diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-02-15 22:39:52 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-02-18 07:53:29 +0100 |
| commit | 2c717b2fc9773a74d6c9df01a2f873deea163918 (patch) | |
| tree | 61c458b4c30266386744a20c6dfa0c5b9575e590 /src | |
| parent | 46cc58fe1a89903f4ef928caeee1bec96ab5967b (diff) | |
| download | ouroboros-2c717b2fc9773a74d6c9df01a2f873deea163918.tar.gz ouroboros-2c717b2fc9773a74d6c9df01a2f873deea163918.zip | |
irmd: Check for PQC support when loading config
The IRMd will now report a PQC algorithm in the enc.conf file if it is
not supported, instead of failing on KEM key generation.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src')
| -rw-r--r-- | src/irmd/oap/io.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/irmd/oap/io.c b/src/irmd/oap/io.c index e4189d4d..8f75a8d8 100644 --- a/src/irmd/oap/io.c +++ b/src/irmd/oap/io.c @@ -118,9 +118,15 @@ int load_kex_config(const char * name, log_info("Key exchange not configured for %s.", name); return 0; } - - if (cfg->c.nid == NID_undef || crypt_nid_to_str(cfg->c.nid) == NULL) { - log_err("Invalid cipher NID %d for %s.", cfg->c.nid, name); +#ifndef HAVE_OPENSSL_PQC + if (IS_KEM_ALGORITHM(cfg->x.str)) { + log_err("PQC not available, can't use %s for %s.", + cfg->x.str, name); + return -ENOTSUP; + } +#endif + if (cfg->c.nid == NID_undef) { + log_err("Invalid cipher for %s.", name); return -ECRYPT; } |