Skip to content

Commit c8dd2cd

Browse files
npaunnpaun
committed
Provide a copy of EVP_CIPHER_do_all_sorted if required
1 parent 7740237 commit c8dd2cd

File tree

3 files changed

+105
-6
lines changed

3 files changed

+105
-6
lines changed

BUILD.bazel

Lines changed: 28 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,36 @@
1+
load("@bazel_skylib//rules:common_settings.bzl", "bool_flag")
2+
3+
bool_flag(
4+
name = "bssl_needs_evp_cipher_do_all_sorted",
5+
build_setting_default = False,
6+
)
7+
8+
config_setting(
9+
name = "cfg_bssl_needs_evp_cipher_do_all_sorted",
10+
flag_values = {
11+
"bssl_needs_evp_cipher_do_all_sorted": "True",
12+
},
13+
)
14+
115
cc_library(
216
name = "ncrypto",
317
srcs = glob(["src/*.cpp"]),
418
hdrs = glob(["include/*.h"]),
519
includes = ["include"],
20+
local_defines = {
21+
"NCRYPTO_BSSL_NEEDS_EVP_CIPHER_DO_ALL_SORTED": select(
22+
{
23+
":cfg_bssl_needs_evp_cipher_do_all_sorted": 1,
24+
"//conditions:default": 0,
25+
},
26+
),
27+
},
628
visibility = ["//visibility:public"],
729
deps = [
8-
"@ssl//:ssl",
9-
"@ssl//:crypto",
10-
"@ssl//:decrepit"
11-
]
30+
"@ssl",
31+
"@ssl//:crypto",
32+
] + select({
33+
":cfg_bssl_needs_evp_cipher_do_all_sorted": [],
34+
"//conditions:default": ["@ssl//:decrepit"],
35+
}),
1236
)

src/ncrypto.cpp

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5297,3 +5297,64 @@ BIGNUM* BN_get_rfc3526_prime_8192(BIGNUM* ret) {
52975297
return get_params(ret, kWords, OPENSSL_ARRAY_SIZE(kWords));
52985298
}
52995299
#endif
5300+
5301+
// ===========================================================================
5302+
#if NCRYPTO_BSSL_NEEDS_EVP_CIPHER_DO_ALL_SORTED
5303+
// While BoringSSL implements EVP_CIPHER_do_all_sorted, it includes this
5304+
// inplementation in a library called "libdecrepit", which might not be included
5305+
// depending on how boringssl was built. In such cases, a copy of the function
5306+
// is provided here:
5307+
5308+
void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER* cipher,
5309+
const char* name,
5310+
const char* unused,
5311+
void* arg),
5312+
void* arg) {
5313+
callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
5314+
callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
5315+
callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
5316+
callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
5317+
callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
5318+
callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
5319+
callback(EVP_aes_128_ecb(), "AES-128-ECB", NULL, arg);
5320+
callback(EVP_aes_192_ecb(), "AES-192-ECB", NULL, arg);
5321+
callback(EVP_aes_256_ecb(), "AES-256-ECB", NULL, arg);
5322+
callback(EVP_aes_128_ofb(), "AES-128-OFB", NULL, arg);
5323+
callback(EVP_aes_192_ofb(), "AES-192-OFB", NULL, arg);
5324+
callback(EVP_aes_256_ofb(), "AES-256-OFB", NULL, arg);
5325+
callback(EVP_aes_128_gcm(), "AES-128-GCM", NULL, arg);
5326+
callback(EVP_aes_192_gcm(), "AES-192-GCM", NULL, arg);
5327+
callback(EVP_aes_256_gcm(), "AES-256-GCM", NULL, arg);
5328+
callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
5329+
callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
5330+
callback(EVP_des_ede(), "DES-EDE", NULL, arg);
5331+
callback(EVP_des_ede_cbc(), "DES-EDE-CBC", NULL, arg);
5332+
callback(EVP_des_ede3_cbc(), "DES-EDE3-CBC", NULL, arg);
5333+
callback(EVP_rc2_cbc(), "RC2-CBC", NULL, arg);
5334+
callback(EVP_rc4(), "RC4", NULL, arg);
5335+
5336+
// OpenSSL returns everything twice, the second time in lower case.
5337+
callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
5338+
callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
5339+
callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
5340+
callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
5341+
callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
5342+
callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
5343+
callback(EVP_aes_128_ecb(), "aes-128-ecb", NULL, arg);
5344+
callback(EVP_aes_192_ecb(), "aes-192-ecb", NULL, arg);
5345+
callback(EVP_aes_256_ecb(), "aes-256-ecb", NULL, arg);
5346+
callback(EVP_aes_128_ofb(), "aes-128-ofb", NULL, arg);
5347+
callback(EVP_aes_192_ofb(), "aes-192-ofb", NULL, arg);
5348+
callback(EVP_aes_256_ofb(), "aes-256-ofb", NULL, arg);
5349+
callback(EVP_aes_128_gcm(), "aes-128-gcm", NULL, arg);
5350+
callback(EVP_aes_192_gcm(), "aes-192-gcm", NULL, arg);
5351+
callback(EVP_aes_256_gcm(), "aes-256-gcm", NULL, arg);
5352+
callback(EVP_des_cbc(), "des-cbc", NULL, arg);
5353+
callback(EVP_des_ecb(), "des-ecb", NULL, arg);
5354+
callback(EVP_des_ede(), "des-ede", NULL, arg);
5355+
callback(EVP_des_ede_cbc(), "des-ede-cbc", NULL, arg);
5356+
callback(EVP_des_ede3_cbc(), "des-ede3-cbc", NULL, arg);
5357+
callback(EVP_rc2_cbc(), "rc2-cbc", NULL, arg);
5358+
callback(EVP_rc4(), "rc4", NULL, arg);
5359+
}
5360+
#endif

tests/basic.cpp

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,20 @@
22

33
#include <gtest/gtest.h>
44

5-
TEST(basic, test_it) {
6-
SUCCEED();
5+
#include <string>
6+
#include <unordered_set>
7+
8+
using namespace ncrypto;
9+
10+
TEST(basic, cipher_foreach) {
11+
std::unordered_set<std::string> foundCiphers;
12+
13+
Cipher::ForEach([&](const char* name) { foundCiphers.insert(name); });
14+
15+
// When testing Cipher::ForEach, we cannot expect a particular list of ciphers
16+
// as that depends on openssl vs boringssl, versions, configuration, etc.
17+
// Instead, we look for a couple of very common ciphers that should always be
18+
// present.
19+
ASSERT_TRUE(foundCiphers.count("AES-128-CTR"));
20+
ASSERT_TRUE(foundCiphers.count("AES-256-CBC"));
721
}

0 commit comments

Comments
 (0)