Zap a trailing space

Provide CBB_add_u32_length_prefixed().

This is needed for an upcoming change in libcrypto.

ok tb@

Sync CBS_strdup() documentation update from libcrypto.

Provide CBB_add_u64()

Prompted by and ok tb@

Provide various CBS_peek_* functions.

These will be used in libcrypto.

With input from and ok tb@

Provide CBS_get_u64().

This will be used in the libcrypto certificate transparency code.

ok tb@

Provide CBS_get_last_u8().

This will be used in the TLSv1.3 record layer.

From BoringSSL.

ok tb@

Fix formatting of multi-line license comment per style(9).

Remove unnecessary includes from the bytestring APIs.

The bytestring APIs are self contained, hence including openssl headers
here is unnecessary.

Provide CBB_add_u32(), as needed for an upcoming conversion.

ok tb@

Add CBB_discard_child(), which allows for a child CBB to be discarded.

Based on BoringSSL.

Add an explict list of exported symbols with just the functions
declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS
in the internal headers to optimize internal functions

ok jsing@

Add CBS_dup() to initialize a new CBS with the same values.

This is useful for when you need to check the data ahead and then continue
on from the same spot.

input + ok jsing@ miod@

Extend the input types for CBB_add_*() to help catch bugs.

While the previous types were correct, they can silently accept bad data
via truncation or signed conversion. We now take size_t as input

Extend the input types for CBB_add_*() to help catch bugs.

While the previous types were correct, they can silently accept bad data
via truncation or signed conversion. We now take size_t as input for
CBB_add_u*() and do a range check.

discussed with deraadt@
input + ok jsing@ miod@

show more ...

Use explicit int in bs_cbs.c.

ok miod@ jsing@

Add CBS_write_bytes() to copy the remaining CBS bytes to the caller.

This is a common operation when dealing with CBS.

ok miod@ jsing@

Add a new function CBS_offset() to report the current offset in the data.

"why not" miod@, sure jsing@

Be more strict about BER and DER terminology.

bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER. Rename
the functi

Be more strict about BER and DER terminology.

bs_ber.c does not convert BER to DER. It's a hack to convert a DER-like
encoding with one violation (indefinite form) to strict DER. Rename
the functions to reflect this.

ok miod@ jsing@

show more ...

Simplify cbs_get_any_asn1_element_internal based on comments from jsing@

Make CBS_get_any_asn1_element() more compliant with DER encoding.

CBS_get_any_asn1_element violates DER encoding by allowing indefinite
form. All callers except bs_ber.c expect DER encoding. The c

Make CBS_get_any_asn1_element() more compliant with DER encoding.

CBS_get_any_asn1_element violates DER encoding by allowing indefinite
form. All callers except bs_ber.c expect DER encoding. The callers
must check to see if it was indefinite or not.

Rather than exposing all callers to this behavior,
cbs_get_any_asn1_element_internal() allows specifying whether you want to
allow the normally forbidden indefinite form. This is used by
CBS_get_any_asn1_element() for strict DER encoding and by a new static
function in bs_ber.c for the relaxed version.

While I was here, I added comments to differentiate between ASN.1
restrictions and CBS limitations.

ok miod@

show more ...

Add comments about how the CBS constants are constructed.

Also, introduce a few more #defines to make it obvious.

ok miod@ jsing@

Add whitespace and replace OPENSSL_free with free in documentation.

ok jsing@

Don't allow tag number 31 in CBB_add_asn1().

Tag 31 is invalid for a short form identifier octet (single byte).
KNF a little more.

Based on BoringSSL commit 5ba305643f55d37a3e45e8388a36d50c1b2d4ff5

Don't allow tag number 31 in CBB_add_asn1().

Tag 31 is invalid for a short form identifier octet (single byte).
KNF a little more.

Based on BoringSSL commit 5ba305643f55d37a3e45e8388a36d50c1b2d4ff5

ok miod@

show more ...

Fix typo and ASN.1 tag number range comment in bytestring.h.

CBS_get_asn1() and CBS_get_any_asn1_element() only support the single
byte ASN.1 identifier octets (aka short form tags). Tag number 31

Fix typo and ASN.1 tag number range comment in bytestring.h.

CBS_get_asn1() and CBS_get_any_asn1_element() only support the single
byte ASN.1 identifier octets (aka short form tags). Tag number 31 is
the start of the multi-byte long form per X.690 section 8.1.2.4.

From BoringSSL commit 2683af70e73f116e14db2bca6290fa4a010a2ee4

ok miod@

show more ...

KNF bytestring files.

I checked that this doesn't change anything. Compiled with clang using
-Wno-pointer-sign -g0 to reduce the differences. Only difference in the
asm is due to assert(0) line n

KNF bytestring files.

I checked that this doesn't change anything. Compiled with clang using
-Wno-pointer-sign -g0 to reduce the differences. Only difference in the
asm is due to assert(0) line number changes in bs_cbs.c and bs_cbb.c.

miod is ok with the general process.

show more ...