| commit | ccd665d2aa30375710957f3c357425fa10883613 | [log] [tgz] |
|---|---|---|
| author | Bob Beck <bbe@google.com> | Fri Jul 29 15:57:00 2022 -0600 |
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Fri Jul 29 22:12:19 2022 +0000 |
| tree | 9ce0ed9994df92c1c8235a2162c5b88941b79451 | |
| parent | 5cb597e3ec19996f18a049c78cfa5e9e1a0da280 [diff] |
Make time_t conversions. Give up on the OS provided ones. We only care about dates within years 0000 to 9999 for RFC5280. timegm() is only semi-standard. Some things require the setting awkward defines to get libc to give it to you. Other things let you have it but make it stop working at year 3000. Still other things have 32 bit time_t..... Let's just make our own that actually works. all the time, does everything with an int64_t, and fails if you want to send something out that would overflow a 32 bit time_t. In the process of doing this, we get rid of the old Julian date stuff from OpenSSL, which while functional was a bit awkward dealing only with days, and using the Julian calendar as the reference point instead of potentially something more useful. Julian seconds since Jan 1 1970 00:00:00 UCT are much more useful to us than Julian days since a Julian epoch. The OS implementations of timegm() and gmtime() also can be pretty complex, due to the nature of needing multiple timezone, daylight saving, day of week, and other stuff we simply do not need for doing things with certificate times. A small microbenchmark of 10000000 of each operation comparing this implementation to the system version on my M1 mac gives: bbe-macbookpro:tmp bbe$ time ./openssl_gmtime real 0m0.152s user 0m0.127s sys 0m0.018s bbe-macbookpro:tmp bbe$ time ./gmtime real 0m0.422s user 0m0.403s sys 0m0.014s bbe-macbookpro:tmp bbe$ time ./openssl_timegm real 0m0.041s user 0m0.015s sys 0m0.019s bbe-macbookpro:tmp bbe$ time ./timegm real 0m30.432s user 0m30.383s sys 0m0.040s Similarly On a glinux machine: bbe@bbe-glinux1:~$ time ./openssl_gmtime real 0m0.157s user 0m0.152s sys 0m0.008s bbe@bbe-glinux1:~$ time ./gmtime real 0m0.336s user 0m0.336s sys 0m0.002s bbe@bbe-glinux1:~$ time ./openssl_timegm real 0m0.018s user 0m0.019s sys 0m0.002s bbe@bbe-glinux1:~$ time ./timegm real 0m0.680s user 0m0.671s sys 0m0.011s bbe@bbe-glinux1:~$ Bug: 501 Change-Id: If445272d365f2c9673b5f3264d082af1a342e0a1 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53245 Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: David Benjamin <davidben@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
There are other files in this directory which might be helpful: