kris
/
boringssl
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
3902 コミット
12 ブランチ
38 MiB
ツリー: 4c341d0299
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'4c341d0299' から
${ noResults }
boringssl/include/openssl/aead.h

aead.h 15 KiB
Raw 通常表示 履歴

Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Correct the spelling of "primitive". Spotted by Matt Smart. Change-Id: Id9c61ba6a293ddc52b2e2c93c427860765848c6d Reviewed-on: https://boringssl-review.googlesource.com/6430 Reviewed-by: Adam Langley <agl@google.com>
9年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Spellcheck our public headers. Also fix some formatting. Change-Id: I8fb1a95d4a55e40127433f0114fd08a82a4c3d41 Reviewed-on: https://boringssl-review.googlesource.com/13103 Reviewed-by: Adam Langley <agl@google.com>
7年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
We no longer allow out < in in-place operations The (rather long...) preamble to aead.h still said we allowed this. Change-Id: I4ba02ef196c6d5439408000cf3c296111b55ff36 Reviewed-on: https://boringssl-review.googlesource.com/11004 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
8年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Remove AES-GCM cipher indices. Those ciphers go through EVP_AEAD now. Change-Id: Ia97af9960223724f041dc2c249def9e626fd03f8 Reviewed-on: https://boringssl-review.googlesource.com/1520 Reviewed-by: Adam Langley <agl@google.com>
10年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Remove AES-GCM cipher indices. Those ciphers go through EVP_AEAD now. Change-Id: Ia97af9960223724f041dc2c249def9e626fd03f8 Reviewed-on: https://boringssl-review.googlesource.com/1520 Reviewed-by: Adam Langley <agl@google.com>
10年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Point EVP_aead_chacha20_poly1305 at the standardized version. The consumers have all been updated, so we can move EVP_aead_chacha20_poly1305 to its final state. Unfortunately, the _rfc7539-suffixed version will need to stick around for just a hair longer. Also the tls1.h macros, but the remaining consumers are okay with that changing underneath them. Change-Id: Ibbb70ec1860d6ac6a7e1d7b45e70fe692bf5ebe5 Reviewed-on: https://boringssl-review.googlesource.com/6600 Reviewed-by: Adam Langley <agl@google.com>
9年前
Add AEADs for AES-CTR with HMAC-SHA256. Change-Id: Id035d2c6ab9c6ae034326c313ffe35e0d035dec1 Reviewed-on: https://boringssl-review.googlesource.com/3911 Reviewed-by: Adam Langley <agl@google.com>
9年前
Fix up several comments and detect problems in the future. This change fixes up several comments (many of which were spotted by Kenny Root) and also changes doc.go to detect cases where comments don't start with the correct word. (This is a common error.) Since we have docs builders now, these errors will be found automatically in the future. Change-Id: I58c6dd4266bf3bd4ec748763c8762b1a67ae5ab3 Reviewed-on: https://boringssl-review.googlesource.com/6440 Reviewed-by: Adam Langley <agl@google.com>
9年前
Add AEADs for AES-CTR with HMAC-SHA256. Change-Id: Id035d2c6ab9c6ae034326c313ffe35e0d035dec1 Reviewed-on: https://boringssl-review.googlesource.com/3911 Reviewed-by: Adam Langley <agl@google.com>
9年前
Add generic AES-GCM-SIV support. AES-GCM-SIV is an AEAD with nonce-misuse resistance. It can reuse hardware support for AES-GCM and thus encrypt at ~66% the speed, and decrypt at 100% the speed, of AES-GCM. See https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 This implementation is generic, not optimised, and reuses existing AES and GHASH support as much as possible. It is guarded by !OPENSSL_SMALL, at least for now. Change-Id: Ia9f77b256ef5dfb8588bb9ecfe6ee0e827626f57 Reviewed-on: https://boringssl-review.googlesource.com/12541 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8年前
Prefer AES-GCM when hardware support is available. BUG=396787 Change-Id: I72ddb0ec3c71dbc70054403163930cbbde4b6009 Reviewed-on: https://boringssl-review.googlesource.com/1581 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
9年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
9年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Add EVP_AEAD_CTX_zero. Match the other stack-allocated types in that we expose a wrapper function to get them into the zero state. Makes it more amenable to templates like ScopedOpenSSLContext. Change-Id: Ibc7b2b1bc0421ce5ccc84760c78c0b143441ab0f Reviewed-on: https://boringssl-review.googlesource.com/5753 Reviewed-by: Adam Langley <agl@google.com>
9年前
AEADs don't go through ENGINE. They'll probably stay that way too, so document it as being an ignored parameter. Change-Id: Iff385715f5413290a7186c38ea9ef2dd4fce9b38 Reviewed-on: https://boringssl-review.googlesource.com/5175 Reviewed-by: Adam Langley <agl@google.com>
9年前
AEAD: allow _cleanup after failed _init. This change makes it safe to call EVP_AEAD_CTX_cleanup after a failed EVP_AEAD_CTX_init. Change-Id: I608ed550e08d638cd7e941f5067edd3da4c850ab Reviewed-on: https://boringssl-review.googlesource.com/4692 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
9年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
AEAD: allow _cleanup after failed _init. This change makes it safe to call EVP_AEAD_CTX_cleanup after a failed EVP_AEAD_CTX_init. Change-Id: I608ed550e08d638cd7e941f5067edd3da4c850ab Reviewed-on: https://boringssl-review.googlesource.com/4692 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
9年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Fix doc reference to EVP_AEAD_max_overhead. The documentation referred to the old name of |EVP_AEAD_overhead|. Merged from Android's https://android-review.googlesource.com/#/c/149947/ Change-Id: Ifd1b850355c8f7d9f3e990f514fa072d4cacef1c
9年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Require in == out for in-place encryption. While most of OpenSSL's assembly allows out < in too, some of it doesn't. Upstream seems to not consider this a problem (or, at least, they're failing to make a decision on whether it is a problem, so we should assume they'll stay their course). Accordingly, require aliased buffers to exactly align so we don't have to keep chasing this down. Change-Id: I00eb3df3e195b249116c68f7272442918d7077eb Reviewed-on: https://boringssl-review.googlesource.com/8231 Reviewed-by: Adam Langley <agl@google.com>
8年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Require in == out for in-place encryption. While most of OpenSSL's assembly allows out < in too, some of it doesn't. Upstream seems to not consider this a problem (or, at least, they're failing to make a decision on whether it is a problem, so we should assume they'll stay their course). Accordingly, require aliased buffers to exactly align so we don't have to keep chasing this down. Change-Id: I00eb3df3e195b249116c68f7272442918d7077eb Reviewed-on: https://boringssl-review.googlesource.com/8231 Reviewed-by: Adam Langley <agl@google.com>
8年前
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
10年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Add EVP_AEAD_CTX_aead. Code acting generically on an EVP_AEAD_CTX may wish to get at the underlying EVP_AEAD. Change-Id: I9cc905522ba76402bda4c255aa1488158323b02c Reviewed-on: https://boringssl-review.googlesource.com/11085 CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Matt Braithwaite <mab@google.com> Commit-Queue: David Benjamin <davidben@google.com>
8年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Move TLS-specific "AEAD" functions to the bottom of aead.h. Probably better to keep it out of the way for someone just trying to figure out how to use the library. Notably, we don't really want people to think they need to use the directioned init function. Change-Id: Icacc2061071581abf46e38eb1d7a52e7b1f8361b Reviewed-on: https://boringssl-review.googlesource.com/7724 Reviewed-by: Adam Langley <agl@google.com>
8年前
Add SSL_get_rc4_state. This allows the current RC4 state of an SSL* to be extracted. We have internal uses for this functionality. Change-Id: Ic124c4b253c8325751f49e7a4c021768620ea4b7 Reviewed-on: https://boringssl-review.googlesource.com/3722 Reviewed-by: Adam Langley <agl@google.com>
9年前
Move TLS-specific "AEAD" functions to the bottom of aead.h. Probably better to keep it out of the way for someone just trying to figure out how to use the library. Notably, we don't really want people to think they need to use the directioned init function. Change-Id: Icacc2061071581abf46e38eb1d7a52e7b1f8361b Reviewed-on: https://boringssl-review.googlesource.com/7724 Reviewed-by: Adam Langley <agl@google.com>
8年前
Add SSL_get_ivs. This function allows one to extract the current IVs from an SSL connection. This is needed for the CBC cipher suites with implicit IVs because, for those, the IV can't be extracted from the handshake key material. Change-Id: I247a1d0813b7a434b3cfc88db86d2fe8754344b6 Reviewed-on: https://boringssl-review.googlesource.com/6433 Reviewed-by: Adam Langley <agl@google.com>
9年前
Add SSL_get_rc4_state. This allows the current RC4 state of an SSL* to be extracted. We have internal uses for this functionality. Change-Id: Ic124c4b253c8325751f49e7a4c021768620ea4b7 Reviewed-on: https://boringssl-review.googlesource.com/3722 Reviewed-by: Adam Langley <agl@google.com>
9年前
Add missing newline in aead.h. c2d3280f was missing a newline before the trailer. Change-Id: I0118259b7a8ab15aaaa55125a0f92f3a97794b81
9年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
Fold stack-allocated types into headers. Now that we have the extern "C++" trick, we can just embed them in the normal headers. Move the EVP_CIPHER_CTX deleter to cipher.h and, in doing so, take away a little bit of boilerplate in defining deleters. Change-Id: I4a4b8d0db5274a3607914d94e76a38996bd611ec Reviewed-on: https://boringssl-review.googlesource.com/10804 Reviewed-by: Matt Braithwaite <mab@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
8年前
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
10年前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #ifndef OPENSSL_HEADER_AEAD_H

  16. #define OPENSSL_HEADER_AEAD_H

  17. 

  18. #include <openssl/base.h>

  19. 

  20. #if defined(__cplusplus)

  21. extern "C" {

  22. #endif

  23. 

  24. 

  25. /* Authenticated Encryption with Additional Data.

  26.  *

  27.  * AEAD couples confidentiality and integrity in a single primitive. AEAD

  28.  * algorithms take a key and then can seal and open individual messages. Each

  29.  * message has a unique, per-message nonce and, optionally, additional data

  30.  * which is authenticated but not included in the ciphertext.

  31.  *

  32.  * The |EVP_AEAD_CTX_init| function initialises an |EVP_AEAD_CTX| structure and

  33.  * performs any precomputation needed to use |aead| with |key|. The length of

  34.  * the key, |key_len|, is given in bytes.

  35.  *

  36.  * The |tag_len| argument contains the length of the tags, in bytes, and allows

  37.  * for the processing of truncated authenticators. A zero value indicates that

  38.  * the default tag length should be used and this is defined as

  39.  * |EVP_AEAD_DEFAULT_TAG_LENGTH| in order to make the code clear. Using

  40.  * truncated tags increases an attacker's chance of creating a valid forgery.

  41.  * Be aware that the attacker's chance may increase more than exponentially as

  42.  * would naively be expected.

  43.  *

  44.  * When no longer needed, the initialised |EVP_AEAD_CTX| structure must be

  45.  * passed to |EVP_AEAD_CTX_cleanup|, which will deallocate any memory used.

  46.  *

  47.  * With an |EVP_AEAD_CTX| in hand, one can seal and open messages. These

  48.  * operations are intended to meet the standard notions of privacy and

  49.  * authenticity for authenticated encryption. For formal definitions see

  50.  * Bellare and Namprempre, "Authenticated encryption: relations among notions

  51.  * and analysis of the generic composition paradigm," Lecture Notes in Computer

  52.  * Science B<1976> (2000), 531–545,

  53.  * http://www-cse.ucsd.edu/~mihir/papers/oem.html.

  54.  *

  55.  * When sealing messages, a nonce must be given. The length of the nonce is

  56.  * fixed by the AEAD in use and is returned by |EVP_AEAD_nonce_length|. *The

  57.  * nonce must be unique for all messages with the same key*. This is critically

  58.  * important - nonce reuse may completely undermine the security of the AEAD.

  59.  * Nonces may be predictable and public, so long as they are unique. Uniqueness

  60.  * may be achieved with a simple counter or, if large enough, may be generated

  61.  * randomly. The nonce must be passed into the "open" operation by the receiver

  62.  * so must either be implicit (e.g. a counter), or must be transmitted along

  63.  * with the sealed message.

  64.  *

  65.  * The "seal" and "open" operations are atomic - an entire message must be

  66.  * encrypted or decrypted in a single call. Large messages may have to be split

  67.  * up in order to accommodate this. When doing so, be mindful of the need not to

  68.  * repeat nonces and the possibility that an attacker could duplicate, reorder

  69.  * or drop message chunks. For example, using a single key for a given (large)

  70.  * message and sealing chunks with nonces counting from zero would be secure as

  71.  * long as the number of chunks was securely transmitted. (Otherwise an

  72.  * attacker could truncate the message by dropping chunks from the end.)

  73.  *

  74.  * The number of chunks could be transmitted by prefixing it to the plaintext,

  75.  * for example. This also assumes that no other message would ever use the same

  76.  * key otherwise the rule that nonces must be unique for a given key would be

  77.  * violated.

  78.  *

  79.  * The "seal" and "open" operations also permit additional data to be

  80.  * authenticated via the |ad| parameter. This data is not included in the

  81.  * ciphertext and must be identical for both the "seal" and "open" call. This

  82.  * permits implicit context to be authenticated but may be empty if not needed.

  83.  *

  84.  * The "seal" and "open" operations may work in-place if the |out| and |in|

  85.  * arguments are equal. Otherwise, if |out| and |in| alias, input data may be

  86.  * overwritten before it is read. This situation will cause an error.

  87.  *

  88.  * The "seal" and "open" operations return one on success and zero on error. */

  89. 

  90. 

  91. /* AEAD algorithms. */

  92. 

  93. /* EVP_aead_aes_128_gcm is AES-128 in Galois Counter Mode. */

  94. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm(void);

  95. 

  96. /* EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode. */

  97. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);

  98. 

  99. /* EVP_aead_chacha20_poly1305 is the AEAD built from ChaCha20 and

  100.  * Poly1305 as described in RFC 7539. */

  101. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);

  102. 

  103. /* EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for

  104.  * authentication. The nonce is 12 bytes; the bottom 32-bits are used as the

  105.  * block counter, thus the maximum plaintext size is 64GB. */

  106. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);

  107. 

  108. /* EVP_aead_aes_256_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for

  109.  * authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details. */

  110. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);

  111. 

  112. /* EVP_aead_aes_128_gcm_siv is AES-128 in GCM-SIV mode. See

  113.  * https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 */

  114. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void);

  115. 

  116. /* EVP_aead_aes_256_gcm_siv is AES-256 in GCM-SIV mode. See

  117.  * https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02 */

  118. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);

  119. 

  120. /* EVP_has_aes_hardware returns one if we enable hardware support for fast and

  121.  * constant-time AES-GCM. */

  122. OPENSSL_EXPORT int EVP_has_aes_hardware(void);

  123. 

  124. 

  125. /* Utility functions. */

  126. 

  127. /* EVP_AEAD_key_length returns the length, in bytes, of the keys used by

  128.  * |aead|. */

  129. OPENSSL_EXPORT size_t EVP_AEAD_key_length(const EVP_AEAD *aead);

  130. 

  131. /* EVP_AEAD_nonce_length returns the length, in bytes, of the per-message nonce

  132.  * for |aead|. */

  133. OPENSSL_EXPORT size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);

  134. 

  135. /* EVP_AEAD_max_overhead returns the maximum number of additional bytes added

  136.  * by the act of sealing data with |aead|. */

  137. OPENSSL_EXPORT size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);

  138. 

  139. /* EVP_AEAD_max_tag_len returns the maximum tag length when using |aead|. This

  140.  * is the largest value that can be passed as |tag_len| to

  141.  * |EVP_AEAD_CTX_init|. */

  142. OPENSSL_EXPORT size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);

  143. 

  144. 

  145. /* AEAD operations. */

  146. 

