include/openssl/aead.h

*8fb009dcSAndroid Build Coastguard Worker/* Copyright (c) 2014, Google Inc.
*8fb009dcSAndroid Build Coastguard Worker *
*8fb009dcSAndroid Build Coastguard Worker * Permission to use, copy, modify, and/or distribute this software for any
*8fb009dcSAndroid Build Coastguard Worker * purpose with or without fee is hereby granted, provided that the above
*8fb009dcSAndroid Build Coastguard Worker * copyright notice and this permission notice appear in all copies.
*8fb009dcSAndroid Build Coastguard Worker *
*8fb009dcSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
*8fb009dcSAndroid Build Coastguard Worker * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
*8fb009dcSAndroid Build Coastguard Worker * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
*8fb009dcSAndroid Build Coastguard Worker * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
*8fb009dcSAndroid Build Coastguard Worker * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
*8fb009dcSAndroid Build Coastguard Worker * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
*8fb009dcSAndroid Build Coastguard Worker * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#ifndef OPENSSL_HEADER_AEAD_H
*8fb009dcSAndroid Build Coastguard Worker#define OPENSSL_HEADER_AEAD_H
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#include <openssl/base.h>
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#if defined(__cplusplus)
*8fb009dcSAndroid Build Coastguard Workerextern "C" {
*8fb009dcSAndroid Build Coastguard Worker#endif
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// Authenticated Encryption with Additional Data.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// AEAD couples confidentiality and integrity in a single primitive. AEAD
*8fb009dcSAndroid Build Coastguard Worker// algorithms take a key and then can seal and open individual messages. Each
*8fb009dcSAndroid Build Coastguard Worker// message has a unique, per-message nonce and, optionally, additional data
*8fb009dcSAndroid Build Coastguard Worker// which is authenticated but not included in the ciphertext.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The |EVP_AEAD_CTX_init| function initialises an |EVP_AEAD_CTX| structure and
*8fb009dcSAndroid Build Coastguard Worker// performs any precomputation needed to use |aead| with |key|. The length of
*8fb009dcSAndroid Build Coastguard Worker// the key, |key_len|, is given in bytes.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The |tag_len| argument contains the length of the tags, in bytes, and allows
*8fb009dcSAndroid Build Coastguard Worker// for the processing of truncated authenticators. A zero value indicates that
*8fb009dcSAndroid Build Coastguard Worker// the default tag length should be used and this is defined as
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_DEFAULT_TAG_LENGTH| in order to make the code clear. Using
*8fb009dcSAndroid Build Coastguard Worker// truncated tags increases an attacker's chance of creating a valid forgery.
*8fb009dcSAndroid Build Coastguard Worker// Be aware that the attacker's chance may increase more than exponentially as
*8fb009dcSAndroid Build Coastguard Worker// would naively be expected.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// When no longer needed, the initialised |EVP_AEAD_CTX| structure must be
*8fb009dcSAndroid Build Coastguard Worker// passed to |EVP_AEAD_CTX_cleanup|, which will deallocate any memory used.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// With an |EVP_AEAD_CTX| in hand, one can seal and open messages. These
*8fb009dcSAndroid Build Coastguard Worker// operations are intended to meet the standard notions of privacy and
*8fb009dcSAndroid Build Coastguard Worker// authenticity for authenticated encryption. For formal definitions see
*8fb009dcSAndroid Build Coastguard Worker// Bellare and Namprempre, "Authenticated encryption: relations among notions
*8fb009dcSAndroid Build Coastguard Worker// and analysis of the generic composition paradigm," Lecture Notes in Computer
*8fb009dcSAndroid Build Coastguard Worker// Science B<1976> (2000), 531–545,
*8fb009dcSAndroid Build Coastguard Worker// http://www-cse.ucsd.edu/~mihir/papers/oem.html.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// When sealing messages, a nonce must be given. The length of the nonce is
*8fb009dcSAndroid Build Coastguard Worker// fixed by the AEAD in use and is returned by |EVP_AEAD_nonce_length|. *The
*8fb009dcSAndroid Build Coastguard Worker// nonce must be unique for all messages with the same key*. This is critically
*8fb009dcSAndroid Build Coastguard Worker// important - nonce reuse may completely undermine the security of the AEAD.
