Google releases fork of OpenSSL called BoringSSL

Google has started developing a fork of OpenSSL, called BoringSSL. The internet giant says it needs a modified version of its cryptographic software for its own products, such as Android and Chrome.

The start of the BoringSSL project was announced by Google developer Adam Langley on his blog. The company has already put source code online. In time, the developed code should be incorporated into the Chromium project; the open source project that Google has set up to develop its web browser. BoringSSL, whose name has not yet been determined, is a modified version of OpenSSL in which Google has implemented several patches. According to Langley, these adjustments are necessary for products such as Android and Chrome.

Initially, Google based its SSL implementations on OpenSSL software with its own patches on top, but this would no longer be practical: Android and Chrome would increasingly require custom software, while the patches provided by Google were not always included in the releases. from OpenSSL. Due to the increasing complexity of this way of developing software, it was decided to continue with a fork of OpenSSL, which appears to be primarily intended for use in Google’s own products.

OpenSSL recently made headlines for the Heartbleed bug, which allowed an attacker to read parts of a server’s memory. As a result, privacy-sensitive data could be intercepted. Earlier this month, another bug was discovered that enabled a man-in-the-middle attack. Many major sites and software services were affected by the bugs, including Google’s Android and Chrome.