Google Git
Sign in
boringssl/boringssl.git/afb970dea4e32a996c67169b5becab199b09c179
commit
afb970dea4e32a996c67169b5becab199b09c179
[log] [tgz]
author
David Benjamin <davidben@google.com>
Mon Aug 25 16:48:20 2025 -0400
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Aug 27 07:31:25 2025 -0700
tree
998be71a16f93213d4585408236cfb506639f6e4
parent
51ed8ad6b7f18dba2b7b87d633a7f3b85b4fdec7 [diff]
Test key import in EVPTest a bit more extensively

Between the "raw" import and what'll soon be a few parsing entrypoints,
we'll have a few different ways to make keys. Rather than importing one
key and then checking properties, this function is now meant to describe
properties of a key and then:

- For each set of properties that is enough to construct a key,
  construct that key.

- For each key that was constructed, check all properties apply to that
  key.

Rather than having ExpectNo* attributes, let's just say that if you omit
the raw public/private key, the expectation is that you don't have one.
I've also dropped "Expect" on the positive cases because it is now both
a property to check and a way to construct the key.

We've since added a few properties of keys that aren't curently
well-tested, so go test those. This revealed that actually the DSA test
vectors were misnamed. The test public key didn't correspond to the test
public key and they were of different sizes.

I tried to test the EC point format getting but ran into
https://crbug.com/441087671, so I'm going to just ignore this for now.

Change-Id: I5a0432061e33fcc92f790023ad40019e8eaf27c1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81647
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
6 files changed
tree: 998be71a16f93213d4585408236cfb506639f6e4
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. infra/
  11. pki/
  12. rust/
  13. ssl/
  14. third_party/
  15. tool/
  16. util/
  17. .bazelignore
  18. .bazelrc
  19. .bazelversion
  20. .clang-format
  21. .gitignore
  22. API-CONVENTIONS.md
  23. AUTHORS
  24. BREAKING-CHANGES.md
  25. BUILD.bazel
  26. build.json
  27. BUILDING.md
  28. CMakeLists.txt
  29. codereview.settings
  30. CONTRIBUTING.md
  31. FUZZING.md
  32. go.mod
  33. go.sum
  34. INCORPORATING.md
  35. LICENSE
  36. MODULE.bazel
  37. MODULE.bazel.lock
  38. PORTING.md
  39. PrivacyInfo.xcprivacy
  40. README.md
  41. SANDBOXING.md
  42. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: