Skip to content

Instantly share code, notes, and snippets.

@nornagon

nornagon/aes-cfb.patch Secret

Created January 2, 2019 21:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nornagon/9e1312cd7746773426c1dbf46ed47ea7 to your computer and use it in GitHub Desktop.
Save nornagon/9e1312cd7746773426c1dbf46ed47ea7 to your computer and use it in GitHub Desktop.
Download ZIP
Hypothetical patch to add aes-{128,256}-cfb support to BoringSSL
Raw
aes-cfb.patch
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
index 1b23ad32f..be7ef07b2 100644
--- a/crypto/cipher_extra/cipher_extra.c
+++ b/crypto/cipher_extra/cipher_extra.c
@@ -101,10 +101,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
return EVP_des_ede3_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
return EVP_aes_128_cbc();
+ } else if (OPENSSL_strcasecmp(name, "aes-128-cfb") == 0) {
+ return EVP_aes_128_cfb128();
} else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) {
return EVP_aes_192_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
return EVP_aes_256_cbc();
+ } else if (OPENSSL_strcasecmp(name, "aes-256-cfb") == 0) {
+ return EVP_aes_256_cfb128();
} else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
return EVP_aes_128_ctr();
} else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
diff --git a/decrepit/cfb/cfb.c b/decrepit/cfb/cfb.c
index d3a176163..21d108a7b 100644
--- a/decrepit/cfb/cfb.c
+++ b/decrepit/cfb/cfb.c
@@ -57,4 +57,12 @@ static const EVP_CIPHER aes_128_cfb128 = {
NULL /* cleanup */, NULL /* ctrl */,
};
+static const EVP_CIPHER aes_256_cfb128 = {
+ NID_aes_128_cfb128, 1 /* block_size */, 32 /* key_size */,
+ 16 /* iv_len */, sizeof(EVP_CFB_CTX), EVP_CIPH_CFB_MODE,
+ NULL /* app_data */, aes_cfb_init_key, aes_cfb128_cipher,
+ NULL /* cleanup */, NULL /* ctrl */,
+};
+
const EVP_CIPHER *EVP_aes_128_cfb128(void) { return &aes_128_cfb128; }
+const EVP_CIPHER *EVP_aes_256_cfb128(void) { return &aes_256_cfb128; }
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
index 38b8f9f78..112cc1e91 100644
--- a/decrepit/evp/evp_do_all.c
+++ b/decrepit/evp/evp_do_all.c
@@ -24,6 +24,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
+ callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
@@ -42,6 +43,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
+ callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index 727d7a7fc..8bcd6fe7d 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@@ -421,6 +421,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void);
// EVP_aes_128_cfb128 is only available in decrepit.
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
// The following flags do nothing and are included only to make it easier to
// compile code with BoringSSL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment