git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Daniel Van Geest <daniel.vangeest@cryptonext-security.com>
	Thu, 3 Apr 2025 10:19:43 +0000 (11:19 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 30 Jul 2025 09:39:04 +0000 (11:39 +0200)
commit	d0899abb1b7654922b2272070d8fb593d8b13cff
tree	56c0dc4181167355bb0b1b2b5c9f0c33fa57d6e6	tree
parent	daa004d48438d67241b58592d43c3214dd3a903f	commit \| diff

Implement KEMRecipientInfo (RFC9629) in CMS

Also add support for ML-KEM in CMS (draft-ietf-lamps-cms-kyber).

Add the -recip_kdf and -recip_ukm parameters to `openssl cms -encrypt`
to allow the user to specify the KDF algorithm and optional user
keying material for each recipient.

A provider may indicate which RecipientInfo type is supported
for a key, otherwise CMS will try to figure it out itself. A
provider may also indicate which KDF to use in KEMRecipientInfo
if the user hasn't specified one.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27681)

41 files changed:

.gitignore		diff \| blob \| blame \| history
CHANGES.md		diff \| blob \| blame \| history
apps/cms.c		diff \| blob \| blame \| history
crypto/cms/build.info		diff \| blob \| blame \| history
crypto/cms/cms_asn1.c		diff \| blob \| blame \| history
crypto/cms/cms_env.c		diff \| blob \| blame \| history
crypto/cms/cms_err.c		diff \| blob \| blame \| history
crypto/cms/cms_kari.c		diff \| blob \| blame \| history
crypto/cms/cms_kem.c	[new file with mode: 0644]	blob
crypto/cms/cms_kemri.c	[new file with mode: 0644]	blob
crypto/cms/cms_local.h		diff \| blob \| blame \| history
crypto/cms/cms_pwri.c		diff \| blob \| blame \| history
crypto/cms/cms_smime.c		diff \| blob \| blame \| history
crypto/err/openssl.txt		diff \| blob \| blame \| history
crypto/objects/obj_dat.h		diff \| blob \| blame \| history
crypto/objects/obj_mac.num		diff \| blob \| blame \| history
crypto/objects/objects.txt		diff \| blob \| blame \| history
doc/man1/openssl-cms.pod.in		diff \| blob \| blame \| history
doc/man3/CMS_add1_recipient_cert.pod		diff \| blob \| blame \| history
doc/man3/CMS_encrypt.pod		diff \| blob \| blame \| history
doc/man3/CMS_get0_RecipientInfos.pod		diff \| blob \| blame \| history
doc/man7/provider-keymgmt.pod		diff \| blob \| blame \| history
fuzz/oids.txt		diff \| blob \| blame \| history
include/openssl/cms.h.in		diff \| blob \| blame \| history
include/openssl/cmserr.h		diff \| blob \| blame \| history
include/openssl/obj_mac.h		diff \| blob \| blame \| history
providers/common/der/HKDF.asn1	[new file with mode: 0644]	blob
providers/common/der/build.info		diff \| blob \| blame \| history
providers/common/der/der_hkdf_gen.c.in	[new file with mode: 0644]	blob
providers/common/include/prov/der_hkdf.h.in	[new file with mode: 0644]	blob
providers/implementations/keymgmt/build.info		diff \| blob \| blame \| history
providers/implementations/keymgmt/ml_kem_kmgmt.c.in		diff \| blob \| blame \| history
test/recipes/80-test_cms.t		diff \| blob \| blame \| history
test/smime-certs/ca.cnf		diff \| blob \| blame \| history
test/smime-certs/mksmime-certs.sh		diff \| blob \| blame \| history
test/smime-certs/sm_mlkem512.pem	[new file with mode: 0644]	blob
test/smime-certs/sm_mlkem768.pem	[new file with mode: 0644]	blob
util/indent.pro		diff \| blob \| blame \| history
util/libcrypto.num		diff \| blob \| blame \| history
util/missingcrypto.txt		diff \| blob \| blame \| history
util/perl/OpenSSL/paramnames.pm		diff \| blob \| blame \| history

Mirror of https://github.com/openssl/openssl.git

RSS Atom