kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5,510 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
c65eb2ceda
Go to file
Matthew Braithwaite c65eb2ceda Serialize SSL curve list in handoff and check it on application. 
A split SSL handshake may involve 2 binaries, potentially built at
different versions: call them the "handoff/handback" binary and the
"handshake" binary.  We would like to guarantee that the
handoff/handback binary does not make any promises that the handshake
binary cannot keep.

d2ed382 serialized |kCiphers|; this commit extends the same approach
to |kNamedGroups|.

Change-Id: Idb13e54e9b189236309f6054a36872c5a4d96985
Reviewed-on: https://boringssl-review.googlesource.com/c/32825
Reviewed-by: David Benjamin <davidben@google.com>
2018-11-06 01:19:10 +00:00
.github Add a PULL_REQUEST_TEMPLATE. 2016-03-08 15:23:52 +00:00
crypto Revert "Speed up ECDSA verify on x86-64." 2018-11-06 00:29:15 +00:00
decrepit Undo recent changes to |X509V3_EXT_conf_nid|. 2018-10-17 21:05:45 +00:00
fipstools Support symbol prefixes 2018-09-06 20:07:52 +00:00
fuzz Support symbol prefixes 2018-09-06 20:07:52 +00:00
include/openssl Buffer up QUIC data within a level internally. 2018-11-01 13:52:43 +00:00
infra/config Bring Mac and iOS builders back to the CQ. 2018-10-01 23:31:45 +00:00
ssl Serialize SSL curve list in handoff and check it on application. 2018-11-06 01:19:10 +00:00
third_party Revert "Speed up ECDSA verify on x86-64." 2018-11-06 00:29:15 +00:00
tool Support symbol prefixes 2018-09-06 20:07:52 +00:00
util [util] Mark srtp.h as an SSL header file 2018-10-16 19:26:06 +00:00
.clang-format Import `newhope' (post-quantum key exchange). 2016-04-26 22:53:59 +00:00
.gitignore Update tools. 2018-09-13 17:57:30 +00:00
API-CONVENTIONS.md Clarify "reference" and fix typo. 2018-09-05 19:06:48 +00:00
BREAKING-CHANGES.md Add some notes on how to handle breaking changes. 2018-04-28 00:04:41 +00:00
BUILDING.md Add util/read_symbols.go 2018-09-24 20:25:48 +00:00
CMakeLists.txt Remove -fsanitize-cfi-icall-generalize-pointers. 2018-10-15 23:54:44 +00:00
codereview.settings Comment change in codereview.settings 2018-07-26 00:23:04 +00:00
CONTRIBUTING.md
FUZZING.md Switch to Clang 6.0's fuzzer support. 2018-08-27 17:18:56 +00:00
go.mod Set up Go modules. 2018-09-17 21:04:17 +00:00
INCORPORATING.md Update URL for GN quick start guide. 2018-08-16 20:18:41 +00:00
LICENSE Note licenses for support code in the top-level LICENSE file. 2018-03-27 17:03:47 +00:00
PORTING.md Remove reference to SSL3 in PORTING.md. 2018-06-29 17:46:32 +00:00
README.md Add some notes on how to handle breaking changes. 2018-04-28 00:04:41 +00:00
sources.cmake Add new curve/hash ECDSA combinations from Wycheproof. 2018-08-10 18:26:06 +00:00
STYLE.md Fix some style guide samples. 2017-08-31 14:24:45 +00:00

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: