mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
ad062480f7
This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172) |
||
---|---|---|
.. | ||
der | ||
include/prov | ||
bio_prov.c | ||
build.info | ||
capabilities.c | ||
digest_to_nid.c | ||
provider_ctx.c | ||
provider_err.c | ||
provider_seeding.c | ||
provider_util.c | ||
securitycheck_default.c | ||
securitycheck_fips.c | ||
securitycheck.c |