aws · ttungle96 · Oct 14, 2025 · Oct 15, 2025 · Oct 15, 2025 · Oct 15, 2025
@@ -108,6 +108,8 @@ extern "C" {
 #define AEAD_AES_128_CCM_MATTER_ID 27
 #define AEAD_AES_256_CBC_SHA384_TLS_ID 28
 #define AEAD_MAX_ID 28
+#define AEAD_XAES_256_GCM_ID 29
+#define AEAD_XAES_256_GCM_KEY_COMMIT_ID 30
 
 // EVP_AEAD represents a specific AEAD algorithm.
 struct evp_aead_st {

@@ -56,7 +56,7 @@
 
 /* This file is generated by crypto/obj/objects.go. */
 
-#define NUM_NID 999
+#define NUM_NID 1001
 
 static const uint8_t kObjectData[] = {
     /* NID_rsadsi */
@@ -7330,6 +7330,26 @@ static const uint8_t kObjectData[] = {
     0xc9,
     0x7b,
     0x06,
+    /* NID_xaes_256_gcm */
+    0x60,
+    0x86,
+    0x48,
+    0x01,
+    0x65,
+    0x03,
+    0x04,
+    0x01,
+    0x31,
+    /* NID_xaes_256_gcm_kc */
+    0x60,
+    0x86,
+    0x48,
+    0x01,
+    0x65,
+    0x03,
+    0x04,
+    0x01,
+    0x32,
 };
 
 static const ASN1_OBJECT kObjects[NUM_NID] = {
@@ -9017,6 +9037,10 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
     {"ED25519ph", "ED25519ph", NID_ED25519ph, 0, NULL, 0},
     {"SecP384r1MLKEM1024", "SecP384r1MLKEM1024", NID_SecP384r1MLKEM1024, 9,
      &kObjectData[6360], 0},
+    {"id-xaes256-GCM", "xaes-256-gcm", NID_xaes_256_gcm, 9, &kObjectData[6369],
+     0},
+    {"id-xaes256-GCM-KC", "xaes-256-gcm-kc", NID_xaes_256_gcm_kc, 9,
+     &kObjectData[6378], 0},
 };
 
 static const uint16_t kNIDsInShortNameOrder[] = {
@@ -9657,6 +9681,8 @@ static const uint16_t kNIDsInShortNameOrder[] = {
     194 /* id-smime-spq */,
     250 /* id-smime-spq-ets-sqt-unotice */,
     249 /* id-smime-spq-ets-sqt-uri */,
+    999 /* id-xaes256-GCM */,
+    1000 /* id-xaes256-GCM-KC */,
     676 /* identified-organization */,
     461 /* info */,
     748 /* inhibitAnyPolicy */,
@@ -10996,14 +11022,16 @@ static const uint16_t kNIDsInLongNameOrder[] = {
     503 /* x500UniqueIdentifier */,
     158 /* x509Certificate */,
     160 /* x509Crl */,
+    999 /* xaes-256-gcm */,
+    1000 /* xaes-256-gcm-kc */,
     125 /* zlib compression */,
 };
 
 static const uint16_t kNIDsInOIDOrder[] = {
     434 /* 0.9 (OBJ_data) */,
     182 /* 1.2 (OBJ_member_body) */,
-    379 /* 1.3 (OBJ_org) */,
     676 /* 1.3 (OBJ_identified_organization) */,
+    379 /* 1.3 (OBJ_org) */,
     11 /* 2.5 (OBJ_X500) */,
     647 /* 2.23 (OBJ_international_organizations) */,
     380 /* 1.3.6 (OBJ_dod) */,
@@ -11711,6 +11739,8 @@ static const uint16_t kNIDsInOIDOrder[] = {
     901 /* 2.16.840.1.101.3.4.1.46 (OBJ_aes_256_gcm) */,
     902 /* 2.16.840.1.101.3.4.1.47 (OBJ_aes_256_ccm) */,
     903 /* 2.16.840.1.101.3.4.1.48 (OBJ_id_aes256_wrap_pad) */,
+    999 /* 2.16.840.1.101.3.4.1.49 (OBJ_xaes_256_gcm) */,
+    1000 /* 2.16.840.1.101.3.4.1.50 (OBJ_xaes_256_gcm_kc) */,
     672 /* 2.16.840.1.101.3.4.2.1 (OBJ_sha256) */,
     673 /* 2.16.840.1.101.3.4.2.2 (OBJ_sha384) */,
     674 /* 2.16.840.1.101.3.4.2.3 (OBJ_sha512) */,

@@ -986,3 +986,5 @@ MLDSA65		995
 MLDSA87		996
 ED25519ph		997
 SecP384r1MLKEM1024		998
+xaes_256_gcm		999
+xaes_256_gcm_kc		1000
@@ -893,7 +893,9 @@ aes 44			: AES-256-CFB		: aes-256-cfb
 aes 45			: id-aes256-wrap
 aes 46			: id-aes256-GCM		: aes-256-gcm
 aes 47			: id-aes256-CCM		: aes-256-ccm
-aes 48			: id-aes256-wrap-pad
+aes 48			: id-aes256-wrap-pad 
+aes 49			: id-xaes256-GCM    : xaes-256-gcm
+aes 50			: id-xaes256-GCM-KC : xaes-256-gcm-kc
 
 # There are no OIDs for these modes...
 

@@ -34,6 +34,17 @@
 #include "openssl/pem.h"
 #include "openssl/rand.h"
 
+bool ConvertToBytes(std::vector<uint8_t> *out, const std::string &value) {
+  if (value.size() >= 2 && value[0] == '"' && value[value.size() - 1] == '"') {
+    out->assign(value.begin() + 1, value.end() - 1);
+    return true;
+  }
+
+  if (!DecodeHex(out, value)) {
+    return false;
+  }
+  return true;
+}
 
 void hexdump(FILE *fp, const char *msg, const void *in, size_t len) {
   const uint8_t *data = reinterpret_cast<const uint8_t *>(in);

@@ -34,6 +34,7 @@
 // hexdump writes |msg| to |fp| followed by the hex encoding of |len| bytes
 // from |in|.
 void hexdump(FILE *fp, const char *msg, const void *in, size_t len);
+bool ConvertToBytes(std::vector<uint8_t> *out, const std::string &value);
 
 // Bytes is a wrapper over a byte slice which may be compared for equality. This
 // allows it to be used in EXPECT_EQ macros.

@@ -431,6 +431,9 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_tls13(void);
 // 1.3 nonce construction.
 OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_tls13(void);
 
+// EVP_aead_xaes_256_gcm is AES-256 in Galois Counter Mode with CMAC-based KDF
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_xaes_256_gcm(void);
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_xaes_256_gcm_key_commit(void);
 
 // Obscure functions.
 

@@ -492,6 +492,8 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 // not act on it until the entire operation is complete.
 OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void);
 OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_xaes_256_gcm(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_xaes_256_gcm_key_commit(void);
 
 OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ccm(void);
 OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ccm(void);
@@ -601,6 +603,9 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_add_cipher_alias(const char *a,
 // EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only
 #define EVP_CTRL_GCM_SET_IV_INV 0x18
 #define EVP_CTRL_GET_IVLEN 0x19
+// The following are for getting/verifying key commitment 
+#define EVP_CTRL_AEAD_GET_KEY_COMMITMENT 0x20
+#define EVP_CTRL_AEAD_VERIFY_KEY_COMMITMENT 0x21
 
 // The following constants are unused.
 #define EVP_GCM_TLS_FIXED_IV_LEN 4
@@ -735,5 +740,6 @@ BSSL_NAMESPACE_END
 #define CIPHER_R_ALIGNMENT_CHANGED 142
 #define CIPHER_R_SERIALIZATION_INVALID_SERDE_VERSION 143
 #define CIPHER_R_SERIALIZATION_INVALID_CIPHER_ID 144
+#define CIPHER_R_KEY_COMMITMENT_INVALID 145
 
 #endif  // OPENSSL_HEADER_CIPHER_H
@@ -4386,6 +4386,16 @@ extern "C" {
 #define NID_SecP384r1MLKEM1024 998
 #define OBJ_SecP384r1MLKEM1024 1L, 3L, 6L, 1L, 4L, 1L, 42235L, 6L
 
+#define SN_xaes_256_gcm "id-xaes256-GCM"
+#define LN_xaes_256_gcm "xaes-256-gcm"
+#define NID_xaes_256_gcm 999
+#define OBJ_xaes_256_gcm 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 49L
+
+#define SN_xaes_256_gcm_kc "id-xaes256-GCM-KC"
+#define LN_xaes_256_gcm_kc "xaes-256-gcm-kc"
+#define NID_xaes_256_gcm_kc 1000
+#define OBJ_xaes_256_gcm_kc 2L, 16L, 840L, 1L, 101L, 3L, 4L, 1L, 50L
+
 #if defined(__cplusplus)
 } /* extern C */
 #endif