Go to file

David Benjamin 33dad1b7a1 Stop pretending to ssl_clear_bad_session. We broke this to varying degrees ages ago. This is the logic to implement the variations of rules in TLS to discard sessions after a failed connection, where a failed connection could be one of: - A connection that was not cleanly shut down. - A connection that received a fatal alert. The first one is nonsense since close_notify does not actually work in the real world. The second is a vaguely more plausible but... - A stateless ticket-based server can't drop sessions anyway. - In TLS 1.3, a client may receive many tickets over the lifetime of a single connection. With an external session cache like ours which may, in theory, but multithreaded, this will be a huge hassle to track. - A client may well attempt to establish a connection and reuse the session before we receive the fatal alert, so any application state we hope to manage won't really work. - An attacker can always close the connection before the fatal alert, so whatever security policy clearing the session gave is easily bypassable. Implementation-wise, this has basically never worked. The ssl_clear_bad_session logic called into SSL_CTX_remove_session which relied on the internal session cache. (Sessions not in the internal session cache don't get removed.) The internal session cache was only useful for a server, where tickets prevent this mechanism from doing anything. For a client, we since removed the internal session cache, so nothing got removed. The API for a client also did not work as it gave the SSL_SESSION, not the SSL, so a consumer would not know the key to invalidate anyway. The recent session state splitting change further broke this. Moreover, calling into SSL_CTX_remove_session logic like that is extremely dubious because it mutates the not_resumable flag on the SSL_SESSION which isn't thread-safe. Spec-wise, TLS 1.3 has downgraded the MUST to a SHOULD. Given all that mess, just remove this code. It is no longer necessary to call SSL_shutdown just to make session caching work. Change-Id: Ib601937bfc5f6b40436941e1c86566906bb3165d Reviewed-on: https://boringssl-review.googlesource.com/9091 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>		2016-08-03 21:07:36 +00:00
.github	Add a PULL_REQUEST_TEMPLATE.	2016-03-08 15:23:52 +00:00
crypto	Use BN_nnmod instead of BN_mod in BN_mod_exp_mont_consttime.	2016-08-02 20:24:58 +00:00
decrepit	Make OBJ_NAME_do_all more OpenSSL-compatible.	2016-06-27 21:42:27 +00:00
fuzz	Replace base64 decoding.	2016-05-26 17:59:10 +00:00
include/openssl	Stop pretending to ssl_clear_bad_session.	2016-08-03 21:07:36 +00:00
infra/config	Commit-Queue config: effectively remove Andorid builders.	2016-07-26 13:14:47 +00:00
ssl	Stop pretending to ssl_clear_bad_session.	2016-08-03 21:07:36 +00:00
third_party/android-cmake	Check in a copy of android-cmake.	2016-05-19 16:55:25 +00:00
tool	Using NewSessionCallback for bssl client.	2016-08-02 23:04:11 +00:00
util	Fix up header file handling.	2016-08-01 18:38:22 +00:00
.clang-format	Import `newhope' (post-quantum key exchange).	2016-04-26 22:53:59 +00:00
.gitignore	Fix documentation generation on Windows.	2015-08-19 00:45:42 +00:00
BUILDING.md	Document compiler and assembler requirements.	2016-06-10 17:17:09 +00:00
CMakeLists.txt	Add top-level BUILD file (in util/).	2016-07-06 23:03:01 +00:00
codereview.settings	No-op change to trigger the new Bazel bot.	2016-07-07 12:07:04 -07:00
CONTRIBUTING.md	Add a CONTRIBUTING.md file.	2016-02-10 21:38:19 +00:00
FUZZING.md	Replace base64 decoding.	2016-05-26 17:59:10 +00:00
INCORPORATING.md	Remove backslash.	2016-07-07 21:39:44 +00:00
LICENSE	Add some bug references to the LICENSE file.	2016-02-22 20:16:48 +00:00
PORTING.md	Add a table for porting SSL_CTX_ctrl code.	2016-07-15 22:41:06 +00:00
README.md	Add document about incorporating BoringSSL into a project.	2016-04-27 18:04:37 +00:00
STYLE.md	Breaking news: 1998 has come and gone.	2016-07-11 23:51:47 +00:00

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
INCORPORATING.md: how to incorporate BoringSSL into a project.
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.