Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Const-correct X509_alias_get0 and X509_keyid_get0

Browse Source 
All callers I found seem to be compatible with this. Using the non-const
pointer isn't very useful because you cannot resize the value. Let's try
const-correcting it and we'll revert if it's too annoying to fix.

Update-Note: The above functions are now const-correct. Store the result
in a const pointer to avoid compatibility issues.

Change-Id: Id4a1c7223fbb333716906e20844bf8795118a8ea
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65128
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
chromium-stable
David Benjamin 11 months ago committed by Boringssl LUCI CQ
parent 970df5e456
commit 3ef8cbc419
2 changed files with 12 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      crypto/x509/x_x509a.c
  2. 14
      include/openssl/x509.h

8
crypto/x509/x_x509a.c
Unescape View File

@ -90,7 +90,7 @@ static X509_CERT_AUX *aux_get(X509 *x) {
return x->aux;
}
int X509_alias_set1(X509 *x, const unsigned char *name, ossl_ssize_t len) {
int X509_alias_set1(X509 *x, const uint8_t *name, ossl_ssize_t len) {
X509_CERT_AUX *aux;
// TODO(davidben): Empty aliases are not meaningful in PKCS#12, and the
// getters cannot quite represent them. Also erase the object if |len| is
@ -112,7 +112,7 @@ int X509_alias_set1(X509 *x, const unsigned char *name, ossl_ssize_t len) {
return ASN1_STRING_set(aux->alias, name, len);
}
int X509_keyid_set1(X509 *x, const unsigned char *id, ossl_ssize_t len) {
int X509_keyid_set1(X509 *x, const uint8_t *id, ossl_ssize_t len) {
X509_CERT_AUX *aux;
// TODO(davidben): Empty key IDs are not meaningful in PKCS#12, and the
// getters cannot quite represent them. Also erase the object if |len| is
@ -134,7 +134,7 @@ int X509_keyid_set1(X509 *x, const unsigned char *id, ossl_ssize_t len) {
return ASN1_STRING_set(aux->keyid, id, len);
}
unsigned char *X509_alias_get0(X509 *x, int *out_len) {
const uint8_t *X509_alias_get0(const X509 *x, int *out_len) {
const ASN1_UTF8STRING *alias = x->aux != NULL ? x->aux->alias : NULL;
if (out_len != NULL) {
*out_len = alias != NULL ? alias->length : 0;
@ -142,7 +142,7 @@ unsigned char *X509_alias_get0(X509 *x, int *out_len) {
return alias != NULL ? alias->data : NULL;
}
unsigned char *X509_keyid_get0(X509 *x, int *out_len) {
const uint8_t *X509_keyid_get0(const X509 *x, int *out_len) {
const ASN1_OCTET_STRING *keyid = x->aux != NULL ? x->aux->keyid : NULL;
if (out_len != NULL) {
*out_len = keyid != NULL ? keyid->length : 0;

14
include/openssl/x509.h
Unescape View File

@ -603,7 +603,9 @@ OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
// Unlike similarly-named functions, this function does not output a single
// ASN.1 element. Directly embedding the output in a larger ASN.1 structure will
// not behave correctly.
OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
//
// TODO(crbug.com/boringssl/407): |x509| should be const.
OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, uint8_t **outp);
// d2i_X509_AUX parses up to |length| bytes from |*inp| as a DER-encoded X.509
// Certificate (RFC 5280), followed optionally by a separate, OpenSSL-specific
@ -615,19 +617,19 @@ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
// Unlike similarly-named functions, this function does not parse a single
// ASN.1 element. Trying to parse data directly embedded in a larger ASN.1
// structure will not behave correctly.
OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const unsigned char **inp,
OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const uint8_t **inp,
long length);
// X509_alias_set1 sets |x509|'s alias to |len| bytes from |name|. If |name| is
// NULL, the alias is cleared instead. Aliases are not part of the certificate
// itself and will not be serialized by |i2d_X509|.
OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const unsigned char *name,
OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const uint8_t *name,
ossl_ssize_t len);
// X509_keyid_set1 sets |x509|'s key ID to |len| bytes from |id|. If |id| is
// NULL, the key ID is cleared instead. Key IDs are not part of the certificate
// itself and will not be serialized by |i2d_X509|.
OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const uint8_t *id,
ossl_ssize_t len);
// X509_alias_get0 looks up |x509|'s alias. If found, it sets |*out_len| to the
@ -642,7 +644,7 @@ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
// WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
// missing. Callers that target both OpenSSL and BoringSSL should set the value
// to zero before calling this function.
OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
OPENSSL_EXPORT const uint8_t *X509_alias_get0(const X509 *x509, int *out_len);
// X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the
// key ID's length and returns a pointer to a buffer containing the contents. If
@ -652,7 +654,7 @@ OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
// WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
// missing. Callers that target both OpenSSL and BoringSSL should set the value
// to zero before calling this function.
OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len);
OPENSSL_EXPORT const uint8_t *X509_keyid_get0(const X509 *x509, int *out_len);
// X509_add1_trust_object configures |x509| as a valid trust anchor for |obj|.
// It returns one on success and zero on error. |obj| should be a certificate

Write Preview
Loading…
Cancel
Save