Stop passing der::Input by const-ref
Span/view types are small enough that the guidance these days is to pass
by value. This CL is the result of two sed lines:
sed -i -e 's/const Input &/Input /g' pki/*.*
sed -i -e 's/const der::Input &/der::Input /g' pki/*.*
Plus one manual fix inside a comment in pki/parser.h where the spacing
didn't match. Then a clang-format -i
Change-Id: I29c9ffc7ddf2df5822e5335f108c85ecbf496a3c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65669
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Matt Mueller <mattm@google.com>
diff --git a/pki/cert_error_params.cc b/pki/cert_error_params.cc
index 5919c1c..c64fa1b 100644
--- a/pki/cert_error_params.cc
+++ b/pki/cert_error_params.cc
@@ -19,8 +19,8 @@
// blobs. It makes a copy of the der::Inputs.
class CertErrorParams2Der : public CertErrorParams {
public:
- CertErrorParams2Der(const char *name1, const der::Input &der1,
- const char *name2, const der::Input &der2)
+ CertErrorParams2Der(const char *name1, der::Input der1, const char *name2,
+ der::Input der2)
: name1_(name1),
der1_(der1.AsString()),
name2_(name2),
@@ -106,16 +106,17 @@
CertErrorParams::CertErrorParams() = default;
CertErrorParams::~CertErrorParams() = default;
-std::unique_ptr<CertErrorParams> CreateCertErrorParams1Der(
- const char *name, const der::Input &der) {
+std::unique_ptr<CertErrorParams> CreateCertErrorParams1Der(const char *name,
+ der::Input der) {
BSSL_CHECK(name);
return std::make_unique<CertErrorParams2Der>(name, der, nullptr,
der::Input());
}
-std::unique_ptr<CertErrorParams> CreateCertErrorParams2Der(
- const char *name1, const der::Input &der1, const char *name2,
- const der::Input &der2) {
+std::unique_ptr<CertErrorParams> CreateCertErrorParams2Der(const char *name1,
+ der::Input der1,
+ const char *name2,
+ der::Input der2) {
BSSL_CHECK(name1);
BSSL_CHECK(name2);
return std::make_unique<CertErrorParams2Der>(name1, der1, name2, der2);
diff --git a/pki/cert_error_params.h b/pki/cert_error_params.h
index 474ba70..c407782 100644
--- a/pki/cert_error_params.h
+++ b/pki/cert_error_params.h
@@ -39,12 +39,11 @@
// Creates a parameter object that holds a copy of |der|, and names it |name|
// in debug string outputs.
OPENSSL_EXPORT std::unique_ptr<CertErrorParams> CreateCertErrorParams1Der(
- const char *name, const der::Input &der);
+ const char *name, der::Input der);
// Same as CreateCertErrorParams1Der() but has a second DER blob.
OPENSSL_EXPORT std::unique_ptr<CertErrorParams> CreateCertErrorParams2Der(
- const char *name1, const der::Input &der1, const char *name2,
- const der::Input &der2);
+ const char *name1, der::Input der1, const char *name2, der::Input der2);
// Creates a parameter object that holds a single size_t value. |name| is used
// when pretty-printing the parameters.
diff --git a/pki/certificate_policies.cc b/pki/certificate_policies.cc
index 9ae941d..5a6df34 100644
--- a/pki/certificate_policies.cc
+++ b/pki/certificate_policies.cc
@@ -130,7 +130,7 @@
// bmpString BMPString (SIZE (1..200)),
// utf8String UTF8String (SIZE (1..200)) }
bool ParseCertificatePoliciesExtensionImpl(
- const der::Input &extension_value, bool fail_parsing_unknown_qualifier_oids,
+ der::Input extension_value, bool fail_parsing_unknown_qualifier_oids,
std::vector<der::Input> *policy_oids,
std::vector<PolicyInformation> *policy_informations, CertErrors *errors) {
BSSL_CHECK(policy_oids);
@@ -227,7 +227,7 @@
PolicyInformation::PolicyInformation(const PolicyInformation &) = default;
PolicyInformation::PolicyInformation(PolicyInformation &&) = default;
-bool ParseCertificatePoliciesExtension(const der::Input &extension_value,
+bool ParseCertificatePoliciesExtension(der::Input extension_value,
std::vector<PolicyInformation> *policies,
CertErrors *errors) {
std::vector<der::Input> unused_policy_oids;
@@ -237,7 +237,7 @@
}
bool ParseCertificatePoliciesExtensionOids(
- const der::Input &extension_value, bool fail_parsing_unknown_qualifier_oids,
+ der::Input extension_value, bool fail_parsing_unknown_qualifier_oids,
std::vector<der::Input> *policy_oids, CertErrors *errors) {
return ParseCertificatePoliciesExtensionImpl(
extension_value, fail_parsing_unknown_qualifier_oids, policy_oids,
@@ -251,7 +251,7 @@
// inhibitPolicyMapping [1] SkipCerts OPTIONAL }
//
// SkipCerts ::= INTEGER (0..MAX)
-bool ParsePolicyConstraints(const der::Input &policy_constraints_tlv,
+bool ParsePolicyConstraints(der::Input policy_constraints_tlv,
ParsedPolicyConstraints *out) {
der::Parser parser(policy_constraints_tlv);
@@ -318,7 +318,7 @@
//
// SkipCerts ::= INTEGER (0..MAX)
std::optional<uint8_t> ParseInhibitAnyPolicy(
- const der::Input &inhibit_any_policy_tlv) {
+ der::Input inhibit_any_policy_tlv) {
der::Parser parser(inhibit_any_policy_tlv);
std::optional<uint8_t> num_certs = std::make_optional<uint8_t>();
@@ -340,7 +340,7 @@
// PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
// issuerDomainPolicy CertPolicyId,
// subjectDomainPolicy CertPolicyId }
-bool ParsePolicyMappings(const der::Input &policy_mappings_tlv,
+bool ParsePolicyMappings(der::Input policy_mappings_tlv,
std::vector<ParsedPolicyMapping> *mappings) {
mappings->clear();
diff --git a/pki/certificate_policies.h b/pki/certificate_policies.h
index e044cde..ccba1e9 100644
--- a/pki/certificate_policies.h
+++ b/pki/certificate_policies.h
@@ -73,7 +73,7 @@
// The values in |policies| are only valid as long as |extension_value| is (as
// it references data).
OPENSSL_EXPORT bool ParseCertificatePoliciesExtension(
- const der::Input &extension_value, std::vector<PolicyInformation> *policies,
+ der::Input extension_value, std::vector<PolicyInformation> *policies,
CertErrors *errors);
// Parses a certificatePolicies extension and stores the policy OIDs in
@@ -94,7 +94,7 @@
// The values in |policy_oids| are only valid as long as |extension_value| is
// (as it references data).
OPENSSL_EXPORT bool ParseCertificatePoliciesExtensionOids(
- const der::Input &extension_value, bool fail_parsing_unknown_qualifier_oids,
+ der::Input extension_value, bool fail_parsing_unknown_qualifier_oids,
std::vector<der::Input> *policy_oids, CertErrors *errors);
struct ParsedPolicyConstraints {
@@ -106,12 +106,12 @@
// Parses a PolicyConstraints SEQUENCE as defined by RFC 5280. Returns true on
// success, and sets |out|.
[[nodiscard]] OPENSSL_EXPORT bool ParsePolicyConstraints(
- const der::Input &policy_constraints_tlv, ParsedPolicyConstraints *out);
+ der::Input policy_constraints_tlv, ParsedPolicyConstraints *out);
// Parses an InhibitAnyPolicy as defined by RFC 5280. Returns num certs on
// success, or empty if parser fails.
[[nodiscard]] OPENSSL_EXPORT std::optional<uint8_t> ParseInhibitAnyPolicy(
- const der::Input &inhibit_any_policy_tlv);
+ der::Input inhibit_any_policy_tlv);
struct ParsedPolicyMapping {
der::Input issuer_domain_policy;
@@ -121,8 +121,7 @@
// Parses a PolicyMappings SEQUENCE as defined by RFC 5280. Returns true on
// success, and sets |mappings|.
[[nodiscard]] OPENSSL_EXPORT bool ParsePolicyMappings(
- const der::Input &policy_mappings_tlv,
- std::vector<ParsedPolicyMapping> *mappings);
+ der::Input policy_mappings_tlv, std::vector<ParsedPolicyMapping> *mappings);
} // namespace bssl
diff --git a/pki/crl.cc b/pki/crl.cc
index 187a034..cc9c878 100644
--- a/pki/crl.cc
+++ b/pki/crl.cc
@@ -26,7 +26,7 @@
// In dotted notation: 2.5.29.28
inline constexpr uint8_t kIssuingDistributionPointOid[] = {0x55, 0x1d, 0x1c};
-[[nodiscard]] bool NormalizeNameTLV(const der::Input &name_tlv,
+[[nodiscard]] bool NormalizeNameTLV(der::Input name_tlv,
std::string *out_normalized_name) {
der::Parser parser(name_tlv);
der::Input name_rdn;
@@ -48,7 +48,7 @@
} // namespace
-bool ParseCrlCertificateList(const der::Input &crl_tlv,
+bool ParseCrlCertificateList(der::Input crl_tlv,
der::Input *out_tbs_cert_list_tlv,
der::Input *out_signature_algorithm_tlv,
der::BitString *out_signature_value) {
@@ -92,7 +92,7 @@
return true;
}
-bool ParseCrlTbsCertList(const der::Input &tbs_tlv, ParsedCrlTbsCertList *out) {
+bool ParseCrlTbsCertList(der::Input tbs_tlv, ParsedCrlTbsCertList *out) {
der::Parser parser(tbs_tlv);
// TBSCertList ::= SEQUENCE {
@@ -196,7 +196,7 @@
}
bool ParseIssuingDistributionPoint(
- const der::Input &extension_value,
+ der::Input extension_value,
std::unique_ptr<GeneralNames> *out_distribution_point_names,
ContainedCertsType *out_only_contains_cert_type) {
der::Parser idp_extension_value_parser(extension_value);
@@ -303,7 +303,7 @@
}
CRLRevocationStatus GetCRLStatusForCert(
- const der::Input &cert_serial, CrlVersion crl_version,
+ der::Input cert_serial, CrlVersion crl_version,
const std::optional<der::Input> &revoked_certificates_tlv) {
if (!revoked_certificates_tlv.has_value()) {
// RFC 5280 Section 5.1.2.6: "When there are no revoked certificates, the
diff --git a/pki/crl.h b/pki/crl.h
index 445c6e8..d527de9 100644
--- a/pki/crl.h
+++ b/pki/crl.h
@@ -43,7 +43,7 @@
// signatureAlgorithm AlgorithmIdentifier,
// signatureValue BIT STRING }
[[nodiscard]] OPENSSL_EXPORT bool ParseCrlCertificateList(
- const der::Input &crl_tlv, der::Input *out_tbs_cert_list_tlv,
+ der::Input crl_tlv, der::Input *out_tbs_cert_list_tlv,
der::Input *out_signature_algorithm_tlv,
der::BitString *out_signature_value);
@@ -77,7 +77,7 @@
// -- if present, version MUST be v2
// }
[[nodiscard]] OPENSSL_EXPORT bool ParseCrlTbsCertList(
- const der::Input &tbs_tlv, ParsedCrlTbsCertList *out);
+ der::Input tbs_tlv, ParsedCrlTbsCertList *out);
// Represents a CRL "Version" from RFC 5280. TBSCertList reuses the same
// Version definition from TBSCertificate, however only v1(not present) and
@@ -180,12 +180,12 @@
// indirectCRL [4] BOOLEAN DEFAULT FALSE,
// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
[[nodiscard]] OPENSSL_EXPORT bool ParseIssuingDistributionPoint(
- const der::Input &extension_value,
+ der::Input extension_value,
std::unique_ptr<GeneralNames> *out_distribution_point_names,
ContainedCertsType *out_only_contains_cert_type);
OPENSSL_EXPORT CRLRevocationStatus
-GetCRLStatusForCert(const der::Input &cert_serial, CrlVersion crl_version,
+GetCRLStatusForCert(der::Input cert_serial, CrlVersion crl_version,
const std::optional<der::Input> &revoked_certificates_tlv);
// Checks the revocation status of the certificate |cert| by using the
diff --git a/pki/extended_key_usage.cc b/pki/extended_key_usage.cc
index caf2514..a5d007f 100644
--- a/pki/extended_key_usage.cc
+++ b/pki/extended_key_usage.cc
@@ -10,7 +10,7 @@
namespace bssl {
-bool ParseEKUExtension(const der::Input &extension_value,
+bool ParseEKUExtension(der::Input extension_value,
std::vector<der::Input> *eku_oids) {
der::Parser extension_parser(extension_value);
der::Parser sequence_parser;
diff --git a/pki/extended_key_usage.h b/pki/extended_key_usage.h
index ae37650..c78f157 100644
--- a/pki/extended_key_usage.h
+++ b/pki/extended_key_usage.h
@@ -75,7 +75,7 @@
//
// Note: The returned OIDs are only as valid as long as the data pointed to by
// |extension_value| is valid.
-OPENSSL_EXPORT bool ParseEKUExtension(const der::Input &extension_value,
+OPENSSL_EXPORT bool ParseEKUExtension(der::Input extension_value,
std::vector<der::Input> *eku_oids);
} // namespace bssl
diff --git a/pki/extended_key_usage_unittest.cc b/pki/extended_key_usage_unittest.cc
index e617dce..b5229a1 100644
--- a/pki/extended_key_usage_unittest.cc
+++ b/pki/extended_key_usage_unittest.cc
@@ -13,7 +13,7 @@
namespace {
// Helper method to check if an EKU is present in a std::vector of EKUs.
-bool HasEKU(const std::vector<der::Input> &list, const der::Input &eku) {
+bool HasEKU(const std::vector<der::Input> &list, der::Input eku) {
for (const auto &oid : list) {
if (oid == eku) {
return true;
diff --git a/pki/general_names.cc b/pki/general_names.cc
index 9c7ccc6..cc7bf88 100644
--- a/pki/general_names.cc
+++ b/pki/general_names.cc
@@ -44,8 +44,8 @@
GeneralNames::~GeneralNames() = default;
// static
-std::unique_ptr<GeneralNames> GeneralNames::Create(
- const der::Input &general_names_tlv, CertErrors *errors) {
+std::unique_ptr<GeneralNames> GeneralNames::Create(der::Input general_names_tlv,
+ CertErrors *errors) {
BSSL_CHECK(errors);
// RFC 5280 section 4.2.1.6:
@@ -66,7 +66,7 @@
// static
std::unique_ptr<GeneralNames> GeneralNames::CreateFromValue(
- const der::Input &general_names_value, CertErrors *errors) {
+ der::Input general_names_value, CertErrors *errors) {
BSSL_CHECK(errors);
auto general_names = std::make_unique<GeneralNames>();
@@ -96,7 +96,7 @@
}
[[nodiscard]] bool ParseGeneralName(
- const der::Input &input,
+ der::Input input,
GeneralNames::ParseGeneralNameIPAddressType ip_address_type,
GeneralNames *subtrees, CertErrors *errors) {
BSSL_CHECK(errors);
diff --git a/pki/general_names.h b/pki/general_names.h
index 300fed9..838a2d7 100644
--- a/pki/general_names.h
+++ b/pki/general_names.h
@@ -63,13 +63,13 @@
// |general_names_tlv|, so is only valid as long as |general_names_tlv| is.
// Returns nullptr on failure, and may fill |errors| with
// additional information. |errors| must be non-null.
- static std::unique_ptr<GeneralNames> Create(
- const der::Input &general_names_tlv, CertErrors *errors);
+ static std::unique_ptr<GeneralNames> Create(der::Input general_names_tlv,
+ CertErrors *errors);
// As above, but takes the GeneralNames sequence value, without the tag and
// length.
static std::unique_ptr<GeneralNames> CreateFromValue(
- const der::Input &general_names_value, CertErrors *errors);
+ der::Input general_names_value, CertErrors *errors);
// DER-encoded OtherName values.
std::vector<der::Input> other_names;
@@ -122,7 +122,7 @@
// |errors| must be non-null.
// TODO(mattm): should this be a method on GeneralNames?
[[nodiscard]] OPENSSL_EXPORT bool ParseGeneralName(
- const der::Input &input,
+ der::Input input,
GeneralNames::ParseGeneralNameIPAddressType ip_address_type,
GeneralNames *subtrees, CertErrors *errors);
diff --git a/pki/input.cc b/pki/input.cc
index e8c6656..82450ea 100644
--- a/pki/input.cc
+++ b/pki/input.cc
@@ -18,11 +18,11 @@
data_.size());
}
-bool operator==(const Input &lhs, const Input &rhs) {
+bool operator==(Input lhs, Input rhs) {
return MakeConstSpan(lhs) == MakeConstSpan(rhs);
}
-bool operator!=(const Input &lhs, const Input &rhs) { return !(lhs == rhs); }
+bool operator!=(Input lhs, Input rhs) { return !(lhs == rhs); }
ByteReader::ByteReader(Input in) : data_(in) {}
diff --git a/pki/input.h b/pki/input.h
index 8d006a9..4a94110 100644
--- a/pki/input.h
+++ b/pki/input.h
@@ -95,13 +95,13 @@
};
// Return true if |lhs|'s data and |rhs|'s data are byte-wise equal.
-OPENSSL_EXPORT bool operator==(const Input &lhs, const Input &rhs);
+OPENSSL_EXPORT bool operator==(Input lhs, Input rhs);
// Return true if |lhs|'s data and |rhs|'s data are not byte-wise equal.
-OPENSSL_EXPORT bool operator!=(const Input &lhs, const Input &rhs);
+OPENSSL_EXPORT bool operator!=(Input lhs, Input rhs);
// Returns true if |lhs|'s data is lexicographically less than |rhs|'s data.
-OPENSSL_EXPORT constexpr bool operator<(const Input &lhs, const Input &rhs) {
+OPENSSL_EXPORT constexpr bool operator<(Input lhs, Input rhs) {
// This is `std::lexicographical_compare`, but that's not `constexpr` until
// C++-20.
auto *it1 = lhs.data();
diff --git a/pki/name_constraints.cc b/pki/name_constraints.cc
index 6885fd4..f96af92 100644
--- a/pki/name_constraints.cc
+++ b/pki/name_constraints.cc
@@ -117,7 +117,7 @@
// NOTE: |subtrees| is not pre-initialized by the function(it is expected to be
// a default initialized object), and it will be modified regardless of the
// return value.
-[[nodiscard]] bool ParseGeneralSubtrees(const der::Input &value,
+[[nodiscard]] bool ParseGeneralSubtrees(der::Input value,
GeneralNames *subtrees,
CertErrors *errors) {
BSSL_CHECK(errors);
@@ -278,7 +278,7 @@
// static
std::unique_ptr<NameConstraints> NameConstraints::Create(
- const der::Input &extension_value, bool is_critical, CertErrors *errors) {
+ der::Input extension_value, bool is_critical, CertErrors *errors) {
BSSL_CHECK(errors);
auto name_constraints = std::make_unique<NameConstraints>();
@@ -288,7 +288,7 @@
return name_constraints;
}
-bool NameConstraints::Parse(const der::Input &extension_value, bool is_critical,
+bool NameConstraints::Parse(der::Input extension_value, bool is_critical,
CertErrors *errors) {
BSSL_CHECK(errors);
@@ -348,7 +348,7 @@
return true;
}
-void NameConstraints::IsPermittedCert(const der::Input &subject_rdn_sequence,
+void NameConstraints::IsPermittedCert(der::Input subject_rdn_sequence,
const GeneralNames *subject_alt_names,
CertErrors *errors) const {
// Checking NameConstraints is O(number_of_names * number_of_constraints).
@@ -647,7 +647,7 @@
}
bool NameConstraints::IsPermittedDirectoryName(
- const der::Input &name_rdn_sequence) const {
+ der::Input name_rdn_sequence) const {
for (const auto &excluded_name : excluded_subtrees_.directory_names) {
if (VerifyNameInSubtree(name_rdn_sequence, excluded_name)) {
return false;
@@ -669,7 +669,7 @@
return false;
}
-bool NameConstraints::IsPermittedIP(const der::Input &ip) const {
+bool NameConstraints::IsPermittedIP(der::Input ip) const {
for (const auto &excluded_ip : excluded_subtrees_.ip_address_ranges) {
if (IPAddressMatchesWithNetmask(ip, excluded_ip.first,
excluded_ip.second)) {
diff --git a/pki/name_constraints.h b/pki/name_constraints.h
index 5a55d3d..f363849 100644
--- a/pki/name_constraints.h
+++ b/pki/name_constraints.h
@@ -31,8 +31,9 @@
// marked critical. Returns nullptr if parsing the the extension failed.
// The object may reference data from |extension_value|, so is only valid as
// long as |extension_value| is.
- static std::unique_ptr<NameConstraints> Create(
- const der::Input &extension_value, bool is_critical, CertErrors *errors);
+ static std::unique_ptr<NameConstraints> Create(der::Input extension_value,
+ bool is_critical,
+ CertErrors *errors);
// Tests if a certificate is allowed by the name constraints.
// |subject_rdn_sequence| should be the DER-encoded value of the subject's
@@ -42,7 +43,7 @@
// If the certificate is not allowed, an error will be added to |errors|.
// Note that this method does not check hostname or IP address in commonName,
// which is deprecated (crbug.com/308330).
- void IsPermittedCert(const der::Input &subject_rdn_sequence,
+ void IsPermittedCert(der::Input subject_rdn_sequence,
const GeneralNames *subject_alt_names,
CertErrors *errors) const;
@@ -62,10 +63,10 @@
// Returns true if the directoryName |name_rdn_sequence| is permitted.
// |name_rdn_sequence| should be the DER-encoded RDNSequence value (not
// including the Sequence tag.)
- bool IsPermittedDirectoryName(const der::Input &name_rdn_sequence) const;
+ bool IsPermittedDirectoryName(der::Input name_rdn_sequence) const;
// Returns true if the iPAddress |ip| is permitted.
- bool IsPermittedIP(const der::Input &ip) const;
+ bool IsPermittedIP(der::Input ip) const;
// Returns a bitfield of GeneralNameTypes of all the types constrained by this
// NameConstraints. Name types that aren't supported will only be present if
@@ -87,7 +88,7 @@
const GeneralNames &excluded_subtrees() const { return excluded_subtrees_; }
private:
- [[nodiscard]] bool Parse(const der::Input &extension_value, bool is_critical,
+ [[nodiscard]] bool Parse(der::Input extension_value, bool is_critical,
CertErrors *errors);
GeneralNames permitted_subtrees_;
diff --git a/pki/name_constraints_unittest.cc b/pki/name_constraints_unittest.cc
index 569bbec..a715062 100644
--- a/pki/name_constraints_unittest.cc
+++ b/pki/name_constraints_unittest.cc
@@ -58,8 +58,7 @@
}
::testing::AssertionResult IsPermittedCert(
- const NameConstraints *name_constraints,
- const der::Input &subject_rdn_sequence,
+ const NameConstraints *name_constraints, der::Input subject_rdn_sequence,
const GeneralNames *subject_alt_names) {
CertErrors errors;
name_constraints->IsPermittedCert(subject_rdn_sequence, subject_alt_names,
diff --git a/pki/ocsp.cc b/pki/ocsp.cc
index cdbf202..2e5a98f 100644
--- a/pki/ocsp.cc
+++ b/pki/ocsp.cc
@@ -37,7 +37,7 @@
// issuerKeyHash OCTET STRING, -- Hash of issuer's public key
// serialNumber CertificateSerialNumber
// }
-bool ParseOCSPCertID(const der::Input &raw_tlv, OCSPCertID *out) {
+bool ParseOCSPCertID(der::Input raw_tlv, OCSPCertID *out) {
der::Parser outer_parser(raw_tlv);
der::Parser parser;
if (!outer_parser.ReadSequence(&parser)) {
@@ -82,7 +82,7 @@
// revocationTime GeneralizedTime,
// revocationReason [0] EXPLICIT CRLReason OPTIONAL
// }
-bool ParseRevokedInfo(const der::Input &raw_tlv, OCSPCertStatus *out) {
+bool ParseRevokedInfo(der::Input raw_tlv, OCSPCertStatus *out) {
der::Parser parser(raw_tlv);
if (!parser.ReadGeneralizedTime(&(out->revocation_time))) {
return false;
@@ -130,7 +130,7 @@
// }
//
// UnknownInfo ::= NULL
-bool ParseCertStatus(const der::Input &raw_tlv, OCSPCertStatus *out) {
+bool ParseCertStatus(der::Input raw_tlv, OCSPCertStatus *out) {
der::Parser parser(raw_tlv);
der::Tag status_tag;
der::Input status;
@@ -158,7 +158,7 @@
// Writes the hash of |value| as an OCTET STRING to |cbb|, using |hash_type| as
// the algorithm. Returns true on success.
bool AppendHashAsOctetString(const EVP_MD *hash_type, CBB *cbb,
- const der::Input &value) {
+ der::Input value) {
CBB octet_string;
unsigned hash_len;
uint8_t hash_buffer[EVP_MAX_MD_SIZE];
@@ -178,8 +178,7 @@
// nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
// singleExtensions [1] EXPLICIT Extensions OPTIONAL
// }
-bool ParseOCSPSingleResponse(const der::Input &raw_tlv,
- OCSPSingleResponse *out) {
+bool ParseOCSPSingleResponse(der::Input raw_tlv, OCSPSingleResponse *out) {
der::Parser outer_parser(raw_tlv);
der::Parser parser;
if (!outer_parser.ReadSequence(&parser)) {
@@ -235,8 +234,7 @@
// byName [1] Name,
// byKey [2] KeyHash
// }
-bool ParseResponderID(const der::Input &raw_tlv,
- OCSPResponseData::ResponderID *out) {
+bool ParseResponderID(der::Input raw_tlv, OCSPResponseData::ResponderID *out) {
der::Parser parser(raw_tlv);
der::Tag id_tag;
der::Input id_input;
@@ -277,7 +275,7 @@
// responses SEQUENCE OF SingleResponse,
// responseExtensions [1] EXPLICIT Extensions OPTIONAL
// }
-bool ParseOCSPResponseData(const der::Input &raw_tlv, OCSPResponseData *out) {
+bool ParseOCSPResponseData(der::Input raw_tlv, OCSPResponseData *out) {
der::Parser outer_parser(raw_tlv);
der::Parser parser;
if (!outer_parser.ReadSequence(&parser)) {
@@ -357,7 +355,7 @@
// signature BIT STRING,
// certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
// }
-bool ParseBasicOCSPResponse(const der::Input &raw_tlv, OCSPResponse *out) {
+bool ParseBasicOCSPResponse(der::Input raw_tlv, OCSPResponse *out) {
der::Parser outer_parser(raw_tlv);
der::Parser parser;
if (!outer_parser.ReadSequence(&parser)) {
@@ -425,7 +423,7 @@
// responseType OBJECT IDENTIFIER,
// response OCTET STRING
// }
-bool ParseOCSPResponse(const der::Input &raw_tlv, OCSPResponse *out) {
+bool ParseOCSPResponse(der::Input raw_tlv, OCSPResponse *out) {
der::Parser outer_parser(raw_tlv);
der::Parser parser;
if (!outer_parser.ReadSequence(&parser)) {
@@ -494,8 +492,7 @@
namespace {
// Checks that the |type| hash of |value| is equal to |hash|
-bool VerifyHash(const EVP_MD *type, const der::Input &hash,
- const der::Input &value) {
+bool VerifyHash(const EVP_MD *type, der::Input hash, der::Input value) {
unsigned value_hash_len;
uint8_t value_hash[EVP_MAX_MD_SIZE];
if (!EVP_Digest(value.data(), value.size(), value_hash, &value_hash_len, type,
@@ -521,7 +518,7 @@
// algorithm OBJECT IDENTIFIER,
// parameters ANY DEFINED BY algorithm OPTIONAL }
//
-bool GetSubjectPublicKeyBytes(const der::Input &spki_tlv, der::Input *spk_tlv) {
+bool GetSubjectPublicKeyBytes(der::Input spki_tlv, der::Input *spk_tlv) {
CBS outer, inner, alg, spk;
uint8_t unused_bit_count;
CBS_init(&outer, spki_tlv.data(), spki_tlv.size());
@@ -735,7 +732,7 @@
// Parse ResponseData and return false if any unhandled critical extensions are
// found. No known critical ResponseData extensions exist.
bool ParseOCSPResponseDataExtensions(
- const der::Input &response_extensions,
+ der::Input response_extensions,
OCSPVerifyResult::ResponseStatus *response_details) {
std::map<der::Input, ParsedExtension> extensions;
if (!ParseExtensions(response_extensions, &extensions)) {
@@ -760,7 +757,7 @@
// to be marked critical, but since it is handled by Chrome, we will overlook
// the flag setting.
bool ParseOCSPSingleResponseExtensions(
- const der::Input &single_extensions,
+ der::Input single_extensions,
OCSPVerifyResult::ResponseStatus *response_details) {
std::map<der::Input, ParsedExtension> extensions;
if (!ParseExtensions(single_extensions, &extensions)) {
diff --git a/pki/ocsp.h b/pki/ocsp.h
index 213ec26..5b076dc 100644
--- a/pki/ocsp.h
+++ b/pki/ocsp.h
@@ -230,7 +230,7 @@
//
// On failure |out| has an undefined state. Some of its fields may have been
// updated during parsing, whereas others may not have been changed.
-OPENSSL_EXPORT bool ParseOCSPCertID(const der::Input &raw_tlv, OCSPCertID *out);
+OPENSSL_EXPORT bool ParseOCSPCertID(der::Input raw_tlv, OCSPCertID *out);
// Parses a DER-encoded OCSP "SingleResponse" as specified by RFC 6960. Returns
// true on success and sets the results in |out|. The resulting |out|
@@ -239,7 +239,7 @@
//
// On failure |out| has an undefined state. Some of its fields may have been
// updated during parsing, whereas others may not have been changed.
-OPENSSL_EXPORT bool ParseOCSPSingleResponse(const der::Input &raw_tlv,
+OPENSSL_EXPORT bool ParseOCSPSingleResponse(der::Input raw_tlv,
OCSPSingleResponse *out);
// Parses a DER-encoded OCSP "ResponseData" as specified by RFC 6960. Returns
@@ -249,7 +249,7 @@
//
// On failure |out| has an undefined state. Some of its fields may have been
// updated during parsing, whereas others may not have been changed.
-OPENSSL_EXPORT bool ParseOCSPResponseData(const der::Input &raw_tlv,
+OPENSSL_EXPORT bool ParseOCSPResponseData(der::Input raw_tlv,
OCSPResponseData *out);
// Parses a DER-encoded "OCSPResponse" as specified by RFC 6960. Returns true
@@ -259,8 +259,7 @@
//
// On failure |out| has an undefined state. Some of its fields may have been
// updated during parsing, whereas others may not have been changed.
-OPENSSL_EXPORT bool ParseOCSPResponse(const der::Input &raw_tlv,
- OCSPResponse *out);
+OPENSSL_EXPORT bool ParseOCSPResponse(der::Input raw_tlv, OCSPResponse *out);
// Checks the revocation status of the certificate |certificate_der| by using
// the DER-encoded |raw_response|.
diff --git a/pki/parse_certificate.cc b/pki/parse_certificate.cc
index 19c7b26..2de9f71 100644
--- a/pki/parse_certificate.cc
+++ b/pki/parse_certificate.cc
@@ -74,7 +74,7 @@
"Serial number is not a valid INTEGER");
// Returns true if |input| is a SEQUENCE and nothing else.
-[[nodiscard]] bool IsSequenceTLV(const der::Input &input) {
+[[nodiscard]] bool IsSequenceTLV(der::Input input) {
der::Parser parser(input);
der::Parser unused_sequence_parser;
if (!parser.ReadSequence(&unused_sequence_parser)) {
@@ -101,8 +101,7 @@
// Implementations SHOULD be prepared to accept any version certificate.
// At a minimum, conforming implementations MUST recognize version 3
// certificates.
-[[nodiscard]] bool ParseVersion(const der::Input &in,
- CertificateVersion *version) {
+[[nodiscard]] bool ParseVersion(der::Input in, CertificateVersion *version) {
der::Parser parser(in);
uint64_t version64;
if (!parser.ReadUint64(&version64)) {
@@ -148,7 +147,7 @@
// DistributionPointName ::= CHOICE {
// fullName [0] GeneralNames,
// nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
-bool ParseDistributionPointName(const der::Input &dp_name,
+bool ParseDistributionPointName(der::Input dp_name,
ParsedDistributionPoint *distribution_point) {
der::Parser parser(dp_name);
std::optional<der::Input> der_full_name;
@@ -250,7 +249,7 @@
ParsedTbsCertificate::~ParsedTbsCertificate() = default;
-bool VerifySerialNumber(const der::Input &value, bool warnings_only,
+bool VerifySerialNumber(der::Input value, bool warnings_only,
CertErrors *errors) {
// If |warnings_only| was set to true, the exact same errors will be logged,
// only they will be logged with a lower severity (warning rather than error).
@@ -309,8 +308,7 @@
return false;
}
-bool ParseValidity(const der::Input &validity_tlv,
- der::GeneralizedTime *not_before,
+bool ParseValidity(der::Input validity_tlv, der::GeneralizedTime *not_before,
der::GeneralizedTime *not_after) {
der::Parser parser(validity_tlv);
@@ -348,7 +346,7 @@
return true;
}
-bool ParseCertificate(const der::Input &certificate_tlv,
+bool ParseCertificate(der::Input certificate_tlv,
der::Input *out_tbs_certificate_tlv,
der::Input *out_signature_algorithm_tlv,
der::BitString *out_signature_value,
@@ -423,7 +421,7 @@
// extensions [3] EXPLICIT Extensions OPTIONAL
// -- If present, version MUST be v3
// }
-bool ParseTbsCertificate(const der::Input &tbs_tlv,
+bool ParseTbsCertificate(der::Input tbs_tlv,
const ParseCertificateOptions &options,
ParsedTbsCertificate *out, CertErrors *errors) {
// The rest of this function assumes that |errors| is non-null.
@@ -608,7 +606,7 @@
// -- corresponding to the extension type identified
// -- by extnID
// }
-bool ParseExtension(const der::Input &extension_tlv, ParsedExtension *out) {
+bool ParseExtension(der::Input extension_tlv, ParsedExtension *out) {
der::Parser parser(extension_tlv);
// Extension ::= SEQUENCE {
@@ -659,7 +657,7 @@
}
OPENSSL_EXPORT bool ParseExtensions(
- const der::Input &extensions_tlv,
+ der::Input extensions_tlv,
std::map<der::Input, ParsedExtension> *extensions) {
der::Parser parser(extensions_tlv);
@@ -708,7 +706,7 @@
}
OPENSSL_EXPORT bool ConsumeExtension(
- const der::Input &oid,
+ der::Input oid,
std::map<der::Input, ParsedExtension> *unconsumed_extensions,
ParsedExtension *extension) {
auto it = unconsumed_extensions->find(oid);
@@ -721,7 +719,7 @@
return true;
}
-bool ParseBasicConstraints(const der::Input &basic_constraints_tlv,
+bool ParseBasicConstraints(der::Input basic_constraints_tlv,
ParsedBasicConstraints *out) {
der::Parser parser(basic_constraints_tlv);
@@ -780,7 +778,7 @@
// TODO(crbug.com/1314019): return std::optional<BitString> when converting
// has_key_usage_ and key_usage_ into single std::optional field.
-bool ParseKeyUsage(const der::Input &key_usage_tlv, der::BitString *key_usage) {
+bool ParseKeyUsage(der::Input key_usage_tlv, der::BitString *key_usage) {
der::Parser parser(key_usage_tlv);
std::optional<der::BitString> key_usage_internal = parser.ReadBitString();
if (!key_usage_internal) {
@@ -805,7 +803,7 @@
}
bool ParseAuthorityInfoAccess(
- const der::Input &authority_info_access_tlv,
+ der::Input authority_info_access_tlv,
std::vector<AuthorityInfoAccessDescription> *out_access_descriptions) {
der::Parser parser(authority_info_access_tlv);
@@ -853,7 +851,7 @@
}
bool ParseAuthorityInfoAccessURIs(
- const der::Input &authority_info_access_tlv,
+ der::Input authority_info_access_tlv,
std::vector<std::string_view> *out_ca_issuers_uris,
std::vector<std::string_view> *out_ocsp_uris) {
std::vector<AuthorityInfoAccessDescription> access_descriptions;
@@ -896,7 +894,7 @@
ParsedDistributionPoint::~ParsedDistributionPoint() = default;
bool ParseCrlDistributionPoints(
- const der::Input &extension_value,
+ der::Input extension_value,
std::vector<ParsedDistributionPoint> *distribution_points) {
distribution_points->clear();
@@ -935,7 +933,7 @@
ParsedAuthorityKeyIdentifier &&other) = default;
bool ParseAuthorityKeyIdentifier(
- const der::Input &extension_value,
+ der::Input extension_value,
ParsedAuthorityKeyIdentifier *authority_key_identifier) {
// RFC 5280, section 4.2.1.1.
// AuthorityKeyIdentifier ::= SEQUENCE {
@@ -993,7 +991,7 @@
return true;
}
-bool ParseSubjectKeyIdentifier(const der::Input &extension_value,
+bool ParseSubjectKeyIdentifier(der::Input extension_value,
der::Input *subject_key_identifier) {
// SubjectKeyIdentifier ::= KeyIdentifier
//
diff --git a/pki/parse_certificate.h b/pki/parse_certificate.h
index 2a85654..cd38c65 100644
--- a/pki/parse_certificate.h
+++ b/pki/parse_certificate.h
@@ -56,7 +56,7 @@
// |errors| must be a non-null destination for any errors/warnings. If
// |warnings_only| is set to true, then what would ordinarily be errors are
// instead added as warnings.
-[[nodiscard]] OPENSSL_EXPORT bool VerifySerialNumber(const der::Input &value,
+[[nodiscard]] OPENSSL_EXPORT bool VerifySerialNumber(der::Input value,
bool warnings_only,
CertErrors *errors);
@@ -81,7 +81,7 @@
//
// Note that upon success it is NOT guaranteed that |*not_before <= *not_after|.
[[nodiscard]] OPENSSL_EXPORT bool ParseValidity(
- const der::Input &validity_tlv, der::GeneralizedTime *not_before,
+ der::Input validity_tlv, der::GeneralizedTime *not_before,
der::GeneralizedTime *not_after);
struct OPENSSL_EXPORT ParseCertificateOptions {
@@ -130,7 +130,7 @@
//
// Parsing guarantees that this is a valid BIT STRING.
[[nodiscard]] OPENSSL_EXPORT bool ParseCertificate(
- const der::Input &certificate_tlv, der::Input *out_tbs_certificate_tlv,
+ der::Input certificate_tlv, der::Input *out_tbs_certificate_tlv,
der::Input *out_signature_algorithm_tlv,
der::BitString *out_signature_value, CertErrors *out_errors);
@@ -167,7 +167,7 @@
// -- If present, version MUST be v3
// }
[[nodiscard]] OPENSSL_EXPORT bool ParseTbsCertificate(
- const der::Input &tbs_tlv, const ParseCertificateOptions &options,
+ der::Input tbs_tlv, const ParseCertificateOptions &options,
ParsedTbsCertificate *out, CertErrors *errors);
// Represents a "Version" from RFC 5280:
@@ -318,8 +318,8 @@
//
// On failure |out| has an undefined state. Some of its fields may have been
// updated during parsing, whereas others may not have been changed.
-[[nodiscard]] OPENSSL_EXPORT bool ParseExtension(
- const der::Input &extension_tlv, ParsedExtension *out);
+[[nodiscard]] OPENSSL_EXPORT bool ParseExtension(der::Input extension_tlv,
+ ParsedExtension *out);
// From RFC 5280:
//
@@ -431,14 +431,14 @@
// bytes in |extensions_tlv|, so that data must be kept alive.
// On failure |extensions| may be partially written to and should not be used.
[[nodiscard]] OPENSSL_EXPORT bool ParseExtensions(
- const der::Input &extensions_tlv,
+ der::Input extensions_tlv,
std::map<der::Input, ParsedExtension> *extensions);
// Removes the extension with OID |oid| from |unconsumed_extensions| and fills
// |extension| with the matching extension value. If there was no extension
// matching |oid| then returns |false|.
[[nodiscard]] OPENSSL_EXPORT bool ConsumeExtension(
- const der::Input &oid,
+ der::Input oid,
std::map<der::Input, ParsedExtension> *unconsumed_extensions,
ParsedExtension *extension);
@@ -457,7 +457,7 @@
// The maximum allowed value of pathLenConstraints will be whatever can fit
// into a uint8_t.
[[nodiscard]] OPENSSL_EXPORT bool ParseBasicConstraints(
- const der::Input &basic_constraints_tlv, ParsedBasicConstraints *out);
+ der::Input basic_constraints_tlv, ParsedBasicConstraints *out);
// KeyUsageBit contains the index for a particular key usage. The index is
// measured from the most significant bit of a bit string.
@@ -497,7 +497,7 @@
//
// To test if a particular key usage is set, call, e.g.:
// key_usage->AssertsBit(KEY_USAGE_BIT_DIGITAL_SIGNATURE);
-[[nodiscard]] OPENSSL_EXPORT bool ParseKeyUsage(const der::Input &key_usage_tlv,
+[[nodiscard]] OPENSSL_EXPORT bool ParseKeyUsage(der::Input key_usage_tlv,
der::BitString *key_usage);
struct AuthorityInfoAccessDescription {
@@ -514,7 +514,7 @@
// No validation is performed on the contents of the
// AuthorityInfoAccessDescription fields.
[[nodiscard]] OPENSSL_EXPORT bool ParseAuthorityInfoAccess(
- const der::Input &authority_info_access_tlv,
+ der::Input authority_info_access_tlv,
std::vector<AuthorityInfoAccessDescription> *out_access_descriptions);
// Parses the Authority Information Access extension defined by RFC 5280,
@@ -536,7 +536,7 @@
// accessLocation types other than uniformResourceIdentifier are silently
// ignored.
[[nodiscard]] OPENSSL_EXPORT bool ParseAuthorityInfoAccessURIs(
- const der::Input &authority_info_access_tlv,
+ der::Input authority_info_access_tlv,
std::vector<std::string_view> *out_ca_issuers_uris,
std::vector<std::string_view> *out_ocsp_uris);
@@ -572,7 +572,7 @@
// DistributionPoint). Return true on success, and fills |distribution_points|
// with values that reference data in |distribution_points_tlv|.
[[nodiscard]] OPENSSL_EXPORT bool ParseCrlDistributionPoints(
- const der::Input &distribution_points_tlv,
+ der::Input distribution_points_tlv,
std::vector<ParsedDistributionPoint> *distribution_points);
// Represents the AuthorityKeyIdentifier extension defined by RFC 5280 section
@@ -608,14 +608,14 @@
// in |extension_value|. On failure the state of |authority_key_identifier| is
// not guaranteed.
[[nodiscard]] OPENSSL_EXPORT bool ParseAuthorityKeyIdentifier(
- const der::Input &extension_value,
+ der::Input extension_value,
ParsedAuthorityKeyIdentifier *authority_key_identifier);
// Parses the value of a subjectKeyIdentifier extension. Returns true on
// success and |subject_key_identifier| references data in |extension_value|.
// On failure the state of |subject_key_identifier| is not guaranteed.
[[nodiscard]] OPENSSL_EXPORT bool ParseSubjectKeyIdentifier(
- const der::Input &extension_value, der::Input *subject_key_identifier);
+ der::Input extension_value, der::Input *subject_key_identifier);
} // namespace bssl
diff --git a/pki/parse_name.cc b/pki/parse_name.cc
index 3768d52..87131a5 100644
--- a/pki/parse_name.cc
+++ b/pki/parse_name.cc
@@ -179,7 +179,7 @@
return out->size() != 0;
}
-bool ParseName(const der::Input &name_tlv, RDNSequence *out) {
+bool ParseName(der::Input name_tlv, RDNSequence *out) {
der::Parser name_parser(name_tlv);
der::Input name_value;
if (!name_parser.ReadTag(der::kSequence, &name_value)) {
@@ -188,7 +188,7 @@
return ParseNameValue(name_value, out);
}
-bool ParseNameValue(const der::Input &name_value, RDNSequence *out) {
+bool ParseNameValue(der::Input name_value, RDNSequence *out) {
der::Parser rdn_sequence_parser(name_value);
while (rdn_sequence_parser.HasMore()) {
der::Parser rdn_parser;
diff --git a/pki/parse_name.h b/pki/parse_name.h
index aea2f76..837f326 100644
--- a/pki/parse_name.h
+++ b/pki/parse_name.h
@@ -140,11 +140,11 @@
// Parses a DER-encoded "Name" as specified by 5280. Returns true on success
// and sets the results in |out|.
-[[nodiscard]] OPENSSL_EXPORT bool ParseName(const der::Input &name_tlv,
+[[nodiscard]] OPENSSL_EXPORT bool ParseName(der::Input name_tlv,
RDNSequence *out);
// Parses a DER-encoded "Name" value (without the sequence tag & length) as
// specified by 5280. Returns true on success and sets the results in |out|.
-[[nodiscard]] OPENSSL_EXPORT bool ParseNameValue(const der::Input &name_value,
+[[nodiscard]] OPENSSL_EXPORT bool ParseNameValue(der::Input name_value,
RDNSequence *out);
// Formats a RDNSequence |rdn_sequence| per RFC2253 as an ASCII string and
diff --git a/pki/parse_values.cc b/pki/parse_values.cc
index b0d9453..b90ead3 100644
--- a/pki/parse_values.cc
+++ b/pki/parse_values.cc
@@ -16,7 +16,7 @@
namespace {
-bool ParseBoolInternal(const Input &in, bool *out, bool relaxed) {
+bool ParseBoolInternal(Input in, bool *out, bool relaxed) {
// According to ITU-T X.690 section 8.2, a bool is encoded as a single octet
// where the octet of all zeroes is FALSE and a non-zero value for the octet
// is TRUE.
@@ -134,7 +134,7 @@
//
// For instance a 160-bit positive number might take 21 bytes to encode. This
// function will return 20 in such a case.
-size_t GetUnsignedIntegerLength(const Input &in) {
+size_t GetUnsignedIntegerLength(Input in) {
der::ByteReader reader(in);
uint8_t first_byte;
if (!reader.ReadByte(&first_byte)) {
@@ -149,7 +149,7 @@
} // namespace
-bool ParseBool(const Input &in, bool *out) {
+bool ParseBool(Input in, bool *out) {
return ParseBoolInternal(in, out, false /* relaxed */);
}
@@ -157,7 +157,7 @@
// have either all bits zero (false) or all bits one (true). To support
// malformed certs, we recognized the BER encoding instead of failing to
// parse.
-bool ParseBoolRelaxed(const Input &in, bool *out) {
+bool ParseBoolRelaxed(Input in, bool *out) {
return ParseBoolInternal(in, out, true /* relaxed */);
}
@@ -165,7 +165,7 @@
// in the smallest number of octets. If the encoding consists of more than
// one octet, then the bits of the first octet and the most significant bit
// of the second octet must not be all zeroes or all ones.
