openssl - openssl

	Commit message (Collapse)	Author	Age	Files	Lines
*	Copyright year updates	Tomas Mraz	2024-09-05	1	-1/+1
\| \| \| \| \|	Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
*	open brace '{' following struct go on the same line	Dimitri Papadopoulos	2024-07-22	1	-4/+2
\| \| \| \| \| \| \| \| \|	Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
*	Add additional internal HPKE hardening checks resulting from code audit.	Stephen Farrell	2023-11-03	1	-2/+11
\| \| \| \| \| \|	Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22493)
*	Copyright year updates	Matt Caswell	2023-09-07	1	-1/+1
\| \| \| \| \|	Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
*	configure: introduce no-ecx to remove ECX related feature	Yi Li	2023-06-14	1	-1/+19
\| \| \| \| \| \| \| \| \| \| \|	This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
*	Fix a HPKE API to put libctx, propq as last (optional parameters).	slontis	2023-04-14	1	-24/+34
\| \| \| \| \| \| \| \| \|	This keeps the interface consistent with other HPKE API's. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20583)
*	Fix windows builds	FdaSilvaYY	2023-01-24	1	-2/+2
\| \| \| \| \| \| \|	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20109)
*	prevent HPKE sender setting seq unwisely	Stephen Farrell	2022-12-08	1	-27/+93
\| \| \| \| \| \|	Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19840)
*	hpke: fix tests with disabled chacha20 or poly1305	Tomas Mraz	2022-12-05	1	-0/+2
\| \| \| \| \| \|	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19784)
*	Refactoring some operations to avoid repeated calls	Tomas Mraz	2022-12-05	1	-7/+0
\| \| \| \| \| \| \| \| \| \| \|	Fetch the EVP_CIPHER for aead in OSSL_HPKE_CTX_new() to avoid re-fetching on each aead operation. Save kem/kdf/aead_info in OSSL_HPKE_CTX. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19784)
*	Fix Coverity issues in HPKE	slontis	2022-11-29	1	-15/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	CID 1517043 and 1517038: (Forward NULL) - Removed redundant check that is already done by the caller. It was complaining that it checked for ctlen == NULL and then did a goto that used this *ctlen. CID 1517042 and 1517041: (Forward NULL) - Similar to above for ptlen in hpke_aead_dec() CID 1517040: Remove unneeded logging. This gets rid of the warning related to taking the sizeof(&) CID 1517039: Check returned value of RAND_bytes_ex() in hpke_test CID 1517038: Check return result of KEM_INFO_find() in OSSL_HPKE_get_recomended_ikmelen. Even though this is a false positive, it should not rely on the internals of other function calls. Changed some goto's into returns to match OpenSSL coding guidelines. Removed Raises from calls to _new which fail from malloc calls. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19774)
*	Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.	Stephen Farrell	2022-11-25	1	-0/+1921
	This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172)