Remove calls to now unnecessary MakeSpan/MakeConstSpan
CTAD takes care of all of these.
Bug: 42290600
Change-Id: I191c5710f402835d1b50250225edd4e535c7580c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75208
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/cipher_extra/cipher_test.cc b/crypto/cipher_extra/cipher_test.cc
index cb0b16b..b86803a 100644
--- a/crypto/cipher_extra/cipher_test.cc
+++ b/crypto/cipher_extra/cipher_test.cc
@@ -215,7 +215,7 @@
std::vector<uint8_t> result(max_out);
if (in_place) {
std::copy(in.begin(), in.end(), result.begin());
- in = bssl::MakeConstSpan(result).first(in.size());
+ in = bssl::Span(result).first(in.size());
}
size_t total = 0;
@@ -315,7 +315,7 @@
} else {
result.resize(expected.size());
}
- bssl::Span<uint8_t> out = bssl::MakeSpan(result);
+ bssl::Span<uint8_t> out = bssl::Span(result);
// Input and output sizes for all the low-level APIs should match.
ASSERT_EQ(in.size(), out.size());
@@ -733,8 +733,7 @@
uint8_t suffix[8];
ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_IV_GEN,
sizeof(suffix), suffix));
- EXPECT_EQ(Bytes(suffix),
- Bytes(bssl::MakeConstSpan(kIV3).last(sizeof(suffix))));
+ EXPECT_EQ(Bytes(suffix), Bytes(bssl::Span(kIV3).last(sizeof(suffix))));
ASSERT_NO_FATAL_FAILURE(expect_iv(ctx.get(), kIV3, /*enc=*/true));
// A length of -1 returns the whole IV.
diff --git a/crypto/digest_extra/digest_test.cc b/crypto/digest_extra/digest_test.cc
index db6d77b..bf5904e 100644
--- a/crypto/digest_extra/digest_test.cc
+++ b/crypto/digest_extra/digest_test.cc
@@ -157,8 +157,7 @@
static void CompareDigest(const DigestTestVector *test, const uint8_t *digest,
size_t digest_len) {
- EXPECT_EQ(test->expected_hex,
- EncodeHex(bssl::MakeConstSpan(digest, digest_len)));
+ EXPECT_EQ(test->expected_hex, EncodeHex(bssl::Span(digest, digest_len)));
}
static void TestDigest(const DigestTestVector *test) {
diff --git a/crypto/fipsmodule/ec/ec_test.cc b/crypto/fipsmodule/ec/ec_test.cc
index f1019b7..5d08829 100644
--- a/crypto/fipsmodule/ec/ec_test.cc
+++ b/crypto/fipsmodule/ec/ec_test.cc
@@ -1327,10 +1327,9 @@
ASSERT_TRUE(EncodeECPoint(&buf, test.group, p.get(),
POINT_CONVERSION_UNCOMPRESSED));
size_t field_len = (buf.size() - 1) / 2;
- EXPECT_EQ(test.x_hex,
- EncodeHex(bssl::MakeConstSpan(buf).subspan(1, field_len)));
- EXPECT_EQ(test.y_hex, EncodeHex(bssl::MakeConstSpan(buf).subspan(
- 1 + field_len, field_len)));
+ EXPECT_EQ(test.x_hex, EncodeHex(bssl::Span(buf).subspan(1, field_len)));
+ EXPECT_EQ(test.y_hex,
+ EncodeHex(bssl::Span(buf).subspan(1 + field_len, field_len)));
}
// hash-to-curve functions should check for the wrong group.
@@ -1405,7 +1404,7 @@
uint8_t buf[EC_MAX_BYTES];
size_t len;
ec_scalar_to_bytes(test.group, buf, &len, &scalar);
- EXPECT_EQ(test.result_hex, EncodeHex(bssl::MakeConstSpan(buf, len)));
+ EXPECT_EQ(test.result_hex, EncodeHex(bssl::Span(buf, len)));
}
// hash-to-scalar functions should check for the wrong group.
diff --git a/crypto/mldsa/mldsa_test.cc b/crypto/mldsa/mldsa_test.cc
index a0ab090..bfea9cc 100644
--- a/crypto/mldsa/mldsa_test.cc
+++ b/crypto/mldsa/mldsa_test.cc
@@ -63,7 +63,7 @@
sizeof(kMessage), nullptr, 0));
auto pub = std::make_unique<MLDSA65_public_key>();
- CBS cbs = bssl::MakeConstSpan(encoded_public_key);
+ CBS cbs = CBS(encoded_public_key);
ASSERT_TRUE(MLDSA65_parse_public_key(pub.get(), &cbs));
EXPECT_EQ(MLDSA65_verify(pub.get(), encoded_signature.data(),
@@ -104,7 +104,7 @@
const std::vector<uint8_t> encoded_private_key =
Marshal(MarshalPrivate, reinterpret_cast<BCMPrivateKey *>(priv.get()));
- CBS cbs = bssl::MakeConstSpan(encoded_private_key);
+ CBS cbs = CBS(encoded_private_key);
EXPECT_TRUE(bcm_success(
ParsePrivate(reinterpret_cast<BCMPrivateKey *>(priv.get()), &cbs)));
@@ -116,7 +116,7 @@
sizeof(kMessage), kContext, sizeof(kContext)));
auto pub = std::make_unique<PublicKey>();
- cbs = bssl::MakeConstSpan(encoded_public_key);
+ cbs = CBS(encoded_public_key);
ASSERT_TRUE(ParsePublicKey(pub.get(), &cbs));
EXPECT_EQ(
@@ -220,7 +220,7 @@
MLDSA65_generate_key(encoded_public_key.data(), seed, priv.get()));
auto pub = std::make_unique<MLDSA65_public_key>();
- CBS cbs = bssl::MakeConstSpan(encoded_public_key);
+ CBS cbs = CBS(encoded_public_key);
ASSERT_TRUE(MLDSA65_parse_public_key(pub.get(), &cbs));
std::vector<uint8_t> encoded_signature1(MLDSA65_SIGNATURE_BYTES);
@@ -273,17 +273,17 @@
MLDSA65_generate_key(encoded_public_key.data(), seed, priv.get()));
// Public key is 1 byte too short.
- CBS cbs = bssl::MakeConstSpan(encoded_public_key)
- .first(MLDSA65_PUBLIC_KEY_BYTES - 1);
+ CBS cbs =
+ CBS(bssl::Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES - 1));
auto parsed_pub = std::make_unique<MLDSA65_public_key>();
EXPECT_FALSE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs));
// Public key has the correct length.
- cbs = bssl::MakeConstSpan(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES);
+ cbs = CBS(bssl::Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES));
EXPECT_TRUE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs));
// Public key is 1 byte too long.
- cbs = bssl::MakeConstSpan(encoded_public_key);
+ cbs = CBS(encoded_public_key);
EXPECT_FALSE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs));
}
diff --git a/crypto/pkcs8/pkcs12_test.cc b/crypto/pkcs8/pkcs12_test.cc
index e67a7e4..fd80607 100644
--- a/crypto/pkcs8/pkcs12_test.cc
+++ b/crypto/pkcs8/pkcs12_test.cc
@@ -35,11 +35,6 @@
// kUnicodePassword is the password for unicode_password.p12
static const char kUnicodePassword[] = "Hello, 世界";
-static bssl::Span<const uint8_t> StringToBytes(const std::string &str) {
- return bssl::MakeConstSpan(reinterpret_cast<const uint8_t *>(str.data()),
- str.size());
-}
-
static void TestImpl(const char *name, bssl::Span<const uint8_t> der,
const char *password,
const char *friendly_name) {
@@ -95,14 +90,15 @@
// openssl.p12 was generated by OpenSSL with:
// openssl pkcs12 -export -inkey key.pem -in cacert.pem
std::string data = GetTestData("crypto/pkcs8/test/openssl.p12");
- TestImpl("OpenSSL", StringToBytes(data), kPassword, nullptr);
+ TestImpl("OpenSSL", bssl::StringAsBytes(data), kPassword, nullptr);
}
TEST(PKCS12Test, TestNSS) {
// nss.p12 is the result of importing the OpenSSL example PKCS#12 into Chrome
// on Linux and then exporting it again.
std::string data = GetTestData("crypto/pkcs8/test/nss.p12");
- TestImpl("NSS", StringToBytes(data), kPassword, "Internet Widgits Pty Ltd");
+ TestImpl("NSS", bssl::StringAsBytes(data), kPassword,
+ "Internet Widgits Pty Ltd");
}
TEST(PKCS12Test, TestWindows) {
@@ -110,7 +106,7 @@
// manager on Windows 7. It has a friendlyName, but only on the key, where we
// ignore it, and not the certificate.
std::string data = GetTestData("crypto/pkcs8/test/windows.p12");
- TestImpl("Windows", StringToBytes(data), kPassword, nullptr);
+ TestImpl("Windows", bssl::StringAsBytes(data), kPassword, nullptr);
}
TEST(PKCS12Test, TestPBES2) {
@@ -121,13 +117,13 @@
// This was generated with an older OpenSSL, which used hmacWithSHA1 as the
// PRF. (There is currently no way to specify the PRF in the pkcs12 command.)
std::string data = GetTestData("crypto/pkcs8/test/pbes2_sha1.p12");
- TestImpl("kPBES2WithSHA1", StringToBytes(data), kPassword, nullptr);
+ TestImpl("kPBES2WithSHA1", bssl::StringAsBytes(data), kPassword, nullptr);
// pbes2_sha256.p12 is a PKCS#12 file using PBES2 and HMAC-SHA-256. It was
// generated in the same way as pbes2_sha1.p12, but using OpenSSL 1.1.1b,
// which uses hmacWithSHA256 as the PRF.
data = GetTestData("crypto/pkcs8/test/pbes2_sha256.p12");
- TestImpl("kPBES2WithSHA256", StringToBytes(data), kPassword, nullptr);
+ TestImpl("kPBES2WithSHA256", bssl::StringAsBytes(data), kPassword, nullptr);
}
TEST(PKCS12Test, TestNoEncryption) {
@@ -136,7 +132,7 @@
//
// openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -keypbe NONE -certpbe NONE -password pass:foo
std::string data = GetTestData("crypto/pkcs8/test/no_encryption.p12");
- TestImpl("kNoEncryption", StringToBytes(data), kPassword, nullptr);
+ TestImpl("kNoEncryption", bssl::StringAsBytes(data), kPassword, nullptr);
}
TEST(PKCS12Test, TestEmptyPassword) {
@@ -147,23 +143,24 @@
// Generated with
// openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass:
std::string data = GetTestData("crypto/pkcs8/test/empty_password.p12");
- TestImpl("EmptyPassword (empty password)", StringToBytes(data), "", nullptr);
- TestImpl("EmptyPassword (null password)", StringToBytes(data), nullptr,
+ TestImpl("EmptyPassword (empty password)", bssl::StringAsBytes(data), "",
+ nullptr);
+ TestImpl("EmptyPassword (null password)", bssl::StringAsBytes(data), nullptr,
nullptr);
// The above input, modified to have a constructed string.
data = GetTestData("crypto/pkcs8/test/empty_password_ber.p12");
- TestImpl("EmptyPassword (BER, empty password)", StringToBytes(data), "",
+ TestImpl("EmptyPassword (BER, empty password)", bssl::StringAsBytes(data), "",
nullptr);
- TestImpl("EmptyPassword (BER, null password)", StringToBytes(data), nullptr,
- nullptr);
+ TestImpl("EmptyPassword (BER, null password)", bssl::StringAsBytes(data),
+ nullptr, nullptr);
// The constructed string with too much recursion.
data = GetTestData("crypto/pkcs8/test/empty_password_ber_nested.p12");
bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
ASSERT_TRUE(certs);
EVP_PKEY *key = nullptr;
- CBS pkcs12 = StringToBytes(data);
+ CBS pkcs12 = bssl::StringAsBytes(data);
EXPECT_FALSE(PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, ""));
}
@@ -177,8 +174,9 @@
// But with OpenSSL patched to pass NULL into PKCS12_create and
// PKCS12_set_mac.
std::string data = GetTestData("crypto/pkcs8/test/null_password.p12");
- TestImpl("NullPassword (empty password)", StringToBytes(data), "", nullptr);
- TestImpl("NullPassword (null password)", StringToBytes(data), nullptr,
+ TestImpl("NullPassword (empty password)", bssl::StringAsBytes(data), "",
+ nullptr);
+ TestImpl("NullPassword (null password)", bssl::StringAsBytes(data), nullptr,
nullptr);
}
@@ -186,12 +184,12 @@
// Generated with
// openssl pkcs12 -export -inkey ecdsa_p256_key.pem -in ecdsa_p256_cert.pem -password pass:"Hello, 世界"
std::string data = GetTestData("crypto/pkcs8/test/unicode_password.p12");
- TestImpl("Unicode", StringToBytes(data), kUnicodePassword, nullptr);
+ TestImpl("Unicode", bssl::StringAsBytes(data), kUnicodePassword, nullptr);
}
TEST(PKCS12Test, TestWindowsCompat) {
std::string data = GetTestData("crypto/pkcs8/test/windows.p12");
- TestCompat(StringToBytes(data));
+ TestCompat(bssl::StringAsBytes(data));
}
// kTestKey is a test P-256 key.
@@ -671,7 +669,7 @@
bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
ASSERT_TRUE(certs);
EVP_PKEY *key = nullptr;
- CBS cbs = StringToBytes(data);
+ CBS cbs = bssl::StringAsBytes(data);
EXPECT_FALSE(PKCS12_get_key_and_certs(&key, certs.get(), &cbs, ""));
}
{
@@ -679,7 +677,7 @@
bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
ASSERT_TRUE(certs);
EVP_PKEY *key = nullptr;
- CBS cbs = StringToBytes(data);
+ CBS cbs = bssl::StringAsBytes(data);
EXPECT_FALSE(PKCS12_get_key_and_certs(&key, certs.get(), &cbs, ""));
}
{
@@ -687,7 +685,7 @@
bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
ASSERT_TRUE(certs);
EVP_PKEY *key = nullptr;
- CBS cbs = StringToBytes(data);
+ CBS cbs = bssl::StringAsBytes(data);
EXPECT_FALSE(PKCS12_get_key_and_certs(&key, certs.get(), &cbs, ""));
}
}
diff --git a/crypto/test/file_util.h b/crypto/test/file_util.h
index 01f524a..337d1c4 100644
--- a/crypto/test/file_util.h
+++ b/crypto/test/file_util.h
@@ -20,6 +20,7 @@
#include <memory>
#include <set>
#include <string>
+#include <string_view>
#include <utility>
#include <openssl/span.h>
@@ -95,9 +96,8 @@
// true on success and false on error. On error, callers should call
// |IgnoreTempFileErrors| to determine whether to ignore the error.
bool Init(bssl::Span<const uint8_t> content = {});
- bool Init(const std::string &content) {
- return Init(bssl::MakeConstSpan(
- reinterpret_cast<const uint8_t *>(content.data()), content.size()));
+ bool Init(std::string_view content) {
+ return Init(bssl::StringAsBytes(content));
}
// Open opens the file as a |FILE| with the specified mode.
@@ -139,14 +139,11 @@
// It returns true on success and false on error. Subdirectories in the
// temporary directory are not currently supported.
bool AddFile(const std::string &filename, bssl::Span<const uint8_t> content);
- bool AddFile(const std::string &filename, const std::string &content) {
- return AddFile(
- filename,
- bssl::MakeConstSpan(reinterpret_cast<const uint8_t *>(content.data()),
- content.size()));
+ bool AddFile(const std::string &filename, std::string_view content) {
+ return AddFile(filename, bssl::StringAsBytes(content));
}
- // GetFilePath returns the path to the speciifed file within the temporary
+ // GetFilePath returns the path to the specified file within the temporary
// directory.
std::string GetFilePath(const std::string &filename) {
#if defined(OPENSSL_WINDOWS)
diff --git a/fuzz/decode_client_hello_inner.cc b/fuzz/decode_client_hello_inner.cc
index c296dc9..0c1b3e5 100644
--- a/fuzz/decode_client_hello_inner.cc
+++ b/fuzz/decode_client_hello_inner.cc
@@ -23,7 +23,7 @@
static bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
static bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
- CBS reader(bssl::MakeConstSpan(buf, len));
+ CBS reader(bssl::Span(buf, len));
CBS encoded_client_hello_inner_cbs;
if (!CBS_get_u24_length_prefixed(&reader, &encoded_client_hello_inner_cbs)) {
diff --git a/include/openssl/bytestring.h b/include/openssl/bytestring.h
index 5f4200e..951d3df 100644
--- a/include/openssl/bytestring.h
+++ b/include/openssl/bytestring.h
@@ -45,9 +45,7 @@
// Allow implicit conversions to and from bssl::Span<const uint8_t>.
cbs_st(bssl::Span<const uint8_t> span)
: data(span.data()), len(span.size()) {}
- operator bssl::Span<const uint8_t>() const {
- return bssl::MakeConstSpan(data, len);
- }
+ operator bssl::Span<const uint8_t>() const { return bssl::Span(data, len); }
// Defining any constructors requires we explicitly default the others.
cbs_st() = default;
diff --git a/include/openssl/span.h b/include/openssl/span.h
index fa77962..11ca2db 100644
--- a/include/openssl/span.h
+++ b/include/openssl/span.h
@@ -99,10 +99,10 @@
//
// FooMutate(bssl::Span<uint8_t>(vec));
//
-// You can also use the |MakeSpan| and |MakeConstSpan| factory methods to
-// construct Spans in order to deduce the type of the Span automatically.
+// You can also use C++17 class template argument deduction to construct Spans
+// in order to deduce the type of the Span automatically.
//
-// FooMutate(bssl::MakeSpan(vec));
+// FooMutate(bssl::Span(vec));
//
// Note that Spans have value type sematics. They are cheap to construct and
// copy, and should be passed by value whenever a method would otherwise accept
diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc
index b02a958..69fb09b 100644
--- a/ssl/d1_both.cc
+++ b/ssl/d1_both.cc
@@ -891,7 +891,7 @@
uint32_t old_offset = ssl->d1->outgoing_offset;
size_t packet_len;
- if (!seal_next_packet(ssl, MakeSpan(packet), &packet_len)) {
+ if (!seal_next_packet(ssl, Span(packet), &packet_len)) {
return -1;
}
@@ -1001,7 +1001,7 @@
}
ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_ACK,
- MakeConstSpan(CBB_data(&cbb), CBB_len(&cbb)));
+ Span(CBB_data(&cbb), CBB_len(&cbb)));
int bio_ret =
BIO_write(ssl->wbio.get(), record, static_cast<int>(record_len));
diff --git a/ssl/dtls_record.cc b/ssl/dtls_record.cc
index 55cd1f2..125de2b 100644
--- a/ssl/dtls_record.cc
+++ b/ssl/dtls_record.cc
@@ -115,7 +115,7 @@
}
static Span<uint8_t> cbs_to_writable_bytes(CBS cbs) {
- return MakeSpan(const_cast<uint8_t *>(CBS_data(&cbs)), CBS_len(&cbs));
+ return Span(const_cast<uint8_t *>(CBS_data(&cbs)), CBS_len(&cbs));
}
struct ParsedDTLSRecord {
@@ -540,8 +540,7 @@
CRYPTO_store_u64_be(out + 3, record_number.combined());
CRYPTO_store_u16_be(out + 11, ciphertext_len);
}
- Span<const uint8_t> header = MakeConstSpan(out, record_header_len);
-
+ Span<const uint8_t> header(out, record_header_len);
if (!write_epoch->aead->SealScatter(
out + record_header_len, out + prefix, out + prefix + in_len, type,
@@ -556,8 +555,7 @@
// generate the mask used for encryption. For simplicity, pass in the whole
// ciphertext as the sample - GenerateRecordNumberMask will read only what
// it needs (and error if |sample| is too short).
- Span<const uint8_t> sample =
- MakeConstSpan(out + record_header_len, ciphertext_len);
+ Span<const uint8_t> sample(out + record_header_len, ciphertext_len);
uint8_t mask[2];
if (!write_epoch->rn_encrypter->GenerateMask(mask, sample)) {
return false;
diff --git a/ssl/encrypted_client_hello.cc b/ssl/encrypted_client_hello.cc
index 046e0a9..6892f97 100644
--- a/ssl/encrypted_client_hello.cc
+++ b/ssl/encrypted_client_hello.cc
@@ -172,8 +172,8 @@
return false;
}
- auto inner_extensions = MakeConstSpan(client_hello_inner.extensions,
- client_hello_inner.extensions_len);
+ auto inner_extensions =
+ Span(client_hello_inner.extensions, client_hello_inner.extensions_len);
CBS ext_list_wrapper;
if (!ssl_client_hello_get_extension(&client_hello_inner, &ext_list_wrapper,
TLSEXT_TYPE_ech_outer_extensions)) {
@@ -255,8 +255,8 @@
return false;
}
- if (!is_valid_client_hello_inner(
- ssl, out_alert, MakeConstSpan(CBB_data(&body), CBB_len(&body)))) {
+ if (!is_valid_client_hello_inner(ssl, out_alert,
+ Span(CBB_data(&body), CBB_len(&body)))) {
return false;
}
@@ -277,8 +277,8 @@
// point within |client_hello_outer->extensions|) replaced with zeros. See
// draft-ietf-tls-esni-13, section 5.2.
