diff options
author | David Benjamin <davidben@google.com> | 2021-05-04 15:24:24 -0400 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2021-05-10 21:54:45 +0000 |
commit | 1d58cd1fd3b242910ec1371fab82c9e6a96d7089 (patch) | |
tree | ae9d4e3089a43e98b09423e693117d0faa09d559 /ssl/handshake_server.cc | |
parent | f0e5ea2d7440f1f25e2cd0a1bfc76298f326e65b (diff) | |
download | boringssl-1d58cd1fd3b242910ec1371fab82c9e6a96d7089.zip boringssl-1d58cd1fd3b242910ec1371fab82c9e6a96d7089.tar.gz boringssl-1d58cd1fd3b242910ec1371fab82c9e6a96d7089.tar.bz2 |
Shift the KEM dependency in HPKE up a step.
This introduces an EVP_HPKE_KEM, to capture the KEM choice, and
EVP_HPKE_KEY, to capture the key import (and thus avoids asking
receivers to pass in the full keypair). It is a bit more wordy now, but
we'll be in a better place when some non-TLS user inevitably asks for a
P-256 version.
Bug: 410
Change-Id: Icb9cc8b028e6d1f86e6d8adb31ebf1f975181675
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47329
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/handshake_server.cc')
-rw-r--r-- | ssl/handshake_server.cc | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 74997fe..10897e0 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -619,12 +619,11 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) { } if (hs->ech_server_config_list) { - for (const ECHServerConfig &ech_config : - hs->ech_server_config_list->configs) { + for (const auto &ech_config : hs->ech_server_config_list->configs) { hs->ech_hpke_ctx.Reset(); - if (config_id != ech_config.config_id() || - !ech_config.SetupContext(hs->ech_hpke_ctx.get(), kdf_id, aead_id, - enc)) { + if (config_id != ech_config->config_id() || + !ech_config->SetupContext(hs->ech_hpke_ctx.get(), kdf_id, aead_id, + enc)) { // Ignore the error and try another ECHConfig. ERR_clear_error(); continue; |