mirror of https://github.com/openssl/openssl
ad062480f7
This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172) |
||
|---|---|---|
| .. | ||
| der | ||
| include/prov | ||
| bio_prov.c | ||
| build.info | ||
| capabilities.c | ||
| digest_to_nid.c | ||
| provider_ctx.c | ||
| provider_err.c | ||
| provider_seeding.c | ||
| provider_util.c | ||
| securitycheck.c | ||
| securitycheck_default.c | ||
| securitycheck_fips.c | ||