diff --git a/crypto/cipher/aead.c b/crypto/cipher/aead.c index 263e3982..daf8c52b 100644 --- a/crypto/cipher/aead.c +++ b/crypto/cipher/aead.c @@ -33,12 +33,29 @@ size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; } int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl) { + if (!aead->init) { + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_NO_DIRECTION_SET); + return 0; + } + return EVP_AEAD_CTX_init_with_direction(ctx, aead, key, key_len, tag_len, + evp_aead_open); +} + +int EVP_AEAD_CTX_init_with_direction(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, + const uint8_t *key, size_t key_len, + size_t tag_len, + enum evp_aead_direction_t dir) { ctx->aead = aead; if (key_len != aead->key_len) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_UNSUPPORTED_KEY_SIZE); + OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init_with_direction, + CIPHER_R_UNSUPPORTED_KEY_SIZE); return 0; } - return aead->init(ctx, key, key_len, tag_len); + if (aead->init) { + return aead->init(ctx, key, key_len, tag_len); + } else { + return aead->init_with_direction(ctx, key, key_len, tag_len, dir); + } } void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) { diff --git a/crypto/cipher/aead_test.c b/crypto/cipher/aead_test.c index 310c90c0..33e260a4 100644 --- a/crypto/cipher/aead_test.c +++ b/crypto/cipher/aead_test.c @@ -85,8 +85,8 @@ static int run_test_case(const EVP_AEAD *aead, * smaller by at least tag length. */ uint8_t out2[sizeof(out)]; - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bufs[KEY], lengths[KEY], + lengths[TAG], evp_aead_seal)) { fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); return 0; } @@ -123,8 +123,8 @@ static int run_test_case(const EVP_AEAD *aead, /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be * reset after each operation. */ EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bufs[KEY], lengths[KEY], + lengths[TAG], evp_aead_open)) { fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); return 0; } @@ -153,8 +153,8 @@ static int run_test_case(const EVP_AEAD *aead, /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be * reset after each operation. */ EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bufs[KEY], lengths[KEY], + lengths[TAG], evp_aead_open)) { fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); return 0; } @@ -172,8 +172,8 @@ static int run_test_case(const EVP_AEAD *aead, /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be * reset after each operation. */ EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG], - NULL)) { + if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bufs[KEY], lengths[KEY], + lengths[TAG], evp_aead_open)) { fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); return 0; } diff --git a/crypto/cipher/e_aes.c b/crypto/cipher/e_aes.c index 01c2d7da..e431e0b5 100644 --- a/crypto/cipher/e_aes.c +++ b/crypto/cipher/e_aes.c @@ -1071,8 +1071,11 @@ static const EVP_AEAD aead_aes_128_gcm = { 12, /* nonce len */ EVP_AEAD_AES_GCM_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_TAG_LEN, /* max tag length */ - aead_aes_gcm_init, aead_aes_gcm_cleanup, - aead_aes_gcm_seal, aead_aes_gcm_open, + aead_aes_gcm_init, + NULL, /* init_with_direction */ + aead_aes_gcm_cleanup, + aead_aes_gcm_seal, + aead_aes_gcm_open, }; static const EVP_AEAD aead_aes_256_gcm = { @@ -1080,8 +1083,11 @@ static const EVP_AEAD aead_aes_256_gcm = { 12, /* nonce len */ EVP_AEAD_AES_GCM_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_TAG_LEN, /* max tag length */ - aead_aes_gcm_init, aead_aes_gcm_cleanup, - aead_aes_gcm_seal, aead_aes_gcm_open, + aead_aes_gcm_init, + NULL, /* init_with_direction */ + aead_aes_gcm_cleanup, + aead_aes_gcm_seal, + aead_aes_gcm_open, }; const EVP_AEAD *EVP_aead_aes_128_gcm(void) { return &aead_aes_128_gcm; } @@ -1335,8 +1341,11 @@ static const EVP_AEAD aead_aes_128_key_wrap = { 8, /* nonce len */ 8, /* overhead */ 8, /* max tag length */ - aead_aes_key_wrap_init, aead_aes_key_wrap_cleanup, - aead_aes_key_wrap_seal, aead_aes_key_wrap_open, + aead_aes_key_wrap_init, + NULL, /* init_with_direction */ + aead_aes_key_wrap_cleanup, + aead_aes_key_wrap_seal, + aead_aes_key_wrap_open, }; static const EVP_AEAD aead_aes_256_key_wrap = { @@ -1344,8 +1353,11 @@ static const EVP_AEAD aead_aes_256_key_wrap = { 8, /* nonce len */ 8, /* overhead */ 8, /* max tag length */ - aead_aes_key_wrap_init, aead_aes_key_wrap_cleanup, - aead_aes_key_wrap_seal, aead_aes_key_wrap_open, + aead_aes_key_wrap_init, + NULL, /* init_with_direction */ + aead_aes_key_wrap_cleanup, + aead_aes_key_wrap_seal, + aead_aes_key_wrap_open, }; const EVP_AEAD *EVP_aead_aes_128_key_wrap(void) { return &aead_aes_128_key_wrap; } diff --git a/crypto/cipher/e_chacha20poly1305.c b/crypto/cipher/e_chacha20poly1305.c index 1cdcbca5..e360904f 100644 --- a/crypto/cipher/e_chacha20poly1305.c +++ b/crypto/cipher/e_chacha20poly1305.c @@ -209,8 +209,11 @@ static const EVP_AEAD aead_chacha20_poly1305 = { CHACHA20_NONCE_LEN, /* nonce len */ POLY1305_TAG_LEN, /* overhead */ POLY1305_TAG_LEN, /* max tag length */ - aead_chacha20_poly1305_init, aead_chacha20_poly1305_cleanup, - aead_chacha20_poly1305_seal, aead_chacha20_poly1305_open, + aead_chacha20_poly1305_init, + NULL, /* init_with_direction */ + aead_chacha20_poly1305_cleanup, + aead_chacha20_poly1305_seal, + aead_chacha20_poly1305_open, }; const EVP_AEAD *EVP_aead_chacha20_poly1305(void) { diff --git a/crypto/cipher/e_rc4.c b/crypto/cipher/e_rc4.c index 04ddcb65..52856f98 100644 --- a/crypto/cipher/e_rc4.c +++ b/crypto/cipher/e_rc4.c @@ -377,8 +377,11 @@ static const EVP_AEAD aead_rc4_md5_tls = { 0, /* nonce len */ MD5_DIGEST_LENGTH, /* overhead */ MD5_DIGEST_LENGTH, /* max tag length */ - aead_rc4_md5_tls_init, aead_rc4_md5_tls_cleanup, - aead_rc4_md5_tls_seal, aead_rc4_md5_tls_open, + aead_rc4_md5_tls_init, + NULL, /* init_with_direction */ + aead_rc4_md5_tls_cleanup, + aead_rc4_md5_tls_seal, + aead_rc4_md5_tls_open, }; const EVP_AEAD *EVP_aead_rc4_md5_tls(void) { return &aead_rc4_md5_tls; } diff --git a/crypto/cipher/e_ssl3.c b/crypto/cipher/e_ssl3.c index d9dec68d..1faf5fa4 100644 --- a/crypto/cipher/e_ssl3.c +++ b/crypto/cipher/e_ssl3.c @@ -30,17 +30,6 @@ typedef struct { EVP_CIPHER_CTX cipher_ctx; EVP_MD_CTX md_ctx; - /* enc_key is the portion of the key used for the stream or block cipher. It - * is retained separately to allow the EVP_CIPHER_CTX to be initialized once - * the direction is known. */ - uint8_t enc_key[EVP_MAX_KEY_LENGTH]; - uint8_t enc_key_len; - /* iv is the portion of the key used for the fixed IV. It is retained - * separately to allow the EVP_CIPHER_CTX to be initialized once the direction - * is known. */ - uint8_t iv[EVP_MAX_IV_LENGTH]; - uint8_t iv_len; - char initialized; } AEAD_SSL3_CTX; static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len, @@ -87,15 +76,13 @@ static void aead_ssl3_cleanup(EVP_AEAD_CTX *ctx) { AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; EVP_CIPHER_CTX_cleanup(&ssl3_ctx->cipher_ctx); EVP_MD_CTX_cleanup(&ssl3_ctx->md_ctx); - OPENSSL_cleanse(&ssl3_ctx->enc_key, sizeof(ssl3_ctx->enc_key)); - OPENSSL_cleanse(&ssl3_ctx->iv, sizeof(ssl3_ctx->iv)); OPENSSL_free(ssl3_ctx); ctx->aead_state = NULL; } static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len, const EVP_CIPHER *cipher, - const EVP_MD *md) { + size_t tag_len, enum evp_aead_direction_t dir, + const EVP_CIPHER *cipher, const EVP_MD *md) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); @@ -109,11 +96,7 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t mac_key_len = EVP_MD_size(md); size_t enc_key_len = EVP_CIPHER_key_length(cipher); - size_t iv_len = EVP_CIPHER_iv_length(cipher); - assert(mac_key_len + enc_key_len + iv_len == key_len); - assert(mac_key_len < 256); - assert(enc_key_len < 256); - assert(iv_len < 256); + assert(mac_key_len + enc_key_len + EVP_CIPHER_iv_length(cipher) == key_len); /* Although EVP_rc4() is a variable-length cipher, the default key size is * correct for SSL3. */ @@ -124,14 +107,11 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, } EVP_CIPHER_CTX_init(&ssl3_ctx->cipher_ctx); EVP_MD_CTX_init(&ssl3_ctx->md_ctx); - memcpy(ssl3_ctx->enc_key, &key[mac_key_len], enc_key_len); - ssl3_ctx->enc_key_len = (uint8_t)enc_key_len; - memcpy(ssl3_ctx->iv, &key[mac_key_len + enc_key_len], iv_len); - ssl3_ctx->iv_len = (uint8_t)iv_len; - ssl3_ctx->initialized = 0; ctx->aead_state = ssl3_ctx; - if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, cipher, NULL, NULL, NULL, 0) || + if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len], + &key[mac_key_len + enc_key_len], + dir == evp_aead_seal) || !EVP_DigestInit_ex(&ssl3_ctx->md_ctx, md, NULL) || !EVP_DigestUpdate(&ssl3_ctx->md_ctx, key, mac_key_len)) { aead_ssl3_cleanup(ctx); @@ -142,31 +122,6 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, return 1; } -/* aead_ssl3_ensure_cipher_init initializes |ssl3_ctx| for encryption (or - * decryption, if |encrypt| is zero). If it has already been initialized, it - * ensures the direction matches and fails otherwise. It returns one on success - * and zero on failure. - * - * Note that, unlike normal AEADs, legacy SSL3 AEADs may not be used concurrently - * due to this (and bulk-cipher-internal) statefulness. */ -static int aead_ssl3_ensure_cipher_init(AEAD_SSL3_CTX *ssl3_ctx, int encrypt) { - if (!ssl3_ctx->initialized) { - /* Finish initializing the EVP_CIPHER_CTX now that the direction is - * known. */ - if (!EVP_CipherInit_ex(&ssl3_ctx->cipher_ctx, NULL, NULL, ssl3_ctx->enc_key, - ssl3_ctx->iv, encrypt)) { - return 0; - } - ssl3_ctx->initialized = 1; - } else if (ssl3_ctx->cipher_ctx.encrypt != encrypt) { - /* Unlike a normal AEAD, using an SSL3 AEAD once freezes the direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_ensure_cipher_init, - CIPHER_R_INVALID_OPERATION); - return 0; - } - return 1; -} - static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *nonce, size_t nonce_len, @@ -175,6 +130,12 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; size_t total = 0; + if (!ssl3_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_OPERATION); + return 0; + } + if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ @@ -197,10 +158,6 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_ssl3_ensure_cipher_init(ssl3_ctx, 1)) { - return 0; - } - /* Compute the MAC. This must be first in case the operation is being done * in-place. */ uint8_t mac[EVP_MAX_MD_SIZE]; @@ -257,6 +214,12 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len) { AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; + if (ssl3_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_OPERATION); + return 0; + } + size_t mac_len = EVP_MD_CTX_size(&ssl3_ctx->md_ctx); if (in_len < mac_len) { OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); @@ -286,10 +249,6 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_ssl3_ensure_cipher_init(ssl3_ctx, 0)) { - return 0; - } - /* Decrypt to get the plaintext + MAC + padding. */ size_t total = 0; int len; @@ -338,30 +297,35 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } static int aead_rc4_md5_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_rc4(), EVP_md5()); + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_md5()); } static int aead_rc4_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_rc4(), EVP_sha1()); + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_sha1()); } static int aead_aes_128_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha1()); } static int aead_aes_256_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha1()); } static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_ssl3_init(ctx, key, key_len, tag_len, EVP_des_ede3_cbc(), + const uint8_t *key, size_t key_len, + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(), EVP_sha1()); } @@ -370,6 +334,7 @@ static const EVP_AEAD aead_rc4_md5_ssl3 = { 0, /* nonce len */ MD5_DIGEST_LENGTH, /* overhead */ MD5_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_rc4_md5_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, @@ -381,6 +346,7 @@ static const EVP_AEAD aead_rc4_sha1_ssl3 = { 0, /* nonce len */ SHA_DIGEST_LENGTH, /* overhead */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_rc4_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, @@ -392,6 +358,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, @@ -403,6 +370,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, @@ -414,6 +382,7 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { 0, /* nonce len */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_des_ede3_cbc_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_seal, diff --git a/crypto/cipher/e_tls.c b/crypto/cipher/e_tls.c index 8ac1aaec..284d56ab 100644 --- a/crypto/cipher/e_tls.c +++ b/crypto/cipher/e_tls.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "../crypto/internal.h" #include "internal.h" @@ -34,37 +35,26 @@ typedef struct { * separately for the constant-time CBC code. */ uint8_t mac_key[EVP_MAX_MD_SIZE]; uint8_t mac_key_len; - /* enc_key is the portion of the key used for the stream or block - * cipher. It is retained separately to allow the EVP_CIPHER_CTX to be - * initialized once the direction is known. */ - uint8_t enc_key[EVP_MAX_KEY_LENGTH]; - uint8_t enc_key_len; - /* iv is the portion of the key used for the fixed IV. It is retained - * separately to allow the EVP_CIPHER_CTX to be initialized once the direction - * is known. */ - uint8_t iv[EVP_MAX_IV_LENGTH]; - uint8_t iv_len; /* implicit_iv is one iff this is a pre-TLS-1.1 CBC cipher without an explicit * IV. */ char implicit_iv; - char initialized; } AEAD_TLS_CTX; +OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE < 256, mac_key_len_fits_in_uint8_t); static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) { AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; EVP_CIPHER_CTX_cleanup(&tls_ctx->cipher_ctx); HMAC_CTX_cleanup(&tls_ctx->hmac_ctx); OPENSSL_cleanse(&tls_ctx->mac_key, sizeof(tls_ctx->mac_key)); - OPENSSL_cleanse(&tls_ctx->enc_key, sizeof(tls_ctx->enc_key)); - OPENSSL_cleanse(&tls_ctx->iv, sizeof(tls_ctx->iv)); OPENSSL_free(tls_ctx); ctx->aead_state = NULL; } static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len, const EVP_CIPHER *cipher, - const EVP_MD *md, char implicit_iv) { + size_t tag_len, enum evp_aead_direction_t dir, + const EVP_CIPHER *cipher, const EVP_MD *md, + char implicit_iv) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); @@ -78,11 +68,8 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t mac_key_len = EVP_MD_size(md); size_t enc_key_len = EVP_CIPHER_key_length(cipher); - size_t iv_len = implicit_iv ? EVP_CIPHER_iv_length(cipher) : 0; - assert(mac_key_len + enc_key_len + iv_len == key_len); - assert(mac_key_len < 256); - assert(enc_key_len < 256); - assert(iv_len < 256); + assert(mac_key_len + enc_key_len + + (implicit_iv ? EVP_CIPHER_iv_length(cipher) : 0) == key_len); /* Although EVP_rc4() is a variable-length cipher, the default key size is * correct for TLS. */ @@ -93,17 +80,15 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, } EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx); HMAC_CTX_init(&tls_ctx->hmac_ctx); + assert(mac_key_len <= EVP_MAX_MD_SIZE); memcpy(tls_ctx->mac_key, key, mac_key_len); tls_ctx->mac_key_len = (uint8_t)mac_key_len; - memcpy(tls_ctx->enc_key, &key[mac_key_len], enc_key_len); - tls_ctx->enc_key_len = (uint8_t)enc_key_len; - memcpy(tls_ctx->iv, &key[mac_key_len + enc_key_len], iv_len); - tls_ctx->iv_len = (uint8_t)iv_len; tls_ctx->implicit_iv = implicit_iv; - tls_ctx->initialized = 0; ctx->aead_state = tls_ctx; - if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, cipher, NULL, NULL, NULL, 0) || + if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len], + implicit_iv ? &key[mac_key_len + enc_key_len] : NULL, + dir == evp_aead_seal) || !HMAC_Init_ex(&tls_ctx->hmac_ctx, key, mac_key_len, md, NULL)) { aead_tls_cleanup(ctx); return 0; @@ -113,32 +98,6 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, return 1; } -/* aead_tls_ensure_cipher_init initializes |tls_ctx| for encryption (or - * decryption, if |encrypt| is zero). If it has already been initialized, it - * ensures the direction matches and fails otherwise. It returns one on success - * and zero on failure. - * - * Note that, unlike normal AEADs, legacy TLS AEADs may not be used concurrently - * due to this (and bulk-cipher-internal) statefulness. */ -static int aead_tls_ensure_cipher_init(AEAD_TLS_CTX *tls_ctx, int encrypt) { - if (!tls_ctx->initialized) { - /* Finish initializing the EVP_CIPHER_CTX now that the direction is - * known. */ - if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, NULL, NULL, tls_ctx->enc_key, - tls_ctx->implicit_iv ? tls_ctx->iv : NULL, - encrypt)) { - return 0; - } - tls_ctx->initialized = 1; - } else if (tls_ctx->cipher_ctx.encrypt != encrypt) { - /* Unlike a normal AEAD, using a TLS AEAD once freezes the direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_ensure_cipher_init, - CIPHER_R_INVALID_OPERATION); - return 0; - } - return 1; -} - static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t max_out_len, const uint8_t *nonce, size_t nonce_len, @@ -147,6 +106,13 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; size_t total = 0; + if (!tls_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_OPERATION); + return 0; + + } + if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ @@ -169,10 +135,6 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_tls_ensure_cipher_init(tls_ctx, 1)) { - return 0; - } - /* To allow for CBC mode which changes cipher length, |ad| doesn't include the * length for legacy ciphers. */ uint8_t ad_extra[2]; @@ -249,6 +211,13 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *ad, size_t ad_len) { AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; + if (tls_ctx->cipher_ctx.encrypt) { + /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ + OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_OPERATION); + return 0; + + } + if (in_len < HMAC_size(&tls_ctx->hmac_ctx)) { OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); return 0; @@ -277,10 +246,6 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } - if (!aead_tls_ensure_cipher_init(tls_ctx, 0)) { - return 0; - } - /* Configure the explicit IV. */ if (EVP_CIPHER_CTX_mode(&tls_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE && !tls_ctx->implicit_iv && @@ -394,71 +359,76 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } static int aead_rc4_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_rc4(), EVP_sha1(), 0); + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_rc4(), EVP_sha1(), + 0); } static int aead_aes_128_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha1(), 0); } -static int aead_aes_128_cbc_sha1_tls_implicit_iv_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, - size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), +static int aead_aes_128_cbc_sha1_tls_implicit_iv_init( + EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha1(), 1); } static int aead_aes_128_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_128_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(), EVP_sha256(), 0); } static int aead_aes_256_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, - size_t key_len, size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha1(), 0); } -static int aead_aes_256_cbc_sha1_tls_implicit_iv_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, - size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), +static int aead_aes_256_cbc_sha1_tls_implicit_iv_init( + EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha1(), 1); } static int aead_aes_256_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha256(), 0); } static int aead_aes_256_cbc_sha384_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_aes_256_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_256_cbc(), EVP_sha384(), 0); } static int aead_des_ede3_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_des_ede3_cbc(), + size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(), EVP_sha1(), 0); } -static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init(EVP_AEAD_CTX *ctx, - const uint8_t *key, - size_t key_len, - size_t tag_len) { - return aead_tls_init(ctx, key, key_len, tag_len, EVP_des_ede3_cbc(), +static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init( + EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_des_ede3_cbc(), EVP_sha1(), 1); } @@ -467,6 +437,7 @@ static const EVP_AEAD aead_rc4_sha1_tls = { 0, /* nonce len */ SHA_DIGEST_LENGTH, /* overhead */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_rc4_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -478,6 +449,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { 16, /* nonce len (IV) */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -489,6 +461,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_seal, @@ -500,6 +473,7 @@ static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { 16, /* nonce len (IV) */ 16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_128_cbc_sha256_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -511,6 +485,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { 16, /* nonce len (IV) */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -522,6 +497,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_seal, @@ -533,6 +509,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { 16, /* nonce len (IV) */ 16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha256_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -544,6 +521,7 @@ static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { 16, /* nonce len (IV) */ 16 + SHA384_DIGEST_LENGTH, /* overhead (padding + SHA384) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_aes_256_cbc_sha384_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -555,6 +533,7 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { 8, /* nonce len (IV) */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_des_ede3_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_seal, @@ -566,6 +545,7 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ aead_des_ede3_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_seal, diff --git a/crypto/cipher/internal.h b/crypto/cipher/internal.h index f28fd4c2..2130a699 100644 --- a/crypto/cipher/internal.h +++ b/crypto/cipher/internal.h @@ -59,6 +59,7 @@ #include +#include #include #if defined(__cplusplus) @@ -117,6 +118,9 @@ struct evp_aead_st { int (*init)(struct evp_aead_ctx_st *, const uint8_t *key, size_t key_len, size_t tag_len); + int (*init_with_direction)(struct evp_aead_ctx_st *, const uint8_t *key, + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir); void (*cleanup)(struct evp_aead_ctx_st *); int (*seal)(const struct evp_aead_ctx_st *ctx, uint8_t *out, diff --git a/crypto/err/cipher.errordata b/crypto/err/cipher.errordata index ac6a3fed..bc7666e9 100644 --- a/crypto/err/cipher.errordata +++ b/crypto/err/cipher.errordata @@ -1,4 +1,5 @@ CIPHER,function,100,EVP_AEAD_CTX_init +CIPHER,function,131,EVP_AEAD_CTX_init_with_direction CIPHER,function,101,EVP_AEAD_CTX_open CIPHER,function,102,EVP_AEAD_CTX_seal CIPHER,function,103,EVP_CIPHER_CTX_copy @@ -44,6 +45,7 @@ CIPHER,reason,111,INVALID_NONCE_SIZE CIPHER,reason,112,INVALID_OPERATION CIPHER,reason,113,IV_TOO_LARGE CIPHER,reason,114,NO_CIPHER_SET +CIPHER,reason,124,NO_DIRECTION_SET CIPHER,reason,115,OUTPUT_ALIASES_INPUT CIPHER,reason,116,TAG_TOO_LARGE CIPHER,reason,117,TOO_LARGE diff --git a/crypto/err/err_data.h b/crypto/err/err_data.h index 1a681709..8297997a 100644 --- a/crypto/err/err_data.h +++ b/crypto/err/err_data.h @@ -78,192 +78,192 @@ static const uint32_t kFunctionValues[] = { 0xc3d0679, 0xc3d8681, 0xc3e068c, - 0x10321723, - 0x1032973a, - 0x10331753, - 0x10339769, - 0x10341779, - 0x1034978c, - 0x1035179a, - 0x103597a9, - 0x103617c9, - 0x103697e8, - 0x10371805, - 0x10379822, - 0x10381837, - 0x10389859, - 0x10391878, - 0x10399897, - 0x103a18ae, - 0x103a98c5, - 0x103b18ce, - 0x103b98d9, - 0x103c18f3, - 0x103c98fb, - 0x103d1903, - 0x103d990a, - 0x103e191d, - 0x103e992f, - 0x103f1942, - 0x103f994b, - 0x143209aa, - 0x143289b8, - 0x143309c4, - 0x143389d1, - 0x18320fea, - 0x18329002, - 0x18331024, - 0x18339036, - 0x18341047, - 0x18349060, - 0x18351071, - 0x18359087, - 0x18361097, - 0x183690ac, - 0x183710c5, - 0x183790d6, - 0x183810ec, - 0x183890fd, - 0x1839110f, - 0x18399124, - 0x183a1136, - 0x183a9146, - 0x183b115b, - 0x183b9168, - 0x183c117a, - 0x183c9188, - 0x183d119b, - 0x183d91ab, - 0x183e11c0, - 0x183e91d1, - 0x183f11e4, - 0x183f91f3, - 0x18401203, - 0x18409210, - 0x1841121f, - 0x18419230, - 0x18421243, - 0x18429255, - 0x18431267, - 0x18439278, - 0x18441289, - 0x1844929a, - 0x184512ab, - 0x184592b8, - 0x184612c6, - 0x184692d9, - 0x184712ed, - 0x184792fa, - 0x18481309, - 0x18489318, - 0x18491329, - 0x18499336, - 0x184a1344, - 0x184a9355, - 0x184b1366, - 0x184b9374, - 0x184c1384, - 0x184c93aa, - 0x184d13b9, - 0x184d93c9, - 0x184e13d9, - 0x184e93e8, + 0x10321744, + 0x1032975b, + 0x10331774, + 0x1033978a, + 0x1034179a, + 0x103497ad, + 0x103517bb, + 0x103597ca, + 0x103617ea, + 0x10369809, + 0x10371826, + 0x10379843, + 0x10381858, + 0x1038987a, + 0x10391899, + 0x103998b8, + 0x103a18cf, + 0x103a98e6, + 0x103b18ef, + 0x103b98fa, + 0x103c1914, + 0x103c991c, + 0x103d1924, + 0x103d992b, + 0x103e193e, + 0x103e9950, + 0x103f1963, + 0x103f996c, + 0x143209cb, + 0x143289d9, + 0x143309e5, + 0x143389f2, + 0x1832100b, + 0x18329023, + 0x18331045, + 0x18339057, + 0x18341068, + 0x18349081, + 0x18351092, + 0x183590a8, + 0x183610b8, + 0x183690cd, + 0x183710e6, + 0x183790f7, + 0x1838110d, + 0x1838911e, + 0x18391130, + 0x18399145, + 0x183a1157, + 0x183a9167, + 0x183b117c, + 0x183b9189, + 0x183c119b, + 0x183c91a9, + 0x183d11bc, + 0x183d91cc, + 0x183e11e1, + 0x183e91f2, + 0x183f1205, + 0x183f9214, + 0x18401224, + 0x18409231, + 0x18411240, + 0x18419251, + 0x18421264, + 0x18429276, + 0x18431288, + 0x18439299, + 0x184412aa, + 0x184492bb, + 0x184512cc, + 0x184592d9, + 0x184612e7, + 0x184692fa, + 0x1847130e, + 0x1847931b, + 0x1848132a, + 0x18489339, + 0x1849134a, + 0x18499357, + 0x184a1365, + 0x184a9376, + 0x184b1387, + 0x184b9395, + 0x184c13a5, + 0x184c93cb, + 0x184d13da, + 0x184d93ea, + 0x184e13fa, + 0x184e9409, 0x1c320699, 0x1c3286a5, 0x1c3306b0, 0x1c3386bc, - 0x203213fc, - 0x20329407, - 0x2033140f, - 0x2033941b, - 0x24321427, - 0x24329435, - 0x24331447, - 0x24339456, - 0x24341469, - 0x2434947c, - 0x24351493, - 0x243594ab, - 0x243614b9, - 0x243694d1, - 0x243714da, - 0x243794ec, - 0x24381500, - 0x2438950d, - 0x24391523, - 0x2439953b, - 0x243a1553, - 0x243a955d, - 0x243b1572, - 0x243b9580, - 0x243c1598, - 0x243c95af, - 0x243d15ba, - 0x243d95c8, - 0x28320a0a, - 0x28328a19, - 0x28330a24, - 0x28338a29, - 0x28340a34, - 0x2c3227e7, - 0x2c32a7f3, - 0x2c332806, - 0x2c33a817, - 0x2c342830, - 0x2c34a858, - 0x2c35286f, - 0x2c35a88c, - 0x2c3628a9, - 0x2c36a8c6, - 0x2c3728df, - 0x2c37a8f8, - 0x2c38290e, - 0x2c38a91c, - 0x2c39292e, - 0x2c39a94b, - 0x2c3a2968, - 0x2c3aa976, - 0x2c3b2994, - 0x2c3ba9b2, - 0x2c3c29cd, - 0x2c3ca9e1, - 0x2c3d29f3, - 0x2c3daa03, - 0x2c3e2a11, - 0x2c3eaa21, - 0x2c3f2a31, - 0x2c3faa4c, - 0x2c402a5d, - 0x2c40aa78, - 0x2c412a8c, - 0x2c41aa9f, - 0x2c422abe, - 0x2c42aad2, - 0x2c432ae5, - 0x2c43aaf4, - 0x2c442b03, - 0x2c44ab1a, - 0x2c452b35, - 0x2c45ab4d, - 0x2c462b61, - 0x2c46ab74, - 0x2c472b85, - 0x2c47ab96, - 0x2c482ba7, - 0x2c48abb8, - 0x2c492bc7, - 0x2c49abd4, - 0x2c4a2be1, - 0x2c4aabee, - 0x2c4b2bf7, - 0x2c4bac0b, - 0x2c4c2c1a, - 0x2c4cac28, - 0x2c4d2c4a, - 0x2c4dac5b, - 0x2c4e2c6c, - 0x2c4eac37, - 0x2c4f2849, + 0x2032141d, + 0x20329428, + 0x20331430, + 0x2033943c, + 0x24321448, + 0x24329456, + 0x24331468, + 0x24339477, + 0x2434148a, + 0x2434949d, + 0x243514b4, + 0x243594cc, + 0x243614da, + 0x243694f2, + 0x243714fb, + 0x2437950d, + 0x24381521, + 0x2438952e, + 0x24391544, + 0x2439955c, + 0x243a1574, + 0x243a957e, + 0x243b1593, + 0x243b95a1, + 0x243c15b9, + 0x243c95d0, + 0x243d15db, + 0x243d95e9, + 0x28320a2b, + 0x28328a3a, + 0x28330a45, + 0x28338a4a, + 0x28340a55, + 0x2c322808, + 0x2c32a814, + 0x2c332827, + 0x2c33a838, + 0x2c342851, + 0x2c34a879, + 0x2c352890, + 0x2c35a8ad, + 0x2c3628ca, + 0x2c36a8e7, + 0x2c372900, + 0x2c37a919, + 0x2c38292f, + 0x2c38a93d, + 0x2c39294f, + 0x2c39a96c, + 0x2c3a2989, + 0x2c3aa997, + 0x2c3b29b5, + 0x2c3ba9d3, + 0x2c3c29ee, + 0x2c3caa02, + 0x2c3d2a14, + 0x2c3daa24, + 0x2c3e2a32, + 0x2c3eaa42, + 0x2c3f2a52, + 0x2c3faa6d, + 0x2c402a7e, + 0x2c40aa99, + 0x2c412aad, + 0x2c41aac0, + 0x2c422adf, + 0x2c42aaf3, + 0x2c432b06, + 0x2c43ab15, + 0x2c442b24, + 0x2c44ab3b, + 0x2c452b56, + 0x2c45ab6e, + 0x2c462b82, + 0x2c46ab95, + 0x2c472ba6, + 0x2c47abb7, + 0x2c482bc8, + 0x2c48abd9, + 0x2c492be8, + 0x2c49abf5, + 0x2c4a2c02, + 0x2c4aac0f, + 0x2c4b2c18, + 0x2c4bac2c, + 0x2c4c2c3b, + 0x2c4cac49, + 0x2c4d2c6b, + 0x2c4dac7c, + 0x2c4e2c8d, + 0x2c4eac58, + 0x2c4f286a, 0x30320000, 0x30328018, 0x3033002c, @@ -328,236 +328,236 @@ static const uint32_t kFunctionValues[] = { 0x30508404, 0x30510413, 0x3051841c, - 0x3432093c, - 0x3432894c, - 0x34330957, - 0x34338964, - 0x3832096d, - 0x38328980, - 0x3833098a, - 0x3833899c, - 0x3c320a3b, - 0x3c328a49, - 0x3c330a60, - 0x3c338a74, - 0x3c340a8f, - 0x3c348aa0, - 0x3c350aac, - 0x3c358ac0, - 0x3c360ad2, - 0x3c368afb, - 0x3c370b08, - 0x3c378b15, - 0x3c380b23, - 0x3c388b30, - 0x3c390b3d, - 0x3c398b61, - 0x3c3a0b71, - 0x3c3a8b89, - 0x3c3b0b9e, - 0x3c3b8bb3, - 0x3c3c0bc0, - 0x3c3c8bd3, - 0x3c3d0be6, - 0x3c3d8c0a, - 0x3c3e0c32, - 0x3c3e8c4b, - 0x3c3f0c61, - 0x3c3f8c6e, - 0x3c400c81, - 0x3c408c92, - 0x3c410ca3, - 0x3c418cbc, - 0x3c420cd5, - 0x3c428ceb, - 0x3c430d08, - 0x3c438d1e, - 0x3c440d3a, - 0x3c448d61, - 0x3c450d7f, - 0x3c458d99, - 0x3c460db1, - 0x3c468dc9, - 0x3c470df4, - 0x3c478e1f, - 0x3c480e40, - 0x3c488e69, - 0x3c490e84, - 0x3c498e9f, - 0x3c4a0eac, - 0x3c4a8ec3, - 0x3c4b0eda, - 0x3c4b8f03, - 0x3c4c0f13, - 0x3c4c8f1f, - 0x3c4d0f37, - 0x3c4d8f4a, - 0x3c4e0f5b, - 0x3c4e8f6c, - 0x3c4f0f7c, - 0x40321956, - 0x40329970, - 0x4033197c, - 0x40339994, - 0x403419b2, - 0x403499d1, - 0x403519e8, - 0x40359a04, - 0x40361a20, - 0x40369a3a, - 0x40371a59, - 0x40379a78, - 0x40381a90, - 0x40389aad, - 0x40391ad0, - 0x40399aed, - 0x403a1b0b, - 0x403a9b1b, - 0x403b1b30, - 0x403b9b4c, - 0x403c1b66, - 0x403c9b71, - 0x403d1b94, - 0x403d9bb8, - 0x403e1bce, - 0x403e9bd8, - 0x403f1be4, - 0x403f9bf5, - 0x40401c0d, - 0x40409c15, - 0x40411c1e, - 0x40419c27, - 0x40421c37, - 0x40429c4b, - 0x40431c56, - 0x40439c62, - 0x40441c7d, - 0x40449c89, - 0x40451c96, - 0x40459ca9, - 0x40461cc1, - 0x40469cd9, - 0x40471cef, - 0x40479d0a, - 0x40481d25, - 0x40489d39, - 0x40491d52, - 0x40499d6b, - 0x404a1d85, - 0x404a9d8f, - 0x404b1d9f, - 0x404b9dc0, - 0x404c1ddb, - 0x404c9de9, - 0x404d1df6, - 0x404d9e0a, - 0x404e1e22, - 0x404e9e30, - 0x404f1e3f, - 0x404f9e56, - 0x40501e68, - 0x40509e83, - 0x40511e9d, - 0x40519eb2, - 0x40521ec3, - 0x40529ee3, - 0x40531efe, - 0x40539f0e, - 0x40541f1a, - 0x40549f2d, - 0x40551f43, - 0x40559f61, - 0x40561f6e, - 0x40569f78, - 0x40571f86, - 0x40579fa1, - 0x40581fbc, - 0x40589fdb, - 0x40591ff0, - 0x4059a005, - 0x405a2022, - 0x405aa036, - 0x405b2052, - 0x405ba068, - 0x405c2085, - 0x405ca097, - 0x405d20ae, - 0x405da0bf, - 0x405e20db, - 0x405ea0ef, - 0x405f20ff, - 0x405fa11b, - 0x40602130, - 0x4060a146, - 0x40612163, - 0x4061a17c, - 0x4062218f, - 0x4062a198, - 0x406321a8, - 0x4063a1b4, - 0x406421ca, - 0x4064a1e8, - 0x406521fd, - 0x4065a21a, - 0x40662231, - 0x4066a24f, - 0x4067226c, - 0x4067a283, - 0x406822a1, - 0x4068a2b8, - 0x406922d0, - 0x4069a2e1, - 0x406a22f4, - 0x406aa307, - 0x406b231b, - 0x406ba33f, - 0x406c235a, - 0x406ca37b, - 0x406d239f, - 0x406da3ba, - 0x406e23db, - 0x406ea3f0, - 0x406f2409, - 0x406fa416, - 0x40702424, - 0x4070a431, - 0x4071244e, - 0x4071a46e, - 0x40722489, - 0x4072a4a2, - 0x407324b9, - 0x4073a4d3, - 0x407424f7, - 0x4074a50d, - 0x40752521, - 0x4075a536, - 0x40762550, - 0x4076a562, - 0x40772577, - 0x4077a59d, - 0x407825ba, - 0x4078a5dd, - 0x40792603, - 0x4079a620, - 0x407a2643, - 0x407aa65f, - 0x407b267b, - 0x407ba68d, - 0x407c269a, - 0x407ca6a7, - 0x407d26c4, - 0x407da6db, - 0x407e26f7, - 0x407ea70d, - 0x407f2725, - 0x407fa738, - 0x4080274d, - 0x4080a766, - 0x40812784, - 0x4081a7a4, - 0x408227ad, - 0x4082a7c9, - 0x408327d2, + 0x3432095d, + 0x3432896d, + 0x34330978, + 0x34338985, + 0x3832098e, + 0x383289a1, + 0x383309ab, + 0x383389bd, + 0x3c320a5c, + 0x3c328a6a, + 0x3c330a81, + 0x3c338a95, + 0x3c340ab0, + 0x3c348ac1, + 0x3c350acd, + 0x3c358ae1, + 0x3c360af3, + 0x3c368b1c, + 0x3c370b29, + 0x3c378b36, + 0x3c380b44, + 0x3c388b51, + 0x3c390b5e, + 0x3c398b82, + 0x3c3a0b92, + 0x3c3a8baa, + 0x3c3b0bbf, + 0x3c3b8bd4, + 0x3c3c0be1, + 0x3c3c8bf4, + 0x3c3d0c07, + 0x3c3d8c2b, + 0x3c3e0c53, + 0x3c3e8c6c, + 0x3c3f0c82, + 0x3c3f8c8f, + 0x3c400ca2, + 0x3c408cb3, + 0x3c410cc4, + 0x3c418cdd, + 0x3c420cf6, + 0x3c428d0c, + 0x3c430d29, + 0x3c438d3f, + 0x3c440d5b, + 0x3c448d82, + 0x3c450da0, + 0x3c458dba, + 0x3c460dd2, + 0x3c468dea, + 0x3c470e15, + 0x3c478e40, + 0x3c480e61, + 0x3c488e8a, + 0x3c490ea5, + 0x3c498ec0, + 0x3c4a0ecd, + 0x3c4a8ee4, + 0x3c4b0efb, + 0x3c4b8f24, + 0x3c4c0f34, + 0x3c4c8f40, + 0x3c4d0f58, + 0x3c4d8f6b, + 0x3c4e0f7c, + 0x3c4e8f8d, + 0x3c4f0f9d, + 0x40321977, + 0x40329991, + 0x4033199d, + 0x403399b5, + 0x403419d3, + 0x403499f2, + 0x40351a09, + 0x40359a25, + 0x40361a41, + 0x40369a5b, + 0x40371a7a, + 0x40379a99, + 0x40381ab1, + 0x40389ace, + 0x40391af1, + 0x40399b0e, + 0x403a1b2c, + 0x403a9b3c, + 0x403b1b51, + 0x403b9b6d, + 0x403c1b87, + 0x403c9b92, + 0x403d1bb5, + 0x403d9bd9, + 0x403e1bef, + 0x403e9bf9, + 0x403f1c05, + 0x403f9c16, + 0x40401c2e, + 0x40409c36, + 0x40411c3f, + 0x40419c48, + 0x40421c58, + 0x40429c6c, + 0x40431c77, + 0x40439c83, + 0x40441c9e, + 0x40449caa, + 0x40451cb7, + 0x40459cca, + 0x40461ce2, + 0x40469cfa, + 0x40471d10, + 0x40479d2b, + 0x40481d46, + 0x40489d5a, + 0x40491d73, + 0x40499d8c, + 0x404a1da6, + 0x404a9db0, + 0x404b1dc0, + 0x404b9de1, + 0x404c1dfc, + 0x404c9e0a, + 0x404d1e17, + 0x404d9e2b, + 0x404e1e43, + 0x404e9e51, + 0x404f1e60, + 0x404f9e77, + 0x40501e89, + 0x40509ea4, + 0x40511ebe, + 0x40519ed3, + 0x40521ee4, + 0x40529f04, + 0x40531f1f, + 0x40539f2f, + 0x40541f3b, + 0x40549f4e, + 0x40551f64, + 0x40559f82, + 0x40561f8f, + 0x40569f99, + 0x40571fa7, + 0x40579fc2, + 0x40581fdd, + 0x40589ffc, + 0x40592011, + 0x4059a026, + 0x405a2043, + 0x405aa057, + 0x405b2073, + 0x405ba089, + 0x405c20a6, + 0x405ca0b8, + 0x405d20cf, + 0x405da0e0, + 0x405e20fc, + 0x405ea110, + 0x405f2120, + 0x405fa13c, + 0x40602151, + 0x4060a167, + 0x40612184, + 0x4061a19d, + 0x406221b0, + 0x4062a1b9, + 0x406321c9, + 0x4063a1d5, + 0x406421eb, + 0x4064a209, + 0x4065221e, + 0x4065a23b, + 0x40662252, + 0x4066a270, + 0x4067228d, + 0x4067a2a4, + 0x406822c2, + 0x4068a2d9, + 0x406922f1, + 0x4069a302, + 0x406a2315, + 0x406aa328, + 0x406b233c, + 0x406ba360, + 0x406c237b, + 0x406ca39c, + 0x406d23c0, + 0x406da3db, + 0x406e23fc, + 0x406ea411, + 0x406f242a, + 0x406fa437, + 0x40702445, + 0x4070a452, + 0x4071246f, + 0x4071a48f, + 0x407224aa, + 0x4072a4c3, + 0x407324da, + 0x4073a4f4, + 0x40742518, + 0x4074a52e, + 0x40752542, + 0x4075a557, + 0x40762571, + 0x4076a583, + 0x40772598, + 0x4077a5be, + 0x407825db, + 0x4078a5fe, + 0x40792624, + 0x4079a641, + 0x407a2664, + 0x407aa680, + 0x407b269c, + 0x407ba6ae, + 0x407c26bb, + 0x407ca6c8, + 0x407d26e5, + 0x407da6fc, + 0x407e2718, + 0x407ea72e, + 0x407f2746, + 0x407fa759, + 0x4080276e, + 0x4080a787, + 0x408127a5, + 0x4081a7c5, + 0x408227ce, + 0x4082a7ea, + 0x408327f3, 0x4432042a, 0x4432843c, 0x44330445, @@ -576,121 +576,122 @@ static const uint32_t kFunctionValues[] = { 0x44398522, 0x443a052c, 0x443a8536, - 0x4c3215d0, - 0x4c3295df, - 0x4c3315ee, - 0x4c339607, - 0x4c341622, - 0x4c34963e, - 0x4c351650, - 0x4c35965e, - 0x4c361673, - 0x4c369684, - 0x4c371692, - 0x4c3796a0, - 0x4c3816b2, - 0x4c3896c2, - 0x4c3916cc, - 0x4c3996e4, - 0x4c3a16fc, - 0x4c3a970f, - 0x50322c7d, - 0x5032ac92, - 0x50332ca3, - 0x5033acb6, - 0x50342cc7, - 0x5034acda, - 0x50352ce9, - 0x5035acfe, - 0x50362d0e, - 0x5036ad1d, - 0x50372d2e, - 0x5037ad3e, - 0x50382d4f, - 0x5038ad62, - 0x50392d74, - 0x5039ad8a, - 0x503a2d9c, - 0x503aadad, - 0x503b2dbe, - 0x503badcf, - 0x503c2dda, - 0x503cade6, - 0x503d2df1, - 0x503dadfc, - 0x503e2e09, - 0x503eae1e, - 0x503f2e2c, - 0x503fae40, - 0x50402e53, - 0x5040ae64, - 0x50412e7e, - 0x5041ae8d, - 0x50422e96, - 0x5042aea5, - 0x50432eb7, - 0x5043aec3, - 0x50442ecb, - 0x5044aede, - 0x50452eef, - 0x5045af05, - 0x50462f11, - 0x5046af25, - 0x50472f33, - 0x5047af47, - 0x50482f61, - 0x5048af75, - 0x50492f8b, - 0x5049afa2, - 0x504a2fb4, - 0x504aafc8, - 0x504b2fdd, - 0x504baff4, - 0x504c3008, - 0x504cb011, - 0x504d3019, - 0x504db028, - 0x504e3038, - 0x68320f9d, - 0x68328fae, - 0x68330fbe, - 0x68338fcc, - 0x68340fd9, - 0x6c320f8c, - 0x743209e5, - 0x743289f7, + 0x4c3215f1, + 0x4c329600, + 0x4c33160f, + 0x4c339628, + 0x4c341643, + 0x4c34965f, + 0x4c351671, + 0x4c35967f, + 0x4c361694, + 0x4c3696a5, + 0x4c3716b3, + 0x4c3796c1, + 0x4c3816d3, + 0x4c3896e3, + 0x4c3916ed, + 0x4c399705, + 0x4c3a171d, + 0x4c3a9730, + 0x50322c9e, + 0x5032acb3, + 0x50332cc4, + 0x5033acd7, + 0x50342ce8, + 0x5034acfb, + 0x50352d0a, + 0x5035ad1f, + 0x50362d2f, + 0x5036ad3e, + 0x50372d4f, + 0x5037ad5f, + 0x50382d70, + 0x5038ad83, + 0x50392d95, + 0x5039adab, + 0x503a2dbd, + 0x503aadce, + 0x503b2ddf, + 0x503badf0, + 0x503c2dfb, + 0x503cae07, + 0x503d2e12, + 0x503dae1d, + 0x503e2e2a, + 0x503eae3f, + 0x503f2e4d, + 0x503fae61, + 0x50402e74, + 0x5040ae85, + 0x50412e9f, + 0x5041aeae, + 0x50422eb7, + 0x5042aec6, + 0x50432ed8, + 0x5043aee4, + 0x50442eec, + 0x5044aeff, + 0x50452f10, + 0x5045af26, + 0x50462f32, + 0x5046af46, + 0x50472f54, + 0x5047af68, + 0x50482f82, + 0x5048af96, + 0x50492fac, + 0x5049afc3, + 0x504a2fd5, + 0x504aafe9, + 0x504b2ffe, + 0x504bb015, + 0x504c3029, + 0x504cb032, + 0x504d303a, + 0x504db049, + 0x504e3059, + 0x68320fbe, + 0x68328fcf, + 0x68330fdf, + 0x68338fed, + 0x68340ffa, + 0x6c320fad, + 0x74320a06, + 0x74328a18, 0x783206c9, - 0x783286db, - 0x783306ed, - 0x783386ff, - 0x78340713, - 0x78348727, - 0x78350745, - 0x78358757, - 0x7836076b, - 0x7836877f, - 0x78370791, - 0x783787a3, - 0x783807b5, - 0x783887cc, - 0x783907e3, - 0x783987fa, - 0x783a0816, - 0x783a8832, - 0x783b084e, - 0x783b8864, - 0x783c087a, - 0x783c8890, - 0x783d08ad, - 0x783d88bc, - 0x783e08cb, - 0x783e88da, - 0x783f08f6, - 0x783f8904, - 0x78400912, - 0x78408920, - 0x7841092d, - 0x803213f7, + 0x783286fc, + 0x7833070e, + 0x78338720, + 0x78340734, + 0x78348748, + 0x78350766, + 0x78358778, + 0x7836078c, + 0x783687a0, + 0x783707b2, + 0x783787c4, + 0x783807d6, + 0x783887ed, + 0x78390804, + 0x7839881b, + 0x783a0837, + 0x783a8853, + 0x783b086f, + 0x783b8885, + 0x783c089b, + 0x783c88b1, + 0x783d08ce, + 0x783d88dd, + 0x783e08ec, + 0x783e88fb, + 0x783f0917, + 0x783f8925, + 0x78400933, + 0x78408941, + 0x7841094e, + 0x784186db, + 0x80321418, }; static const char kFunctionStringData[] = @@ -806,6 +807,7 @@ static const char kFunctionStringData[] = "BUF_strndup\0" "buf_mem_grow\0" "EVP_AEAD_CTX_init\0" + "EVP_AEAD_CTX_init_with_direction\0" "EVP_AEAD_CTX_open\0" "EVP_AEAD_CTX_seal\0" "EVP_CIPHER_CTX_copy\0" @@ -1352,152 +1354,152 @@ static const uint32_t kReasonValues[] = { 0xc3908a5, 0xc3988b4, 0xc3a08c8, - 0x10321406, - 0x10329412, - 0x1033142b, - 0x1033943e, - 0x10340d98, - 0x10349451, - 0x10351466, - 0x10359479, - 0x10361492, - 0x103694a7, - 0x103714c5, - 0x103794d4, - 0x103814f0, - 0x1038950b, - 0x1039151a, - 0x10399536, - 0x103a1551, - 0x103a9568, - 0x103b1579, - 0x103b958d, - 0x103c15ac, - 0x103c95bb, - 0x103d15d2, - 0x103d95e5, - 0x103e0b4e, - 0x103e95f8, - 0x103f160b, - 0x103f9625, - 0x10401635, - 0x10409649, - 0x1041165f, - 0x10419677, - 0x1042168c, - 0x104296a0, - 0x104316b2, + 0x10321417, + 0x10329423, + 0x1033143c, + 0x1033944f, + 0x10340da9, + 0x10349462, + 0x10351477, + 0x1035948a, + 0x103614a3, + 0x103694b8, + 0x103714d6, + 0x103794e5, + 0x10381501, + 0x1038951c, + 0x1039152b, + 0x10399547, + 0x103a1562, + 0x103a9579, + 0x103b158a, + 0x103b959e, + 0x103c15bd, + 0x103c95cc, + 0x103d15e3, + 0x103d95f6, + 0x103e0b5f, + 0x103e9609, + 0x103f161c, + 0x103f9636, + 0x10401646, + 0x1040965a, + 0x10411670, + 0x10419688, + 0x1042169d, + 0x104296b1, + 0x104316c3, 0x104385d0, 0x104408b4, - 0x104496c7, - 0x104516de, - 0x104596f3, - 0x10461701, - 0x14320b31, - 0x14328b3f, - 0x14330b4e, - 0x14338b60, + 0x104496d8, + 0x104516ef, + 0x10459704, + 0x10461712, + 0x14320b42, + 0x14328b50, + 0x14330b5f, + 0x14338b71, 0x18320083, - 0x18328dee, - 0x18330e04, + 0x18328dff, + 0x18330e15, 0x18338094, - 0x18340e1c, - 0x18348e30, - 0x18350e45, - 0x18358e67, - 0x18360e7f, - 0x18368e94, - 0x18370ea7, - 0x18378ebb, - 0x18380edf, - 0x18388eed, - 0x18390f03, - 0x18398f17, - 0x183a0f27, + 0x18340e2d, + 0x18348e41, + 0x18350e56, + 0x18358e78, + 0x18360e90, + 0x18368ea5, + 0x18370eb8, + 0x18378ecc, + 0x18380ef0, + 0x18388efe, + 0x18390f14, + 0x18398f28, + 0x183a0f38, 0x183a89cc, - 0x183b0f37, - 0x183b8f4c, - 0x183c0f63, - 0x183c8f77, - 0x183d0f8b, - 0x183d8f9b, - 0x183e0b7d, - 0x183e8fa8, - 0x183f0fba, - 0x183f8fc5, - 0x18400fd5, - 0x18408fe6, - 0x18410ff7, - 0x18419009, - 0x18421032, - 0x1842904b, - 0x1843105a, - 0x1843906e, - 0x1844108f, - 0x184490a7, - 0x184510c3, - 0x184590d9, - 0x184610f4, + 0x183b0f48, + 0x183b8f5d, + 0x183c0f74, + 0x183c8f88, + 0x183d0f9c, + 0x183d8fac, + 0x183e0b8e, + 0x183e8fb9, + 0x183f0fcb, + 0x183f8fd6, + 0x18400fe6, + 0x18408ff7, + 0x18411008, + 0x1841901a, + 0x18421043, + 0x1842905c, + 0x1843106b, + 0x1843907f, + 0x184410a0, + 0x184490b8, + 0x184510d4, + 0x184590ea, + 0x18461105, 0x1846866b, - 0x1847110f, - 0x1847912a, - 0x20321151, - 0x2432115d, + 0x18471120, + 0x1847913b, + 0x20321162, + 0x2432116e, 0x243288fa, - 0x2433116f, - 0x2433917c, - 0x24341189, - 0x2434919b, - 0x243511aa, - 0x243591c7, - 0x243611d4, - 0x243691e2, - 0x243711f0, - 0x243791fe, - 0x24381207, - 0x24389214, - 0x24391227, - 0x28320b71, - 0x28328b7d, - 0x28330b4e, - 0x28338b90, - 0x2c3229af, - 0x2c32a9bd, - 0x2c3329cf, - 0x2c33a9e1, - 0x2c3429f5, - 0x2c34aa07, - 0x2c352a22, - 0x2c35aa34, - 0x2c362a47, + 0x24331180, + 0x2433918d, + 0x2434119a, + 0x243491ac, + 0x243511bb, + 0x243591d8, + 0x243611e5, + 0x243691f3, + 0x24371201, + 0x2437920f, + 0x24381218, + 0x24389225, + 0x24391238, + 0x28320b82, + 0x28328b8e, + 0x28330b5f, + 0x28338ba1, + 0x2c3229c0, + 0x2c32a9ce, + 0x2c3329e0, + 0x2c33a9f2, + 0x2c342a06, + 0x2c34aa18, + 0x2c352a33, + 0x2c35aa45, + 0x2c362a58, 0x2c3682f3, - 0x2c372a54, - 0x2c37aa66, - 0x2c382a79, - 0x2c38aa87, - 0x2c392a97, - 0x2c39aaa9, - 0x2c3a2abd, - 0x2c3aaace, - 0x2c3b12e7, - 0x2c3baadf, - 0x2c3c2af3, - 0x2c3cab09, - 0x2c3d2b22, - 0x2c3dab50, - 0x2c3e2b5e, - 0x2c3eab76, - 0x2c3f2b8e, - 0x2c3fab9b, - 0x2c402bbe, - 0x2c40abdd, - 0x2c411151, - 0x2c41abee, - 0x2c422c01, - 0x2c4290c3, - 0x2c432c12, + 0x2c372a65, + 0x2c37aa77, + 0x2c382a8a, + 0x2c38aa98, + 0x2c392aa8, + 0x2c39aaba, + 0x2c3a2ace, + 0x2c3aaadf, + 0x2c3b12f8, + 0x2c3baaf0, + 0x2c3c2b04, + 0x2c3cab1a, + 0x2c3d2b33, + 0x2c3dab61, + 0x2c3e2b6f, + 0x2c3eab87, + 0x2c3f2b9f, + 0x2c3fabac, + 0x2c402bcf, + 0x2c40abee, + 0x2c411162, + 0x2c41abff, + 0x2c422c12, + 0x2c4290d4, + 0x2c432c23, 0x2c4386a2, - 0x2c442b3f, + 0x2c442b50, 0x30320000, 0x30328015, 0x3033001f, @@ -1586,239 +1588,239 @@ static const uint32_t kReasonValues[] = { 0x305c8687, 0x305d0698, 0x305d86a2, - 0x34320aab, - 0x34328abf, - 0x34330adc, - 0x34338aef, - 0x34340afe, - 0x34348b1b, + 0x34320abc, + 0x34328ad0, + 0x34330aed, + 0x34338b00, + 0x34340b0f, + 0x34348b2c, 0x3c320083, - 0x3c328ba6, - 0x3c330bbf, - 0x3c338bda, - 0x3c340bf7, - 0x3c348c12, - 0x3c350c2d, - 0x3c358c42, - 0x3c360c5b, - 0x3c368c73, - 0x3c370c84, - 0x3c378c92, - 0x3c380c9f, - 0x3c388cb3, - 0x3c390b7d, - 0x3c398cc7, - 0x3c3a0cdb, + 0x3c328bb7, + 0x3c330bd0, + 0x3c338beb, + 0x3c340c08, + 0x3c348c23, + 0x3c350c3e, + 0x3c358c53, + 0x3c360c6c, + 0x3c368c84, + 0x3c370c95, + 0x3c378ca3, + 0x3c380cb0, + 0x3c388cc4, + 0x3c390b8e, + 0x3c398cd8, + 0x3c3a0cec, 0x3c3a8874, - 0x3c3b0ceb, - 0x3c3b8d06, - 0x3c3c0d18, - 0x3c3c8d2e, - 0x3c3d0d38, - 0x3c3d8d4c, - 0x3c3e0d5a, - 0x3c3e8d68, - 0x40321718, - 0x4032972e, - 0x4033175c, - 0x40339766, - 0x4034177d, - 0x4034979b, - 0x403517ab, - 0x403597bd, - 0x403617ca, - 0x403697d6, - 0x403717eb, - 0x40379800, - 0x40381812, - 0x4038981d, - 0x4039182f, - 0x40398d98, - 0x403a183f, - 0x403a9852, - 0x403b1873, - 0x403b9884, - 0x403c1894, + 0x3c3b0cfc, + 0x3c3b8d17, + 0x3c3c0d29, + 0x3c3c8d3f, + 0x3c3d0d49, + 0x3c3d8d5d, + 0x3c3e0d6b, + 0x3c3e8d79, + 0x40321729, + 0x4032973f, + 0x4033176d, + 0x40339777, + 0x4034178e, + 0x403497ac, + 0x403517bc, + 0x403597ce, + 0x403617db, + 0x403697e7, + 0x403717fc, + 0x40379811, + 0x40381823, + 0x4038982e, + 0x40391840, + 0x40398da9, + 0x403a1850, + 0x403a9863, + 0x403b1884, + 0x403b9895, + 0x403c18a5, 0x403c8064, - 0x403d18a0, - 0x403d98bc, - 0x403e18d2, - 0x403e98e1, - 0x403f18f4, - 0x403f990e, - 0x4040191c, - 0x40409931, - 0x40411945, - 0x40419962, - 0x4042197b, - 0x40429996, - 0x404319af, - 0x404399c2, - 0x404419d6, - 0x404499ee, - 0x404519fe, - 0x40459a0c, - 0x40461a2a, + 0x403d18b1, + 0x403d98cd, + 0x403e18e3, + 0x403e98f2, + 0x403f1905, + 0x403f991f, + 0x4040192d, + 0x40409942, + 0x40411956, + 0x40419973, + 0x4042198c, + 0x404299a7, + 0x404319c0, + 0x404399d3, + 0x404419e7, + 0x404499ff, + 0x40451a0f, + 0x40459a1d, + 0x40461a3b, 0x40468094, - 0x40471a3f, - 0x40479a51, - 0x40481a75, - 0x40489a95, - 0x40491aa9, - 0x40499abe, - 0x404a1ad7, - 0x404a9afa, - 0x404b1b14, - 0x404b9b32, - 0x404c1b4d, - 0x404c9b67, - 0x404d1b7e, - 0x404d9b94, - 0x404e1bab, - 0x404e9bc7, - 0x404f1be3, - 0x404f9c04, - 0x40501c26, - 0x40509c42, - 0x40511c56, - 0x40519c63, - 0x40521c7a, - 0x40529c8a, - 0x40531c9a, - 0x40539cae, - 0x40541cc9, - 0x40549cd9, - 0x40551cf0, - 0x40559cff, - 0x40561d1a, - 0x40569d32, - 0x40571d4e, - 0x40579d67, - 0x40581d7a, - 0x40589d8f, - 0x40591db2, - 0x40599dc0, - 0x405a1dcd, - 0x405a9de6, - 0x405b1dfe, - 0x405b9e11, - 0x405c1e26, - 0x405c9e38, - 0x405d1e4d, - 0x405d9e5d, - 0x405e1e76, - 0x405e9e8a, - 0x405f1e9a, - 0x405f9eb2, - 0x40601ec3, - 0x40609ed6, - 0x40611ee7, - 0x40619f05, - 0x40621f16, - 0x40629f23, - 0x40631f3a, - 0x40639f5a, - 0x40641f71, - 0x40649f7e, - 0x40651f8c, - 0x40659fae, - 0x40661fd6, - 0x40669feb, - 0x40672002, - 0x4067a013, - 0x40682024, - 0x4068a035, - 0x4069204a, - 0x4069a061, - 0x406a2072, - 0x406aa08b, - 0x406b20a6, - 0x406ba0bd, - 0x406c20d5, - 0x406ca0f6, - 0x406d2109, - 0x406da12a, - 0x406e2145, - 0x406ea160, - 0x406f2181, - 0x406fa1a7, - 0x407021c7, - 0x4070a1e3, - 0x40712370, - 0x4071a393, - 0x407223a9, - 0x4072a3c8, - 0x407323e0, - 0x4073a400, - 0x4074262a, - 0x4074a64f, - 0x4075266a, - 0x4075a689, - 0x407626b8, - 0x4076a6e0, - 0x407726f9, - 0x4077a718, - 0x4078273d, - 0x4078a754, - 0x40792767, - 0x4079a784, + 0x40471a50, + 0x40479a62, + 0x40481a86, + 0x40489aa6, + 0x40491aba, + 0x40499acf, + 0x404a1ae8, + 0x404a9b0b, + 0x404b1b25, + 0x404b9b43, + 0x404c1b5e, + 0x404c9b78, + 0x404d1b8f, + 0x404d9ba5, + 0x404e1bbc, + 0x404e9bd8, + 0x404f1bf4, + 0x404f9c15, + 0x40501c37, + 0x40509c53, + 0x40511c67, + 0x40519c74, + 0x40521c8b, + 0x40529c9b, + 0x40531cab, + 0x40539cbf, + 0x40541cda, + 0x40549cea, + 0x40551d01, + 0x40559d10, + 0x40561d2b, + 0x40569d43, + 0x40571d5f, + 0x40579d78, + 0x40581d8b, + 0x40589da0, + 0x40591dc3, + 0x40599dd1, + 0x405a1dde, + 0x405a9df7, + 0x405b1e0f, + 0x405b9e22, + 0x405c1e37, + 0x405c9e49, + 0x405d1e5e, + 0x405d9e6e, + 0x405e1e87, + 0x405e9e9b, + 0x405f1eab, + 0x405f9ec3, + 0x40601ed4, + 0x40609ee7, + 0x40611ef8, + 0x40619f16, + 0x40621f27, + 0x40629f34, + 0x40631f4b, + 0x40639f6b, + 0x40641f82, + 0x40649f8f, + 0x40651f9d, + 0x40659fbf, + 0x40661fe7, + 0x40669ffc, + 0x40672013, + 0x4067a024, + 0x40682035, + 0x4068a046, + 0x4069205b, + 0x4069a072, + 0x406a2083, + 0x406aa09c, + 0x406b20b7, + 0x406ba0ce, + 0x406c20e6, + 0x406ca107, + 0x406d211a, + 0x406da13b, + 0x406e2156, + 0x406ea171, + 0x406f2192, + 0x406fa1b8, + 0x407021d8, + 0x4070a1f4, + 0x40712381, + 0x4071a3a4, + 0x407223ba, + 0x4072a3d9, + 0x407323f1, + 0x4073a411, + 0x4074263b, + 0x4074a660, + 0x4075267b, + 0x4075a69a, + 0x407626c9, + 0x4076a6f1, + 0x4077270a, + 0x4077a729, + 0x4078274e, + 0x4078a765, + 0x40792778, + 0x4079a795, 0x407a0782, - 0x407aa796, - 0x407b27a9, - 0x407ba7c2, - 0x407c27da, - 0x407c904b, - 0x407d27ee, - 0x407da808, - 0x407e2819, - 0x407ea82d, - 0x407f283b, - 0x407fa856, - 0x40801214, - 0x4080a87b, - 0x4081289d, - 0x4081a8b8, - 0x408228cd, - 0x4082a8e5, - 0x408328fd, - 0x4083a914, - 0x4084292a, - 0x4084a936, - 0x40852949, - 0x4085a95e, - 0x40862970, - 0x4086a985, - 0x4087298e, - 0x41f4229b, - 0x41f9232d, - 0x41fe2220, - 0x41fea451, - 0x41ff2542, - 0x420322b4, - 0x420822d6, - 0x4208a312, - 0x42092204, - 0x4209a34c, - 0x420a225b, - 0x420aa23b, - 0x420b227b, - 0x420ba2f4, - 0x420c255e, - 0x420ca41e, - 0x420d2438, - 0x420da46f, - 0x42122489, - 0x42172525, - 0x4217a4cb, - 0x421c24ed, - 0x421f24a8, - 0x42212575, - 0x42262508, - 0x422b260e, - 0x422ba5d7, - 0x422c25f6, - 0x422ca5b1, - 0x422d2590, + 0x407aa7a7, + 0x407b27ba, + 0x407ba7d3, + 0x407c27eb, + 0x407c905c, + 0x407d27ff, + 0x407da819, + 0x407e282a, + 0x407ea83e, + 0x407f284c, + 0x407fa867, + 0x40801225, + 0x4080a88c, + 0x408128ae, + 0x4081a8c9, + 0x408228de, + 0x4082a8f6, + 0x4083290e, + 0x4083a925, + 0x4084293b, + 0x4084a947, + 0x4085295a, + 0x4085a96f, + 0x40862981, + 0x4086a996, + 0x4087299f, + 0x41f422ac, + 0x41f9233e, + 0x41fe2231, + 0x41fea462, + 0x41ff2553, + 0x420322c5, + 0x420822e7, + 0x4208a323, + 0x42092215, + 0x4209a35d, + 0x420a226c, + 0x420aa24c, + 0x420b228c, + 0x420ba305, + 0x420c256f, + 0x420ca42f, + 0x420d2449, + 0x420da480, + 0x4212249a, + 0x42172536, + 0x4217a4dc, + 0x421c24fe, + 0x421f24b9, + 0x42212586, + 0x42262519, + 0x422b261f, + 0x422ba5e8, + 0x422c2607, + 0x422ca5c2, + 0x422d25a1, 0x443206ad, 0x443286bc, 0x443306c8, @@ -1836,103 +1838,103 @@ static const uint32_t kReasonValues[] = { 0x44390782, 0x44398790, 0x443a07a3, - 0x4c32123e, - 0x4c32924e, - 0x4c331261, - 0x4c339281, + 0x4c32124f, + 0x4c32925f, + 0x4c331272, + 0x4c339292, 0x4c340094, 0x4c3480b0, - 0x4c35128d, - 0x4c35929b, - 0x4c3612b7, - 0x4c3692ca, - 0x4c3712d9, - 0x4c3792e7, - 0x4c3812fc, - 0x4c389308, - 0x4c391328, - 0x4c399352, - 0x4c3a136b, - 0x4c3a9384, + 0x4c35129e, + 0x4c3592ac, + 0x4c3612c8, + 0x4c3692db, + 0x4c3712ea, + 0x4c3792f8, + 0x4c38130d, + 0x4c389319, + 0x4c391339, + 0x4c399363, + 0x4c3a137c, + 0x4c3a9395, 0x4c3b05d0, - 0x4c3b939d, - 0x4c3c13af, - 0x4c3c93be, - 0x4c3d104b, - 0x4c3d93d7, - 0x4c3e13e4, - 0x50322c24, - 0x5032ac33, - 0x50332c3e, - 0x5033ac4e, - 0x50342c67, - 0x5034ac81, - 0x50352c8f, - 0x5035aca5, - 0x50362cb7, - 0x5036accd, - 0x50372ce6, - 0x5037acf9, - 0x50382d11, - 0x5038ad22, - 0x50392d37, - 0x5039ad4b, - 0x503a2d6b, - 0x503aad81, - 0x503b2d99, - 0x503badab, - 0x503c2dc7, - 0x503cadde, - 0x503d2df7, - 0x503dae0d, - 0x503e2e1a, - 0x503eae30, - 0x503f2e42, + 0x4c3b93ae, + 0x4c3c13c0, + 0x4c3c93cf, + 0x4c3d105c, + 0x4c3d93e8, + 0x4c3e13f5, + 0x50322c35, + 0x5032ac44, + 0x50332c4f, + 0x5033ac5f, + 0x50342c78, + 0x5034ac92, + 0x50352ca0, + 0x5035acb6, + 0x50362cc8, + 0x5036acde, + 0x50372cf7, + 0x5037ad0a, + 0x50382d22, + 0x5038ad33, + 0x50392d48, + 0x5039ad5c, + 0x503a2d7c, + 0x503aad92, + 0x503b2daa, + 0x503badbc, + 0x503c2dd8, + 0x503cadef, + 0x503d2e08, + 0x503dae1e, + 0x503e2e2b, + 0x503eae41, + 0x503f2e53, 0x503f8348, - 0x50402e55, - 0x5040ae65, - 0x50412e7f, - 0x5041ae8e, - 0x50422ea8, - 0x5042aec5, - 0x50432ed5, - 0x5043aee5, - 0x50442ef4, + 0x50402e66, + 0x5040ae76, + 0x50412e90, + 0x5041ae9f, + 0x50422eb9, + 0x5042aed6, + 0x50432ee6, + 0x5043aef6, + 0x50442f05, 0x50448414, - 0x50452f08, - 0x5045af26, - 0x50462f39, - 0x5046af4f, - 0x50472f61, - 0x5047af76, - 0x50482f9c, - 0x5048afaa, - 0x50492fbd, - 0x5049afd2, - 0x504a2fe8, - 0x504aaff8, - 0x504b3018, - 0x504bb02b, - 0x504c304e, - 0x504cb07c, - 0x504d308e, - 0x504db0ab, - 0x504e30c6, - 0x504eb0e2, - 0x504f30f4, - 0x504fb10b, - 0x5050311a, + 0x50452f19, + 0x5045af37, + 0x50462f4a, + 0x5046af60, + 0x50472f72, + 0x5047af87, + 0x50482fad, + 0x5048afbb, + 0x50492fce, + 0x5049afe3, + 0x504a2ff9, + 0x504ab009, + 0x504b3029, + 0x504bb03c, + 0x504c305f, + 0x504cb08d, + 0x504d309f, + 0x504db0bc, + 0x504e30d7, + 0x504eb0f3, + 0x504f3105, + 0x504fb11c, + 0x5050312b, 0x50508687, - 0x5051312d, - 0x58320dd6, - 0x68320d98, - 0x68328b7d, - 0x68330b90, - 0x68338da6, - 0x68340db6, - 0x6c320d74, - 0x6c328b60, - 0x6c330d7f, + 0x5051313e, + 0x58320de7, + 0x68320da9, + 0x68328b8e, + 0x68330ba1, + 0x68338db7, + 0x68340dc7, + 0x6c320d85, + 0x6c328b71, + 0x6c330d90, 0x74320980, 0x783208e5, 0x783288fa, @@ -1949,16 +1951,17 @@ static const uint32_t kReasonValues[] = { 0x783809cc, 0x783889de, 0x783909eb, - 0x783989f9, - 0x783a0a0e, - 0x783a8a1c, - 0x783b0a26, - 0x783b8a3a, - 0x783c0a51, - 0x783c8a66, - 0x783d0a7d, - 0x783d8a92, - 0x80321140, + 0x78398a0a, + 0x783a0a1f, + 0x783a8a2d, + 0x783b0a37, + 0x783b8a4b, + 0x783c0a62, + 0x783c8a77, + 0x783d0a8e, + 0x783d8aa3, + 0x783e09f9, + 0x80321151, }; static const char kReasonStringData[] = @@ -2098,6 +2101,7 @@ static const char kReasonStringData[] = "INVALID_OPERATION\0" "IV_TOO_LARGE\0" "NO_CIPHER_SET\0" + "NO_DIRECTION_SET\0" "OUTPUT_ALIASES_INPUT\0" "TAG_TOO_LARGE\0" "TOO_LARGE\0" diff --git a/include/openssl/aead.h b/include/openssl/aead.h index 6fd8116f..861de998 100644 --- a/include/openssl/aead.h +++ b/include/openssl/aead.h @@ -205,7 +205,13 @@ typedef struct evp_aead_ctx_st { * be used. */ #define EVP_AEAD_DEFAULT_TAG_LENGTH 0 -/* EVP_AEAD_init initializes |ctx| for the given AEAD algorithm from |impl|. +/* evp_aead_direction_t denotes the direction of an AEAD operation. */ +enum evp_aead_direction_t { + evp_aead_open, + evp_aead_seal, +}; + +/* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm from |impl|. * The |impl| argument may be NULL to choose the default implementation. * Authentication tags may be truncated by passing a size as |tag_len|. A * |tag_len| of zero indicates the default tag length and this is defined as @@ -215,6 +221,13 @@ OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl); +/* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal + * AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a + * given direction. */ +OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction( + EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, + size_t tag_len, enum evp_aead_direction_t dir); + /* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. */ OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx); diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index 97bf096e..43b6cd52 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -530,6 +530,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void); #define CIPHER_F_aead_tls_seal 128 #define CIPHER_F_aes_init_key 129 #define CIPHER_F_aesni_init_key 130 +#define CIPHER_F_EVP_AEAD_CTX_init_with_direction 131 #define CIPHER_R_AES_KEY_SETUP_FAILED 100 #define CIPHER_R_BAD_DECRYPT 101 #define CIPHER_R_BAD_KEY_LENGTH 102 @@ -554,5 +555,6 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void); #define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121 #define CIPHER_R_UNSUPPORTED_TAG_SIZE 122 #define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123 +#define CIPHER_R_NO_DIRECTION_SET 124 #endif /* OPENSSL_HEADER_CIPHER_H */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a3d8925e..7ee810fb 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -353,8 +353,9 @@ static int tls1_change_cipher_state_aead(SSL *s, char is_read, aead_ctx = s->aead_write_ctx; } - if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, - EVP_AEAD_DEFAULT_TAG_LENGTH, NULL /* engine */)) { + if (!EVP_AEAD_CTX_init_with_direction( + &aead_ctx->ctx, aead, key, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH, + is_read ? evp_aead_open : evp_aead_seal)) { OPENSSL_free(aead_ctx); if (is_read) { s->aead_read_ctx = NULL;