David Benjamin 17d553d299 Add a CFI tester to CHECK_ABI. This uses the x86 trap flag and libunwind to test CFI works at each instruction. For now, it just uses the system one out of pkg-config and disables unwind tests if unavailable. We'll probably want to stick a copy into //third_party and perhaps try the LLVM one later. This tester caught two bugs in P-256 CFI annotations already: I47b5f9798b3bcee1748e537b21c173d312a14b42 and I9f576d868850312d6c14d1386f8fbfa85021b347 An earlier design used PTRACE_SINGLESTEP with libunwind's remote unwinding features. ptrace is a mess around stop signals (see group-stop discussion in ptrace(2)) and this is 10x faster, so I went with it. The question of which is more future-proof is complex: - There are two libunwinds with the same API, https://www.nongnu.org/libunwind/ and LLVM's. This currently uses the system nongnu.org for convenience. In future, LLVM's should be easier to bundle (less complex build) and appears to even support Windows, but I haven't tested this. Moreover, setting the trap flag keeps the test single-process, which is less complex on Windows. That suggests the trap flag design and switching to LLVM later. However... - Not all architectures have a trap flag settable by userspace. As far as I can tell, ARMv8's PSTATE.SS can only be set from the kernel. If we stick with nongnu.org libunwind, we can use PTRACE_SINGLESTEP and remote unwinding. Or we implement it for LLVM. Another thought is for the ptracer to bounce SIGTRAP back into the process, to share the local unwinding code. - ARMv7 has no trap flag at all and PTRACE_SINGLESTEP fails. Debuggers single-step by injecting breakpoints instead. However, ARMv8's trap flag seems to work in both AArch32 and AArch64 modes, so we may be able to condition it on a 64-bit kernel. Sadly, neither strategy works with Intel SDE. Adding flags to cpucap vectors as we do with ARM would help, but it would not emulate CPUs newer than the host CPU. For now, I've just had SDE tests disable these. Annoyingly, CMake does not allow object libraries to have dependencies, so make test_support a proper static library. Rename the target to test_support_lib to avoid https://gitlab.kitware.com/cmake/cmake/issues/17785 Update-Note: This adds a new optional test dependency, but it's disabled by default (define BORINGSSL_HAVE_LIBUNWIND), so consumers do not need to do anything. We'll probably want to adjust this in the future. Bug: 181 Change-Id: I817263d7907aff0904a9cee83f8b26747262cc0c Reviewed-on: https://boringssl-review.googlesource.com/c/33966 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>		5 年前
.github	Add a PULL_REQUEST_TEMPLATE.	8 年前
crypto	Add a CFI tester to CHECK_ABI.	5 年前
decrepit	Add a CFI tester to CHECK_ABI.	5 年前
fipstools	Add a CFI tester to CHECK_ABI.	5 年前
fuzz	Refresh fuzzer corpora for changes to split-handshake serialization.	6 年前
include/openssl	Fix some size_t to long casts.	5 年前
infra/config	No longer set CQ-Verified label on CQ success/failure.	6 年前
ssl	Add a CFI tester to CHECK_ABI.	5 年前
third_party	Remove bundled copy of android-cmake.	5 年前
tool	HRSS: omit reconstruction of ciphertext.	5 年前
util	Add a CFI tester to CHECK_ABI.	5 年前
.clang-format	Import `newhope' (post-quantum key exchange).	8 年前
.gitignore	Update SDE and add the Windows version.	5 年前
API-CONVENTIONS.md	Clarify "reference" and fix typo.	6 年前
BREAKING-CHANGES.md	Add some notes on how to handle breaking changes.	6 年前
BUILDING.md	Add a CFI tester to CHECK_ABI.	5 年前
CMakeLists.txt	Add a CFI tester to CHECK_ABI.	5 年前
CONTRIBUTING.md	Add a CONTRIBUTING.md file.	8 年前
FUZZING.md	Switch to Clang 6.0's fuzzer support.	6 年前
INCORPORATING.md	Update URL for GN quick start guide.	6 年前
LICENSE	Note licenses for support code in the top-level LICENSE file.	6 年前
PORTING.md	Remove reference to SSL3 in PORTING.md.	6 年前
README.md	Add some notes on how to handle breaking changes.	6 年前
STYLE.md	Fix some style guide samples.	7 年前
codereview.settings	Comment change in codereview.settings	6 年前
go.mod	Set up Go modules.	6 年前
sources.cmake	Add new curve/hash ECDSA combinations from Wycheproof.	6 年前

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
INCORPORATING.md: how to incorporate BoringSSL into a project.
API-CONVENTIONS.md: general API conventions for BoringSSL consumers and developers.
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.
BREAKING-CHANGES.md: notes on potentially-breaking changes.