Google Git
Sign in
boringssl / boringssl / 33d1049b1f730d2725bb09b2256fd5fe4c46b17e
commit33d1049b1f730d2725bb09b2256fd5fe4c46b17e[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Feb 03 17:00:03 2025 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Feb 03 15:05:16 2025 -0800
tree73d82acd3cc5365dadd897b235b8984d0de6b4a1
parentbc5a527fd66a599a1c8e7a01e9b6b9e4c19f8e62 [diff]
Switch the license to Apache 2.0, matching OpenSSL upstream

We use the standard Apache 2.0 file header, described in "APPENDIX: How
to apply the Apache License to your work."

This was primarily automated by running:

  git ls-tree -r --name-only HEAD | xargs go run ./util/relicense.go

See go/boringssl-relicensing-triage for the results of triaging the
output of the tool.

As part of this, switch from taking fiat-crypto under MIT license to
Apache 2.0. (It is licensed under MIT OR Apache-2.0 OR BSD-1-Clause.)

The copyright_summary tool can also be used to confirm we didn't
accidentally drop any copyright lines:

  # Run before the CL
  git grep -l Copyright | xargs go run ./util/copyright_summary.go  -out /tmp/old.json
  # Run after the CL
  git grep -l Copyright | xargs go run ./util/copyright_summary.go  -compare /tmp/old.json

Bug: 364634028
Change-Id: I17c50e761e9d077a1f92e25969e50ed35e320c59
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75852
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
1122 files changed
tree: 73d82acd3cc5365dadd897b235b8984d0de6b4a1
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. infra/
  11. pki/
  12. rust/
  13. ssl/
  14. third_party/
  15. tool/
  16. util/
  17. .bazelignore
  18. .bazelrc
  19. .bazelversion
  20. .clang-format
  21. .gitignore
  22. API-CONVENTIONS.md
  23. AUTHORS
  24. BREAKING-CHANGES.md
  25. BUILD.bazel
  26. build.json
  27. BUILDING.md
  28. CMakeLists.txt
  29. codereview.settings
  30. CONTRIBUTING.md
  31. FUZZING.md
  32. go.mod
  33. go.sum
  34. INCORPORATING.md
  35. LICENSE
  36. MODULE.bazel
  37. MODULE.bazel.lock
  38. PORTING.md
  39. PrivacyInfo.xcprivacy
  40. README.md
  41. SANDBOXING.md
  42. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: