Google Git
Sign in
boringssl/boringssl/3c6ffab1743dc0d1f1d43f91e6084be627ca1995
commit
3c6ffab1743dc0d1f1d43f91e6084be627ca1995
[log]
author
Hubert Chao <hchao@chromium.org>
Tue May 12 15:52:09 2026 +0000
committer
boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Tue May 12 09:10:34 2026 -0700
tree
25ecadc5eae1975272c303cada020d7213b2bfb9
parent
11be7d500143b3eebac1641ae892d24ba36f2626 [diff]
Server Padding Extension

Add support for a Server Padding Extension. This extension lets clients
request an additional amount of padding from servers, that servers can
opt into sending back as zeroed out bytes. The maximum number of bytes
that a server will send back is 16k.

Servers can opt to not send any padding. The client will be able to tell
if the server sent back the requested amount of padding, and will throw
an error if padding is sent but not of the requested amount.

This extension is only supported for TLS 1.3 connections.

This extension is temporary, and may be removed at any time.

Change-Id: I52713dfbca24dd2e2763be0e88aa424d1c417cd3
Bug: 509499093
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/94527
Reviewed-by: David Benjamin <davidben@google.com>
Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Commit-Queue: Adam Langley <agl@google.com>
16 files changed
tree: 25ecadc5eae1975272c303cada020d7213b2bfb9
  1. .bcr/
  2. .github/
  3. bench/
  4. cmake/
  5. crypto/
  6. decrepit/
  7. docs/
  8. fuzz/
  9. gen/
  10. include/
  11. infra/
  12. pki/
  13. rust/
  14. ssl/
  15. third_party/
  16. tool/
  17. util/
  18. .bazelignore
  19. .bazelrc
  20. .bazelversion
  21. .clang-format
  22. .clang-format-ignore
  23. .clangd
  24. .gitattributes
  25. .gitignore
  26. API-CONVENTIONS.md
  27. AUTHORS
  28. BREAKING-CHANGES.md
  29. BUILD.bazel
  30. build.json
  31. BUILDING.md
  32. CMakeLists.txt
  33. codereview.settings
  34. CONTRIBUTING.md
  35. FUZZING.md
  36. go.mod
  37. go.sum
  38. INCORPORATING.md
  39. LICENSE
  40. MODULE.bazel
  41. MODULE.bazel.lock
  42. PORTING.md
  43. PRESUBMIT.py
  44. PrivacyInfo.xcprivacy
  45. README.md
  46. SANDBOXING.md
  47. SECURITY.md
  48. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: