Skip to content

Remove SslCurve API #390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ghedo merged 3 commits into from
Sep 30, 2025
Merged

Remove SslCurve API #390

ghedo merged 3 commits into from
Sep 30, 2025

Conversation

@cjpatton
Copy link
Collaborator

@cjpatton cjpatton commented Sep 29, 2025
edited
Loading

This API is incompatible with the latest internal FIPS build. Namely, the various group identifiers have been renamed since the previous version.

cjpatton
cjpatton commented Sep 29, 2025
View reviewed changes
@cjpatton cjpatton marked this pull request as ready for review September 29, 2025 23:24
@cjpatton cjpatton added the v5 label Sep 29, 2025
@cjpatton
Remove SslCurve API
df76125 
This is incompatible with the latest internal FIPS build. Namely, the
various group identifiers have been renamed since the previous version.
@cjpatton
Remove outdated comments on FIPS API compatibility
b1dcfbb
@cjpatton cjpatton force-pushed the cjpatton/drop-ssl-curve branch from 975281d to b1dcfbb Compare September 30, 2025 14:39
@cjpatton
Add back the curve() method on SslRef
af1fec1 
Instead of returning an `SslCurve`, just return the `u16` returned by
BoringSSL.
@cjpatton cjpatton requested a review from ghedo September 30, 2025 14:52
cjpatton
cjpatton commented Sep 30, 2025
View reviewed changes
boring/src/ssl/mod.rs
}

/// Returns the [`SslCurve`] used for this `SslRef`.
/// Returns the curve ID (aka group ID) used for this `SslRef`.
Copy link
Collaborator Author

@cjpatton cjpatton Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If upstream BoringSSL is moving to replace "curve" with "group" in their API, then we might want do so here and for set_curves_list as well.

Copy link
Member

@ghedo ghedo Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not clear they are going to replace them since they still provide both names and the "group" APIs were added more than 2 years ago already. "group" is also not really a much better name given PQ... I think it was just for OpenSSL "compatibility".

@ghedo ghedo merged commit 1c51c7e into master Sep 30, 2025
25 checks passed
@kornelski kornelski deleted the cjpatton/drop-ssl-curve branch November 14, 2025 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ghedo ghedo ghedo approved these changes

Assignees

No one assigned

Labels

v5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cjpatton @ghedo