Add some tests that X509_NAME_hash does not overcanonicalize

If we were to change our built-in name canonicalization in either
direction, we would need to go back and fix X509_NAME_hash to stick to
the old scheme. The original test only included positive
canonicalization cases, because we would never have any legitimate
reason to want to canonicalize more. Add the negative case too for good
measure.

Change-Id: I65d12ea7ddcc6068fa80ce1bb3295d16fc7bb01f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/98387
Reviewed-by: Rudolf Polzer <rpolzer@google.com>
Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Rudolf Polzer <rpolzer@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
1 file changed
tree: 06584844b1311c23705288f52ab10c437a41e842
  1. .agents/
  2. .bcr/
  3. .github/
  4. agents/
  5. bench/
  6. cmake/
  7. crypto/
  8. decrepit/
  9. docs/
  10. fuzz/
  11. gen/
  12. include/
  13. infra/
  14. pki/
  15. rust/
  16. ssl/
  17. third_party/
  18. tool/
  19. util/
  20. .bazelignore
  21. .bazelrc
  22. .bazelversion
  23. .clang-format
  24. .clang-format-ignore
  25. .clangd
  26. .gitattributes
  27. .gitignore
  28. API-CONVENTIONS.md
  29. AUTHORS
  30. BREAKING-CHANGES.md
  31. BUILD.bazel
  32. build.json
  33. BUILDING.md
  34. CMakeLists.txt
  35. codereview.settings
  36. CONTRIBUTING.md
  37. FUZZING.md
  38. go.mod
  39. go.sum
  40. INCORPORATING.md
  41. LICENSE
  42. MODULE.bazel
  43. MODULE.bazel.lock
  44. PORTING.md
  45. PRESUBMIT.py
  46. PrivacyInfo.xcprivacy
  47. README.md
  48. SANDBOXING.md
  49. SECURITY.md
  50. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: