kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,380 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
bf82aede67
Go to file
David Benjamin bf82aede67 Disable all TLS crypto in fuzzer mode. 
Both sides' signature and Finished checks still occur, but the results
are ignored. Also, all ciphers behave like the NULL cipher.
Conveniently, this isn't that much code since all ciphers and their size
computations funnel into SSL_AEAD_CTX.

This does carry some risk that we'll mess up this code. Up until now, we've
tried to avoid test-only changes to the SSL stack.

There is little risk that anyone will ship a BORINGSSL_UNSAFE_FUZZER_MODE build
for anything since it doesn't interop anyway. There is some risk that we'll end
up messing up the disableable checks. However, both skipped checks have
negative tests in runner (see tests that set InvalidSKXSignature and
BadFinished). For good measure, I've added a server variant of the existing
BadFinished test to this CL, although they hit the same code.

Change-Id: I37f6b4d62b43bc08fab7411965589b423d86f4b8
Reviewed-on: https://boringssl-review.googlesource.com/7287
Reviewed-by: Adam Langley <agl@google.com>
2016-03-02 23:39:36 +00:00
crypto Clarify use of |$end0| in stitched x86-64 AES-GCM code. 2016-03-02 23:37:17 +00:00
decrepit Tweaks for node.js 2016-01-26 23:23:42 +00:00
fuzz Have fuzz/cert.cc also call X509_get_pubkey. 2016-02-18 00:10:15 +00:00
include/openssl Add dummy |SSL_get_server_tmp_key|. 2016-03-02 15:57:47 +00:00
ssl Disable all TLS crypto in fuzzer mode. 2016-03-02 23:39:36 +00:00
tool Pass |alice_msg| by reference in the SPAKE2 speed test. 2016-03-01 19:50:20 +00:00
util Making all_tests.go parallelizable 2016-03-02 17:44:36 +00:00
.clang-format
.gitignore Fix documentation generation on Windows. 2015-08-19 00:45:42 +00:00
BUILDING.md Enable upstream's ChaCha20 assembly for x86 and ARM (32- and 64-bit). 2016-02-23 17:19:45 +00:00
CMakeLists.txt Prefer MSVC over GCC if both are in %PATH%. 2016-02-08 18:12:36 +00:00
codereview.settings Add a codereview.settings file. 2014-11-18 22:21:33 +00:00
CONTRIBUTING.md Add a CONTRIBUTING.md file. 2016-02-10 21:38:19 +00:00
FUZZING.md Update and fix fuzzing instructions. 2015-11-10 23:37:36 +00:00
LICENSE Add some bug references to the LICENSE file. 2016-02-22 20:16:48 +00:00
PORTING.md Document the d2i object reuse changes in PORTING.md. 2016-02-02 16:21:20 +00:00
README.md Add a CONTRIBUTING.md file. 2016-02-10 21:38:19 +00:00
STYLE.md Update link to Google style guide. 2015-11-03 02:02:12 +00:00

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: