Halve the size of the kNIDsIn* constants
We have not and are unlikely to ever allocate 65K NIDs, so these ables can use
uint16_t and halve their size.
Bug: 300
Change-Id: I5c69a366588f26df75b7b642bee6dd12ad8cc661
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/38904
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c
index 4f03c59..3bf1abf 100644
--- a/crypto/obj/obj.c
+++ b/crypto/obj/obj.c
@@ -189,7 +189,7 @@
// an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an
// unsigned int in the array.
static int obj_cmp(const void *key, const void *element) {
- unsigned nid = *((const unsigned*) element);
+ uint16_t nid = *((const uint16_t *)element);
const ASN1_OBJECT *a = key;
const ASN1_OBJECT *b = &kObjects[nid];
@@ -202,8 +202,6 @@
}
int OBJ_obj2nid(const ASN1_OBJECT *obj) {
- const unsigned int *nid_ptr;
-
if (obj == NULL) {
return NID_undef;
}
@@ -224,8 +222,9 @@
}
CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
- nid_ptr = bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder),
- sizeof(kNIDsInOIDOrder[0]), obj_cmp);
+ const uint16_t *nid_ptr =
+ bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder),
+ sizeof(kNIDsInOIDOrder[0]), obj_cmp);
if (nid_ptr == NULL) {
return NID_undef;
}
@@ -250,15 +249,13 @@
// |key| argument is name that we're looking for and |element| is a pointer to
// an unsigned int in the array.
static int short_name_cmp(const void *key, const void *element) {
- const char *name = (const char *) key;
- unsigned nid = *((unsigned*) element);
+ const char *name = (const char *)key;
+ uint16_t nid = *((const uint16_t *)element);
return strcmp(name, kObjects[nid].sn);
}
int OBJ_sn2nid(const char *short_name) {
- const unsigned int *nid_ptr;
-
CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
if (global_added_by_short_name != NULL) {
ASN1_OBJECT *match, template;
@@ -272,9 +269,10 @@
}
CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
- nid_ptr = bsearch(short_name, kNIDsInShortNameOrder,
- OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder),
- sizeof(kNIDsInShortNameOrder[0]), short_name_cmp);
+ const uint16_t *nid_ptr =
+ bsearch(short_name, kNIDsInShortNameOrder,
+ OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder),
+ sizeof(kNIDsInShortNameOrder[0]), short_name_cmp);
if (nid_ptr == NULL) {
return NID_undef;
}
@@ -286,15 +284,13 @@
// |key| argument is name that we're looking for and |element| is a pointer to
// an unsigned int in the array.
static int long_name_cmp(const void *key, const void *element) {
- const char *name = (const char *) key;
- unsigned nid = *((unsigned*) element);
+ const char *name = (const char *)key;
+ uint16_t nid = *((const uint16_t *)element);
return strcmp(name, kObjects[nid].ln);
}
int OBJ_ln2nid(const char *long_name) {
- const unsigned int *nid_ptr;
-
CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
if (global_added_by_long_name != NULL) {
ASN1_OBJECT *match, template;
@@ -308,9 +304,9 @@
}
CRYPTO_STATIC_MUTEX_unlock_read(&global_added_lock);
- nid_ptr = bsearch(long_name, kNIDsInLongNameOrder,
- OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder),
- sizeof(kNIDsInLongNameOrder[0]), long_name_cmp);
+ const uint16_t *nid_ptr = bsearch(
+ long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder),
+ sizeof(kNIDsInLongNameOrder[0]), long_name_cmp);
if (nid_ptr == NULL) {
return NID_undef;
}
diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h
index 53198f9..d472ba5 100644
--- a/crypto/obj/obj_dat.h
+++ b/crypto/obj/obj_dat.h
@@ -8763,7 +8763,7 @@
{"ED448", "ED448", NID_ED448, 3, &kObjectData[6178], 0},
};
-static const unsigned kNIDsInShortNameOrder[] = {
+static const uint16_t kNIDsInShortNameOrder[] = {
364 /* AD_DVCS */,
419 /* AES-128-CBC */,
916 /* AES-128-CBC-HMAC-SHA1 */,
@@ -9717,7 +9717,7 @@
160 /* x509Crl */,
};
-static const unsigned kNIDsInLongNameOrder[] = {
+static const uint16_t kNIDsInLongNameOrder[] = {
363 /* AD Time Stamping */,
405 /* ANSI X9.62 */,
368 /* Acceptable OCSP Responses */,
@@ -10671,7 +10671,7 @@
125 /* zlib compression */,
};
-static const unsigned kNIDsInOIDOrder[] = {
+static const uint16_t kNIDsInOIDOrder[] = {
434 /* 0.9 (OBJ_data) */,
182 /* 1.2 (OBJ_member_body) */,
676 /* 1.3 (OBJ_identified_organization) */,
diff --git a/crypto/obj/objects.go b/crypto/obj/objects.go
index 28887c0..361cdfe 100644
--- a/crypto/obj/objects.go
+++ b/crypto/obj/objects.go
@@ -347,6 +347,11 @@
return nil, err
}
+ // The kNIDsIn*Order constants assume each NID fits in a uint16_t.
+ if len(objs.byNID) > 0xffff {
+ return nil, errors.New("too many NIDs allocated")
+ }
+
return objs, nil
}
@@ -645,7 +650,7 @@
}
sortNIDs(nids, objs, func(a, b object) bool { return a.shortName < b.shortName })
- fmt.Fprintf(&b, "\nstatic const unsigned kNIDsInShortNameOrder[] = {\n")
+ fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInShortNameOrder[] = {\n")
for _, nid := range nids {
fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].shortName)
}
@@ -661,7 +666,7 @@
}
sortNIDs(nids, objs, func(a, b object) bool { return a.longName < b.longName })
- fmt.Fprintf(&b, "\nstatic const unsigned kNIDsInLongNameOrder[] = {\n")
+ fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInLongNameOrder[] = {\n")
for _, nid := range nids {
fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].longName)
}
@@ -686,7 +691,7 @@
return bytes.Compare(a.encoded, b.encoded) < 0
})
- fmt.Fprintf(&b, "\nstatic const unsigned kNIDsInOIDOrder[] = {\n")
+ fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInOIDOrder[] = {\n")
for _, nid := range nids {
obj := objs.byNID[nid]
fmt.Fprintf(&b, "%d /* ", nid)
