Trim and simplify obj_xref.c.

This avoids having more generated bits. The table is quite small,
especially so when we take out anything we don't implement. There's no
real need to do the binary search. (Exotic things like GOST, the legacy
NID_rsa and NID_dsa_2 spellings of RSA and DSA, and hash functions we
don't implement.)

Mostly this saves me from having to reimplement obj_xref.pl.
(obj_xref.pl processes nid.h, formerly obj_mac.h, so we can't just use
the existing one and still change nid.h.)

Change-Id: I90911277e691a8b04ea8930f3f314d517f314d29
Reviewed-on: https://boringssl-review.googlesource.com/12962
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-04-23 21:38:33 -04:00 committed by Adam Langley
parent 48e2be247a
commit 720ff53d07
5 changed files with 59 additions and 339 deletions

View File

@ -3,7 +3,6 @@ list of commands to run are:
perl objects.pl objects.txt obj_mac.num ../../include/openssl/nid.h perl objects.pl objects.txt obj_mac.num ../../include/openssl/nid.h
perl obj_dat.pl ../../include/openssl/nid.h obj_dat.h perl obj_dat.pl ../../include/openssl/nid.h obj_dat.h
perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h
objects.txt contains the list of all built-in OIDs. It is processed by objects.txt contains the list of all built-in OIDs. It is processed by
objects.pl to output obj_mac.num and nid.h. obj_mac.num is the list of NID objects.pl to output obj_mac.num and nid.h. obj_mac.num is the list of NID
@ -15,11 +14,6 @@ nid.h is read by obj_dat.pl to generate obj_dat.h. obj_dat.h contains the
ASN1_OBJECTs corresponding to built-in OIDs themselves along with lookup tables ASN1_OBJECTs corresponding to built-in OIDs themselves along with lookup tables
for search by short name, OID, etc. for search by short name, OID, etc.
obj_mac.num and obj_xref.txt are read by obj_xref.pl to generate
obj_xref.h. obj_xref.txt links signature OIDs to corresponding public key
algorithms and digests. obj_xref.h contains lookup tables for querying this
information in both directions.
Dependency graph: Dependency graph:
objects.txt objects.txt
@ -28,10 +22,10 @@ Dependency graph:
[objects.pl] <--+ [objects.pl] <--+
/ \ | / \ |
V V | V V |
nid.h obj_mac.num obj_xref.txt nid.h obj_mac.num
| \ / |
V V V V
[obj_dat.pl] [obj_xref.pl] [obj_dat.pl]
| | |
V V V
obj_dat.h obj_xref.h obj_dat.h

View File

@ -56,69 +56,67 @@
#include <openssl/obj.h> #include <openssl/obj.h>
#include <stdlib.h> #include "../internal.h"
#include "obj_xref.h"
static int nid_triple_cmp_by_sign_id(const void *in_a, const void *in_b) { typedef struct {
const nid_triple *a = in_a; int sign_nid;
const nid_triple *b = in_b; int digest_nid;
int pkey_nid;
} nid_triple;
return a->sign_id - b->sign_id; static const nid_triple kTriples[] = {
} /* RSA PKCS#1. */
{NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
{NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
{NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
{NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
{NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
{NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
{NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
/* DSA. */
{NID_dsaWithSHA1, NID_sha1, NID_dsa},
{NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
{NID_dsa_with_SHA224, NID_sha224, NID_dsa},
{NID_dsa_with_SHA256, NID_sha256, NID_dsa},
/* ECDSA. */
{NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
/* For PSS the digest algorithm can vary and depends on the included
* AlgorithmIdentifier. The digest "undef" indicates the public key method
* should handle this explicitly. */
{NID_rsassaPss, NID_undef, NID_rsaEncryption},
};
int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid, int *out_pkey_nid) { int OBJ_find_sigid_algs(int sign_nid, int *out_digest_nid, int *out_pkey_nid) {
nid_triple key; for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTriples); i++) {
const nid_triple *triple; if (kTriples[i].sign_nid == sign_nid) {
if (out_digest_nid != NULL) {
key.sign_id = sign_nid; *out_digest_nid = kTriples[i].digest_nid;
triple = bsearch(&key, sigoid_srt, sizeof(sigoid_srt) / sizeof(nid_triple),
sizeof(nid_triple), nid_triple_cmp_by_sign_id);
if (triple == NULL) {
return 0;
} }
if (out_digest_nid) { if (out_pkey_nid != NULL) {
*out_digest_nid = triple->hash_id; *out_pkey_nid = kTriples[i].pkey_nid;
} }
if (out_pkey_nid) {
*out_pkey_nid = triple->pkey_id;
}
return 1; return 1;
}
static int nid_triple_cmp_by_digest_and_hash(const void *in_a,
const void *in_b) {
const nid_triple *a = *((nid_triple**) in_a);
const nid_triple *b = *((nid_triple**) in_b);
int ret = a->hash_id - b->hash_id;
if (ret) {
return ret;
} }
return a->pkey_id - b->pkey_id; }
return 0;
} }
int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid, int pkey_nid) { int OBJ_find_sigid_by_algs(int *out_sign_nid, int digest_nid, int pkey_nid) {
nid_triple key, *pkey; for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kTriples); i++) {
const nid_triple **triple; if (kTriples[i].digest_nid == digest_nid &&
kTriples[i].pkey_nid == pkey_nid) {
key.hash_id = digest_nid; if (out_sign_nid != NULL) {
key.pkey_id = pkey_nid; *out_sign_nid = kTriples[i].sign_nid;
pkey = &key;
triple = bsearch(&pkey, sigoid_srt_xref,
sizeof(sigoid_srt_xref) / sizeof(nid_triple *),
sizeof(nid_triple *), nid_triple_cmp_by_digest_and_hash);
if (triple == NULL) {
return 0;
}
if (out_sign_nid) {
*out_sign_nid = (*triple)->sign_id;
} }
return 1; return 1;
}
}
return 0;
} }

