commit | cf506f17d0fe51a43abcc37aecb63601b70218ef | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Wed May 25 12:10:15 2022 -0400 |
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu May 26 21:52:12 2022 +0000 |
tree | 60b098734801e676ffc1ffe8b4d50911be77b413 | |
parent | 2d4f1b85f270fe6fc15dfd39a40015f52972ea2e [diff] |
Make EVP_CIPHER opaque. If we're to have any hope of fixing EVP_CIPHER_CTX's calling convention, we need to be able to change the shape of its method table. Looking back, it looks like we exported this in https://boringssl-review.googlesource.com/4330, for OpenSSH. I don't remember exactly what OpenSSH was doing, but I see in this commit, they removed a bunch of custom EVP_CIPHERs which would definitely have required an exported EVP_CIPHER struct: https://github.com/openssh/openssh-portable/commit/cdccebdf85204bf7542b7fcc1aa2ea3f36661833 That's been gone for a while now, so hopefully we can hide it again. (If a project needs a cipher not implemented by OpenSSL, it's not strictly necessarily to make a custom EVP_CIPHER. It might be convenient to reuse the abstraction, but you can always just call your own APIs directly.) Update-Note: EVP_CIPHER is now opaque. Use accessors instead. Bug: 494 Change-Id: I9344690c3cfe7d19d6ca12fb66484ced57dbe869 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52725 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: Bob Beck <bbe@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
There are other files in this directory which might be helpful: