Google Git
Sign in
boringssl / boringssl / 0c3c42784edb5fddb7673998727746fe177df090
commit0c3c42784edb5fddb7673998727746fe177df090[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Nov 12 18:11:00 2024 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Nov 12 23:26:14 2024 +0000
treec83b15cc45358958007b23eac27a55cf0f3ad1ae
parent03ca65809451c07c860b48b28bde043ec5197b26 [diff]
Don't pack fragments as efficiently for plaintext records

This partially reverts
https://boringssl-review.googlesource.com/c/boringssl/+/72275

The more efficiently packing broke a project that talks to a server that
does not handle this correctly. See b/378742138. For now, just match
what we do in TLS and only pack encrypted records.

Since DTLS 1.2 only has multi-message flights in the plaintext epoch and
DTLS 1.3 only has them in encrypted epochs, this effectively limits the
optimization for DTLS 1.3. Later we'll want to add a toggle and roll
this out across the board, but for now just partially revert the
behavior.

Bug: 374991962
Change-Id: I4c11efcd06dc22a7866e096c5b7a5e379da281c4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73067
Commit-Queue: Nick Harper <nharper@chromium.org>
Reviewed-by: Nick Harper <nharper@chromium.org>
Auto-Submit: David Benjamin <davidben@google.com>
2 files changed
tree: c83b15cc45358958007b23eac27a55cf0f3ad1ae
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. infra/
  11. pki/
  12. rust/
  13. ssl/
  14. third_party/
  15. tool/
  16. util/
  17. .bazelignore
  18. .bazelrc
  19. .clang-format
  20. .gitignore
  21. API-CONVENTIONS.md
  22. BREAKING-CHANGES.md
  23. BUILD.bazel
  24. build.json
  25. BUILDING.md
  26. CMakeLists.txt
  27. codereview.settings
  28. CONTRIBUTING.md
  29. FUZZING.md
  30. go.mod
  31. go.sum
  32. INCORPORATING.md
  33. LICENSE
  34. MODULE.bazel
  35. MODULE.bazel.lock
  36. PORTING.md
  37. PrivacyInfo.xcprivacy
  38. README.md
  39. SANDBOXING.md
  40. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: