Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl

Go to file

David Benjamin 19721cd778 Remove d2i_FOO object reuse The "object reuse" mode in d2i_FOO is extremely problematic. See bug for details. When we rewrite d2i_RSAPublicKey, etc., with CBS, we switched dropped this fragile behavior and replaced it with freeing the old value and replacing it with the new value. Extend this behavior to all functions generated by crypto/asn1 templates too. In particular, tasn_dec.c already frees the original object on error, which means callers must already be prepared for OpenSSL to free their reused object. The one caller I found that would be incompatible (via both running tests and auditing callers) was actually broken due to this error case, and has been fixed. Update-Note: This slightly changes the calling convention of the d2i_FOO functions. The change should be compatible with almost all valid calls. If something goes wrong, it should hopefully be quite obvious. If affected (or unaffected), prefer to set the output parameter to NULL and use the return value instead. Fixed: 550 Change-Id: Ie54cdf17f8f5a4d76fdbcddeaa27e6afd3fa9d8e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56647 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>		2 years ago
.github	acvp: add CMAC-AES support.	4 years ago
cmake	Move OpenSSLConfig.cmake into the cmake/ directory	2 years ago
crypto	Remove d2i_FOO object reuse	2 years ago
decrepit	Trim unnecessary -lrt and ws2_32 deps in the build.	2 years ago
fuzz	Remove the last of the broken NEON workaround	2 years ago
include/openssl	Remove d2i_FOO object reuse	2 years ago
rust	Build rust bindings against header files under current source dir	2 years ago
ssl	Trim unnecessary -lrt and ws2_32 deps in the build.	2 years ago
third_party	Update fiat-crypto.	3 years ago
tool	Trim unnecessary -lrt and ws2_32 deps in the build.	2 years ago
util	Remove stale TODO in util/bot/DEPS	2 years ago
.clang-format	Fix some clang-format formatting.	2 years ago
.gitignore	Add a copy of ninja from CIPD to util/bot/DEPS	2 years ago
API-CONVENTIONS.md	acvp: add CMAC-AES support.	4 years ago
BREAKING-CHANGES.md	acvp: add CMAC-AES support.	4 years ago
BUILDING.md	Bump minimum CMake version.	2 years ago
CMakeLists.txt	Remove old clang-cl workaround	2 years ago
CONTRIBUTING.md	Add note about Gerrit account creation	3 years ago
FUZZING.md	Use a consistent plural for 'corpus'.	4 years ago
INCORPORATING.md	acvp: add CMAC-AES support.	4 years ago
LICENSE	Add optimised Aarch64 GCM.	2 years ago
PORTING.md	Remove d2i_FOO object reuse	2 years ago
README.md	See whether relative links work for the documentation.	2 years ago
SANDBOXING.md	acvp: add CMAC-AES support.	4 years ago
STYLE.md	acvp: add CMAC-AES support.	4 years ago
codereview.settings	acvp: add CMAC-AES support.	4 years ago
go.mod	Fix some memory leaks in policy_cache_new.	2 years ago
go.sum	Fix some memory leaks in policy_cache_new.	2 years ago
sources.cmake	Fix inhibitPolicyMapping in the new policy tree code.	2 years ago

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
INCORPORATING.md: how to incorporate BoringSSL into a project.
API-CONVENTIONS.md: general API conventions for BoringSSL consumers and developers.
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.
BREAKING-CHANGES.md: notes on potentially-breaking changes.
SANDBOXING.md: notes on using BoringSSL in a sandboxed environment.