mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00

History

Stephen Farrell ad062480f7 Implements Hybrid Public Key Encryption (HPKE) as per RFC9180. This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172)		2022-11-25 16:26:55 +00:00
..
build.info	ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()	2022-01-21 14:44:16 +01:00
err_all_legacy.c	Update copyright year	2021-06-17 13:24:59 +01:00
err_all.c	err: rename err_load_xxx_strings_int functions	2021-05-26 13:01:47 +10:00
err_blocks.c	err: remove TODOs	2021-06-02 16:30:15 +10:00
err_local.h	err_set_debug(): Prevent possible recursion on malloc failure	2022-10-04 15:34:15 +02:00
err_mark.c	ERR: Move ERR_set_mark(), ERR_pop_to_mark() and ERR_clear_last_mark()	2022-01-21 14:44:16 +01:00
err_prn.c	err: remove TODOs	2021-06-02 16:30:15 +10:00
err.c	ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE	2022-08-27 09:40:09 +02:00
openssl.ec	Rename internal providercommonerr.h to less mouthful proverr.h	2021-02-11 09:34:31 +01:00
openssl.txt	Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.	2022-11-25 16:26:55 +00:00
README.md	Fix many MarkDown issues in {NOTES,README,HACKING,LICENSE}.md files	2020-07-05 11:29:43 +02:00

README.md

Adding new libraries

When adding a new sub-library to OpenSSL, assign it a library number ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its name to ERR_str_libraries[] (in crypto/err/err.c), and add ERR_load_XXX_strings() to the ERR_load_crypto_strings() function (in crypto/err/err_all.c). Finally, add an entry:

L      XXX     xxx.h   xxx_err.c

to crypto/err/openssl.ec, and add xxx_err.c to the Makefile. Running make errors will then generate a file xxx_err.c, and add all error codes used in the library to xxx.h.

Additionally the library include file must have a certain form. Typically it will initially look like this:

#ifndef HEADER_XXX_H
#define HEADER_XXX_H

#ifdef __cplusplus
extern "C" {
#endif

/* Include files */

#include <openssl/bio.h>
#include <openssl/x509.h>

/* Macros, structures and function prototypes */


/* BEGIN ERROR CODES */

The BEGIN ERROR CODES sequence is used by the error code generation script as the point to place new error codes, any text after this point will be overwritten when make errors is run. The closing #endif etc will be automatically added by the script.

The generated C error code file xxx_err.c will load the header files stdio.h, openssl/err.h and openssl/xxx.h so the header file must load any additional header files containing any definitions it uses.