Add the "groups" variants of SSL_CTX_set1_curves_list.
Node calls these. OpenSSL renamed their APIs to align with the IETF
renaming NamedCurve to NamedGroup. (Ironically, with post-quantum
ciphers, that name turns out also to be wrong and it probably should
have been a reference to KEMs.)
To avoid churn for now, I haven't marked the old ones as deprecated, or
renamed any of the internal types yet. We can see about doing that
later.
Change-Id: I5765cea8398f3836611977805bf8ae7d6efc0a70
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54306
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d0a8ad6..a95c47e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2352,6 +2352,20 @@
// the given TLS curve id, or NULL if the curve is unknown.
OPENSSL_EXPORT const char *SSL_get_curve_name(uint16_t curve_id);
+// SSL_CTX_set1_groups calls |SSL_CTX_set1_curves|.
+OPENSSL_EXPORT int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups,
+ size_t groups_len);
+
+// SSL_set1_groups calls |SSL_set1_curves|.
+OPENSSL_EXPORT int SSL_set1_groups(SSL *ssl, const int *groups,
+ size_t groups_len);
+
+// SSL_CTX_set1_groups_list calls |SSL_CTX_set1_curves_list|.
+OPENSSL_EXPORT int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
+
+// SSL_set1_groups_list calls |SSL_set1_curves_list|.
+OPENSSL_EXPORT int SSL_set1_groups_list(SSL *ssl, const char *groups);
+
// Certificate verification.
//
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 82acb65..f073e3b 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1949,6 +1949,22 @@
return tls1_set_curves_list(&ssl->config->supported_group_list, curves);
}
+int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) {
+ return SSL_CTX_set1_curves(ctx, groups, groups_len);
+}
+
+int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len) {
+ return SSL_set1_curves(ssl, groups, groups_len);
+}
+
+int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) {
+ return SSL_CTX_set1_curves_list(ctx, groups);
+}
+
+int SSL_set1_groups_list(SSL *ssl, const char *groups) {
+ return SSL_set1_curves_list(ssl, groups);
+}
+
uint16_t SSL_get_curve_id(const SSL *ssl) {
SSL_SESSION *session = SSL_get_session(ssl);
if (session == NULL) {