Google Git
Sign in
boringssl / boringssl / 2d691ca60ddb535a7a54fb07fd2252bd6017bee7
commit2d691ca60ddb535a7a54fb07fd2252bd6017bee7[log] [tgz]
authorAdam Langley <alangley@gmail.com>Tue Jan 19 14:11:16 2021 -0800
committerAdam Langley <agl@google.com>Wed Jan 20 19:18:27 2021 +0000
tree1c8b17cf6e60580b97459e9b4089d16384bc21f2
parentc5e2cf3c077bbe974808d451103dafec2bc6a82a [diff]
Make BN_clear_free a wrapper around BN_free.

We clear all heap memory on free now, thus the difference between these
functions is quite small. There are some differences though:

Firstly, BN_clear_free will attempt to zero out static limb data.  But
static data is probably read-only and thus trying to zero it will crash.

Secondly it will try to zero out the BIGNUM structure itself. But either
it's on the heap, and will be zeroed anyway, or else it's on the stack,
and we don't try and clear the stack in general because the compiler is
duplicating bits of it at will anyway.

Change-Id: I8a07385a102cfd308b555432942225c25eb7c12d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45084
Reviewed-by: David Benjamin <davidben@google.com>
1 file changed
tree: 1c8b17cf6e60580b97459e9b4089d16384bc21f2
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. third_party/
  8. tool/
  9. util/
  10. .clang-format
  11. .gitignore
  12. API-CONVENTIONS.md
  13. BREAKING-CHANGES.md
  14. BUILDING.md
  15. CMakeLists.txt
  16. codereview.settings
  17. CONTRIBUTING.md
  18. FUZZING.md
  19. go.mod
  20. go.sum
  21. INCORPORATING.md
  22. LICENSE
  23. PORTING.md
  24. README.md
  25. SANDBOXING.md
  26. sources.cmake
  27. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: