Google Git
Sign in
boringssl / boringssl / aacd493c8759a45c400bb3ee2ad128cb56ec9e36
commitaacd493c8759a45c400bb3ee2ad128cb56ec9e36[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Oct 08 17:31:10 2025 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Oct 24 13:18:14 2025 -0700
tree25d4f721589b0ca77be272a0b56ac5f6c651495c
parent5b58c63b65e09fc78d741c5d8a18d2494fd8a085 [diff]
Add basic integration with ML-DSA and EVP

This just makes the single-shot signing APIs work. There's no support in
EVP yet for external mu, context signing, or init/update/final. They are
also not (yet) wired up to the default parsers or EVP_PKEY_CTX_new_id.
You have to use EVP_PKEY_ALG for that.

We only support the seed-based syntax for private keys.

This required adding a CheckVerify codepath to the SignMessage branch
of evp_test. This is very repetitive due to problems with the OpenSSL
API. They choose to make SignMessage use a completely different set of
types from SignDigest. Our original API proposal
(https://boringssl-review.googlesource.com/c/boringssl/+/14447) did not
have this problem, but then OpenSSL requested it be changed to this
form.

Amusingly, OpenSSL seems to have since changed their mind and added
something that looks like our original API. We'll probably need to
restore that scheme to add init/update/final hooks for ML-DSA. See
go/mldsa-mlkem-evp

I've also not yet added keygen support, not because it's particularly
difficult, but because we don't have hooks yet for testing it, or a
clear answer for the static-linker-friendly API. That's probably the
next thing to fill in.

Bug: 449751916
Change-Id: I02d2b5924983a0b9c7f9e71e96de17db687c2425
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/82992
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
23 files changed
tree: 25d4f721589b0ca77be272a0b56ac5f6c651495c
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. infra/
  11. pki/
  12. rust/
  13. ssl/
  14. third_party/
  15. tool/
  16. util/
  17. .bazelignore
  18. .bazelrc
  19. .bazelversion
  20. .clang-format
  21. .gitignore
  22. API-CONVENTIONS.md
  23. AUTHORS
  24. BREAKING-CHANGES.md
  25. BUILD.bazel
  26. build.json
  27. BUILDING.md
  28. CMakeLists.txt
  29. codereview.settings
  30. CONTRIBUTING.md
  31. FUZZING.md
  32. go.mod
  33. go.sum
  34. INCORPORATING.md
  35. LICENSE
  36. MODULE.bazel
  37. MODULE.bazel.lock
  38. PORTING.md
  39. PRESUBMIT.py
  40. PrivacyInfo.xcprivacy
  41. README.md
  42. SANDBOXING.md
  43. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: