[crypto] Allow algorithms to be included without being OID-identifiable

There are many ways in which the object for a cryptographic algorithm
may be included, even if not explicitly enabled in config/crypto.h.
For example: the MD5 algorithm is required by TLSv1.1 or earlier, by
iSCSI CHAP authentication, by HTTP digest authentication, and by NTLM
authentication.

In the current implementation, inclusion of an algorithm for any
reason will result in the algorithm's ASN.1 object identifier being
included in the "asn1_algorithms" table, which consequently allows the
algorithm to be used for any ASN1-identified purpose.  For example: if
the MD5 algorithm is included in order to support HTTP digest
authentication, then iPXE would accept a (validly signed) TLS
certificate using an MD5 digest.

Split the ASN.1 object identifiers into separate files that are
required only if explicitly enabled in config/crypto.h.  This allows
an algorithm to be omitted from the "asn1_algorithms" table even if
the algorithm implementation is dragged in for some other purpose.

The end result is that only the algorithms that are explicitly enabled
in config/crypto.h can be used for ASN1-identified purposes such as
signature verification.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

22 files changed, 433 insertions, 122 deletions

diff --git a/src/config/config_crypto.c b/src/config/config_crypto.c
index 1e125d8..440bf4c 100644
--- a/src/config/config_crypto.c
+++ b/src/config/config_crypto.c
@@ -33,6 +33,56 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
 PROVIDE_REQUIRING_SYMBOL();
 
+/* RSA */
+#if defined ( CRYPTO_PUBKEY_RSA )
+REQUIRE_OBJECT ( oid_rsa );
+#endif
+
+/* MD4 */
+#if defined ( CRYPTO_DIGEST_MD4 )
+REQUIRE_OBJECT ( oid_md4 );
+#endif
+
+/* MD5 */
+#if defined ( CRYPTO_DIGEST_MD5 )
+REQUIRE_OBJECT ( oid_md5 );
+#endif
+
+/* SHA-1 */
+#if defined ( CRYPTO_DIGEST_SHA1 )
+REQUIRE_OBJECT ( oid_sha1 );
+#endif
+
+/* SHA-224 */
+#if defined ( CRYPTO_DIGEST_SHA224 )
+REQUIRE_OBJECT ( oid_sha224 );
+#endif
+
+/* SHA-256 */
+#if defined ( CRYPTO_DIGEST_SHA256 )
+REQUIRE_OBJECT ( oid_sha256 );
+#endif
+
+/* SHA-384 */
+#if defined ( CRYPTO_DIGEST_SHA384 )
+REQUIRE_OBJECT ( oid_sha384 );
+#endif
+
+/* SHA-512 */
+#if defined ( CRYPTO_DIGEST_SHA512 )
+REQUIRE_OBJECT ( oid_sha512 );
+#endif
+
+/* SHA-512/224 */
+#if defined ( CRYPTO_DIGEST_SHA512_224 )
+REQUIRE_OBJECT ( oid_sha512_224 );
+#endif
+
+/* SHA-512/256 */
+#if defined ( CRYPTO_DIGEST_SHA512_256 )
+REQUIRE_OBJECT ( oid_sha512_256 );
+#endif
+
 /* RSA and MD5 */
 #if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_MD5 )
 REQUIRE_OBJECT ( rsa_md5 );
diff --git a/src/config/crypto.h b/src/config/crypto.h
index cc86573..a87cf92 100644
--- a/src/config/crypto.h
+++ b/src/config/crypto.h
@@ -18,25 +18,19 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 /** AES-CBC block cipher */
 #define CRYPTO_CIPHER_AES_CBC
 
-/** MD5 digest algorithm
- *
- * Note that use of MD5 is implicit when using TLSv1.1 or earlier.
- */
+/** MD4 digest algorithm */
+//#define CRYPTO_DIGEST_MD4
+
+/** MD5 digest algorithm */
 #define CRYPTO_DIGEST_MD5
 
-/** SHA-1 digest algorithm
- *
- * Note that use of SHA-1 is implicit when using TLSv1.1 or earlier.
- */
+/** SHA-1 digest algorithm */
 #define CRYPTO_DIGEST_SHA1
 
 /** SHA-224 digest algorithm */
 #define CRYPTO_DIGEST_SHA224
 
-/** SHA-256 digest algorithm
- *
- * Note that use of SHA-256 is implicit when using TLSv1.2.
- */
+/** SHA-256 digest algorithm */
 #define CRYPTO_DIGEST_SHA256
 
 /** SHA-384 digest algorithm */
@@ -45,6 +39,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 /** SHA-512 digest algorithm */
 #define CRYPTO_DIGEST_SHA512
 
+/** SHA-512/224 digest algorithm */
+//#define CRYPTO_DIGEST_SHA512_224
+
+/** SHA-512/256 digest algorithm */
+//#define CRYPTO_DIGEST_SHA512_256
+
 /** Margin of error (in seconds) allowed in signed timestamps
  *
  * We default to allowing a reasonable margin of error: 12 hours to
diff --git a/src/crypto/md4.c b/src/crypto/md4.c
index f4a8d78..ca5dcc2 100644
--- a/src/crypto/md4.c
+++ b/src/crypto/md4.c
@@ -35,7 +35,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <assert.h>
 #include <ipxe/rotate.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/md4.h>
 
 /** MD4 variables */
@@ -268,13 +267,3 @@ struct digest_algorithm md4_algorithm = {
 	.update		= md4_update,
 	.final		= md4_final,
 };
-
-/** "md4" object identifier */
-static uint8_t oid_md4[] = { ASN1_OID_MD4 };
-
-/** "md4" OID-identified algorithm */
-struct asn1_algorithm oid_md4_algorithm __asn1_algorithm = {
-	.name = "md4",
-	.digest = &md4_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_md4 ),
-};
diff --git a/src/crypto/md5.c b/src/crypto/md5.c
index 185a61f..bee382e 100644
--- a/src/crypto/md5.c
+++ b/src/crypto/md5.c
@@ -35,7 +35,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <assert.h>
 #include <ipxe/rotate.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/md5.h>
 
 /** MD5 variables */
@@ -293,13 +292,3 @@ struct digest_algorithm md5_algorithm = {
 	.update		= md5_update,
 	.final		= md5_final,
 };
-
-/** "md5" object identifier */
-static uint8_t oid_md5[] = { ASN1_OID_MD5 };
-
-/** "md5" OID-identified algorithm */
-struct asn1_algorithm oid_md5_algorithm __asn1_algorithm = {
-	.name = "md5",
-	.digest = &md5_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_md5 ),
-};
diff --git a/src/crypto/mishmash/oid_md4.c b/src/crypto/mishmash/oid_md4.c
new file mode 100644
index 0000000..1054a79
--- /dev/null
+++ b/src/crypto/mishmash/oid_md4.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/md4.h>
+#include <ipxe/asn1.h>
+
+/** "md4" object identifier */
+static uint8_t oid_md4[] = { ASN1_OID_MD4 };
+
+/** "md4" OID-identified algorithm */
+struct asn1_algorithm oid_md4_algorithm __asn1_algorithm = {
+	.name = "md4",
+	.digest = &md4_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_md4 ),
+};
diff --git a/src/crypto/mishmash/oid_md5.c b/src/crypto/mishmash/oid_md5.c
new file mode 100644
index 0000000..96149d0
--- /dev/null
+++ b/src/crypto/mishmash/oid_md5.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/md5.h>
+#include <ipxe/asn1.h>
+
+/** "md5" object identifier */
+static uint8_t oid_md5[] = { ASN1_OID_MD5 };
+
+/** "md5" OID-identified algorithm */
+struct asn1_algorithm oid_md5_algorithm __asn1_algorithm = {
+	.name = "md5",
+	.digest = &md5_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_md5 ),
+};
diff --git a/src/crypto/mishmash/oid_rsa.c b/src/crypto/mishmash/oid_rsa.c
new file mode 100644
index 0000000..1360c31
--- /dev/null
+++ b/src/crypto/mishmash/oid_rsa.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/rsa.h>
+#include <ipxe/asn1.h>
+
+/** "rsaEncryption" object identifier */
+static uint8_t oid_rsa_encryption[] = { ASN1_OID_RSAENCRYPTION };
+
+/** "rsaEncryption" OID-identified algorithm */
+struct asn1_algorithm rsa_encryption_algorithm __asn1_algorithm = {
+	.name = "rsaEncryption",
+	.pubkey = &rsa_algorithm,
+	.digest = NULL,
+	.oid = ASN1_OID_CURSOR ( oid_rsa_encryption ),
+};
diff --git a/src/crypto/mishmash/oid_sha1.c b/src/crypto/mishmash/oid_sha1.c
new file mode 100644
index 0000000..0ab3bac
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha1.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha1.h>
+#include <ipxe/asn1.h>
+
+/** "sha1" object identifier */
+static uint8_t oid_sha1[] = { ASN1_OID_SHA1 };
+
+/** "sha1" OID-identified algorithm */
+struct asn1_algorithm oid_sha1_algorithm __asn1_algorithm = {
+	.name = "sha1",
+	.digest = &sha1_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha1 ),
+};
diff --git a/src/crypto/mishmash/oid_sha224.c b/src/crypto/mishmash/oid_sha224.c
new file mode 100644
index 0000000..1ff6884
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha224.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha256.h>
+#include <ipxe/asn1.h>
+
+/** "sha224" object identifier */
+static uint8_t oid_sha224[] = { ASN1_OID_SHA224 };
+
+/** "sha224" OID-identified algorithm */
+struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm = {
+	.name = "sha224",
+	.digest = &sha224_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha224 ),
+};
diff --git a/src/crypto/mishmash/oid_sha256.c b/src/crypto/mishmash/oid_sha256.c
new file mode 100644
index 0000000..51ea585
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha256.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha256.h>
+#include <ipxe/asn1.h>
+
+/** "sha256" object identifier */
+static uint8_t oid_sha256[] = { ASN1_OID_SHA256 };
+
+/** "sha256" OID-identified algorithm */
+struct asn1_algorithm oid_sha256_algorithm __asn1_algorithm = {
+	.name = "sha256",
+	.digest = &sha256_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha256 ),
+};
diff --git a/src/crypto/mishmash/oid_sha384.c b/src/crypto/mishmash/oid_sha384.c
new file mode 100644
index 0000000..5ba4d60
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha384.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha512.h>
+#include <ipxe/asn1.h>
+
+/** "sha384" object identifier */
+static uint8_t oid_sha384[] = { ASN1_OID_SHA384 };
+
+/** "sha384" OID-identified algorithm */
+struct asn1_algorithm oid_sha384_algorithm __asn1_algorithm = {
+	.name = "sha384",
+	.digest = &sha384_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha384 ),
+};
diff --git a/src/crypto/mishmash/oid_sha512.c b/src/crypto/mishmash/oid_sha512.c
new file mode 100644
index 0000000..38e3c1a
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha512.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha512.h>
+#include <ipxe/asn1.h>
+
+/** "sha512" object identifier */
+static uint8_t oid_sha512[] = { ASN1_OID_SHA512 };
+
+/** "sha512" OID-identified algorithm */
+struct asn1_algorithm oid_sha512_algorithm __asn1_algorithm = {
+	.name = "sha512",
+	.digest = &sha512_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha512 ),
+};
diff --git a/src/crypto/mishmash/oid_sha512_224.c b/src/crypto/mishmash/oid_sha512_224.c
new file mode 100644
index 0000000..2300dad
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha512_224.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha512.h>
+#include <ipxe/asn1.h>
+
+/** "sha512_224" object identifier */
+static uint8_t oid_sha512_224[] = { ASN1_OID_SHA512_224 };
+
+/** "sha512_224" OID-identified algorithm */
+struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm = {
+	.name = "sha512/224",
+	.digest = &sha512_224_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha512_224 ),
+};
diff --git a/src/crypto/mishmash/oid_sha512_256.c b/src/crypto/mishmash/oid_sha512_256.c
new file mode 100644
index 0000000..6af61fe
--- /dev/null
+++ b/src/crypto/mishmash/oid_sha512_256.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2020 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/sha512.h>
+#include <ipxe/asn1.h>
+
+/** "sha512_256" object identifier */
+static uint8_t oid_sha512_256[] = { ASN1_OID_SHA512_256 };
+
+/** "sha512_256" OID-identified algorithm */
+struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm = {
+	.name = "sha512/256",
+	.digest = &sha512_256_algorithm,
+	.oid = ASN1_OID_CURSOR ( oid_sha512_256 ),
+};
diff --git a/src/crypto/rsa.c b/src/crypto/rsa.c
index 2c5cf67..a389557 100644
--- a/src/crypto/rsa.c
+++ b/src/crypto/rsa.c
@@ -47,17 +47,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define EINFO_EACCES_VERIFY \
 	__einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )
 
