Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl

You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Tag: Branch: Tree: d1b20a9580

2214

2272

2311

2357

2490

2564

2623

2661

2704

2785

2883

2924

2987

3029

3071

3112

3202

3239

3282

3359

3538

3945

chromium-2214

chromium-2272

chromium-2311

chromium-2357

chromium-2490

chromium-2564

chromium-2623

chromium-2661

chromium-2704

chromium-2883

chromium-2924

chromium-2987

chromium-3029

chromium-3071

chromium-3112

chromium-3202

chromium-3239

chromium-3282

chromium-3359

chromium-3538

chromium-3945

chromium-5359

chromium-5414

chromium-stable

chromium-stable-with-bazel

esni

fips-20180730

fips-20220613

fips-20230428

fips-20240407

fips-20240805

fips-20250107

fips-android-20191008

grpc-202302

infra/config

main

main-with-bazel

master

master-with-bazel

0.20240913.0

0.20240930.0

0.20241024.0

0.20241203.0

0.20241209.0

0.20250114.0

0.20250212.0

fips-20170615

fips-20180730

fips-20190808

fips-20210429

fips-20220613

fips-android-20191020

version_for_cocoapods_1.0

version_for_cocoapods_10.0

version_for_cocoapods_2.0

version_for_cocoapods_3.0

version_for_cocoapods_4.0

version_for_cocoapods_5.0

version_for_cocoapods_6.0

version_for_cocoapods_7.0

version_for_cocoapods_8.0

version_for_cocoapods_9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'd1b20a9580'

${ noResults }

boringssl/crypto/x509

History

David Benjamin d1b20a9580 Fix handling of EXFLAG_INVALID_POLICY on the leaf. ... X509_policy_check returns -1 if some certificate had an unparseable extension, in which case it sets EXFLAG_INVALID_POLICY on it. The calling code then iterates over the certificates to find the offending one, so the callback has a chance to undo it. But it skips i = 0, the leaf, and instead just silentely returns success. We really should cut down on the callback's ability to mess things up here but, in the meantime, fix this. Also add a test covering this case. While I'm here, I've updated make_invalid_extensions.go, which I pulled some code from, to rename fooOrPanic to mustFoo. That seems to be the convention in the Go standard library. (regexp.MustCompile, etc.) Change-Id: Ib07c9f4175e66483bd7c0f7d49aea931bf36e53f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55748 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>		2 years ago
..
test	Fix handling of EXFLAG_INVALID_POLICY on the leaf.	2 years ago
a_digest.c	Remove unnecessary parens on return.	3 years ago
a_sign.c	Check some ASN1_STRING types in crypto/x509	3 years ago
a_verify.c	Post-clang-format fixups.	3 years ago
algorithm.c	Run convert_comments.go on the recently-converted files	3 years ago
asn1_gen.c	Make CONF_parse_list size_t-clean.	3 years ago
by_dir.c	Remove unused X509_LOOKUP_by_* functions.	3 years ago
by_file.c	Remove unused X509_LOOKUP_by_* functions.	3 years ago
i2d_pr.c	Run convert_comments.go on the recently-converted files	3 years ago
internal.h	Switch X509 ex_* flags to uint32_t.	2 years ago
name_print.c	Document most X509_NAME functions.	3 years ago
rsa_pss.c	Miscellaneous -Wshorten-64-to-32 fixes.	2 years ago
t_crl.c	clang-format remaining directories.	3 years ago
t_req.c	Const-correct X509_EXTENSION functions, as best we can.	3 years ago
t_x509.c	Remove X509_ocspid_print.	3 years ago
t_x509a.c	Run convert_comments.go on the recently-converted files	3 years ago
x509.c	Run convert_comments.go on the recently-converted files	3 years ago
x509_att.c	Remove unnecessary parens on return.	3 years ago
x509_cmp.c	Also check for V_ASN1_NEG_INTEGER when checking types.	2 years ago
x509_d2.c	Remove unnecessary parens on return.	3 years ago
x509_def.c	Remove unnecessary parens on return.	3 years ago
x509_ext.c	Const-correct X509_EXTENSION functions, as best we can.	3 years ago
x509_lu.c	Remove unused X509_LOOKUP_by_* functions.	3 years ago
x509_obj.c	Remove unnecessary parens on return.	3 years ago
x509_req.c	Release memory earlier when clearing ASN1_ENCODING.	2 years ago
x509_set.c	Add int64 ASN1_INTEGER setters too.	2 years ago
x509_test.cc	Fix handling of EXFLAG_INVALID_POLICY on the leaf.	2 years ago
x509_time_test.cc	acvp: add CMAC-AES support.	5 years ago
x509_trs.c	Run convert_comments.go on the recently-converted files	3 years ago
x509_txt.c	Remove the last of the Suite B code.	3 years ago
x509_v3.c	Const-correct X509_EXTENSION functions, as best we can.	3 years ago
x509_vfy.c	Fix handling of EXFLAG_INVALID_POLICY on the leaf.	2 years ago
x509_vpm.c	Const-correct and simplify X509_VERIFY_PARAM_set1_policies.	2 years ago
x509cset.c	Release memory earlier when clearing ASN1_ENCODING.	2 years ago
x509name.c	Document most X509_NAME functions.	3 years ago
x509rset.c	Add int64 ASN1_INTEGER setters too.	2 years ago
x509spki.c	Remove unnecessary parens on return.	3 years ago
x_algor.c	Remove X509_ALGORS.	3 years ago
x_all.c	Release memory earlier when clearing ASN1_ENCODING.	2 years ago
x_attrib.c	Const-correct the i2d/dup functions we can.	3 years ago
x_crl.c	Release memory earlier when clearing ASN1_ENCODING.	2 years ago
x_exten.c	Const-correct the i2d/dup functions we can.	3 years ago
x_info.c	Remove unnecessary parens on return.	3 years ago
x_name.c	Const-correct the i2d/dup functions we can.	3 years ago
x_pkey.c	Re-run clang-format with InsertBraces.	3 years ago
x_pubkey.c	Const-correct the i2d/dup functions we can.	3 years ago
x_req.c	Remove X509_REQ's refcount.	3 years ago
x_sig.c	Const-correct the i2d/dup functions we can.	3 years ago
x_spki.c	Const-correct the i2d/dup functions we can.	3 years ago
x_val.c	Const-correct the i2d/dup functions we can.	3 years ago
x_x509.c	Release memory earlier when clearing ASN1_ENCODING.	2 years ago
x_x509a.c	Const-correct the i2d/dup functions we can.	3 years ago