Google Git
Sign in
boringssl / boringssl / a4954e5ace867ed88633c1380a61ca72f62a2bab
commita4954e5ace867ed88633c1380a61ca72f62a2bab[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Nov 11 15:11:45 2020 -0500
committerAdam Langley <agl@google.com>Thu Nov 12 18:20:43 2020 +0000
treeadc95212a9c77b5ee0306f699f7cd5596ea876cb
parentc509ee3fa27d191b23da353d363c396ef7bdecdb [diff]
Remove the legacy MSTRING M_ASN1 macros.

The free and dup macros are fine and can be replaced with their function
counterparts, but the new macros call ASN1_STRING_type_new with a
representative type in the CHOICE. This does not match what the
corresponding functions (e.g. ASN1_TIME_new) do.

The functions go through tasn_new.c and end up at ASN1_primitive_new.
That ends up creating an ASN1_STRING with type -1 and the
ASN1_STRING_FLAG_MSTRING flag set. X509_time_adj_ex uses the flag to
determine whether to trigger X.509's UTCTime vs GeneralizedTime
switching.

Confusingly, ASN1_TIME_adj, ASN1_UTCTIME_adj, and
ASN1_GENERALIZEDTIME_adj trigger this behavior based on the function
itself. That seems more robust (X509_set1_notBefore might accidentally
lose the flag), so maybe we can remove this flag. In the meantime, at
least remove the old macros so we don't create the wrong type.

Update-Note: Some M_ASN1 macros were removed. Code search says there
were no uses, and OpenSSL upstream removed all of them.

Change-Id: Iffa63f2624c38e64679207720c5ebd5241da644c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44047
Reviewed-by: Adam Langley <agl@google.com>
1 file changed
tree: adc95212a9c77b5ee0306f699f7cd5596ea876cb
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. third_party/
  8. tool/
  9. util/
  10. .clang-format
  11. .gitignore
  12. API-CONVENTIONS.md
  13. BREAKING-CHANGES.md
  14. BUILDING.md
  15. CMakeLists.txt
  16. codereview.settings
  17. CONTRIBUTING.md
  18. FUZZING.md
  19. go.mod
  20. go.sum
  21. INCORPORATING.md
  22. LICENSE
  23. PORTING.md
  24. README.md
  25. SANDBOXING.md
  26. sources.cmake
  27. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: