Skip to content

Commit

Permalink
fix: backport patch to sync exposed crypto (backport: 5-0-x) (#16909)
Browse files Browse the repository at this point in the history 
* fix: backport patch to sync exposed crypto

* add two new specs

* fix iv length

* fix formatting
  • Loading branch information
@trop @MarshallOfSound
trop[bot] authored and MarshallOfSound committed Feb 12, 2019
1 parent c1ea592 commit a4babe6
Show file tree
Hide file tree
Showing 3 changed files with 96 additions and 0 deletions.
1 change: 1 addition & 0 deletions patches/common/boringssl/.patches
View file
Expand Up @@ -2,3 +2,4 @@ add_ec_group_order_bits_for_openssl_compatibility.patch
add_ec_key_key2buf_for_openssl_compatibility.patch
expose_ripemd160.patch
expose_aes-cfb.patch
sync_sorted_ciphers.patch
85 changes: 85 additions & 0 deletions patches/common/boringssl/sync_sorted_ciphers.patch
View file
@@ -0,0 +1,85 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Thu, 7 Feb 2019 11:11:35 -0800
Subject: sync EVP_get_cipherbyname with EVP_do_all_sorted

EVP_get_cipherbyname should work on everything that EVP_do_all_sorted
lists, and conversely, there should be nothing that
EVP_get_cipherbyname works on that EVP_do_all_sorted doesn't list.
This thus does that.

diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
index be7ef07b2c188a76890deb0f305cf92fcc57a64e..588a4773437c311877f275bf3679f9688cda3c46 100644
--- a/crypto/cipher_extra/cipher_extra.c
+++ b/crypto/cipher_extra/cipher_extra.c
@@ -133,6 +133,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
return EVP_aes_192_ofb();
} else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) {
return EVP_aes_256_ofb();
+ } else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) {
+ return EVP_des_ecb();
+ } else if (OPENSSL_strcasecmp(name, "des-ede") == 0) {
+ return EVP_des_ede();
+ } else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) {
+ return EVP_des_ede_cbc();
+ } else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) {
+ return EVP_rc2_cbc();
}

return NULL;
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
index 8b008a401ec2f2d0673f6876609dd5786cace4c2..3e88b29cb599730d2e8682070aaa4be38d06ed80 100644
--- a/decrepit/evp/evp_do_all.c
+++ b/decrepit/evp/evp_do_all.c
@@ -21,15 +21,21 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
void *arg) {
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
- callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
- callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
- callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
+ callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
+ callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
+ callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
+ callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
+ callback(EVP_aes_192_ecb(), "AES-192-ECB", NULL, arg);
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
+ callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
+ callback(EVP_aes_192_ofb(), "AES-192-OFB", NULL, arg);
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
- callback(EVP_aes_256_xts(), "AES-256-XTS", NULL, arg);
+ callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg);
+ callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg);
+ callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg);
callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
callback(EVP_des_ede(), "DES-EDE", NULL, arg);
@@ -41,15 +47,21 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
// OpenSSL returns everything twice, the second time in lower case.
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
- callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
- callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
- callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
+ callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
+ callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
+ callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
+ callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
+ callback(EVP_aes_192_ecb(), "aes-192-ecb", NULL, arg);
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
+ callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
+ callback(EVP_aes_192_ofb(), "aes-192-ofb", NULL, arg);
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
- callback(EVP_aes_256_xts(), "aes-256-xts", NULL, arg);
+ callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg);
+ callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg);
+ callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg);
callback(EVP_des_cbc(), "des-cbc", NULL, arg);
callback(EVP_des_ecb(), "des-ecb", NULL, arg);
callback(EVP_des_ede(), "des-ede", NULL, arg);
10 changes: 10 additions & 0 deletions spec/node-spec.js
View file
Expand Up @@ -450,6 +450,16 @@ describe('node feature', () => {
it('should be able to create an aes-256-cfb cipher', () => {
require('crypto').createCipheriv('aes-256-cfb', '0123456789abcdef0123456789abcdef', '0123456789abcdef')
})

it('should list des-ede-cbc in getCiphers', () => {
expect(require('crypto').getCiphers()).to.include('des-ede-cbc')
})

it('should be able to create an des-ede-cbc cipher', () => {
const key = Buffer.from('0123456789abcdeff1e0d3c2b5a49786', 'hex')
const iv = Buffer.from('fedcba9876543210', 'hex')
require('crypto').createCipheriv('des-ede-cbc', key, iv)
})
})

it('includes the electron version in process.versions', () => {
Expand Down

0 comments on commit a4babe6

Please sign in to comment.