-
-
Save nornagon/9e1312cd7746773426c1dbf46ed47ea7 to your computer and use it in GitHub Desktop.
Hypothetical patch to add aes-{128,256}-cfb support to BoringSSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c | |
index 1b23ad32f..be7ef07b2 100644 | |
--- a/crypto/cipher_extra/cipher_extra.c | |
+++ b/crypto/cipher_extra/cipher_extra.c | |
@@ -101,10 +101,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { | |
return EVP_des_ede3_cbc(); | |
} else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) { | |
return EVP_aes_128_cbc(); | |
+ } else if (OPENSSL_strcasecmp(name, "aes-128-cfb") == 0) { | |
+ return EVP_aes_128_cfb128(); | |
} else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) { | |
return EVP_aes_192_cbc(); | |
} else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) { | |
return EVP_aes_256_cbc(); | |
+ } else if (OPENSSL_strcasecmp(name, "aes-256-cfb") == 0) { | |
+ return EVP_aes_256_cfb128(); | |
} else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) { | |
return EVP_aes_128_ctr(); | |
} else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) { | |
diff --git a/decrepit/cfb/cfb.c b/decrepit/cfb/cfb.c | |
index d3a176163..21d108a7b 100644 | |
--- a/decrepit/cfb/cfb.c | |
+++ b/decrepit/cfb/cfb.c | |
@@ -57,4 +57,12 @@ static const EVP_CIPHER aes_128_cfb128 = { | |
NULL /* cleanup */, NULL /* ctrl */, | |
}; | |
+static const EVP_CIPHER aes_256_cfb128 = { | |
+ NID_aes_128_cfb128, 1 /* block_size */, 32 /* key_size */, | |
+ 16 /* iv_len */, sizeof(EVP_CFB_CTX), EVP_CIPH_CFB_MODE, | |
+ NULL /* app_data */, aes_cfb_init_key, aes_cfb128_cipher, | |
+ NULL /* cleanup */, NULL /* ctrl */, | |
+}; | |
+ | |
const EVP_CIPHER *EVP_aes_128_cfb128(void) { return &aes_128_cfb128; } | |
+const EVP_CIPHER *EVP_aes_256_cfb128(void) { return &aes_256_cfb128; } | |
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c | |
index 38b8f9f78..112cc1e91 100644 | |
--- a/decrepit/evp/evp_do_all.c | |
+++ b/decrepit/evp/evp_do_all.c | |
@@ -24,6 +24,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, | |
callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg); | |
callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg); | |
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg); | |
+ callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg); | |
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg); | |
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg); | |
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg); | |
@@ -42,6 +43,7 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher, | |
callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg); | |
callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg); | |
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg); | |
+ callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg); | |
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg); | |
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg); | |
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg); | |
diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h | |
index 727d7a7fc..8bcd6fe7d 100644 | |
--- a/include/openssl/cipher.h | |
+++ b/include/openssl/cipher.h | |
@@ -421,6 +421,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ofb(void); | |
// EVP_aes_128_cfb128 is only available in decrepit. | |
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void); | |
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void); | |
// The following flags do nothing and are included only to make it easier to | |
// compile code with BoringSSL. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment