Don't use negative values for unimplemented modes

Our EVP_CIPHER_mode returns an unsigned value and including negative numbers in switch/case when the value is unsigned causes some warnings. This should avoid the need for https://github.com/nodejs/node/pull/46564 (Having them be positive shouldn't have compat impacts. CCM is 8, but no cipher will report CCM, so any path checking for it will just be dead code.) Change-Id: I8dcf5ea55fad9732a09d6da73114cde5d69397d3 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57025 Reviewed-by: Bob Beck <bbe@google.com> Auto-Submit: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
2 years ago · d9ea5553c3
parent 908b1300ff
commit d9ea5553c3
1 changed files with 6 additions and 3 deletions
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@ -341,6 +341,12 @@ OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 #define EVP_CIPH_GCM_MODE 0x6
 #define EVP_CIPH_XTS_MODE 0x7

+// The following values are never returned from |EVP_CIPHER_mode| and are
+// included only to make it easier to compile code with BoringSSL.
+#define EVP_CIPH_CCM_MODE 0x8
+#define EVP_CIPH_OCB_MODE 0x9
+#define EVP_CIPH_WRAP_MODE 0xa
+

 // Cipher flags (for |EVP_CIPHER_flags|).

@ -506,9 +512,6 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_cast5_cbc(void);

 // The following flags do nothing and are included only to make it easier to
 // compile code with BoringSSL.
-#define EVP_CIPH_CCM_MODE (-1)
-#define EVP_CIPH_OCB_MODE (-2)
-#define EVP_CIPH_WRAP_MODE (-3)
 #define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0

 // EVP_CIPHER_CTX_set_flags does nothing.