-/** "rsaEncryption" object identifier */
-static uint8_t oid_rsa_encryption[] = { ASN1_OID_RSAENCRYPTION };
-
-/** "rsaEncryption" OID-identified algorithm */
-struct asn1_algorithm rsa_encryption_algorithm __asn1_algorithm = {
-	.name = "rsaEncryption",
-	.pubkey = &rsa_algorithm,
-	.digest = NULL,
-	.oid = ASN1_OID_CURSOR ( oid_rsa_encryption ),
-};
-
 /**
  * Identify RSA prefix
  *
diff --git a/src/crypto/sha1.c b/src/crypto/sha1.c
index 51866f4..94fce00 100644
--- a/src/crypto/sha1.c
+++ b/src/crypto/sha1.c
@@ -35,7 +35,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <assert.h>
 #include <ipxe/rotate.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha1.h>
 
 /** SHA-1 variables */
@@ -264,13 +263,3 @@ struct digest_algorithm sha1_algorithm = {
 	.update		= sha1_update,
 	.final		= sha1_final,
 };
-
-/** "sha1" object identifier */
-static uint8_t oid_sha1[] = { ASN1_OID_SHA1 };
-
-/** "sha1" OID-identified algorithm */
-struct asn1_algorithm oid_sha1_algorithm __asn1_algorithm = {
-	.name = "sha1",
-	.digest = &sha1_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha1 ),
-};
diff --git a/src/crypto/sha224.c b/src/crypto/sha224.c
index be25f24..e54a0ab 100644
--- a/src/crypto/sha224.c
+++ b/src/crypto/sha224.c
@@ -32,7 +32,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <byteswap.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha256.h>
 
 /** SHA-224 initial digest values */
@@ -70,13 +69,3 @@ struct digest_algorithm sha224_algorithm = {
 	.update		= sha256_update,
 	.final		= sha256_final,
 };
-
-/** "sha224" object identifier */
-static uint8_t oid_sha224[] = { ASN1_OID_SHA224 };
-
-/** "sha224" OID-identified algorithm */
-struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm = {
-	.name = "sha224",
-	.digest = &sha224_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha224 ),
-};
diff --git a/src/crypto/sha256.c b/src/crypto/sha256.c
index 0360d8d..6bd7277 100644
--- a/src/crypto/sha256.c
+++ b/src/crypto/sha256.c
@@ -35,7 +35,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <assert.h>
 #include <ipxe/rotate.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha256.h>
 
 /** SHA-256 variables */
@@ -271,13 +270,3 @@ struct digest_algorithm sha256_algorithm = {
 	.update		= sha256_update,
 	.final		= sha256_final,
 };
-
-/** "sha256" object identifier */
-static uint8_t oid_sha256[] = { ASN1_OID_SHA256 };
-
-/** "sha256" OID-identified algorithm */
-struct asn1_algorithm oid_sha256_algorithm __asn1_algorithm = {
-	.name = "sha256",
-	.digest = &sha256_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha256 ),
-};
diff --git a/src/crypto/sha384.c b/src/crypto/sha384.c
index 0177518..f1af6fc 100644
--- a/src/crypto/sha384.c
+++ b/src/crypto/sha384.c
@@ -32,7 +32,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <byteswap.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha512.h>
 
 /** SHA-384 initial digest values */
@@ -70,13 +69,3 @@ struct digest_algorithm sha384_algorithm = {
 	.update		= sha512_update,
 	.final		= sha512_final,
 };
-
-/** "sha384" object identifier */
-static uint8_t oid_sha384[] = { ASN1_OID_SHA384 };
-
-/** "sha384" OID-identified algorithm */
-struct asn1_algorithm oid_sha384_algorithm __asn1_algorithm = {
-	.name = "sha384",
-	.digest = &sha384_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha384 ),
-};
diff --git a/src/crypto/sha512.c b/src/crypto/sha512.c
index 814f445..e848950 100644
--- a/src/crypto/sha512.c
+++ b/src/crypto/sha512.c
@@ -35,7 +35,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <assert.h>
 #include <ipxe/rotate.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha512.h>
 
 /** SHA-512 variables */
@@ -291,13 +290,3 @@ struct digest_algorithm sha512_algorithm = {
 	.update		= sha512_update,
 	.final		= sha512_final,
 };
-
-/** "sha512" object identifier */
-static uint8_t oid_sha512[] = { ASN1_OID_SHA512 };
-
-/** "sha512" OID-identified algorithm */
-struct asn1_algorithm oid_sha512_algorithm __asn1_algorithm = {
-	.name = "sha512",
-	.digest = &sha512_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha512 ),
-};
diff --git a/src/crypto/sha512_224.c b/src/crypto/sha512_224.c
index 8c37b56..b672872 100644
--- a/src/crypto/sha512_224.c
+++ b/src/crypto/sha512_224.c
@@ -32,7 +32,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <byteswap.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha512.h>
 
 /** SHA-512/224 initial digest values */
@@ -71,13 +70,3 @@ struct digest_algorithm sha512_224_algorithm = {
 	.update		= sha512_update,
 	.final		= sha512_final,
 };
-
-/** "sha512_224" object identifier */
-static uint8_t oid_sha512_224[] = { ASN1_OID_SHA512_224 };
-
-/** "sha512_224" OID-identified algorithm */
-struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm = {
-	.name = "sha512/224",
-	.digest = &sha512_224_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha512_224 ),
-};
diff --git a/src/crypto/sha512_256.c b/src/crypto/sha512_256.c
index f8afaf3..8163631 100644
--- a/src/crypto/sha512_256.c
+++ b/src/crypto/sha512_256.c
@@ -32,7 +32,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <stdint.h>
 #include <byteswap.h>
 #include <ipxe/crypto.h>
-#include <ipxe/asn1.h>
 #include <ipxe/sha512.h>
 
 /** SHA-512/256 initial digest values */
@@ -71,13 +70,3 @@ struct digest_algorithm sha512_256_algorithm = {
 	.update		= sha512_update,
 	.final		= sha512_final,
 };
-
-/** "sha512_256" object identifier */
-static uint8_t oid_sha512_256[] = { ASN1_OID_SHA512_256 };
-
-/** "sha512_256" OID-identified algorithm */
-struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm = {
-	.name = "sha512/256",
-	.digest = &sha512_256_algorithm,
-	.oid = ASN1_OID_CURSOR ( oid_sha512_256 ),
-};