Move the algorithm-specific functions EVP_rc2_*(3) out of EVP_EncryptInit(3)

and document them properly in their own manual page, including the control commands EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS that were so far undocumented. Arguably, the main benefit is another small step making the important, but still obese EVP_EncryptInit(3) manual page more palatable.
author: schwarze <> 2024-12-08 17:41:23 +0000
committer: schwarze <> 2024-12-08 17:41:23 +0000
commit: 714de72ef79567e1eda9e297e3120252140151ae (patch)
tree: 51755edf931a3a382ce44b3b61bf45bafddc7b4b /src
parent: d8d79ed322f8b091f81f6e914b20585f96de9ee4 (diff)
download: openbsd-714de72ef79567e1eda9e297e3120252140151ae.tar.gz
openbsd-714de72ef79567e1eda9e297e3120252140151ae.tar.bz2
openbsd-714de72ef79567e1eda9e297e3120252140151ae.zip
4 files changed, 214 insertions, 55 deletions
diff --git a/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3
index ba0e4b074d..a75b722cd4 100644
--- a/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3
+++ b/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.2 2023/10/01 18:23:50 tb Exp $
+.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.3 2024/12/08 17:41:23 schwarze Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"
 .\" This file is a derived work.
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 1 2023 $
+.Dd $Mdocdate: December 8 2024 $
 .Dt EVP_CIPHER_CTX_CTRL 3
 .Os
 .Sh NAME
@@ -131,7 +131,9 @@
 .Sh DESCRIPTION
 .Fn EVP_CIPHER_CTX_ctrl
 allows various cipher specific parameters to be determined and set.
-Currently only the RC2 effective key length can be set.
+Currently only the RC2 effective key length can be set; see
+.Xr EVP_rc2_cbc 3
+for details.
 .Pp
 .Fn EVP_CIPHER_CTX_set_padding
 enables or disables padding.
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 32ed3349b9..3e0cec8f9e 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.53 2024/11/09 22:03:49 schwarze Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.54 2024/12/08 17:41:23 schwarze Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 9 2024 $
+.Dd $Mdocdate: December 8 2024 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -103,13 +103,6 @@
 .Nm EVP_idea_cfb64 ,
 .Nm EVP_idea_cfb ,
 .Nm EVP_idea_ofb ,
-.Nm EVP_rc2_cbc ,
-.Nm EVP_rc2_ecb ,
-.Nm EVP_rc2_cfb64 ,
-.Nm EVP_rc2_cfb ,
-.Nm EVP_rc2_ofb ,
-.Nm EVP_rc2_40_cbc ,
-.Nm EVP_rc2_64_cbc ,
 .Nm EVP_bf_cbc ,
 .Nm EVP_bf_ecb ,
 .Nm EVP_bf_cfb64 ,
@@ -570,34 +563,6 @@ is an alias for
 .Fn EVP_idea_cfb64 ,
 implemented as a macro.
 .It Xo
-.Fn EVP_rc2_cbc ,
-.Fn EVP_rc2_ecb ,
-.Fn EVP_rc2_cfb64 ,
-.Fn EVP_rc2_ofb
-.Xc
-RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-RC2 is a block cipher operating on 64 bit blocks using a variable
-.Fa key
-length with an additional parameter called
-"effective key bits" or "effective key length".
-By default both are set to 128 bits.
-.Fn EVP_rc2_cfb
-is an alias for
-.Fn EVP_rc2_cfb64 ,
-implemented as a macro.
-.It Xo
-.Fn EVP_rc2_40_cbc ,
-.Fn EVP_rc2_64_cbc
-.Xc
-RC2 algorithm in CBC mode with a default key length and effective key
-length of 40 and 64 bits.
-These are obsolete and new code should use
-.Fn EVP_rc2_cbc ,
-.Xr EVP_CIPHER_CTX_set_key_length 3 ,
-and
-.Xr EVP_CIPHER_CTX_ctrl 3
-to set the key length and effective key length.
