David Benjamin 15c1488b61 Clear the error queue on entry to core SSL operations. OpenSSL historically made some poor API decisions. Rather than returning a status enum in SSL_read, etc., these functions must be paired with SSL_get_error which determines the cause of the last error's failure. This requires SSL_read communicate with SSL_get_error with some stateful flag, rwstate. Further, probably as workarounds for bugs elsewhere, SSL_get_error does not trust rwstate. Among other quirks, if the error queue is non-empty, SSL_get_error overrides rwstate and returns a value based on that. This requires that SSL_read, etc., be called with an empty error queue. (Or we hit one of the spurious ERR_clear_error calls in the handshake state machine, likely added as further self-workarounds.) Since requiring callers consistently clear the error queue everywhere is unreasonable (crbug.com/567501), clear ERR_clear_error once at the entry point. Until/unless[] we make SSL_get_error sane, this is the most reasonable way to get to the point that clearing the error queue on error is optional. With those in place, the calls in the handshake state machine are no longer needed. (I suspect all the ERR_clear_system_error calls can also go, but I'll investigate and think about that separately.) [] I'm not even sure it's possible anymore, thanks to the possibility of BIO_write pushing to the error queue. BUG=567501,593963 Change-Id: I564ace199e5a4a74b2554ad3335e99cd17120741 Reviewed-on: https://boringssl-review.googlesource.com/7455 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>		8 years ago
.github	Add a PULL_REQUEST_TEMPLATE.	8 years ago
crypto	Revert "Revert "Reduce maximum RSA public exponent size to 33 bits.""	8 years ago
decrepit	Add \|DH_generate_parameters\| to decrepit.	8 years ago
fuzz	Regenerate server_corpus and client_corpus.	8 years ago
include/openssl	Match upstream's error codes for the old sigalg code.	8 years ago
ssl	Clear the error queue on entry to core SSL operations.	8 years ago
tool	Pass \|alice_msg\| by reference in the SPAKE2 speed test.	8 years ago
util	Update cmake-linux64.tar.gz and cmake-mac.tar.gz.	8 years ago
.clang-format	Inital import.	10 years ago
.gitignore	Fix documentation generation on Windows.	9 years ago
BUILDING.md	Enable upstream's ChaCha20 assembly for x86 and ARM (32- and 64-bit).	8 years ago
CMakeLists.txt	Add `8bit-counters` option for fuzzing.	8 years ago
CONTRIBUTING.md	Add a CONTRIBUTING.md file.	8 years ago
FUZZING.md	Document how to minimise corpuses.	8 years ago
LICENSE	Add some bug references to the LICENSE file.	8 years ago
PORTING.md	Document the d2i object reuse changes in PORTING.md.	8 years ago
README.md	Add a CONTRIBUTING.md file.	8 years ago
STYLE.md	Update link to Google style guide.	9 years ago
codereview.settings	Add a codereview.settings file.	10 years ago

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.