boringssl

838 Commits

61 Branches

23 Tags

511 MiB

Tag: Branch: Tree: 67d4f28357

Commit Graph

Author	SHA1	Message	Date
David Benjamin	491af10360	Check for trailing data in extensions. X509V3_EXT_d2i should notice if an extension has extra data at the end. Update-Note: Some previously accepted invalid certicates may be rejected, either in certificate verification or in X509_get_ext_d2i. Bug: 352 Change-Id: Iacbb74a52d15bf3318b4cb8271d44b0f0a2df137 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50285 Reviewed-by: Adam Langley <agl@google.com>	3 years ago
David Benjamin	ee4af9e94e	Add X509_get_pathlen and X509_REVOKED_get0_extensions. Conscrypt will need these functions. Also fix a bug in X509_get_extension_flags's error-handling. While I'm here, add X509_CRL_get0_extensions for completeness. Nothing uses this yet, but this could later be an alternative to avoid Conscrypt's mess with templates. Change-Id: I9393b75fcf53346535e6a4712355be081baa630d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42744 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	5 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago

Author

SHA1

Message

Date

David Benjamin

491af10360

Check for trailing data in extensions.

X509V3_EXT_d2i should notice if an extension has extra data at the end.

Update-Note: Some previously accepted invalid certicates may be
rejected, either in certificate verification or in X509_get_ext_d2i.

Bug: 352
Change-Id: Iacbb74a52d15bf3318b4cb8271d44b0f0a2df137
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50285
Reviewed-by: Adam Langley <agl@google.com>

3 years ago

David Benjamin

ee4af9e94e

Add X509_get_pathlen and X509_REVOKED_get0_extensions.

Conscrypt will need these functions. Also fix a bug in
X509_get_extension_flags's error-handling. While I'm here, add
X509_CRL_get0_extensions for completeness. Nothing uses this yet, but
this could later be an alternative to avoid Conscrypt's mess with
templates.

Change-Id: I9393b75fcf53346535e6a4712355be081baa630d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42744
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

5 years ago

Adam Langley

fb0c05cac2

acvp: add CMAC-AES support.

Change by Dan Janni.

Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

5 years ago

3 Commits (67d4f28357eb3e48fba5a4fa0ff2e9805d3bab3f)