibility ok inoguchi jsing
326063fd 2022-01-14 07:49:49 Unifdef LIBRESSL_OPAQUE_* and LIBRESSL_NEXT_API This marks the start of major surgery in libcrypto. Do not attempt to build the tree for a while (~50 commits).
460715d7 2022-01-08 21:36:39 Prepare to provide OBJ_length() and OBJ_get0_data() OBJ_length() turns the int obj->length into a size_t, so add an overflow check. While obj->length should never be negative, who knows... ok jsing
97125bc4 2022-01-08 15:34:59 tiny whitespace tweak
ec30313d 2022-01-07 11:13:54 include asn1_locl.h where it will be needed for the bump. discussed with jsing
aff4783b 2021-11-24 01:12:43 Make the certificate transparency code build with the rest of the library Do not expose it yet, this will wait for an upcoming bump ok tb@
1bce098d 2021-11-09 15:41:10 Add ASPA OID draft-ietf-sidrops-aspa-profile OK tb@
3fa9b996 2021-10-26 17:35:38 Add tlsfeature NID OK beck@ tb@
088e00a5 2021-09-11 13:31:31 Add BGPSec Router (RFC 8209) Key Purpose OID OK tb@
6ed312b1 2021-09-01 09:42:28 Remove assignment of value that is never read. ok tb@
6a181954 2021-05-19 10:12:55 Adjust libcrypto obj_xref.txt to obj_xref.h To generate current obj_xref.h, third item of lines id_tc26_signwithdigest_gost3410_2012_256/512 should be id_GostR3410_2001. obj_xref.txt r1.2 and obj_xref.h r1.3 were committed at the same time, and these third item were coded different value each other. This adjusts obj_xref.txt to current obj_xref.h. ok tb@