commit d9ea5553c3c9af6460257b035e9ebfbffbc78a1d
author David Benjamin <davidben@google.com> Wed Feb 08 09:29:31 2023 -0500
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Feb 08 17:33:40 2023 +0000
tree 3665c97628c9432e18ea5a44e6b59e148fb17d54
parent 908b1300ff4ed3cfc3c965d846560f2593a51491

Don't use negative values for unimplemented modes

Our EVP_CIPHER_mode returns an unsigned value and including negative
numbers in switch/case when the value is unsigned causes some warnings.
This should avoid the need for https://github.com/nodejs/node/pull/46564

(Having them be positive shouldn't have compat impacts. CCM is 8, but no
cipher will report CCM, so any path checking for it will just be dead
code.)

Change-Id: I8dcf5ea55fad9732a09d6da73114cde5d69397d3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57025
Reviewed-by: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

include/openssl/cipher.h

diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index 0e52ac8..310d7c2 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@@ -341,6 +341,12 @@
 #define EVP_CIPH_GCM_MODE 0x6
 #define EVP_CIPH_XTS_MODE 0x7
 
+// The following values are never returned from |EVP_CIPHER_mode| and are
+// included only to make it easier to compile code with BoringSSL.
+#define EVP_CIPH_CCM_MODE 0x8
+#define EVP_CIPH_OCB_MODE 0x9
+#define EVP_CIPH_WRAP_MODE 0xa
+
 
 // Cipher flags (for |EVP_CIPHER_flags|).
 
@@ -506,9 +512,6 @@
 
 // The following flags do nothing and are included only to make it easier to
 // compile code with BoringSSL.
-#define EVP_CIPH_CCM_MODE (-1)
-#define EVP_CIPH_OCB_MODE (-2)
-#define EVP_CIPH_WRAP_MODE (-3)
 #define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0
 
 // EVP_CIPHER_CTX_set_flags does nothing.