commit | a4954e5ace867ed88633c1380a61ca72f62a2bab | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Wed Nov 11 15:11:45 2020 -0500 |
committer | Adam Langley <agl@google.com> | Thu Nov 12 18:20:43 2020 +0000 |
tree | adc95212a9c77b5ee0306f699f7cd5596ea876cb | |
parent | c509ee3fa27d191b23da353d363c396ef7bdecdb [diff] |
Remove the legacy MSTRING M_ASN1 macros. The free and dup macros are fine and can be replaced with their function counterparts, but the new macros call ASN1_STRING_type_new with a representative type in the CHOICE. This does not match what the corresponding functions (e.g. ASN1_TIME_new) do. The functions go through tasn_new.c and end up at ASN1_primitive_new. That ends up creating an ASN1_STRING with type -1 and the ASN1_STRING_FLAG_MSTRING flag set. X509_time_adj_ex uses the flag to determine whether to trigger X.509's UTCTime vs GeneralizedTime switching. Confusingly, ASN1_TIME_adj, ASN1_UTCTIME_adj, and ASN1_GENERALIZEDTIME_adj trigger this behavior based on the function itself. That seems more robust (X509_set1_notBefore might accidentally lose the flag), so maybe we can remove this flag. In the meantime, at least remove the old macros so we don't create the wrong type. Update-Note: Some M_ASN1 macros were removed. Code search says there were no uses, and OpenSSL upstream removed all of them. Change-Id: Iffa63f2624c38e64679207720c5ebd5241da644c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44047 Reviewed-by: Adam Langley <agl@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
There are other files in this directory which might be helpful: