diff options
| author | David Benjamin <davidben@google.com> | 2022-09-06 12:03:53 -0400 |
|---|---|---|
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-09-06 17:19:42 +0000 |
| commit | e8e6cacca489f1fd4dc6f0c9c72ce38853124bbd (patch) | |
| tree | 285da52551ed4cd4c38057fa8c00744fbc99ef97 | |
| parent | 1106836aa99c08d0b709219889d364a4c855d3c9 (diff) | |
| download | boringssl-e8e6cacca489f1fd4dc6f0c9c72ce38853124bbd.zip boringssl-e8e6cacca489f1fd4dc6f0c9c72ce38853124bbd.tar.gz boringssl-e8e6cacca489f1fd4dc6f0c9c72ce38853124bbd.tar.bz2 | |
Add the "groups" variants of SSL_CTX_set1_curves_list.
Node calls these. OpenSSL renamed their APIs to align with the IETF
renaming NamedCurve to NamedGroup. (Ironically, with post-quantum
ciphers, that name turns out also to be wrong and it probably should
have been a reference to KEMs.)
To avoid churn for now, I haven't marked the old ones as deprecated, or
renamed any of the internal types yet. We can see about doing that
later.
Change-Id: I5765cea8398f3836611977805bf8ae7d6efc0a70
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54306
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
| -rw-r--r-- | include/openssl/ssl.h | 14 | ||||
| -rw-r--r-- | ssl/ssl_lib.cc | 16 |
2 files changed, 30 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d0a8ad6..a95c47e 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2352,6 +2352,20 @@ OPENSSL_EXPORT uint16_t SSL_get_curve_id(const SSL *ssl); // the given TLS curve id, or NULL if the curve is unknown. OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id); +// SSL_CTX_set1_groups calls |SSL_CTX_set1_curves|. +OPENSSL_EXPORT int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, + size_t groups_len); + +// SSL_set1_groups calls |SSL_set1_curves|. +OPENSSL_EXPORT int SSL_set1_groups(SSL *ssl, const int *groups, + size_t groups_len); + +// SSL_CTX_set1_groups_list calls |SSL_CTX_set1_curves_list|. +OPENSSL_EXPORT int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups); + +// SSL_set1_groups_list calls |SSL_set1_curves_list|. +OPENSSL_EXPORT int SSL_set1_groups_list(SSL *ssl, const char *groups); + // Certificate verification. // diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 82acb65..f073e3b 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -1949,6 +1949,22 @@ int SSL_set1_curves_list(SSL *ssl, const char *curves) { return tls1_set_curves_list(&ssl->config->supported_group_list, curves); } +int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) { + return SSL_CTX_set1_curves(ctx, groups, groups_len); +} + +int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len) { + return SSL_set1_curves(ssl, groups, groups_len); +} + +int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) { + return SSL_CTX_set1_curves_list(ctx, groups); +} + +int SSL_set1_groups_list(SSL *ssl, const char *groups) { + return SSL_set1_curves_list(ssl, groups); +} + uint16_t SSL_get_curve_id(const SSL *ssl) { SSL_SESSION *session = SSL_get_session(ssl); if (session == NULL) { |