e_aes.c
Go to the documentation of this file.
1 /* ====================================================================
2  * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  *
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in
13  * the documentation and/or other materials provided with the
14  * distribution.
15  *
16  * 3. All advertising materials mentioning features or use of this
17  * software must display the following acknowledgment:
18  * "This product includes software developed by the OpenSSL Project
19  * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20  *
21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22  * endorse or promote products derived from this software without
23  * prior written permission. For written permission, please contact
24  * openssl-core@openssl.org.
25  *
26  * 5. Products derived from this software may not be called "OpenSSL"
27  * nor may "OpenSSL" appear in their names without prior written
28  * permission of the OpenSSL Project.
29  *
30  * 6. Redistributions of any form whatsoever must retain the following
31  * acknowledgment:
32  * "This product includes software developed by the OpenSSL Project
33  * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46  * OF THE POSSIBILITY OF SUCH DAMAGE.
47  * ==================================================================== */
48 
49 #include <assert.h>
50 #include <string.h>
51 
52 #include <openssl/aead.h>
53 #include <openssl/aes.h>
54 #include <openssl/cipher.h>
55 #include <openssl/cpu.h>
56 #include <openssl/err.h>
57 #include <openssl/mem.h>
58 #include <openssl/nid.h>
59 #include <openssl/rand.h>
60 
61 #include "internal.h"
62 #include "../../internal.h"
63 #include "../aes/internal.h"
64 #include "../modes/internal.h"
65 #include "../delocate.h"
66 
67 
68 OPENSSL_MSVC_PRAGMA(warning(push))
69 OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code.
70 
71 #define AES_GCM_NONCE_LENGTH 12
72 
73 #if defined(BSAES)
74 static void vpaes_ctr32_encrypt_blocks_with_bsaes(const uint8_t *in,
75  uint8_t *out, size_t blocks,
76  const AES_KEY *key,
77  const uint8_t ivec[16]) {
78  // |bsaes_ctr32_encrypt_blocks| is faster than |vpaes_ctr32_encrypt_blocks|,
79  // but it takes at least one full 8-block batch to amortize the conversion.
80  if (blocks < 8) {
81  vpaes_ctr32_encrypt_blocks(in, out, blocks, key, ivec);
82  return;
83  }
84 
85  size_t bsaes_blocks = blocks;
86  if (bsaes_blocks % 8 < 6) {
87  // |bsaes_ctr32_encrypt_blocks| internally works in 8-block batches. If the
88  // final batch is too small (under six blocks), it is faster to loop over
89  // |vpaes_encrypt|. Round |bsaes_blocks| down to a multiple of 8.
90  bsaes_blocks -= bsaes_blocks % 8;
91  }
92 
93  AES_KEY bsaes;
94  vpaes_encrypt_key_to_bsaes(&bsaes, key);
95  bsaes_ctr32_encrypt_blocks(in, out, bsaes_blocks, &bsaes, ivec);
96  OPENSSL_cleanse(&bsaes, sizeof(bsaes));
97 
98  in += 16 * bsaes_blocks;
99  out += 16 * bsaes_blocks;
100  blocks -= bsaes_blocks;
101 
102  union {
103  uint32_t u32[4];
104  uint8_t u8[16];
105  } new_ivec;
106  memcpy(new_ivec.u8, ivec, 16);
107  uint32_t ctr = CRYPTO_bswap4(new_ivec.u32[3]) + bsaes_blocks;
108  new_ivec.u32[3] = CRYPTO_bswap4(ctr);
109 
110  // Finish any remaining blocks with |vpaes_ctr32_encrypt_blocks|.
111  vpaes_ctr32_encrypt_blocks(in, out, blocks, key, new_ivec.u8);
112 }
113 #endif // BSAES
114 
115 typedef struct {
116  union {
117  double align;
118  AES_KEY ks;
119  } ks;
120  block128_f block;
121  union {
122  cbc128_f cbc;
123  ctr128_f ctr;
124  } stream;
125 } EVP_AES_KEY;
126 
127 typedef struct {
128  GCM128_CONTEXT gcm;
129  union {
130  double align;
131  AES_KEY ks;
132  } ks; // AES key schedule to use
133  int key_set; // Set if key initialised
134  int iv_set; // Set if an iv is set
135  uint8_t *iv; // Temporary IV store
136  int ivlen; // IV length
137  int taglen;
138  int iv_gen; // It is OK to generate IVs
139  ctr128_f ctr;
140 } EVP_AES_GCM_CTX;
141 
142 static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
143  const uint8_t *iv, int enc) {
144  int ret;
145  EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
146  const int mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
147 
148  if (mode == EVP_CIPH_CTR_MODE) {
149  switch (ctx->key_len) {
150  case 16:
151  boringssl_fips_inc_counter(fips_counter_evp_aes_128_ctr);
152  break;
153 
154  case 32:
155  boringssl_fips_inc_counter(fips_counter_evp_aes_256_ctr);
156  break;
157  }
158  }
159 
160  if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
161  if (hwaes_capable()) {
162  ret = aes_hw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
163  dat->block = aes_hw_decrypt;
164  dat->stream.cbc = NULL;
165  if (mode == EVP_CIPH_CBC_MODE) {
166  dat->stream.cbc = aes_hw_cbc_encrypt;
167  }
168  } else if (bsaes_capable() && mode == EVP_CIPH_CBC_MODE) {
169  assert(vpaes_capable());
170  ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
171  if (ret == 0) {
172  vpaes_decrypt_key_to_bsaes(&dat->ks.ks, &dat->ks.ks);
173  }
174  // If |dat->stream.cbc| is provided, |dat->block| is never used.
175  dat->block = NULL;
176  dat->stream.cbc = bsaes_cbc_encrypt;
177  } else if (vpaes_capable()) {
178  ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
179  dat->block = vpaes_decrypt;
180  dat->stream.cbc = NULL;
181 #if defined(VPAES_CBC)
182  if (mode == EVP_CIPH_CBC_MODE) {
183  dat->stream.cbc = vpaes_cbc_encrypt;
184  }
185 #endif
186  } else {
187  ret = aes_nohw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
188  dat->block = aes_nohw_decrypt;
189  dat->stream.cbc = NULL;
190  if (mode == EVP_CIPH_CBC_MODE) {
191  dat->stream.cbc = aes_nohw_cbc_encrypt;
192  }
193  }
194  } else if (hwaes_capable()) {
195  ret = aes_hw_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
196  dat->block = aes_hw_encrypt;
197  dat->stream.cbc = NULL;
198  if (mode == EVP_CIPH_CBC_MODE) {
199  dat->stream.cbc = aes_hw_cbc_encrypt;
200  } else if (mode == EVP_CIPH_CTR_MODE) {
201  dat->stream.ctr = aes_hw_ctr32_encrypt_blocks;
202  }
203  } else if (vpaes_capable()) {
204  ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
205  dat->block = vpaes_encrypt;
206  dat->stream.cbc = NULL;
207 #if defined(VPAES_CBC)
208  if (mode == EVP_CIPH_CBC_MODE) {
209  dat->stream.cbc = vpaes_cbc_encrypt;
210  }
211 #endif
212  if (mode == EVP_CIPH_CTR_MODE) {
213 #if defined(BSAES)
214  assert(bsaes_capable());
215  dat->stream.ctr = vpaes_ctr32_encrypt_blocks_with_bsaes;
216 #elif defined(VPAES_CTR32)
217  dat->stream.ctr = vpaes_ctr32_encrypt_blocks;
218 #endif
219  }
220  } else {
221  ret = aes_nohw_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
222  dat->block = aes_nohw_encrypt;
223  dat->stream.cbc = NULL;
224  if (mode == EVP_CIPH_CBC_MODE) {
225  dat->stream.cbc = aes_nohw_cbc_encrypt;
226  }
227  }
228 
229  if (ret < 0) {
230  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED);
231  return 0;
232  }
233 
234  return 1;
235 }
236 
237 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
238  size_t len) {
239  EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
240 
241  if (dat->stream.cbc) {
242  (*dat->stream.cbc)(in, out, len, &dat->ks.ks, ctx->iv, ctx->encrypt);
243  } else if (ctx->encrypt) {
244  CRYPTO_cbc128_encrypt(in, out, len, &dat->ks.ks, ctx->iv, dat->block);
245  } else {
246  CRYPTO_cbc128_decrypt(in, out, len, &dat->ks.ks, ctx->iv, dat->block);
247  }
248 
249  return 1;
250 }
251 
252 static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
253  size_t len) {
254  size_t bl = ctx->cipher->block_size;
255  EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
256 
257  if (len < bl) {
258  return 1;
259  }
260 
261  len -= bl;
262  for (size_t i = 0; i <= len; i += bl) {
263  (*dat->block)(in + i, out + i, &dat->ks.ks);
264  }
265 
266  return 1;
267 }
268 
269 static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
270  size_t len) {
271  EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
272 
273  if (dat->stream.ctr) {
274  CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks.ks, ctx->iv, ctx->buf,
275  &ctx->num, dat->stream.ctr);
276  } else {
277  CRYPTO_ctr128_encrypt(in, out, len, &dat->ks.ks, ctx->iv, ctx->buf,
278  &ctx->num, dat->block);
279  }
280  return 1;
281 }
282 
283 static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
284  size_t len) {
285  EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
286 
287  CRYPTO_ofb128_encrypt(in, out, len, &dat->ks.ks, ctx->iv, &ctx->num,
288  dat->block);
289  return 1;
290 }
291 
292 ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
293  block128_f *out_block, const uint8_t *key,
294  size_t key_bytes) {
295  if (hwaes_capable()) {
296  aes_hw_set_encrypt_key(key, key_bytes * 8, aes_key);
297  if (gcm_key != NULL) {
298  CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_hw_encrypt, 1);
299  }
300  if (out_block) {
301  *out_block = aes_hw_encrypt;
302  }
303  return aes_hw_ctr32_encrypt_blocks;
304  }
305 
306  if (vpaes_capable()) {
307  vpaes_set_encrypt_key(key, key_bytes * 8, aes_key);
308  if (out_block) {
309  *out_block = vpaes_encrypt;
310  }
311  if (gcm_key != NULL) {
312  CRYPTO_gcm128_init_key(gcm_key, aes_key, vpaes_encrypt, 0);
313  }
314 #if defined(BSAES)
315  assert(bsaes_capable());
316  return vpaes_ctr32_encrypt_blocks_with_bsaes;
317 #elif defined(VPAES_CTR32)
318  return vpaes_ctr32_encrypt_blocks;
319 #else
320  return NULL;
321 #endif
322  }
323 
324  aes_nohw_set_encrypt_key(key, key_bytes * 8, aes_key);
325  if (gcm_key != NULL) {
326  CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_nohw_encrypt, 0);
327  }
328  if (out_block) {
329  *out_block = aes_nohw_encrypt;
330  }
331  return aes_nohw_ctr32_encrypt_blocks;
332 }
333 
334 #if defined(OPENSSL_32_BIT)
335 #define EVP_AES_GCM_CTX_PADDING (4+8)
336 #else
337 #define EVP_AES_GCM_CTX_PADDING 8
338 #endif
339 
340 static EVP_AES_GCM_CTX *aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx) {
341 #if defined(__GNUC__) || defined(__clang__)
342  OPENSSL_STATIC_ASSERT(
343  alignof(EVP_AES_GCM_CTX) <= 16,
344  "EVP_AES_GCM_CTX needs more alignment than this function provides");
345 #endif
346 
347  // |malloc| guarantees up to 4-byte alignment on 32-bit and 8-byte alignment
348  // on 64-bit systems, so we need to adjust to reach 16-byte alignment.
349  assert(ctx->cipher->ctx_size ==
350  sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING);
351 
352  char *ptr = ctx->cipher_data;
353 #if defined(OPENSSL_32_BIT)
354  assert((uintptr_t)ptr % 4 == 0);
355  ptr += (uintptr_t)ptr & 4;
356 #endif
357  assert((uintptr_t)ptr % 8 == 0);
358  ptr += (uintptr_t)ptr & 8;
359  return (EVP_AES_GCM_CTX *)ptr;
360 }
361 
362 static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
363  const uint8_t *iv, int enc) {
364  EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(ctx);
365  if (!iv && !key) {
366  return 1;
367  }
368 
369  switch (ctx->key_len) {
370  case 16:
371  boringssl_fips_inc_counter(fips_counter_evp_aes_128_gcm);
372  break;
373 
374  case 32:
375  boringssl_fips_inc_counter(fips_counter_evp_aes_256_gcm);
376  break;
377  }
378 
379  if (key) {
380  OPENSSL_memset(&gctx->gcm, 0, sizeof(gctx->gcm));
381  gctx->ctr = aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm.gcm_key, NULL, key,
382  ctx->key_len);
383  // If we have an iv can set it directly, otherwise use saved IV.
384  if (iv == NULL && gctx->iv_set) {
385  iv = gctx->iv;
386  }
387  if (iv) {
388  CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
389  gctx->iv_set = 1;
390  }
391  gctx->key_set = 1;
392  } else {
393  // If key set use IV, otherwise copy
394  if (gctx->key_set) {
395  CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
396  } else {
397  OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen);
398  }
399  gctx->iv_set = 1;
400  gctx->iv_gen = 0;
401  }
402  return 1;
403 }
404 
405 static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) {
406  EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(c);
407  OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
408  if (gctx->iv != c->iv) {
409  OPENSSL_free(gctx->iv);
410  }
411 }
412 
413 // increment counter (64-bit int) by 1
414 static void ctr64_inc(uint8_t *counter) {
415  int n = 8;
416  uint8_t c;
417 
418  do {
419  --n;
420  c = counter[n];
421  ++c;
422  counter[n] = c;
423  if (c) {
424  return;
425  }
426  } while (n);
427 }
428 
429 static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
430  EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(c);
431  switch (type) {
432  case EVP_CTRL_INIT:
433  gctx->key_set = 0;
434  gctx->iv_set = 0;
435  gctx->ivlen = c->cipher->iv_len;
436  gctx->iv = c->iv;
437  gctx->taglen = -1;
438  gctx->iv_gen = 0;
439  return 1;
440 
441  case EVP_CTRL_AEAD_SET_IVLEN:
442  if (arg <= 0) {
443  return 0;
444  }
445 
446  // Allocate memory for IV if needed
447  if (arg > EVP_MAX_IV_LENGTH && arg > gctx->ivlen) {
448  if (gctx->iv != c->iv) {
449  OPENSSL_free(gctx->iv);
450  }
451  gctx->iv = OPENSSL_malloc(arg);
452  if (!gctx->iv) {
453  return 0;
454  }
455  }
456  gctx->ivlen = arg;
457  return 1;
458 
459  case EVP_CTRL_AEAD_SET_TAG:
460  if (arg <= 0 || arg > 16 || c->encrypt) {
461  return 0;
462  }
463  OPENSSL_memcpy(c->buf, ptr, arg);
464  gctx->taglen = arg;
465  return 1;
466 
467  case EVP_CTRL_AEAD_GET_TAG:
468  if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) {
469  return 0;
470  }
471  OPENSSL_memcpy(ptr, c->buf, arg);
472  return 1;
473 
474  case EVP_CTRL_AEAD_SET_IV_FIXED:
475  // Special case: -1 length restores whole IV
476  if (arg == -1) {
477  OPENSSL_memcpy(gctx->iv, ptr, gctx->ivlen);
478  gctx->iv_gen = 1;
479  return 1;
480  }
481  // Fixed field must be at least 4 bytes and invocation field
482  // at least 8.
483  if (arg < 4 || (gctx->ivlen - arg) < 8) {
484  return 0;
485  }
486  if (arg) {
487  OPENSSL_memcpy(gctx->iv, ptr, arg);
488  }
489  if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) {
490  return 0;
491  }
492  gctx->iv_gen = 1;
493  return 1;
494 
495  case EVP_CTRL_GCM_IV_GEN:
496  if (gctx->iv_gen == 0 || gctx->key_set == 0) {
497  return 0;
498  }
499  CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen);
500  if (arg <= 0 || arg > gctx->ivlen) {
501  arg = gctx->ivlen;
502  }
503  OPENSSL_memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
504  // Invocation field will be at least 8 bytes in size and
505  // so no need to check wrap around or increment more than
506  // last 8 bytes.
507  ctr64_inc(gctx->iv + gctx->ivlen - 8);
508  gctx->iv_set = 1;
509  return 1;
510 
511  case EVP_CTRL_GCM_SET_IV_INV:
512  if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) {
513  return 0;
514  }
515  OPENSSL_memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
516  CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen);
517  gctx->iv_set = 1;
518  return 1;
519 
520  case EVP_CTRL_COPY: {
521  EVP_CIPHER_CTX *out = ptr;
522  EVP_AES_GCM_CTX *gctx_out = aes_gcm_from_cipher_ctx(out);
523  // |EVP_CIPHER_CTX_copy| copies this generically, but we must redo it in
524  // case |out->cipher_data| and |in->cipher_data| are differently aligned.
525  OPENSSL_memcpy(gctx_out, gctx, sizeof(EVP_AES_GCM_CTX));
526  if (gctx->iv == c->iv) {
527  gctx_out->iv = out->iv;
528  } else {
529  gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
530  if (!gctx_out->iv) {
531  return 0;
532  }
533  OPENSSL_memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
534  }
535  return 1;
536  }
537 
538  default:
539  return -1;
540  }
541 }
542 
543 static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
544  size_t len) {
545  EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(ctx);
546 
547  // If not set up, return error
548  if (!gctx->key_set) {
549  return -1;
550  }
551  if (!gctx->iv_set) {
552  return -1;
553  }
554 
555  if (in) {
556  if (out == NULL) {
557  if (!CRYPTO_gcm128_aad(&gctx->gcm, in, len)) {
558  return -1;
559  }
560  } else if (ctx->encrypt) {
561  if (gctx->ctr) {
562  if (!CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in, out, len,
563  gctx->ctr)) {
564  return -1;
565  }
566  } else {
567  if (!CRYPTO_gcm128_encrypt(&gctx->gcm, &gctx->ks.ks, in, out, len)) {
568  return -1;
569  }
570  }
571  } else {
572  if (gctx->ctr) {
573  if (!CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, &gctx->ks.ks, in, out, len,
574  gctx->ctr)) {
575  return -1;
576  }
577  } else {
578  if (!CRYPTO_gcm128_decrypt(&gctx->gcm, &gctx->ks.ks, in, out, len)) {
579  return -1;
580  }
581  }
582  }
583  return len;
584  } else {
585  if (!ctx->encrypt) {
586  if (gctx->taglen < 0 ||
587  !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) {
588  return -1;
589  }
590  gctx->iv_set = 0;
591  return 0;
592  }
593  CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
594  gctx->taglen = 16;
595  // Don't reuse the IV
596  gctx->iv_set = 0;
597  return 0;
598  }
599 }
600 
601 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_cbc_generic) {
602  memset(out, 0, sizeof(EVP_CIPHER));
603 
604  out->nid = NID_aes_128_cbc;
605  out->block_size = 16;
606  out->key_len = 16;
607  out->iv_len = 16;
608  out->ctx_size = sizeof(EVP_AES_KEY);
609  out->flags = EVP_CIPH_CBC_MODE;
610  out->init = aes_init_key;
611  out->cipher = aes_cbc_cipher;
612 }
613 
614 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_ctr_generic) {
615  memset(out, 0, sizeof(EVP_CIPHER));
616 
617  out->nid = NID_aes_128_ctr;
618  out->block_size = 1;
619  out->key_len = 16;
620  out->iv_len = 16;
621  out->ctx_size = sizeof(EVP_AES_KEY);
622  out->flags = EVP_CIPH_CTR_MODE;
623  out->init = aes_init_key;
624  out->cipher = aes_ctr_cipher;
625 }
626 
627 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_ecb_generic) {
628  memset(out, 0, sizeof(EVP_CIPHER));
629 
630  out->nid = NID_aes_128_ecb;
631  out->block_size = 16;
632  out->key_len = 16;
633  out->ctx_size = sizeof(EVP_AES_KEY);
634  out->flags = EVP_CIPH_ECB_MODE;
635  out->init = aes_init_key;
636  out->cipher = aes_ecb_cipher;
637 }
638 
639 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_ofb_generic) {
640  memset(out, 0, sizeof(EVP_CIPHER));
641 
642  out->nid = NID_aes_128_ofb128;
643  out->block_size = 1;
644  out->key_len = 16;
645  out->iv_len = 16;
646  out->ctx_size = sizeof(EVP_AES_KEY);
647  out->flags = EVP_CIPH_OFB_MODE;
648  out->init = aes_init_key;
649  out->cipher = aes_ofb_cipher;
650 }
651 
652 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_gcm_generic) {
653  memset(out, 0, sizeof(EVP_CIPHER));
654 
655  out->nid = NID_aes_128_gcm;
656  out->block_size = 1;
657  out->key_len = 16;
658  out->iv_len = AES_GCM_NONCE_LENGTH;
659  out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING;
660  out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY |
661  EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
662  EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER;
663  out->init = aes_gcm_init_key;
664  out->cipher = aes_gcm_cipher;
665  out->cleanup = aes_gcm_cleanup;
666  out->ctrl = aes_gcm_ctrl;
667 }
668 
669 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_cbc_generic) {
670  memset(out, 0, sizeof(EVP_CIPHER));
671 
672  out->nid = NID_aes_192_cbc;
673  out->block_size = 16;
674  out->key_len = 24;
675  out->iv_len = 16;
676  out->ctx_size = sizeof(EVP_AES_KEY);
677  out->flags = EVP_CIPH_CBC_MODE;
678  out->init = aes_init_key;
679  out->cipher = aes_cbc_cipher;
680 }
681 
682 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_ctr_generic) {
683  memset(out, 0, sizeof(EVP_CIPHER));
684 
685  out->nid = NID_aes_192_ctr;
686  out->block_size = 1;
687  out->key_len = 24;
688  out->iv_len = 16;
689  out->ctx_size = sizeof(EVP_AES_KEY);
690  out->flags = EVP_CIPH_CTR_MODE;
691  out->init = aes_init_key;
692  out->cipher = aes_ctr_cipher;
693 }
694 
695 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_ecb_generic) {
696  memset(out, 0, sizeof(EVP_CIPHER));
697 
698  out->nid = NID_aes_192_ecb;
699  out->block_size = 16;
700  out->key_len = 24;
701  out->ctx_size = sizeof(EVP_AES_KEY);
702  out->flags = EVP_CIPH_ECB_MODE;
703  out->init = aes_init_key;
704  out->cipher = aes_ecb_cipher;
705 }
706 
707 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_ofb_generic) {
708  memset(out, 0, sizeof(EVP_CIPHER));
709 
710  out->nid = NID_aes_192_ofb128;
711  out->block_size = 1;
712  out->key_len = 24;
713  out->iv_len = 16;
714  out->ctx_size = sizeof(EVP_AES_KEY);
715  out->flags = EVP_CIPH_OFB_MODE;
716  out->init = aes_init_key;
717  out->cipher = aes_ofb_cipher;
718 }
719 
720 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_gcm_generic) {
721  memset(out, 0, sizeof(EVP_CIPHER));
722 
723  out->nid = NID_aes_192_gcm;
724  out->block_size = 1;
725  out->key_len = 24;
726  out->iv_len = AES_GCM_NONCE_LENGTH;
727  out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING;
728  out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY |
729  EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
730  EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER;
731  out->init = aes_gcm_init_key;
732  out->cipher = aes_gcm_cipher;
733  out->cleanup = aes_gcm_cleanup;
734  out->ctrl = aes_gcm_ctrl;
735 }
736 
737 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_cbc_generic) {
738  memset(out, 0, sizeof(EVP_CIPHER));
739 
740  out->nid = NID_aes_256_cbc;
741  out->block_size = 16;
742  out->key_len = 32;
743  out->iv_len = 16;
744  out->ctx_size = sizeof(EVP_AES_KEY);
745  out->flags = EVP_CIPH_CBC_MODE;
746  out->init = aes_init_key;
747  out->cipher = aes_cbc_cipher;
748 }
749 
750 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_ctr_generic) {
751  memset(out, 0, sizeof(EVP_CIPHER));
752 
753  out->nid = NID_aes_256_ctr;
754  out->block_size = 1;
755  out->key_len = 32;
756  out->iv_len = 16;
757  out->ctx_size = sizeof(EVP_AES_KEY);
758  out->flags = EVP_CIPH_CTR_MODE;
759  out->init = aes_init_key;
760  out->cipher = aes_ctr_cipher;
761 }
762 
763 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_ecb_generic) {
764  memset(out, 0, sizeof(EVP_CIPHER));
765 
766  out->nid = NID_aes_256_ecb;
767  out->block_size = 16;
768  out->key_len = 32;
769  out->ctx_size = sizeof(EVP_AES_KEY);
770  out->flags = EVP_CIPH_ECB_MODE;
771  out->init = aes_init_key;
772  out->cipher = aes_ecb_cipher;
773 }
774 
775 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_ofb_generic) {
776  memset(out, 0, sizeof(EVP_CIPHER));
777 
778  out->nid = NID_aes_256_ofb128;
779  out->block_size = 1;
780  out->key_len = 32;
781  out->iv_len = 16;
782  out->ctx_size = sizeof(EVP_AES_KEY);
783  out->flags = EVP_CIPH_OFB_MODE;
784  out->init = aes_init_key;
785  out->cipher = aes_ofb_cipher;
786 }
787 
788 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_gcm_generic) {
789  memset(out, 0, sizeof(EVP_CIPHER));
790 
791  out->nid = NID_aes_256_gcm;
792  out->block_size = 1;
793  out->key_len = 32;
794  out->iv_len = AES_GCM_NONCE_LENGTH;
795  out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING;
796  out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY |
797  EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
798  EVP_CIPH_CTRL_INIT | EVP_CIPH_FLAG_AEAD_CIPHER;
799  out->init = aes_gcm_init_key;
800  out->cipher = aes_gcm_cipher;
801  out->cleanup = aes_gcm_cleanup;
802  out->ctrl = aes_gcm_ctrl;
803 }
804 
805 #if defined(HWAES_ECB)
806 
807 static int aes_hw_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
808  const uint8_t *in, size_t len) {
809  size_t bl = ctx->cipher->block_size;
810 
811  if (len < bl) {
812  return 1;
813  }
814 
815  aes_hw_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
816 
817  return 1;
818 }
819 
820 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_128_ecb) {
821  memset(out, 0, sizeof(EVP_CIPHER));
822 
823  out->nid = NID_aes_128_ecb;
824  out->block_size = 16;
825  out->key_len = 16;
826  out->ctx_size = sizeof(EVP_AES_KEY);
827  out->flags = EVP_CIPH_ECB_MODE;
828  out->init = aes_init_key;
829  out->cipher = aes_hw_ecb_cipher;
830 }
831 
832 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_192_ecb) {
833  memset(out, 0, sizeof(EVP_CIPHER));
834 
835  out->nid = NID_aes_192_ecb;
836  out->block_size = 16;
837  out->key_len = 24;
838  out->ctx_size = sizeof(EVP_AES_KEY);
839  out->flags = EVP_CIPH_ECB_MODE;
840  out->init = aes_init_key;
841  out->cipher = aes_hw_ecb_cipher;
842 }
843 
844 DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_256_ecb) {
845  memset(out, 0, sizeof(EVP_CIPHER));
846 
847  out->nid = NID_aes_256_ecb;
848  out->block_size = 16;
849  out->key_len = 32;
850  out->ctx_size = sizeof(EVP_AES_KEY);
851  out->flags = EVP_CIPH_ECB_MODE;
852  out->init = aes_init_key;
853  out->cipher = aes_hw_ecb_cipher;
854 }
855 
856 #define EVP_ECB_CIPHER_FUNCTION(keybits) \
857  const EVP_CIPHER *EVP_aes_##keybits##_ecb(void) { \
858  if (hwaes_capable()) { \
859  return aes_hw_##keybits##_ecb(); \
860  } \
861  return aes_##keybits##_ecb_generic(); \
862  }
863 
864 #else
865 
866 #define EVP_ECB_CIPHER_FUNCTION(keybits) \
867  const EVP_CIPHER *EVP_aes_##keybits##_ecb(void) { \
868  return aes_##keybits##_ecb_generic(); \
869  }
870 
871 #endif // HWAES_ECB
872 
873 #define EVP_CIPHER_FUNCTION(keybits, mode) \
874  const EVP_CIPHER *EVP_aes_##keybits##_##mode(void) { \
875  return aes_##keybits##_##mode##_generic(); \
876  }
877 
878 EVP_CIPHER_FUNCTION(128, cbc)
879 EVP_CIPHER_FUNCTION(128, ctr)
880 EVP_CIPHER_FUNCTION(128, ofb)
881 EVP_CIPHER_FUNCTION(128, gcm)
882 
883 EVP_CIPHER_FUNCTION(192, cbc)
884 EVP_CIPHER_FUNCTION(192, ctr)
885 EVP_CIPHER_FUNCTION(192, ofb)
886 EVP_CIPHER_FUNCTION(192, gcm)
887 
888 EVP_CIPHER_FUNCTION(256, cbc)
889 EVP_CIPHER_FUNCTION(256, ctr)
890 EVP_CIPHER_FUNCTION(256, ofb)
891 EVP_CIPHER_FUNCTION(256, gcm)
892 
893 EVP_ECB_CIPHER_FUNCTION(128)
894 EVP_ECB_CIPHER_FUNCTION(192)
895 EVP_ECB_CIPHER_FUNCTION(256)
896 
897 
898 #define EVP_AEAD_AES_GCM_TAG_LEN 16
899 
900 struct aead_aes_gcm_ctx {
901  union {
902  double align;
903  AES_KEY ks;
904  } ks;
905  GCM128_KEY gcm_key;
906  ctr128_f ctr;
907 };
908 
909 static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx,
910  size_t *out_tag_len, const uint8_t *key,
911  size_t key_len, size_t tag_len) {
912  const size_t key_bits = key_len * 8;
913 
914  switch (key_bits) {
915  case 128:
916  boringssl_fips_inc_counter(fips_counter_evp_aes_128_gcm);
917  break;
918 
919  case 256:
920  boringssl_fips_inc_counter(fips_counter_evp_aes_256_gcm);
921  break;
922  }
923 
924  if (key_bits != 128 && key_bits != 192 && key_bits != 256) {
925  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
926  return 0; // EVP_AEAD_CTX_init should catch this.
927  }
928 
929  if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH) {
930  tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
931  }
932 
933  if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) {
934  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE);
935  return 0;
936  }
937 
938  gcm_ctx->ctr =
939  aes_ctr_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm_key, NULL, key, key_len);
940  *out_tag_len = tag_len;
941  return 1;
942 }
943 
944 OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
945  sizeof(struct aead_aes_gcm_ctx),
946  "AEAD state is too small");
947 #if defined(__GNUC__) || defined(__clang__)
948 OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
949  alignof(struct aead_aes_gcm_ctx),
950  "AEAD state has insufficient alignment");
951 #endif
952 
953 static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
954  size_t key_len, size_t requested_tag_len) {
955  struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *) &ctx->state;
956 
957  size_t actual_tag_len;
958  if (!aead_aes_gcm_init_impl(gcm_ctx, &actual_tag_len, key, key_len,
959  requested_tag_len)) {
960  return 0;
961  }
962 
963  ctx->tag_len = actual_tag_len;
964  return 1;
965 }
966 
967 static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {}
968 
969 static int aead_aes_gcm_seal_scatter_impl(
970  const struct aead_aes_gcm_ctx *gcm_ctx,
971  uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
972  const uint8_t *nonce, size_t nonce_len,
973  const uint8_t *in, size_t in_len,
974  const uint8_t *extra_in, size_t extra_in_len,
975  const uint8_t *ad, size_t ad_len,
976  size_t tag_len) {
977  if (extra_in_len + tag_len < tag_len) {
978  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
979  return 0;
980  }
981  if (max_out_tag_len < extra_in_len + tag_len) {
982  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
983  return 0;
984  }
985  if (nonce_len == 0) {
986  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
987  return 0;
988  }
989 
990  const AES_KEY *key = &gcm_ctx->ks.ks;
991 
992  GCM128_CONTEXT gcm;
993  OPENSSL_memset(&gcm, 0, sizeof(gcm));
994  OPENSSL_memcpy(&gcm.gcm_key, &gcm_ctx->gcm_key, sizeof(gcm.gcm_key));
995  CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
996 
997  if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
998  return 0;
999  }
1000 
1001  if (gcm_ctx->ctr) {
1002  if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, key, in, out, in_len,
1003  gcm_ctx->ctr)) {
1004  return 0;
1005  }
1006  } else {
1007  if (!CRYPTO_gcm128_encrypt(&gcm, key, in, out, in_len)) {
1008  return 0;
1009  }
1010  }
1011 
1012  if (extra_in_len) {
1013  if (gcm_ctx->ctr) {
1014  if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, key, extra_in, out_tag,
1015  extra_in_len, gcm_ctx->ctr)) {
1016  return 0;
1017  }
1018  } else {
1019  if (!CRYPTO_gcm128_encrypt(&gcm, key, extra_in, out_tag, extra_in_len)) {
1020  return 0;
1021  }
1022  }
1023  }
1024 
1025  CRYPTO_gcm128_tag(&gcm, out_tag + extra_in_len, tag_len);
1026  *out_tag_len = tag_len + extra_in_len;
1027 
1028  return 1;
1029 }
1030 
1031 static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
1032  uint8_t *out_tag, size_t *out_tag_len,
1033  size_t max_out_tag_len,
1034  const uint8_t *nonce, size_t nonce_len,
1035  const uint8_t *in, size_t in_len,
1036  const uint8_t *extra_in,
1037  size_t extra_in_len,
1038  const uint8_t *ad, size_t ad_len) {
1039  const struct aead_aes_gcm_ctx *gcm_ctx =
1040  (const struct aead_aes_gcm_ctx *)&ctx->state;
1041  return aead_aes_gcm_seal_scatter_impl(
1042  gcm_ctx, out, out_tag, out_tag_len, max_out_tag_len, nonce, nonce_len, in,
1043  in_len, extra_in, extra_in_len, ad, ad_len, ctx->tag_len);
1044 }
1045 
1046 static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx,
1047  uint8_t *out,
1048  const uint8_t *nonce, size_t nonce_len,
1049  const uint8_t *in, size_t in_len,
1050  const uint8_t *in_tag,
1051  size_t in_tag_len,
1052  const uint8_t *ad, size_t ad_len,
1053  size_t tag_len) {
1054  uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN];
1055 
1056  if (nonce_len == 0) {
1057  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
1058  return 0;
1059  }
1060 
1061  if (in_tag_len != tag_len) {
1062  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
1063  return 0;
1064  }
1065 
1066  const AES_KEY *key = &gcm_ctx->ks.ks;
1067 
1068  GCM128_CONTEXT gcm;
1069  OPENSSL_memset(&gcm, 0, sizeof(gcm));
1070  OPENSSL_memcpy(&gcm.gcm_key, &gcm_ctx->gcm_key, sizeof(gcm.gcm_key));
1071  CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
1072 
1073  if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
1074  return 0;
1075  }
1076 
1077  if (gcm_ctx->ctr) {
1078  if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, key, in, out, in_len,
1079  gcm_ctx->ctr)) {
1080  return 0;
1081  }
1082  } else {
1083  if (!CRYPTO_gcm128_decrypt(&gcm, key, in, out, in_len)) {
1084  return 0;
1085  }
1086  }
1087 
1088  CRYPTO_gcm128_tag(&gcm, tag, tag_len);
1089  if (CRYPTO_memcmp(tag, in_tag, tag_len) != 0) {
1090  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
1091  return 0;
1092  }
1093 
1094  return 1;
1095 }
1096 
1097 static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
1098  const uint8_t *nonce, size_t nonce_len,
1099  const uint8_t *in, size_t in_len,
1100  const uint8_t *in_tag, size_t in_tag_len,
1101  const uint8_t *ad, size_t ad_len) {
1102  struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state;
1103  return aead_aes_gcm_open_gather_impl(gcm_ctx, out, nonce, nonce_len, in,
1104  in_len, in_tag, in_tag_len, ad, ad_len,
1105  ctx->tag_len);
1106 }
1107 
1108 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm) {
1109  memset(out, 0, sizeof(EVP_AEAD));
1110 
1111  out->key_len = 16;
1112  out->nonce_len = AES_GCM_NONCE_LENGTH;
1113  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1114  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1115  out->seal_scatter_supports_extra_in = 1;
1116 
1117  out->init = aead_aes_gcm_init;
1118  out->cleanup = aead_aes_gcm_cleanup;
1119  out->seal_scatter = aead_aes_gcm_seal_scatter;
1120  out->open_gather = aead_aes_gcm_open_gather;
1121 }
1122 
1123 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_192_gcm) {
1124  memset(out, 0, sizeof(EVP_AEAD));
1125 
1126  out->key_len = 24;
1127  out->nonce_len = AES_GCM_NONCE_LENGTH;
1128  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1129  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1130  out->seal_scatter_supports_extra_in = 1;
1131 
1132  out->init = aead_aes_gcm_init;
1133  out->cleanup = aead_aes_gcm_cleanup;
1134  out->seal_scatter = aead_aes_gcm_seal_scatter;
1135  out->open_gather = aead_aes_gcm_open_gather;
1136 }
1137 
1138 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm) {
1139  memset(out, 0, sizeof(EVP_AEAD));
1140 
1141  out->key_len = 32;
1142  out->nonce_len = AES_GCM_NONCE_LENGTH;
1143  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1144  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1145  out->seal_scatter_supports_extra_in = 1;
1146 
1147  out->init = aead_aes_gcm_init;
1148  out->cleanup = aead_aes_gcm_cleanup;
1149  out->seal_scatter = aead_aes_gcm_seal_scatter;
1150  out->open_gather = aead_aes_gcm_open_gather;
1151 }
1152 
1153 static int aead_aes_gcm_init_randnonce(EVP_AEAD_CTX *ctx, const uint8_t *key,
1154  size_t key_len,
1155  size_t requested_tag_len) {
1156  if (requested_tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH) {
1157  if (requested_tag_len < AES_GCM_NONCE_LENGTH) {
1158  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
1159  return 0;
1160  }
1161  requested_tag_len -= AES_GCM_NONCE_LENGTH;
1162  }
1163 
1164  if (!aead_aes_gcm_init(ctx, key, key_len, requested_tag_len)) {
1165  return 0;
1166  }
1167 
1168  ctx->tag_len += AES_GCM_NONCE_LENGTH;
1169  return 1;
1170 }
1171 
1172 static int aead_aes_gcm_seal_scatter_randnonce(
1173  const EVP_AEAD_CTX *ctx,
1174  uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
1175  const uint8_t *external_nonce, size_t external_nonce_len,
1176  const uint8_t *in, size_t in_len,
1177  const uint8_t *extra_in, size_t extra_in_len,
1178  const uint8_t *ad, size_t ad_len) {
1179  if (external_nonce_len != 0) {
1180  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
1181  return 0;
1182  }
1183 
1184  uint8_t nonce[AES_GCM_NONCE_LENGTH];
1185  if (max_out_tag_len < sizeof(nonce)) {
1186  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
1187  return 0;
1188  }
1189 
1190  RAND_bytes(nonce, sizeof(nonce));
1191  const struct aead_aes_gcm_ctx *gcm_ctx =
1192  (const struct aead_aes_gcm_ctx *)&ctx->state;
1193  if (!aead_aes_gcm_seal_scatter_impl(gcm_ctx, out, out_tag, out_tag_len,
1194  max_out_tag_len - AES_GCM_NONCE_LENGTH,
1195  nonce, sizeof(nonce), in, in_len,
1196  extra_in, extra_in_len, ad, ad_len,
1197  ctx->tag_len - AES_GCM_NONCE_LENGTH)) {
1198  return 0;
1199  }
1200 
1201  assert(*out_tag_len + sizeof(nonce) <= max_out_tag_len);
1202  memcpy(out_tag + *out_tag_len, nonce, sizeof(nonce));
1203  *out_tag_len += sizeof(nonce);
1204 
1205  return 1;
1206 }
1207 
1208 static int aead_aes_gcm_open_gather_randnonce(
1209  const EVP_AEAD_CTX *ctx, uint8_t *out,
1210  const uint8_t *external_nonce, size_t external_nonce_len,
1211  const uint8_t *in, size_t in_len,
1212  const uint8_t *in_tag, size_t in_tag_len,
1213  const uint8_t *ad, size_t ad_len) {
1214  if (external_nonce_len != 0) {
1215  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
1216  return 0;
1217  }
1218 
1219  if (in_tag_len < AES_GCM_NONCE_LENGTH) {
1220  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
1221  return 0;
1222  }
1223  const uint8_t *nonce = in_tag + in_tag_len - AES_GCM_NONCE_LENGTH;
1224 
1225  const struct aead_aes_gcm_ctx *gcm_ctx =
1226  (const struct aead_aes_gcm_ctx *)&ctx->state;
1227  return aead_aes_gcm_open_gather_impl(
1228  gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag,
1229  in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len,
1230  ctx->tag_len - AES_GCM_NONCE_LENGTH);
1231 }
1232 
1233 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_randnonce) {
1234  memset(out, 0, sizeof(EVP_AEAD));
1235 
1236  out->key_len = 16;
1237  out->nonce_len = 0;
1238  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
1239  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
1240  out->seal_scatter_supports_extra_in = 1;
1241 
1242  out->init = aead_aes_gcm_init_randnonce;
1243  out->cleanup = aead_aes_gcm_cleanup;
1244  out->seal_scatter = aead_aes_gcm_seal_scatter_randnonce;
1245  out->open_gather = aead_aes_gcm_open_gather_randnonce;
1246 }
1247 
1248 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_randnonce) {
1249  memset(out, 0, sizeof(EVP_AEAD));
1250 
1251  out->key_len = 32;
1252  out->nonce_len = 0;
1253  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
1254  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
1255  out->seal_scatter_supports_extra_in = 1;
1256 
1257  out->init = aead_aes_gcm_init_randnonce;
1258  out->cleanup = aead_aes_gcm_cleanup;
1259  out->seal_scatter = aead_aes_gcm_seal_scatter_randnonce;
1260  out->open_gather = aead_aes_gcm_open_gather_randnonce;
1261 }
1262 
1263 struct aead_aes_gcm_tls12_ctx {
1264  struct aead_aes_gcm_ctx gcm_ctx;
1265  uint64_t min_next_nonce;
1266 };
1267 
1268 OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
1269  sizeof(struct aead_aes_gcm_tls12_ctx),
1270  "AEAD state is too small");
1271 #if defined(__GNUC__) || defined(__clang__)
1272 OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
1273  alignof(struct aead_aes_gcm_tls12_ctx),
1274  "AEAD state has insufficient alignment");
1275 #endif
1276 
1277 static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
1278  size_t key_len, size_t requested_tag_len) {
1279  struct aead_aes_gcm_tls12_ctx *gcm_ctx =
1280  (struct aead_aes_gcm_tls12_ctx *) &ctx->state;
1281 
1282  gcm_ctx->min_next_nonce = 0;
1283 
1284  size_t actual_tag_len;
1285  if (!aead_aes_gcm_init_impl(&gcm_ctx->gcm_ctx, &actual_tag_len, key, key_len,
1286  requested_tag_len)) {
1287  return 0;
1288  }
1289 
1290  ctx->tag_len = actual_tag_len;
1291  return 1;
1292 }
1293 
1294 static int aead_aes_gcm_tls12_seal_scatter(
1295  const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
1296  size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
1297  size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
1298  size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
1299  struct aead_aes_gcm_tls12_ctx *gcm_ctx =
1300  (struct aead_aes_gcm_tls12_ctx *) &ctx->state;
1301 
1302  if (nonce_len != AES_GCM_NONCE_LENGTH) {
1303  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
1304  return 0;
1305  }
1306 
1307  // The given nonces must be strictly monotonically increasing.
1308  uint64_t given_counter;
1309  OPENSSL_memcpy(&given_counter, nonce + nonce_len - sizeof(given_counter),
1310  sizeof(given_counter));
1311  given_counter = CRYPTO_bswap8(given_counter);
1312  if (given_counter == UINT64_MAX ||
1313  given_counter < gcm_ctx->min_next_nonce) {
1314  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE);
1315  return 0;
1316  }
1317 
1318  gcm_ctx->min_next_nonce = given_counter + 1;
1319 
1320  return aead_aes_gcm_seal_scatter(ctx, out, out_tag, out_tag_len,
1321  max_out_tag_len, nonce, nonce_len, in,
1322  in_len, extra_in, extra_in_len, ad, ad_len);
1323 }
1324 
1325 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls12) {
1326  memset(out, 0, sizeof(EVP_AEAD));
1327 
1328  out->key_len = 16;
1329  out->nonce_len = AES_GCM_NONCE_LENGTH;
1330  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1331  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1332  out->seal_scatter_supports_extra_in = 1;
1333 
1334  out->init = aead_aes_gcm_tls12_init;
1335  out->cleanup = aead_aes_gcm_cleanup;
1336  out->seal_scatter = aead_aes_gcm_tls12_seal_scatter;
1337  out->open_gather = aead_aes_gcm_open_gather;
1338 }
1339 
1340 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls12) {
1341  memset(out, 0, sizeof(EVP_AEAD));
1342 
1343  out->key_len = 32;
1344  out->nonce_len = AES_GCM_NONCE_LENGTH;
1345  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1346  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1347  out->seal_scatter_supports_extra_in = 1;
1348 
1349  out->init = aead_aes_gcm_tls12_init;
1350  out->cleanup = aead_aes_gcm_cleanup;
1351  out->seal_scatter = aead_aes_gcm_tls12_seal_scatter;
1352  out->open_gather = aead_aes_gcm_open_gather;
1353 }
1354 
1355 struct aead_aes_gcm_tls13_ctx {
1356  struct aead_aes_gcm_ctx gcm_ctx;
1357  uint64_t min_next_nonce;
1358  uint64_t mask;
1359  uint8_t first;
1360 };
1361 
1362 OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
1363  sizeof(struct aead_aes_gcm_tls13_ctx),
1364  "AEAD state is too small");
1365 #if defined(__GNUC__) || defined(__clang__)
1366 OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
1367  alignof(struct aead_aes_gcm_tls13_ctx),
1368  "AEAD state has insufficient alignment");
1369 #endif
1370 
1371 static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
1372  size_t key_len, size_t requested_tag_len) {
1373  struct aead_aes_gcm_tls13_ctx *gcm_ctx =
1374  (struct aead_aes_gcm_tls13_ctx *) &ctx->state;
1375 
1376  gcm_ctx->min_next_nonce = 0;
1377  gcm_ctx->first = 1;
1378 
1379  size_t actual_tag_len;
1380  if (!aead_aes_gcm_init_impl(&gcm_ctx->gcm_ctx, &actual_tag_len, key, key_len,
1381  requested_tag_len)) {
1382  return 0;
1383  }
1384 
1385  ctx->tag_len = actual_tag_len;
1386  return 1;
1387 }
1388 
1389 static int aead_aes_gcm_tls13_seal_scatter(
1390  const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
1391  size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
1392  size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
1393  size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
1394  struct aead_aes_gcm_tls13_ctx *gcm_ctx =
1395  (struct aead_aes_gcm_tls13_ctx *) &ctx->state;
1396 
1397  if (nonce_len != AES_GCM_NONCE_LENGTH) {
1398  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
1399  return 0;
1400  }
1401 
1402  // The given nonces must be strictly monotonically increasing. See
1403  // https://tools.ietf.org/html/rfc8446#section-5.3 for details of the TLS 1.3
1404  // nonce construction.
1405  uint64_t given_counter;
1406  OPENSSL_memcpy(&given_counter, nonce + nonce_len - sizeof(given_counter),
1407  sizeof(given_counter));
1408  given_counter = CRYPTO_bswap8(given_counter);
1409 
1410  if (gcm_ctx->first) {
1411  // In the first call the sequence number will be zero and therefore the
1412  // given nonce will be 0 ^ mask = mask.
1413  gcm_ctx->mask = given_counter;
1414  gcm_ctx->first = 0;
1415  }
1416  given_counter ^= gcm_ctx->mask;
1417 
1418  if (given_counter == UINT64_MAX ||
1419  given_counter < gcm_ctx->min_next_nonce) {
1420  OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE);
1421  return 0;
1422  }
1423 
1424  gcm_ctx->min_next_nonce = given_counter + 1;
1425 
1426  return aead_aes_gcm_seal_scatter(ctx, out, out_tag, out_tag_len,
1427  max_out_tag_len, nonce, nonce_len, in,
1428  in_len, extra_in, extra_in_len, ad, ad_len);
1429 }
1430 
1431 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls13) {
1432  memset(out, 0, sizeof(EVP_AEAD));
1433 
1434  out->key_len = 16;
1435  out->nonce_len = AES_GCM_NONCE_LENGTH;
1436  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1437  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1438  out->seal_scatter_supports_extra_in = 1;
1439 
1440  out->init = aead_aes_gcm_tls13_init;
1441  out->cleanup = aead_aes_gcm_cleanup;
1442  out->seal_scatter = aead_aes_gcm_tls13_seal_scatter;
1443  out->open_gather = aead_aes_gcm_open_gather;
1444 }
1445 
1446 DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls13) {
1447  memset(out, 0, sizeof(EVP_AEAD));
1448 
1449  out->key_len = 32;
1450  out->nonce_len = AES_GCM_NONCE_LENGTH;
1451  out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
1452  out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
1453  out->seal_scatter_supports_extra_in = 1;
1454 
1455  out->init = aead_aes_gcm_tls13_init;
1456  out->cleanup = aead_aes_gcm_cleanup;
1457  out->seal_scatter = aead_aes_gcm_tls13_seal_scatter;
1458  out->open_gather = aead_aes_gcm_open_gather;
1459 }
1460 
1461 int EVP_has_aes_hardware(void) {
1462 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
1463  return hwaes_capable() && crypto_gcm_clmul_enabled();
1464 #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
1465  return hwaes_capable() && CRYPTO_is_ARMv8_PMULL_capable();
1466 #elif defined(OPENSSL_PPC64LE)
1467  return CRYPTO_is_PPC64LE_vcrypto_capable();
1468 #else
1469  return 0;
1470 #endif
1471 }
1472 
1473 OPENSSL_MSVC_PRAGMA(warning(pop))
NID_aes_128_gcm
#define NID_aes_128_gcm
Definition: nid.h:3963
ptr
char * ptr
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:45
CRYPTO_gcm128_decrypt_ctr32
#define CRYPTO_gcm128_decrypt_ctr32
Definition: boringssl_prefix_symbols.h:1154
EVP_CTRL_GCM_SET_IV_INV
#define EVP_CTRL_GCM_SET_IV_INV
Definition: cipher.h:519
boringssl_fips_inc_counter
OPENSSL_INLINE void boringssl_fips_inc_counter(enum fips_counter_t counter)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:952
cbc128_f
void(* cbc128_f)(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t ivec[16], int enc)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h:320
aead_aes_gcm_tls13_ctx::gcm_ctx
struct aead_aes_gcm_ctx gcm_ctx
Definition: e_aes.c:1356
gen_build_yaml.out
dictionary out
Definition: src/benchmark/gen_build_yaml.py:24
RAND_bytes
#define RAND_bytes
Definition: boringssl_prefix_symbols.h:2060
aes_nohw_ctr32_encrypt_blocks
#define aes_nohw_ctr32_encrypt_blocks
Definition: boringssl_prefix_symbols.h:2816
EVP_CTRL_COPY
#define EVP_CTRL_COPY
Definition: cipher.h:511
CRYPTO_gcm128_finish
#define CRYPTO_gcm128_finish
Definition: boringssl_prefix_symbols.h:1157
NID_aes_128_cbc
#define NID_aes_128_cbc
Definition: nid.h:1933
ctx
Definition: benchmark-async.c:30
CIPHER_R_AES_KEY_SETUP_FAILED
#define CIPHER_R_AES_KEY_SETUP_FAILED
Definition: cipher.h:646
aead_aes_gcm_tls13_ctx::mask
uint64_t mask
Definition: e_aes.c:1358
memset
return memset(p, 0, total)
OPENSSL_cleanse
#define OPENSSL_cleanse
Definition: boringssl_prefix_symbols.h:1864
EVP_AES_GCM_CTX::taglen
int taglen
Definition: e_aes.c:137
CRYPTO_gcm128_encrypt
#define CRYPTO_gcm128_encrypt
Definition: boringssl_prefix_symbols.h:1155
NID_aes_256_ecb
#define NID_aes_256_ecb
Definition: nid.h:1968
vpaes_capable
OPENSSL_INLINE char vpaes_capable(void)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:193
GCM128_CONTEXT::gcm_key
GCM128_KEY gcm_key
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h:160
vpaes_cbc_encrypt
OPENSSL_INLINE void vpaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, const AES_KEY *key, uint8_t *ivec, int enc)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:213
EVP_aead_aes_128_gcm_randnonce
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_128_gcm_randnonce(void)
check_version.warning
string warning
Definition: check_version.py:46
OPENSSL_PUT_ERROR
#define OPENSSL_PUT_ERROR(library, reason)
Definition: err.h:423
OPENSSL_STATIC_ASSERT
OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *) NULL) ->state) >=sizeof(struct aead_aes_gcm_ctx), "AEAD state is too small")
EVP_aead_aes_128_gcm_tls13
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_128_gcm_tls13(void)
aes_init_key
static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc)
Definition: e_aes.c:142
string.h
CIPHER_R_INVALID_NONCE_SIZE
#define CIPHER_R_INVALID_NONCE_SIZE
Definition: cipher.h:657
CRYPTO_bswap8
static uint64_t CRYPTO_bswap8(uint64_t x)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:759
aes_hw_ctr32_encrypt_blocks
OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, const uint8_t ivec[16])
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:122
UINT64_MAX
#define UINT64_MAX
Definition: stdint-msvc2008.h:143
aes_hw_set_encrypt_key
OPENSSL_INLINE int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:96
CRYPTO_cbc128_encrypt
#define CRYPTO_cbc128_encrypt
Definition: boringssl_prefix_symbols.h:1141
aead_aes_gcm_tls13_init
static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len)
Definition: e_aes.c:1371
aead_aes_gcm_tls12_ctx::min_next_nonce
uint64_t min_next_nonce
Definition: e_aes.c:1265
NID_aes_192_ecb
#define NID_aes_192_ecb
Definition: nid.h:1948
CRYPTO_gcm128_decrypt
#define CRYPTO_gcm128_decrypt
Definition: boringssl_prefix_symbols.h:1153
mode
const char int mode
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:135
aead_aes_gcm_init
static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len)
Definition: e_aes.c:953
DEFINE_LOCAL_DATA
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_cbc_generic)
Definition: e_aes.c:601
bsaes_ctr32_encrypt_blocks
OPENSSL_INLINE void bsaes_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, const uint8_t ivec[16])
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:157
EVP_AES_GCM_CTX::gcm
GCM128_CONTEXT gcm
Definition: e_aes.c:128
aead_aes_gcm_ctx::ks
AES_KEY ks
Definition: e_aes.c:903
NID_aes_192_gcm
#define NID_aes_192_gcm
Definition: nid.h:3977
CIPHER_R_BAD_KEY_LENGTH
#define CIPHER_R_BAD_KEY_LENGTH
Definition: cipher.h:648
CRYPTO_ctr128_encrypt_ctr32
#define CRYPTO_ctr128_encrypt_ctr32
Definition: boringssl_prefix_symbols.h:1148
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
CRYPTO_gcm128_setiv
#define CRYPTO_gcm128_setiv
Definition: boringssl_prefix_symbols.h:1159
CRYPTO_gcm128_init_key
#define CRYPTO_gcm128_init_key
Definition: boringssl_prefix_symbols.h:1158
evp_cipher_ctx_st
Definition: cipher.h:536
aead_aes_gcm_open_gather_impl
static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx, uint8_t *out, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag, size_t in_tag_len, const uint8_t *ad, size_t ad_len, size_t tag_len)
Definition: e_aes.c:1046
OPENSSL_memset
static void * OPENSSL_memset(void *dst, int c, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:835
EVP_CTRL_INIT
#define EVP_CTRL_INIT
Definition: cipher.h:503
bsaes_cbc_encrypt
OPENSSL_INLINE void bsaes_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, const AES_KEY *key, uint8_t ivec[16], int enc)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:151
aes_hw_ecb_encrypt
#define aes_hw_ecb_encrypt
Definition: boringssl_prefix_symbols.h:2811
EVP_CTRL_AEAD_SET_IVLEN
#define EVP_CTRL_AEAD_SET_IVLEN
Definition: cipher.h:512
block
Block * block
Definition: protobuf/src/google/protobuf/descriptor.cc:1041
vpaes_decrypt_key_to_bsaes
OPENSSL_INLINE void vpaes_decrypt_key_to_bsaes(AES_KEY *out_bsaes, const AES_KEY *vpaes)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:168
EVP_aead_aes_256_gcm_tls13
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_256_gcm_tls13(void)
EVP_AEAD_DEFAULT_TAG_LENGTH
#define EVP_AEAD_DEFAULT_TAG_LENGTH
Definition: aead.h:240
aes_ecb_cipher
static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len)
Definition: e_aes.c:252
uint32_t
unsigned int uint32_t
Definition: stdint-msvc2008.h:80
EVP_AES_GCM_CTX::iv
uint8_t * iv
Definition: e_aes.c:135
OPENSSL_malloc
#define OPENSSL_malloc
Definition: boringssl_prefix_symbols.h:1885
EVP_aead_aes_256_gcm
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_256_gcm(void)
EVP_CIPH_CTRL_INIT
#define EVP_CIPH_CTRL_INIT
Definition: cipher.h:370
EVP_AES_GCM_CTX::align
double align
Definition: e_aes.c:130
EVP_CTRL_GCM_IV_GEN
#define EVP_CTRL_GCM_IV_GEN
Definition: cipher.h:516
CRYPTO_ofb128_encrypt
#define CRYPTO_ofb128_encrypt
Definition: boringssl_prefix_symbols.h:1181
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
hwaes_capable
OPENSSL_INLINE int hwaes_capable(void)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:94
in
const char * in
Definition: third_party/abseil-cpp/absl/strings/internal/str_format/parser_test.cc:391
c
void c(T a)
Definition: miscompile_with_no_unique_address_test.cc:40
evp_cipher_st
Definition: cipher.h:585
fips_counter_evp_aes_128_ctr
@ fips_counter_evp_aes_128_ctr
Definition: crypto.h:83
EVP_AES_GCM_CTX::ctr
ctr128_f ctr
Definition: e_aes.c:139
CRYPTO_bswap4
static uint32_t CRYPTO_bswap4(uint32_t x)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:753
crypto_gcm_clmul_enabled
#define crypto_gcm_clmul_enabled
Definition: boringssl_prefix_symbols.h:2935
tag
static void * tag(intptr_t t)
Definition: bad_client.cc:318
EVP_aead_aes_128_gcm_tls12
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_128_gcm_tls12(void)
evp_aead_ctx_st_state
Definition: aead.h:210
ctr128_f
void(* ctr128_f)(const uint8_t *in, uint8_t *out, size_t blocks, const AES_KEY *key, const uint8_t ivec[16])
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h:83
aes_ctr_cipher
static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len)
Definition: e_aes.c:269
aead_aes_gcm_seal_scatter_impl
static int aead_aes_gcm_seal_scatter_impl(const struct aead_aes_gcm_ctx *gcm_ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len, size_t tag_len)
Definition: e_aes.c:969
AES_GCM_NONCE_LENGTH
#define AES_GCM_NONCE_LENGTH
NID_aes_256_cbc
#define NID_aes_256_cbc
Definition: nid.h:1973
aes.h
CIPHER_R_UNSUPPORTED_NONCE_SIZE
#define CIPHER_R_UNSUPPORTED_NONCE_SIZE
Definition: cipher.h:667
NID_aes_192_ofb128
#define NID_aes_192_ofb128
Definition: nid.h:1958
evp_aead_ctx_st
Definition: aead.h:217
aead_aes_gcm_open_gather_randnonce
static int aead_aes_gcm_open_gather_randnonce(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *external_nonce, size_t external_nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag, size_t in_tag_len, const uint8_t *ad, size_t ad_len)
Definition: e_aes.c:1208
aes_gcm_from_cipher_ctx
static EVP_AES_GCM_CTX * aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx)
Definition: e_aes.c:340
CIPHER_R_TAG_TOO_LARGE
#define CIPHER_R_TAG_TOO_LARGE
Definition: cipher.h:662
EVP_has_aes_hardware
int EVP_has_aes_hardware(void)
Definition: e_aes.c:1461
EVP_AES_GCM_CTX::ks
AES_KEY ks
Definition: e_aes.c:131
uint64_t
unsigned __int64 uint64_t
Definition: stdint-msvc2008.h:90
OPENSSL_memcpy
static void * OPENSSL_memcpy(void *dst, const void *src, size_t n)
Definition: third_party/boringssl-with-bazel/src/crypto/internal.h:819
err.h
EVP_CIPH_MODE_MASK
#define EVP_CIPH_MODE_MASK
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h:74
counter
static int counter
Definition: abseil-cpp/absl/flags/reflection_test.cc:131
gcm128_key_st
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h:127
cipher.h
arg
Definition: cmdline.cc:40
EVP_CTRL_AEAD_GET_TAG
#define EVP_CTRL_AEAD_GET_TAG
Definition: cipher.h:513
vpaes_decrypt
OPENSSL_INLINE void vpaes_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:209
EVP_CIPH_CUSTOM_COPY
#define EVP_CIPH_CUSTOM_COPY
Definition: cipher.h:384
OPENSSL_MSVC_PRAGMA
OPENSSL_MSVC_PRAGMA(warning(disable:4702))
Definition: e_aes.c:69
aes_gcm_cipher
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len)
Definition: e_aes.c:543
aead_aes_gcm_tls13_seal_scatter
static int aead_aes_gcm_tls13_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len)
Definition: e_aes.c:1389
aead_aes_gcm_ctx::ctr
ctr128_f ctr
Definition: e_aes.c:906
uintptr_t
_W64 unsigned int uintptr_t
Definition: stdint-msvc2008.h:119
aes_gcm_init_key
static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc)
Definition: e_aes.c:362
aead.h
NID_aes_256_ofb128
#define NID_aes_256_ofb128
Definition: nid.h:1978
EVP_CTRL_AEAD_SET_TAG
#define EVP_CTRL_AEAD_SET_TAG
Definition: cipher.h:514
n
int n
Definition: abseil-cpp/absl/container/btree_test.cc:1080
CIPHER_R_BUFFER_TOO_SMALL
#define CIPHER_R_BUFFER_TOO_SMALL
Definition: cipher.h:649
vpaes_ctr32_encrypt_blocks
#define vpaes_ctr32_encrypt_blocks
Definition: boringssl_prefix_symbols.h:3433
EVP_AES_GCM_CTX::ivlen
int ivlen
Definition: e_aes.c:136
NID_aes_192_cbc
#define NID_aes_192_cbc
Definition: nid.h:1953
aead_aes_gcm_seal_scatter_randnonce
static int aead_aes_gcm_seal_scatter_randnonce(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *external_nonce, size_t external_nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len)
Definition: e_aes.c:1172
aes_nohw_encrypt
#define aes_nohw_encrypt
Definition: boringssl_prefix_symbols.h:2818
aead_aes_gcm_ctx
Definition: e_aes.c:900
EVP_CIPH_CBC_MODE
#define EVP_CIPH_CBC_MODE
Definition: cipher.h:345
ctr64_inc
static void ctr64_inc(uint8_t *counter)
Definition: e_aes.c:414
aes_ctr_set_key
ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key, block128_f *out_block, const uint8_t *key, size_t key_bytes)
Definition: e_aes.c:292
aes_nohw_decrypt
#define aes_nohw_decrypt
Definition: boringssl_prefix_symbols.h:2817
push
int push(void *desc, unsigned char *buf, unsigned len)
Definition: bloaty/third_party/zlib/test/infcover.c:463
NID_aes_256_gcm
#define NID_aes_256_gcm
Definition: nid.h:3991
aes_nohw_set_encrypt_key
#define aes_nohw_set_encrypt_key
Definition: boringssl_prefix_symbols.h:2820
evp_aead_st
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h:77
NID_aes_192_ctr
#define NID_aes_192_ctr
Definition: nid.h:4009
vpaes_encrypt_key_to_bsaes
