Google Git
Sign in
boringssl / boringssl / 421f17716086310306920a5e599ed2e68d511243
commit421f17716086310306920a5e599ed2e68d511243[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Aug 27 22:10:46 2025 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Sep 03 21:29:19 2025 -0700
tree7e67b60afc83e4def21a246b22c96b174be7b88d
parenta79eeb4d4fd60e5593e3540a0a4a0f6be83c1497 [diff]
Parse X509_ALGOR without depending on the templates

We do still need to give X509_ALGOR an ASN1_ITEM, both because the
containing types have not been migrated, and because there are external
callers that use <openssl/asn1t.h> and embed X509_ALGOR.
https://crbug.com/42290417#comment2 has a list of those.

This is a bit more boilerplate than I'd like. Some comes from just
needing to define a bunch of functions. Some comes from not being able
to use C++ ctors and dtors, which is a bit hard to avoid because
X509_ALGOR is actually a public struct. Some is because defining an
ASN1_ITEM involves a bit of code. I've hidden that last one behind a
macro.

(In the long run, I'd like to make the ASN1_ITEM callbacks
CBS/CBB-based, but that's a bit tied up with rewriting tasn_enc.cc and
tasn_dec.cc, which is in turn tied up with the X509_NAME parse callback,
which depends on ASN1_item_ex_d2i and ASN1_item_ex_i2d.)

Bug: 42290417
Change-Id: Ib0bfc9c942aa6bf784cf15af6b3747c9fc9a88f5
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81777
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
3 files changed
tree: 7e67b60afc83e4def21a246b22c96b174be7b88d
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. infra/
  11. pki/
  12. rust/
  13. ssl/
  14. third_party/
  15. tool/
  16. util/
  17. .bazelignore
  18. .bazelrc
  19. .bazelversion
  20. .clang-format
  21. .gitignore
  22. API-CONVENTIONS.md
  23. AUTHORS
  24. BREAKING-CHANGES.md
  25. BUILD.bazel
  26. build.json
  27. BUILDING.md
  28. CMakeLists.txt
  29. codereview.settings
  30. CONTRIBUTING.md
  31. FUZZING.md
  32. go.mod
  33. go.sum
  34. INCORPORATING.md
  35. LICENSE
  36. MODULE.bazel
  37. MODULE.bazel.lock
  38. PORTING.md
  39. PrivacyInfo.xcprivacy
  40. README.md
  41. SANDBOXING.md
  42. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: