Google Git
Sign in
boringssl / boringssl / 9cf9d3eb0681e0522db89ef5178c7bf8d5e7977f
commit9cf9d3eb0681e0522db89ef5178c7bf8d5e7977f[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri May 08 18:28:07 2020 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Thu May 14 17:33:22 2020 +0000
tree04722da34460af3eb1c2785682f62a3658453b07
parentbe28dd623f0d6eb3a97ebc428f8cdc7f6bf4e8f4 [diff]
Still query getauxval if reading /proc/cpuinfo fails.

If BoringSSL is used in a sandbox without /proc/cpuinfo, we will
silently act as if the CPU is missing capabilities, even though
getauxval may be available. We use /proc/cpuinfo to work around a
missing AT_HWCAP2 and ignore a particular broken CPU.

Ignoring the former fails closed, so it's safe to proceed. The latter
fails closed, but it is now vanishingly rare (even missing AT_HWCAP2 has
largely dropped off), so instead proceed with getauxval. This makes the
/proc paths largely optional.

Change-Id: Ib198c4f78ccdae874d55669b6a7508dfbeac0f44
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41325
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2 files changed
tree: 04722da34460af3eb1c2785682f62a3658453b07
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. third_party/
  8. tool/
  9. util/
  10. .clang-format
  11. .gitignore
  12. API-CONVENTIONS.md
  13. BREAKING-CHANGES.md
  14. BUILDING.md
  15. CMakeLists.txt
  16. codereview.settings
  17. CONTRIBUTING.md
  18. FUZZING.md
  19. go.mod
  20. INCORPORATING.md
  21. LICENSE
  22. PORTING.md
  23. README.md
  24. sources.cmake
  25. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: