commit 2a5db6870687393045f55183be579ec4a259f8f9
author David Benjamin <davidben@google.com> Tue Feb 06 21:56:57 2024 -0500
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Feb 15 18:17:44 2024 +0000
tree 9adf96042148db609138421d7c04c219c350db9c
parent d7f5e18b9f33466769c290b7190d1c5dbc41236e

Remove pki/tag.h

This is a very thin wrapper over CBS_ASN1_* constants, dating from when
the library wanted to avoid as strongly depending on BoringSSL. That's
long stopped being the case, so we may as well just use the underlying
constants. A tad less C++-y, but I don't think the wrapper is buying us
much.

Update-Note: pki/tag.h no longer exists. Use CBS_ASN1_TAG instead of
bssl::der::Tag and CBS_ASN1_* instead of bssl::der::k*.

Change-Id: I09f3f65b406d1a8fe60bfbe1a56d3e485ae84d97
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66067
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

pki/crl.cc

diff --git a/pki/crl.cc b/pki/crl.cc
index cc9c878..63e1cc6 100644
--- a/pki/crl.cc
+++ b/pki/crl.cc
@@ -6,6 +6,7 @@
 #include <iterator>
 
 #include <openssl/base.h>
+#include <openssl/bytestring.h>
 
 #include "cert_errors.h"
 #include "crl.h"
@@ -14,7 +15,6 @@
 #include "parser.h"
 #include "revocation_util.h"
 #include "signature_algorithm.h"
-#include "tag.h"
 #include "verify_name_match.h"
 #include "verify_signed_data.h"
 
@@ -31,7 +31,7 @@
   der::Parser parser(name_tlv);
   der::Input name_rdn;
   bssl::CertErrors unused_errors;
-  return parser.ReadTag(der::kSequence, &name_rdn) &&
+  return parser.ReadTag(CBS_ASN1_SEQUENCE, &name_rdn) &&
          NormalizeName(name_rdn, out_normalized_name, &unused_errors) &&
          !parser.HasMore();
 }
@@ -104,7 +104,7 @@
   //         version                 Version OPTIONAL,
   //                                      -- if present, MUST be v2
   std::optional<der::Input> version_der;
-  if (!tbs_parser.ReadOptionalTag(der::kInteger, &version_der)) {
+  if (!tbs_parser.ReadOptionalTag(CBS_ASN1_INTEGER, &version_der)) {
     return false;
   }
   if (version_der.has_value()) {
@@ -139,12 +139,12 @@
   }
 
   //         nextUpdate              Time OPTIONAL,
-  der::Tag maybe_next_update_tag;
+  CBS_ASN1_TAG maybe_next_update_tag;
   der::Input unused_next_update_input;
   if (tbs_parser.PeekTagAndValue(&maybe_next_update_tag,
                                  &unused_next_update_input) &&
-      (maybe_next_update_tag == der::kUtcTime ||
-       maybe_next_update_tag == der::kGeneralizedTime)) {
+      (maybe_next_update_tag == CBS_ASN1_UTCTIME ||
+       maybe_next_update_tag == CBS_ASN1_GENERALIZEDTIME)) {
     der::GeneralizedTime next_update_time;
     if (!ReadUTCOrGeneralizedTime(&tbs_parser, &next_update_time)) {
       return false;
@@ -156,10 +156,10 @@
 
   //         revokedCertificates     SEQUENCE OF SEQUENCE  { ... } OPTIONAL,
   der::Input unused_revoked_certificates;
-  der::Tag maybe_revoked_certifigates_tag;
+  CBS_ASN1_TAG maybe_revoked_certifigates_tag;
   if (tbs_parser.PeekTagAndValue(&maybe_revoked_certifigates_tag,
                                  &unused_revoked_certificates) &&
-      maybe_revoked_certifigates_tag == der::kSequence) {
+      maybe_revoked_certifigates_tag == CBS_ASN1_SEQUENCE) {
     der::Input revoked_certificates_tlv;
     if (!tbs_parser.ReadRawTLV(&revoked_certificates_tlv)) {
       return false;
@@ -171,8 +171,9 @@
 
   //         crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
   //                                       -- if present, version MUST be v2
-  if (!tbs_parser.ReadOptionalTag(der::ContextSpecificConstructed(0),
-                                  &out->crl_extensions_tlv)) {
+  if (!tbs_parser.ReadOptionalTag(
+          CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0,
+          &out->crl_extensions_tlv)) {
     return false;
   }
   if (out->crl_extensions_tlv.has_value()) {
@@ -216,7 +217,7 @@
   //  distributionPoint          [0] DistributionPointName OPTIONAL,
   std::optional<der::Input> distribution_point;
   if (!idp_parser.ReadOptionalTag(
-          der::kTagContextSpecific | der::kTagConstructed | 0,
+          CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0,
           &distribution_point)) {
     return false;
   }
@@ -228,7 +229,7 @@
     //        nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
     std::optional<der::Input> der_full_name;
     if (!dp_name_parser.ReadOptionalTag(
-            der::kTagContextSpecific | der::kTagConstructed | 0,
+            CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0,
             &der_full_name)) {
       return false;
     }
@@ -253,7 +254,7 @@
 
   //  onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
   std::optional<der::Input> only_contains_user_certs;
-  if (!idp_parser.ReadOptionalTag(der::kTagContextSpecific | 1,
+  if (!idp_parser.ReadOptionalTag(CBS_ASN1_CONTEXT_SPECIFIC | 1,
                                   &only_contains_user_certs)) {
     return false;
   }
@@ -270,7 +271,7 @@
 
   //  onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
   std::optional<der::Input> only_contains_ca_certs;
-  if (!idp_parser.ReadOptionalTag(der::kTagContextSpecific | 2,
+  if (!idp_parser.ReadOptionalTag(CBS_ASN1_CONTEXT_SPECIFIC | 2,
                                   &only_contains_ca_certs)) {
     return false;
   }
@@ -343,7 +344,8 @@
 
     der::Input revoked_cert_serial_number;
     //              userCertificate         CertificateSerialNumber,
-    if (!crl_entry_parser.ReadTag(der::kInteger, &revoked_cert_serial_number)) {
+    if (!crl_entry_parser.ReadTag(CBS_ASN1_INTEGER,
+                                  &revoked_cert_serial_number)) {
       return CRLRevocationStatus::UNKNOWN;
     }