Google Git
Sign in
boringssl / boringssl / 23db7e0e997af4f959cfc2c5df8f5a036132e923
commit23db7e0e997af4f959cfc2c5df8f5a036132e923[log] [tgz]
authorRudolf Polzer <rpolzer@google.com>Wed Dec 10 10:47:15 2025 -0800
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Dec 11 07:32:39 2025 -0800
tree292b53c101d7e88dbf2f8b23afeb94dae4bd5b2b
parent351be94e5d23ce66944c5c2343487c284b6a0462 [diff]
Revert "Revert the initial seal/openv implementations"

This reverts commit 5837867c9bedf5e9dec7dd2606b30cbf4153ea43, thereby
bringing back commits 0b3bd177c1cc8abae01bc4e57852e6586436152b and
7a8c43cae95e51b7a9049d57bc598e6b843e295f.

This should no longer be necessary as the test timeouts should have been
addressed by:

- 5f74ff46e527ea1cfeeb70c0fc120ed2a8613cfb: test fewer combinations of
  splits as AAD and iovec splits need not be tested against each other
  independently (simply as all code processes either one or the other,
  they're never concatenated or similar, so nothing about AAD's iovec
  structure can possibly impact how the plaintext/ciphertext is handled
  or vice versa - with the one exception of ChaCha20-Poly1305's asm
  optimization toggle, but I verified that we still hit all cases even
  with this change).

- 7ac5099c6b7e86e27f6febe5a02e113073b8a4b2: run seal tests only once,
  not twice.

- 5f3949e91a3982ee415140979af5e451c358b13c: skip iovec tests for NIST
  CAVP vectors (as AES-GCM also has other test vectors which should
  suffice).

Change-Id: I4499b89b8e6fabea03e495431fc2b85c3d515265
Bug: 383343306
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/85488
Auto-Submit: Rudolf Polzer <rpolzer@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 files changed
tree: 292b53c101d7e88dbf2f8b23afeb94dae4bd5b2b
  1. .bcr/
  2. .github/
  3. bench/
  4. cmake/
  5. crypto/
  6. decrepit/
  7. docs/
  8. fuzz/
  9. gen/
  10. include/
  11. infra/
  12. pki/
  13. rust/
  14. ssl/
  15. third_party/
  16. tool/
  17. util/
  18. .bazelignore
  19. .bazelrc
  20. .bazelversion
  21. .clang-format
  22. .clang-format-ignore
  23. .gitignore
  24. API-CONVENTIONS.md
  25. AUTHORS
  26. BREAKING-CHANGES.md
  27. BUILD.bazel
  28. build.json
  29. BUILDING.md
  30. CMakeLists.txt
  31. codereview.settings
  32. CONTRIBUTING.md
  33. FUZZING.md
  34. go.mod
  35. go.sum
  36. INCORPORATING.md
  37. LICENSE
  38. MODULE.bazel
  39. MODULE.bazel.lock
  40. PORTING.md
  41. PRESUBMIT.py
  42. PrivacyInfo.xcprivacy
  43. README.md
  44. SANDBOXING.md
  45. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: