Go to file
David Benjamin 8b8d22c961 Parse PKCS#12 files more accurately.
Mercifully, PKCS#12 does not actually make ContentInfo and SafeBag
mutually recursive. The top-level object in a PKCS#12 is a SEQUENCE of
data or encrypted data ContentInfos. Their payloads are a SEQUENCE of
SafeBags (aka SafeContents).

SafeBag is a similar structure to ContentInfo but not identical (it has
attributes in it which we ignore) and actually carries the objects.
There is only recursion if the SafeContents bag type is used, which we
do not process.

This means we don't need to manage recursion depth. This also no longer
allows trailing data after the SEQUENCE and removes the comment about
NSS. The test file still passes, so I'm guessing something else was
going on?

Change-Id: I68e2f8a5cc4b339597429d15dc3588bd39267e0a
Reviewed-on: https://boringssl-review.googlesource.com/13071
Reviewed-by: Adam Langley <agl@google.com>
2017-01-12 16:56:05 +00:00
.github Add a PULL_REQUEST_TEMPLATE. 2016-03-08 15:23:52 +00:00
crypto Parse PKCS#12 files more accurately. 2017-01-12 16:56:05 +00:00
decrepit Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
fuzz Refresh fuzzer corpus. 2016-12-22 03:19:35 +00:00
include/openssl Remove BN_FLG_CONSTTIME. 2017-01-12 02:00:44 +00:00
infra/config Commit-Queue config: effectively remove Andorid builders. 2016-07-26 13:14:47 +00:00
ssl Report TLS 1.3 as supporting secure renegotiation. 2017-01-11 22:19:17 +00:00
third_party/android-cmake Move android-cmake README to METADATA file. 2016-09-14 17:18:51 +00:00
tool Guard a winsock2.h include under the usual pragmas. 2017-01-10 20:30:48 +00:00
util Remove BN_FLG_CONSTTIME. 2017-01-12 02:00:44 +00:00
.clang-format Import `newhope' (post-quantum key exchange). 2016-04-26 22:53:59 +00:00
.gitignore Also add util/bot/golang to .gitignore. 2016-12-02 23:39:35 +00:00
API-CONVENTIONS.md Fix API-CONVENTIONS.md typos. 2017-01-04 01:46:32 +00:00
BUILDING.md update required cmake version to 2.8.10 2017-01-03 14:27:21 +00:00
CMakeLists.txt Add a GCOV option to CMakeLists.txt. 2017-01-03 13:17:57 +00:00
codereview.settings No-op change to trigger the new Bazel bot. 2016-07-07 12:07:04 -07:00
CONTRIBUTING.md
FUZZING.md Merge in upstream's certificate corpus. 2016-12-12 21:41:00 +00:00
INCORPORATING.md Update links to Bazel's site. 2016-10-31 18:16:58 +00:00
LICENSE
PORTING.md Add a note in PORTING to ask us before adding ifdefs. 2016-08-11 15:48:14 +00:00
README.md Add an API-CONVENTIONS.md document. 2016-08-04 23:27:49 +00:00
STYLE.md Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: