Add rc4 cipher to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9992)

10 files changed, 228 insertions, 33 deletions

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 4e61d75bbd..2685436d36 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -267,7 +267,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         case NID_sm4_ctr:
         case NID_sm4_cfb128:
         case NID_sm4_ofb128:
-            break;
+        case NID_rc4:
+        case NID_rc4_40:
+        break;
         default:
             goto legacy;
         }
diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h
index bca972d97a..4bbbbf61c5 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -186,6 +186,11 @@ extern const OSSL_DISPATCH des_cfb8_functions[];
 # endif /* FIPS_MODE */
 #endif /* OPENSSL_NO_DES */
 
+#ifndef OPENSSL_NO_RC4
+extern const OSSL_DISPATCH rc440_functions[];
+extern const OSSL_DISPATCH rc4128_functions[];
+#endif /* OPENSSL_NO_RC4 */
+
 /* MACs */
 extern const OSSL_DISPATCH blake2bmac_functions[];
 extern const OSSL_DISPATCH blake2smac_functions[];
diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info
index f942ccc030..76a5135aac 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -50,4 +50,9 @@ IF[{- !$disabled{ocb} -}]
        cipher_aes_ocb.c cipher_aes_ocb_hw.c
 ENDIF
 
+IF[{- !$disabled{rc4} -}]
+  SOURCE[../../../libcrypto]=\
+      cipher_rc4.c cipher_rc4_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_rc4.c b/providers/default/ciphers/cipher_rc4.c
new file mode 100644
index 0000000000..9418c141f6
--- /dev/null
+++ b/providers/default/ciphers/cipher_rc4.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for RC4 ciphers */
+
+#include "cipher_rc4.h"
+#include "internal/provider_algs.h"
+
+/* TODO (3.0) Figure out what flags are required */
+#define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+
+static OSSL_OP_cipher_freectx_fn rc4_freectx;
+static OSSL_OP_cipher_dupctx_fn rc4_dupctx;
+
+static void rc4_freectx(void *vctx)
+{
+    PROV_RC4_CTX *ctx = (PROV_RC4_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *rc4_dupctx(void *ctx)
+{
+    PROV_RC4_CTX *in = (PROV_RC4_CTX *)ctx;
+    PROV_RC4_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    *ret = *in;
+
+    return ret;
+}
+
+#define IMPLEMENT_cipher(alg, UCALG, flags, kbits, blkbits, ivbits, typ)       \
+static OSSL_OP_cipher_get_params_fn alg##_##kbits##_get_params;                \
+static int alg##_##kbits##_get_params(OSSL_PARAM params[])                     \
+{                                                                              \
+    return cipher_generic_get_params(params, 0, flags,                         \
+                                     kbits, blkbits, ivbits);                  \
+}                                                                              \
+static OSSL_OP_cipher_newctx_fn alg##_##kbits##_newctx;                        \
+static void * alg##_##kbits##_newctx(void *provctx)                            \
+{                                                                              \
+     PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));                   \
+     if (ctx != NULL) {                                                        \
+         cipher_generic_initkey(ctx, kbits, blkbits, ivbits, 0, flags,         \
+                                PROV_CIPHER_HW_##alg(kbits), NULL);            \
+     }                                                                         \
+     return ctx;                                                               \
+}                                                                              \
+const OSSL_DISPATCH alg##kbits##_functions[] = {                               \
+    { OSSL_FUNC_CIPHER_NEWCTX,                                                 \
+      (void (*)(void)) alg##_##kbits##_newctx },                               \
+    { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx },              \
+    { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx },                \
+    { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))cipher_generic_einit },   \
+    { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))cipher_generic_dinit },   \
+    { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))cipher_generic_##typ##_update },\
+    { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))cipher_generic_##typ##_final },  \
+    { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))cipher_generic_cipher },        \
+    { OSSL_FUNC_CIPHER_GET_PARAMS,                                             \
+      (void (*)(void)) alg##_##kbits##_get_params },                           \
+    { OSSL_FUNC_CIPHER_GET_CTX_PARAMS,                                         \
+      (void (*)(void))cipher_generic_get_ctx_params },                         \
+    { OSSL_FUNC_CIPHER_SET_CTX_PARAMS,                                         \
+      (void (*)(void))cipher_generic_set_ctx_params },                         \
+    { OSSL_FUNC_CIPHER_GETTABLE_PARAMS,                                        \
+      (void (*)(void))cipher_generic_gettable_params },                        \
+    { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS,                                    \
+      (void (*)(void))cipher_generic_gettable_ctx_params },                    \
+    { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS,                                    \
+     (void (*)(void))cipher_generic_settable_ctx_params },                     \
+    { 0, NULL }                                                                \
+};
+
+/* rc440_functions */
+IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 40, 64, 0, stream)
+/* rc4128_functions */
+IMPLEMENT_cipher(rc4, RC4, EVP_CIPH_VARIABLE_LENGTH, 128, 64, 0, stream)
diff --git a/providers/default/ciphers/cipher_rc4.h b/providers/default/ciphers/cipher_rc4.h
new file mode 100644
index 0000000000..df61f7c265
--- /dev/null
+++ b/providers/default/ciphers/cipher_rc4.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "internal/ciphers/ciphercommon.h"
+
+typedef struct prov_rc4_ctx_st {
+    PROV_CIPHER_CTX base;      /* Must be first */
+    union {
+        OSSL_UNION_ALIGN;
+        RC4_KEY ks;
+    } ks;
+} PROV_RC4_CTX;
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4(size_t keybits);
diff --git a/providers/default/ciphers/cipher_rc4_hw.c b/providers/default/ciphers/cipher_rc4_hw.c
new file mode 100644
index 0000000000..503a618914
--- /dev/null
+++ b/providers/default/ciphers/cipher_rc4_hw.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_rc4.h"
+
+static int cipher_hw_rc4_initkey(PROV_CIPHER_CTX *ctx,
+                                 const unsigned char *key, size_t keylen)
+{
+    PROV_RC4_CTX *rctx =  (PROV_RC4_CTX *)ctx;
+
+    RC4_set_key(&rctx->ks.ks, keylen, key);
+    return 1;
+}
+
+static int cipher_hw_rc4_cipher(PROV_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    PROV_RC4_CTX *rctx =  (PROV_RC4_CTX *)ctx;
+
+    RC4(&rctx->ks.ks, len, in, out);
+    return 1;
+}
+
+static const PROV_CIPHER_HW rc4_hw = {
+    cipher_hw_rc4_initkey,
+    cipher_hw_rc4_cipher
+};
+const PROV_CIPHER_HW *PROV_CIPHER_HW_rc4(size_t keybits)
+{
+    return &rc4_hw;
+}
+
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 4ead7f0f59..c3ee99c0a6 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -237,6 +237,10 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
     { "SM4-OFB", "default=yes", sm4128ofb128_functions },
     { "SM4-CFB", "default=yes", sm4128cfb128_functions },
 #endif /* OPENSSL_NO_SM4 */
+#ifndef OPENSSL_NO_RC4
+    { "RC4", "default=yes", rc4128_functions },
+    { "RC4-40", "default=yes", rc440_functions },
+#endif /* OPENSSL_NO_RC4 */
     { NULL, NULL, NULL }
 };
 
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 4e1bfb6b0b..52f9c2882a 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -47,6 +47,9 @@ push @defltfiles, @sm4files unless disabled("sm4");
 my @desfiles = qw( evpciph_des.txt );
 push @defltfiles, @desfiles unless disabled("des");
 
+my @rc4files = qw( evpciph_rc4.txt );
+push @defltfiles, @rc4files unless disabled("rc4");
+
 plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));
diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
index 44a6810ee7..9a90e1bd06 100644
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -1503,38 +1503,6 @@ Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8
 Plaintext = 466f7250617369
 Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f
 
-Title = RC4 tests
-
-Cipher = RC4
-Key = 0123456789abcdef0123456789abcdef
-Plaintext = 0123456789abcdef
-Ciphertext = 75b7878099e0c596
-
-Cipher = RC4
-Key = 0123456789abcdef0123456789abcdef
-Plaintext = 0000000000000000
-Ciphertext = 7494c2e7104b0879
-
-Cipher = RC4
-Key = 00000000000000000000000000000000
-Plaintext = 0000000000000000
-Ciphertext = de188941a3375d3a
-
-Cipher = RC4
-Key = ef012345ef012345ef012345ef012345
-Plaintext = 0000000000000000000000000000000000000000
-Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
-
-Cipher = RC4
-Key = 0123456789abcdef0123456789abcdef
-Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678
-Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
-
-Cipher = RC4
-Key = ef012345ef012345ef012345ef012345
-Plaintext = 00000000000000000000
-Ciphertext = d6a141a7ec3c38dfbd61
-
 Title = Camellia tests from RFC3713
 
 # For all ECB encrypts and decrypts, the transformed sequence is
diff --git a/test/recipes/30-test_evp_data/evpciph_rc4.txt b/test/recipes/30-test_evp_data/evpciph_rc4.txt
new file mode 100644
index 0000000000..4cb068be9b
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpciph_rc4.txt
@@ -0,0 +1,62 @@
+#
+# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+Title = RC4 tests
+
+Cipher = RC4
+Key = 0123456789abcdef0123456789abcdef
+Plaintext = 0123456789abcdef
+Ciphertext = 75b7878099e0c596
+
+Cipher = RC4
+Key = 0123456789abcdef0123456789abcdef
+Plaintext = 0000000000000000
+Ciphertext = 7494c2e7104b0879
+
+Cipher = RC4
+Key = 00000000000000000000000000000000
+Plaintext = 0000000000000000
+Ciphertext = de188941a3375d3a
+
+Cipher = RC4
+Key = ef012345ef012345ef012345ef012345
+Plaintext = 0000000000000000000000000000000000000000
+Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+
+Cipher = RC4
+Key = 0123456789abcdef0123456789abcdef
+Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678
+Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+
+Cipher = RC4
+Key = ef012345ef012345ef012345ef012345
+Plaintext = 00000000000000000000
+Ciphertext = d6a141a7ec3c38dfbd61
+
+Title = RC4 tests (From RFC6229)
+
+Cipher = RC4-40
+Key = 0102030405
+Plaintext = 00000000000000000000000000000000
+Ciphertext = b2396305f03dc027ccc3524a0a1118a8
+
+Cipher = RC4-40
+Key = 833222772a
+Plaintext = 00000000000000000000000000000000
+Ciphertext = 80ad97bdc973df8a2e879e92a497efda
+
+Cipher = RC4
+Key = 0102030405060708090a0b0c0d0e0f10
+Plaintext = 00000000000000000000000000000000
+Ciphertext = 9ac7cc9a609d1ef7b2932899cde41b97
+
+Cipher = RC4
+Key = ebb46227c6cc8b37641910833222772a
+Plaintext = 00000000000000000000000000000000
+Ciphertext = 720c94b63edf44e131d950ca211a5a30
+