-.It Xo
 .Fn EVP_bf_cbc ,
 .Fn EVP_bf_ecb ,
 .Fn EVP_bf_cfb64 ,
@@ -638,6 +603,7 @@ Some algorithms are documented in separate manual pages:
 .It Xr EVP_camellia_128_cbc 3 Ta 128        Ta 128, 192, 256
 .It Xr EVP_chacha20 3         Ta stream     Ta 256
 .It Xr EVP_des_cbc 3          Ta 64         Ta 64
+.It Xr EVP_rc2_cbc 3          Ta 64         Ta variable, default 128
 .It Xr EVP_rc4 3              Ta stream     Ta variable, default 128
 .It Xr EVP_sm4_cbc 3          Ta 128        Ta 128
 .El
@@ -864,6 +830,7 @@ do_crypt(FILE *in_fileptr, FILE *out_fileptr, int do_encrypt)
 .Xr EVP_CIPHER_nid 3 ,
 .Xr EVP_des_cbc 3 ,
 .Xr EVP_OpenInit 3 ,
+.Xr EVP_rc2_cbc 3 ,
 .Xr EVP_rc4 3 ,
 .Xr EVP_SealInit 3 ,
 .Xr EVP_sm4_cbc 3
@@ -884,12 +851,6 @@ do_crypt(FILE *in_fileptr, FILE *out_fileptr, int do_encrypt)
 and
 .Fn EVP_idea_ofb
 first appeared in SSLeay 0.5.1.
-.Fn EVP_rc2_cbc ,
-.Fn EVP_rc2_ecb ,
-.Fn EVP_rc2_cfb ,
-and
-.Fn EVP_rc2_ofb
-first appeared in SSLeay 0.5.2.
 .Fn EVP_bf_cbc ,
 .Fn EVP_bf_ecb ,
 .Fn EVP_bf_cfb ,
@@ -906,12 +867,6 @@ first appeared in SSLeay 0.8.1.
 All these functions have been available since
 .Ox 2.4 .
 .Pp
-.Fn EVP_rc2_40_cbc
-and
-.Fn EVP_rc2_64_cbc
-first appeared in SSLeay 0.9.1 and have been available since
-.Ox 2.6 .
-.Pp
 .Fn EVP_EncryptInit_ex ,
 .Fn EVP_EncryptFinal_ex ,
 .Fn EVP_DecryptInit_ex ,
@@ -924,9 +879,8 @@ first appeared in OpenSSL 0.9.7 and have been available since
 .Pp
 .Fn EVP_bf_cfb64 ,
 .Fn EVP_cast5_cfb64 ,
-.Fn EVP_idea_cfb64 ,
 and
-.Fn EVP_rc2_cfb64
+.Fn EVP_idea_cfb64
 first appeared in OpenSSL 0.9.7e and have been available since
 .Ox 3.8 .
 .Pp
diff --git a/src/lib/libcrypto/man/EVP_rc2_cbc.3 b/src/lib/libcrypto/man/EVP_rc2_cbc.3
new file mode 100644
index 0000000000..38c8184260
--- /dev/null
+++ b/src/lib/libcrypto/man/EVP_rc2_cbc.3
@@ -0,0 +1,201 @@
+.\" $OpenBSD: EVP_rc2_cbc.3,v 1.1 2024/12/08 17:41:23 schwarze Exp $
+.\"
+.\" Copyright (c) 2024 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 8 2024 $
+.Dt EVP_RC2_CBC 3
+.Os
+.Sh NAME
+.Nm EVP_rc2_cbc ,
+.Nm EVP_rc2_ecb ,
+.Nm EVP_rc2_cfb64 ,
+.Nm EVP_rc2_cfb ,
+.Nm EVP_rc2_ofb ,
+.Nm EVP_rc2_40_cbc ,
+.Nm EVP_rc2_64_cbc
+.Nd Rivest Cipher 2 in the EVP framework
+.Sh SYNOPSIS
+.In openssl/evp.h
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_cbc void
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_ecb void
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_cfb64 void
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_cfb void
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_ofb void
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_40_cbc void
+.Ft const EVP_CIPHER *
+.Fn EVP_rc2_64_cbc void
+.In openssl/rc2.h
+.Fd #define RC2_BLOCK 8
+.Fd #define RC2_KEY_LENGTH 16
+.Sh DESCRIPTION
+RC2 is a block cipher operating on blocks of
+.Dv RC2_BLOCK No = 8
+bytes, equivalent to 64 bits, using a variable
+.Fa key
+length with an additional parameter called
+.Dq effective key bits
+or
+.Dq effective key length .
+.Pp
+.Fn EVP_rc2_cbc ,
+.Fn EVP_rc2_ecb ,
+.Fn EVP_rc2_cfb64 ,
+and
+.Fn EVP_rc2_ofb
+provide the RC2 encryption algorithm in CBC, ECB, CFB and OFB mode,
+respectively.
+.Fn EVP_rc2_cfb
+is an alias for
+.Fn EVP_rc2_cfb64 ,
+implemented as a macro.
+.Pp
+By default, these functions set both the key length
+and the effective key length to
+.Dv RC2_KEY_LENGTH No = 16
+bytes, which is not a very useful value because it is quite short.
+.Pp
+Configuring normally requires a multi-step process:
+.Bl -enum -width 2n
+.It
+Create a new, empty
+.Vt EVP_CIPHER_CTX
+object with
+.Xr EVP_CIPHER_CTX_new 3 .
+.It
+Select the operation mode by calling
+.Xr EVP_EncryptInit 3
+with the desired
+.Fa type
+argument, passing
+.Dv NULL
+pointers for the
+.Fa key
+and
+.Fa iv
+arguments.
+.It
+Select the
+.Fa key
+length by passing the desired number of bytes to
+.Xr EVP_CIPHER_CTX_set_key_length 3 .
+Doing so overrides the default key length of
+.Dv RC2_KEY_LENGTH No = 16 .
+Valid values for
+.Fa keylen
+are positive and less than or equal to 128.
+.It
+Select the effective key length by calling
+.Xr EVP_CIPHER_CTX_ctrl 3
+with a
+.Fa type
+argument of
+.Dv EVP_CTRL_SET_RC2_KEY_BITS ,
+passing the desired number of bits in
+.Fa arg .
+Doing so overrides the default effective key length of 128 bits.
+Valid values for
+.Fa arg
+are positive and less than or equal to 1024.
+The
+.Fa ptr
+argument is ignored; passing
+.Dv NULL
+is recommended.
+.It
+Call
+.Xr EVP_EncryptInit 3
+a second time, this time passing
+.Dv NULL
+for the type argument.
+The
+.Fa key
+argument points to an array containing the number of bytes that was passed to
+.Xr EVP_CIPHER_CTX_set_key_length 3 ,
+and the
+.Fa iv
+argument points to an array of eight bytes.
+.It
+Finally,
+.Xr EVP_EncryptUpdate 3
+and
+.Xr EVP_EncryptFinal 3
+can be used in the normal way.
+.El
+.Pp
+Once a
+.Fa ctx
+object is fully configured, calling
+.Xr EVP_CIPHER_CTX_ctrl 3
+with a
+.Fa type
+argument of
+.Dv EVP_CTRL_GET_RC2_KEY_BITS
+interprets
+.Fa ptr
+as a pointer to
+.Vt int
+and stores the effective key length in bits at that location.
+In this case,
+.Fa arg
+is ignored and passing 0 is recommended.
+.Pp
+In the CFB and OFB modes, the minimum required total length in bytes
+of the output buffer is equal to the total number of input bytes to
+be encoded.
+In the CBC and ECB modes, the minimum required total length
+of the output buffer has to be rounded up to the next multiple
+of the block size of eight bytes.
+.Pp
+.Fn EVP_rc2_40_cbc
+and
+.Fn EVP_rc2_64_cbc
+are obsolete functions that provide the RC2 algorithm in CBC mode
+with a key length and an effective key length of 40 and 64 bits,
+respectively.
+.Sh RETURN VALUES
+With the
+.Vt EVP_CIPHER
+objects documented in the present manual page,
+.Fn EVP_CIPHER_CTX_ctrl
+returns 1 for success or 0 if an error occurs.