  147. /* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key

  148.  * and message-independent IV. */

  149. typedef struct evp_aead_ctx_st {

  150.   const EVP_AEAD *aead;

  151.   /* aead_state is an opaque pointer to whatever state the AEAD needs to

  152.    * maintain. */

  153.   void *aead_state;

  154. } EVP_AEAD_CTX;

  155. 

  156. /* EVP_AEAD_MAX_KEY_LENGTH contains the maximum key length used by

  157.  * any AEAD defined in this header. */

  158. #define EVP_AEAD_MAX_KEY_LENGTH 80

  159. 

  160. /* EVP_AEAD_MAX_NONCE_LENGTH contains the maximum nonce length used by

  161.  * any AEAD defined in this header. */

  162. #define EVP_AEAD_MAX_NONCE_LENGTH 16

  163. 

  164. /* EVP_AEAD_MAX_OVERHEAD contains the maximum overhead used by any AEAD

  165.  * defined in this header. */

  166. #define EVP_AEAD_MAX_OVERHEAD 64

  167. 

  168. /* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to

  169.  * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD should

  170.  * be used. */

  171. #define EVP_AEAD_DEFAULT_TAG_LENGTH 0

  172. 

  173. /* EVP_AEAD_CTX_zero sets an uninitialized |ctx| to the zero state. It must be

  174.  * initialized with |EVP_AEAD_CTX_init| before use. It is safe, but not

  175.  * necessary, to call |EVP_AEAD_CTX_cleanup| in this state. This may be used for

  176.  * more uniform cleanup of |EVP_AEAD_CTX|. */

  177. OPENSSL_EXPORT void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx);

  178. 

  179. /* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm. The |impl|

  180.  * argument is ignored and should be NULL. Authentication tags may be truncated

  181.  * by passing a size as |tag_len|. A |tag_len| of zero indicates the default

  182.  * tag length and this is defined as EVP_AEAD_DEFAULT_TAG_LENGTH for

  183.  * readability.

  184.  *

  185.  * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In

  186.  * the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's

  187.  * harmless to do so. */

  188. OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,

  189.                                      const uint8_t *key, size_t key_len,

  190.                                      size_t tag_len, ENGINE *impl);

  191. 

  192. /* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to

  193.  * call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to

  194.  * all zeros. */

  195. OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);

  196. 

  197. /* EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and

  198.  * authenticates |ad_len| bytes from |ad| and writes the result to |out|. It

  199.  * returns one on success and zero otherwise.

  200.  *

  201.  * This function may be called (with the same |EVP_AEAD_CTX|) concurrently with

  202.  * itself or |EVP_AEAD_CTX_open|.

  203.  *

  204.  * At most |max_out_len| bytes are written to |out| and, in order to ensure

  205.  * success, |max_out_len| should be |in_len| plus the result of

  206.  * |EVP_AEAD_max_overhead|. On successful return, |*out_len| is set to the

  207.  * actual number of bytes written.

  208.  *

  209.  * The length of |nonce|, |nonce_len|, must be equal to the result of

  210.  * |EVP_AEAD_nonce_length| for this AEAD.

  211.  *

  212.  * |EVP_AEAD_CTX_seal| never results in a partial output. If |max_out_len| is

  213.  * insufficient, zero will be returned. (In this case, |*out_len| is set to

  214.  * zero.)

  215.  *

  216.  * If |in| and |out| alias then |out| must be == |in|. */

  217. OPENSSL_EXPORT int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,

  218.                                      size_t *out_len, size_t max_out_len,

  219.                                      const uint8_t *nonce, size_t nonce_len,

  220.                                      const uint8_t *in, size_t in_len,

  221.                                      const uint8_t *ad, size_t ad_len);

  222. 

  223. /* EVP_AEAD_CTX_open authenticates |in_len| bytes from |in| and |ad_len| bytes

  224.  * from |ad| and decrypts at most |in_len| bytes into |out|. It returns one on

  225.  * success and zero otherwise.

  226.  *

  227.  * This function may be called (with the same |EVP_AEAD_CTX|) concurrently with

  228.  * itself or |EVP_AEAD_CTX_seal|.