*8fb009dcSAndroid Build Coastguard Worker// Nonces may be predictable and public, so long as they are unique. Uniqueness
*8fb009dcSAndroid Build Coastguard Worker// may be achieved with a simple counter or, if large enough, may be generated
*8fb009dcSAndroid Build Coastguard Worker// randomly. The nonce must be passed into the "open" operation by the receiver
*8fb009dcSAndroid Build Coastguard Worker// so must either be implicit (e.g. a counter), or must be transmitted along
*8fb009dcSAndroid Build Coastguard Worker// with the sealed message.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The "seal" and "open" operations are atomic - an entire message must be
*8fb009dcSAndroid Build Coastguard Worker// encrypted or decrypted in a single call. Large messages may have to be split
*8fb009dcSAndroid Build Coastguard Worker// up in order to accommodate this. When doing so, be mindful of the need not to
*8fb009dcSAndroid Build Coastguard Worker// repeat nonces and the possibility that an attacker could duplicate, reorder
*8fb009dcSAndroid Build Coastguard Worker// or drop message chunks. For example, using a single key for a given (large)
*8fb009dcSAndroid Build Coastguard Worker// message and sealing chunks with nonces counting from zero would be secure as
*8fb009dcSAndroid Build Coastguard Worker// long as the number of chunks was securely transmitted. (Otherwise an
*8fb009dcSAndroid Build Coastguard Worker// attacker could truncate the message by dropping chunks from the end.)
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The number of chunks could be transmitted by prefixing it to the plaintext,
*8fb009dcSAndroid Build Coastguard Worker// for example. This also assumes that no other message would ever use the same
*8fb009dcSAndroid Build Coastguard Worker// key otherwise the rule that nonces must be unique for a given key would be
*8fb009dcSAndroid Build Coastguard Worker// violated.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The "seal" and "open" operations also permit additional data to be
*8fb009dcSAndroid Build Coastguard Worker// authenticated via the |ad| parameter. This data is not included in the
*8fb009dcSAndroid Build Coastguard Worker// ciphertext and must be identical for both the "seal" and "open" call. This
*8fb009dcSAndroid Build Coastguard Worker// permits implicit context to be authenticated but may be empty if not needed.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The "seal" and "open" operations may work in-place if the |out| and |in|
*8fb009dcSAndroid Build Coastguard Worker// arguments are equal. Otherwise, if |out| and |in| alias, input data may be
*8fb009dcSAndroid Build Coastguard Worker// overwritten before it is read. This situation will cause an error.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The "seal" and "open" operations return one on success and zero on error.
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// AEAD algorithms.
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_gcm is AES-128 in Galois Counter Mode.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
*8fb009dcSAndroid Build Coastguard Worker// is specified to take a variable-length nonce, nonces with other lengths are
*8fb009dcSAndroid Build Coastguard Worker// effectively randomized, which means one must consider collisions. Unless
*8fb009dcSAndroid Build Coastguard Worker// implementing an existing protocol which has already specified incorrect
*8fb009dcSAndroid Build Coastguard Worker// parameters, only use 12-byte nonces.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_192_gcm is AES-192 in Galois Counter Mode.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// WARNING: AES-192 is superfluous and shouldn't exist. NIST should never have
*8fb009dcSAndroid Build Coastguard Worker// defined it. Use only when interop with another system requires it, never
*8fb009dcSAndroid Build Coastguard Worker// de novo.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
*8fb009dcSAndroid Build Coastguard Worker// is specified to take a variable-length nonce, nonces with other lengths are
*8fb009dcSAndroid Build Coastguard Worker// effectively randomized, which means one must consider collisions. Unless
*8fb009dcSAndroid Build Coastguard Worker// implementing an existing protocol which has already specified incorrect
*8fb009dcSAndroid Build Coastguard Worker// parameters, only use 12-byte nonces.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_192_gcm(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Note: AES-GCM should only be used with 12-byte (96-bit) nonces. Although it
*8fb009dcSAndroid Build Coastguard Worker// is specified to take a variable-length nonce, nonces with other lengths are