OPENSSL_INLINE void vpaes_encrypt_key_to_bsaes(AES_KEY *out_bsaes, const AES_KEY *vpaes)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:163
EVP_CIPH_FLAG_AEAD_CIPHER
#define EVP_CIPH_FLAG_AEAD_CIPHER
Definition: cipher.h:379
vpaes_set_decrypt_key
OPENSSL_INLINE int vpaes_set_decrypt_key(const uint8_t *userKey, int bits, AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:201
DEFINE_METHOD_FUNCTION
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm)
Definition: e_aes.c:1108
aead_aes_gcm_open_gather
static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag, size_t in_tag_len, const uint8_t *ad, size_t ad_len)
Definition: e_aes.c:1097
aes_hw_encrypt
OPENSSL_INLINE void aes_hw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:106
vpaes_encrypt
OPENSSL_INLINE void vpaes_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:205
nid.h
rand.h
CRYPTO_ctr128_encrypt
#define CRYPTO_ctr128_encrypt
Definition: boringssl_prefix_symbols.h:1147
key
const char * key
Definition: hpack_parser_table.cc:164
aead_aes_gcm_tls13_ctx
Definition: e_aes.c:1355
aead_aes_gcm_tls13_ctx::min_next_nonce
uint64_t min_next_nonce
Definition: e_aes.c:1357
EVP_CIPHER_FUNCTION
#define EVP_CIPHER_FUNCTION(keybits, mode)
Definition: e_aes.c:873
vpaes_set_encrypt_key
OPENSSL_INLINE int vpaes_set_encrypt_key(const uint8_t *userKey, int bits, AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:197
absl::time_internal::cctz::detail::align
CONSTEXPR_F fields align(second_tag, fields f) noexcept
Definition: abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h:325
NID_aes_128_ofb128
#define NID_aes_128_ofb128
Definition: nid.h:1938
EVP_CIPH_FLAG_CUSTOM_CIPHER
#define EVP_CIPH_FLAG_CUSTOM_CIPHER
Definition: cipher.h:374
fips_counter_evp_aes_256_ctr
@ fips_counter_evp_aes_256_ctr
Definition: crypto.h:84
aes_cbc_cipher
static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len)
Definition: e_aes.c:237
EVP_CIPH_CTR_MODE
#define EVP_CIPH_CTR_MODE
Definition: cipher.h:348
EVP_ECB_CIPHER_FUNCTION
#define EVP_ECB_CIPHER_FUNCTION(keybits)
Definition: e_aes.c:866
ret
UniquePtr< SSL_SESSION > ret
Definition: ssl_x509.cc:1029
aes_gcm_cleanup
static void aes_gcm_cleanup(EVP_CIPHER_CTX *c)
Definition: e_aes.c:405
EVP_aead_aes_256_gcm_tls12
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_256_gcm_tls12(void)
aes_nohw_cbc_encrypt
#define aes_nohw_cbc_encrypt
Definition: boringssl_prefix_symbols.h:2815
NID_aes_256_ctr
#define NID_aes_256_ctr
Definition: nid.h:4013
EVP_AES_KEY
EVP_AES_KEY
Definition: e_aes.c:125
CIPHER_R_INVALID_NONCE
#define CIPHER_R_INVALID_NONCE
Definition: cipher.h:671
EVP_AEAD_AES_GCM_TAG_LEN
#define EVP_AEAD_AES_GCM_TAG_LEN
Definition: e_aes.c:898
EVP_MAX_IV_LENGTH
#define EVP_MAX_IV_LENGTH
Definition: cipher.h:533
EVP_aead_aes_192_gcm
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_192_gcm(void)
arg
struct arg arg
state
Definition: bloaty/third_party/zlib/contrib/blast/blast.c:41
internal.h
NID_aes_128_ctr
#define NID_aes_128_ctr
Definition: nid.h:4005
EVP_AES_GCM_CTX::iv_gen
int iv_gen
Definition: e_aes.c:138
CIPHER_R_TOO_LARGE
#define CIPHER_R_TOO_LARGE
Definition: cipher.h:663
EVP_AES_GCM_CTX::iv_set
int iv_set
Definition: e_aes.c:134
EVP_CIPH_OFB_MODE
#define EVP_CIPH_OFB_MODE
Definition: cipher.h:347
cpu.h
aead_aes_gcm_tls12_seal_scatter
static int aead_aes_gcm_tls12_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len)
Definition: e_aes.c:1294
CRYPTO_cbc128_decrypt
#define CRYPTO_cbc128_decrypt
Definition: boringssl_prefix_symbols.h:1140
aead_aes_gcm_tls12_ctx
Definition: e_aes.c:1263
CRYPTO_gcm128_aad
#define CRYPTO_gcm128_aad
Definition: boringssl_prefix_symbols.h:1152
EVP_CTRL_AEAD_SET_IV_FIXED
#define EVP_CTRL_AEAD_SET_IV_FIXED
Definition: cipher.h:515
aead_aes_gcm_seal_scatter
static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len)
Definition: e_aes.c:1031
mem.h
fips_counter_evp_aes_128_gcm
@ fips_counter_evp_aes_128_gcm
Definition: crypto.h:81
EVP_aead_aes_256_gcm_randnonce
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_256_gcm_randnonce(void)
aes_hw_cbc_encrypt
OPENSSL_INLINE void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, const AES_KEY *key, uint8_t *ivec, int enc)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:116
asyncio_get_stats.type
type
Definition: asyncio_get_stats.py:37
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46
aead_aes_gcm_init_impl
static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx, size_t *out_tag_len, const uint8_t *key, size_t key_len, size_t tag_len)
Definition: e_aes.c:909
aead_aes_gcm_init_randnonce
static int aead_aes_gcm_init_randnonce(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len)
Definition: e_aes.c:1153
NID_aes_128_ecb
#define NID_aes_128_ecb
Definition: nid.h:1928
aes_nohw_set_decrypt_key
#define aes_nohw_set_decrypt_key
Definition: boringssl_prefix_symbols.h:2819
EVP_CIPH_ALWAYS_CALL_INIT
#define EVP_CIPH_ALWAYS_CALL_INIT
Definition: cipher.h:362
aead_aes_gcm_tls12_init
static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len)
Definition: e_aes.c:1277
aead_aes_gcm_cleanup
static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx)
Definition: e_aes.c:967
aes_hw_set_decrypt_key
OPENSSL_INLINE int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:101
CRYPTO_gcm128_encrypt_ctr32
#define CRYPTO_gcm128_encrypt_ctr32
Definition: boringssl_prefix_symbols.h:1156
EVP_aead_aes_128_gcm
const OPENSSL_EXPORT EVP_AEAD * EVP_aead_aes_128_gcm(void)
GCM128_CONTEXT
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h:147
OPENSSL_free
#define OPENSSL_free
Definition: boringssl_prefix_symbols.h:1869
aes_ofb_cipher
static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len)
Definition: e_aes.c:283
aes_gcm_ctrl
static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
Definition: e_aes.c:429
aead_aes_gcm_tls12_ctx::gcm_ctx
struct aead_aes_gcm_ctx gcm_ctx
Definition: e_aes.c:1264
aes_key_st
Definition: aes.h:72
aead_aes_gcm_ctx::gcm_key
GCM128_KEY gcm_key
Definition: e_aes.c:905
fips_counter_evp_aes_256_gcm
@ fips_counter_evp_aes_256_gcm
Definition: crypto.h:82
EVP_AES_GCM_CTX_PADDING
#define EVP_AES_GCM_CTX_PADDING
Definition: e_aes.c:337
if
if(p->owned &&p->wrapped !=NULL)
Definition: call.c:42
CRYPTO_memcmp
#define CRYPTO_memcmp
Definition: boringssl_prefix_symbols.h:1178
aead_aes_gcm_ctx::align
double align
Definition: e_aes.c:902
aes_hw_decrypt
OPENSSL_INLINE void aes_hw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:111
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
block128_f
void(* block128_f)(const uint8_t in[16], uint8_t out[16], const AES_KEY *key)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h:76
EVP_AES_GCM_CTX
Definition: e_aes.c:127
EVP_CIPH_CUSTOM_IV
#define EVP_CIPH_CUSTOM_IV
Definition: cipher.h:366
bsaes_capable
OPENSSL_INLINE char bsaes_capable(void)
Definition: third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h:147
CIPHER_R_BAD_DECRYPT
#define CIPHER_R_BAD_DECRYPT
Definition: cipher.h:647
CRYPTO_gcm128_tag
#define CRYPTO_gcm128_tag
Definition: boringssl_prefix_symbols.h:1160
EVP_AES_GCM_CTX::key_set
int key_set
Definition: e_aes.c:133
EVP_CIPH_GCM_MODE
#define EVP_CIPH_GCM_MODE
Definition: cipher.h:349
aead_aes_gcm_tls13_ctx::first
uint8_t first
Definition: e_aes.c:1359
EVP_CIPH_ECB_MODE
#define EVP_CIPH_ECB_MODE
Definition: cipher.h:344
stream
voidpf stream
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:136

grpc
Author(s):
autogenerated on Fri May 16 2025 02:58:18