Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl

Go to file

David Benjamin c5a99415cc Limit the SHA_CTX workaround to C Anonymous unions are now standard in C, as of C11, but not in C++. Enabling sufficiently strict warnings in GCC and Clang flag this. I considered whether we should just remove this and go back to the OpenSSL formulation, but we actually rely on this being an array when calling sha1_block_data_order. Upstream types these as taking pointers to the context, which would work, but taking a pointer to the state is a bit more accurate. (The assembly function should not touch the buffering inside the context.) This anonymous union does mean wpa_supplicant's behavior is slightly questionable from a strict aliasing perspective, but ah well. wpa_supplicant uses this to implement an old FIPS 186-2 PRF, which was based on SHA-1's underlying permutation. Ideally we would either implement this PRF for them, or have them use their own SHA-1 implementation. They've actually done the latter for OpenSSL 3.0, but it's a little silly to duplicate the code. strongswan and go/another-fips-186-2-prf seems to do this too. I'm not positive what strongswan is doing. I've filed crbug.com/boringssl/667 for follow-up work. Bug: 667 Fixed: 566 Change-Id: Ife32cc8c278e0dbbd95401ccdd3bd62945e10cf2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63967 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>		1 year ago
.github	acvp: add CMAC-AES support.	4 years ago
cmake	Select SHA-256 vs SHA-512 explicitly in perlasm	1 year ago
crypto	Simplify AES-GCM counter increment	1 year ago
decrepit	Add OPENSSL_zalloc	1 year ago
fuzz	Sync pki to chromium ce4bc9571462aa298d79b591df9d997323cf5157	1 year ago
include/openssl	Limit the SHA_CTX workaround to C	1 year ago
pki	Sync pki to chromium 5934e28579cddeae3d9ae5b5974f8aae31f200dd	1 year ago
rust	Export OPENSSL_NO_* defines in bssl-sys for consumption in rust-openssl	1 year ago
ssl	Add ALPS codepoint supports for split handshake	1 year ago
third_party	do not call memcpy directly in curve25519_64_adx.h	1 year ago
tool	Add basic C implementation of SPHINCS+-SHA2-128s.	1 year ago
util	Teach delocate about a new directive that Clang is using.	1 year ago
.clang-format	Fix some clang-format formatting.	2 years ago
.gitignore	Rust build cleanup	2 years ago
API-CONVENTIONS.md	acvp: add CMAC-AES support.	4 years ago
BREAKING-CHANGES.md	acvp: add CMAC-AES support.	4 years ago
BUILDING.md	Bump the minimum CMake version to 3.12	1 year ago
CMakeLists.txt	Bump the minimum CMake version to 3.12	1 year ago
CONTRIBUTING.md	Add bbe@ to list of reviewers	2 years ago
FUZZING.md	Update docs to recommend a much more convenient CMake invocation	2 years ago
INCORPORATING.md	Link Googlers to the new porting policy doc	1 year ago
LICENSE	Add optimised Aarch64 GCM.	2 years ago
PORTING.md	Remove d2i_FOO object reuse	2 years ago
README.md	See whether relative links work for the documentation.	2 years ago
SANDBOXING.md	Add a comment about the Chromium sandbox for macOS sysctls	2 years ago
STYLE.md	acvp: add CMAC-AES support.	4 years ago
codereview.settings	acvp: add CMAC-AES support.	4 years ago
go.mod	Update Go dependencies	1 year ago
go.sum	Update Go dependencies	1 year ago
sources.cmake	Add basic C implementation of SPHINCS+-SHA2-128s.	1 year ago

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful:

PORTING.md: how to port OpenSSL-using code to BoringSSL.
BUILDING.md: how to build BoringSSL
INCORPORATING.md: how to incorporate BoringSSL into a project.
API-CONVENTIONS.md: general API conventions for BoringSSL consumers and developers.
STYLE.md: rules and guidelines for coding style.
include/openssl: public headers with API documentation in comments. Also available online.
FUZZING.md: information about fuzzing BoringSSL.
CONTRIBUTING.md: how to contribute to BoringSSL.
BREAKING-CHANGES.md: notes on potentially-breaking changes.
SANDBOXING.md: notes on using BoringSSL in a sandboxed environment.