  229.  *

  230.  * At most |in_len| bytes are written to |out|. In order to ensure success,

  231.  * |max_out_len| should be at least |in_len|. On successful return, |*out_len|

  232.  * is set to the the actual number of bytes written.

  233.  *

  234.  * The length of |nonce|, |nonce_len|, must be equal to the result of

  235.  * |EVP_AEAD_nonce_length| for this AEAD.

  236.  *

  237.  * |EVP_AEAD_CTX_open| never results in a partial output. If |max_out_len| is

  238.  * insufficient, zero will be returned. (In this case, |*out_len| is set to

  239.  * zero.)

  240.  *

  241.  * If |in| and |out| alias then |out| must be == |in|. */

  242. OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,

  243.                                      size_t *out_len, size_t max_out_len,

  244.                                      const uint8_t *nonce, size_t nonce_len,

  245.                                      const uint8_t *in, size_t in_len,

  246.                                      const uint8_t *ad, size_t ad_len);

  247. 

  248. /* EVP_AEAD_CTX_aead returns the underlying AEAD for |ctx|, or NULL if one has

  249.  * not been set. */

  250. OPENSSL_EXPORT const EVP_AEAD *EVP_AEAD_CTX_aead(const EVP_AEAD_CTX *ctx);

  251. 

  252. 

  253. /* TLS-specific AEAD algorithms.

  254.  *

  255.  * These AEAD primitives do not meet the definition of generic AEADs. They are

  256.  * all specific to TLS and should not be used outside of that context. They must

  257.  * be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may

  258.  * not be used concurrently. Any nonces are used as IVs, so they must be

  259.  * unpredictable. They only accept an |ad| parameter of length 11 (the standard

  260.  * TLS one with length omitted). */

  261. 

  262. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void);

  263. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void);

  264. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void);

  265. 

  266. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void);

  267. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void);

  268. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha256_tls(void);

  269. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha384_tls(void);

  270. 

  271. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void);

  272. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);

  273. 

  274. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_null_sha1_tls(void);

  275. 

  276. 

  277. /* SSLv3-specific AEAD algorithms.

  278.  *

  279.  * These AEAD primitives do not meet the definition of generic AEADs. They are

  280.  * all specific to SSLv3 and should not be used outside of that context. They

  281.  * must be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful,

  282.  * and may not be used concurrently. They only accept an |ad| parameter of

  283.  * length 9 (the standard TLS one with length and version omitted). */

  284. 

  285. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_ssl3(void);

  286. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void);

  287. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void);

  288. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_null_sha1_ssl3(void);

  289. 

  290. 

  291. /* Obscure functions. */

  292. 

  293. /* evp_aead_direction_t denotes the direction of an AEAD operation. */

  294. enum evp_aead_direction_t {

  295.   evp_aead_open,

  296.   evp_aead_seal,

  297. };

  298. 

  299. /* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal

  300.  * AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a

  301.  * given direction. */

  302. OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(

  303.     EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,

  304.     size_t tag_len, enum evp_aead_direction_t dir);

  305. 

  306. /* EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and

  307.  * sets |*out_iv| to point to that many bytes of the current IV. This is only

  308.  * meaningful for AEADs with implicit IVs (i.e. CBC mode in SSLv3 and TLS 1.0).

  309.  *

  310.  * It returns one on success or zero on error. */

  311. OPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,

  312.                                        const uint8_t **out_iv, size_t *out_len);

  313. 

  314. 

  315. #if defined(__cplusplus)

  316. }  /* extern C */

  317. 

  318. #if !defined(BORINGSSL_NO_CXX)

  319. extern "C++" {

  320. 

  321. namespace bssl {

  322. 

  323. using ScopedEVP_AEAD_CTX =

  324.     internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero,

  325.                              EVP_AEAD_CTX_cleanup>;

  326. 

  327. }  // namespace bssl

  328. 

  329. }  // extern C++

  330. #endif

  331. 

  332. #endif

  333. 

  334. #endif  /* OPENSSL_HEADER_AEAD_H */