David Benjamin 2a0b391ac9 Rewrite ssl3_send_server_key_exchange to use CBB. There is some messiness around saving and restoring the CBB, but this is still significantly clearer. Note that the BUF_MEM_grow line is gone in favor of a fixed CBB like the other functions ported thus far. This line was never necessary as init_buf is initialized to 16k and none of our key exchanges get that large. (The largest one can get is DHE_RSA. Even so, it'd take a roughly 30k-bit DH group with a 30k-bit RSA key.) Having such limits and tight assumptions on init_buf's initial size is poor (but on par for the old code which usually just blindly assumed the message would not get too large) and the size of the certificate chain is much less obviously bounded, so those BUF_MEM_grows can't easily go. My current plan is convert everything but those which legitimately need BUF_MEM_grow to CBB, then atomically convert the rest, remove init_buf, and switch everything to non-fixed CBBs. This will hopefully also simplify async resumption. In the meantime, having a story for resumption means the future atomic change is smaller and, more importantly, relieves some complexity budget in the ServerKeyExchange code for adding Curve25519. Change-Id: I1de6af9856caaed353453d92a502ba461a938fbd Reviewed-on: https://boringssl-review.googlesource.com/6770 Reviewed-by: Adam Langley <agl@google.com>		8 vuotta sitten
crypto	Rewrite ssl3_send_server_key_exchange to use CBB.	8 vuotta sitten
decrepit	Fix AES XTS mode key size.	9 vuotta sitten
fuzz	Add four, basic fuzz tests.	9 vuotta sitten
include/openssl	Rewrite ssl3_send_server_key_exchange to use CBB.	8 vuotta sitten
ssl	Rewrite ssl3_send_server_key_exchange to use CBB.	8 vuotta sitten
tool	Add a tool to generate Ed25519 keys.	8 vuotta sitten
util	Chromium's update.sh is dead, long live update.py	8 vuotta sitten
.clang-format	Inital import.	10 vuotta sitten
.gitignore	Fix documentation generation on Windows.	9 vuotta sitten
BUILDING.md	Make the instructions for downloading the ARM compiler easier to copy and paste.	9 vuotta sitten
CMakeLists.txt	Remove NO_ASM define that I accidently included in the previous commit.	8 vuotta sitten
FUZZING.md	Update and fix fuzzing instructions.	9 vuotta sitten
LICENSE	Note that some files carry in Intel license.	9 vuotta sitten
PORTING.md	Update PORTING.md for the new renego API.	9 vuotta sitten
README.md	Add four, basic fuzz tests.	9 vuotta sitten
STYLE.md	Update link to Google style guide.	9 vuotta sitten
codereview.settings	Add a codereview.settings file.	10 vuotta sitten

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.