Google Git
Sign in
boringssl / boringssl / e9a36421266fccc28506b1b0d2f8b0bd9b7f04f7
commite9a36421266fccc28506b1b0d2f8b0bd9b7f04f7[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu May 05 21:53:00 2016 -0400
committerAdam Langley <agl@google.com>Fri May 06 17:40:17 2016 +0000
tree9d92b44e630953c6ec26e7befcb8289882964cd6
parentb095f0f0ca4ef08de8c5b48045e20206d55173bf [diff]
Don't reset ssl->shutdown in the state machine.

This is particularly questionable with ClientHello encompassing several states.
ssl->shutdown is already initialized to zero and further reset in
SSL_set_{connect,accept}_state. At any other state, if it manages to not be a
no-op, it will erase a close_notify we have sent or received, neither of which
is okay. (I don't think this is possible, but I'm not positive.)

This dates to the initial commit in OpenSSL, so git is not enlightening. The
state machine logic historically reset many fields it had no reason to reset,
so this is likely more of that.

Change-Id: Ie872316701720cb8ef2cfcb67b7f07a9fea3620f
Reviewed-on: https://boringssl-review.googlesource.com/7874
Reviewed-by: Adam Langley <agl@google.com>
4 files changed
tree: 9d92b44e630953c6ec26e7befcb8289882964cd6
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. ssl/
  7. tool/
  8. util/
  9. .clang-format
  10. .gitignore
  11. BUILDING.md
  12. CMakeLists.txt
  13. codereview.settings
  14. CONTRIBUTING.md
  15. FUZZING.md
  16. INCORPORATING.md
  17. LICENSE
  18. PORTING.md
  19. README.md
  20. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: