yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge BoringSSL 0f8bfde: Make |gcm128_context| memcpy-safe.

Browse Source 
This merge is complicated by the fact that *ring* had already had made
this change, but BoringSSL used a slightly modified version. In
particular, the |_sk| suffixes were removed and the |OPENSSL_EXPORT|
was removed from each function in the BoringSSL version. In this merge,
the removal of the |_sk| suffixes was done. However, the removal of
|OPENSSL_EXPORT| would have broke the build, so it was not done.
This commit is contained in:
Brian Smith 2015-10-27 20:36:47 -10:00
commit 2ace2131ff
5 changed files with 129 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
crypto/cipher/e_aes.c
View File

@ -200,14 +200,14 @@ static void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
static char aesni_capable(void);
static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
block128_f *out_block, const uint8_t *key,
size_t key_len)
OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS {
if (aesni_capable()) {
aesni_set_encrypt_key(key, key_len * 8, aes_key);
if (gcm_ctx != NULL) {
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)aesni_encrypt);
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aesni_encrypt);
}
if (out_block) {
*out_block = (block128_f) aesni_encrypt;
@ -218,7 +218,7 @@ static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
if (hwaes_capable()) {
aes_v8_set_encrypt_key(key, key_len * 8, aes_key);
if (gcm_ctx != NULL) {
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)aes_v8_encrypt);
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aes_v8_encrypt);
}
if (out_block) {
*out_block = (block128_f) aes_v8_encrypt;
@ -229,7 +229,7 @@ static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
if (bsaes_capable()) {
AES_set_encrypt_key(key, key_len * 8, aes_key);
if (gcm_ctx != NULL) {
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)AES_encrypt);
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
}
if (out_block) {
*out_block = (block128_f) AES_encrypt;
@ -243,14 +243,14 @@ static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
*out_block = (block128_f) vpaes_encrypt;
}
if (gcm_ctx != NULL) {
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
}
return NULL;
}
AES_set_encrypt_key(key, key_len * 8, aes_key);
if (gcm_ctx != NULL) {
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)AES_encrypt);
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
}
if (out_block) {
*out_block = (block128_f) AES_encrypt;
@ -268,7 +268,7 @@ struct aead_aes_gcm_ctx {
double align;
AES_KEY ks;
} ks;
GCM128_CONTEXT_SK gcm;
GCM128_CONTEXT gcm;
ctr128_f ctr;
};
@ -300,29 +300,28 @@ int evp_aead_aes_gcm_seal(const void *ctx_buf, uint8_t *out, size_t *out_len,
return 0;
}
GCM128_CONTEXT_SK gcm;
GCM128_CONTEXT gcm;
const AES_KEY *key = &gcm_ctx->ks.ks;
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_set_96_bit_iv_sk(&gcm, key, nonce);
CRYPTO_gcm128_set_96_bit_iv(&gcm, key, nonce);
if (ad_len > 0 && !CRYPTO_gcm128_aad_sk(&gcm, ad, ad_len)) {
if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
return 0;
}
if (gcm_ctx->ctr) {
if (!CRYPTO_gcm128_encrypt_ctr32_sk(&gcm, key, in, out, in_len,
gcm_ctx->ctr)) {
if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, key, in, out, in_len, gcm_ctx->ctr)) {
return 0;
}
} else {
if (!CRYPTO_gcm128_encrypt_sk(&gcm, key, in, out, in_len)) {
if (!CRYPTO_gcm128_encrypt(&gcm, key, in, out, in_len)) {
return 0;
}
}
CRYPTO_gcm128_tag_sk(&gcm, out + in_len, EVP_AEAD_AES_GCM_TAG_LEN);
CRYPTO_gcm128_tag(&gcm, out + in_len, EVP_AEAD_AES_GCM_TAG_LEN);
return 1;
}
@ -344,33 +343,33 @@ int evp_aead_aes_gcm_open(const void *ctx_buf, uint8_t *out, size_t *out_len,
uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN];
size_t plaintext_len;
GCM128_CONTEXT_SK gcm;
GCM128_CONTEXT gcm;
plaintext_len = in_len - EVP_AEAD_AES_GCM_TAG_LEN;
const AES_KEY *key = &gcm_ctx->ks.ks;
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_set_96_bit_iv_sk(&gcm, key, nonce);
CRYPTO_gcm128_set_96_bit_iv(&gcm, key, nonce);
if (!CRYPTO_gcm128_aad_sk(&gcm, ad, ad_len)) {
if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
return 0;
}
if (gcm_ctx->ctr) {
if (!CRYPTO_gcm128_decrypt_ctr32_sk(&gcm, key, in, out,
in_len - EVP_AEAD_AES_GCM_TAG_LEN,
gcm_ctx->ctr)) {
if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, key, in, out,
in_len - EVP_AEAD_AES_GCM_TAG_LEN,
gcm_ctx->ctr)) {
return 0;
}
} else {
if (!CRYPTO_gcm128_decrypt_sk(&gcm, key, in, out,
in_len - EVP_AEAD_AES_GCM_TAG_LEN)) {
if (!CRYPTO_gcm128_decrypt(&gcm, key, in, out,
in_len - EVP_AEAD_AES_GCM_TAG_LEN)) {
return 0;
}
}
CRYPTO_gcm128_tag_sk(&gcm, tag, EVP_AEAD_AES_GCM_TAG_LEN);
CRYPTO_gcm128_tag(&gcm, tag, EVP_AEAD_AES_GCM_TAG_LEN);
if (CRYPTO_memcmp(tag, in + plaintext_len, EVP_AEAD_AES_GCM_TAG_LEN) != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;

52
crypto/modes/gcm.c
View File

@ -406,18 +406,18 @@ void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
#endif
#endif
GCM128_CONTEXT_SK *CRYPTO_gcm128_new_sk(const void *key, block128_f block) {
GCM128_CONTEXT_SK *ret;
GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key, block128_f block) {
GCM128_CONTEXT *ret;
ret = (GCM128_CONTEXT_SK *)OPENSSL_malloc(sizeof(GCM128_CONTEXT_SK));
ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT));
if (ret != NULL) {
CRYPTO_gcm128_init_sk(ret, key, block);
CRYPTO_gcm128_init(ret, key, block);
}
return ret;
}
void CRYPTO_gcm128_init_sk(GCM128_CONTEXT_SK *ctx, const void *key,
void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
block128_f block) {
const union {
long one;
@ -491,8 +491,8 @@ void CRYPTO_gcm128_init_sk(GCM128_CONTEXT_SK *ctx, const void *key,
#endif
}
void CRYPTO_gcm128_set_96_bit_iv_sk(GCM128_CONTEXT_SK *ctx, const void *key,
const uint8_t *iv) {
void CRYPTO_gcm128_set_96_bit_iv(GCM128_CONTEXT *ctx, const void *key,
const uint8_t *iv) {
const union {
long one;
char little;
@ -521,7 +521,7 @@ void CRYPTO_gcm128_set_96_bit_iv_sk(GCM128_CONTEXT_SK *ctx, const void *key,
}
}
int CRYPTO_gcm128_aad_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *aad, size_t len) {
int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) {
size_t i;
unsigned int n;
uint64_t alen = ctx->len.u[0];
@ -585,9 +585,9 @@ int CRYPTO_gcm128_aad_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *aad, size_t len)
return 1;
}
int CRYPTO_gcm128_encrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
const unsigned char *in, unsigned char *out,
size_t len) {
int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key,
const unsigned char *in, unsigned char *out,
size_t len) {
const union {
long one;
char little;
@ -745,9 +745,9 @@ int CRYPTO_gcm128_encrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
return 1;
}
int CRYPTO_gcm128_decrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
const unsigned char *in, unsigned char *out,
size_t len) {
int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key,
const unsigned char *in, unsigned char *out,
size_t len) {
const union {
long one;
char little;
@ -912,9 +912,9 @@ int CRYPTO_gcm128_decrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
return 1;
}
int CRYPTO_gcm128_encrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
const uint8_t *in, uint8_t *out, size_t len,
ctr128_f stream) {
int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const void *key,
const uint8_t *in, uint8_t *out, size_t len,
ctr128_f stream) {
const union {
long one;
char little;
@ -1021,9 +1021,9 @@ int CRYPTO_gcm128_encrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
return 1;
}
int CRYPTO_gcm128_decrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
const uint8_t *in, uint8_t *out, size_t len,
ctr128_f stream) {
int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const void *key,
const uint8_t *in, uint8_t *out, size_t len,
ctr128_f stream) {
const union {
long one;
char little;
@ -1137,8 +1137,8 @@ int CRYPTO_gcm128_decrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
return 1;
}
int CRYPTO_gcm128_finish_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *tag,
size_t len) {
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag,
size_t len) {
const union {
long one;
char little;
@ -1182,13 +1182,13 @@ int CRYPTO_gcm128_finish_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *tag,
}
}
void CRYPTO_gcm128_tag_sk(GCM128_CONTEXT_SK *ctx, unsigned char *tag,
size_t len) {
CRYPTO_gcm128_finish_sk(ctx, NULL, 0);
void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag,
size_t len) {
CRYPTO_gcm128_finish(ctx, NULL, 0);
memcpy(tag, ctx->Xi.c, len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
}
void CRYPTO_gcm128_release_sk(GCM128_CONTEXT_SK *ctx) {
void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) {
if (ctx) {
OPENSSL_cleanse(ctx, sizeof(*ctx));
OPENSSL_free(ctx);

20
crypto/modes/gcm_test.c
View File

@ -242,7 +242,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
*nonce = NULL, *ciphertext = NULL, *tag = NULL, *out = NULL;
int ret = 0;
AES_KEY aes_key;
GCM128_CONTEXT_SK ctx;
GCM128_CONTEXT ctx;
if (!decode_hex(&key, &key_len, test->key, test_num, "key") ||
!decode_hex(&plaintext, &plaintext_len, test->plaintext, test_num,
@ -286,16 +286,16 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
goto out;
}
CRYPTO_gcm128_init_sk(&ctx, &aes_key, (block128_f) AES_encrypt);
CRYPTO_gcm128_set_96_bit_iv_sk(&ctx, &aes_key, nonce);
CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt);
CRYPTO_gcm128_set_96_bit_iv(&ctx, &aes_key, nonce);
memset(out, 0, plaintext_len);
if (additional_data) {
CRYPTO_gcm128_aad_sk(&ctx, additional_data, additional_data_len);
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
}
if (plaintext) {
CRYPTO_gcm128_encrypt_sk(&ctx, &aes_key, plaintext, out, plaintext_len);
CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len);
}
if (!CRYPTO_gcm128_finish_sk(&ctx, tag, tag_len) ||
if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) ||
(ciphertext && memcmp(out, ciphertext, plaintext_len) != 0)) {
fprintf(stderr, "%u: encrypt failed.\n", test_num);
hexdump(stderr, "got :", out, plaintext_len);
@ -303,15 +303,15 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
goto out;
}
CRYPTO_gcm128_set_96_bit_iv_sk(&ctx, &aes_key, nonce);
CRYPTO_gcm128_set_96_bit_iv(&ctx, &aes_key, nonce);
memset(out, 0, plaintext_len);
if (additional_data) {
CRYPTO_gcm128_aad_sk(&ctx, additional_data, additional_data_len);
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
}
if (ciphertext) {
CRYPTO_gcm128_decrypt_sk(&ctx, &aes_key, ciphertext, out, plaintext_len);
CRYPTO_gcm128_decrypt(&ctx, &aes_key, ciphertext, out, plaintext_len);
}
if (!CRYPTO_gcm128_finish_sk(&ctx, tag, tag_len)) {
if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len)) {
fprintf(stderr, "%u: decrypt failed.\n", test_num);
goto out;
}

