Google Git
Sign in
pigweed / third_party / boringssl / boringssl / 1a01e1fc88968c4db023f38967f9e81a8c42a15d
commit1a01e1fc88968c4db023f38967f9e81a8c42a15d[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Jun 08 18:31:24 2016 -0400
committerAdam Langley <agl@google.com>Thu Jun 09 19:47:44 2016 +0000
tree3f959639178b1fc70317a5bce980df40692156a0
parent67cb49d045f04973ddba0f92fe8a8ad483c7da89 [diff]
Remove in-place TLS record assembly for now.

Decrypting is very easy to do in-place, but encrypting in-place is a hassle.
The rules actually were wrong due to record-splitting. The aliasing prefix and
the alignment prefix actually differ by 1. Take it out for now in preparation
for tightening the aliasing rules.

If we decide to do in-place encrypt later, probably it'd be more useful to
return header + in-place ciphertext + trailer. (That, in turn, needs a
scatter/gather thing on the AEAD thanks to TLS 1.3's padding and record type
construction.) We may also wish to rethink how record-splitting works here.

Change-Id: I0187d39c541e76ef933b7c2c193323164fd8a156
Reviewed-on: https://boringssl-review.googlesource.com/8230
Reviewed-by: Adam Langley <agl@google.com>
4 files changed
tree: 3f959639178b1fc70317a5bce980df40692156a0
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. third_party/
  8. tool/
  9. util/
  10. .clang-format
  11. .gitignore
  12. BUILDING.md
  13. CMakeLists.txt
  14. codereview.settings
  15. CONTRIBUTING.md
  16. FUZZING.md
  17. INCORPORATING.md
  18. LICENSE
  19. PORTING.md
  20. README.md
  21. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: