Google Git
Sign in
pigweed/third_party/github/google/boringssl/d939c1829b999fe62411a7c74b106275b5a19b7e
commit
d939c1829b999fe62411a7c74b106275b5a19b7e
[log]
author
David Benjamin <davidben@google.com>
Sat Jan 17 13:10:30 2026 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sun Jan 25 14:14:10 2026 -0800
tree
f301f5a55edaca20551c29d91d4b89aa7c6b70f7
parent
e690429b045988a49ea34b37947961628dc4133e [diff]
Use secp224k1 instead of secp160r1 to test a custom curve edge case

FIPS 186-5 bumps some minimum curve size, deep in scalar generation
algorithms, to 224-bit. This check is pretty goofy considering that it
*should* be applied at the point where you decide which domain
parameters are and aren't valid, but NIST's documents are often
nonsensical like this.

The only dependency I found on smaller curves is in our own tests:
because we are stuck supporting arbitrary curves, our ECDSA x-coordinate
comparison function must handle cases where n > p, and where field
elements and scalars have different limb counts. (In all NIST curves,
p > n, and the limb counts match.)

We used secp160r1 to test these cases, but thankfully secp224k1 hits it
too. Switch to that.

(Callers should not actually use any of these curves.)

Change-Id: I0065c9695aa6d8c610b3d1d21961f9abaffb196f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/87808
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2 files changed
tree: f301f5a55edaca20551c29d91d4b89aa7c6b70f7
  1. .bcr/
  2. .github/
  3. bench/
  4. cmake/
  5. crypto/
  6. decrepit/
  7. docs/
  8. fuzz/
  9. gen/
  10. include/
  11. infra/
  12. pki/
  13. rust/
  14. ssl/
  15. third_party/
  16. tool/
  17. util/
  18. .bazelignore
  19. .bazelrc
  20. .bazelversion
  21. .clang-format
  22. .clang-format-ignore
  23. .gitignore
  24. API-CONVENTIONS.md
  25. AUTHORS
  26. BREAKING-CHANGES.md
  27. BUILD.bazel
  28. build.json
  29. BUILDING.md
  30. CMakeLists.txt
  31. codereview.settings
  32. CONTRIBUTING.md
  33. FUZZING.md
  34. go.mod
  35. go.sum
  36. INCORPORATING.md
  37. LICENSE
  38. MODULE.bazel
  39. MODULE.bazel.lock
  40. PORTING.md
  41. PRESUBMIT.py
  42. PrivacyInfo.xcprivacy
  43. README.md
  44. SANDBOXING.md
  45. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: