]> git.ipfire.org Git - thirdparty/openssl.git/commit
Add support for multiple key shares
authorDave Kelsey <d_kelsey@uk.ibm.com>
Thu, 16 Jan 2025 15:10:41 +0000 (15:10 +0000)
committerNeil Horman <nhorman@openssl.org>
Mon, 10 Feb 2025 16:43:56 +0000 (11:43 -0500)
commitd69c014608acdfa37839d49412e6d6974ac539a0
treeaebcda7fa4a98e88cbd94885223679943d67e2e7
parent78991c9e37e373fae4680886eae36044c932b4e6
Add support for multiple key shares

This PR is the implementation of concluded discussion that occurred in a
draft PR #25605. This changes were mainly authored by @martinschmatz
with some contribution from myself.

It addresses issue #21633

This extends the group list definition to support a more complex
definition while still retaining backward compatibility with the simple
form of colon separated groups.

Details of the agreed format and expected behaviour can be found in
#25605 and in the documentation changes.

Signed-off-by: Dave Kelsey <d_kelsey@uk.ibm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26445)
16 files changed:
CHANGES.md
doc/man3/SSL_CONF_cmd.pod
doc/man3/SSL_CTX_set1_curves.pod [changed mode: 0644->0755]
ssl/s3_lib.c
ssl/ssl_lib.c
ssl/ssl_local.h
ssl/statem/extensions.c
ssl/statem/extensions_clnt.c
ssl/statem/extensions_srvr.c
ssl/statem/statem_lib.c
ssl/statem/statem_local.h
ssl/t1_lib.c
ssl/tls_depr.c
test/build.info
test/recipes/70-test_tls13groupselection.t [new file with mode: 0644]
test/tls13groupselection_test.c [new file with mode: 0644]