Go to file
David Benjamin 80aa694975 Always push errors on BIO_read_asn1 failure.
This is consistent with the old behavior of d2i_*_fp and avoids tripping
Conscrypt's unnecessarily fragile error-handling (see
https://github.com/google/conscrypt/pull/552).

Additionally, by source inspection, CPython expects
ASN1_R_HEADER_TOO_LONG on EOF, analogously to PEM_R_NO_START_LINE. Fix
that. The other errors are a bit haphazard in the old implementation
(that code is really hard to follow), so I didn't match it too
carefully. In particular, OpenSSL would report ASN1_R_HEADER_TOO_LONG on
some generic tag parsing, but that is inconsistent with
ASN1_R_HEADER_TOO_LONG being an EOF signal.

Update-Note: https://boringssl-review.googlesource.com/32106 may have
caused some compatibility issues. This should fix it.

Change-Id: Idfe2746ffd7733de4338e14c58a40753e98a791e
Reviewed-on: https://boringssl-review.googlesource.com/c/32444
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-10-11 19:53:15 +00:00
.github Add a PULL_REQUEST_TEMPLATE. 2016-03-08 15:23:52 +00:00
crypto Always push errors on BIO_read_asn1 failure. 2018-10-11 19:53:15 +00:00
decrepit Remove LHASH_OF mention in X509V3_EXT_conf_nid. 2018-10-01 23:26:40 +00:00
fipstools Support symbol prefixes 2018-09-06 20:07:52 +00:00
fuzz Support symbol prefixes 2018-09-06 20:07:52 +00:00
include/openssl Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests. 2018-10-10 19:50:19 +00:00
infra/config Bring Mac and iOS builders back to the CQ. 2018-10-01 23:31:45 +00:00
ssl Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests. 2018-10-10 19:50:19 +00:00
third_party Support symbol prefixes 2018-09-06 20:07:52 +00:00
tool Support symbol prefixes 2018-09-06 20:07:52 +00:00
util Rename inject-hash: Bazel does not like hyphens. 2018-09-26 21:50:36 +00:00
.clang-format Import `newhope' (post-quantum key exchange). 2016-04-26 22:53:59 +00:00
.gitignore Update tools. 2018-09-13 17:57:30 +00:00
API-CONVENTIONS.md Clarify "reference" and fix typo. 2018-09-05 19:06:48 +00:00
BREAKING-CHANGES.md Add some notes on how to handle breaking changes. 2018-04-28 00:04:41 +00:00
BUILDING.md Add util/read_symbols.go 2018-09-24 20:25:48 +00:00
CMakeLists.txt Use Go modules with delocate. 2018-09-17 22:19:52 +00:00
codereview.settings Comment change in codereview.settings 2018-07-26 00:23:04 +00:00
CONTRIBUTING.md Add a CONTRIBUTING.md file. 2016-02-10 21:38:19 +00:00
FUZZING.md Switch to Clang 6.0's fuzzer support. 2018-08-27 17:18:56 +00:00
go.mod Set up Go modules. 2018-09-17 21:04:17 +00:00
INCORPORATING.md Update URL for GN quick start guide. 2018-08-16 20:18:41 +00:00
LICENSE Note licenses for support code in the top-level LICENSE file. 2018-03-27 17:03:47 +00:00
PORTING.md Remove reference to SSL3 in PORTING.md. 2018-06-29 17:46:32 +00:00
README.md Add some notes on how to handle breaking changes. 2018-04-28 00:04:41 +00:00
sources.cmake Add new curve/hash ECDSA combinations from Wycheproof. 2018-08-10 18:26:06 +00:00
STYLE.md Fix some style guide samples. 2017-08-31 14:24:45 +00:00

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: