diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-09-28 02:16:29 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-10-14 18:42:59 +0300 |
commit | c1a74f59ac799087c511d641cb086722817b805b (patch) | |
tree | 5d8ae19144d619a20ef2ab87d39bee7aea674d54 /ssl | |
parent | ecff43e0ca48b25ddb001b6b63f3b7f8431f6962 (diff) | |
download | openssl-c1a74f59ac799087c511d641cb086722817b805b.tar.gz |
Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM
Note that with this commit the optional parameter is introduced, but
libssl still ignores it.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13018)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_local.h | 1 | ||||
-rw-r--r-- | ssl/t1_lib.c | 8 |
2 files changed, 9 insertions, 0 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index fd4eacdc38..e81470a82c 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -818,6 +818,7 @@ typedef struct tls_group_info_st { int maxtls; /* Maximum TLS version (or 0 for undefined) */ int mindtls; /* Minimum DTLS version, -1 unsupported */ int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ + char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ } TLS_GROUP_INFO; /* flags values */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 927154fd98..8005f4ee32 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -249,6 +249,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) TLS_GROUP_INFO *ginf = NULL; EVP_KEYMGMT *keymgmt; unsigned int gid; + unsigned int is_kem = 0; int ret = 0; if (ctx->group_list_max_len == ctx->group_list_len) { @@ -321,6 +322,13 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) goto err; } + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_IS_KEM); + if (p != NULL && (!OSSL_PARAM_get_uint(p, &is_kem) || is_kem > 1)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + ginf->is_kem = 1 & is_kem; + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_TLS); if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mintls)) { SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); |