Google Git
Sign in
boringssl / boringssl / d4ae47e5884c815c90579fa548ac600f7b9ba12a
commitd4ae47e5884c815c90579fa548ac600f7b9ba12a[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Sep 03 14:46:30 2024 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Sep 03 21:00:46 2024 +0000
tree12ffd4742145f742ffb32a5cc18944c8b8a0825a
parent517fd770651451e9de2ad22c813df50cd8821cfc [diff]
Mark the CPU capability helpers as const, not just pure

If we have code like this, the compiler will not currently dedup the
capability check:

  void foo() {
    if (CRYPTO_is_AVX2_capable()) {
      foo_avx2();
    } else {
      foo_nohw();
    }
  }

  foo();
  foo();
  foo();

This is because a pure function may still inspect some globals and the
compiler doesn't know that foo_avx2() does not change the output of
CRYPTO_is_AVX2_capable(). We'd really like that to turn into:

  if (CRYPTO_is_AVX2_capable()) {
    foo_avx2();
    foo_avx2();
    foo_avx2();
  } else {
    foo_nohw();
    foo_nohw();
    foo_nohw();
  }

Strictly speaking, these functions are not const because they inspect a
global variable and a test might modify
OPENSSL_get_armcap_pointer_for_test(). However, that internal, test-only
function is already documented as needing to be resolved before any
other BoringSSL function is called. When that rule is heeded, const is
fine.

Bug: 42290548
Change-Id: I1737fd00d443e8854294dcc8446b7b0aa38ffc76
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/70828
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
1 file changed
tree: 12ffd4742145f742ffb32a5cc18944c8b8a0825a
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. gen/
  7. include/
  8. pki/
  9. rust/
  10. ssl/
  11. third_party/
  12. tool/
  13. util/
  14. .bazelignore
  15. .bazelrc
  16. .clang-format
  17. .gitignore
  18. API-CONVENTIONS.md
  19. BREAKING-CHANGES.md
  20. BUILD.bazel
  21. build.json
  22. BUILDING.md
  23. CMakeLists.txt
  24. codereview.settings
  25. CONTRIBUTING.md
  26. FUZZING.md
  27. go.mod
  28. go.sum
  29. INCORPORATING.md
  30. LICENSE
  31. MODULE.bazel
  32. MODULE.bazel.lock
  33. PORTING.md
  34. PrivacyInfo.xcprivacy
  35. README.md
  36. SANDBOXING.md
  37. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: