mirror of
https://github.com/openssl/openssl.git
synced 2025-01-06 13:26:43 +08:00
ad062480f7
This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172) |
||
|---|---|---|
| .. | ||
| __DECC_INCLUDE_EPILOGUE.H | ||
| __DECC_INCLUDE_PROLOGUE.H | ||
| bio.h | ||
| der_digests.h.in | ||
| der_dsa.h.in | ||
| der_ec.h.in | ||
| der_ecx.h.in | ||
| der_rsa.h.in | ||
| der_sm2.h.in | ||
| der_wrap.h.in | ||
| proverr.h | ||
| provider_ctx.h | ||
| provider_util.h | ||
| providercommon.h | ||
| securitycheck.h | ||