From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Fri, 18 Jan 2019 14:23:28 -0800 Subject: expose aes-{128,256}-cfb This exposes AES-CFB ciphers through the EVP APIs. BoringSSL has implementations for these ciphers, but Node doesn't realise that because without this patch, they're not listed in the APIs that Node uses. This should be upstreamed. See e.g. https://boringssl-review.googlesource.com/c/boringssl/+/33984 for a similar patch that was merged upstream. diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c index b132265bc103658dba3de6e0c3dc50d3634da5b0..588a4773437c311877f275bf3679f9688cda3c46 100644 --- a/crypto/cipher_extra/cipher_extra.c +++ b/crypto/cipher_extra/cipher_extra.c @@ -101,10 +101,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { return EVP_des_ede3_cbc(); } else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) { return EVP_aes_128_cbc(); + } else if (OPENSSL_strcasecmp(name, "aes-128-cfb") == 0) { + return EVP_aes_128_cfb128(); } else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) { return EVP_aes_192_cbc(); } else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) { return EVP_aes_256_cbc(); + } else if (OPENSSL_strcasecmp(name, "aes-256-cfb") == 0) { + return EVP_aes_256_cfb128(); } else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) { return EVP_aes_128_ctr(); } else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) { diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c index 53cb9d2dc8f1962a70dc12b648d27c32be8aca4b..84af06fc56e4aa72d4d48801d7c037add0221747 100644 --- a/decrepit/evp/evp_do_all.c +++ b/decrepit/evp/evp_do_all.c @@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, const char *unused, void *arg), void *arg) { callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg); + callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg); callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg); callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg); + callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg); callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg); callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg); callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg); @@ -44,8 +46,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, // OpenSSL returns everything twice, the second time in lower case. callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg); + callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg); callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg); callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg); + callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg); callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg); callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg); callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg); diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h index 3feadea85aa2f60b3c4e2956040cf015a72aa5b1..988f98fb7cdc564cafc4d0d3fe1dd777e278b26e 100644 --- a/include/openssl/cipher.h +++ b/include/openssl/cipher.h @@ -430,6 +430,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void); // EVP_aes_128_cfb128 is only available in decrepit. OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void); +OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void); // EVP_aes_128_cfb is an alias for |EVP_aes_128_cfb128| and is only available in // decrepit.