David Benjamin 17d553d299 Add a CFI tester to CHECK_ABI. This uses the x86 trap flag and libunwind to test CFI works at each instruction. For now, it just uses the system one out of pkg-config and disables unwind tests if unavailable. We'll probably want to stick a copy into //third_party and perhaps try the LLVM one later. This tester caught two bugs in P-256 CFI annotations already: I47b5f9798b3bcee1748e537b21c173d312a14b42 and I9f576d868850312d6c14d1386f8fbfa85021b347 An earlier design used PTRACE_SINGLESTEP with libunwind's remote unwinding features. ptrace is a mess around stop signals (see group-stop discussion in ptrace(2)) and this is 10x faster, so I went with it. The question of which is more future-proof is complex: - There are two libunwinds with the same API, https://www.nongnu.org/libunwind/ and LLVM's. This currently uses the system nongnu.org for convenience. In future, LLVM's should be easier to bundle (less complex build) and appears to even support Windows, but I haven't tested this. Moreover, setting the trap flag keeps the test single-process, which is less complex on Windows. That suggests the trap flag design and switching to LLVM later. However... - Not all architectures have a trap flag settable by userspace. As far as I can tell, ARMv8's PSTATE.SS can only be set from the kernel. If we stick with nongnu.org libunwind, we can use PTRACE_SINGLESTEP and remote unwinding. Or we implement it for LLVM. Another thought is for the ptracer to bounce SIGTRAP back into the process, to share the local unwinding code. - ARMv7 has no trap flag at all and PTRACE_SINGLESTEP fails. Debuggers single-step by injecting breakpoints instead. However, ARMv8's trap flag seems to work in both AArch32 and AArch64 modes, so we may be able to condition it on a 64-bit kernel. Sadly, neither strategy works with Intel SDE. Adding flags to cpucap vectors as we do with ARM would help, but it would not emulate CPUs newer than the host CPU. For now, I've just had SDE tests disable these. Annoyingly, CMake does not allow object libraries to have dependencies, so make test_support a proper static library. Rename the target to test_support_lib to avoid https://gitlab.kitware.com/cmake/cmake/issues/17785 Update-Note: This adds a new optional test dependency, but it's disabled by default (define BORINGSSL_HAVE_LIBUNWIND), so consumers do not need to do anything. We'll probably want to adjust this in the future. Bug: 181 Change-Id: I817263d7907aff0904a9cee83f8b26747262cc0c Reviewed-on: https://boringssl-review.googlesource.com/c/33966 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>		5年前
.github	Add a PULL_REQUEST_TEMPLATE.	8年前
crypto	Add a CFI tester to CHECK_ABI.	5年前
decrepit	Add a CFI tester to CHECK_ABI.	5年前
fipstools	Add a CFI tester to CHECK_ABI.	5年前
fuzz	Refresh fuzzer corpora for changes to split-handshake serialization.	6年前
include/openssl	Fix some size_t to long casts.	5年前
infra/config	No longer set CQ-Verified label on CQ success/failure.	6年前
ssl	Add a CFI tester to CHECK_ABI.	5年前
third_party	Remove bundled copy of android-cmake.	5年前
tool	HRSS: omit reconstruction of ciphertext.	5年前
util	Add a CFI tester to CHECK_ABI.	5年前
.clang-format	Import `newhope' (post-quantum key exchange).	8年前
.gitignore	Update SDE and add the Windows version.	5年前
API-CONVENTIONS.md	Clarify "reference" and fix typo.	6年前
BREAKING-CHANGES.md	Add some notes on how to handle breaking changes.	6年前
BUILDING.md	Add a CFI tester to CHECK_ABI.	5年前
CMakeLists.txt	Add a CFI tester to CHECK_ABI.	5年前
CONTRIBUTING.md	Add a CONTRIBUTING.md file.	8年前
FUZZING.md	Switch to Clang 6.0's fuzzer support.	6年前
INCORPORATING.md	Update URL for GN quick start guide.	6年前
LICENSE	Note licenses for support code in the top-level LICENSE file.	6年前
PORTING.md	Remove reference to SSL3 in PORTING.md.	6年前
README.md	Add some notes on how to handle breaking changes.	6年前
STYLE.md	Fix some style guide samples.	7年前
codereview.settings	Comment change in codereview.settings	6年前
go.mod	Set up Go modules.	6年前
sources.cmake	Add new curve/hash ECDSA combinations from Wycheproof.	6年前

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
INCORPORATING.md: how to incorporate BoringSSL into a project.
API-CONVENTIONS.md: general API conventions for BoringSSL consumers and developers.
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.
BREAKING-CHANGES.md: notes on potentially-breaking changes.