Google Git
Sign in
boringssl / boringssl.git / 313f9b0c6034e3337f50a91466bd8977442bdc21
commit313f9b0c6034e3337f50a91466bd8977442bdc21[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue May 23 17:15:19 2023 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Jan 17 21:07:23 2024 +0000
tree6049032f578b76acfb2f16e448367ad59698fec2
parentc394713d0d84558865a5ed434310e8fefe445be6 [diff]
Replace CONF's internal representation with something more typesafe

Sections are stored in a CONF structure as having name == NULL and value
being a STACK_OF(CONF_VALUE) with the wrong pointer type. This loses
type safety and complicates all the cleanup functions. (E.g.
crypto/x509 has its own X509V3_conf_free which is distinct from the copy
in crypto/conf.c.)

These objects are, happily, never exported outside the file. Replace
them with a CONF_SECTION and store the two values in separate hash
tables. This also means a CONF_VALUE's name is no longer nullable, so
all the comparisons and hashes become simpler.

Also fix up add_string slightly. It left the CONF in a slightly
precarious state if a malloc failed in the middle. Also v->section
would leak if add_string failed.

Change-Id: Ib54e9dd5037766804c8ddcd80d357237d2d357ea
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60106
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
3 files changed
tree: 6049032f578b76acfb2f16e448367ad59698fec2
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. include/
  7. pki/
  8. rust/
  9. ssl/
  10. third_party/
  11. tool/
  12. util/
  13. .clang-format
  14. .gitignore
  15. API-CONVENTIONS.md
  16. BREAKING-CHANGES.md
  17. BUILDING.md
  18. CMakeLists.txt
  19. codereview.settings
  20. CONTRIBUTING.md
  21. FUZZING.md
  22. go.mod
  23. go.sum
  24. INCORPORATING.md
  25. LICENSE
  26. PORTING.md
  27. README.md
  28. SANDBOXING.md
  29. sources.cmake
  30. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: