Remove the guts of the OBJ_NAME API

With one exception, none of this is used anymore. All of it will be removed
in the next major bump.

The exception is OBJ_NAME_add(). scurity/xca ran into issues with their
cert renewal logic because RSA certs had a way of mapping the signature
algorithms to a hash, but a similar mechanism wasn't available for ECDSA
certs. So xca uses EVP_add_digest_alias() to have corresponding aliases
for ECDSA. This is a macro wrapping OBJ_NAME_add().

xca now has better logic using the more appropriate OBJ_find_sigid_algs()
(which wasn't available back then). We will still add the alias entries
that xca still adds ourselves to make sure there are no unexpected side
effects. They make sense anyway.

The diff will hopefully land in a few days. If your life depends on ECDSA
cert renewal in xca please hold off on updating to a new snap.

ok jsing

diff --git a/lib/libcrypto/objects/o_names.c b/lib/libcrypto/objects/o_names.c
index 1007c5e..566ada4 100644 (file)
--- a/lib/libcrypto/objects/o_names.c
+++ b/lib/libcrypto/objects/o_names.c
@@ -1,51 +1,12 @@
-/* $OpenBSD: o_names.c,v 1.25 2024/01/13 11:08:39 tb Exp $ */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-
+/* $OpenBSD: o_names.c,v 1.26 2024/01/13 11:38:45 tb Exp $ */
 #include <openssl/err.h>
-#include <openssl/lhash.h>
 #include <openssl/objects.h>
-#include <openssl/safestack.h>
-
-/* I use the ex_data stuff to manage the identifiers for the obj_name_types
- * that applications may define.  I only really use the free function field.
- */
-DECLARE_LHASH_OF(OBJ_NAME);
-static LHASH_OF(OBJ_NAME) *names_lh = NULL;
-static int names_type_num = OBJ_NAME_TYPE_NUM;
-
-typedef struct name_funcs_st {
-       unsigned long (*hash_func)(const char *name);
-       int (*cmp_func)(const char *a, const char *b);
-       void (*free_func)(const char *, int, const char *);
-} NAME_FUNCS;
-
-DECLARE_STACK_OF(NAME_FUNCS)
-
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-
-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
- * casting in the functions. This prevents function pointer casting without the
- * need for macro-generated wrapper functions. */
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a); */
-static unsigned long obj_name_hash(const void *a_void);
-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void, const void *b_void);
-
-static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
-static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
 
 int
 OBJ_NAME_init(void)
 {
-       if (names_lh != NULL)
-               return (1);
-       names_lh = lh_OBJ_NAME_new();
-       return (names_lh != NULL);
+       OBJerror(ERR_R_DISABLED);
+       return 0;
 }
 LCRYPTO_ALIAS(OBJ_NAME_init);
 
@@ -54,231 +15,37 @@ OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
     int (*cmp_func)(const char *, const char *),
     void (*free_func)(const char *, int, const char *))
 {
-       int ret;
-       int i;
-       NAME_FUNCS *name_funcs;
-
-       if (name_funcs_stack == NULL)
-               name_funcs_stack = sk_NAME_FUNCS_new_null();
-       if (name_funcs_stack == NULL)
-               return (0);
-
-       ret = names_type_num;
-       names_type_num++;
-       for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
-               name_funcs = malloc(sizeof(NAME_FUNCS));
-               if (!name_funcs) {
-                       OBJerror(ERR_R_MALLOC_FAILURE);
-                       return (0);
-               }
-               name_funcs->hash_func = lh_strhash;
-               name_funcs->cmp_func = strcmp;
-               name_funcs->free_func = NULL;
-               if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) {
-                       free(name_funcs);
-                       OBJerror(ERR_R_MALLOC_FAILURE);
-                       return (0);
-               }
-       }
-       name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
-       if (hash_func != NULL)
-               name_funcs->hash_func = hash_func;
-       if (cmp_func != NULL)
-               name_funcs->cmp_func = cmp_func;
-       if (free_func != NULL)
-               name_funcs->free_func = free_func;
-       return (ret);
+       OBJerror(ERR_R_DISABLED);
+       return 0;
 }
 LCRYPTO_ALIAS(OBJ_NAME_new_index);
 
-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
-static int
-obj_name_cmp(const void *a_void, const void *b_void)
-{
-       int ret;
-       const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-       const OBJ_NAME *b = (const OBJ_NAME *)b_void;
-
-       ret = a->type - b->type;
-       if (ret == 0) {
-               if ((name_funcs_stack != NULL) &&
-                   (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
-                       ret = sk_NAME_FUNCS_value(name_funcs_stack,
-                           a->type)->cmp_func(a->name, b->name);
-               } else
-                       ret = strcmp(a->name, b->name);
-       }
-       return (ret);
-}
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a) */
-static unsigned long
-obj_name_hash(const void *a_void)
-{
-       unsigned long ret;
-       const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-
-       if ((name_funcs_stack != NULL) &&
-           (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
-               ret = sk_NAME_FUNCS_value(name_funcs_stack,
-                   a->type)->hash_func(a->name);
-       } else {
-               ret = lh_strhash(a->name);
-       }
-       ret ^= a->type;
-       return (ret);
-}
-
 const char *
 OBJ_NAME_get(const char *name, int type)
 {
-       OBJ_NAME on, *ret;
-       int num = 0, alias;
-
-       if (name == NULL)
-               return (NULL);
-       if ((names_lh == NULL) && !OBJ_NAME_init())
-               return (NULL);
-
-       alias = type&OBJ_NAME_ALIAS;
-       type&= ~OBJ_NAME_ALIAS;
-
-       on.name = name;
-       on.type = type;
-
-       for (;;) {
-               ret = lh_OBJ_NAME_retrieve(names_lh, &on);
-               if (ret == NULL)
-                       return (NULL);
-               if ((ret->alias) && !alias) {
-                       if (++num > 10)
-                               return (NULL);
-                       on.name = ret->data;
-               } else {
-                       return (ret->data);
-               }
-       }
+       OBJerror(ERR_R_DISABLED);
+       return NULL;
 }
 LCRYPTO_ALIAS(OBJ_NAME_get);
 
 int
 OBJ_NAME_add(const char *name, int type, const char *data)
 {
-       OBJ_NAME *onp, *ret;
-       int alias;
-
-       if ((names_lh == NULL) && !OBJ_NAME_init())
-               return (0);
-
-       alias = type & OBJ_NAME_ALIAS;
-       type &= ~OBJ_NAME_ALIAS;
-
-       onp = malloc(sizeof(OBJ_NAME));
-       if (onp == NULL) {
-               /* ERROR */
-               return (0);
-       }
-
-       onp->name = name;
-       onp->alias = alias;
-       onp->type = type;
-       onp->data = data;
-
-       ret = lh_OBJ_NAME_insert(names_lh, onp);
-       if (ret != NULL) {
-               /* free things */
-               if ((name_funcs_stack != NULL) &&
-                   (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
-                       /* XXX: I'm not sure I understand why the free
-                        * function should get three arguments...
-                        * -- Richard Levitte
-                        */
-                       sk_NAME_FUNCS_value(
-                           name_funcs_stack, ret->type)->free_func(
-                           ret->name, ret->type, ret->data);
-               }
-               free(ret);
-       } else {
-               if (lh_OBJ_NAME_error(names_lh)) {
-                       free(onp);
-                       /* ERROR */
-                       return (0);
-               }
-       }
-       return (1);
+       /* No error to avoid polluting xca's error stack. */
+       return 0;
 }
 LCRYPTO_ALIAS(OBJ_NAME_add);
 
 int
 OBJ_NAME_remove(const char *name, int type)
 {
-       OBJ_NAME on, *ret;
-
-       if (names_lh == NULL)
-               return (0);
-
-       type &= ~OBJ_NAME_ALIAS;
-       on.name = name;
-       on.type = type;
-       ret = lh_OBJ_NAME_delete(names_lh, &on);
-       if (ret != NULL) {
-               /* free things */
-               if ((name_funcs_stack != NULL) &&
-                   (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
-                       /* XXX: I'm not sure I understand why the free
-                        * function should get three arguments...
-                        * -- Richard Levitte
-                        */
-                       sk_NAME_FUNCS_value(
-                           name_funcs_stack, ret->type)->free_func(
-                           ret->name, ret->type, ret->data);
-               }
-               free(ret);
-               return (1);
-       } else
-               return (0);
+       OBJerror(ERR_R_DISABLED);
+       return 0;
 }
 LCRYPTO_ALIAS(OBJ_NAME_remove);
 
-static int free_type;
-
-static void
-names_lh_free_doall(OBJ_NAME *onp)
-{
-       if (onp == NULL)
-               return;
-
-       if (free_type < 0 || free_type == onp->type)
-               OBJ_NAME_remove(onp->name, onp->type);
-}
-
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
-
-static void
-name_funcs_free(NAME_FUNCS *ptr)
-{
-       free(ptr);
-}
-
 void
 OBJ_NAME_cleanup(int type)
 {
-       unsigned long down_load;
-
-       if (names_lh == NULL)
-               return;
-
-       free_type = type;
-       down_load = lh_OBJ_NAME_down_load(names_lh);
-       lh_OBJ_NAME_down_load(names_lh) = 0;
-
-       lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free));
-       if (type < 0) {
-               lh_OBJ_NAME_free(names_lh);
-               sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
-               names_lh = NULL;
-               name_funcs_stack = NULL;
-       } else
-               lh_OBJ_NAME_down_load(names_lh) = down_load;
 }
 LCRYPTO_ALIAS(OBJ_NAME_cleanup);