70 lines
3.6 KiB
Diff
70 lines
3.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Fri, 18 Jan 2019 14:23:28 -0800
|
|
Subject: expose aes-{128,256}-cfb
|
|
|
|
This exposes AES-CFB ciphers through the EVP APIs. BoringSSL has
|
|
implementations for these ciphers, but Node doesn't realise that because
|
|
without this patch, they're not listed in the APIs that Node uses.
|
|
|
|
This should be upstreamed. See e.g.
|
|
https://boringssl-review.googlesource.com/c/boringssl/+/33984 for a
|
|
similar patch that was merged upstream.
|
|
|
|
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
|
|
index b132265bc103658dba3de6e0c3dc50d3634da5b0..588a4773437c311877f275bf3679f9688cda3c46 100644
|
|
--- a/crypto/cipher_extra/cipher_extra.c
|
|
+++ b/crypto/cipher_extra/cipher_extra.c
|
|
@@ -101,10 +101,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
|
|
return EVP_des_ede3_cbc();
|
|
} else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
|
|
return EVP_aes_128_cbc();
|
|
+ } else if (OPENSSL_strcasecmp(name, "aes-128-cfb") == 0) {
|
|
+ return EVP_aes_128_cfb128();
|
|
} else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) {
|
|
return EVP_aes_192_cbc();
|
|
} else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
|
|
return EVP_aes_256_cbc();
|
|
+ } else if (OPENSSL_strcasecmp(name, "aes-256-cfb") == 0) {
|
|
+ return EVP_aes_256_cfb128();
|
|
} else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
|
|
return EVP_aes_128_ctr();
|
|
} else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
|
|
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
|
|
index 53cb9d2dc8f1962a70dc12b648d27c32be8aca4b..84af06fc56e4aa72d4d48801d7c037add0221747 100644
|
|
--- a/decrepit/evp/evp_do_all.c
|
|
+++ b/decrepit/evp/evp_do_all.c
|
|
@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
|
|
const char *unused, void *arg),
|
|
void *arg) {
|
|
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
|
|
+ callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
|
|
callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
|
|
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
|
|
+ callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
|
|
callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
|
|
callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
|
|
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
|
|
@@ -44,8 +46,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
|
|
|
|
// OpenSSL returns everything twice, the second time in lower case.
|
|
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
|
|
+ callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
|
|
callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
|
|
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
|
|
+ callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
|
|
callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
|
|
callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
|
|
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
|
|
diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
|
|
index d22a6c216a2afe29f9507c90a190a4c6992c06a5..0bde0af4b25fbc24ee479b0ffffa037481c71e53 100644
|
|
--- a/include/openssl/cipher.h
|
|
+++ b/include/openssl/cipher.h
|
|
@@ -424,6 +424,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
|
|
|
|
// EVP_aes_128_cfb128 is only available in decrepit.
|
|
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
|
|
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
|
|
|
|
// EVP_aes_256_cfb128 is only available in decrepit.
|
|
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
|