git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Fri, 20 Dec 2024 09:26:50 +0000 (20:26 +1100)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 14 Feb 2025 09:50:58 +0000 (10:50 +0100)
commit	4b1c73d2dd748ec7dc8a82d517e1ff46db132e7b
tree	ad6fb30cce714ebb28e7059329962f55402517fc	tree
parent	95d764a0440edcf88737061f8a7bd829ea329642	commit \| diff

ML-KEM hybrids for TLS

- When used as KEMs in TLS the ECDHE algorithms are NOT subjected to
  HPKE Extract/Expand key derivation.  Instead the TLS HKDF is used
  as usual.

- Consequently these KEMs are just the usual ECDHE key exchange
  operations, be it with the encap ECDH private key unavoidably
  ephemeral.

- A new "MLX" KEM provider is added that supports four hybrids of EC/ECX
  DH with ML-KEM:

    * ML-KEM-768 + X25519
    * ML-KEM-1024 + X448
    * P-256 + ML-KEM-768
    * P-384 + ML-KEM-1024

- Support listing of implemented TLS groups.

  The SSL_CTX_get0_implemented_groups() function and new
  `openssl list -tls-groups` and `openssl list -all-tls-groups`
  commands make it possible to determine which groups are
  implemented by the SSL library for a particular TLS version
  or range of versions matching an SSL_CTX.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26220)

32 files changed:

AUTHORS.md		diff \| blob \| blame \| history
apps/list.c		diff \| blob \| blame \| history
crypto/err/openssl.txt		diff \| blob \| blame \| history
crypto/ml_kem/ml_kem.c		diff \| blob \| blame \| history
doc/man1/openssl-list.pod.in		diff \| blob \| blame \| history
doc/man1/openssl-s_client.pod.in		diff \| blob \| blame \| history
doc/man1/openssl-s_server.pod.in		diff \| blob \| blame \| history
doc/man3/SSL_CONF_cmd.pod		diff \| blob \| blame \| history
doc/man3/SSL_CTX_set1_curves.pod		diff \| blob \| blame \| history
doc/man7/ossl-guide-migration.pod		diff \| blob \| blame \| history
include/crypto/ml_kem.h		diff \| blob \| blame \| history
include/internal/tlsgroups.h		diff \| blob \| blame \| history
include/openssl/proverr.h		diff \| blob \| blame \| history
include/openssl/ssl.h.in		diff \| blob \| blame \| history
providers/common/capabilities.c		diff \| blob \| blame \| history
providers/common/include/prov/proverr.h		diff \| blob \| blame \| history
providers/common/provider_err.c		diff \| blob \| blame \| history
providers/defltprov.c		diff \| blob \| blame \| history
providers/implementations/include/prov/implementations.h		diff \| blob \| blame \| history
providers/implementations/include/prov/mlx_kem.h	[new file with mode: 0644]	blob
providers/implementations/include/prov/names.h		diff \| blob \| blame \| history
providers/implementations/kem/build.info		diff \| blob \| blame \| history
providers/implementations/kem/ml_kem.c		diff \| blob \| blame \| history
providers/implementations/kem/mlx_kem.c	[new file with mode: 0644]	blob
providers/implementations/keymgmt/build.info		diff \| blob \| blame \| history
providers/implementations/keymgmt/ml_kem_kmgmt.c		diff \| blob \| blame \| history
providers/implementations/keymgmt/mlx_kmgmt.c	[new file with mode: 0644]	blob
ssl/s3_lib.c		diff \| blob \| blame \| history
ssl/ssl_local.h		diff \| blob \| blame \| history
ssl/t1_lib.c		diff \| blob \| blame \| history
test/sslapitest.c		diff \| blob \| blame \| history
util/other.syms		diff \| blob \| blame \| history

Mirror of https://github.com/openssl/openssl.git

RSS Atom