diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index fed18bdb..fab64387 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -88,6 +88,7 @@ int ssl_clientcert_index = 0; #if OPENSSL_VERSION_NUMBER >= 0x30000000L static OSSL_PROVIDER *ossl_provider_legacy = NULL; static OSSL_PROVIDER *ossl_provider_default = NULL; +static OSSL_PROVIDER *ossl_provider_oqsprovider = NULL; #endif LOCK **ssl_lock_obj = NULL; @@ -3974,6 +3975,12 @@ void FreeCryptLibrary() OSSL_PROVIDER_unload(ossl_provider_legacy); ossl_provider_legacy = NULL; } + + if (ossl_provider_oqsprovider != NULL) + { + OSSL_PROVIDER_unload(ossl_provider_oqsprovider); + ossl_provider_oqsprovider = NULL; + } #endif } @@ -3996,6 +4003,7 @@ void InitCryptLibrary() #if OPENSSL_VERSION_NUMBER >= 0x30000000L ossl_provider_default = OSSL_PROVIDER_load(NULL, "legacy"); ossl_provider_legacy = OSSL_PROVIDER_load(NULL, "default"); + ossl_provider_oqsprovider = OSSL_PROVIDER_load(NULL, "oqsprovider"); #endif ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL); diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index 1ca4b708..6b53ecfb 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -11905,6 +11905,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char Unlock(openssl_lock); } + #if OPENSSL_VERSION_NUMBER >= 0x30000000L + SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST); + #endif + if (sock->ServerMode) { // Lock(ssl_connect_lock); @@ -11984,7 +11988,7 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char // Unlock(ssl_connect_lock); } else - { + { prev_timeout = GetTimeout(sock); SetTimeout(sock, ssl_timeout); // Client mode diff --git a/src/Mayaqua/Network.h b/src/Mayaqua/Network.h index 39e3f5fc..94a50c2b 100644 --- a/src/Mayaqua/Network.h +++ b/src/Mayaqua/Network.h @@ -59,6 +59,10 @@ struct DYN_VALUE #define DEFAULT_CIPHER_LIST "ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES" +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#define PQ_GROUP_LIST "p521_kyber1024:x25519_kyber768:P-521:X25519:P-256" +#endif + // SSL logging function //#define ENABLE_SSL_LOGGING #define SSL_LOGGING_DIRNAME "@ssl_log"