boringssl

581 Commits

61 Branches

23 Tags

511 MiB

Tag: Branch: Tree: 59aff62ca8

Commit Graph

Author	SHA1	Message	Date
David Benjamin	59aff62ca8	Remove V_ASN1_APP_CHOOSE. V_ASN1_APP_CHOOSE has been discouraged by OpenSSL since 2000: https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=824f421b8d331ba2a2009dbda333a57493bedb1e;hb=fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff#l10848 Instead, upstream recommends an MBSTRING_* constant. https://www.openssl.org/docs/man1.1.1/man3/X509_NAME_add_entry_by_NID.html This function is a bit overloaded: MBSTRING_* means "Decode my input from this format and then re-encode it using whatever string type best suits the NID (usually UTF8String, but some NIDs require PrintableString)". V_ASN1_APP_CHOOSE means "This is a Latin-1 string. Without looking at the NID, pick one of PrintableString, IA5String, or T61String". The latter is almost certainly not what callers want. If they want a particular type, they can always force it by passing a particular V_ASN1_* constant. This removes the only use of ASN1_PRINTABLE_type within the library, though there is one external use still. Update-Note: V_ASN1_APP_CHOOSE is removed. I only found one use, which has been fixed. Change-Id: Id36376dd0ec68559bbbb366e2305d42be5ddac67 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49067 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
David Benjamin	125a38fad9	Const-correct various X509 functions. Actually making crypto/asn1 and crypto/x509 const-correct will be a tall order, between all the hidden caches, non-const ASN.1 macros, and ambiguity between mutable and immutable getters. But upstream const-corrected a number of things, so align with them. (In particular, it is not currently possible to usefully use a non-const X509_NAME.) I think I've gotten most of x509.h. I started going through x509v3.h, but all the conf bits take non-const char* pointers, which shows up in the public (but probably unused) X509V3_CONF_METHOD, so I've left it alone in this CL. For some reason, OpenSSL made X509_get_subject_name a const-to-non-const function but kept X509_get_serialNumber uniformly non-const while adding a uniformly const X509_get0_serialNumber. I've just mirrored this for compatibility's sake. Change-Id: Ia33a7576165cf2da5922807fc065f1f114b0f84c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42584 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	5 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago

Author

SHA1

Message

Date

David Benjamin

59aff62ca8

Remove V_ASN1_APP_CHOOSE.

V_ASN1_APP_CHOOSE has been discouraged by OpenSSL since 2000:
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=824f421b8d331ba2a2009dbda333a57493bedb1e;hb=fb047ebc87b18bdc4cf9ddee9ee1f5ed93e56aff#l10848

Instead, upstream recommends an MBSTRING_* constant.
https://www.openssl.org/docs/man1.1.1/man3/X509_NAME_add_entry_by_NID.html

This function is a bit overloaded:

MBSTRING_* means "Decode my input from this format and then re-encode it
using whatever string type best suits the NID (usually UTF8String, but
some NIDs require PrintableString)".

V_ASN1_APP_CHOOSE means "This is a Latin-1 string. Without looking at
the NID, pick one of PrintableString, IA5String, or T61String".

The latter is almost certainly not what callers want. If they want a
particular type, they can always force it by passing a particular
V_ASN1_* constant. This removes the only use of ASN1_PRINTABLE_type
within the library, though there is one external use still.

Update-Note: V_ASN1_APP_CHOOSE is removed. I only found one use, which
has been fixed.

Change-Id: Id36376dd0ec68559bbbb366e2305d42be5ddac67
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49067
Reviewed-by: Adam Langley <agl@google.com>

4 years ago

David Benjamin

125a38fad9

Const-correct various X509 functions.

Actually making crypto/asn1 and crypto/x509 const-correct will be a tall
order, between all the hidden caches, non-const ASN.1 macros, and
ambiguity between mutable and immutable getters. But upstream
const-corrected a number of things, so align with them. (In particular,
it is not currently possible to usefully use a non-const X509_NAME.)

I think I've gotten most of x509.h. I started going through x509v3.h,
but all the conf bits take non-const char* pointers, which shows up in
the public (but probably unused) X509V3_CONF_METHOD, so I've left it
alone in this CL.

For some reason, OpenSSL made X509_get_subject_name a const-to-non-const
function but kept X509_get_serialNumber uniformly non-const while adding
a uniformly const X509_get0_serialNumber. I've just mirrored this for
compatibility's sake.

Change-Id: Ia33a7576165cf2da5922807fc065f1f114b0f84c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42584
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

5 years ago

Adam Langley

fb0c05cac2

acvp: add CMAC-AES support.

Change by Dan Janni.

Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

5 years ago

3 Commits (59aff62ca8c5b8f0249beee5a73da970486867ce)