diff options
author | David Benjamin <davidben@google.com> | 2021-09-24 12:25:41 -0400 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2021-09-24 17:18:39 +0000 |
commit | 03cae7a2b36285ddd6e7692964bb1b836d1d2572 (patch) | |
tree | a41a5be6d68a84d0e235eb962dc8615ffb67799a /decrepit | |
parent | dedd23e59237922d4e21673cd8044b59c48fe28e (diff) | |
download | boringssl-03cae7a2b36285ddd6e7692964bb1b836d1d2572.zip boringssl-03cae7a2b36285ddd6e7692964bb1b836d1d2572.tar.gz boringssl-03cae7a2b36285ddd6e7692964bb1b836d1d2572.tar.bz2 |
Keep EVP_CIPHER/EVP_MD lookup and do_all functions in sync
Node seems uncommonly sensitive to this, so let's write these functions
in a way that stays in sync and test this. See also
https://boringssl-review.googlesource.com/c/boringssl/+/49585
This does incur a cost across all BoringSSL consumers that use these
functions: as a result of Node indiscriminately exposing every cipher,
we end up pulling more and more ciphers into these getters. But that
ship sailed long ago, so, instead, document that EVP_get_cipherby*
should not be used by size-conscious callers.
EVP_get_digestby* probably should have the same warning, but I've left
it alone for now because we don't quite have the same proliferation of
digests as ciphers. (Though there are things in there, like MD4, that
ought to be better disconnected.)
Change-Id: I61ca406c146279bd05a52bed6c57200d1619c5da
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49625
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Diffstat (limited to 'decrepit')
-rw-r--r-- | decrepit/CMakeLists.txt | 1 | ||||
-rw-r--r-- | decrepit/evp/evp_test.cc | 45 |
2 files changed, 46 insertions, 0 deletions
diff --git a/decrepit/CMakeLists.txt b/decrepit/CMakeLists.txt index ef95a6b..16985da 100644 --- a/decrepit/CMakeLists.txt +++ b/decrepit/CMakeLists.txt @@ -32,6 +32,7 @@ add_executable( blowfish/blowfish_test.cc cast/cast_test.cc cfb/cfb_test.cc + evp/evp_test.cc ripemd/ripemd_test.cc xts/xts_test.cc diff --git a/decrepit/evp/evp_test.cc b/decrepit/evp/evp_test.cc new file mode 100644 index 0000000..1f05ea5 --- /dev/null +++ b/decrepit/evp/evp_test.cc @@ -0,0 +1,45 @@ +/* Copyright (c) 2021, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <gtest/gtest.h> + +#include <openssl/cipher.h> +#include <openssl/digest.h> +#include <openssl/evp.h> + + +// Node.js assumes every cipher in |EVP_CIPHER_do_all_sorted| is accessible via +// |EVP_get_cipherby*|. +TEST(EVPTest, CipherDoAll) { + EVP_CIPHER_do_all_sorted( + [](const EVP_CIPHER *cipher, const char *name, const char *unused, + void *arg) { + SCOPED_TRACE(name); + EXPECT_EQ(cipher, EVP_get_cipherbyname(name)); + EXPECT_EQ(cipher, EVP_get_cipherbynid(EVP_CIPHER_nid(cipher))); + }, + nullptr); +} + +// Node.js assumes every digest in |EVP_MD_do_all_sorted| is accessible via +// |EVP_get_digestby*|. +TEST(EVPTest, MDDoAll) { + EVP_MD_do_all_sorted( + [](const EVP_MD *md, const char *name, const char *unused, void *arg) { + SCOPED_TRACE(name); + EXPECT_EQ(md, EVP_get_digestbyname(name)); + EXPECT_EQ(md, EVP_get_digestbynid(EVP_MD_nid(md))); + }, + nullptr); +} |