Skip to content

Add SSL_set1_groups to NativeCrypto. #1443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
juergw merged 34 commits into from
Dec 11, 2025
Merged

Add SSL_set1_groups to NativeCrypto. #1443

juergw merged 34 commits into from
Dec 11, 2025

Conversation

@juergw
Copy link
Collaborator

@juergw juergw commented Dec 8, 2025

This will be needed to add support for SSLParams.setNamedGroups,
which is needed to support Post-quantum algorithms, see https://openjdk.org/jeps/527.

@juergw juergw requested a review from tholenst December 8, 2025 13:30
tholenst
tholenst reviewed Dec 10, 2025
View reviewed changes
openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java Outdated
}

@Test
public void setCurveList_unsupportedCurvesOrInvalid_throwsIllegalArgumentException()
Copy link

@tholenst tholenst Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is a good test. Does this mean that if BoringSSL adds any of those this test fails? Or should they never be added?

In principle, you shouldn't test someone elses API which could change (though with BoringSSL and Conscrypt this anyhow might be a special case)

Copy link
Collaborator Author

@juergw juergw Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. I've removed the "unsupported" test cases, and only left the "invalid" ones.

tholenst
tholenst reviewed Dec 10, 2025
View reviewed changes
Copy link

@tholenst tholenst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you suggested offline, consider to use SSL_set1_groups instead.

@juergw juergw changed the title Add SSL_set1_curve_list to NativeCrpto. Add SSL_set1_groups to NativeCrypto. Dec 10, 2025
@juergw juergw requested a review from tholenst December 11, 2025 11:30
@juergw
Copy link
Collaborator Author

juergw commented Dec 11, 2025

As you suggested offline, consider to use SSL_set1_groups instead.

Done. PTAL.

tholenst
tholenst reviewed Dec 11, 2025
View reviewed changes
@juergw juergw requested a review from tholenst December 11, 2025 13:59
tholenst
tholenst approved these changes Dec 11, 2025
View reviewed changes
@juergw juergw merged commit e54e348 into google:master Dec 11, 2025
43 of 44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tholenst tholenst tholenst approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@juergw @tholenst