View File

@ -1,96 +0,0 @@
/* THIS FILE IS GENERATED FROM obj_xref.txt by obj_xref.pl via the
* following command:
* perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h */
typedef struct
{
int sign_id;
int hash_id;
int pkey_id;
} nid_triple;
static const nid_triple sigoid_srt[] =
{
{NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
{NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
{NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
{NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
{NID_dsaWithSHA, NID_sha, NID_dsa},
{NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
{NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
{NID_md5WithRSA, NID_md5, NID_rsa},
{NID_dsaWithSHA1, NID_sha1, NID_dsa},
{NID_sha1WithRSA, NID_sha1, NID_rsa},
{NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
{NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
{NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
{NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
{NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
{NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
{NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
{NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
{NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
{NID_dsa_with_SHA224, NID_sha224, NID_dsa},
{NID_dsa_with_SHA256, NID_sha256, NID_dsa},
{NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
{NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
{NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
{NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
{NID_rsassaPss, NID_undef, NID_rsaEncryption},
{NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf},
{NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf},
};
static const nid_triple * const sigoid_srt_xref[] =
{
&sigoid_srt[0],
&sigoid_srt[1],
&sigoid_srt[7],
&sigoid_srt[2],
&sigoid_srt[4],
&sigoid_srt[3],
&sigoid_srt[9],
&sigoid_srt[5],
&sigoid_srt[8],
&sigoid_srt[12],
&sigoid_srt[30],
&sigoid_srt[35],
&sigoid_srt[6],
&sigoid_srt[10],
&sigoid_srt[11],
&sigoid_srt[13],
&sigoid_srt[24],
&sigoid_srt[20],
&sigoid_srt[32],
&sigoid_srt[37],
&sigoid_srt[14],
&sigoid_srt[21],
&sigoid_srt[33],
&sigoid_srt[38],
&sigoid_srt[15],
&sigoid_srt[22],
&sigoid_srt[34],
&sigoid_srt[39],
&sigoid_srt[16],
&sigoid_srt[23],
&sigoid_srt[19],
&sigoid_srt[31],
&sigoid_srt[36],
&sigoid_srt[25],
&sigoid_srt[26],
&sigoid_srt[27],
&sigoid_srt[28],
};