Array<uint8_t> aad;
- if (!aad.CopyFrom(MakeConstSpan(client_hello_outer->client_hello,
- client_hello_outer->client_hello_len))) {
+ if (!aad.CopyFrom(Span(client_hello_outer->client_hello,
+ client_hello_outer->client_hello_len))) {
*out_alert = SSL_AD_INTERNAL_ERROR;
return false;
}
@@ -290,7 +290,7 @@
assert(reinterpret_cast<uintptr_t>(client_hello_outer->extensions +
client_hello_outer->extensions_len) >=
reinterpret_cast<uintptr_t>(payload.data() + payload.size()));
- Span<uint8_t> payload_aad = MakeSpan(aad).subspan(
+ Span<uint8_t> payload_aad = Span(aad).subspan(
payload.data() - client_hello_outer->client_hello, payload.size());
OPENSSL_memset(payload_aad.data(), 0, payload_aad.size());
@@ -431,7 +431,7 @@
// Make a copy of the ECHConfig and parse from it, so the results alias into
// the saved copy.
if (!out->raw.CopyFrom(
- MakeConstSpan(CBS_data(&orig), CBS_len(&orig) - CBS_len(cbs)))) {
+ Span(CBS_data(&orig), CBS_len(&orig) - CBS_len(cbs)))) {
return false;
}
@@ -539,7 +539,7 @@
return false;
}
if (ech_config_.kem_id != EVP_HPKE_KEM_id(EVP_HPKE_KEY_kem(key)) ||
- MakeConstSpan(expected_public_key, expected_public_key_len) !=
+ Span(expected_public_key, expected_public_key_len) !=
ech_config_.public_key) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ECH_SERVER_CONFIG_AND_PRIVATE_KEY_MISMATCH);
return false;
@@ -650,7 +650,7 @@
}
if (!hs->config->client_ech_config_list.empty()) {
- CBS cbs = MakeConstSpan(hs->config->client_ech_config_list);
+ CBS cbs = CBS(hs->config->client_ech_config_list);
CBS child;
if (!CBS_get_u16_length_prefixed(&cbs, &child) || //
CBS_len(&child) == 0 || //
@@ -804,16 +804,16 @@
if (needs_psk_binder) {
size_t binder_len;
- if (!tls13_write_psk_binder(hs, hs->inner_transcript, MakeSpan(hello_inner),
+ if (!tls13_write_psk_binder(hs, hs->inner_transcript, Span(hello_inner),
&binder_len)) {
return false;
}
// Also update the EncodedClientHelloInner.
auto encoded_binder =
- MakeSpan(const_cast<uint8_t *>(CBB_data(encoded_cbb.get())),
- CBB_len(encoded_cbb.get()))
+ Span(const_cast<uint8_t *>(CBB_data(encoded_cbb.get())),
+ CBB_len(encoded_cbb.get()))
.last(binder_len);
- auto hello_inner_binder = MakeConstSpan(hello_inner).last(binder_len);
+ auto hello_inner_binder = Span(hello_inner).last(binder_len);
OPENSSL_memcpy(encoded_binder.data(), hello_inner_binder.data(),
binder_len);
}
@@ -885,7 +885,7 @@
assert(!needs_psk_binder);
// Replace the payload in |hs->ech_client_outer| with the encrypted value.
- auto payload_span = MakeSpan(hs->ech_client_outer).last(payload_len);
+ auto payload_span = Span(hs->ech_client_outer).last(payload_len);
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
// In fuzzer mode, the server expects a cleartext payload.
assert(payload_span.size() == encoded.size());
@@ -920,7 +920,7 @@
return 0;
}
- auto span = MakeConstSpan(ech_config_list, ech_config_list_len);
+ auto span = Span(ech_config_list, ech_config_list_len);
if (!ssl_is_valid_ech_config_list(span)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ECH_CONFIG_LIST);
return 0;
@@ -972,8 +972,7 @@
int SSL_marshal_ech_config(uint8_t **out, size_t *out_len, uint8_t config_id,
const EVP_HPKE_KEY *key, const char *public_name,
size_t max_name_len) {
- Span<const uint8_t> public_name_u8 = MakeConstSpan(
- reinterpret_cast<const uint8_t *>(public_name), strlen(public_name));
+ Span<const uint8_t> public_name_u8 = StringAsBytes(public_name);
if (!ssl_is_valid_ech_public_name(public_name_u8)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ECH_PUBLIC_NAME);
return 0;
@@ -1036,7 +1035,7 @@
if (!parsed_config) {
return 0;
}
- if (!parsed_config->Init(MakeConstSpan(ech_config, ech_config_len), key,
+ if (!parsed_config->Init(Span(ech_config, ech_config_len), key,
!!is_retry_config)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
return 0;
diff --git a/ssl/extensions.cc b/ssl/extensions.cc
index c6718d5..df914c8 100644
--- a/ssl/extensions.cc
+++ b/ssl/extensions.cc
@@ -436,9 +436,7 @@
if (ssl->hostname == nullptr) {
return true;
}
- hostname =
- MakeConstSpan(reinterpret_cast<const uint8_t *>(ssl->hostname.get()),
- strlen(ssl->hostname.get()));
+ hostname = StringAsBytes(ssl->hostname.get());
}
CBB contents, server_name_list, name;
@@ -1102,8 +1100,7 @@
ssl, &selected, &selected_len, orig_contents,
static_cast<unsigned>(orig_len),
ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
- !ssl->s3->next_proto_negotiated.CopyFrom(
- MakeConstSpan(selected, selected_len))) {
+ !ssl->s3->next_proto_negotiated.CopyFrom(Span(selected, selected_len))) {
*out_alert = SSL_AD_INTERNAL_ERROR;
return false;
}
@@ -1437,8 +1434,7 @@
*out_alert = SSL_AD_INTERNAL_ERROR;
return false;
}
- if (!ssl->s3->alpn_selected.CopyFrom(
- MakeConstSpan(selected, selected_len))) {
+ if (!ssl->s3->alpn_selected.CopyFrom(Span(selected, selected_len))) {
*out_alert = SSL_AD_INTERNAL_ERROR;
return false;
}
@@ -3019,7 +3015,7 @@
*out_alert = SSL_AD_DECODE_ERROR;
return false;
}
- if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) {
+ if (protocol_name == Span(ssl->s3->alpn_selected)) {
found = true;
}
}
@@ -4076,9 +4072,8 @@
}
}
- Span<const uint16_t> sigalgs = cred->sigalgs.empty()
- ? MakeConstSpan(kSignSignatureAlgorithms)
- : cred->sigalgs;
+ Span<const uint16_t> sigalgs =
+ cred->sigalgs.empty() ? Span(kSignSignatureAlgorithms) : cred->sigalgs;
for (uint16_t sigalg : sigalgs) {
if (!ssl_pkey_supports_algorithm(ssl, cred->pubkey.get(), sigalg,
/*is_verify=*/false)) {
diff --git a/ssl/handshake.cc b/ssl/handshake.cc
index e10950e..4ecb5fb 100644
--- a/ssl/handshake.cc
+++ b/ssl/handshake.cc
@@ -74,7 +74,7 @@
out_msg->raw = CBS(ech_client_hello_buf);
size_t header_len =
SSL_is_dtls(ssl) ? DTLS1_HM_HEADER_LENGTH : SSL3_HM_HEADER_LENGTH;
- out_msg->body = MakeConstSpan(ech_client_hello_buf).subspan(header_len);
+ out_msg->body = CBS(Span(ech_client_hello_buf).subspan(header_len));
} else if (!ssl->method->get_message(ssl, out_msg)) {
// The message has already been read, so this cannot fail.
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -398,11 +398,9 @@
}
if (ssl->server) {
- ssl->s3->previous_client_finished.CopyFrom(
- MakeConstSpan(finished, finished_len));
+ ssl->s3->previous_client_finished.CopyFrom(Span(finished, finished_len));
} else {
- ssl->s3->previous_server_finished.CopyFrom(
- MakeConstSpan(finished, finished_len));
+ ssl->s3->previous_server_finished.CopyFrom(Span(finished, finished_len));
}
// The Finished message should be the end of a flight.
@@ -426,7 +424,7 @@
ssl->server)) {
return false;
}
- auto finished = MakeConstSpan(finished_buf, finished_len);
+ auto finished = Span(finished_buf, finished_len);
// Log the master secret, if logging is enabled.
if (!ssl_log_secret(ssl, "CLIENT_RANDOM", session->secret)) {
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 45f5901..3f8040b 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -234,7 +234,7 @@
// ClientHelloOuter cannot have a PSK binder. Otherwise the
// ClientHellOuterAAD computation would break.
assert(type != ssl_client_hello_outer);
- if (!tls13_write_psk_binder(hs, hs->transcript, MakeSpan(msg),
+ if (!tls13_write_psk_binder(hs, hs->transcript, Span(msg),
/*out_binder_len=*/0)) {
return false;
}
@@ -419,7 +419,7 @@
if (!ssl_setup_key_shares(hs, /*override_group_id=*/0) ||
!ssl_setup_extension_permutation(hs) ||
- !ssl_encrypt_client_hello(hs, MakeConstSpan(ech_enc, ech_enc_len)) ||
+ !ssl_encrypt_client_hello(hs, Span(ech_enc, ech_enc_len)) ||
!ssl_add_client_hello(hs)) {
return ssl_hs_error;
}
@@ -666,8 +666,7 @@
sizeof(kJDK11DowngradeRandom) == sizeof(kTLS13DowngradeRandom),
"downgrade signals have different size");
auto suffix =
- MakeConstSpan(ssl->s3->server_random, sizeof(ssl->s3->server_random))
- .subspan(SSL3_RANDOM_SIZE - sizeof(kTLS13DowngradeRandom));
+ Span(ssl->s3->server_random).last(sizeof(kTLS13DowngradeRandom));
if (suffix == kTLS12DowngradeRandom || suffix == kTLS13DowngradeRandom ||
suffix == kJDK11DowngradeRandom) {
OPENSSL_PUT_ERROR(SSL, SSL_R_TLS13_DOWNGRADE);
@@ -1473,8 +1472,7 @@
}
hs->new_session->secret.ResizeForOverwrite(SSL3_MASTER_SECRET_SIZE);
- if (!tls1_generate_master_secret(hs, MakeSpan(hs->new_session->secret),
- pms)) {
+ if (!tls1_generate_master_secret(hs, Span(hs->new_session->secret), pms)) {
return ssl_hs_error;
}
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index f0adbbc..45afcf1 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -91,7 +91,7 @@
} else if (client_hello->version <= DTLS1_VERSION) {
versions_len = 2;
}
- versions = MakeConstSpan(kDTLSVersions).last(versions_len);
+ versions = Span(kDTLSVersions).last(versions_len);
} else {
if (client_hello->version >= TLS1_2_VERSION) {
versions_len = 6;
@@ -100,7 +100,7 @@
} else if (client_hello->version >= TLS1_VERSION) {
versions_len = 2;
}
- versions = MakeConstSpan(kTLSVersions).last(versions_len);
+ versions = Span(kTLSVersions).last(versions_len);
}
}
@@ -761,7 +761,7 @@
// |ssl_client_hello_init| checks that |client_hello.session_id| is not too
// large.
hs->session_id.CopyFrom(
- MakeConstSpan(client_hello.session_id, client_hello.session_id_len));
+ Span(client_hello.session_id, client_hello.session_id_len));
// Determine whether we are doing session resumption.
UniquePtr<SSL_SESSION> session;
@@ -1042,7 +1042,7 @@
hints->ecdhe_group_id == hs->new_session->group_id &&
!hints->ecdhe_public_key.empty() &&
!hints->ecdhe_private_key.empty()) {
- CBS cbs = MakeConstSpan(hints->ecdhe_private_key);
+ CBS cbs = CBS(hints->ecdhe_private_key);
hint_ok = hs->key_shares[0]->DeserializePrivateKey(&cbs);
}
if (hint_ok) {
@@ -1060,7 +1060,7 @@
if (hints && hs->hints_requested) {
bssl::ScopedCBB private_key_cbb;
if (!hints->ecdhe_public_key.CopyFrom(
- MakeConstSpan(CBB_data(&child), CBB_len(&child))) ||
+ Span(CBB_data(&child), CBB_len(&child))) ||
!CBB_init(private_key_cbb.get(), 32) ||
!hs->key_shares[0]->SerializePrivateKey(private_key_cbb.get()) ||
!CBBFinishArray(private_key_cbb.get(),
@@ -1470,7 +1470,7 @@
// Compute the master secret.
hs->new_session->secret.ResizeForOverwrite(SSL3_MASTER_SECRET_SIZE);
- if (!tls1_generate_master_secret(hs, MakeSpan(hs->new_session->secret),
+ if (!tls1_generate_master_secret(hs, Span(hs->new_session->secret),
premaster_secret)) {
return ssl_hs_error;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index 4d24178..0f3da92 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -555,7 +555,7 @@
inline size_t GetAllNames(const char **out, size_t max_out,
Span<const char *const> fixed_names, Name(T::*name),
Span<const T> objects) {
- auto span = bssl::MakeSpan(out, max_out);
+ auto span = bssl::Span(out, max_out);
for (size_t i = 0; !span.empty() && i < fixed_names.size(); i++) {
span[0] = fixed_names[i];
span = span.subspan(1);
@@ -878,8 +878,8 @@
bool CopyToHashContext(EVP_MD_CTX *ctx, const EVP_MD *digest) const;
Span<const uint8_t> buffer() const {
- return MakeConstSpan(reinterpret_cast<const uint8_t *>(buffer_->data),
- buffer_->length);
+ return Span(reinterpret_cast<const uint8_t *>(buffer_->data),
+ buffer_->length);
}
// FreeBuffer releases the handshake buffer. Subsequent calls to
@@ -1467,11 +1467,9 @@
bool empty() const { return size_ == 0; }
size_t cap() const { return cap_; }
- Span<uint8_t> span() { return MakeSpan(data(), size()); }
+ Span<uint8_t> span() { return Span(data(), size()); }
- Span<uint8_t> remaining() {
- return MakeSpan(data() + size(), cap() - size());
- }
+ Span<uint8_t> remaining() { return Span(data() + size(), cap() - size()); }
// Clear releases the buffer.
void Clear();
@@ -3242,9 +3240,9 @@
struct DTLSIncomingMessage {
static constexpr bool kAllowUniquePtr = true;
- Span<uint8_t> msg() { return MakeSpan(data).subspan(DTLS1_HM_HEADER_LENGTH); }
+ Span<uint8_t> msg() { return Span(data).subspan(DTLS1_HM_HEADER_LENGTH); }
Span<const uint8_t> msg() const {
- return MakeSpan(data).subspan(DTLS1_HM_HEADER_LENGTH);
+ return Span(data).subspan(DTLS1_HM_HEADER_LENGTH);
}
size_t msg_len() const { return msg().size(); }
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc
index 7909c01..8b7e4ec 100644
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -144,9 +144,8 @@
}
UniquePtr<BUF_MEM> pending_hs_data = std::move(ssl->s3->pending_hs_data);
- auto data =
- MakeConstSpan(reinterpret_cast<const uint8_t *>(pending_hs_data->data),
- pending_hs_data->length);
+ auto data = Span(reinterpret_cast<const uint8_t *>(pending_hs_data->data),
+ pending_hs_data->length);
if (SSL_is_quic(ssl)) {
if ((ssl->s3->hs == nullptr || !ssl->s3->hs->hints_requested) &&
!ssl->quic_method->add_handshake_data(ssl, ssl->s3->quic_write_level,
diff --git a/ssl/s3_pkt.cc b/ssl/s3_pkt.cc
index 930a816..6a429b9 100644
--- a/ssl/s3_pkt.cc
+++ b/ssl/s3_pkt.cc
@@ -163,9 +163,9 @@
// NewSessionTicket.
Span<const uint8_t> pending_flight;
if (ssl->s3->pending_flight != nullptr) {
- pending_flight = MakeConstSpan(
- reinterpret_cast<const uint8_t *>(ssl->s3->pending_flight->data),
- ssl->s3->pending_flight->length);
+ pending_flight =
+ Span(reinterpret_cast<const uint8_t *>(ssl->s3->pending_flight->data),
+ ssl->s3->pending_flight->length);
pending_flight = pending_flight.subspan(ssl->s3->pending_flight_offset);
}
diff --git a/ssl/ssl_aead_ctx.cc b/ssl/ssl_aead_ctx.cc
index a7873e3..ae857f6 100644
--- a/ssl/ssl_aead_ctx.cc
+++ b/ssl/ssl_aead_ctx.cc
@@ -109,8 +109,8 @@
OPENSSL_memcpy(merged_key + mac_key.size(), enc_key.data(), enc_key.size());
OPENSSL_memcpy(merged_key + mac_key.size() + enc_key.size(),
fixed_iv.data(), fixed_iv.size());
- enc_key = MakeConstSpan(merged_key,
- enc_key.size() + mac_key.size() + fixed_iv.size());
+ enc_key =
+ Span(merged_key, enc_key.size() + mac_key.size() + fixed_iv.size());
// The |EVP_AEAD|'s per-encryption nonce, if any, is actually the CBC IV. It
// must be generated randomly and prepended to the record.
@@ -226,7 +226,7 @@
storage[len++] = static_cast<uint8_t>((plaintext_len >> 8));
storage[len++] = static_cast<uint8_t>(plaintext_len);
}
- return MakeConstSpan(storage, len);
+ return Span(storage, len);
}
bool SSLAEADContext::Open(Span<uint8_t> *out, uint8_t type,
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index 5007dfe..99c7bc9 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -334,9 +334,7 @@
};
-Span<const SSL_CIPHER> AllCiphers() {
- return MakeConstSpan(kCiphers, OPENSSL_ARRAY_SIZE(kCiphers));
-}
+Span<const SSL_CIPHER> AllCiphers() { return kCiphers; }
static constexpr size_t NumTLS13Ciphers() {
size_t num = 0;
@@ -1567,11 +1565,11 @@
void SSL_COMP_free_compression_methods(void) {}
size_t SSL_get_all_cipher_names(const char **out, size_t max_out) {
- return GetAllNames(out, max_out, MakeConstSpan(&kUnknownCipher, 1),
- &SSL_CIPHER::name, MakeConstSpan(kCiphers));
+ return GetAllNames(out, max_out, Span(&kUnknownCipher, 1), &SSL_CIPHER::name,
+ Span(kCiphers));
}
size_t SSL_get_all_standard_cipher_names(const char **out, size_t max_out) {
return GetAllNames(out, max_out, Span<const char *>(),
- &SSL_CIPHER::standard_name, MakeConstSpan(kCiphers));
+ &SSL_CIPHER::standard_name, Span(kCiphers));
}
diff --git a/ssl/ssl_credential.cc b/ssl/ssl_credential.cc
index 361dcd1..184d15e 100644
--- a/ssl/ssl_credential.cc
+++ b/ssl/ssl_credential.cc
@@ -67,8 +67,8 @@
// credential matches it, it is good.
if (hs->ca_names != nullptr) {
for (const CRYPTO_BUFFER *ca_name : hs->ca_names.get()) {
- if (cred->ChainContainsIssuer(MakeConstSpan(
- CRYPTO_BUFFER_data(ca_name), CRYPTO_BUFFER_len(ca_name)))) {
+ if (cred->ChainContainsIssuer(Span(CRYPTO_BUFFER_data(ca_name),
+ CRYPTO_BUFFER_len(ca_name)))) {
return true;
}
}
@@ -382,7 +382,7 @@
return 0;
}
- if (!cred->sigalgs.CopyFrom(MakeConstSpan(&dc_cert_verify_algorithm, 1))) {
+ if (!cred->sigalgs.CopyFrom(Span(&dc_cert_verify_algorithm, 1))) {
return 0;
}
diff --git a/ssl/ssl_internal_test.cc b/ssl/ssl_internal_test.cc
index 2275c3e..230018f 100644
--- a/ssl/ssl_internal_test.cc
+++ b/ssl/ssl_internal_test.cc
@@ -166,18 +166,18 @@
EXPECT_EQ(3, *iter);
iter++;
EXPECT_EQ(iter, vec.end());
- EXPECT_EQ(MakeConstSpan(vec), MakeConstSpan(data3));
+ EXPECT_EQ(Span(vec), Span(data3));
InplaceVector<int, 4> vec2 = vec;
- EXPECT_EQ(MakeConstSpan(vec), MakeConstSpan(vec2));
+ EXPECT_EQ(Span(vec), Span(vec2));
InplaceVector<int, 4> vec3;
vec3 = vec;
- EXPECT_EQ(MakeConstSpan(vec), MakeConstSpan(vec2));
+ EXPECT_EQ(Span(vec), Span(vec2));
int data4[] = {1, 2, 3, 4};
ASSERT_TRUE(vec.TryCopyFrom(data4));
- EXPECT_EQ(MakeConstSpan(vec), MakeConstSpan(data4));
+ EXPECT_EQ(Span(vec), Span(data4));
int data5[] = {1, 2, 3, 4, 5};
EXPECT_FALSE(vec.TryCopyFrom(data5));
@@ -185,7 +185,7 @@
// Shrink the vector.
ASSERT_TRUE(vec.TryResize(3));
- EXPECT_EQ(MakeConstSpan(vec), MakeConstSpan(data3));
+ EXPECT_EQ(Span(vec), Span(data3));
// Enlarge it again. The new value should have been value-initialized.
ASSERT_TRUE(vec.TryResize(4));
@@ -196,17 +196,17 @@
vec.CopyFrom(data4);
const auto *ptr = &vec;
vec = *ptr;
- EXPECT_EQ(MakeConstSpan(vec), MakeConstSpan(data4));
+ EXPECT_EQ(Span(vec), Span(data4));
}
TEST(InplaceVectorTest, ComplexType) {
InplaceVector<std::vector<int>, 4> vec_of_vecs;
const std::vector<int> data[] = {{1, 2, 3}, {4, 5, 6}, {7, 8, 9}};
vec_of_vecs.CopyFrom(data);
- EXPECT_EQ(MakeConstSpan(vec_of_vecs), MakeConstSpan(data));
+ EXPECT_EQ(Span(vec_of_vecs), Span(data));
vec_of_vecs.Resize(2);
- EXPECT_EQ(MakeConstSpan(vec_of_vecs), MakeConstSpan(data, 2));
+ EXPECT_EQ(Span(vec_of_vecs), Span(data, 2));
vec_of_vecs.Resize(4);
EXPECT_EQ(4u, vec_of_vecs.size());
@@ -854,11 +854,11 @@
SCOPED_TRACE(SSL_CIPHER_standard_name(cipher));
const uint8_t kZeros[EVP_AEAD_MAX_KEY_LENGTH] = {0};
- UniquePtr<SSLAEADContext> aead = SSLAEADContext::Create(
- evp_aead_seal, cipher_test.version, cipher,
- MakeConstSpan(kZeros).first(cipher_test.enc_key_len),
- MakeConstSpan(kZeros).first(cipher_test.mac_key_len),
- MakeConstSpan(kZeros).first(cipher_test.fixed_iv_len));
+ UniquePtr<SSLAEADContext> aead =
+ SSLAEADContext::Create(evp_aead_seal, cipher_test.version, cipher,
+ Span(kZeros).first(cipher_test.enc_key_len),
+ Span(kZeros).first(cipher_test.mac_key_len),
+ Span(kZeros).first(cipher_test.fixed_iv_len));
ASSERT_TRUE(aead);
for (const auto &t : cipher_test.length_tests) {
diff --git a/ssl/ssl_key_share.cc b/ssl/ssl_key_share.cc
index f836c23..af68003 100644
--- a/ssl/ssl_key_share.cc
+++ b/ssl/ssl_key_share.cc
@@ -388,9 +388,7 @@
} // namespace
-Span<const NamedGroup> NamedGroups() {
- return MakeConstSpan(kNamedGroups, OPENSSL_ARRAY_SIZE(kNamedGroups));
-}
+Span<const NamedGroup> NamedGroups() { return kNamedGroups; }
UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
switch (group_id) {
@@ -464,5 +462,5 @@
size_t SSL_get_all_group_names(const char **out, size_t max_out) {
return GetAllNames(out, max_out, Span<const char *>(), &NamedGroup::name,
- MakeConstSpan(kNamedGroups));
+ Span(kNamedGroups));
}
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 56fafde..41d071c 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -377,7 +377,7 @@
}
static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
- return MakeConstSpan(a->session_id) == b->session_id ? 0 : 1;
+ return Span(a->session_id) == b->session_id ? 0 : 1;
}
ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
@@ -699,7 +699,7 @@
return 0;
}
- return tls_append_handshake_data(ssl, MakeConstSpan(data, len));
+ return tls_append_handshake_data(ssl, Span(data, len));
}
int SSL_do_handshake(SSL *ssl) {
@@ -963,8 +963,7 @@
}
ret = ssl->method->write_app_data(
ssl, &needs_handshake, &bytes_written,
- MakeConstSpan(static_cast<const uint8_t *>(buf),
- static_cast<size_t>(num)));
+ Span(static_cast<const uint8_t *>(buf), static_cast<size_t>(num)));
} while (needs_handshake);
return ret <= 0 ? ret : static_cast<int>(bytes_written);
}
@@ -1075,8 +1074,8 @@
int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
size_t params_len) {
- return ssl->config && ssl->config->quic_transport_params.CopyFrom(
- MakeConstSpan(params, params_len));
+ return ssl->config &&
+ ssl->config->quic_transport_params.CopyFrom(Span(params, params_len));
}
void SSL_get_peer_quic_transport_params(const SSL *ssl,
@@ -1089,7 +1088,7 @@
int SSL_set_quic_early_data_context(SSL *ssl, const uint8_t *context,
size_t context_len) {
return ssl->config && ssl->config->quic_early_data_context.CopyFrom(
- MakeConstSpan(context, context_len));
+ Span(context, context_len));
}
void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
@@ -1393,7 +1392,7 @@
static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
size_t sid_ctx_len) {
- if (!cert->sid_ctx.TryCopyFrom(MakeConstSpan(sid_ctx, sid_ctx_len))) {
+ if (!cert->sid_ctx.TryCopyFrom(Span(sid_ctx, sid_ctx_len))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
}
@@ -1814,7 +1813,7 @@
int SSL_CTX_set1_group_ids(SSL_CTX *ctx, const uint16_t *group_ids,
size_t num_group_ids) {
- auto span = MakeConstSpan(group_ids, num_group_ids);
+ auto span = Span(group_ids, num_group_ids);
return check_group_ids(span) && ctx->supported_group_list.CopyFrom(span);
}
@@ -1823,7 +1822,7 @@
if (!ssl->config) {
return 0;
}
- auto span = MakeConstSpan(group_ids, num_group_ids);
+ auto span = Span(group_ids, num_group_ids);
return check_group_ids(span) &&
ssl->config->supported_group_list.CopyFrom(span);
}
@@ -1848,7 +1847,7 @@
int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t num_groups) {
return ssl_nids_to_group_ids(&ctx->supported_group_list,
- MakeConstSpan(groups, num_groups));
+ Span(groups, num_groups));
}
int SSL_set1_groups(SSL *ssl, const int *groups, size_t num_groups) {
@@ -1856,7 +1855,7 @@
return 0;
}
return ssl_nids_to_group_ids(&ssl->config->supported_group_list,
- MakeConstSpan(groups, num_groups));
+ Span(groups, num_groups));
}
static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids,
@@ -2129,8 +2128,8 @@
// Both |peer| and |supported| must be valid protocol lists, but |peer| may be
// empty in NPN.
- auto peer_span = MakeConstSpan(peer, peer_len);
- auto supported_span = MakeConstSpan(supported, supported_len);
+ auto peer_span = Span(peer, peer_len);
+ auto supported_span = Span(supported, supported_len);
if ((!peer_span.empty() && !ssl_is_valid_alpn_list(peer_span)) ||
!ssl_is_valid_alpn_list(supported_span)) {
return OPENSSL_NPN_NO_OVERLAP;
@@ -2143,7 +2142,7 @@
return OPENSSL_NPN_NO_OVERLAP;
}
- if (ssl_alpn_list_contains_protocol(MakeConstSpan(supported, supported_len),
+ if (ssl_alpn_list_contains_protocol(Span(supported, supported_len),
proto)) {
// This function is not const-correct for compatibility with existing
// callers.
@@ -2198,7 +2197,7 @@
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
size_t protos_len) {
// Note this function's return value is backwards.
- auto span = MakeConstSpan(protos, protos_len);
+ auto span = Span(protos, protos_len);
if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL_LIST);
return 1;
@@ -2211,7 +2210,7 @@
if (!ssl->config) {
return 1;
}
- auto span = MakeConstSpan(protos, protos_len);
+ auto span = Span(protos, protos_len);
if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL_LIST);
return 1;
@@ -2253,8 +2252,8 @@
return 0;
}
ALPSConfig config;
- if (!config.protocol.CopyFrom(MakeConstSpan(proto, proto_len)) ||
- !config.settings.CopyFrom(MakeConstSpan(settings, settings_len)) ||
+ if (!config.protocol.CopyFrom(Span(proto, proto_len)) ||
+ !config.settings.CopyFrom(Span(settings, settings_len)) ||
!ssl->config->alps_configs.Push(std::move(config))) {
return 0;
}
diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 8458d34..7cc8d73 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc
@@ -208,9 +208,9 @@
// Replay the signature from handshake hints if available.
if (hints && !hs->hints_requested && //
sigalg == hints->signature_algorithm && //
- in == hints->signature_input &&
- MakeConstSpan(spki) == hints->signature_spki &&
- !hints->signature.empty() && //
+ in == hints->signature_input && //
+ Span(spki) == hints->signature_spki && //
+ !hints->signature.empty() && //
hints->signature.size() <= max_out) {
// Signature algorithm and input both match. Reuse the signature from hints.
*out_len = hints->signature.size();
@@ -251,7 +251,7 @@
hints->signature_algorithm = sigalg;
hints->signature_spki = std::move(spki);
if (!hints->signature_input.CopyFrom(in) ||
- !hints->signature.CopyFrom(MakeConstSpan(out, *out_len))) {
+ !hints->signature.CopyFrom(Span(out, *out_len))) {
return ssl_private_key_failure;
}
}
@@ -491,9 +491,9 @@
size_t SSL_get_all_signature_algorithm_names(const char **out, size_t max_out) {
const char *kPredefinedNames[] = {"ecdsa_sha256", "ecdsa_sha384",
"ecdsa_sha512"};
- return GetAllNames(out, max_out, MakeConstSpan(kPredefinedNames),
+ return GetAllNames(out, max_out, kPredefinedNames,
&SignatureAlgorithmName::name,
- MakeConstSpan(kSignatureAlgorithmNames));
+ Span(kSignatureAlgorithmNames));
}
int SSL_get_signature_algorithm_key_type(uint16_t sigalg) {
@@ -603,7 +603,7 @@
return 0;
}
- return set_sigalg_prefs(&cred->sigalgs, MakeConstSpan(prefs, num_prefs));
+ return set_sigalg_prefs(&cred->sigalgs, Span(prefs, num_prefs));
}
int SSL_CTX_set_signing_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
@@ -899,8 +899,7 @@
int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
size_t num_prefs) {
- return set_sigalg_prefs(&ctx->verify_sigalgs,
- MakeConstSpan(prefs, num_prefs));
+ return set_sigalg_prefs(&ctx->verify_sigalgs, Span(prefs, num_prefs));
}
int SSL_set_verify_algorithm_prefs(SSL *ssl, const uint16_t *prefs,
@@ -910,6 +909,5 @@
return 0;
}
- return set_sigalg_prefs(&ssl->config->verify_sigalgs,
- MakeConstSpan(prefs, num_prefs));
+ return set_sigalg_prefs(&ssl->config->verify_sigalgs, Span(prefs, num_prefs));
}
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index 52ce2d1..3956d06 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -457,7 +457,7 @@
bool ssl_session_is_context_valid(const SSL_HANDSHAKE *hs,
const SSL_SESSION *session) {
return session != nullptr &&
- MakeConstSpan(session->sid_ctx) == hs->config->cert->sid_ctx;
+ Span(session->sid_ctx) == hs->config->cert->sid_ctx;
}
bool ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
@@ -590,9 +590,9 @@
ssl_client_hello_get_extension(client_hello, &ticket,
TLSEXT_TYPE_session_ticket);
if (tickets_supported && CBS_len(&ticket) != 0) {
- switch (ssl_process_ticket(hs, &session, &renew_ticket, ticket,
- MakeConstSpan(client_hello->session_id,
- client_hello->session_id_len))) {
+ switch (ssl_process_ticket(
+ hs, &session, &renew_ticket, ticket,
+ Span(client_hello->session_id, client_hello->session_id_len))) {
case ssl_ticket_aead_success:
break;
case ssl_ticket_aead_ignore_ticket:
@@ -607,7 +607,7 @@
// The client didn't send a ticket, so the session ID is a real ID.
enum ssl_hs_wait_t lookup_ret = ssl_lookup_session(
hs, &session,
- MakeConstSpan(client_hello->session_id, client_hello->session_id_len));
+ Span(client_hello->session_id, client_hello->session_id_len));
if (lookup_ret != ssl_hs_ok) {
return lookup_ret;
}
@@ -846,7 +846,7 @@
int SSL_SESSION_set1_id(SSL_SESSION *session, const uint8_t *sid,
size_t sid_len) {
- if (!session->session_id.TryCopyFrom(MakeConstSpan(sid, sid_len))) {
+ if (!session->session_id.TryCopyFrom(Span(sid, sid_len))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_TOO_LONG);
return 0;
}
@@ -939,7 +939,7 @@
int SSL_SESSION_set1_id_context(SSL_SESSION *session, const uint8_t *sid_ctx,
size_t sid_ctx_len) {
- if (!session->sid_ctx.TryCopyFrom(MakeConstSpan(sid_ctx, sid_ctx_len))) {
+ if (!session->sid_ctx.TryCopyFrom(Span(sid_ctx, sid_ctx_len))) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
}
@@ -969,7 +969,7 @@
int SSL_SESSION_set_ticket(SSL_SESSION *session, const uint8_t *ticket,
size_t ticket_len) {
- return session->ticket.CopyFrom(MakeConstSpan(ticket, ticket_len));
+ return session->ticket.CopyFrom(Span(ticket, ticket_len));
}
uint32_t SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session) {
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index cf072a7..7bbdb13 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2194,7 +2194,7 @@
ssl.get(), &parsed,
// Skip record and handshake headers. This assumes the ClientHello
// fits in one record.
- MakeConstSpan(client_hello)
+ Span(client_hello)
.subspan(SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)) ||
!SSL_early_callback_ctx_extension_get(
&parsed, TLSEXT_TYPE_encrypted_client_hello, &unused, out_ech_len)) {
@@ -2254,64 +2254,61 @@
}
TEST(SSLTest, ECHPublicName) {
- auto str_to_span = [](const char *str) -> Span<const uint8_t> {
- return MakeConstSpan(reinterpret_cast<const uint8_t *>(str), strlen(str));
- };
-
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("")));
- EXPECT_TRUE(ssl_is_valid_ech_public_name(str_to_span("example.com")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span(".example.com")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("example.com.")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("example..com")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("www.-example.com")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("www.example-.com")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("")));
+ EXPECT_TRUE(ssl_is_valid_ech_public_name(StringAsBytes("example.com")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes(".example.com")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.com.")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example..com")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("www.-example.com")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("www.example-.com")));
EXPECT_FALSE(
- ssl_is_valid_ech_public_name(str_to_span("no_underscores.example")));
- EXPECT_FALSE(
- ssl_is_valid_ech_public_name(str_to_span("invalid_chars.\x01.example")));
- EXPECT_FALSE(
- ssl_is_valid_ech_public_name(str_to_span("invalid_chars.\xff.example")));
+ ssl_is_valid_ech_public_name(StringAsBytes("no_underscores.example")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(
+ StringAsBytes("invalid_chars.\x01.example")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(
+ StringAsBytes("invalid_chars.\xff.example")));
static const uint8_t kWithNUL[] = {'t', 'e', 's', 't', 0};
EXPECT_FALSE(ssl_is_valid_ech_public_name(kWithNUL));
// Test an LDH label with every character and the maximum length.
- EXPECT_TRUE(ssl_is_valid_ech_public_name(str_to_span(
+ EXPECT_TRUE(ssl_is_valid_ech_public_name(StringAsBytes(
"abcdefhijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span(
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes(
"abcdefhijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-01234567899")));
// Inputs with trailing numeric components are rejected.
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("127.0.0.1")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("example.1")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("example.01")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("example.0x01")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("example.0X01")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("127.0.0.1")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.1")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.01")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.0x01")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("example.0X01")));
// Leading zeros and values that overflow |uint32_t| are still rejected.
EXPECT_FALSE(ssl_is_valid_ech_public_name(
- str_to_span("example.123456789000000000000000")));
+ StringAsBytes("example.123456789000000000000000")));
EXPECT_FALSE(ssl_is_valid_ech_public_name(
- str_to_span("example.012345678900000000000000")));
+ StringAsBytes("example.012345678900000000000000")));
EXPECT_FALSE(ssl_is_valid_ech_public_name(
- str_to_span("example.0x123456789abcdefABCDEF0")));
+ StringAsBytes("example.0x123456789abcdefABCDEF0")));
EXPECT_FALSE(ssl_is_valid_ech_public_name(
- str_to_span("example.0x0123456789abcdefABCDEF")));
+ StringAsBytes("example.0x0123456789abcdefABCDEF")));
// Adding a non-digit or non-hex character makes it a valid DNS name again.
// Single-component numbers are rejected.
- EXPECT_TRUE(ssl_is_valid_ech_public_name(str_to_span("example.1234567890a")));
EXPECT_TRUE(
- ssl_is_valid_ech_public_name(str_to_span("example.01234567890a")));
+ ssl_is_valid_ech_public_name(StringAsBytes("example.1234567890a")));
EXPECT_TRUE(
- ssl_is_valid_ech_public_name(str_to_span("example.0x123456789abcdefg")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("1")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("01")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("0x01")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("0X01")));
+ ssl_is_valid_ech_public_name(StringAsBytes("example.01234567890a")));
+ EXPECT_TRUE(ssl_is_valid_ech_public_name(
+ StringAsBytes("example.0x123456789abcdefg")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("1")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("01")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("0x01")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("0X01")));
// Numbers with trailing dots are rejected. (They are already rejected by the
// LDH label rules, but the WHATWG URL parser additionally rejects them.)
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("1.")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("01.")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("0x01.")));
- EXPECT_FALSE(ssl_is_valid_ech_public_name(str_to_span("0X01.")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("1.")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("01.")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("0x01.")));
+ EXPECT_FALSE(ssl_is_valid_ech_public_name(StringAsBytes("0X01.")));
}
// When using the built-in verifier, test that |SSL_get0_ech_name_override| is
@@ -4844,18 +4841,18 @@
Bytes(CRYPTO_BUFFER_data(subject_buf.get()),
CRYPTO_BUFFER_len(subject_buf.get())));
#if !defined(BORINGSSL_SHARED_LIBRARY)
- ASSERT_FALSE(cred->ChainContainsIssuer(
- MakeConstSpan(CRYPTO_BUFFER_data(subject_buf.get()),
- CRYPTO_BUFFER_len(subject_buf.get()))));
+ ASSERT_FALSE(
+ cred->ChainContainsIssuer(Span(CRYPTO_BUFFER_data(subject_buf.get()),
+ CRYPTO_BUFFER_len(subject_buf.get()))));
#endif
ASSERT_TRUE(
SSL_CREDENTIAL_set1_cert_chain(cred.get(), chain.data(), chain.size()));
#if !defined(BORINGSSL_SHARED_LIBRARY)
- ASSERT_TRUE(cred->ChainContainsIssuer(
- MakeConstSpan(CRYPTO_BUFFER_data(subject_buf.get()),
- CRYPTO_BUFFER_len(subject_buf.get()))));
+ ASSERT_TRUE(
+ cred->ChainContainsIssuer(Span(CRYPTO_BUFFER_data(subject_buf.get()),
+ CRYPTO_BUFFER_len(subject_buf.get()))));
#endif
ASSERT_TRUE(SSL_CREDENTIAL_set1_cert_chain(cred2.get(), test_chain.data(),
@@ -6947,23 +6944,22 @@
static int SetReadSecretCallback(SSL *ssl, ssl_encryption_level_t level,
const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len) {
- return TransportFromSSL(ssl)->SetReadSecret(
- level, cipher, MakeConstSpan(secret, secret_len));
+ return TransportFromSSL(ssl)->SetReadSecret(level, cipher,
+ Span(secret, secret_len));
}
static int SetWriteSecretCallback(SSL *ssl, ssl_encryption_level_t level,
const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len) {
- return TransportFromSSL(ssl)->SetWriteSecret(
- level, cipher, MakeConstSpan(secret, secret_len));
+ return TransportFromSSL(ssl)->SetWriteSecret(level, cipher,
+ Span(secret, secret_len));
}
static int AddHandshakeDataCallback(SSL *ssl,
enum ssl_encryption_level_t level,
const uint8_t *data, size_t len) {
EXPECT_EQ(level, SSL_quic_write_level(ssl));
- return TransportFromSSL(ssl)->WriteHandshakeData(level,
- MakeConstSpan(data, len));
+ return TransportFromSSL(ssl)->WriteHandshakeData(level, Span(data, len));
}
static int FlushFlightCallback(SSL *ssl) { return 1; }
@@ -7492,7 +7488,7 @@
const uint8_t *data, size_t len) -> int {
// Switch everything to the initial level.
return TransportFromSSL(ssl)->WriteHandshakeData(ssl_encryption_initial,
- MakeConstSpan(data, len));
+ Span(data, len));
};
SSL_QUIC_METHOD quic_method = DefaultQUICMethod();
@@ -8094,7 +8090,7 @@
const SSL_SESSION *session = SSL_get_session(ssl);
unsigned len;
const uint8_t *data = SSL_SESSION_get_id(session, &len);
- return MakeConstSpan(data, len);
+ return Span(data, len);
}
TEST_P(SSLVersionTest, TicketSessionIDsMatch) {
@@ -8142,9 +8138,9 @@
ASSERT_EQ(2u * (kKeyLen + kNonceLen), SSL_get_key_block_len(server));
uint8_t key_block[2u * (kKeyLen + kNonceLen)];
ASSERT_TRUE(SSL_generate_key_block(server, key_block, sizeof(key_block)));
- Span<uint8_t> key = MakeSpan(key_block + kKeyLen, kKeyLen);
+ Span<uint8_t> key = Span(key_block).subspan(kKeyLen, kKeyLen);
Span<uint8_t> nonce =
- MakeSpan(key_block + kKeyLen + kKeyLen + kNonceLen, kNonceLen);
+ Span(key_block).subspan(kKeyLen + kKeyLen + kNonceLen, kNonceLen);
uint8_t ad[13];
uint64_t seq = SSL_get_write_sequence(server);
diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc
index c8bee47..2238395 100644
--- a/ssl/ssl_transcript.cc
+++ b/ssl/ssl_transcript.cc
@@ -127,7 +127,7 @@
static_cast<uint8_t>(hash_len)};
if (!EVP_DigestInit_ex(hash_.get(), Digest(), nullptr) ||
!AddToBufferOrHash(header) ||
- !AddToBufferOrHash(MakeConstSpan(old_hash, hash_len))) {
+ !AddToBufferOrHash(Span(old_hash, hash_len))) {
return false;
}
return true;
@@ -207,8 +207,8 @@
std::string_view label = from_server ? "server finished" : "client finished";
static const size_t kFinishedLen = 12;
- if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen), session->secret, label,
- MakeConstSpan(digest, digest_len), {})) {
+ if (!tls1_prf(Digest(), Span(out, kFinishedLen), session->secret, label,
+ Span(digest, digest_len), {})) {
return false;
}
diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index 0d9b0c0..1b80311 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -407,8 +407,8 @@
}
size_t SSL_get_all_version_names(const char **out, size_t max_out) {
- return GetAllNames(out, max_out, MakeConstSpan(&kUnknownVersion, 1),
- &VersionInfo::name, MakeConstSpan(kVersionNames));
+ return GetAllNames(out, max_out, Span(&kUnknownVersion, 1),
+ &VersionInfo::name, Span(kVersionNames));
}
const char *SSL_SESSION_get_version(const SSL_SESSION *session) {
diff --git a/ssl/t1_enc.cc b/ssl/t1_enc.cc
index 31a2423..148fca7 100644
--- a/ssl/t1_enc.cc
+++ b/ssl/t1_enc.cc
@@ -88,7 +88,7 @@
const size_t key_block_size = 2 * (mac_secret_len + key_len + iv_len);
if (key_block_cache->empty()) {
if (!key_block_cache->InitForOverwrite(key_block_size) ||
- !generate_key_block(ssl, MakeSpan(*key_block_cache), session)) {
+ !generate_key_block(ssl, Span(*key_block_cache), session)) {
return false;
}
}
@@ -148,8 +148,7 @@
size_t digests_len;
if (!hs->transcript.GetHash(digests, &digests_len) ||
!tls1_prf(hs->transcript.Digest(), out, premaster,
- "extended master secret", MakeConstSpan(digests, digests_len),
- {})) {
+ "extended master secret", Span(digests, digests_len), {})) {
return false;
}
} else {
@@ -192,7 +191,7 @@
return 0;
}
- return generate_key_block(ssl, MakeSpan(out, out_len), SSL_get_session(ssl));
+ return generate_key_block(ssl, Span(out, out_len), SSL_get_session(ssl));
}
int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
@@ -212,8 +211,7 @@
context_len = 0;
}
return tls13_export_keying_material(ssl, out_span, ssl->s3->exporter_secret,
- label_sv,
- MakeConstSpan(context, context_len));
+ label_sv, Span(context, context_len));
}
// Exporters may be used in False Start, where the handshake has progressed
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index ac79979..968b95c 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -927,9 +927,7 @@
bssl::Span<const uint8_t> expected =
config->expect_no_ech_retry_configs
? bssl::Span<const uint8_t>()
- : bssl::MakeConstSpan(reinterpret_cast<const uint8_t *>(
- config->expect_ech_retry_configs.data()),
- config->expect_ech_retry_configs.size());
+ : bssl::StringAsBytes(config->expect_ech_retry_configs);
if (ret) {
fprintf(stderr, "Expected ECH rejection, but connection succeeded.\n");
return false;
@@ -944,7 +942,7 @@
const uint8_t *retry_configs;
size_t retry_configs_len;
SSL_get0_ech_retry_configs(ssl.get(), &retry_configs, &retry_configs_len);
- if (bssl::MakeConstSpan(retry_configs, retry_configs_len) != expected) {
+ if (bssl::Span(retry_configs, retry_configs_len) != expected) {
fprintf(stderr, "ECH retry configs did not match expectations.\n");
// Clear the error queue. Otherwise |SSL_R_ECH_REJECTED| will be printed
// to stderr and the test framework will think the test had the expected
diff --git a/ssl/test/handshake_util.cc b/ssl/test/handshake_util.cc
index cff6a6f..038ba40 100644
--- a/ssl/test/handshake_util.cc
+++ b/ssl/test/handshake_util.cc
@@ -720,10 +720,9 @@
bool has_hints;
std::vector<uint8_t> hints;
- if (!RequestHandshakeHint(
- GetTestConfig(ssl), is_resume,
- MakeConstSpan(CBB_data(input.get()), CBB_len(input.get())),
- &has_hints, &hints)) {
+ if (!RequestHandshakeHint(GetTestConfig(ssl), is_resume,
+ Span(CBB_data(input.get()), CBB_len(input.get())),
+ &has_hints, &hints)) {
return false;
}
if (has_hints &&
diff --git a/ssl/test/mock_quic_transport.cc b/ssl/test/mock_quic_transport.cc
index ea278ed..68ff2cc 100644
--- a/ssl/test/mock_quic_transport.cc
+++ b/ssl/test/mock_quic_transport.cc
@@ -112,7 +112,7 @@
// If we receive early data records without any early data keys, skip
// the record. This means early data was rejected.
std::vector<uint8_t> discard(remaining_bytes);
- if (!ReadAll(bio_.get(), bssl::MakeSpan(discard))) {
+ if (!ReadAll(bio_.get(), bssl::Span(discard))) {
return false;
}
continue;
@@ -134,7 +134,7 @@
return false;
}
remaining_bytes -= secret.size();
- if (!ReadAll(bio_.get(), bssl::MakeSpan(read_secret))) {
+ if (!ReadAll(bio_.get(), bssl::Span(read_secret))) {
fprintf(stderr, "Error reading record secret.\n");
return false;
}
@@ -161,7 +161,7 @@
}
std::vector<uint8_t> buf(len);
- if (!ReadAll(bio_.get(), bssl::MakeSpan(buf))) {
+ if (!ReadAll(bio_.get(), bssl::Span(buf))) {
return false;
}
return SSL_provide_quic_data(ssl_, level, buf.data(), buf.size());
@@ -199,7 +199,7 @@
}
std::vector<uint8_t> buf(len);
- if (!ReadAll(bio_.get(), bssl::MakeSpan(buf))) {
+ if (!ReadAll(bio_.get(), bssl::Span(buf))) {
return -1;
}
if (SSL_provide_quic_data(ssl_, level, buf.data(), buf.size()) != 1) {
@@ -225,7 +225,7 @@
buf = pending_app_data_.data();
}
app_data_offset_ = 0;
- if (!ReadAll(bio_.get(), bssl::MakeSpan(buf, len))) {
+ if (!ReadAll(bio_.get(), bssl::Span(buf, len))) {
return -1;
}
if (len > max_out) {
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 9d37bd1..1396b2c 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -1239,7 +1239,7 @@
return 1;
}
- auto out_span = bssl::MakeSpan(out, max_out_len);
+ auto out_span = bssl::Span(out, max_out_len);
// Encrypt the ticket with the all zero key and a random nonce.
static const uint8_t kKey[16] = {0};
const EVP_AEAD *aead = EVP_aead_aes_128_gcm_siv();
@@ -1268,7 +1268,7 @@
size_t max_out_len,
const uint8_t *in,
size_t in_len) {
- auto in_span = bssl::MakeSpan(in, in_len);
+ auto in_span = bssl::Span(in, in_len);
const TestConfig *test_config = GetTestConfig(ssl);
TestState *test_state = GetTestState(ssl);
if (test_state->ticket_decrypt_done) {
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 5594a65..f547c21 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -373,7 +373,7 @@
if (!tls13_finished_mac(hs, verify_data_buf, &len, !ssl->server)) {
return false;
}
- verify_data = MakeConstSpan(verify_data_buf, len);
+ verify_data = Span(verify_data_buf, len);
}
bool finished_ok =
@@ -522,7 +522,7 @@
SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
if (hints && !hs->hints_requested &&
hints->cert_compression_alg_id == hs->cert_compression_alg_id &&
- hints->cert_compression_input == MakeConstSpan(msg) &&
+ hints->cert_compression_input == Span(msg) &&
!hints->cert_compression_output.empty()) {
if (!CBB_add_bytes(&compressed, hints->cert_compression_output.data(),
hints->cert_compression_output.size())) {
@@ -538,7 +538,7 @@
hints->cert_compression_alg_id = hs->cert_compression_alg_id;
if (!hints->cert_compression_input.CopyFrom(msg) ||
!hints->cert_compression_output.CopyFrom(
- MakeConstSpan(CBB_data(&compressed), CBB_len(&compressed)))) {
+ Span(CBB_data(&compressed), CBB_len(&compressed)))) {
return false;
}
}
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index f8f2250..35b3109 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -117,9 +117,8 @@
// 5). The client could have sent a session ID indicating its willingness to
// resume a DTLS 1.2 session, so just checking that the session IDs match is
// incorrect.
- Span<const uint8_t> expected_session_id = SSL_is_dtls(hs->ssl)
- ? Span<const uint8_t>()
- : MakeConstSpan(hs->session_id);
+ Span<const uint8_t> expected_session_id =
+ SSL_is_dtls(hs->ssl) ? Span<const uint8_t>() : Span(hs->session_id);
// RFC 8446 fixes some legacy values. Check them.
if (out->legacy_version != expected_version || //
@@ -496,8 +495,8 @@
size_t hash_len = EVP_MD_size(
ssl_get_handshake_digest(ssl_protocol_version(ssl), hs->new_cipher));
if (!tls13_init_key_schedule(hs, ssl->s3->session_reused
- ? MakeConstSpan(hs->new_session->secret)
- : MakeConstSpan(kZeroes, hash_len))) {
+ ? Span(hs->new_session->secret)
+ : Span(kZeroes, hash_len))) {
return ssl_hs_error;
}
@@ -582,8 +581,7 @@
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
}
- if (MakeConstSpan(hs->early_session->early_alpn) !=
- ssl->s3->alpn_selected) {
+ if (Span(hs->early_session->early_alpn) != ssl->s3->alpn_selected) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ALPN_MISMATCH_ON_EARLY_DATA);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
return ssl_hs_error;
@@ -771,8 +769,8 @@
!tls13_process_finished(hs, msg, false /* don't use saved value */) ||
!ssl_hash_message(hs, msg) ||
// Update the secret to the master secret and derive traffic keys.
- !tls13_advance_key_schedule(
- hs, MakeConstSpan(kZeroes, hs->transcript.DigestLen())) ||
+ !tls13_advance_key_schedule(hs,
+ Span(kZeroes, hs->transcript.DigestLen())) ||
!tls13_derive_application_secrets(hs)) {
return ssl_hs_error;
}
diff --git a/ssl/tls13_enc.cc b/ssl/tls13_enc.cc
index 7f1ba57..601bb11 100644
--- a/ssl/tls13_enc.cc
+++ b/ssl/tls13_enc.cc
@@ -144,9 +144,9 @@
unsigned derive_context_len;
return EVP_Digest(nullptr, 0, derive_context, &derive_context_len,
hs->transcript.Digest(), nullptr) &&
- hkdf_expand_label(MakeSpan(hs->secret), hs->transcript.Digest(),
+ hkdf_expand_label(Span(hs->secret), hs->transcript.Digest(),
hs->secret, kTLS13LabelDerived,
- MakeConstSpan(derive_context, derive_context_len),
+ Span(derive_context, derive_context_len),
SSL_is_dtls(hs->ssl)) &&
hkdf_extract_to_secret(hs, hs->transcript, in);
}
@@ -165,8 +165,8 @@
}
out->ResizeForOverwrite(transcript.DigestLen());
- return hkdf_expand_label(MakeSpan(*out), transcript.Digest(), hs->secret,
- label, MakeConstSpan(context_hash, context_hash_len),
+ return hkdf_expand_label(Span(*out), transcript.Digest(), hs->secret, label,
+ Span(context_hash, context_hash_len),
SSL_is_dtls(hs->ssl));
}
@@ -199,8 +199,8 @@
// Derive the key and IV.
uint8_t key_buf[EVP_AEAD_MAX_KEY_LENGTH], iv_buf[EVP_AEAD_MAX_NONCE_LENGTH];
- auto key = MakeSpan(key_buf).first(EVP_AEAD_key_length(aead));
- auto iv = MakeSpan(iv_buf).first(EVP_AEAD_nonce_length(aead));
+ auto key = Span(key_buf).first(EVP_AEAD_key_length(aead));
+ auto iv = Span(iv_buf).first(EVP_AEAD_nonce_length(aead));
if (!hkdf_expand_label(key, digest, traffic_secret, "key", {}, is_dtls) ||
!hkdf_expand_label(iv, digest, traffic_secret, "iv", {}, is_dtls)) {
return false;
@@ -332,7 +332,7 @@
}
uint8_t rne_key_buf[RecordNumberEncrypter::kMaxKeySize];
- auto rne_key = MakeSpan(rne_key_buf).first(ret->KeySize());
+ auto rne_key = Span(rne_key_buf).first(ret->KeySize());
if (!hkdf_expand_label(rne_key, digest, traffic_secret, "sn", {},
/*is_dtls=*/true) ||
!ret->SetKey(rne_key)) {
@@ -403,8 +403,8 @@
bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
Span<uint8_t> secret = direction == evp_aead_open
- ? MakeSpan(ssl->s3->read_traffic_secret)
- : MakeSpan(ssl->s3->write_traffic_secret);
+ ? Span(ssl->s3->read_traffic_secret)
+ : Span(ssl->s3->write_traffic_secret);
const SSL_SESSION *session = SSL_get_session(ssl);
const EVP_MD *digest = ssl_session_get_digest(session);
@@ -431,7 +431,7 @@
Span<const uint8_t> secret,
Span<const uint8_t> context, bool is_dtls) {
uint8_t key_buf[EVP_MAX_MD_SIZE];
- auto key = MakeSpan(key_buf, EVP_MD_size(digest));
+ auto key = Span(key_buf, EVP_MD_size(digest));
unsigned len;
if (!hkdf_expand_label(key, digest, secret, kTLS13LabelFinished, {},
is_dtls) ||
@@ -453,7 +453,7 @@
if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||
!tls13_verify_data(out, out_len, hs->transcript.Digest(),
hs->ssl->s3->version, traffic_secret,
- MakeConstSpan(context_hash, context_hash_len),
+ Span(context_hash, context_hash_len),
SSL_is_dtls(hs->ssl))) {
return false;
}
@@ -468,7 +468,7 @@
// The session initially stores the resumption_master_secret, which we
// override with the PSK.
assert(session->secret.size() == EVP_MD_size(digest));
- return hkdf_expand_label(MakeSpan(session->secret), digest, session->secret,
+ return hkdf_expand_label(Span(session->secret), digest, session->secret,
kTLS13LabelResumptionPSK, nonce, is_dtls);
}
@@ -497,10 +497,10 @@
return false;
}
- auto hash = MakeConstSpan(hash_buf, hash_len);
- auto export_context = MakeConstSpan(export_context_buf, export_context_len);
+ auto hash = Span(hash_buf, hash_len);
+ auto export_context = Span(export_context_buf, export_context_len);
uint8_t derived_secret_buf[EVP_MAX_MD_SIZE];
- auto derived_secret = MakeSpan(derived_secret_buf, EVP_MD_size(digest));
+ auto derived_secret = Span(derived_secret_buf, EVP_MD_size(digest));
return hkdf_expand_label(derived_secret, digest, secret, label,
export_context, SSL_is_dtls(ssl)) &&
hkdf_expand_label(out, digest, derived_secret, kTLS13LabelExportKeying,
@@ -525,16 +525,16 @@
uint8_t early_secret[EVP_MAX_MD_SIZE] = {0};
size_t early_secret_len;
uint8_t binder_key_buf[EVP_MAX_MD_SIZE] = {0};
- auto binder_key = MakeSpan(binder_key_buf, EVP_MD_size(digest));
+ auto binder_key = Span(binder_key_buf, EVP_MD_size(digest));
if (!EVP_Digest(nullptr, 0, binder_context, &binder_context_len, digest,
nullptr) ||
!HKDF_extract(early_secret, &early_secret_len, digest,
session->secret.data(), session->secret.size(), nullptr,
0) ||
- !hkdf_expand_label(
- binder_key, digest, MakeConstSpan(early_secret, early_secret_len),
- kTLS13LabelPSKBinder,
- MakeConstSpan(binder_context, binder_context_len), is_dtls)) {
+ !hkdf_expand_label(binder_key, digest,
+ Span(early_secret, early_secret_len),
+ kTLS13LabelPSKBinder,
+ Span(binder_context, binder_context_len), is_dtls)) {
return false;
}
@@ -573,7 +573,7 @@
}
if (!tls13_verify_data(out, out_len, digest, session->ssl_version, binder_key,
- MakeConstSpan(context, context_len), is_dtls)) {
+ Span(context, context_len), is_dtls)) {
return false;
}
@@ -691,9 +691,9 @@
assert(out.size() == ECH_CONFIRMATION_SIGNAL_LEN);
return hkdf_expand_label(
- out, transcript.Digest(), MakeConstSpan(secret, secret_len),
+ out, transcript.Digest(), Span(secret, secret_len),
is_hrr ? "hrr ech accept confirmation" : "ech accept confirmation",
- MakeConstSpan(context, context_len), SSL_is_dtls(hs->ssl));
+ Span(context, context_len), SSL_is_dtls(hs->ssl));
}
BSSL_NAMESPACE_END
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index afc75d8..c59477e 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -268,7 +268,7 @@
// would in a TLS 1.3 handshake.
if (!SSL_is_dtls(ssl)) {
hs->session_id.CopyFrom(
- MakeConstSpan(client_hello.session_id, client_hello.session_id_len));
+ Span(client_hello.session_id, client_hello.session_id_len));
}
Array<SSL_CREDENTIAL *> creds;
@@ -513,12 +513,12 @@
} else if (hs->channel_id_negotiated) {
// Channel ID is incompatible with 0-RTT.
ssl->s3->early_data_reason = ssl_early_data_channel_id;
- } else if (MakeConstSpan(ssl->s3->alpn_selected) != session->early_alpn) {
+ } else if (Span(ssl->s3->alpn_selected) != session->early_alpn) {
// The negotiated ALPN must match the one in the ticket.
ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
} else if (hs->new_session->has_application_settings !=
session->has_application_settings ||
- MakeConstSpan(hs->new_session->local_application_settings) !=
+ Span(hs->new_session->local_application_settings) !=
session->local_application_settings) {
ssl->s3->early_data_reason = ssl_early_data_alps_mismatch;
} else if (ssl->s3->ticket_age_skew < -kMaxTicketAgeSkewSeconds ||
@@ -578,8 +578,8 @@
// Set up the key schedule and incorporate the PSK into the running secret.
if (!tls13_init_key_schedule(hs, ssl->s3->session_reused
- ? MakeConstSpan(hs->new_session->secret)
- : MakeConstSpan(kZeroes, hash_len)) ||
+ ? Span(hs->new_session->secret)
+ : Span(kZeroes, hash_len)) ||
!ssl_hash_message(hs, msg)) {
return ssl_hs_error;
}
@@ -652,7 +652,7 @@
// Now that the message is encoded, fill in the whole value.
size_t offset = hrr.size() - ECH_CONFIRMATION_SIGNAL_LEN;
if (!ssl_ech_accept_confirmation(
- hs, MakeSpan(hrr).last(ECH_CONFIRMATION_SIGNAL_LEN),
+ hs, Span(hrr).last(ECH_CONFIRMATION_SIGNAL_LEN),
ssl->s3->client_random, hs->transcript, /*is_hrr=*/true, hrr,
offset)) {
return ssl_hs_error;
@@ -850,7 +850,7 @@
// Update |server_hello|.
Span<uint8_t> server_hello_out =
- MakeSpan(server_hello).subspan(offset, ECH_CONFIRMATION_SIGNAL_LEN);
+ Span(server_hello).subspan(offset, ECH_CONFIRMATION_SIGNAL_LEN);
OPENSSL_memcpy(server_hello_out.data(), random_suffix.data(),
ECH_CONFIRMATION_SIGNAL_LEN);
}
@@ -965,8 +965,8 @@
hs->can_release_private_key = true;
if (!tls13_add_finished(hs) ||
// Update the secret to the master secret and derive traffic keys.
- !tls13_advance_key_schedule(
- hs, MakeConstSpan(kZeroes, hs->transcript.DigestLen())) ||
+ !tls13_advance_key_schedule(hs,
+ Span(kZeroes, hs->transcript.DigestLen())) ||
!tls13_derive_application_secrets(hs) ||
!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
hs->new_session.get(),
diff --git a/ssl/tls_record.cc b/ssl/tls_record.cc
index bccaaf3..32034fc 100644
--- a/ssl/tls_record.cc
+++ b/ssl/tls_record.cc
@@ -179,7 +179,7 @@
// Decrypt the body in-place.
if (!ssl->s3->aead_read_ctx->Open(
out, type, version, ssl->s3->read_sequence, header,
- MakeSpan(const_cast<uint8_t *>(CBS_data(&body)), CBS_len(&body)))) {
+ Span(const_cast<uint8_t *>(CBS_data(&body)), CBS_len(&body)))) {
if (ssl->s3->skip_early_data && !ssl->s3->aead_read_ctx->is_null_cipher()) {
ERR_clear_error();
return skip_early_data(ssl, out_alert, *out_consumed);
@@ -292,7 +292,7 @@
out_prefix[2] = record_version & 0xff;
out_prefix[3] = ciphertext_len >> 8;
out_prefix[4] = ciphertext_len & 0xff;
- Span<const uint8_t> header = MakeSpan(out_prefix, SSL3_RT_HEADER_LENGTH);
+ Span<const uint8_t> header = Span(out_prefix, SSL3_RT_HEADER_LENGTH);
// Ensure the sequence number update does not overflow.
if (ssl->s3->write_sequence + 1 == 0) {
diff --git a/tool/generate_ech.cc b/tool/generate_ech.cc
index b0d4a5b..f32ad03 100644
--- a/tool/generate_ech.cc
+++ b/tool/generate_ech.cc
@@ -119,13 +119,12 @@
fprintf(stderr, "Failed to serialize the ECHConfigList\n");
return false;
}
- if (!WriteToFile(
- args_map["-out-ech-config-list"],
- bssl::MakeConstSpan(CBB_data(cbb.get()), CBB_len(cbb.get()))) ||
+ if (!WriteToFile(args_map["-out-ech-config-list"],
+ bssl::Span(CBB_data(cbb.get()), CBB_len(cbb.get()))) ||
!WriteToFile(args_map["-out-ech-config"],
- bssl::MakeConstSpan(ech_config, ech_config_len)) ||
+ bssl::Span(ech_config, ech_config_len)) ||
!WriteToFile(args_map["-out-private-key"],
- bssl::MakeConstSpan(private_key, private_key_len))) {
+ bssl::Span(private_key, private_key_len))) {
fprintf(stderr, "Failed to write ECHConfig or private key to file\n");
return false;
}
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 7d4a0fc..92f7fa9 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -2264,7 +2264,7 @@
}
return write_reply(
- {pub_key_bytes, MakeConstSpan(CBB_data(cbb.get()), CBB_len(cbb.get()))});
+ {pub_key_bytes, Span(CBB_data(cbb.get()), CBB_len(cbb.get()))});
}
template <typename PrivateKey, size_t SignatureBytes,
@@ -2275,7 +2275,7 @@
const uint8_t *)>
static bool MLDSASigGen(const Span<const uint8_t> args[],
ReplyCallback write_reply) {
- CBS cbs = bssl::MakeConstSpan(args[0]);
+ CBS cbs = args[0];
auto priv = std::make_unique<PrivateKey>();
if (ParsePrivateKey(priv.get(), &cbs) != bcm_status::approved) {
LOG_ERROR("Failed to parse ML-DSA private key.\n");
@@ -2314,7 +2314,7 @@
const Span<const uint8_t> msg = args[1];
const Span<const uint8_t> signature = args[2];
- CBS cbs = bssl::MakeConstSpan(pub_key_bytes);
+ CBS cbs = pub_key_bytes;
auto pub = std::make_unique<PublicKey>();
if (ParsePublicKey(pub.get(), &cbs) != bcm_status::approved) {
LOG_ERROR("Failed to parse ML-DSA public key.\n");
@@ -2358,7 +2358,7 @@
}
return write_reply(
- {pub_key_bytes, MakeConstSpan(CBB_data(cbb.get()), CBB_len(cbb.get()))});
+ {pub_key_bytes, Span(CBB_data(cbb.get()), CBB_len(cbb.get()))});
}
template <typename PublicKey, bcm_status (*ParsePublic)(PublicKey *, CBS *),
@@ -2376,7 +2376,7 @@
}
auto pub = std::make_unique<PublicKey>();
- CBS cbs = bssl::MakeConstSpan(pub_key_bytes);
+ CBS cbs = pub_key_bytes;
if (!bcm_success(ParsePublic(pub.get(), &cbs)) || CBS_len(&cbs) != 0) {
LOG_ERROR("Failed to parse public key.\n");
return false;
@@ -2398,7 +2398,7 @@
const Span<const uint8_t> ciphertext = args[1];
auto priv = std::make_unique<PrivateKey>();
- CBS cbs = bssl::MakeConstSpan(priv_key_bytes);
+ CBS cbs = priv_key_bytes;
if (!bcm_success(ParsePrivate(priv.get(), &cbs))) {
LOG_ERROR("Failed to parse private key.\n");
return false;