-bool IsValidInteger(const Input &in, bool *negative) {
+bool IsValidInteger(Input in, bool *negative) {
CBS cbs;
CBS_init(&cbs, in.data(), in.size());
int negative_int;
@@ -177,7 +177,7 @@
return true;
}
-bool ParseUint64(const Input &in, uint64_t *out) {
+bool ParseUint64(Input in, uint64_t *out) {
// Reject non-minimally encoded numbers and negative numbers.
bool negative;
if (!IsValidInteger(in, &negative) || negative) {
@@ -201,7 +201,7 @@
return true;
}
-bool ParseUint8(const Input &in, uint8_t *out) {
+bool ParseUint8(Input in, uint8_t *out) {
// TODO(eroman): Implement this more directly.
uint64_t value;
if (!ParseUint64(in, &value)) {
@@ -216,7 +216,7 @@
return true;
}
-BitString::BitString(const Input &bytes, uint8_t unused_bits)
+BitString::BitString(Input bytes, uint8_t unused_bits)
: bytes_(bytes), unused_bits_(unused_bits) {
BSSL_CHECK(unused_bits < 8);
BSSL_CHECK(unused_bits == 0 || !bytes.empty());
@@ -246,7 +246,7 @@
return 0 != (byte & (1 << bit_index_in_byte));
}
-std::optional<BitString> ParseBitString(const Input &in) {
+std::optional<BitString> ParseBitString(Input in) {
ByteReader reader(in);
// From ITU-T X.690, section 8.6.2.2 (applies to BER, CER, DER):
@@ -313,7 +313,7 @@
return !(lhs < rhs);
}
-bool ParseUTCTime(const Input &in, GeneralizedTime *value) {
+bool ParseUTCTime(Input in, GeneralizedTime *value) {
ByteReader reader(in);
GeneralizedTime time;
if (!DecimalStringToUint(reader, 2, &time.year) ||
@@ -340,7 +340,7 @@
return true;
}
-bool ParseGeneralizedTime(const Input &in, GeneralizedTime *value) {
+bool ParseGeneralizedTime(Input in, GeneralizedTime *value) {
ByteReader reader(in);
GeneralizedTime time;
if (!DecimalStringToUint(reader, 4, &time.year) ||
diff --git a/pki/parse_values.h b/pki/parse_values.h
index 28ca49f..1b7ed12 100644
--- a/pki/parse_values.h
+++ b/pki/parse_values.h
@@ -18,11 +18,11 @@
// Reads a DER-encoded ASN.1 BOOLEAN value from |in| and puts the resulting
// value in |out|. Returns whether the encoded value could successfully be
// read.
-[[nodiscard]] OPENSSL_EXPORT bool ParseBool(const Input &in, bool *out);
+[[nodiscard]] OPENSSL_EXPORT bool ParseBool(Input in, bool *out);
// Like ParseBool, except it is more relaxed in what inputs it accepts: Any
// value that is a valid BER encoding will be parsed successfully.
-[[nodiscard]] OPENSSL_EXPORT bool ParseBoolRelaxed(const Input &in, bool *out);
+[[nodiscard]] OPENSSL_EXPORT bool ParseBoolRelaxed(Input in, bool *out);
// Checks the validity of a DER-encoded ASN.1 INTEGER value from |in|, and
// determines the sign of the number. Returns true on success and
@@ -32,8 +32,7 @@
// in: The value portion of an INTEGER.
// negative: Out parameter that is set to true if the number is negative
// and false otherwise (zero is non-negative).
-[[nodiscard]] OPENSSL_EXPORT bool IsValidInteger(const Input &in,
- bool *negative);
+[[nodiscard]] OPENSSL_EXPORT bool IsValidInteger(Input in, bool *negative);
// Reads a DER-encoded ASN.1 INTEGER value from |in| and puts the resulting
// value in |out|. ASN.1 INTEGERs are arbitrary precision; this function is
@@ -41,10 +40,10 @@
// and is between 0 and 2^64-1. This function returns false if the value is too
// big to fit in a uint64_t, is negative, or if there is an error reading the
// integer.
-[[nodiscard]] OPENSSL_EXPORT bool ParseUint64(const Input &in, uint64_t *out);
+[[nodiscard]] OPENSSL_EXPORT bool ParseUint64(Input in, uint64_t *out);
// Same as ParseUint64() but for a uint8_t.
-[[nodiscard]] OPENSSL_EXPORT bool ParseUint8(const Input &in, uint8_t *out);
+[[nodiscard]] OPENSSL_EXPORT bool ParseUint8(Input in, uint8_t *out);
// The BitString class is a helper for representing a valid parsed BIT STRING.
//
@@ -59,9 +58,9 @@
// |unused_bits| represents the number of bits in the last octet of |bytes|,
// starting from the least significant bit, that are unused. It MUST be < 8.
// And if bytes is empty, then it MUST be 0.
- BitString(const Input &bytes, uint8_t unused_bits);
+ BitString(Input bytes, uint8_t unused_bits);
- const Input &bytes() const { return bytes_; }
+ Input bytes() const { return bytes_; }
uint8_t unused_bits() const { return unused_bits_; }
// Returns true if the bit string contains 1 at the specified position.
@@ -83,8 +82,7 @@
// resulting octet string and number of unused bits.
//
// On failure, returns std::nullopt.
-[[nodiscard]] OPENSSL_EXPORT std::optional<BitString> ParseBitString(
- const Input &in);
+[[nodiscard]] OPENSSL_EXPORT std::optional<BitString> ParseBitString(Input in);
struct OPENSSL_EXPORT GeneralizedTime {
uint16_t year;
@@ -109,15 +107,14 @@
// Reads a DER-encoded ASN.1 UTCTime value from |in| and puts the resulting
// value in |out|, returning true if the UTCTime could be parsed successfully.
-[[nodiscard]] OPENSSL_EXPORT bool ParseUTCTime(const Input &in,
- GeneralizedTime *out);
+[[nodiscard]] OPENSSL_EXPORT bool ParseUTCTime(Input in, GeneralizedTime *out);
// Reads a DER-encoded ASN.1 GeneralizedTime value from |in| and puts the
// resulting value in |out|, returning true if the GeneralizedTime could
// be parsed successfully. This function is even more restrictive than the
// DER rules - it follows the rules from RFC5280, which does not allow for
// fractional seconds.
-[[nodiscard]] OPENSSL_EXPORT bool ParseGeneralizedTime(const Input &in,
+[[nodiscard]] OPENSSL_EXPORT bool ParseGeneralizedTime(Input in,
GeneralizedTime *out);
// Reads a DER-encoded ASN.1 IA5String value from |in| and stores the result in
diff --git a/pki/parsed_certificate.cc b/pki/parsed_certificate.cc
index ab05ed9..3e9058d 100644
--- a/pki/parsed_certificate.cc
+++ b/pki/parsed_certificate.cc
@@ -49,14 +49,14 @@
DEFINE_CERT_ERROR_ID(kFailedParsingSubjectKeyIdentifier,
"Failed parsing subject key identifier");
-[[nodiscard]] bool GetSequenceValue(const der::Input &tlv, der::Input *value) {
+[[nodiscard]] bool GetSequenceValue(der::Input tlv, der::Input *value) {
der::Parser parser(tlv);
return parser.ReadTag(der::kSequence, value) && !parser.HasMore();
}
} // namespace
-bool ParsedCertificate::GetExtension(const der::Input &extension_oid,
+bool ParsedCertificate::GetExtension(der::Input extension_oid,
ParsedExtension *parsed_extension) const {
if (!tbs_.extensions_tlv) {
return false;
diff --git a/pki/parsed_certificate.h b/pki/parsed_certificate.h
index bcc0fd9..a4043cb 100644
--- a/pki/parsed_certificate.h
+++ b/pki/parsed_certificate.h
@@ -76,15 +76,15 @@
ParsedCertificate &operator=(const ParsedCertificate &) = delete;
// Returns the DER-encoded certificate data for this cert.
- const der::Input &der_cert() const { return cert_; }
+ der::Input der_cert() const { return cert_; }
// Returns the CRYPTO_BUFFER backing this object.
CRYPTO_BUFFER *cert_buffer() const { return cert_data_.get(); }
// Accessors for raw fields of the Certificate.
- const der::Input &tbs_certificate_tlv() const { return tbs_certificate_tlv_; }
+ der::Input tbs_certificate_tlv() const { return tbs_certificate_tlv_; }
- const der::Input &signature_algorithm_tlv() const {
+ der::Input signature_algorithm_tlv() const {
return signature_algorithm_tlv_;
}
@@ -245,7 +245,7 @@
// Gets the value for extension matching |extension_oid|. Returns false if the
// extension is not present.
- bool GetExtension(const der::Input &extension_oid,
+ bool GetExtension(der::Input extension_oid,
ParsedExtension *parsed_extension) const;
private:
diff --git a/pki/parser.cc b/pki/parser.cc
index 0fa377a..f352178 100644
--- a/pki/parser.cc
+++ b/pki/parser.cc
@@ -11,9 +11,7 @@
Parser::Parser() { CBS_init(&cbs_, nullptr, 0); }
-Parser::Parser(const Input &input) {
- CBS_init(&cbs_, input.data(), input.size());
-}
+Parser::Parser(Input input) { CBS_init(&cbs_, input.data(), input.size()); }
bool Parser::PeekTagAndValue(Tag *tag, Input *out) {
CBS peeker = cbs_;
diff --git a/pki/parser.h b/pki/parser.h
index 94065e5..c585c60 100644
--- a/pki/parser.h
+++ b/pki/parser.h
@@ -72,7 +72,7 @@
// following code shows an example of how to parse the quux field from the
// encoded data.
