Google Git
Sign in
boringssl / boringssl / 8ede9514dac7cace2084d95502d4bd8ea39b08b6
commit8ede9514dac7cace2084d95502d4bd8ea39b08b6[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun Mar 17 15:29:54 2024 +1000
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Mar 19 01:42:31 2024 +0000
tree676fb94fa5df66e9bfed7cc2358c3edba91c2eb4
parent044fbc86ef5505d5fdab2befd476992ad1074665 [diff]
Make EVP_PKEY_type into the identity function

This function exists because callers sometimes write
EVP_PKEY_type(EVP_PKEY_id(pkey)), which is equivalent to
EVP_PKEY_base_id(pkey).

In OpenSSL, all this existed so that a type parsed as EVP_PKEY_RSA2
could still be mapped to EVP_PKEY_RSA. We haven't supported this since
2015, so this purely exists as a way to check that the key type exists.
In doing so, it currently pulls in the full implementation of every key
type.

I could replicate the list of keys, but that is one more place we have
to keep things up-to-date. Instead, just make this function the
identity. Looking through callers, it did not appear anyone depended on
the error condition.

Update-Note: EVP_PKEY_type used to return NID_undef when given a garbage
key type. Given it is only ever used in concert with EVP_PKEY_id, this
is unlikely to impact anyone. If it does, we can do the more tedious
option.

Bug: 497
Change-Id: Ibf68a07ef6906398df0fec425c869c107b8c90f4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67109
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 files changed
tree: 676fb94fa5df66e9bfed7cc2358c3edba91c2eb4
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. include/
  7. pki/
  8. rust/
  9. ssl/
  10. third_party/
  11. tool/
  12. util/
  13. .clang-format
  14. .gitignore
  15. API-CONVENTIONS.md
  16. BREAKING-CHANGES.md
  17. BUILDING.md
  18. CMakeLists.txt
  19. codereview.settings
  20. CONTRIBUTING.md
  21. FUZZING.md
  22. go.mod
  23. go.sum
  24. INCORPORATING.md
  25. LICENSE
  26. PORTING.md
  27. README.md
  28. SANDBOXING.md
  29. sources.cmake
  30. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: