David Benjamin 2a0b391ac9 Rewrite ssl3_send_server_key_exchange to use CBB. There is some messiness around saving and restoring the CBB, but this is still significantly clearer. Note that the BUF_MEM_grow line is gone in favor of a fixed CBB like the other functions ported thus far. This line was never necessary as init_buf is initialized to 16k and none of our key exchanges get that large. (The largest one can get is DHE_RSA. Even so, it'd take a roughly 30k-bit DH group with a 30k-bit RSA key.) Having such limits and tight assumptions on init_buf's initial size is poor (but on par for the old code which usually just blindly assumed the message would not get too large) and the size of the certificate chain is much less obviously bounded, so those BUF_MEM_grows can't easily go. My current plan is convert everything but those which legitimately need BUF_MEM_grow to CBB, then atomically convert the rest, remove init_buf, and switch everything to non-fixed CBBs. This will hopefully also simplify async resumption. In the meantime, having a story for resumption means the future atomic change is smaller and, more importantly, relieves some complexity budget in the ServerKeyExchange code for adding Curve25519. Change-Id: I1de6af9856caaed353453d92a502ba461a938fbd Reviewed-on: https://boringssl-review.googlesource.com/6770 Reviewed-by: Adam Langley <agl@google.com>		8 år sedan
crypto	Rewrite ssl3_send_server_key_exchange to use CBB.	8 år sedan
decrepit	Fix AES XTS mode key size.	9 år sedan
fuzz	Add four, basic fuzz tests.	9 år sedan
include/openssl	Rewrite ssl3_send_server_key_exchange to use CBB.	8 år sedan
ssl	Rewrite ssl3_send_server_key_exchange to use CBB.	8 år sedan
tool	Add a tool to generate Ed25519 keys.	8 år sedan
util	Chromium's update.sh is dead, long live update.py	8 år sedan
.clang-format	Inital import.	10 år sedan
.gitignore	Fix documentation generation on Windows.	9 år sedan
BUILDING.md	Make the instructions for downloading the ARM compiler easier to copy and paste.	9 år sedan
CMakeLists.txt	Remove NO_ASM define that I accidently included in the previous commit.	8 år sedan
FUZZING.md	Update and fix fuzzing instructions.	9 år sedan
LICENSE	Note that some files carry in Intel license.	9 år sedan
PORTING.md	Update PORTING.md for the new renego API.	9 år sedan
README.md	Add four, basic fuzz tests.	9 år sedan
STYLE.md	Update link to Google style guide.	9 år sedan
codereview.settings	Add a codereview.settings file.	10 år sedan

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don’t recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google’s product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it’s not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.