//
-// bool ReadQuux(const Input& encoded_value, Input* quux_out) {
+// bool ReadQuux(Input encoded_value, Input* quux_out) {
// Parser parser(encoded_value);
// Parser foo_parser;
// if (!parser.ReadSequence(&foo_parser))
@@ -93,7 +93,7 @@
// Creates a parser to parse over the data represented by input. This class
// assumes that the underlying data will not change over the lifetime of
// the Parser object.
- explicit Parser(const Input &input);
+ explicit Parser(Input input);
Parser(const Parser &) = default;
Parser &operator=(const Parser &) = default;
diff --git a/pki/path_builder.cc b/pki/path_builder.cc
index 07ced15..98c6438 100644
--- a/pki/path_builder.cc
+++ b/pki/path_builder.cc
@@ -621,7 +621,8 @@
// trusted root.
if (!cur_path_.Empty()) {
if (delegate->IsDebugLogEnabled()) {
- delegate->DebugLog("Issuer is a trust leaf, considering as UNSPECIFIED");
+ delegate->DebugLog(
+ "Issuer is a trust leaf, considering as UNSPECIFIED");
}
next_issuer_.trust = CertificateTrust::ForUnspecified();
}
@@ -692,7 +693,8 @@
std::move(next_issuer_.cert), &cert_issuer_sources_, trust_store_));
next_issuer_ = IssuerEntry();
if (delegate->IsDebugLogEnabled()) {
- delegate->DebugLog("CertPathIter cur_path_ =\n" + cur_path_.PathDebugString());
+ delegate->DebugLog("CertPathIter cur_path_ =\n" +
+ cur_path_.PathDebugString());
}
// Continue descending the tree.
continue;
diff --git a/pki/path_builder_pkits_unittest.cc b/pki/path_builder_pkits_unittest.cc
index 1cd1238..5bc0703 100644
--- a/pki/path_builder_pkits_unittest.cc
+++ b/pki/path_builder_pkits_unittest.cc
@@ -238,8 +238,7 @@
const bssl::CertPathBuilderResultPath *result_path =
result.paths[i].get();
msg << "path " << i << " errors:\n"
- << result_path->errors.ToDebugString(result_path->certs)
- << "\n";
+ << result_path->errors.ToDebugString(result_path->certs) << "\n";
}
ASSERT_EQ(info.should_validate, result.HasValidPath()) << msg;
}
diff --git a/pki/path_builder_unittest.cc b/pki/path_builder_unittest.cc
index eaf10d8..7747c34 100644
--- a/pki/path_builder_unittest.cc
+++ b/pki/path_builder_unittest.cc
@@ -1362,9 +1362,7 @@
{0, 4}, // No path limit. Three valid, one partial path should be built
{1, 1}, // One valid path
{2, 3}, // Two valid, one partial
- {3, 4},
- {4, 4},
- {5, 4},
+ {3, 4}, {4, 4}, {5, 4},
};
// Trust both old and new roots.
@@ -1784,9 +1782,9 @@
std::shared_ptr<const ParsedCertificate> oldintermediate_dupe(
ParsedCertificate::Create(
- bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new(
- oldintermediate_->der_cert().data(),
- oldintermediate_->der_cert().size(), nullptr)),
+ bssl::UniquePtr<CRYPTO_BUFFER>(
+ CRYPTO_BUFFER_new(oldintermediate_->der_cert().data(),
+ oldintermediate_->der_cert().size(), nullptr)),
{}, nullptr));
EXPECT_CALL(*target_issuers_req, GetNext(_))
diff --git a/pki/signature_algorithm.cc b/pki/signature_algorithm.cc
index f68b612..8116862 100644
--- a/pki/signature_algorithm.cc
+++ b/pki/signature_algorithm.cc
@@ -123,7 +123,7 @@
0x0d, 0x01, 0x01, 0x08};
// Returns true if the entirety of the input is a NULL value.
-[[nodiscard]] bool IsNull(const der::Input &input) {
+[[nodiscard]] bool IsNull(der::Input input) {
der::Parser parser(input);
der::Input null_value;
if (!parser.ReadTag(der::kNull, &null_value)) {
@@ -139,7 +139,7 @@
return !parser.HasMore();
}
-[[nodiscard]] bool IsNullOrEmpty(const der::Input &input) {
+[[nodiscard]] bool IsNullOrEmpty(der::Input input) {
return IsNull(input) || input.empty();
}
@@ -210,7 +210,7 @@
// Note also that DER encoding (ITU-T X.690 section 11.5) prohibits
// specifying default values explicitly. The parameter should instead be
// omitted to indicate a default value.
-std::optional<SignatureAlgorithm> ParseRsaPss(const der::Input ¶ms) {
+std::optional<SignatureAlgorithm> ParseRsaPss(der::Input params) {
der::Parser parser(params);
der::Parser params_parser;
if (!parser.ReadSequence(¶ms_parser)) {
@@ -268,7 +268,7 @@
} // namespace
-[[nodiscard]] bool ParseAlgorithmIdentifier(const der::Input &input,
+[[nodiscard]] bool ParseAlgorithmIdentifier(der::Input input,
der::Input *algorithm,
der::Input *parameters) {
der::Parser parser(input);
@@ -303,8 +303,7 @@
return !algorithm_identifier_parser.HasMore();
}
-[[nodiscard]] bool ParseHashAlgorithm(const der::Input &input,
- DigestAlgorithm *out) {
+[[nodiscard]] bool ParseHashAlgorithm(der::Input input, DigestAlgorithm *out) {
CBS cbs;
CBS_init(&cbs, input.data(), input.size());
const EVP_MD *md = EVP_parse_digest_algorithm(&cbs);
@@ -327,7 +326,7 @@
}
std::optional<SignatureAlgorithm> ParseSignatureAlgorithm(
- const der::Input &algorithm_identifier) {
+ der::Input algorithm_identifier) {
der::Input oid;
der::Input params;
if (!ParseAlgorithmIdentifier(algorithm_identifier, &oid, ¶ms)) {
diff --git a/pki/signature_algorithm.h b/pki/signature_algorithm.h
index 72c8ea6..2d65be2 100644
--- a/pki/signature_algorithm.h
+++ b/pki/signature_algorithm.h
@@ -54,7 +54,7 @@
// algorithm OBJECT IDENTIFIER,
// parameters ANY DEFINED BY algorithm OPTIONAL }
[[nodiscard]] OPENSSL_EXPORT bool ParseAlgorithmIdentifier(
- const der::Input &input, der::Input *algorithm, der::Input *parameters);
+ der::Input input, der::Input *algorithm, der::Input *parameters);
// Parses a HashAlgorithm as defined by RFC 5912:
//
@@ -68,14 +68,13 @@
// { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } |
// { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent }
// }
-[[nodiscard]] bool ParseHashAlgorithm(const der::Input &input,
- DigestAlgorithm *out);
+[[nodiscard]] bool ParseHashAlgorithm(der::Input input, DigestAlgorithm *out);
// Parses an AlgorithmIdentifier into a signature algorithm and returns it, or
// returns `std::nullopt` if `algorithm_identifer` either cannot be parsed or
// is not a recognized signature algorithm.
OPENSSL_EXPORT std::optional<SignatureAlgorithm> ParseSignatureAlgorithm(
- const der::Input &algorithm_identifier);
+ der::Input algorithm_identifier);
// Returns the hash to be used with the tls-server-end-point channel binding
// (RFC 5929) or `std::nullopt`, if not supported for this signature algorithm.
diff --git a/pki/test_helpers.cc b/pki/test_helpers.cc
index d998e56..cc32622 100644
--- a/pki/test_helpers.cc
+++ b/pki/test_helpers.cc
@@ -129,7 +129,7 @@
namespace der {
-void PrintTo(const Input &data, ::std::ostream *os) {
+void PrintTo(Input data, ::std::ostream *os) {
size_t len;
if (!EVP_EncodedLength(&len, data.size())) {
*os << "[]";
@@ -506,7 +506,7 @@
const std::set<der::Input> &actual_user_constrained_policy_set,
const std::string &errors_file_path) {
std::set<std::string> actual_user_constrained_policy_str_set;
- for (const der::Input &der_oid : actual_user_constrained_policy_set) {
+ for (der::Input der_oid : actual_user_constrained_policy_set) {
actual_user_constrained_policy_str_set.insert(OidToString(der_oid));
}
if (expected_user_constrained_policy_str_set !=
diff --git a/pki/test_helpers.h b/pki/test_helpers.h
index 7b16e86..91d74ce 100644
--- a/pki/test_helpers.h
+++ b/pki/test_helpers.h
@@ -24,7 +24,7 @@
namespace der {
// This function is used by GTest to support EXPECT_EQ() for der::Input.
-void PrintTo(const Input &data, ::std::ostream *os);
+void PrintTo(Input data, ::std::ostream *os);
} // namespace der
diff --git a/pki/trust_store_in_memory.h b/pki/trust_store_in_memory.h
index 59ae3a4..7e5530d 100644
--- a/pki/trust_store_in_memory.h
+++ b/pki/trust_store_in_memory.h
@@ -5,8 +5,8 @@
#ifndef BSSL_PKI_TRUST_STORE_IN_MEMORY_H_
#define BSSL_PKI_TRUST_STORE_IN_MEMORY_H_
-#include <unordered_map>
#include <set>
+#include <unordered_map>
#include <openssl/base.h>
diff --git a/pki/verify_certificate_chain.cc b/pki/verify_certificate_chain.cc
index da37d62..1d3d0c0 100644
--- a/pki/verify_certificate_chain.cc
+++ b/pki/verify_certificate_chain.cc
@@ -150,8 +150,8 @@
// compatibility sake.
bool VerifySignatureAlgorithmsMatch(const ParsedCertificate &cert,
CertErrors *errors) {
- const der::Input &alg1_tlv = cert.signature_algorithm_tlv();
- const der::Input &alg2_tlv = cert.tbs().signature_algorithm_tlv;
+ der::Input alg1_tlv = cert.signature_algorithm_tlv();
+ der::Input alg2_tlv = cert.tbs().signature_algorithm_tlv;
// Ensure that the two DER-encoded signature algorithms are byte-for-byte
// equal.