*8fb009dcSAndroid Build Coastguard Worker// effectively randomized, which means one must consider collisions. Unless
*8fb009dcSAndroid Build Coastguard Worker// implementing an existing protocol which has already specified incorrect
*8fb009dcSAndroid Build Coastguard Worker// parameters, only use 12-byte nonces.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_chacha20_poly1305 is the AEAD built from ChaCha20 and
*8fb009dcSAndroid Build Coastguard Worker// Poly1305 as described in RFC 8439.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_xchacha20_poly1305 is ChaCha20-Poly1305 with an extended nonce that
*8fb009dcSAndroid Build Coastguard Worker// makes random generation of nonces safe.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_xchacha20_poly1305(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for
*8fb009dcSAndroid Build Coastguard Worker// authentication. The nonce is 12 bytes; the bottom 32-bits are used as the
*8fb009dcSAndroid Build Coastguard Worker// block counter, thus the maximum plaintext size is 64GB.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_256_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for
*8fb009dcSAndroid Build Coastguard Worker// authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_gcm_siv is AES-128 in GCM-SIV mode. See RFC 8452.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_256_gcm_siv is AES-256 in GCM-SIV mode. See RFC 8452.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_gcm_randnonce is AES-128 in Galois Counter Mode with
*8fb009dcSAndroid Build Coastguard Worker// internal nonce generation. The 12-byte nonce is appended to the tag
*8fb009dcSAndroid Build Coastguard Worker// and is generated internally. The "tag", for the purpurses of the API, is thus
*8fb009dcSAndroid Build Coastguard Worker// 12 bytes larger. The nonce parameter when using this AEAD must be
*8fb009dcSAndroid Build Coastguard Worker// zero-length. Since the nonce is random, a single key should not be used for
*8fb009dcSAndroid Build Coastguard Worker// more than 2^32 seal operations.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Warning: this is for use for FIPS compliance only. It is probably not
*8fb009dcSAndroid Build Coastguard Worker// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve
*8fb009dcSAndroid Build Coastguard Worker// the same effect, but gives more control over nonce storage.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_randnonce(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_256_gcm_randnonce is AES-256 in Galois Counter Mode with
*8fb009dcSAndroid Build Coastguard Worker// internal nonce generation. The 12-byte nonce is appended to the tag
*8fb009dcSAndroid Build Coastguard Worker// and is generated internally. The "tag", for the purpurses of the API, is thus
*8fb009dcSAndroid Build Coastguard Worker// 12 bytes larger. The nonce parameter when using this AEAD must be
*8fb009dcSAndroid Build Coastguard Worker// zero-length. Since the nonce is random, a single key should not be used for
*8fb009dcSAndroid Build Coastguard Worker// more than 2^32 seal operations.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Warning: this is for use for FIPS compliance only. It is probably not
*8fb009dcSAndroid Build Coastguard Worker// suitable for other uses. Using standard AES-GCM AEADs allows one to achieve
*8fb009dcSAndroid Build Coastguard Worker// the same effect, but gives more control over nonce storage.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_randnonce(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2 (4-byte tags
*8fb009dcSAndroid Build Coastguard Worker// and 13-byte nonces), as decribed in the Bluetooth Core Specification v5.0,
*8fb009dcSAndroid Build Coastguard Worker// Volume 6, Part E, Section 1.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_ccm_bluetooth_8 is AES-128-CCM with M=8 and L=2 (8-byte tags
*8fb009dcSAndroid Build Coastguard Worker// and 13-byte nonces), as used in the Bluetooth Mesh Networking Specification
*8fb009dcSAndroid Build Coastguard Worker// v1.0.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_ccm_matter is AES-128-CCM with M=16 and L=2 (16-byte tags
*8fb009dcSAndroid Build Coastguard Worker// and 13-byte nonces), as used in the Matter specification.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_matter(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_has_aes_hardware returns one if we enable hardware support for fast and
*8fb009dcSAndroid Build Coastguard Worker// constant-time AES-GCM.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_has_aes_hardware(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// Utility functions.
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_key_length returns the length, in bytes, of the keys used by
*8fb009dcSAndroid Build Coastguard Worker// |aead|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT size_t EVP_AEAD_key_length(const EVP_AEAD *aead);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_nonce_length returns the length, in bytes, of the per-message nonce
*8fb009dcSAndroid Build Coastguard Worker// for |aead|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_max_overhead returns the maximum number of additional bytes added
*8fb009dcSAndroid Build Coastguard Worker// by the act of sealing data with |aead|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_max_tag_len returns the maximum tag length when using |aead|. This
*8fb009dcSAndroid Build Coastguard Worker// is the largest value that can be passed as |tag_len| to
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_CTX_init|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// AEAD operations.
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Workerunion evp_aead_ctx_st_state {
*8fb009dcSAndroid Build Coastguard Worker  uint8_t opaque[564];
*8fb009dcSAndroid Build Coastguard Worker  uint64_t alignment;
*8fb009dcSAndroid Build Coastguard Worker};
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// An evp_aead_ctx_st (typedefed as |EVP_AEAD_CTX| in base.h) represents an AEAD
*8fb009dcSAndroid Build Coastguard Worker// algorithm configured with a specific key and message-independent IV.
*8fb009dcSAndroid Build Coastguard Workerstruct evp_aead_ctx_st {
*8fb009dcSAndroid Build Coastguard Worker  const EVP_AEAD *aead;
*8fb009dcSAndroid Build Coastguard Worker  union evp_aead_ctx_st_state state;
*8fb009dcSAndroid Build Coastguard Worker  // tag_len may contain the actual length of the authentication tag if it is
*8fb009dcSAndroid Build Coastguard Worker  // known at initialization time.
*8fb009dcSAndroid Build Coastguard Worker  uint8_t tag_len;
*8fb009dcSAndroid Build Coastguard Worker};
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_MAX_KEY_LENGTH contains the maximum key length used by
*8fb009dcSAndroid Build Coastguard Worker// any AEAD defined in this header.
*8fb009dcSAndroid Build Coastguard Worker#define EVP_AEAD_MAX_KEY_LENGTH 80
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_MAX_NONCE_LENGTH contains the maximum nonce length used by
*8fb009dcSAndroid Build Coastguard Worker// any AEAD defined in this header.
*8fb009dcSAndroid Build Coastguard Worker#define EVP_AEAD_MAX_NONCE_LENGTH 24
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_MAX_OVERHEAD contains the maximum overhead used by any AEAD
*8fb009dcSAndroid Build Coastguard Worker// defined in this header.
*8fb009dcSAndroid Build Coastguard Worker#define EVP_AEAD_MAX_OVERHEAD 64
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD should
*8fb009dcSAndroid Build Coastguard Worker// be used.
*8fb009dcSAndroid Build Coastguard Worker#define EVP_AEAD_DEFAULT_TAG_LENGTH 0
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_zero sets an uninitialized |ctx| to the zero state. It must be
*8fb009dcSAndroid Build Coastguard Worker// initialized with |EVP_AEAD_CTX_init| before use. It is safe, but not
*8fb009dcSAndroid Build Coastguard Worker// necessary, to call |EVP_AEAD_CTX_cleanup| in this state. This may be used for
*8fb009dcSAndroid Build Coastguard Worker// more uniform cleanup of |EVP_AEAD_CTX|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_new allocates an |EVP_AEAD_CTX|, calls |EVP_AEAD_CTX_init| and
*8fb009dcSAndroid Build Coastguard Worker// returns the |EVP_AEAD_CTX|, or NULL on error.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT EVP_AEAD_CTX *EVP_AEAD_CTX_new(const EVP_AEAD *aead,
*8fb009dcSAndroid Build Coastguard Worker                                              const uint8_t *key,
*8fb009dcSAndroid Build Coastguard Worker                                              size_t key_len, size_t tag_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_free calls |EVP_AEAD_CTX_cleanup| and |OPENSSL_free| on
*8fb009dcSAndroid Build Coastguard Worker// |ctx|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm. The |impl|
*8fb009dcSAndroid Build Coastguard Worker// argument is ignored and should be NULL. Authentication tags may be truncated
*8fb009dcSAndroid Build Coastguard Worker// by passing a size as |tag_len|. A |tag_len| of zero indicates the default
*8fb009dcSAndroid Build Coastguard Worker// tag length and this is defined as EVP_AEAD_DEFAULT_TAG_LENGTH for
*8fb009dcSAndroid Build Coastguard Worker// readability.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In
*8fb009dcSAndroid Build Coastguard Worker// the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's
*8fb009dcSAndroid Build Coastguard Worker// harmless to do so.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *key, size_t key_len,