+.Sh SEE ALSO
+.Xr evp 3 ,
+.Xr EVP_CIPHER_CTX_set_key_length 3 ,
+.Xr EVP_EncryptInit 3 ,
+.Xr RC2_encrypt 3
+.Sh HISTORY
+.Fn EVP_rc2_cbc ,
+.Fn EVP_rc2_ecb ,
+.Fn EVP_rc2_cfb ,
+and
+.Fn EVP_rc2_ofb
+first appeared in SSLeay 0.5.2 and have been available since
+.Ox 2.4 .
+.Pp
+.Fn EVP_rc2_40_cbc
+and
+.Fn EVP_rc2_64_cbc
+first appeared in SSLeay 0.9.1 and have been available since
+.Ox 2.6 .
+.Pp
+.Fn EVP_rc2_cfb64
+first appeared in OpenSSL 0.9.7e and has been available since
+.Ox 3.8 .
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 11213cb518..c69fe73af2 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.299 2024/12/06 14:27:49 schwarze Exp $
+# $OpenBSD: Makefile,v 1.300 2024/12/08 17:41:23 schwarze Exp $
 .include <bsd.own.mk>
@@ -199,6 +199,7 @@ MAN=	\
        EVP_camellia_128_cbc.3 \
        EVP_chacha20.3 \
        EVP_des_cbc.3 \
+        EVP_rc2_cbc.3 \
        EVP_rc4.3 \
        EVP_sha1.3 \
        EVP_sha3_224.3 \
@@ -264,6 +265,7 @@ MAN=	\
        RAND_bytes.3 \
        RAND_load_file.3 \
        RAND_set_rand_method.3 \
+        RC2_encrypt.3 \
        RC4.3 \
        RIPEMD160.3 \
        RSA_PSS_PARAMS_new.3 \
author	schwarze <>	2024-12-08 17:41:23 +0000
committer	schwarze <>	2024-12-08 17:41:23 +0000
commit	714de72ef79567e1eda9e297e3120252140151ae (patch)
tree	51755edf931a3a382ce44b3b61bf45bafddc7b4b /src
parent	d8d79ed322f8b091f81f6e914b20585f96de9ee4 (diff)
download	openbsd-714de72ef79567e1eda9e297e3120252140151ae.tar.gz openbsd-714de72ef79567e1eda9e297e3120252140151ae.tar.bz2 openbsd-714de72ef79567e1eda9e297e3120252140151ae.zip

diff --git a/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 index ba0e4b074d..a75b722cd4 100644 --- a/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3 +++ b/src/lib/libcrypto/man/EVP_CIPHER_CTX_ctrl.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.2 2023/10/01 18:23:50 tb Exp $	1	.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.3 2024/12/08 17:41:23 schwarze Exp $
2	.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800	2	.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -67,7 +67,7 @@
67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	67	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	68	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
69	.\"	69	.\"
70	.Dd $Mdocdate: October 1 2023 $	70	.Dd $Mdocdate: December 8 2024 $
71	.Dt EVP_CIPHER_CTX_CTRL 3	71	.Dt EVP_CIPHER_CTX_CTRL 3
72	.Os	72	.Os
73	.Sh NAME	73	.Sh NAME
@@ -131,7 +131,9 @@
131	.Sh DESCRIPTION	131	.Sh DESCRIPTION
132	.Fn EVP_CIPHER_CTX_ctrl	132	.Fn EVP_CIPHER_CTX_ctrl
133	allows various cipher specific parameters to be determined and set.	133	allows various cipher specific parameters to be determined and set.
134	Currently only the RC2 effective key length can be set.	134	Currently only the RC2 effective key length can be set; see
		135	.Xr EVP_rc2_cbc 3
		136	for details.
135	.Pp	137	.Pp
136	.Fn EVP_CIPHER_CTX_set_padding	138	.Fn EVP_CIPHER_CTX_set_padding
137	enables or disables padding.	139	enables or disables padding.


diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3 index 32ed3349b9..3e0cec8f9e 100644 --- a/src/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: EVP_EncryptInit.3,v 1.53 2024/11/09 22:03:49 schwarze Exp $	1	.\" $OpenBSD: EVP_EncryptInit.3,v 1.54 2024/12/08 17:41:23 schwarze Exp $
2	.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800	2	.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
3	.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod	3	.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
4	.\" 7c6d372a Nov 20 13:20:01 2018 +0000	4	.\" 7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	69	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	70	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
71	.\"	71	.\"
72	.Dd $Mdocdate: November 9 2024 $	72	.Dd $Mdocdate: December 8 2024 $
73	.Dt EVP_ENCRYPTINIT 3	73	.Dt EVP_ENCRYPTINIT 3
74	.Os	74	.Os
75	.Sh NAME	75	.Sh NAME
@@ -103,13 +103,6 @@
103	.Nm EVP_idea_cfb64 ,	103	.Nm EVP_idea_cfb64 ,
104	.Nm EVP_idea_cfb ,	104	.Nm EVP_idea_cfb ,
105	.Nm EVP_idea_ofb ,	105	.Nm EVP_idea_ofb ,
106	.Nm EVP_rc2_cbc ,
107	.Nm EVP_rc2_ecb ,
108	.Nm EVP_rc2_cfb64 ,
109	.Nm EVP_rc2_cfb ,
110	.Nm EVP_rc2_ofb ,
111	.Nm EVP_rc2_40_cbc ,
112	.Nm EVP_rc2_64_cbc ,
113	.Nm EVP_bf_cbc ,	106	.Nm EVP_bf_cbc ,
114	.Nm EVP_bf_ecb ,	107	.Nm EVP_bf_ecb ,
115	.Nm EVP_bf_cfb64 ,	108	.Nm EVP_bf_cfb64 ,
@@ -570,34 +563,6 @@ is an alias for
570	.Fn EVP_idea_cfb64 ,	563	.Fn EVP_idea_cfb64 ,
571	implemented as a macro.	564	implemented as a macro.
572	.It Xo	565	.It Xo
573	.Fn EVP_rc2_cbc ,
574	.Fn EVP_rc2_ecb ,
575	.Fn EVP_rc2_cfb64 ,
576	.Fn EVP_rc2_ofb
577	.Xc
578	RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
579	RC2 is a block cipher operating on 64 bit blocks using a variable
580	.Fa key
581	length with an additional parameter called
582	"effective key bits" or "effective key length".
583	By default both are set to 128 bits.
584	.Fn EVP_rc2_cfb
585	is an alias for
586	.Fn EVP_rc2_cfb64 ,
587	implemented as a macro.
588	.It Xo
589	.Fn EVP_rc2_40_cbc ,
590	.Fn EVP_rc2_64_cbc
591	.Xc
592	RC2 algorithm in CBC mode with a default key length and effective key
593	length of 40 and 64 bits.
594	These are obsolete and new code should use
595	.Fn EVP_rc2_cbc ,
596	.Xr EVP_CIPHER_CTX_set_key_length 3 ,
597	and
598	.Xr EVP_CIPHER_CTX_ctrl 3
599	to set the key length and effective key length.
600	.It Xo
601	.Fn EVP_bf_cbc ,	566	.Fn EVP_bf_cbc ,
602	.Fn EVP_bf_ecb ,	567	.Fn EVP_bf_ecb ,
603	.Fn EVP_bf_cfb64 ,	568	.Fn EVP_bf_cfb64 ,
@@ -638,6 +603,7 @@ Some algorithms are documented in separate manual pages:
638	.It Xr EVP_camellia_128_cbc 3 Ta 128 Ta 128, 192, 256	603	.It Xr EVP_camellia_128_cbc 3 Ta 128 Ta 128, 192, 256
639	.It Xr EVP_chacha20 3 Ta stream Ta 256	604	.It Xr EVP_chacha20 3 Ta stream Ta 256
640	.It Xr EVP_des_cbc 3 Ta 64 Ta 64	605	.It Xr EVP_des_cbc 3 Ta 64 Ta 64
		606	.It Xr EVP_rc2_cbc 3 Ta 64 Ta variable, default 128
641	.It Xr EVP_rc4 3 Ta stream Ta variable, default 128	607	.It Xr EVP_rc4 3 Ta stream Ta variable, default 128
642	.It Xr EVP_sm4_cbc 3 Ta 128 Ta 128	608	.It Xr EVP_sm4_cbc 3 Ta 128 Ta 128
643	.El	609	.El
@@ -864,6 +830,7 @@ do_crypt(FILE in_fileptr, FILE out_fileptr, int do_encrypt)
864	.Xr EVP_CIPHER_nid 3 ,	830	.Xr EVP_CIPHER_nid 3 ,
865	.Xr EVP_des_cbc 3 ,	831	.Xr EVP_des_cbc 3 ,
866	.Xr EVP_OpenInit 3 ,	832	.Xr EVP_OpenInit 3 ,
		833	.Xr EVP_rc2_cbc 3 ,
867	.Xr EVP_rc4 3 ,	834	.Xr EVP_rc4 3 ,
868	.Xr EVP_SealInit 3 ,	835	.Xr EVP_SealInit 3 ,
869	.Xr EVP_sm4_cbc 3	836	.Xr EVP_sm4_cbc 3
@@ -884,12 +851,6 @@ do_crypt(FILE in_fileptr, FILE out_fileptr, int do_encrypt)
884	and	851	and
885	.Fn EVP_idea_ofb	852	.Fn EVP_idea_ofb
886	first appeared in SSLeay 0.5.1.	853	first appeared in SSLeay 0.5.1.
887	.Fn EVP_rc2_cbc ,
888	.Fn EVP_rc2_ecb ,
889	.Fn EVP_rc2_cfb ,
890	and
891	.Fn EVP_rc2_ofb
892	first appeared in SSLeay 0.5.2.
893	.Fn EVP_bf_cbc ,	854	.Fn EVP_bf_cbc ,
894	.Fn EVP_bf_ecb ,	855	.Fn EVP_bf_ecb ,
895	.Fn EVP_bf_cfb ,	856	.Fn EVP_bf_cfb ,
@@ -906,12 +867,6 @@ first appeared in SSLeay 0.8.1.
906	All these functions have been available since	867	All these functions have been available since
907	.Ox 2.4 .	868	.Ox 2.4 .
908	.Pp	869	.Pp
909	.Fn EVP_rc2_40_cbc
910	and
911	.Fn EVP_rc2_64_cbc
912	first appeared in SSLeay 0.9.1 and have been available since
913	.Ox 2.6 .
914	.Pp
915	.Fn EVP_EncryptInit_ex ,	870	.Fn EVP_EncryptInit_ex ,
916	.Fn EVP_EncryptFinal_ex ,	871	.Fn EVP_EncryptFinal_ex ,
917	.Fn EVP_DecryptInit_ex ,	872	.Fn EVP_DecryptInit_ex ,
@@ -924,9 +879,8 @@ first appeared in OpenSSL 0.9.7 and have been available since
924	.Pp	879	.Pp
925	.Fn EVP_bf_cfb64 ,	880	.Fn EVP_bf_cfb64 ,
926	.Fn EVP_cast5_cfb64 ,	881	.Fn EVP_cast5_cfb64 ,
927	.Fn EVP_idea_cfb64 ,
928	and	882	and
929	.Fn EVP_rc2_cfb64	883	.Fn EVP_idea_cfb64
930	first appeared in OpenSSL 0.9.7e and have been available since	884	first appeared in OpenSSL 0.9.7e and have been available since
931	.Ox 3.8 .	885	.Ox 3.8 .