View File

@ -1,118 +0,0 @@
#!/usr/bin/env perl
use strict;
if (scalar @ARGV != 2)
{
print "Usage: perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h\n";
exit 1;
}
my %xref_tbl;
my %oid_tbl;
my ($mac_file, $xref_file) = @ARGV;
open(IN, $mac_file) || die "Can't open $mac_file";
# Read in OID nid values for a lookup table.
while (<IN>)
{
chomp;
my ($name, $num) = /^(\S+)\s+(\S+)$/;
$oid_tbl{$name} = $num;
}
close IN;
open(IN, $xref_file) || die "Can't open $xref_file";
my $ln = 1;
while (<IN>)
{
chomp;
s/#.*$//;
next if (/^\S*$/);
my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
check_oid($xr);
check_oid($p1);
check_oid($p2);
$xref_tbl{$xr} = [$p1, $p2, $ln];
}
my @xrkeys = keys %xref_tbl;
my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
for(my $i = 0; $i <= $#srt1; $i++)
{
$xref_tbl{$srt1[$i]}[2] = $i;
}
my @srt2 = sort
{
my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
return $ap1 - $bp1 if ($ap1 != $bp1);
my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
return $ap2 - $bp2;
} @xrkeys;
my $pname = $0;
$pname =~ s|^.[^/]/||;
print <<EOF;
/* THIS FILE IS GENERATED FROM obj_xref.txt by obj_xref.pl via the
* following command:
* perl obj_xref.pl obj_mac.num obj_xref.txt > obj_xref.h */
typedef struct
{
int sign_id;
int hash_id;
int pkey_id;
} nid_triple;
static const nid_triple sigoid_srt[] =
{
EOF
foreach (@srt1)
{
my $xr = $_;
my ($p1, $p2) = @{$xref_tbl{$_}};
print "\t{NID_$xr, NID_$p1, NID_$p2},\n";
}
print "\t};";
print <<EOF;
static const nid_triple * const sigoid_srt_xref[] =
{
EOF
foreach (@srt2)
{
my ($p1, $p2, $x) = @{$xref_tbl{$_}};
# If digest or signature algorithm is "undef" then the algorithm
# needs special handling and is excluded from the cross reference table.
next if $p1 eq "undef" || $p2 eq "undef";
print "\t\&sigoid_srt\[$x\],\n";
}
print "\t};\n\n";
sub check_oid
{
my ($chk) = @_;
if (!exists $oid_tbl{$chk})
{
die "Not Found \"$chk\"\n";
}
}

View File

@ -1,58 +0,0 @@
# OID cross reference table.
# Links signatures OIDs to their corresponding public key algorithms
# and digests.
md2WithRSAEncryption md2 rsaEncryption
md5WithRSAEncryption md5 rsaEncryption
shaWithRSAEncryption sha rsaEncryption
sha1WithRSAEncryption sha1 rsaEncryption
md4WithRSAEncryption md4 rsaEncryption
sha256WithRSAEncryption sha256 rsaEncryption
sha384WithRSAEncryption sha384 rsaEncryption
sha512WithRSAEncryption sha512 rsaEncryption
sha224WithRSAEncryption sha224 rsaEncryption
mdc2WithRSA mdc2 rsaEncryption
ripemd160WithRSA ripemd160 rsaEncryption
# For PSS the digest algorithm can vary and depends on the included
# AlgorithmIdentifier. The digest "undef" indicates the public key
# method should handle this explicitly.
rsassaPss undef rsaEncryption
# Alternative deprecated OIDs. By using the older "rsa" OID this
# type will be recognized by not normally used.
md5WithRSA md5 rsa
sha1WithRSA sha1 rsa
dsaWithSHA sha dsa
dsaWithSHA1 sha1 dsa
dsaWithSHA1_2 sha1 dsa_2
ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey
ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey
ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey
ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey
ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey
ecdsa_with_Recommended undef X9_62_id_ecPublicKey
ecdsa_with_Specified undef X9_62_id_ecPublicKey
dsa_with_SHA224 sha224 dsa
dsa_with_SHA256 sha256 dsa
id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc
id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc
# ECDH KDFs and their corresponding message digests and schemes
dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf
dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf
dhSinglePass_stdDH_sha256kdf_scheme sha256 dh_std_kdf
dhSinglePass_stdDH_sha384kdf_scheme sha384 dh_std_kdf
dhSinglePass_stdDH_sha512kdf_scheme sha512 dh_std_kdf
dhSinglePass_cofactorDH_sha1kdf_scheme sha1 dh_cofactor_kdf
dhSinglePass_cofactorDH_sha224kdf_scheme sha224 dh_cofactor_kdf
dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf
dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf
dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf