Google Git
Sign in
boringssl / boringssl / d9f49974e3ea7b0aa4dee14c2b9535ed28e757af
commitd9f49974e3ea7b0aa4dee14c2b9535ed28e757af[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Dec 21 23:11:23 2017 -0500
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Wed Jan 03 22:28:32 2018 +0000
tree0512f2ff5f329f0cda90a38180a2d692e86acc69
parent5bcaa113e285b98f8d8ebbf9f5f5a991fc95e307 [diff]
Support high tag numbers in CBS/CBB.

This is a reland of https://boringssl-review.googlesource.com/2330. I
believe I've now cleared the fallout.

Android's attestion format uses some ludicrously large tag numbers:
https://developer.android.com/training/articles/security-key-attestation.html#certificate_schema

Add support for these in CBS/CBB. The public API does not change for
callers who were using the CBS_ASN1_* constants, but it is no longer the
case that tag representations match their DER encodings for small tag
numbers. When passing tags into CBS/CBB, use CBS_ASN1_* constants. When
working with DER byte arrays (most commonly test vectors), use the
numbers themselves.

Bug: 214
Update-Note: The in-memory representation of CBS/CBB tags changes.
   Additionally, we now support tag numbers above 30. I believe I've now
   actually cleared the fallout of the former. There is one test in
   Chromium and the same test in the internal repository that needs
   fixing.

Change-Id: I49b9d30df01f023c646d31156360ff69c91626a3
Reviewed-on: https://boringssl-review.googlesource.com/24404
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
6 files changed
tree: 0512f2ff5f329f0cda90a38180a2d692e86acc69
  1. .github/
  2. crypto/
  3. decrepit/
  4. fipstools/
  5. fuzz/
  6. include/
  7. infra/
  8. ssl/
  9. third_party/
  10. tool/
  11. util/
  12. .clang-format
  13. .gitignore
  14. API-CONVENTIONS.md
  15. BUILDING.md
  16. CMakeLists.txt
  17. codereview.settings
  18. CONTRIBUTING.md
  19. FUZZING.md
  20. INCORPORATING.md
  21. LICENSE
  22. PORTING.md
  23. README.md
  24. sources.cmake
  25. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: