initial BoringSSL harness #315
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: William Woodruff <william@trailofbits.com>
|
|
No regressions found.
|
TIL, I'll look into using that (I did it the lazy way to start by just adapting the existing OpenSSL harness). |
|
I might be missing it, but I don't see a newer validator in BoringSSL's X.509 APIs.
// Legacy X.509 library.
//
// This header is part of OpenSSL's X.509 implementation. It is retained for
// compatibility but should not be used by new code. The functions are difficult
// to use correctly, and have buggy or non-standard behaviors. They are thus
// particularly prone to behavior changes and API removals, as BoringSSL
// iterates on these issues.
//
// In the future, a replacement library will be available. Meanwhile, minimize
// dependencies on this header where possible. |
|
… On Fri, Aug 2, 2024 at 11:06 AM William Woodruff ***@***.***> wrote:
I might be missing it, but I don't see a newer validator in BoringSSL's
X.509 APIs.
x509.h has this note:
// Legacy X.509 library.//// This header is part of OpenSSL's X.509 implementation. It is retained for// compatibility but should not be used by new code. The functions are difficult// to use correctly, and have buggy or non-standard behaviors. They are thus// particularly prone to behavior changes and API removals, as BoringSSL// iterates on these issues.//// In the future, a replacement library will be available. Meanwhile, minimize// dependencies on this header where possible.
https://github.com/google/boringssl/blob/7a6e828dc53ba9a56bd49915f2a0780d63af97d2/include/openssl/x509.h#L95C1-L104C47
—
Reply to this email directly, view it on GitHub
<#315 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBE4AH7SGNTTI4IWFITZPON7DAVCNFSM6AAAAABL3HZZDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRVGYYDOMBSGI>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
This harness uses BoringSSL's libpki instead, which is markedly different from OpenSSL's X.509 APIs. Signed-off-by: William Woodruff <william@trailofbits.com>
|
This now uses |
Signed-off-by: William Woodruff <william@trailofbits.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WIP.