BoringSSL: support AES-192.
Keystore has added support for it so these functions are needed again.
Change-Id: Id3bf3dd10e182fe7a9b1c51bd3184ecac4cfde8b
diff --git a/android_compat_hacks.c b/android_compat_hacks.c
index 08377c5..8eac801 100644
--- a/android_compat_hacks.c
+++ b/android_compat_hacks.c
@@ -28,10 +28,6 @@
#include <openssl/ssl.h>
-const EVP_CIPHER *EVP_aes_192_ecb(void) { return NULL; }
-
-const EVP_CIPHER *EVP_aes_192_cbc(void) { return NULL; }
-
BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) {
assert(bn == NULL);
diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c
index f92bb8e..a86e830 100644
--- a/src/crypto/cipher/e_aes.c
+++ b/src/crypto/cipher/e_aes.c
@@ -707,6 +707,34 @@
aes_gcm_ctrl};
+static const EVP_CIPHER aes_192_cbc = {
+ NID_aes_192_cbc, 16 /* block_size */, 24 /* key_size */,
+ 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE,
+ NULL /* app_data */, aes_init_key, aes_cbc_cipher,
+ NULL /* cleanup */, NULL /* ctrl */};
+
+static const EVP_CIPHER aes_192_ctr = {
+ NID_aes_192_ctr, 1 /* block_size */, 24 /* key_size */,
+ 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CTR_MODE,
+ NULL /* app_data */, aes_init_key, aes_ctr_cipher,
+ NULL /* cleanup */, NULL /* ctrl */};
+
+static const EVP_CIPHER aes_192_ecb = {
+ NID_aes_192_ecb, 16 /* block_size */, 24 /* key_size */,
+ 0 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_ECB_MODE,
+ NULL /* app_data */, aes_init_key, aes_ecb_cipher,
+ NULL /* cleanup */, NULL /* ctrl */};
+
+static const EVP_CIPHER aes_192_gcm = {
+ NID_aes_192_gcm, 1 /* block_size */, 24 /* key_size */, 12 /* iv_len */,
+ sizeof(EVP_AES_GCM_CTX),
+ EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+ EVP_CIPH_FLAG_AEAD_CIPHER,
+ NULL /* app_data */, aes_gcm_init_key, aes_gcm_cipher, aes_gcm_cleanup,
+ aes_gcm_ctrl};
+
+
static const EVP_CIPHER aes_256_cbc = {
NID_aes_128_cbc, 16 /* block_size */, 32 /* key_size */,
16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE,
@@ -855,6 +883,34 @@
aes_gcm_ctrl};
+static const EVP_CIPHER aesni_192_cbc = {
+ NID_aes_192_cbc, 16 /* block_size */, 24 /* key_size */,
+ 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE,
+ NULL /* app_data */, aesni_init_key, aesni_cbc_cipher,
+ NULL /* cleanup */, NULL /* ctrl */};
+
+static const EVP_CIPHER aesni_192_ctr = {
+ NID_aes_192_ctr, 1 /* block_size */, 24 /* key_size */,
+ 16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CTR_MODE,
+ NULL /* app_data */, aesni_init_key, aes_ctr_cipher,
+ NULL /* cleanup */, NULL /* ctrl */};
+
+static const EVP_CIPHER aesni_192_ecb = {
+ NID_aes_192_ecb, 16 /* block_size */, 24 /* key_size */,
+ 0 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_ECB_MODE,
+ NULL /* app_data */, aesni_init_key, aesni_ecb_cipher,
+ NULL /* cleanup */, NULL /* ctrl */};
+
+static const EVP_CIPHER aesni_192_gcm = {
+ NID_aes_192_gcm, 1 /* block_size */, 24 /* key_size */, 12 /* iv_len */,
+ sizeof(EVP_AES_GCM_CTX),
+ EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+ EVP_CIPH_FLAG_AEAD_CIPHER,
+ NULL /* app_data */, aesni_gcm_init_key, aes_gcm_cipher, aes_gcm_cleanup,
+ aes_gcm_ctrl};
+
+
static const EVP_CIPHER aesni_256_cbc = {
NID_aes_128_cbc, 16 /* block_size */, 32 /* key_size */,
16 /* iv_len */, sizeof(EVP_AES_KEY), EVP_CIPH_CBC_MODE,
@@ -909,6 +965,11 @@
EVP_CIPHER_FUNCTION(128, ecb)
EVP_CIPHER_FUNCTION(128, gcm)
+EVP_CIPHER_FUNCTION(192, cbc)
+EVP_CIPHER_FUNCTION(192, ctr)
+EVP_CIPHER_FUNCTION(192, ecb)
+EVP_CIPHER_FUNCTION(192, gcm)
+
EVP_CIPHER_FUNCTION(256, cbc)
EVP_CIPHER_FUNCTION(256, ctr)
EVP_CIPHER_FUNCTION(256, ecb)
diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h
index b614333..adca5a9 100644
--- a/src/include/openssl/cipher.h
+++ b/src/include/openssl/cipher.h
@@ -90,6 +90,12 @@
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_gcm(void);
OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_gcm(void);
+/* Deprecated 192-bit version of AES. */
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ctr(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_gcm(void);
+
/* EVP_enc_null returns a 'cipher' that passes plaintext through as
* ciphertext. */
OPENSSL_EXPORT const EVP_CIPHER *EVP_enc_null(void);
@@ -521,16 +527,6 @@
};
-/* Android compatibility section.
- *
- * These functions are declared, temporarily, for Android because
- * wpa_supplicant will take a little time to sync with upstream. Outside of
- * Android they'll have no definition. */
-
-OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_ecb(void);
-OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_192_cbc(void);
-
-
#if defined(__cplusplus)
} /* extern C */
#endif
