commit 6d0d00e090b753250659b9a2d67dab7467257900
author Robert Sloan <varomodt@google.com> Mon Mar 27 07:13:07 2017 -0700
committer Robert Sloan <varomodt@google.com> Mon Mar 27 14:04:02 2017 -0700
tree c478b31bb734b02e26a264d7c1b45e49c5593acc
parent 8ecb7cdb5c51e9ce89a04ed0f5285ce646b8b7eb

external/boringssl: Sync to bbfe603519bc54fbc4c8dd87efe1ed385df550b4.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/2d05568a7b7bc62affbd13ea97a81b5829b99794..bbfe603519bc54fbc4c8dd87efe1ed385df550b4

Test: BoringSSL CTS Presubmits.
Change-Id: I78ec99cd34bebca1f864e4daaaedeec6bc1db3f0

src/crypto/digest/digests.c

diff --git a/src/crypto/digest/digests.c b/src/crypto/digest/digests.c
index fd2a939..9ad2d49 100644
--- a/src/crypto/digest/digests.c
+++ b/src/crypto/digest/digests.c
@@ -60,6 +60,7 @@
 #include <string.h>
 
 #include <openssl/asn1.h>
+#include <openssl/bytestring.h>
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/nid.h>
@@ -328,20 +329,58 @@
   { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, EVP_sha224 },
 };
 
+static const EVP_MD *cbs_to_md(const CBS *cbs) {
+  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
+    if (CBS_len(cbs) == kMDOIDs[i].oid_len &&
+        OPENSSL_memcmp(CBS_data(cbs), kMDOIDs[i].oid, kMDOIDs[i].oid_len) ==
+            0) {
+      return kMDOIDs[i].md_func();
+    }
+  }
+
+  return NULL;
+}
+
 const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *obj) {
   /* Handle objects with no corresponding OID. */
   if (obj->nid != NID_undef) {
     return EVP_get_digestbynid(obj->nid);
   }
 
-  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kMDOIDs); i++) {
-    if (obj->length == kMDOIDs[i].oid_len &&
-        memcmp(obj->data, kMDOIDs[i].oid, obj->length) == 0) {
-      return kMDOIDs[i].md_func();
+  CBS cbs;
+  CBS_init(&cbs, obj->data, obj->length);
+  return cbs_to_md(&cbs);
+}
+
+const EVP_MD *EVP_parse_digest_algorithm(CBS *cbs) {
+  CBS algorithm, oid;
+  if (!CBS_get_asn1(cbs, &algorithm, CBS_ASN1_SEQUENCE) ||
+      !CBS_get_asn1(&algorithm, &oid, CBS_ASN1_OBJECT)) {
+    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
+    return NULL;
+  }
+
+  const EVP_MD *ret = cbs_to_md(&oid);
+  if (ret == NULL) {
+    OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_UNKNOWN_HASH);
+    return NULL;
+  }
+
+  /* The parameters, if present, must be NULL. Historically, whether the NULL
+   * was included or omitted was not well-specified. When parsing an
+   * AlgorithmIdentifier, we allow both. (Note this code is not used when
+   * verifying RSASSA-PKCS1-v1_5 signatures.) */
+  if (CBS_len(&algorithm) > 0) {
+    CBS param;
+    if (!CBS_get_asn1(&algorithm, &param, CBS_ASN1_NULL) ||
+        CBS_len(&param) != 0 ||
+        CBS_len(&algorithm) != 0) {
+      OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
+      return NULL;
     }
   }
 
-  return NULL;
+  return ret;
 }
 
 const EVP_MD *EVP_get_digestbyname(const char *name) {