Google Git
Sign in
boringssl / boringssl / b402cff383c5d150bc69d9c5c0d9288d718caf5b
commitb402cff383c5d150bc69d9c5c0d9288d718caf5b[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun Aug 17 20:05:19 2025 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Aug 28 09:55:01 2025 -0700
treebadd3e78c873b17d952d52952b4d48ddc4bd309f
parent136d6b7f6139e0f7ba1ca6418cce26e552e0fce8 [diff]
Add internal EC parsing functions that take lists of allowed groups

They're internal for now; I'm thinking we'll just have the public
versions of these at the EVP layer for now and try to move past this
mess where there's two versions of every API.

The API is mildly annoying in that both this caller and the one added
next will want to distinguish UNKNOWN_GROUP from other errors, but the
recent helper function makes checking the error queue not tooooo bad.

Bug: 42290364
Change-Id: Ibb5e3e643a9180459cc09b4559ee40696cea2688
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81650
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 files changed
tree: badd3e78c873b17d952d52952b4d48ddc4bd309f
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. infra/
  11. pki/
  12. rust/
  13. ssl/
  14. third_party/
  15. tool/
  16. util/
  17. .bazelignore
  18. .bazelrc
  19. .bazelversion
  20. .clang-format
  21. .gitignore
  22. API-CONVENTIONS.md
  23. AUTHORS
  24. BREAKING-CHANGES.md
  25. BUILD.bazel
  26. build.json
  27. BUILDING.md
  28. CMakeLists.txt
  29. codereview.settings
  30. CONTRIBUTING.md
  31. FUZZING.md
  32. go.mod
  33. go.sum
  34. INCORPORATING.md
  35. LICENSE
  36. MODULE.bazel
  37. MODULE.bazel.lock
  38. PORTING.md
  39. PrivacyInfo.xcprivacy
  40. README.md
  41. SANDBOXING.md
  42. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: