commit | ebd87230ac9694134cadb8e1606ad09dbfc2184c | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Thu Dec 14 14:07:04 2017 -0500 |
committer | Adam Langley <agl@google.com> | Thu Dec 14 19:47:23 2017 +0000 |
tree | 33df5455267ad3ed9bbfb3e277b194911a01b6ec | |
parent | 875095aa7cb4ea1c738c7a7a20eb15c24a7519e4 [diff] |
Bring ERR_ERROR_STRING_BUF_LEN down to 120. Originally, the only OpenSSL API to stringify errors was: char *ERR_error_string(unsigned long e, char *buf); This API leaves callers a choice to either be thread unsafe (buf = NULL) or pass in a buffer with unknown size. Indeed the original implementation was just a bunch of unchecked sprintfs with, in the buf = NULL case, a static 256-byte buffer. https://github.com/openssl/openssl/blob/388f2f56f213dfada0370d48cb9bcc3c7e980b32/crypto/err/err.c#L374 Then ERR_error_string was documented that the buffer must be size 120. Nowhere in the code was 120 significant. I expect OpenSSL just made up a number. https://github.com/openssl/openssl/commit/388f2f56f213dfada0370d48cb9bcc3c7e980b32 Then upstream added the ERR_error_string_n API. Although the documentation stated 120 bytes, the internal buffer was 256, so the code actually translates ERR_error_string to ERR_error_string_n(e, buf, 256), not ERR_error_string_n(e, buf, 120)! https://github.com/openssl/openssl/commit/e5c84d5152c11a3dfa436041d3336a6f403baad8 So the documentation was wrong all this time! OpenSSL 1.1.0 corrected the documentation to 256, but, alas, a lot of code used the documentation and sized the buffer at 120. We should fix all ERR_error_string callers to ERR_error_string_n but, in the meantime, using 120 is probably less effort. Note this also affects ERR_print_errors_cb right now. We don't have function codes, so 120 bytes leaves 60 bytes for the reason code. Our longest one, TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST is 46 bytes, so it's a little tight, but, if needed, we can recover 20-ish bytes by shrinking the library names. We can also always make ERR_print_errors_cb use a larger buffer. Change-Id: I472a1a802f2e6281cc7515d2a452208d6bac1200 Reviewed-on: https://boringssl-review.googlesource.com/24184 Reviewed-by: Adam Langley <agl@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful: