David Benjamin 13e81fc971 Fix DTLS asynchronous write handling. Although the DTLS transport layer logic drops failed writes on the floor, it is actually set up to work correctly. If an SSL_write fails at the transport, dropping the buffer is fine. Arguably it works better than in TLS because we don't have the weird "half-committed to data" behavior. Likewise, the handshake keeps track of how far its gotten and resumes the message at the right point. This broke when the buffering logic was rewritten because I didn't understand what the DTLS code was doing. The one thing that doesn't work as one might expect is non-fatal write errors during rexmit are not recoverable. The next timeout must fire before we try again. This code is quite badly sprinkled in here, so add tests to guard it against future turbulence. Because of the rexmit issues, the tests need some hacks around calls which may trigger them. It also changes the Go DTLS implementation from being completely strict about sequence numbers to only requiring they be monotonic. The tests also revealed another bug. This one seems to be upstream's fault, not mine. The logic to reset the handshake hash on the second ClientHello (in the HelloVerifyRequest case) was a little overenthusiastic and breaks if the ClientHello took multiple tries to send. Change-Id: I9b38b93fff7ae62faf8e36c4beaf848850b3f4b9 Reviewed-on: https://boringssl-review.googlesource.com/6417 Reviewed-by: Adam Langley <agl@google.com>		pirms 9 gadiem
crypto	Fix several warnings that arise in Android.	pirms 9 gadiem
decrepit	Fix shared library build on OS X.	pirms 9 gadiem
include/openssl	Fix DTLS asynchronous write handling.	pirms 9 gadiem
ssl	Fix DTLS asynchronous write handling.	pirms 9 gadiem
tool	For now, give the unsuffixed ChaCha20 AEAD name to the old version.	pirms 9 gadiem
util	Support Bazel builds on other platforms.	pirms 9 gadiem
.clang-format	Inital import.	pirms 10 gadiem
.gitignore	Fix documentation generation on Windows.	pirms 9 gadiem
BUILDING.md	Make the instructions for downloading the ARM compiler easier to copy and paste.	pirms 9 gadiem
CMakeLists.txt	Fix several warnings that arise in Android.	pirms 9 gadiem
LICENSE	Note that some files carry in Intel license.	pirms 9 gadiem
PORTING.md	Update PORTING.md for the new renego API.	pirms 9 gadiem
README.md	Links in README.md, take two.	pirms 9 gadiem
STYLE.md	Markdown-ify STYLE.	pirms 9 gadiem
codereview.settings	Add a codereview.settings file.	pirms 10 gadiem

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.