4
crypto/modes/internal.h
View File

@ -152,10 +152,10 @@ __inline uint32_t _bswap4(uint32_t val) {
/* GCM definitions */
typedef struct { uint64_t hi,lo; } u128;
/* This differs from the old |gcm128_context| in that it does not have the
/* This differs from OpenSSL's |gcm128_context| in that it does not have the
* |key| pointer, in order to make it |memcpy|-friendly. See openssl/modes.h
* for more info. */
struct gcm128_context_sk {
struct gcm128_context {
/* Following 6 names follow names in GCM specification */
union {
uint64_t u[2];

134
include/openssl/modes.h
View File

@ -93,84 +93,88 @@ OPENSSL_EXPORT void CRYPTO_ctr128_encrypt_ctr32(
/* GCM.
*
* This API differs from the upstream API slightly. Every name ends with a "_sk"
* suffix that signifies that |GCM128_CONTEXT_SK| does not have a |key| pointer
* that points to the key like |GCM128_CONTEXT| did. Instead, every function
* takes a |key| parameter. This way |GCM128_CONTEXT_SK| can be safely copied
* with memcpy or equivalent. */
* This API differs from the OpenSSL API slightly. The |GCM128_CONTEXT| does
* not have a |key| pointer that points to the key as OpenSSL's version does.
* Instead, every function takes a |key| parameter. This way |GCM128_CONTEXT|
* can be safely copied with memcpy or equivalent. */
typedef struct gcm128_context_sk GCM128_CONTEXT_SK;
typedef struct gcm128_context GCM128_CONTEXT;
/* CRYPTO_gcm128_new_sk allocates a fresh |GCM128_CONTEXT| and calls
* |CRYPTO_gcm128_init_sk|. It returns the new context, or NULL on error. */
OPENSSL_EXPORT GCM128_CONTEXT_SK *CRYPTO_gcm128_new_sk(const void *key,
block128_f block);
/* CRYPTO_gcm128_new allocates a fresh |GCM128_CONTEXT| and calls
* |CRYPTO_gcm128_init|. It returns the new context, or NULL on error. */
GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key, block128_f block);
/* CRYPTO_gcm128_init_sk initialises |ctx| to use |block| (typically AES) with
/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with the
* given key. */
OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key,
block128_f block);
/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with
* the given key. */
OPENSSL_EXPORT void CRYPTO_gcm128_init_sk(GCM128_CONTEXT_SK *ctx,
const void *key, block128_f block);
OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
block128_f block);
/* CRYPTO_gcm128_set_96_bit_iv_sk sets the IV (nonce) for |ctx|. |key| must be
/* CRYPTO_gcm128_set_96_bit_iv sets the IV (nonce) for |ctx|. The |key| must be
* the same key that was passed to |CRYPTO_gcm128_init|. |iv| must be 12 bytes
* (96 bits) long. */
OPENSSL_EXPORT void CRYPTO_gcm128_set_96_bit_iv_sk (GCM128_CONTEXT_SK *ctx,
const void *key,
const uint8_t *iv);
OPENSSL_EXPORT void CRYPTO_gcm128_set_96_bit_iv(GCM128_CONTEXT *ctx,
const void *key,
const uint8_t *iv);
/* CRYPTO_gcm128_aad_sk sets the authenticated data for an instance of GCM.
/* CRYPTO_gcm128_aad sets the authenticated data for an instance of GCM.
* This must be called before and data is encrypted. It returns one on success
* and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_aad_sk(GCM128_CONTEXT_SK *ctx,
const uint8_t *aad, size_t len);
OPENSSL_EXPORT int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad,
size_t len);
/* CRYPTO_gcm128_encrypt_sk encrypts |len| bytes from |in| to |out|. |key| must
* be the same key that was passed to |CRYPTO_gcm128_init|. It returns one on
* success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_sk(GCM128_CONTEXT_SK *ctx,
const void *key, const uint8_t *in,
uint8_t *out, size_t len);
/* CRYPTO_gcm128_decrypt_sk decrypts |len| bytes from |in| to |out|. |key| must
* be the same key that was passed to |CRYPTO_gcm128_init|. It returns one on
* success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_sk(GCM128_CONTEXT_SK *ctx,
const void *key,
const uint8_t *in,
uint8_t *out, size_t len);
/* CRYPTO_gcm128_encrypt_ctr32_sk encrypts |len| bytes from |in| to |out| using
* a CTR function that only handles the bottom 32 bits of the nonce, like
* |CRYPTO_ctr128_encrypt_ctr32|. |key| must be the same key that was passed to
* |CRYPTO_gcm128_init|. It returns one on success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx,
const void *key,
const uint8_t *in,
uint8_t *out,
size_t len, ctr128_f stream);
/* CRYPTO_gcm128_decrypt_ctr32_sk decrypts |len| bytes from |in| to |out| using
* a CTR function that only handles the bottom 32 bits of the nonce, like
* |CRYPTO_ctr128_encrypt_ctr32|. |key| must be the same key that was passed to
* |CRYPTO_gcm128_init|. It returns one on success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx,
const void *key,
const uint8_t *in,
uint8_t *out, size_t len,
ctr128_f stream);
/* CRYPTO_gcm128_finish_sk calculates the authenticator and compares it against
* |len| bytes of |tag|. It returns one on success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_finish_sk(GCM128_CONTEXT_SK *ctx,
const uint8_t *tag, size_t len);
/* CRYPTO_gcm128_tag_sk calculates the authenticator and copies it into |tag|.
* The minimum of |len| and 16 bytes are copied into |tag|. */
OPENSSL_EXPORT void CRYPTO_gcm128_tag_sk(GCM128_CONTEXT_SK *ctx, uint8_t *tag,
/* CRYPTO_gcm128_encrypt encrypts |len| bytes from |in| to |out|. The |key|
* must be the same key that was passed to |CRYPTO_gcm128_init|. It returns one
* on success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key,
const uint8_t *in, uint8_t *out,
size_t len);
/* CRYPTO_gcm128_release_sk clears and frees |ctx|. */
OPENSSL_EXPORT void CRYPTO_gcm128_release_sk(GCM128_CONTEXT_SK *ctx);
/* CRYPTO_gcm128_decrypt decrypts |len| bytes from |in| to |out|. The |key|
* must be the same key that was passed to |CRYPTO_gcm128_init|. It returns one
* on success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key,
const uint8_t *in, uint8_t *out,
size_t len);
/* CRYPTO_gcm128_encrypt_ctr32 encrypts |len| bytes from |in| to |out| using
* a CTR function that only handles the bottom 32 bits of the nonce, like
* |CRYPTO_ctr128_encrypt_ctr32|. The |key| must be the same key that was
* passed to |CRYPTO_gcm128_init|. It returns one on success and zero
* otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
const void *key,
const uint8_t *in,
uint8_t *out,
size_t len, ctr128_f stream);
/* CRYPTO_gcm128_decrypt_ctr32 decrypts |len| bytes from |in| to |out| using
* a CTR function that only handles the bottom 32 bits of the nonce, like
* |CRYPTO_ctr128_encrypt_ctr32|. The |key| must be the same key that was
* passed to |CRYPTO_gcm128_init|. It returns one on success and zero
* otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
const void *key,
const uint8_t *in,
uint8_t *out, size_t len,
ctr128_f stream);
/* CRYPTO_gcm128_finish calculates the authenticator and compares it against
* |len| bytes of |tag|. It returns one on success and zero otherwise. */
OPENSSL_EXPORT int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag,
size_t len);
/* CRYPTO_gcm128_tag calculates the authenticator and copies it into |tag|.
* The minimum of |len| and 16 bytes are copied into |tag|. */
OPENSSL_EXPORT void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag,
size_t len);
/* CRYPTO_gcm128_release clears and frees |ctx|. */
OPENSSL_EXPORT void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
/* CBC. */