root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/ssl
History
Viktor Dukhovni 4b1c73d2dd ML-KEM hybrids for TLS 
- When used as KEMs in TLS the ECDHE algorithms are NOT subjected to
  HPKE Extract/Expand key derivation.  Instead the TLS HKDF is used
  as usual.

- Consequently these KEMs are just the usual ECDHE key exchange
  operations, be it with the encap ECDH private key unavoidably
  ephemeral.

- A new "MLX" KEM provider is added that supports four hybrids of EC/ECX
  DH with ML-KEM:

    * ML-KEM-768 + X25519
    * ML-KEM-1024 + X448
    * P-256 + ML-KEM-768
    * P-384 + ML-KEM-1024

- Support listing of implemented TLS groups.

  The SSL_CTX_get0_implemented_groups() function and new
  `openssl list -tls-groups` and `openssl list -all-tls-groups`
  commands make it possible to determine which groups are
  implemented by the SSL library for a particular TLS version
  or range of versions matching an SSL_CTX.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26220)
 		2025-02-14 10:50:58 +01:00
..
quic Enable the quic-tls API to work, even in the case of no-quic 2025-02-11 17:17:10 +00:00
record Change "a SSL" to "an SSL" 2024-11-13 17:24:40 +01:00
rio QUIC POLLING: Support no-quic builds 2024-02-10 11:37:14 +00:00
statem Use ERR marks also when verifying server X.509 certs 2025-02-11 08:26:51 -05:00
bio_ssl.c bio_ssl.c: Do not call SSL_shutdown if not inited 2024-06-25 16:06:17 +02:00
build.info Enable the quic-tls API to work, even in the case of no-quic 2025-02-11 17:17:10 +00:00
d1_lib.c Make sure we use the correct SSL object when making a callback 2024-11-07 12:05:34 +01:00
d1_msg.c Copyright year updates 2023-09-07 09:59:15 +01:00
d1_srtp.c Copyright year updates 2024-04-09 13:43:26 +02:00
methods.c
pqueue.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
priority_queue.c Copyright year updates 2024-09-05 09:35:49 +02:00
s3_enc.c EVP_MD_size() updates 2024-08-29 10:29:53 +02:00
s3_lib.c ML-KEM hybrids for TLS 2025-02-14 10:50:58 +01:00
s3_msg.c Resolve a TODO in ssl3_dispatch_alert 2022-11-14 10:14:41 +01:00
ssl_asn1.c RFC7250 (RPK) support 2023-03-28 13:49:54 -04:00
ssl_cert.c Avoid calling ssl_load_sigalgs in tls1_set_sigalgs_list 2025-02-12 03:13:07 +11:00
ssl_cert_comp.c Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ssl_cert_table.h Make ssl_cert_info read-only 2023-11-27 07:51:33 +00:00
ssl_ciph.c EVP_MD_size() updates 2024-08-29 10:29:53 +02:00
ssl_conf.c Fix configuring provider certificate algs via config file 2025-02-11 17:36:21 +00:00
ssl_err.c Add an API for other QUIC stacks to use our TLS implementation 2025-02-11 17:17:10 +00:00
ssl_err_legacy.c
ssl_init.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_lib.c Add support for multiple key shares 2025-02-10 11:43:56 -05:00
ssl_local.h ML-KEM hybrids for TLS 2025-02-14 10:50:58 +01:00
ssl_mcnf.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_rsa.c Check file name for not being NULL before opening it 2024-09-26 20:35:26 +02:00
ssl_rsa_legacy.c Check file name for not being NULL before opening it 2024-09-26 20:35:26 +02:00
ssl_sess.c Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ssl_stat.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_txt.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_utst.c Remove the old buffer management code 2022-10-20 14:39:33 +01:00
sslerr.h Add an API for other QUIC stacks to use our TLS implementation 2025-02-11 17:17:10 +00:00
t1_enc.c Copyright year updates 2024-04-09 13:43:26 +02:00
t1_lib.c ML-KEM hybrids for TLS 2025-02-14 10:50:58 +01:00
t1_trce.c Teach SSL_trace() about ML-DSA 2025-02-14 10:46:04 +01:00
tls13_enc.c Copyright year updates 2024-09-05 09:35:49 +02:00
tls_depr.c Add support for multiple key shares 2025-02-10 11:43:56 -05:00
tls_srp.c Make sure we use the correct SSL object when making a callback 2024-11-07 12:05:34 +01:00