Google Git
Sign in
boringssl / boringssl / c77d0f8c776c89195d4095d51f2eaebb621887a6
commitc77d0f8c776c89195d4095d51f2eaebb621887a6[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Dec 06 23:07:11 2023 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Dec 12 16:47:41 2023 +0000
treeeedaf60279006b8026d9127c763c22b3c86264f4
parentf2a3aae4ac4d914d9fb8587ee7d1a7756bbc66c3 [diff]
Document and fix up name hashing functions

These return 32-bit hashes, so they should return a platform-independent
uint32_t. I've categorized X509_issuer_name_hash and friends under
"convenience" functions. X509_NAME_hash and X509_NAME_hash_old are as
yet unclassified. Since the hash function is only relevant to
X509_LOOKUP_hash_dir, I'm thinking I'll put them with that, once that's
organized.

While I'm here, simplify the implementations of these functions. The
hash operation itself can be made infallible and allocation-free easily.
However the function itself is still fallible (and non-const, and not
thread-safe) due to the cached encoding mess. X509Test.NameHash captures
existing hash values, so we'd notice if this changed the output.

Update-Note: This is source-compatible for C/C++, including with
-Wconversion, but some bindings need a patch in cl/588632028 to be
compatible.

Bug: 426
Change-Id: I9bfd3f1093ab15c44d8cb2d81d53aeb3d6e49fc9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64647
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
5 files changed
tree: eedaf60279006b8026d9127c763c22b3c86264f4
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. include/
  7. pki/
  8. rust/
  9. ssl/
  10. third_party/
  11. tool/
  12. util/
  13. .clang-format
  14. .gitignore
  15. API-CONVENTIONS.md
  16. BREAKING-CHANGES.md
  17. BUILDING.md
  18. CMakeLists.txt
  19. codereview.settings
  20. CONTRIBUTING.md
  21. FUZZING.md
  22. go.mod
  23. go.sum
  24. INCORPORATING.md
  25. LICENSE
  26. PORTING.md
  27. README.md
  28. SANDBOXING.md
  29. sources.cmake
  30. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: