Google Git
Sign in
pigweed / third_party / boringssl / boringssl / e8e6cacca489f1fd4dc6f0c9c72ce38853124bbd^! / .
commite8e6cacca489f1fd4dc6f0c9c72ce38853124bbd[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Sep 06 12:03:53 2022 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Sep 06 17:19:42 2022 +0000
tree285da52551ed4cd4c38057fa8c00744fbc99ef97
parent1106836aa99c08d0b709219889d364a4c855d3c9 [diff]
Add the "groups" variants of SSL_CTX_set1_curves_list.

Node calls these. OpenSSL renamed their APIs to align with the IETF
renaming NamedCurve to NamedGroup. (Ironically, with post-quantum
ciphers, that name turns out also to be wrong and it probably should
have been a reference to KEMs.)

To avoid churn for now, I haven't marked the old ones as deprecated, or
renamed any of the internal types yet. We can see about doing that
later.

Change-Id: I5765cea8398f3836611977805bf8ae7d6efc0a70
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54306
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d0a8ad6..a95c47e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -2352,6 +2352,20 @@
 // the given TLS curve id, or NULL if the curve is unknown.
 OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);
 
+// SSL_CTX_set1_groups calls |SSL_CTX_set1_curves|.
+OPENSSL_EXPORT int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups,
+                                       size_t groups_len);
+
+// SSL_set1_groups calls |SSL_set1_curves|.
+OPENSSL_EXPORT int SSL_set1_groups(SSL *ssl, const int *groups,
+                                   size_t groups_len);
+
+// SSL_CTX_set1_groups_list calls |SSL_CTX_set1_curves_list|.
+OPENSSL_EXPORT int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
+
+// SSL_set1_groups_list calls |SSL_set1_curves_list|.
+OPENSSL_EXPORT int SSL_set1_groups_list(SSL *ssl, const char *groups);
+
 
 // Certificate verification.
 //

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 82acb65..f073e3b 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -1949,6 +1949,22 @@
   return tls1_set_curves_list(&ssl->config->supported_group_list, curves);
 }
 
+int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) {
+  return SSL_CTX_set1_curves(ctx, groups, groups_len);
+}
+
+int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len) {
+  return SSL_set1_curves(ssl, groups, groups_len);
+}
+
+int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) {
+  return SSL_CTX_set1_curves_list(ctx, groups);
+}
+
+int SSL_set1_groups_list(SSL *ssl, const char *groups) {
+  return SSL_set1_curves_list(ssl, groups);
+}
+
 uint16_t SSL_get_curve_id(const SSL *ssl) {
   SSL_SESSION *session = SSL_get_session(ssl);
   if (session == NULL) {