From 718b133a5328108099ecac0bf40d8fd4886e7b64 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 3 Apr 2019 18:01:21 +0100
Subject: [PATCH] Implement AES CBC ciphers in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
---
 crypto/err/openssl.txt                        |   1 +
 crypto/evp/evp_enc.c                          |  55 +++++-
 crypto/evp/evp_err.c                          |   1 +
 crypto/evp/evp_lib.c                          | 115 ++++++++++---
 crypto/include/internal/evp_int.h             |   6 +-
 include/openssl/core_names.h                  |   1 +
 include/openssl/core_numbers.h                |  26 +--
 include/openssl/evp.h                         |   2 +-
 include/openssl/evperr.h                      |   1 +
 providers/common/ciphers/aes.c                | 158 ++++++++++--------
 .../common/include/internal/provider_algs.h   |   3 +
 providers/default/defltprov.c                 |   3 +
 util/libcrypto.num                            |   1 +
 13 files changed, 261 insertions(+), 112 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 6a904d8e65..d914c5b4cb 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -787,6 +787,7 @@ EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl
 EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length
 EVP_F_EVP_CIPHER_CTX_SET_PADDING:237:EVP_CIPHER_CTX_set_padding
 EVP_F_EVP_CIPHER_FROM_DISPATCH:238:evp_cipher_from_dispatch
+EVP_F_EVP_CIPHER_MODE:239:EVP_CIPHER_mode
 EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1
 EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
 EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 6dbc7147e4..7b22e21ee6 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -142,6 +142,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         case NID_aes_256_ecb:
         case NID_aes_192_ecb:
         case NID_aes_128_ecb:
+        case NID_aes_256_cbc:
+        case NID_aes_192_cbc:
+        case NID_aes_128_cbc:
             break;
         default:
             goto legacy;
@@ -204,6 +207,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             return 0;
     }
 
+    switch (EVP_CIPHER_mode(ctx->cipher)) {
+    case EVP_CIPH_CFB_MODE:
+    case EVP_CIPH_OFB_MODE:
+    case EVP_CIPH_CBC_MODE:
+        /* For these modes we remember the original IV for later use */
+        if (!ossl_assert(EVP_CIPHER_CTX_iv_length(ctx) <= (int)sizeof(ctx->oiv))) {
+            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        if (iv != NULL)
+            memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+    }
+
     if (enc) {
         if (ctx->cipher->einit == NULL) {
             EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
@@ -851,12 +867,12 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
 
         params[0].data = &pad;
 
-        if (ctx->cipher->set_params == NULL) {
+        if (ctx->cipher->ctx_set_params == NULL) {
             EVPerr(EVP_F_EVP_CIPHER_CTX_SET_PADDING, EVP_R_CTRL_NOT_IMPLEMENTED);
             return 0;
         }
 
-        if (!ctx->cipher->set_params(ctx->provctx, params))
+        if (!ctx->cipher->ctx_set_params(ctx->provctx, params))
             return 0;
     }
 
@@ -915,7 +931,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
     *out = *in;
     out->provctx = NULL;
 
-    if (in->fetched_cipher != NULL || !EVP_CIPHER_upref(in->fetched_cipher)) {
+    if (in->fetched_cipher != NULL && !EVP_CIPHER_upref(in->fetched_cipher)) {
         out->fetched_cipher = NULL;
         return 0;
     }
@@ -1002,6 +1018,11 @@ static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns,
             cipher->cfinal = OSSL_get_OP_cipher_final(fns);
             fnciphcnt++;
             break;
+        case OSSL_FUNC_CIPHER_CIPHER:
+            if (cipher->ccipher != NULL)
+                break;
+            cipher->ccipher = OSSL_get_OP_cipher_cipher(fns);
+            break;
         case OSSL_FUNC_CIPHER_FREECTX:
             if (cipher->freectx != NULL)
                 break;
@@ -1018,25 +1039,41 @@ static void *evp_cipher_from_dispatch(int nid, const OSSL_DISPATCH *fns,
                 break;
             cipher->key_length = OSSL_get_OP_cipher_key_length(fns);
             break;
+        case OSSL_FUNC_CIPHER_IV_LENGTH:
+            if (cipher->iv_length != NULL)
+                break;
+            cipher->iv_length = OSSL_get_OP_cipher_iv_length(fns);
+            break;
+        case OSSL_FUNC_CIPHER_BLOCK_SIZE:
+            if (cipher->blocksize != NULL)
+                break;
+            cipher->blocksize = OSSL_get_OP_cipher_block_size(fns);
+            break;
         case OSSL_FUNC_CIPHER_GET_PARAMS:
             if (cipher->get_params != NULL)
                 break;
             cipher->get_params = OSSL_get_OP_cipher_get_params(fns);
             break;
-        case OSSL_FUNC_CIPHER_SET_PARAMS:
-            if (cipher->set_params != NULL)
+        case OSSL_FUNC_CIPHER_CTX_GET_PARAMS:
+            if (cipher->ctx_get_params != NULL)
+                break;
+            cipher->ctx_get_params = OSSL_get_OP_cipher_ctx_get_params(fns);
+            break;
+        case OSSL_FUNC_CIPHER_CTX_SET_PARAMS:
+            if (cipher->ctx_set_params != NULL)
                 break;
-            cipher->set_params = OSSL_get_OP_cipher_set_params(fns);
+            cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns);
             break;
         }
     }
-    if ((fnciphcnt != 3 && fnciphcnt != 4)
+    if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
+            || (fnciphcnt == 0 && cipher->ccipher == NULL)
             || fnctxcnt != 2) {
         /*
          * In order to be a consistent set of functions we must have at least
          * a complete set of "encrypt" functions, or a complete set of "decrypt"
-         * functions. In both cases we need a complete set of context management
-         * functions
+         * functions, or a single "cipher" function. In all cases we need a
+         * complete set of context management functions
          */
         EVP_CIPHER_meth_free(cipher);
         EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS);
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 9c79f8655e..3555c0e5f8 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -57,6 +57,7 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
      "EVP_CIPHER_CTX_set_padding"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_FROM_DISPATCH, 0),
      "evp_cipher_from_dispatch"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_MODE, 0), "EVP_CIPHER_mode"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0),
      "EVP_CIPHER_param_to_asn1"},
     {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index c99dd9e898..189c953266 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -11,6 +11,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
 #include "internal/evp_int.h"
 #include "internal/provider.h"
 #include "evp_locl.h"
@@ -18,13 +20,28 @@
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
     int ret;
+    const EVP_CIPHER *cipher = c->cipher;
 
-    if (c->cipher->set_asn1_parameters != NULL)
-        ret = c->cipher->set_asn1_parameters(c, type);
-    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
-        switch (EVP_CIPHER_CTX_mode(c)) {
+    if (cipher->prov != NULL) {
+        /*
+         * The cipher has come from a provider and won't have the default flags.
+         * Find the implicit form so we can check the flags.
+         * TODO(3.0): This won't work for 3rd party ciphers we know nothing about
+         * We'll need to think of something else for those.
+         */
+        cipher = EVP_get_cipherbynid(cipher->nid);
+        if (cipher == NULL) {
+            EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ASN1_R_UNSUPPORTED_CIPHER);
+            return -1;
+        }
+    }
+
+    if (cipher->set_asn1_parameters != NULL)
+        ret = cipher->set_asn1_parameters(c, type);
+    else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_mode(cipher)) {
         case EVP_CIPH_WRAP_MODE:
-            if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap)
+            if (EVP_CIPHER_nid(cipher) == NID_id_smime_alg_CMS3DESwrap)
                 ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
             ret = 1;
             break;
@@ -53,11 +70,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
     int ret;
+    const EVP_CIPHER *cipher = c->cipher;
+
+    if (cipher->prov != NULL) {
+        /*
+         * The cipher has come from a provider and won't have the default flags.
+         * Find the implicit form so we can check the flags.
+         */
+        cipher = EVP_get_cipherbynid(cipher->nid);
+        if (cipher == NULL)
+            return -1;
+    }
 
-    if (c->cipher->get_asn1_parameters != NULL)
-        ret = c->cipher->get_asn1_parameters(c, type);
-    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
-        switch (EVP_CIPHER_CTX_mode(c)) {
+    if (cipher->get_asn1_parameters != NULL)
+        ret = cipher->get_asn1_parameters(c, type);
+    else if (cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_mode(cipher)) {
 
         case EVP_CIPH_WRAP_MODE:
             ret = 1;
@@ -85,19 +113,23 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
     return ret;
 }
 
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type)
 {
     int i = 0;
     unsigned int l;
 
     if (type != NULL) {
-        l = EVP_CIPHER_CTX_iv_length(c);
-        OPENSSL_assert(l <= sizeof(c->iv));
-        i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+
+        l = EVP_CIPHER_CTX_iv_length(ctx);
+        if (!ossl_assert(l <= sizeof(iv)))
+            return -1;
+        i = ASN1_TYPE_get_octetstring(type, iv, l);
         if (i != (int)l)
             return -1;
-        else if (i > 0)
-            memcpy(c->iv, c->oiv, l);
+
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1))
+            return -1;
     }
     return i;
 }
@@ -175,14 +207,20 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
     }
 }
 
-int EVP_CIPHER_block_size(const EVP_CIPHER *e)
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
 {
-    return e->block_size;
+    if (cipher->prov != NULL) {
+        if (cipher->blocksize != NULL)
+            return cipher->blocksize();
+        /* We default to a block size of 1 */
+        return 1;
+    }
+    return cipher->block_size;
 }
 
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
 {
-    return ctx->cipher->block_size;
+    return EVP_CIPHER_block_size(ctx->cipher);
 }
 
 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
@@ -193,6 +231,12 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                const unsigned char *in, unsigned int inl)
 {
+    if (ctx->cipher->prov != NULL) {
+        if (ctx->cipher->ccipher != NULL)
+            return ctx->cipher->ccipher(ctx->provctx, out, in, (size_t)inl);
+        return 0;
+    }
+
     return ctx->cipher->do_cipher(ctx, out, in, inl);
 }
 
@@ -238,12 +282,18 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
 
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
 {
+    if (cipher->prov != NULL) {
+        if (cipher->iv_length != NULL)
+            return (int)cipher->iv_length();
+        return 0;
+    }
+
     return cipher->iv_len;
 }
 
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
 {
-    return ctx->cipher->iv_len;
+    return EVP_CIPHER_iv_length(ctx->cipher);
 }
 
 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
@@ -308,6 +358,33 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
     return ctx->cipher->nid;
 }
 
+int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
+{
+    if (cipher->prov != NULL) {
+        int mode;
+
+        /* Cipher comes from a provider - so ask the provider for the mode */
+        OSSL_PARAM params[] = {
+            OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL),
+            OSSL_PARAM_END
+        };
+
+        params[0].data = &mode;
+
+        if (cipher->get_params == NULL) {
+            EVPerr(EVP_F_EVP_CIPHER_MODE, EVP_R_CTRL_NOT_IMPLEMENTED);
+            return 0;
+        }
+
+        if (!cipher->get_params(params))
+            return 0;
+
+        return mode;
+    }
+    return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
+}
+
+
 int EVP_MD_block_size(const EVP_MD *md)
 {
     if (md == NULL) {
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
index e428a63d10..b3d9694618 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -249,11 +249,15 @@ struct evp_cipher_st {
     OSSL_OP_cipher_decrypt_init_fn *dinit;
     OSSL_OP_cipher_update_fn *cupdate;
     OSSL_OP_cipher_final_fn *cfinal;
+    OSSL_OP_cipher_cipher_fn *ccipher;
     OSSL_OP_cipher_freectx_fn *freectx;
     OSSL_OP_cipher_dupctx_fn *dupctx;
     OSSL_OP_cipher_key_length_fn *key_length;
+    OSSL_OP_cipher_iv_length_fn *iv_length;
+    OSSL_OP_cipher_block_size_fn *blocksize;
     OSSL_OP_cipher_get_params_fn *get_params;
-    OSSL_OP_cipher_get_params_fn *set_params;
+    OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params;
+    OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params;
 } /* EVP_CIPHER */ ;
 