932	.Pp	886	.Pp


diff --git a/src/lib/libcrypto/man/EVP_rc2_cbc.3 b/src/lib/libcrypto/man/EVP_rc2_cbc.3 new file mode 100644 index 0000000000..38c8184260 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_rc2_cbc.3
@@ -0,0 +1,201 @@
		1	.\" $OpenBSD: EVP_rc2_cbc.3,v 1.1 2024/12/08 17:41:23 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2024 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 8 2024 $
		18	.Dt EVP_RC2_CBC 3
		19	.Os
		20	.Sh NAME
		21	.Nm EVP_rc2_cbc ,
		22	.Nm EVP_rc2_ecb ,
		23	.Nm EVP_rc2_cfb64 ,
		24	.Nm EVP_rc2_cfb ,
		25	.Nm EVP_rc2_ofb ,
		26	.Nm EVP_rc2_40_cbc ,
		27	.Nm EVP_rc2_64_cbc
		28	.Nd Rivest Cipher 2 in the EVP framework
		29	.Sh SYNOPSIS
		30	.In openssl/evp.h
		31	.Ft const EVP_CIPHER *
		32	.Fn EVP_rc2_cbc void
		33	.Ft const EVP_CIPHER *
		34	.Fn EVP_rc2_ecb void
		35	.Ft const EVP_CIPHER *
		36	.Fn EVP_rc2_cfb64 void
		37	.Ft const EVP_CIPHER *
		38	.Fn EVP_rc2_cfb void
		39	.Ft const EVP_CIPHER *
		40	.Fn EVP_rc2_ofb void
		41	.Ft const EVP_CIPHER *
		42	.Fn EVP_rc2_40_cbc void
		43	.Ft const EVP_CIPHER *
		44	.Fn EVP_rc2_64_cbc void
		45	.In openssl/rc2.h
		46	.Fd #define RC2_BLOCK 8
		47	.Fd #define RC2_KEY_LENGTH 16
		48	.Sh DESCRIPTION
		49	RC2 is a block cipher operating on blocks of
		50	.Dv RC2_BLOCK No = 8
		51	bytes, equivalent to 64 bits, using a variable
		52	.Fa key
		53	length with an additional parameter called
		54	.Dq effective key bits
		55	or
		56	.Dq effective key length .
		57	.Pp
		58	.Fn EVP_rc2_cbc ,
		59	.Fn EVP_rc2_ecb ,
		60	.Fn EVP_rc2_cfb64 ,
		61	and
		62	.Fn EVP_rc2_ofb
		63	provide the RC2 encryption algorithm in CBC, ECB, CFB and OFB mode,
		64	respectively.
		65	.Fn EVP_rc2_cfb
		66	is an alias for
		67	.Fn EVP_rc2_cfb64 ,
		68	implemented as a macro.
		69	.Pp
		70	By default, these functions set both the key length
		71	and the effective key length to
		72	.Dv RC2_KEY_LENGTH No = 16
		73	bytes, which is not a very useful value because it is quite short.
		74	.Pp
		75	Configuring normally requires a multi-step process:
		76	.Bl -enum -width 2n
		77	.It
		78	Create a new, empty
		79	.Vt EVP_CIPHER_CTX
		80	object with
		81	.Xr EVP_CIPHER_CTX_new 3 .
		82	.It
		83	Select the operation mode by calling
		84	.Xr EVP_EncryptInit 3
		85	with the desired
		86	.Fa type
		87	argument, passing
		88	.Dv NULL
		89	pointers for the
		90	.Fa key
		91	and
		92	.Fa iv
		93	arguments.
		94	.It
		95	Select the
		96	.Fa key
		97	length by passing the desired number of bytes to
		98	.Xr EVP_CIPHER_CTX_set_key_length 3 .
		99	Doing so overrides the default key length of
		100	.Dv RC2_KEY_LENGTH No = 16 .
		101	Valid values for
		102	.Fa keylen
		103	are positive and less than or equal to 128.
		104	.It
		105	Select the effective key length by calling
		106	.Xr EVP_CIPHER_CTX_ctrl 3
		107	with a
		108	.Fa type
		109	argument of
		110	.Dv EVP_CTRL_SET_RC2_KEY_BITS ,
		111	passing the desired number of bits in
		112	.Fa arg .
		113	Doing so overrides the default effective key length of 128 bits.
		114	Valid values for
		115	.Fa arg
		116	are positive and less than or equal to 1024.
		117	The
		118	.Fa ptr
		119	argument is ignored; passing
		120	.Dv NULL
		121	is recommended.
		122	.It
		123	Call
		124	.Xr EVP_EncryptInit 3
		125	a second time, this time passing
		126	.Dv NULL
		127	for the type argument.
		128	The
		129	.Fa key
		130	argument points to an array containing the number of bytes that was passed to
		131	.Xr EVP_CIPHER_CTX_set_key_length 3 ,
		132	and the
		133	.Fa iv
		134	argument points to an array of eight bytes.
		135	.It
		136	Finally,
		137	.Xr EVP_EncryptUpdate 3
		138	and
		139	.Xr EVP_EncryptFinal 3
		140	can be used in the normal way.
		141	.El
		142	.Pp
		143	Once a
		144	.Fa ctx
		145	object is fully configured, calling
		146	.Xr EVP_CIPHER_CTX_ctrl 3
		147	with a
		148	.Fa type
		149	argument of
		150	.Dv EVP_CTRL_GET_RC2_KEY_BITS
		151	interprets
		152	.Fa ptr
		153	as a pointer to
		154	.Vt int
		155	and stores the effective key length in bits at that location.
		156	In this case,
		157	.Fa arg
		158	is ignored and passing 0 is recommended.
		159	.Pp
		160	In the CFB and OFB modes, the minimum required total length in bytes
		161	of the output buffer is equal to the total number of input bytes to
		162	be encoded.
		163	In the CBC and ECB modes, the minimum required total length
		164	of the output buffer has to be rounded up to the next multiple
		165	of the block size of eight bytes.
		166	.Pp
		167	.Fn EVP_rc2_40_cbc
		168	and
		169	.Fn EVP_rc2_64_cbc
		170	are obsolete functions that provide the RC2 algorithm in CBC mode
		171	with a key length and an effective key length of 40 and 64 bits,
		172	respectively.
		173	.Sh RETURN VALUES
		174	With the
		175	.Vt EVP_CIPHER
		176	objects documented in the present manual page,
		177	.Fn EVP_CIPHER_CTX_ctrl
		178	returns 1 for success or 0 if an error occurs.
		179	.Sh SEE ALSO
		180	.Xr evp 3 ,
		181	.Xr EVP_CIPHER_CTX_set_key_length 3 ,
		182	.Xr EVP_EncryptInit 3 ,
		183	.Xr RC2_encrypt 3
		184	.Sh HISTORY
		185	.Fn EVP_rc2_cbc ,
		186	.Fn EVP_rc2_ecb ,
		187	.Fn EVP_rc2_cfb ,
		188	and
		189	.Fn EVP_rc2_ofb
		190	first appeared in SSLeay 0.5.2 and have been available since
		191	.Ox 2.4 .
		192	.Pp
		193	.Fn EVP_rc2_40_cbc
		194	and
		195	.Fn EVP_rc2_64_cbc
		196	first appeared in SSLeay 0.9.1 and have been available since
		197	.Ox 2.6 .
		198	.Pp
		199	.Fn EVP_rc2_cfb64
		200	first appeared in OpenSSL 0.9.7e and has been available since
		201	.Ox 3.8 .


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 11213cb518..c69fe73af2 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.299 2024/12/06 14:27:49 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.300 2024/12/08 17:41:23 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -199,6 +199,7 @@ MAN= \
199	EVP_camellia_128_cbc.3 \	199	EVP_camellia_128_cbc.3 \
200	EVP_chacha20.3 \	200	EVP_chacha20.3 \
201	EVP_des_cbc.3 \	201	EVP_des_cbc.3 \
		202	EVP_rc2_cbc.3 \
202	EVP_rc4.3 \	203	EVP_rc4.3 \
203	EVP_sha1.3 \	204	EVP_sha1.3 \
204	EVP_sha3_224.3 \	205	EVP_sha3_224.3 \
@@ -264,6 +265,7 @@ MAN= \
264	RAND_bytes.3 \	265	RAND_bytes.3 \
265	RAND_load_file.3 \	266	RAND_load_file.3 \
266	RAND_set_rand_method.3 \	267	RAND_set_rand_method.3 \
		268	RC2_encrypt.3 \
267	RC4.3 \	269	RC4.3 \
268	RIPEMD160.3 \	270	RIPEMD160.3 \
269	RSA_PSS_PARAMS_new.3 \	271	RSA_PSS_PARAMS_new.3 \