boringssl

580 Commits

61 Branches

23 Tags

511 MiB

Tag: Branch: Tree: 6b7525a9fa

Commit Graph

Author	SHA1	Message	Date
David Benjamin	468cde90ca	Always encode booleans as DER. The ASN1_BOOLEAN representation is a mess. ASN1_BOOLEAN is an int and if non-negative (negative values mean omitted or default), gets cast to uint8_t and encoded as the value. This means callers are simply expected to know true is 0xff, not 1. Fix this by only encoding 0 or 0xff. This also fixes a bug where values like 0x100 are interpreted as true (e.g. in the tasn_enc.c logic to handle default values), but encoded as false because the cast only looks at the least significant byte. This CL does not change the parsing behavior, which is to allow any BER encoding and preserve the value in the in-memory representation (though we should tighten that). However the BER encode will no longer be preserved when re-encoding. Update-Note: Callers setting ASN1_BOOLEANs to a positive value other than 0xff will now encode 0xff. This probably fixes a bug, but if anyone was attaching significance to incorrectly-encoded booleans, that will break. Change-Id: I5bb53e068d5900daca07299a27c0551e78ffa91d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46924 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	4 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago

Author

SHA1

Message

Date

David Benjamin

468cde90ca

Always encode booleans as DER.

The ASN1_BOOLEAN representation is a mess. ASN1_BOOLEAN is an int
and if non-negative (negative values mean omitted or default), gets cast
to uint8_t and encoded as the value. This means callers are simply
expected to know true is 0xff, not 1. Fix this by only encoding 0 or
0xff.

This also fixes a bug where values like 0x100 are interpreted as true
(e.g. in the tasn_enc.c logic to handle default values), but encoded as
false because the cast only looks at the least significant byte.

This CL does not change the parsing behavior, which is to allow any BER
encoding and preserve the value in the in-memory representation (though
we should tighten that). However the BER encode will no longer be
preserved when re-encoding.

Update-Note: Callers setting ASN1_BOOLEANs to a positive value other
than 0xff will now encode 0xff. This probably fixes a bug, but if anyone
was attaching significance to incorrectly-encoded booleans, that will
break.

Change-Id: I5bb53e068d5900daca07299a27c0551e78ffa91d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46924
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

4 years ago

Adam Langley

fb0c05cac2

acvp: add CMAC-AES support.

Change by Dan Janni.

Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

5 years ago

2 Commits (6b7525a9fab38f408651bf5c39804c65103969f6)