external/boringssl: Sync to f21650709a6f76e829ddcc77fe221c9d6a5c12de.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/348f0d8db9c2a0eca0503ba654020209c579d552..f21650709a6f76e829ddcc77fe221c9d6a5c12de
Test: BoringSSL CTS Presubmits.
Change-Id: Ie6e99c3315c552068b5ea57e31b1af7ff94f9b0f
diff --git a/src/crypto/pkcs8/pkcs8_x509.c b/src/crypto/pkcs8/pkcs8_x509.c
index 875b4ca..ace5f33 100644
--- a/src/crypto/pkcs8/pkcs8_x509.c
+++ b/src/crypto/pkcs8/pkcs8_x509.c
@@ -75,10 +75,10 @@
#include "../internal.h"
-/* Minor tweak to operation: zero private key data */
+// Minor tweak to operation: zero private key data
static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg) {
- /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+ // Since the structure must still be valid use ASN1_OP_FREE_PRE
if (operation == ASN1_OP_FREE_PRE) {
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING &&
@@ -162,7 +162,7 @@
EVP_PKEY *pkey = NULL;
uint8_t *in = NULL;
- /* Convert the legacy ASN.1 object to a byte string. */
+ // Convert the legacy ASN.1 object to a byte string.
int in_len = i2d_X509_SIG(pkcs8, &in);
if (in_len < 0) {
goto err;
@@ -193,7 +193,7 @@
pass_len = (size_t)pass_len_in;
}
- /* Parse out the private key. */
+ // Parse out the private key.
EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
if (pkey == NULL) {
return NULL;
@@ -212,7 +212,7 @@
goto err;
}
- /* Convert back to legacy ASN.1 objects. */
+ // Convert back to legacy ASN.1 objects.
const uint8_t *ptr = der;
ret = d2i_X509_SIG(NULL, &ptr, der_len);
if (ret == NULL || ptr != der + der_len) {
@@ -234,8 +234,8 @@
size_t password_len;
};
-/* PKCS12_handle_sequence parses a BER-encoded SEQUENCE of elements in a PKCS#12
- * structure. */
+// PKCS12_handle_sequence parses a BER-encoded SEQUENCE of elements in a PKCS#12
+// structure.
static int PKCS12_handle_sequence(
CBS *sequence, struct pkcs12_context *ctx,
int (*handle_element)(CBS *cbs, struct pkcs12_context *ctx)) {
@@ -244,10 +244,10 @@
CBS in;
int ret = 0;
- /* Although a BER->DER conversion is done at the beginning of |PKCS12_parse|,
- * the ASN.1 data gets wrapped in OCTETSTRINGs and/or encrypted and the
- * conversion cannot see through those wrappings. So each time we step
- * through one we need to convert to DER again. */
+ // Although a BER->DER conversion is done at the beginning of |PKCS12_parse|,
+ // the ASN.1 data gets wrapped in OCTETSTRINGs and/or encrypted and the
+ // conversion cannot see through those wrappings. So each time we step
+ // through one we need to convert to DER again.
if (!CBS_asn1_ber_to_der(sequence, &der_bytes, &der_len)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
return 0;
@@ -285,20 +285,20 @@
return ret;
}
-/* 1.2.840.113549.1.12.10.1.2 */
+// 1.2.840.113549.1.12.10.1.2
static const uint8_t kPKCS8ShroudedKeyBag[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02};
-/* 1.2.840.113549.1.12.10.1.3 */
+// 1.2.840.113549.1.12.10.1.3
static const uint8_t kCertBag[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x0c, 0x0a, 0x01, 0x03};
-/* 1.2.840.113549.1.9.22.1 */
+// 1.2.840.113549.1.9.22.1
static const uint8_t kX509Certificate[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x16, 0x01};
-/* PKCS12_handle_safe_bag parses a single SafeBag element in a PKCS#12
- * structure. */
+// PKCS12_handle_safe_bag parses a single SafeBag element in a PKCS#12
+// structure.
static int PKCS12_handle_safe_bag(CBS *safe_bag, struct pkcs12_context *ctx) {
CBS bag_id, wrapped_value;
if (!CBS_get_asn1(safe_bag, &bag_id, CBS_ASN1_OBJECT) ||
@@ -311,7 +311,7 @@
if (CBS_mem_equal(&bag_id, kPKCS8ShroudedKeyBag,
sizeof(kPKCS8ShroudedKeyBag))) {
- /* See RFC 7292, section 4.2.2. */
+ // See RFC 7292, section 4.2.2.
if (*ctx->out_key) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12);
return 0;
@@ -334,7 +334,7 @@
}
if (CBS_mem_equal(&bag_id, kCertBag, sizeof(kCertBag))) {
- /* See RFC 7292, section 4.2.3. */
+ // See RFC 7292, section 4.2.3.
CBS cert_bag, cert_type, wrapped_cert, cert;
if (!CBS_get_asn1(&wrapped_value, &cert_bag, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&cert_bag, &cert_type, CBS_ASN1_OBJECT) ||
@@ -345,7 +345,7 @@
return 0;
}
- /* Skip unknown certificate types. */
+ // Skip unknown certificate types.
if (!CBS_mem_equal(&cert_type, kX509Certificate,
sizeof(kX509Certificate))) {
return 1;
@@ -377,20 +377,20 @@
return 1;
}
- /* Unknown element type - ignore it. */
+ // Unknown element type - ignore it.
return 1;
}
-/* 1.2.840.113549.1.7.1 */
+// 1.2.840.113549.1.7.1
static const uint8_t kPKCS7Data[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x07, 0x01};
-/* 1.2.840.113549.1.7.6 */
+// 1.2.840.113549.1.7.6
static const uint8_t kPKCS7EncryptedData[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x07, 0x06};
-/* PKCS12_handle_content_info parses a single PKCS#7 ContentInfo element in a
- * PKCS#12 structure. */
+// PKCS12_handle_content_info parses a single PKCS#7 ContentInfo element in a
+// PKCS#12 structure.
static int PKCS12_handle_content_info(CBS *content_info,
struct pkcs12_context *ctx) {
CBS content_type, wrapped_contents, contents;
@@ -407,23 +407,23 @@
if (CBS_mem_equal(&content_type, kPKCS7EncryptedData,
sizeof(kPKCS7EncryptedData))) {
- /* See https://tools.ietf.org/html/rfc2315#section-13.
- *
- * PKCS#7 encrypted data inside a PKCS#12 structure is generally an
- * encrypted certificate bag and it's generally encrypted with 40-bit
- * RC2-CBC. */
+ // See https://tools.ietf.org/html/rfc2315#section-13.
+ //
+ // PKCS#7 encrypted data inside a PKCS#12 structure is generally an
+ // encrypted certificate bag and it's generally encrypted with 40-bit
+ // RC2-CBC.
CBS version_bytes, eci, contents_type, ai, encrypted_contents;
uint8_t *out;
size_t out_len;
if (!CBS_get_asn1(&wrapped_contents, &contents, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&contents, &version_bytes, CBS_ASN1_INTEGER) ||
- /* EncryptedContentInfo, see
- * https://tools.ietf.org/html/rfc2315#section-10.1 */
+ // EncryptedContentInfo, see
+ // https://tools.ietf.org/html/rfc2315#section-10.1
!CBS_get_asn1(&contents, &eci, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&eci, &contents_type, CBS_ASN1_OBJECT) ||
- /* AlgorithmIdentifier, see
- * https://tools.ietf.org/html/rfc5280#section-4.1.1.2 */
+ // AlgorithmIdentifier, see
+ // https://tools.ietf.org/html/rfc5280#section-4.1.1.2
!CBS_get_asn1(&eci, &ai, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1_implicit_string(
&eci, &encrypted_contents, &storage,
@@ -459,7 +459,7 @@
ret = PKCS12_handle_sequence(&octet_string_contents, ctx,
PKCS12_handle_safe_bag);
} else {
- /* Unknown element type - ignore it. */
+ // Unknown element type - ignore it.
ret = 1;
}
@@ -478,7 +478,7 @@
struct pkcs12_context ctx;
const size_t original_out_certs_len = sk_X509_num(out_certs);
- /* The input may be in BER format. */
+ // The input may be in BER format.
if (!CBS_asn1_ber_to_der(ber_in, &der_bytes, &der_len)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
return 0;
@@ -492,8 +492,8 @@
*out_key = NULL;
OPENSSL_memset(&ctx, 0, sizeof(ctx));
- /* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section
- * four. */
+ // See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section
+ // four.
if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) ||
CBS_len(&in) != 0 ||
!CBS_get_asn1_uint64(&pfx, &version)) {
@@ -521,8 +521,8 @@
goto err;
}
- /* authsafe is a PKCS#7 ContentInfo. See
- * https://tools.ietf.org/html/rfc2315#section-7. */
+ // authsafe is a PKCS#7 ContentInfo. See
+ // https://tools.ietf.org/html/rfc2315#section-7.
if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) ||
!CBS_get_asn1(&authsafe, &wrapped_authsafes,
CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
@@ -530,8 +530,8 @@
goto err;
}
- /* The content type can either be data or signedData. The latter indicates
- * that it's signed by a public key, which isn't supported. */
+ // The content type can either be data or signedData. The latter indicates
+ // that it's signed by a public key, which isn't supported.
if (!CBS_mem_equal(&content_type, kPKCS7Data, sizeof(kPKCS7Data))) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED);
goto err;
@@ -547,7 +547,7 @@
ctx.password = password;
ctx.password_len = password != NULL ? strlen(password) : 0;
- /* Verify the MAC. */
+ // Verify the MAC.
{
CBS mac, salt, expected_mac;
if (!CBS_get_asn1(&mac_data, &mac, CBS_ASN1_SEQUENCE)) {
@@ -566,7 +566,7 @@
goto err;
}
- /* The iteration count is optional and the default is one. */
+ // The iteration count is optional and the default is one.
uint64_t iterations = 1;
if (CBS_len(&mac_data) > 0) {
if (!CBS_get_asn1_uint64(&mac_data, &iterations) ||
@@ -596,7 +596,7 @@
}
}
- /* authsafes contains a series of PKCS#7 ContentInfos. */
+ // authsafes contains a series of PKCS#7 ContentInfos.
if (!PKCS12_handle_sequence(&authsafes, &ctx, PKCS12_handle_content_info)) {
goto err;
}
@@ -673,8 +673,8 @@
if (used == 0) {
goto out;
}
- /* Workaround a bug in node.js. It uses a memory BIO for this in the wrong
- * mode. */
+ // Workaround a bug in node.js. It uses a memory BIO for this in the wrong
+ // mode.
n = 0;
}