Add 40-bit RC2 support. As useless as it might seem, the certificates in PKCS#12 files appear to always be encrypted with 40-bit RC2. OpenSSL, NSS and Windows are all the same on this point. Thus, in order to be able to import PKCS#12 files we need RC2 support. RC2 has deliberately not been added to EVP_get_cipherbynid so that the linker can drop the RC2 code unless the PKCS#12 functions are actually called. Change-Id: I5b2062fdf78cb622a8038c326da01aac8fb58962 Reviewed-on: https://boringssl-review.googlesource.com/1590 Reviewed-by: Adam Langley <agl@google.com>

commit: cc8fcf45bbf37cbee85d4b8dac9d9814f6831961 [log] [tgz]
author: Adam Langley <agl@chromium.org> Thu Aug 21 10:48:32 2014 -0700
committer: Adam Langley <agl@google.com> Mon Aug 25 21:37:20 2014 +0000
tree: 4ed67c32079b40828afc77a4b98bf00f6e4898fd
parent: 9169c964589694a3dac5fecf6465806fb1f8b22b [diff] [blame]
diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index 92cec76..3a3a856 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h

@@ -91,6 +91,12 @@
  * ciphertext. */
 OPENSSL_EXPORT const EVP_CIPHER *EVP_enc_null(void);
 
+/* EVP_rc2_40_cbc returns a cipher that implements 40-bit RC2 in CBC mode. This
+ * is obviously very, very weak and is included only in order to read PKCS#12
+ * files, which often encrypt the certificate chain using this cipher. It is
+ * deliberately not exported. */
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+
 /* EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
  * NULL if no such cipher is known. */
 OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbynid(int nid);
commit	cc8fcf45bbf37cbee85d4b8dac9d9814f6831961	[log] [tgz]
author	Adam Langley <agl@chromium.org>	Thu Aug 21 10:48:32 2014 -0700
committer	Adam Langley <agl@google.com>	Mon Aug 25 21:37:20 2014 +0000
tree	4ed67c32079b40828afc77a4b98bf00f6e4898fd
parent	9169c964589694a3dac5fecf6465806fb1f8b22b [diff] [blame]