 /* Macros to code block cipher wrappers */
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 7a41778c2f..35a23d7421 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -38,6 +38,7 @@ extern "C" {
 /* Well known cipher parameters */
 
 #define OSSL_CIPHER_PARAM_PADDING   "padding"
+#define OSSL_CIPHER_PARAM_MODE      "mode"
 
 # ifdef __cplusplus
 }
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index 7b17d2cbb8..8994374567 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -113,12 +113,15 @@ OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void))
 # define OSSL_FUNC_CIPHER_DECRYPT_INIT               3
 # define OSSL_FUNC_CIPHER_UPDATE                     4
 # define OSSL_FUNC_CIPHER_FINAL                      5
-# define OSSL_FUNC_CIPHER_FREECTX                    6
-# define OSSL_FUNC_CIPHER_DUPCTX                     7
-# define OSSL_FUNC_CIPHER_KEY_LENGTH                 8
-# define OSSL_FUNC_CIPHER_GET_PARAMS                 9
-# define OSSL_FUNC_CIPHER_SET_PARAMS                10
-
+# define OSSL_FUNC_CIPHER_CIPHER                     6
+# define OSSL_FUNC_CIPHER_FREECTX                    7
+# define OSSL_FUNC_CIPHER_DUPCTX                     8
+# define OSSL_FUNC_CIPHER_KEY_LENGTH                 9
+# define OSSL_FUNC_CIPHER_IV_LENGTH                 10
+# define OSSL_FUNC_CIPHER_BLOCK_SIZE                11
+# define OSSL_FUNC_CIPHER_GET_PARAMS                12
+# define OSSL_FUNC_CIPHER_CTX_GET_PARAMS            13
+# define OSSL_FUNC_CIPHER_CTX_SET_PARAMS            14
 
 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void))
 OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *vctx,
@@ -138,10 +141,13 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_cipher,
 OSSL_CORE_MAKE_FUNC(void, OP_cipher_freectx, (void *vctx))
 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_dupctx, (void *vctx))
 OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_key_length, (void))
-OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (void *vctx,
-                                                const OSSL_PARAM params[]))
-OSSL_CORE_MAKE_FUNC(int, OP_cipher_set_params, (void *vctx,
-                                                const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_iv_length, (void))
+OSSL_CORE_MAKE_FUNC(size_t, OP_cipher_block_size, (void))
+OSSL_CORE_MAKE_FUNC(int, OP_cipher_get_params, (const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *vctx,
+                                                    const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *vctx,
+                                                    const OSSL_PARAM params[]))
 
 
 # ifdef __cplusplus
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 0db9857304..6fc0f35114 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -474,7 +474,7 @@ int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher);
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
-# define EVP_CIPHER_mode(e)              (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+int EVP_CIPHER_mode(const EVP_CIPHER *cipher);
 EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
                              const char *properties);
 
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index 417d6ae571..d88d4a8403 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -57,6 +57,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
 # define EVP_F_EVP_CIPHER_CTX_SET_PADDING                 237
 # define EVP_F_EVP_CIPHER_FROM_DISPATCH                   238
+# define EVP_F_EVP_CIPHER_MODE                            239
 # define EVP_F_EVP_CIPHER_PARAM_TO_ASN1                   205
 # define EVP_F_EVP_DECRYPTFINAL_EX                        101
 # define EVP_F_EVP_DECRYPTUPDATE                          166
diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c
index 6a46e86910..3a278db6db 100644
--- a/providers/common/ciphers/aes.c
+++ b/providers/common/ciphers/aes.c
@@ -135,38 +135,52 @@ static int aes_final(void *vctx, unsigned char *out, size_t *outl)
     return 1;
 }
 
-static void *aes_256_ecb_newctx(void)
+static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in,
+                      size_t inl)
 {
-    PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));
+    PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
+
+    if (!ctx->ciph->cipher(ctx, out, in, inl))
+        return 0;
 
-    ctx->pad = 1;
-    ctx->keylen = 256 / 8;
-    ctx->ciph = PROV_AES_CIPHER_ecb();
-    ctx->mode = EVP_CIPH_ECB_MODE;
-    return ctx;
+    return 1;
 }
 
-static void *aes_192_ecb_newctx(void)
-{
-    PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));
+#define IMPLEMENT_new_params(lcmode, UCMODE) \
+    static int aes_##lcmode##_get_params(const OSSL_PARAM params[]) \
+    { \
+        const OSSL_PARAM *p; \
+    \
+        p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); \
+        if (p != NULL && !OSSL_PARAM_set_int(p, EVP_CIPH_##UCMODE##_MODE)) \
+            return 0; \
+    \
+        return 1; \
+    }
 
-    ctx->pad = 1;
-    ctx->keylen = 192 / 8;
-    ctx->ciph = PROV_AES_CIPHER_ecb();
-    ctx->mode = EVP_CIPH_ECB_MODE;
-    return ctx;
-}
+#define IMPLEMENT_new_ctx(lcmode, UCMODE, len) \
+    static void *aes_##len##_##lcmode##_newctx(void) \
+    { \
+        PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+    \
+        ctx->pad = 1; \
+        ctx->keylen = (len / 8); \
+        ctx->ciph = PROV_AES_CIPHER_##lcmode(); \
+        ctx->mode = EVP_CIPH_##UCMODE##_MODE; \
+        return ctx; \
+    }
 
-static void *aes_128_ecb_newctx(void)
-{
-    PROV_AES_KEY *ctx = OPENSSL_zalloc(sizeof(*ctx));
+/* ECB */
+IMPLEMENT_new_params(ecb, ECB)
+IMPLEMENT_new_ctx(ecb, ECB, 256)
+IMPLEMENT_new_ctx(ecb, ECB, 192)
+IMPLEMENT_new_ctx(ecb, ECB, 128)
 
-    ctx->pad = 1;
-    ctx->keylen = 128 / 8;
-    ctx->ciph = PROV_AES_CIPHER_ecb();
-    ctx->mode = EVP_CIPH_ECB_MODE;
-    return ctx;
-}
+/* CBC */
+IMPLEMENT_new_params(cbc, CBC)
+IMPLEMENT_new_ctx(cbc, CBC, 256)
+IMPLEMENT_new_ctx(cbc, CBC, 192)
+IMPLEMENT_new_ctx(cbc, CBC, 128)
 
 static void aes_freectx(void *vctx)
 {
@@ -200,7 +214,22 @@ static size_t key_length_128(void)
     return 128 / 8;
 }
 
-static int aes_get_params(void *vctx, const OSSL_PARAM params[])
+static size_t iv_length_16(void)
+{
+    return 16;
+}
+
+static size_t iv_length_0(void)
+{
+    return 0;
+}
+
+static size_t block_size_16(void)
+{
+    return 16;
+}
+
+static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[])
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
     const OSSL_PARAM *p;
@@ -212,7 +241,7 @@ static int aes_get_params(void *vctx, const OSSL_PARAM params[])
     return 1;
 }
 
-static int aes_set_params(void *vctx, const OSSL_PARAM params[])
+static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[])
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
     const OSSL_PARAM *p;
@@ -228,48 +257,33 @@ static int aes_set_params(void *vctx, const OSSL_PARAM params[])
     return 1;
 }
 
-const OSSL_DISPATCH aes256ecb_functions[] = {
-    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_256_ecb_newctx },
-    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit },
-    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit },
-    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_update },
-    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_final },
-    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx },
-    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx },
-    { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_256 },
-    { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params },
-    { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params },
-    { 0, NULL }
-};
-
-const OSSL_DISPATCH aes192ecb_functions[] = {
-    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_192_ecb_newctx },
-    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit },
-    { OSSL_FUNC_CIPHER_ENCRYPT_UPDATE, (void (*)(void))aes_update },
-    { OSSL_FUNC_CIPHER_ENCRYPT_FINAL, (void (*)(void))aes_efinal },
-    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit },
-    { OSSL_FUNC_CIPHER_DECRYPT_UPDATE, (void (*)(void))aes_update },
-    { OSSL_FUNC_CIPHER_DECRYPT_FINAL, (void (*)(void))aes_dfinal },
-    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx },
-    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx },
-    { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_192 },
-    { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params },
-    { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params },
-    { 0, NULL }
-};
-
-const OSSL_DISPATCH aes128ecb_functions[] = {
-    { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_128_ecb_newctx },
-    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit },
-    { OSSL_FUNC_CIPHER_ENCRYPT_UPDATE, (void (*)(void))aes_update },
-    { OSSL_FUNC_CIPHER_ENCRYPT_FINAL, (void (*)(void))aes_efinal },
-    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit },
-    { OSSL_FUNC_CIPHER_DECRYPT_UPDATE, (void (*)(void))aes_update },
-    { OSSL_FUNC_CIPHER_DECRYPT_FINAL, (void (*)(void))aes_dfinal },
-    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx },
-    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx },
-    { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_128 },
-    { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_get_params },
-    { OSSL_FUNC_CIPHER_SET_PARAMS, (void (*)(void))aes_set_params },
-    { 0, NULL }
-};
+#define IMPLEMENT_funcs(mode, keylen, ivlen, blksz) \
+    const OSSL_DISPATCH aes##keylen##mode##_functions[] = { \
+        { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))aes_##keylen##_##mode##_newctx }, \
+        { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_einit }, \
+        { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_dinit }, \
+        { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_update }, \
+        { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_final }, \
+        { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))aes_cipher }, \
+        { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_freectx }, \
+        { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_dupctx }, \
+        { OSSL_FUNC_CIPHER_KEY_LENGTH, (void (*)(void))key_length_##keylen }, \
+        { OSSL_FUNC_CIPHER_IV_LENGTH, (void (*)(void))iv_length_##ivlen }, \
+        { OSSL_FUNC_CIPHER_BLOCK_SIZE, (void (*)(void))block_size_##blksz }, \
+        { OSSL_FUNC_CIPHER_GET_PARAMS, (void (*)(void))aes_##mode##_get_params }, \
+        { OSSL_FUNC_CIPHER_CTX_GET_PARAMS, (void (*)(void))aes_ctx_get_params }, \
+        { OSSL_FUNC_CIPHER_CTX_SET_PARAMS, (void (*)(void))aes_ctx_set_params }, \
+        { 0, NULL } \
+    };
+
+/* ECB */
+
+IMPLEMENT_funcs(ecb, 256, 0, 16)
+IMPLEMENT_funcs(ecb, 192, 0, 16)
+IMPLEMENT_funcs(ecb, 128, 0, 16)
+
+/* CBC */
+
+IMPLEMENT_funcs(cbc, 256, 16, 16)
+IMPLEMENT_funcs(cbc, 192, 16, 16)
+IMPLEMENT_funcs(cbc, 128, 16, 16)
diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h
index b03d4f43fc..bf5576e767 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -14,3 +14,6 @@ extern const OSSL_DISPATCH sha256_functions[];
 extern const OSSL_DISPATCH aes256ecb_functions[];
 extern const OSSL_DISPATCH aes192ecb_functions[];
 extern const OSSL_DISPATCH aes128ecb_functions[];
+extern const OSSL_DISPATCH aes256cbc_functions[];
+extern const OSSL_DISPATCH aes192cbc_functions[];
+extern const OSSL_DISPATCH aes128cbc_functions[];
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 1d98485253..298725aa97 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -59,6 +59,9 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
     { "AES-256-ECB", "default=yes", aes256ecb_functions },
     { "AES-192-ECB", "default=yes", aes192ecb_functions },
     { "AES-128-ECB", "default=yes", aes128ecb_functions },
+    { "AES-256-CBC", "default=yes", aes256cbc_functions },
+    { "AES-192-CBC", "default=yes", aes192cbc_functions },
+    { "AES-128-CBC", "default=yes", aes128cbc_functions },
     { NULL, NULL, NULL }
 };
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index af5ad52475..b9be3490ec 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4798,3 +4798,4 @@ OSSL_PARAM_construct_end                4745	3_0_0	EXIST::FUNCTION:
 EC_GROUP_check_named_curve              4746	3_0_0	EXIST::FUNCTION:EC
 EVP_CIPHER_upref                        4747	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_fetch                        4748	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_mode                         4749	3_0_0	EXIST::FUNCTION:
-- 
2.39.2