mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
d63b3e7959
openssl/crypto/objects
History
Richard Levitte d63b3e7959 Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate 
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
2023-06-06 10:48:50 +02:00
..
build.info unified build scheme: add build.info files 2016-02-01 12:46:58 +01:00
o_names.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
obj_compat.h Fix copyrights 2022-02-03 13:56:38 +01:00
obj_dat.c Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate 2023-06-06 10:48:50 +02:00
obj_dat.h Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311 2023-05-22 07:43:00 +01:00
obj_dat.pl Add a local perl module to get year last changed 2021-03-31 13:59:53 +02:00
obj_err.c Update copyright year 2021-06-17 13:24:59 +01:00
obj_lib.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
obj_local.h Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats 2022-06-22 09:36:14 +02:00
obj_mac.num Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311 2023-05-22 07:43:00 +01:00
obj_xref.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
obj_xref.h Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311 2023-05-22 07:43:00 +01:00
obj_xref.txt obj_xref: rsassaPss must map to 'undef rsassaPss' (not 'undef rsaEncryption') 2021-01-28 15:05:04 +01:00
objects.pl Add a local perl module to get year last changed 2021-03-31 13:59:53 +02:00
objects.txt Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311 2023-05-22 07:43:00 +01:00
objxref.pl Add a local perl module to get year last changed 2021-03-31 13:59:53 +02:00
README.md Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 2020-07-05 11:29:43 +02:00

README.md

objects.txt syntax

To cover all the naming hacks that were previously in objects.h needed some kind of hacks in objects.txt.

The basic syntax for adding an object is as follows:

    1 2 3 4         : shortName     : Long Name

            If Long Name contains only word characters and hyphen-minus
            (0x2D) or full stop (0x2E) then Long Name is used as basis
            for the base name in C. Otherwise, the shortName is used.

            The base name (let's call it 'base') will then be used to
            create the C macros SN_base, LN_base, NID_base and OBJ_base.

            Note that if the base name contains spaces, dashes or periods,
            those will be converted to underscore.

Then there are some extra commands:

    !Alias foo 1 2 3 4

            This just makes a name foo for an OID.  The C macro
            OBJ_foo will be created as a result.

    !Cname foo

            This makes sure that the name foo will be used as base name
            in C.

    !module foo
    1 2 3 4         : shortName     : Long Name
    !global

            The !module command was meant to define a kind of modularity.
            What it does is to make sure the module name is prepended
            to the base name.  !global turns this off.  This construction
            is not recursive.

Lines starting with # are treated as comments, as well as any line starting with ! and not matching the commands above.