[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Tue Oct 8 06:45:08 UTC 2019
The branch master has been updated
via f816aa47ac140c3d083416aa9c1c396096d9a92c (commit)
from 089cb623be76b88a1eea6fcd135101037661bbc3 (commit)
- Log -----------------------------------------------------------------
commit f816aa47ac140c3d083416aa9c1c396096d9a92c
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Oct 8 16:42:28 2019 +1000
Add rc2 ciphers to default provider
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9991)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 1 +
crypto/evp/evp_enc.c | 12 ++
doc/man7/provider-cipher.pod | 5 +
include/openssl/core_names.h | 1 +
.../common/include/internal/ciphers/ciphercommon.h | 43 ++--
providers/common/include/internal/provider_algs.h | 9 +-
.../common/include/internal/providercommonerr.h | 1 +
providers/common/provider_err.c | 2 +
providers/default/ciphers/build.info | 5 +
providers/default/ciphers/cipher_rc2.c | 239 +++++++++++++++++++++
providers/default/ciphers/cipher_rc2.h | 28 +++
providers/default/ciphers/cipher_rc2_hw.c | 37 ++++
providers/default/defltprov.c | 8 +
test/evp_test.c | 17 ++
test/recipes/30-test_evp.t | 3 +
test/recipes/30-test_evp_data/evpciph_rc2.txt | 107 +++++++++
16 files changed, 498 insertions(+), 20 deletions(-)
create mode 100644 providers/default/ciphers/cipher_rc2.c
create mode 100644 providers/default/ciphers/cipher_rc2.h
create mode 100644 providers/default/ciphers/cipher_rc2_hw.c
create mode 100644 test/recipes/30-test_evp_data/evpciph_rc2.txt
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 973b85c969..ac170dea6a 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2716,6 +2716,7 @@ PROV_R_TAG_NOT_NEEDED:120:tag not needed
PROV_R_UNABLE_TO_LOAD_SHA1:143:unable to load sha1
PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256
PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg
+PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size
PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type
PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS:152:unsupported number of rounds
PROV_R_VALUE_ERROR:138:value error
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 2a22336a36..5a6a4033ce 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -273,6 +273,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
case NID_rc5_ecb:
case NID_rc5_cfb64:
case NID_rc5_ofb64:
+ case NID_rc2_cbc:
+ case NID_rc2_40_cbc:
+ case NID_rc2_64_cbc:
+ case NID_rc2_cfb64:
+ case NID_rc2_ofb64:
break;
default:
goto legacy;
@@ -1129,6 +1134,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
if (ret <= 0)
return 0;
return sz;
+#ifndef OPENSSL_NO_RC2
+ case EVP_CTRL_GET_RC2_KEY_BITS:
+ set_params = 0; /* Fall thru */
+ case EVP_CTRL_SET_RC2_KEY_BITS:
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz);
+ break;
+#endif /* OPENSSL_NO_RC2 */
}
if (set_params)
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 3bae345b89..2da3aa2a84 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -333,6 +333,11 @@ that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
Sets or gets the number of rounds to be used for a cipher.
This is used by the RC5 cipher.
+=item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer>
+
+Gets or sets the effective keybits used for a RC2 cipher.
+The length of the "keybits" parameter should not exceed that of a B<size_t>.
+
=back
=head1 RETURN VALUES
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 837c89b60d..0bbc30a552 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -67,6 +67,7 @@ extern "C" {
#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN
#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */
#define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */
+#define OSSL_CIPHER_PARAM_RC2_KEYBITS "keybits" /* size_t */
/* For passing the AlgorithmIdentifier parameter in DER form */
#define OSSL_CIPHER_PARAM_ALG_ID "alg_id_param" /* octet_string */
diff --git a/providers/common/include/internal/ciphers/ciphercommon.h b/providers/common/include/internal/ciphers/ciphercommon.h
index 21511a163c..2f77f48712 100644
--- a/providers/common/include/internal/ciphers/ciphercommon.h
+++ b/providers/common/include/internal/ciphers/ciphercommon.h
@@ -91,25 +91,8 @@ void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits,
size_t ivbits, unsigned int mode, uint64_t flags,
const PROV_CIPHER_HW *hw, void *provctx);
-#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
- blkbits, ivbits, typ) \
-static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
-static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
-{ \
- return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
- kbits, blkbits, ivbits); \
-} \
-static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \
-static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \
-{ \
- PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
- if (ctx != NULL) { \
- cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \
- EVP_CIPH_##UCMODE##_MODE, flags, \
- PROV_CIPHER_HW_##alg##_##lcmode(kbits), NULL); \
- } \
- return ctx; \
-} \
+#define IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits,\
+ blkbits, ivbits, typ) \
const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = { \
{ OSSL_FUNC_CIPHER_NEWCTX, \
(void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
@@ -135,6 +118,28 @@ const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = { \
{ 0, NULL } \
};
+#define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
+ blkbits, ivbits, typ) \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
+static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
+ kbits, blkbits, ivbits); \
+} \
+static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \
+static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \
+{ \
+ PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ if (ctx != NULL) { \
+ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \
+ EVP_CIPH_##UCMODE##_MODE, flags, \
+ PROV_CIPHER_HW_##alg##_##lcmode(kbits), NULL); \
+ } \
+ return ctx; \
+} \
+IMPLEMENT_generic_cipher_func(alg, UCALG, lcmode, UCMODE, flags, kbits, \
+ blkbits, ivbits, typ)
+
PROV_CIPHER_HW_FN cipher_hw_generic_cbc;
PROV_CIPHER_HW_FN cipher_hw_generic_ecb;
PROV_CIPHER_HW_FN cipher_hw_generic_ofb128;
diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h
index 08cc7062da..f52711bb01 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -165,7 +165,14 @@ extern const OSSL_DISPATCH rc5128cbc_functions[];
extern const OSSL_DISPATCH rc5128ofb64_functions[];
extern const OSSL_DISPATCH rc5128cfb64_functions[];
#endif /* OPENSSL_NO_RC5 */
-
+#ifndef OPENSSL_NO_RC2
+extern const OSSL_DISPATCH rc2128ecb_functions[];
+extern const OSSL_DISPATCH rc2128cbc_functions[];
+extern const OSSL_DISPATCH rc240cbc_functions[];
+extern const OSSL_DISPATCH rc264cbc_functions[];
+extern const OSSL_DISPATCH rc2128cfb128_functions[];
+extern const OSSL_DISPATCH rc2128ofb128_functions[];
+#endif /* OPENSSL_NO_RC2 */
#ifndef OPENSSL_NO_DES
extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h
index e813099051..90c6d11d83 100644
--- a/providers/common/include/internal/providercommonerr.h
+++ b/providers/common/include/internal/providercommonerr.h
@@ -95,6 +95,7 @@ int ERR_load_PROV_strings(void);
# define PROV_R_UNABLE_TO_LOAD_SHA1 143
# define PROV_R_UNABLE_TO_LOAD_SHA256 147
# define PROV_R_UNSUPPORTED_CEK_ALG 145
+# define PROV_R_UNSUPPORTED_KEY_SIZE 153
# define PROV_R_UNSUPPORTED_MAC_TYPE 137
# define PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS 152
# define PROV_R_VALUE_ERROR 138
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 7d4b1ceb01..5216baf918 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -78,6 +78,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"unable to load sha256"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG),
"unsupported cek alg"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_KEY_SIZE),
+ "unsupported key size"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_MAC_TYPE),
"unsupported mac type"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info
index a42a31325e..5142357c7e 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -60,4 +60,9 @@ IF[{- !$disabled{rc5} -}]
cipher_rc5.c cipher_rc5_hw.c
ENDIF
+IF[{- !$disabled{rc2} -}]
+ SOURCE[../../../libcrypto]=\
+ cipher_rc2.c cipher_rc2_hw.c
+ENDIF
+
INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_rc2.c b/providers/default/ciphers/cipher_rc2.c
new file mode 100644
index 0000000000..f7ee268276
--- /dev/null
+++ b/providers/default/ciphers/cipher_rc2.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for RC2 cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_rc2.h"
+#include "internal/provider_algs.h"
+#include "internal/providercommonerr.h"
+
+#define RC2_40_MAGIC 0xa0
+#define RC2_64_MAGIC 0x78
+#define RC2_128_MAGIC 0x3a
+
+static OSSL_OP_cipher_freectx_fn rc2_freectx;
+static OSSL_OP_cipher_dupctx_fn rc2_dupctx;
+static OSSL_OP_cipher_gettable_ctx_params_fn rc2_gettable_ctx_params;
+static OSSL_OP_cipher_settable_ctx_params_fn rc2_settable_ctx_params;
+
+static void rc2_freectx(void *vctx)
+{
+ PROV_RC2_CTX *ctx = (PROV_RC2_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *rc2_dupctx(void *ctx)
+{
+ PROV_RC2_CTX *in = (PROV_RC2_CTX *)ctx;
+ PROV_RC2_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ if (ret == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ *ret = *in;
+
+ return ret;
+}
+
+static int rc2_keybits_to_magic(int keybits)
+{
+ switch (keybits) {
+ case 128:
+ return RC2_128_MAGIC;
+ case 64:
+ return RC2_64_MAGIC;
+ case 40:
+ return RC2_40_MAGIC;
+ }
+ ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_KEY_SIZE);
+ return 0;
+}
+
+static int rc2_magic_to_keybits(int magic)
+{
+ switch (magic) {
+ case RC2_128_MAGIC:
+ return 128;
+ case RC2_64_MAGIC:
+ return 64;
+ case RC2_40_MAGIC:
+ return 40;
+ }
+ ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_KEY_SIZE);
+ return 0;
+}
+
+static int rc2_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ PROV_RC2_CTX *ctx = (PROV_RC2_CTX *)vctx;
+ OSSL_PARAM *p;
+
+ if (!cipher_generic_get_ctx_params(vctx, params))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RC2_KEYBITS);
+ if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->key_bits)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_ALG_ID);
+ if (p != NULL) {
+ long num;
+ int i;
+ ASN1_TYPE *type;
+ unsigned char *d = p->data;
+ unsigned char **dd = d == NULL ? NULL : &d;
+
+ if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ if ((type = ASN1_TYPE_new()) == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* Is this the original IV or the running IV? */
+ num = rc2_keybits_to_magic(ctx->key_bits);
+ if (!ASN1_TYPE_set_int_octetstring(type, num,
+ ctx->base.iv, ctx->base.ivlen)) {
+ ASN1_TYPE_free(type);
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /*
+ * IF the caller has a buffer, we pray to the gods they got the
+ * size right. There's no way to tell the i2d functions...
+ */
+ i = i2d_ASN1_TYPE(type, dd);
+ if (i >= 0)
+ p->return_size = (size_t)i;
+
+ ASN1_TYPE_free(type);
+ if (i < 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int rc2_set_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ PROV_RC2_CTX *ctx = (PROV_RC2_CTX *)vctx;
+ const OSSL_PARAM *p;
+
+ if (!cipher_generic_set_ctx_params(vctx, params))
+ return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_RC2_KEYBITS);
+ if (p != NULL) {
+ if (!OSSL_PARAM_get_size_t(p, &ctx->key_bits)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ }
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_ALG_ID);
+ if (p != NULL) {
+ ASN1_TYPE *type = NULL;
+ long num = 0;
+ const unsigned char *d = p->data;
+ int ret = 1;
+ unsigned char iv[16];
+
+ if (p->data_type != OSSL_PARAM_OCTET_STRING
+ || ctx->base.ivlen > sizeof(iv)
+ || (type = d2i_ASN1_TYPE(NULL, &d, p->data_size)) == NULL
+ || ((size_t)ASN1_TYPE_get_int_octetstring(type, &num, iv,
+ ctx->base.ivlen)
+ != ctx->base.ivlen)
+ || !cipher_generic_initiv(&ctx->base, iv, ctx->base.ivlen)
+ || (ctx->key_bits = rc2_magic_to_keybits(num)) == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ ret = 0;
+ }
+ ASN1_TYPE_free(type);
+ if (ret == 0)
+ return 0;
+ /*
+ * This code assumes that the caller will call
+ * EVP_CipherInit_ex() with a non NULL key in order to setup a key that
+ * uses the keylen and keybits that were set here.
+ */
+ ctx->base.keylen = ctx->key_bits / 8;
+ }
+ return 1;
+}
+
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(rc2)
+OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL),
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(rc2)
+
+CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(rc2)
+OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, NULL),
+CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(rc2)
+
+#define IMPLEMENT_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, blkbits, \
+ ivbits, typ) \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
+static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
+ kbits, blkbits, ivbits); \
+} \
+static OSSL_OP_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \
+static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \
+{ \
+ PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \
+ if (ctx != NULL) { \
+ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \
+ EVP_CIPH_##UCMODE##_MODE, flags, \
+ PROV_CIPHER_HW_##alg##_##lcmode(kbits), NULL); \
+ ctx->key_bits = kbits; \
+ } \
+ return ctx; \
+} \
+const OSSL_DISPATCH alg##kbits##lcmode##_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, \
+ (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
+ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void)) alg##_##kbits##_##lcmode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void))rc2_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))rc2_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))rc2_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))rc2_settable_ctx_params }, \
+ { 0, NULL } \
+};
+
+/* rc2128ecb_functions */
+IMPLEMENT_cipher(rc2, RC2, ecb, ECB, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, block)
+/* rc2128cbc_functions */
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 64, block)
+/* rc240cbc_functions */
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 64, block)
+/* rc264cbc_functions */
+IMPLEMENT_cipher(rc2, RC2, cbc, CBC, EVP_CIPH_VARIABLE_LENGTH, 64, 64, 64, block)
+
+/* rc2128ofb128_functions */
+IMPLEMENT_cipher(rc2, RC2, ofb128, OFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
+/* rc2128cfb128_functions */
+IMPLEMENT_cipher(rc2, RC2, cfb128, CFB, EVP_CIPH_VARIABLE_LENGTH, 128, 8, 64, stream)
diff --git a/providers/default/ciphers/cipher_rc2.h b/providers/default/ciphers/cipher_rc2.h
new file mode 100644
index 0000000000..7a7928925b
--- /dev/null
+++ b/providers/default/ciphers/cipher_rc2.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "internal/ciphers/ciphercommon.h"
+
+typedef struct prov_rc2_ctx_st {
+ PROV_CIPHER_CTX base; /* Must be first */
+ union {
+ OSSL_UNION_ALIGN;
+ RC2_KEY ks;
+ } ks;
+ size_t key_bits;
+} PROV_RC2_CTX;
+
+#define PROV_CIPHER_HW_rc2_ofb128 PROV_CIPHER_HW_rc2_ofb64
+#define PROV_CIPHER_HW_rc2_cfb128 PROV_CIPHER_HW_rc2_cfb64
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc2_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc2_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc2_ofb64(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc2_cfb64(size_t keybits);
diff --git a/providers/default/ciphers/cipher_rc2_hw.c b/providers/default/ciphers/cipher_rc2_hw.c
new file mode 100644
index 0000000000..83d7560d41
--- /dev/null
+++ b/providers/default/ciphers/cipher_rc2_hw.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_rc2.h"
+
+static int cipher_hw_rc2_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen)
+{
+ PROV_RC2_CTX *rctx = (PROV_RC2_CTX *)ctx;
+ RC2_KEY *ks = &(rctx->ks.ks);
+
+ RC2_set_key(ks, (int)ctx->keylen, key, (int)rctx->key_bits);
+ return 1;
+}
+
+# define PROV_CIPHER_HW_rc2_mode(mode, UCMODE) \
+IMPLEMENT_CIPHER_HW_##UCMODE(mode, rc2, PROV_RC2_CTX, RC2_KEY, \
+ RC2_##mode) \
+static const PROV_CIPHER_HW rc2_##mode = { \
+ cipher_hw_rc2_initkey, \
+ cipher_hw_rc2_##mode##_cipher \
+}; \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc2_##mode(size_t keybits) \
+{ \
+ return &rc2_##mode; \
+}
+
+PROV_CIPHER_HW_rc2_mode(cbc, CBC)
+PROV_CIPHER_HW_rc2_mode(ecb, ECB)
+PROV_CIPHER_HW_rc2_mode(ofb64, OFB)
+PROV_CIPHER_HW_rc2_mode(cfb64, CFB)
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 6f37f7ef6b..7e952921c8 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -287,6 +287,14 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
{ "RC5-OFB", "default=yes", rc5128ofb64_functions },
{ "RC5-CFB", "default=yes", rc5128cfb64_functions },
#endif /* OPENSSL_NO_RC5 */
+#ifndef OPENSSL_NO_RC2
+ { "RC2-ECB", "default=yes", rc2128ecb_functions },
+ { "RC2-CBC", "default=yes", rc2128cbc_functions },
+ { "RC2-40-CBC", "default=yes", rc240cbc_functions },
+ { "RC2-64-CBC", "default=yes", rc264cbc_functions },
+ { "RC2-CFB", "default=yes", rc2128cfb128_functions },
+ { "RC2-OFB", "default=yes", rc2128ofb128_functions },
+#endif /* OPENSSL_NO_RC2 */
{ NULL, NULL, NULL }
};
diff --git a/test/evp_test.c b/test/evp_test.c
index 04519545f1..d6f852913c 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -485,6 +485,7 @@ typedef struct cipher_data_st {
int aead;
unsigned char *key;
size_t key_len;
+ size_t key_bits; /* Used by RC2 */
unsigned char *iv;
unsigned int rounds;
size_t iv_len;
@@ -573,6 +574,13 @@ static int cipher_test_parse(EVP_TEST *t, const char *keyword,
return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len);
if (strcmp(keyword, "Ciphertext") == 0)
return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
+ if (strcmp(keyword, "KeyBits") == 0) {
+ i = atoi(value);
+ if (i < 0)
+ return -1;
+ cdat->key_bits = (size_t)i;
+ return 1;
+ }
if (cdat->aead) {
if (strcmp(keyword, "AAD") == 0) {
for (i = 0; i < AAD_NUM; i++) {
@@ -704,10 +712,19 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
t->err = "INVALID_KEY_LENGTH";
goto err;
}
+ if (expected->key_bits > 0) {
+ int bits = (int)expected->key_bits;
+
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, bits, NULL)) {
+ t->err = "INVALID KEY BITS";
+ goto err;
+ }
+ }
if (!EVP_CipherInit_ex(ctx, NULL, NULL, expected->key, expected->iv, -1)) {
t->err = "KEY_SET_ERROR";
goto err;
}
+
/* Check that we get the same IV back */
if (expected->iv != NULL
&& (EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 7ff3a14e3e..6a2c696164 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -56,6 +56,9 @@ push @defltfiles, @rc4files unless disabled("rc4");
my @rc5files = qw( evpciph_rc5.txt );
push @defltfiles, @rc5files unless disabled("rc5");
+my @rc2files = qw( evpciph_rc2.txt );
+push @defltfiles, @rc2files unless disabled("rc2");
+
plan tests =>
($no_fips ? 0 : 1) # FIPS install test
+ (scalar(@configs) * scalar(@files))
diff --git a/test/recipes/30-test_evp_data/evpciph_rc2.txt b/test/recipes/30-test_evp_data/evpciph_rc2.txt
new file mode 100644
index 0000000000..fd82a1ce11
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpciph_rc2.txt
@@ -0,0 +1,107 @@
+#
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# A valid set of RC2 test vectors could not be found for all RC2 modes - the
+# following values were generated using the deprecated cipher code, in order to
+# confirm that the new provider code is equivalent.
+Title = RC2 Test vectors
+
+Cipher = RC2-ECB
+Key = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = a4085a9f3e710563ae3b1e8c4339122b
+
+Cipher = RC2-ECB
+Key = 0000000000000000
+KeyBits = 63
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = b406b9037baf2d86982af542e6d70b13
+
+Cipher = RC2-CBC
+Key = 0000000000000000
+IV = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = a4085a9f3e710563d1091a1552ba8962
+
+Cipher = RC2-CBC
+Key = 0000000000000000
+KeyBits = 63
+IV = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = b406b9037baf2d866614ef5e55e95b8d
+
+Cipher = RC2-40-CBC
+Key = 0000000000
+IV = 0000000000000000
+Plaintext = 0102030405060708
+Ciphertext = 61ae28bcf59d1f6f
+
+Cipher = RC2-40-CBC
+Key = 0000000000
+KeyBits = 63
+IV = 0000000000000000
+Plaintext = 0102030405060708
+Ciphertext = c1d8e65290b2f06d
+
+Cipher = RC2-40-CBC
+Key = 000000000001
+IV = 0000000000000000
+Plaintext = 0102030405060708
+Ciphertext = b3ddf36b5c81b0db
+
+Cipher = RC2-64-CBC
+Key = 0000000000000000
+IV = 0000000000000000
+Plaintext = 0102030405060708
+Ciphertext = 191d1abf767bfbe7
+
+Cipher = RC2-64-CBC
+Key = 0000000000000000
+KeyBits = 63
+IV = 0000000000000000
+Plaintext = 0102030405060708
+Ciphertext = 191d1abf767bfbe7
+
+Cipher = RC2-CFB
+Key = 0000000000000000
+IV = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 81b5cc4d43119e987a2b526ea152f3fe
+
+Cipher = RC2-CFB
+Key = 0000000000000000
+KeyBits = 63
+IV = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = ebb671fa972288f87cb1810b91f2ae39
+
+Cipher = RC2-OFB
+Key = 0000000000000000
+IV = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 81b5cc4d43119e9849bdb7ef7fb35eb7
+
+Cipher = RC2-OFB
+Key = 0000000000000000
+IV = 0000000000000000
+KeyBits = 63
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = ebb671fa972288f8f8587d8069d61d58
+
+Cipher = RC2-OFB
+Key = 0000000000000000
+IV = 000000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Result = INVALID_IV_LENGTH
+
+#Variable key length is allowed for RC2
+Cipher = RC2-OFB
+Key = 0000000000000000000000000000000000
+IV = 0000000000000000
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 1df8d70bb9c66ffc37869d8ed80d796b
More information about the openssl-commits
mailing list