Google Git
Sign in
boringssl / boringssl.git / f715c423224a292d79ba0e3df373c828fbae29f7
commitf715c423224a292d79ba0e3df373c828fbae29f7[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sat Jun 11 19:01:56 2016 -0400
committerAdam Langley <agl@google.com>Tue Jun 14 19:40:25 2016 +0000
tree05a763b9fb59e48acc27a565419bbcda601630bb
parent5c0fb889a1348ecaa5691f6139f9d60a610f2129 [diff]
Make SSL_set_bio's ownership easier to reason about.

SSL_set_bio has some rather complex ownership story because whether rbio/wbio
are both owning depends on whether they are equal. Moreover, whether
SSL_set_bio(ssl, rbio, wbio) frees ssl->rbio depends on whether rbio is the
existing rbio or not. The current logic doesn't even get it right; see tests.

Simplify this. First, rbio and wbio are always owning. All the weird ownership
cases which we're stuck with for compatibility will live in SSL_set_bio. It
will internally BIO_up_ref if necessary and appropriately no-op the left or
right side as needed. It will then call more well-behaved ssl_set_rbio or
ssl_set_wbio functions as necessary.

Change-Id: I6b4b34e23ed01561a8c0aead8bb905363ee413bb
Reviewed-on: https://boringssl-review.googlesource.com/8240
Reviewed-by: Adam Langley <agl@google.com>
3 files changed
tree: 05a763b9fb59e48acc27a565419bbcda601630bb
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. third_party/
  8. tool/
  9. util/
  10. .clang-format
  11. .gitignore
  12. BUILDING.md
  13. CMakeLists.txt
  14. codereview.settings
  15. CONTRIBUTING.md
  16. FUZZING.md
  17. INCORPORATING.md
  18. LICENSE
  19. PORTING.md
  20. README.md
  21. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: