commit | c77d0f8c776c89195d4095d51f2eaebb621887a6 | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Wed Dec 06 23:07:11 2023 -0500 |
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Tue Dec 12 16:47:41 2023 +0000 |
tree | eedaf60279006b8026d9127c763c22b3c86264f4 | |
parent | f2a3aae4ac4d914d9fb8587ee7d1a7756bbc66c3 [diff] |
Document and fix up name hashing functions These return 32-bit hashes, so they should return a platform-independent uint32_t. I've categorized X509_issuer_name_hash and friends under "convenience" functions. X509_NAME_hash and X509_NAME_hash_old are as yet unclassified. Since the hash function is only relevant to X509_LOOKUP_hash_dir, I'm thinking I'll put them with that, once that's organized. While I'm here, simplify the implementations of these functions. The hash operation itself can be made infallible and allocation-free easily. However the function itself is still fallible (and non-const, and not thread-safe) due to the cached encoding mess. X509Test.NameHash captures existing hash values, so we'd notice if this changed the output. Update-Note: This is source-compatible for C/C++, including with -Wconversion, but some bindings need a patch in cl/588632028 to be compatible. Bug: 426 Change-Id: I9bfd3f1093ab15c44d8cb2d81d53aeb3d6e49fc9 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64647 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
There are other files in this directory which might be helpful: