David Benjamin 17d553d299 Add a CFI tester to CHECK_ABI. This uses the x86 trap flag and libunwind to test CFI works at each instruction. For now, it just uses the system one out of pkg-config and disables unwind tests if unavailable. We'll probably want to stick a copy into //third_party and perhaps try the LLVM one later. This tester caught two bugs in P-256 CFI annotations already: I47b5f9798b3bcee1748e537b21c173d312a14b42 and I9f576d868850312d6c14d1386f8fbfa85021b347 An earlier design used PTRACE_SINGLESTEP with libunwind's remote unwinding features. ptrace is a mess around stop signals (see group-stop discussion in ptrace(2)) and this is 10x faster, so I went with it. The question of which is more future-proof is complex: - There are two libunwinds with the same API, https://www.nongnu.org/libunwind/ and LLVM's. This currently uses the system nongnu.org for convenience. In future, LLVM's should be easier to bundle (less complex build) and appears to even support Windows, but I haven't tested this. Moreover, setting the trap flag keeps the test single-process, which is less complex on Windows. That suggests the trap flag design and switching to LLVM later. However... - Not all architectures have a trap flag settable by userspace. As far as I can tell, ARMv8's PSTATE.SS can only be set from the kernel. If we stick with nongnu.org libunwind, we can use PTRACE_SINGLESTEP and remote unwinding. Or we implement it for LLVM. Another thought is for the ptracer to bounce SIGTRAP back into the process, to share the local unwinding code. - ARMv7 has no trap flag at all and PTRACE_SINGLESTEP fails. Debuggers single-step by injecting breakpoints instead. However, ARMv8's trap flag seems to work in both AArch32 and AArch64 modes, so we may be able to condition it on a 64-bit kernel. Sadly, neither strategy works with Intel SDE. Adding flags to cpucap vectors as we do with ARM would help, but it would not emulate CPUs newer than the host CPU. For now, I've just had SDE tests disable these. Annoyingly, CMake does not allow object libraries to have dependencies, so make test_support a proper static library. Rename the target to test_support_lib to avoid https://gitlab.kitware.com/cmake/cmake/issues/17785 Update-Note: This adds a new optional test dependency, but it's disabled by default (define BORINGSSL_HAVE_LIBUNWIND), so consumers do not need to do anything. We'll probably want to adjust this in the future. Bug: 181 Change-Id: I817263d7907aff0904a9cee83f8b26747262cc0c Reviewed-on: https://boringssl-review.googlesource.com/c/33966 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>		5 年之前
.github	Add a PULL_REQUEST_TEMPLATE.	8 年之前
crypto	Add a CFI tester to CHECK_ABI.	5 年之前
decrepit	Add a CFI tester to CHECK_ABI.	5 年之前
fipstools	Add a CFI tester to CHECK_ABI.	5 年之前
fuzz	Refresh fuzzer corpora for changes to split-handshake serialization.	6 年之前
include/openssl	Fix some size_t to long casts.	5 年之前
infra/config	No longer set CQ-Verified label on CQ success/failure.	6 年之前
ssl	Add a CFI tester to CHECK_ABI.	5 年之前
third_party	Remove bundled copy of android-cmake.	5 年之前
tool	HRSS: omit reconstruction of ciphertext.	5 年之前
util	Add a CFI tester to CHECK_ABI.	5 年之前
.clang-format	Import `newhope' (post-quantum key exchange).	8 年之前
.gitignore	Update SDE and add the Windows version.	5 年之前
API-CONVENTIONS.md	Clarify "reference" and fix typo.	6 年之前
BREAKING-CHANGES.md	Add some notes on how to handle breaking changes.	6 年之前
BUILDING.md	Add a CFI tester to CHECK_ABI.	5 年之前
CMakeLists.txt	Add a CFI tester to CHECK_ABI.	5 年之前
CONTRIBUTING.md	Add a CONTRIBUTING.md file.	8 年之前
FUZZING.md	Switch to Clang 6.0's fuzzer support.	6 年之前
INCORPORATING.md	Update URL for GN quick start guide.	6 年之前
LICENSE	Note licenses for support code in the top-level LICENSE file.	6 年之前
PORTING.md	Remove reference to SSL3 in PORTING.md.	6 年之前
README.md	Add some notes on how to handle breaking changes.	6 年之前
STYLE.md	Fix some style guide samples.	7 年之前
codereview.settings	Comment change in codereview.settings	6 年之前
go.mod	Set up Go modules.	6 年之前
sources.cmake	Add new curve/hash ECDSA combinations from Wycheproof.	6 年之前

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
INCORPORATING.md: how to incorporate BoringSSL into a project.
API-CONVENTIONS.md: general API conventions for BoringSSL consumers and developers.
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.
BREAKING-CHANGES.md: notes on potentially-breaking changes.