@@ -690,7 +690,7 @@
// Parses |spki| to an EVP_PKEY and checks whether the public key is accepted
// by |delegate_|. On failure parsing returns nullptr. If either parsing the
// key or key policy failed, adds a high-severity error to |errors|.
- bssl::UniquePtr<EVP_PKEY> ParseAndCheckPublicKey(const der::Input &spki,
+ bssl::UniquePtr<EVP_PKEY> ParseAndCheckPublicKey(der::Input spki,
CertErrors *errors);
ValidPolicyGraph valid_policy_graph_;
@@ -799,7 +799,7 @@
// for policy P and P-Q denote the qualifier set for policy
// P. Perform the following steps in order:
bool cert_has_any_policy = false;
- for (const der::Input &p_oid : cert.policy_oids()) {
+ for (der::Input p_oid : cert.policy_oids()) {
if (p_oid == der::Input(kAnyPolicyOid)) {
cert_has_any_policy = true;
continue;
@@ -1431,7 +1431,7 @@
}
bssl::UniquePtr<EVP_PKEY> PathVerifier::ParseAndCheckPublicKey(
- const der::Input &spki, CertErrors *errors) {
+ der::Input spki, CertErrors *errors) {
// Parse the public key.
bssl::UniquePtr<EVP_PKEY> pkey;
if (!ParsePublicKey(spki, &pkey)) {
diff --git a/pki/verify_name_match.cc b/pki/verify_name_match.cc
index e8772ec..73d3f9a 100644
--- a/pki/verify_name_match.cc
+++ b/pki/verify_name_match.cc
@@ -258,7 +258,7 @@
//
// RelativeDistinguishedName ::=
// SET SIZE (1..MAX) OF AttributeTypeAndValue
-bool VerifyNameMatchInternal(const der::Input &a, const der::Input &b,
+bool VerifyNameMatchInternal(der::Input a, der::Input b,
NameMatchType match_type) {
// Empty Names are allowed. RFC 5280 section 4.1.2.4 requires "The issuer
// field MUST contain a non-empty distinguished name (DN)", while section
@@ -308,7 +308,7 @@
} // namespace
-bool NormalizeName(const der::Input &name_rdn_sequence,
+bool NormalizeName(der::Input name_rdn_sequence,
std::string *normalized_rdn_sequence, CertErrors *errors) {
BSSL_CHECK(errors);
@@ -394,19 +394,18 @@
return true;
}
-bool VerifyNameMatch(const der::Input &a_rdn_sequence,
- const der::Input &b_rdn_sequence) {
+bool VerifyNameMatch(der::Input a_rdn_sequence, der::Input b_rdn_sequence) {
return VerifyNameMatchInternal(a_rdn_sequence, b_rdn_sequence, EXACT_MATCH);
}
-bool VerifyNameInSubtree(const der::Input &name_rdn_sequence,
- const der::Input &parent_rdn_sequence) {
+bool VerifyNameInSubtree(der::Input name_rdn_sequence,
+ der::Input parent_rdn_sequence) {
return VerifyNameMatchInternal(name_rdn_sequence, parent_rdn_sequence,
SUBTREE_MATCH);
}
bool FindEmailAddressesInName(
- const der::Input &name_rdn_sequence,
+ der::Input name_rdn_sequence,
std::vector<std::string> *contained_email_addresses) {
contained_email_addresses->clear();
diff --git a/pki/verify_name_match.h b/pki/verify_name_match.h
index bef9054..79c9ce8 100644
--- a/pki/verify_name_match.h
+++ b/pki/verify_name_match.h
@@ -24,7 +24,7 @@
// outer Sequence tag). Returns false if there was an error parsing or
// normalizing the input, and adds error information to |errors|. |errors| must
// be non-null.
-OPENSSL_EXPORT bool NormalizeName(const der::Input &name_rdn_sequence,
+OPENSSL_EXPORT bool NormalizeName(der::Input name_rdn_sequence,
std::string *normalized_rdn_sequence,
CertErrors *errors);
@@ -32,16 +32,16 @@
// |a_rdn_sequence| and |b_rdn_sequence| should be the DER-encoded RDNSequence
// values (not including the Sequence tag).
// Returns true if |a_rdn_sequence| and |b_rdn_sequence| match.
-OPENSSL_EXPORT bool VerifyNameMatch(const der::Input &a_rdn_sequence,
- const der::Input &b_rdn_sequence);
+OPENSSL_EXPORT bool VerifyNameMatch(der::Input a_rdn_sequence,
+ der::Input b_rdn_sequence);
// Compares |name_rdn_sequence| and |parent_rdn_sequence| and return true if
// |name_rdn_sequence| is within the subtree defined by |parent_rdn_sequence| as
// defined by RFC 5280 section 7.1. |name_rdn_sequence| and
// |parent_rdn_sequence| should be the DER-encoded sequence values (not
// including the Sequence tag).
-OPENSSL_EXPORT bool VerifyNameInSubtree(const der::Input &name_rdn_sequence,
- const der::Input &parent_rdn_sequence);
+OPENSSL_EXPORT bool VerifyNameInSubtree(der::Input name_rdn_sequence,
+ der::Input parent_rdn_sequence);
// Helper functions:
@@ -53,7 +53,7 @@
// tag, but otherwise have not been validated.
// Returns false if there was a parsing error.
[[nodiscard]] bool FindEmailAddressesInName(
- const der::Input &name_rdn_sequence,
+ der::Input name_rdn_sequence,
std::vector<std::string> *contained_email_addresses);
} // namespace bssl
diff --git a/pki/verify_signed_data.cc b/pki/verify_signed_data.cc
index 3948a43..a30f9d6 100644
--- a/pki/verify_signed_data.cc
+++ b/pki/verify_signed_data.cc
@@ -33,8 +33,8 @@
constexpr uint32_t VerifyCacheKeyVersion = 1;
std::string SignatureVerifyCacheKey(std::string_view algorithm_name,
- const der::Input &signed_data,
- const der::Input &signature_value_bytes,
+ der::Input signed_data,
+ der::Input signature_value_bytes,
EVP_PKEY *public_key) {
SHA256_CTX s_ctx;
bssl::ScopedCBB public_key_cbb;
@@ -136,7 +136,7 @@
// { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
// ... -- Extensible
// }
-bool ParsePublicKey(const der::Input &public_key_spki,
+bool ParsePublicKey(der::Input public_key_spki,
bssl::UniquePtr<EVP_PKEY> *public_key) {
// Parse the SPKI to an EVP_PKEY.
OpenSSLErrStackTracer err_tracer;
@@ -151,8 +151,7 @@
return true;
}
-bool VerifySignedData(SignatureAlgorithm algorithm,
- const der::Input &signed_data,
+bool VerifySignedData(SignatureAlgorithm algorithm, der::Input signed_data,
const der::BitString &signature_value,
EVP_PKEY *public_key, SignatureVerifyCache *cache) {
int expected_pkey_id = 1;
@@ -231,7 +230,7 @@
if (signature_value.unused_bits() != 0) {
return false;
}
- const der::Input &signature_value_bytes = signature_value.bytes();
+ der::Input signature_value_bytes = signature_value.bytes();
std::string cache_key;
if (cache) {
@@ -279,11 +278,9 @@
return ret;
}
-bool VerifySignedData(SignatureAlgorithm algorithm,
- const der::Input &signed_data,
+bool VerifySignedData(SignatureAlgorithm algorithm, der::Input signed_data,
const der::BitString &signature_value,
- const der::Input &public_key_spki,
- SignatureVerifyCache *cache) {
+ der::Input public_key_spki, SignatureVerifyCache *cache) {
bssl::UniquePtr<EVP_PKEY> public_key;
if (!ParsePublicKey(public_key_spki, &public_key)) {
return false;
diff --git a/pki/verify_signed_data.h b/pki/verify_signed_data.h
index bd7d659..e67c919 100644
--- a/pki/verify_signed_data.h
+++ b/pki/verify_signed_data.h
@@ -28,19 +28,19 @@
//
// Returns true if verification was successful.
[[nodiscard]] OPENSSL_EXPORT bool VerifySignedData(
- SignatureAlgorithm algorithm, const der::Input &signed_data,
+ SignatureAlgorithm algorithm, der::Input signed_data,
const der::BitString &signature_value, EVP_PKEY *public_key,
SignatureVerifyCache *cache);
// Same as above overload, only the public key is inputted as an SPKI and will
// be parsed internally.
[[nodiscard]] OPENSSL_EXPORT bool VerifySignedData(
- SignatureAlgorithm algorithm, const der::Input &signed_data,
- const der::BitString &signature_value, const der::Input &public_key_spki,
+ SignatureAlgorithm algorithm, der::Input signed_data,
+ const der::BitString &signature_value, der::Input public_key_spki,
SignatureVerifyCache *cache);
[[nodiscard]] OPENSSL_EXPORT bool ParsePublicKey(
- const der::Input &public_key_spki, bssl::UniquePtr<EVP_PKEY> *public_key);
+ der::Input public_key_spki, bssl::UniquePtr<EVP_PKEY> *public_key);
} // namespace bssl