*8fb009dcSAndroid Build Coastguard Worker                                     size_t tag_len, ENGINE *impl);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to
*8fb009dcSAndroid Build Coastguard Worker// call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to
*8fb009dcSAndroid Build Coastguard Worker// all zeros.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and
*8fb009dcSAndroid Build Coastguard Worker// authenticates |ad_len| bytes from |ad| and writes the result to |out|. It
*8fb009dcSAndroid Build Coastguard Worker// returns one on success and zero otherwise.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// This function may be called concurrently with itself or any other seal/open
*8fb009dcSAndroid Build Coastguard Worker// function on the same |EVP_AEAD_CTX|.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// At most |max_out_len| bytes are written to |out| and, in order to ensure
*8fb009dcSAndroid Build Coastguard Worker// success, |max_out_len| should be |in_len| plus the result of
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_max_overhead|. On successful return, |*out_len| is set to the
*8fb009dcSAndroid Build Coastguard Worker// actual number of bytes written.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The length of |nonce|, |nonce_len|, must be equal to the result of
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_nonce_length| for this AEAD.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_CTX_seal| never results in a partial output. If |max_out_len| is
*8fb009dcSAndroid Build Coastguard Worker// insufficient, zero will be returned. If any error occurs, |out| will be
*8fb009dcSAndroid Build Coastguard Worker// filled with zero bytes and |*out_len| set to zero.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// If |in| and |out| alias then |out| must be == |in|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
*8fb009dcSAndroid Build Coastguard Worker                                     size_t *out_len, size_t max_out_len,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *nonce, size_t nonce_len,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *in, size_t in_len,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *ad, size_t ad_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_open authenticates |in_len| bytes from |in| and |ad_len| bytes
*8fb009dcSAndroid Build Coastguard Worker// from |ad| and decrypts at most |in_len| bytes into |out|. It returns one on
*8fb009dcSAndroid Build Coastguard Worker// success and zero otherwise.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// This function may be called concurrently with itself or any other seal/open
*8fb009dcSAndroid Build Coastguard Worker// function on the same |EVP_AEAD_CTX|.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// At most |in_len| bytes are written to |out|. In order to ensure success,
*8fb009dcSAndroid Build Coastguard Worker// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
*8fb009dcSAndroid Build Coastguard Worker// is set to the the actual number of bytes written.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The length of |nonce|, |nonce_len|, must be equal to the result of
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_nonce_length| for this AEAD.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_CTX_open| never results in a partial output. If |max_out_len| is
*8fb009dcSAndroid Build Coastguard Worker// insufficient, zero will be returned. If any error occurs, |out| will be
*8fb009dcSAndroid Build Coastguard Worker// filled with zero bytes and |*out_len| set to zero.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// If |in| and |out| alias then |out| must be == |in|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
*8fb009dcSAndroid Build Coastguard Worker                                     size_t *out_len, size_t max_out_len,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *nonce, size_t nonce_len,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *in, size_t in_len,
*8fb009dcSAndroid Build Coastguard Worker                                     const uint8_t *ad, size_t ad_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_seal_scatter encrypts and authenticates |in_len| bytes from |in|
*8fb009dcSAndroid Build Coastguard Worker// and authenticates |ad_len| bytes from |ad|. It writes |in_len| bytes of
*8fb009dcSAndroid Build Coastguard Worker// ciphertext to |out| and the authentication tag to |out_tag|. It returns one
*8fb009dcSAndroid Build Coastguard Worker// on success and zero otherwise.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// This function may be called concurrently with itself or any other seal/open
*8fb009dcSAndroid Build Coastguard Worker// function on the same |EVP_AEAD_CTX|.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// Exactly |in_len| bytes are written to |out|, and up to
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_max_overhead+extra_in_len| bytes to |out_tag|. On successful
*8fb009dcSAndroid Build Coastguard Worker// return, |*out_tag_len| is set to the actual number of bytes written to
*8fb009dcSAndroid Build Coastguard Worker// |out_tag|.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// |extra_in| may point to an additional plaintext input buffer if the cipher
*8fb009dcSAndroid Build Coastguard Worker// supports it. If present, |extra_in_len| additional bytes of plaintext are
*8fb009dcSAndroid Build Coastguard Worker// encrypted and authenticated, and the ciphertext is written (before the tag)
*8fb009dcSAndroid Build Coastguard Worker// to |out_tag|. |max_out_tag_len| must be sized to allow for the additional
*8fb009dcSAndroid Build Coastguard Worker// |extra_in_len| bytes.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The length of |nonce|, |nonce_len|, must be equal to the result of
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_nonce_length| for this AEAD.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_CTX_seal_scatter| never results in a partial output. If
*8fb009dcSAndroid Build Coastguard Worker// |max_out_tag_len| is insufficient, zero will be returned. If any error
*8fb009dcSAndroid Build Coastguard Worker// occurs, |out| and |out_tag| will be filled with zero bytes and |*out_tag_len|
*8fb009dcSAndroid Build Coastguard Worker// set to zero.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// If |in| and |out| alias then |out| must be == |in|. |out_tag| may not alias
*8fb009dcSAndroid Build Coastguard Worker// any other argument.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_seal_scatter(
*8fb009dcSAndroid Build Coastguard Worker    const EVP_AEAD_CTX *ctx, uint8_t *out,
*8fb009dcSAndroid Build Coastguard Worker    uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
*8fb009dcSAndroid Build Coastguard Worker    const uint8_t *nonce, size_t nonce_len,
*8fb009dcSAndroid Build Coastguard Worker    const uint8_t *in, size_t in_len,
*8fb009dcSAndroid Build Coastguard Worker    const uint8_t *extra_in, size_t extra_in_len,
*8fb009dcSAndroid Build Coastguard Worker    const uint8_t *ad, size_t ad_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_open_gather decrypts and authenticates |in_len| bytes from |in|
*8fb009dcSAndroid Build Coastguard Worker// and authenticates |ad_len| bytes from |ad| using |in_tag_len| bytes of
*8fb009dcSAndroid Build Coastguard Worker// authentication tag from |in_tag|. If successful, it writes |in_len| bytes of
*8fb009dcSAndroid Build Coastguard Worker// plaintext to |out|. It returns one on success and zero otherwise.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// This function may be called concurrently with itself or any other seal/open
*8fb009dcSAndroid Build Coastguard Worker// function on the same |EVP_AEAD_CTX|.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// The length of |nonce|, |nonce_len|, must be equal to the result of
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_nonce_length| for this AEAD.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_CTX_open_gather| never results in a partial output. If any error
*8fb009dcSAndroid Build Coastguard Worker// occurs, |out| will be filled with zero bytes.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// If |in| and |out| alias then |out| must be == |in|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_open_gather(
*8fb009dcSAndroid Build Coastguard Worker    const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
*8fb009dcSAndroid Build Coastguard Worker    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
*8fb009dcSAndroid Build Coastguard Worker    size_t in_tag_len, const uint8_t *ad, size_t ad_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_aead returns the underlying AEAD for |ctx|, or NULL if one has
*8fb009dcSAndroid Build Coastguard Worker// not been set.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_AEAD_CTX_aead(const EVP_AEAD_CTX *ctx);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// TLS-specific AEAD algorithms.
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// These AEAD primitives do not meet the definition of generic AEADs. They are
*8fb009dcSAndroid Build Coastguard Worker// all specific to TLS and should not be used outside of that context. They must
*8fb009dcSAndroid Build Coastguard Worker// be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may
*8fb009dcSAndroid Build Coastguard Worker// not be used concurrently. Any nonces are used as IVs, so they must be
*8fb009dcSAndroid Build Coastguard Worker// unpredictable. They only accept an |ad| parameter of length 11 (the standard
*8fb009dcSAndroid Build Coastguard Worker// TLS one with length omitted).
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void);
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void);
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void);
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_gcm_tls12 is AES-128 in Galois Counter Mode using the TLS
*8fb009dcSAndroid Build Coastguard Worker// 1.2 nonce construction.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls12(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_256_gcm_tls12 is AES-256 in Galois Counter Mode using the TLS
*8fb009dcSAndroid Build Coastguard Worker// 1.2 nonce construction.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls12(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_128_gcm_tls13 is AES-128 in Galois Counter Mode using the TLS
*8fb009dcSAndroid Build Coastguard Worker// 1.3 nonce construction.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls13(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_aead_aes_256_gcm_tls13 is AES-256 in Galois Counter Mode using the TLS
*8fb009dcSAndroid Build Coastguard Worker// 1.3 nonce construction.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls13(void);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// Obscure functions.
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// evp_aead_direction_t denotes the direction of an AEAD operation.
*8fb009dcSAndroid Build Coastguard Workerenum evp_aead_direction_t {
*8fb009dcSAndroid Build Coastguard Worker  evp_aead_open,
*8fb009dcSAndroid Build Coastguard Worker  evp_aead_seal,
*8fb009dcSAndroid Build Coastguard Worker};
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal
*8fb009dcSAndroid Build Coastguard Worker// AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a
*8fb009dcSAndroid Build Coastguard Worker// given direction.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(
*8fb009dcSAndroid Build Coastguard Worker    EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,
*8fb009dcSAndroid Build Coastguard Worker    size_t tag_len, enum evp_aead_direction_t dir);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and
*8fb009dcSAndroid Build Coastguard Worker// sets |*out_iv| to point to that many bytes of the current IV. This is only
*8fb009dcSAndroid Build Coastguard Worker// meaningful for AEADs with implicit IVs (i.e. CBC mode in TLS 1.0).
*8fb009dcSAndroid Build Coastguard Worker//
*8fb009dcSAndroid Build Coastguard Worker// It returns one on success or zero on error.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,
*8fb009dcSAndroid Build Coastguard Worker                                       const uint8_t **out_iv, size_t *out_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker// EVP_AEAD_CTX_tag_len computes the exact byte length of the tag written by
*8fb009dcSAndroid Build Coastguard Worker// |EVP_AEAD_CTX_seal_scatter| and writes it to |*out_tag_len|. It returns one
*8fb009dcSAndroid Build Coastguard Worker// on success or zero on error. |in_len| and |extra_in_len| must equal the
*8fb009dcSAndroid Build Coastguard Worker// arguments of the same names passed to |EVP_AEAD_CTX_seal_scatter|.
*8fb009dcSAndroid Build Coastguard WorkerOPENSSL_EXPORT int EVP_AEAD_CTX_tag_len(const EVP_AEAD_CTX *ctx,
*8fb009dcSAndroid Build Coastguard Worker                                        size_t *out_tag_len,
*8fb009dcSAndroid Build Coastguard Worker                                        const size_t in_len,
*8fb009dcSAndroid Build Coastguard Worker                                        const size_t extra_in_len);
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#if defined(__cplusplus)
*8fb009dcSAndroid Build Coastguard Worker}  // extern C
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#if !defined(BORINGSSL_NO_CXX)
*8fb009dcSAndroid Build Coastguard Workerextern "C++" {
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerBSSL_NAMESPACE_BEGIN
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Workerusing ScopedEVP_AEAD_CTX =
*8fb009dcSAndroid Build Coastguard Worker    internal::StackAllocated<EVP_AEAD_CTX, void, EVP_AEAD_CTX_zero,
*8fb009dcSAndroid Build Coastguard Worker                             EVP_AEAD_CTX_cleanup>;
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerBORINGSSL_MAKE_DELETER(EVP_AEAD_CTX, EVP_AEAD_CTX_free)
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard WorkerBSSL_NAMESPACE_END
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker}  // extern C++
*8fb009dcSAndroid Build Coastguard Worker#endif
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#endif
*8fb009dcSAndroid Build Coastguard Worker
*8fb009dcSAndroid Build Coastguard Worker#endif  // OPENSSL_HEADER_AEAD_H