|author||David Benjamin <firstname.lastname@example.org>||Thu Dec 21 23:11:23 2017 -0500|
|committer||CQ bot account: email@example.com <firstname.lastname@example.org>||Wed Jan 03 22:28:32 2018 +0000|
Support high tag numbers in CBS/CBB. This is a reland of https://boringssl-review.googlesource.com/2330. I believe I've now cleared the fallout. Android's attestion format uses some ludicrously large tag numbers: https://developer.android.com/training/articles/security-key-attestation.html#certificate_schema Add support for these in CBS/CBB. The public API does not change for callers who were using the CBS_ASN1_* constants, but it is no longer the case that tag representations match their DER encodings for small tag numbers. When passing tags into CBS/CBB, use CBS_ASN1_* constants. When working with DER byte arrays (most commonly test vectors), use the numbers themselves. Bug: 214 Update-Note: The in-memory representation of CBS/CBB tags changes. Additionally, we now support tag numbers above 30. I believe I've now actually cleared the fallout of the former. There is one test in Chromium and the same test in the internal repository that needs fixing. Change-Id: I49b9d30df01f023c646d31156360ff69c91626a3 Reviewed-on: https://boringssl-review.googlesource.com/24404 Commit-Queue: Adam Langley <email@example.com> Reviewed-by: Adam Langley <firstname.lastname@example.org> CQ-Verified: CQ bot account: email@example.com <firstname.lastname@example.org>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful: