1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/rc4/rc4_enc.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,315 @@
1.4 +/* crypto/rc4/rc4_enc.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +#include <openssl/rc4.h>
1.63 +#include "rc4_locl.h"
1.64 +
1.65 +/* RC4 as implemented from a posting from
1.66 + * Newsgroups: sci.crypt
1.67 + * From: sterndark@netcom.com (David Sterndark)
1.68 + * Subject: RC4 Algorithm revealed.
1.69 + * Message-ID: <sternCvKL4B.Hyy@netcom.com>
1.70 + * Date: Wed, 14 Sep 1994 06:35:31 GMT
1.71 + */
1.72 +
1.73 +EXPORT_C void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
1.74 + unsigned char *outdata)
1.75 + {
1.76 + register RC4_INT *d;
1.77 + register RC4_INT x,y,tx,ty;
1.78 + int i;
1.79 +
1.80 + x=key->x;
1.81 + y=key->y;
1.82 + d=key->data;
1.83 +
1.84 +#if defined(RC4_CHUNK)
1.85 + /*
1.86 + * The original reason for implementing this(*) was the fact that
1.87 + * pre-21164a Alpha CPUs don't have byte load/store instructions
1.88 + * and e.g. a byte store has to be done with 64-bit load, shift,
1.89 + * and, or and finally 64-bit store. Peaking data and operating
1.90 + * at natural word size made it possible to reduce amount of
1.91 + * instructions as well as to perform early read-ahead without
1.92 + * suffering from RAW (read-after-write) hazard. This resulted
1.93 + * in ~40%(**) performance improvement on 21064 box with gcc.
1.94 + * But it's not only Alpha users who win here:-) Thanks to the
1.95 + * early-n-wide read-ahead this implementation also exhibits
1.96 + * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
1.97 + * on sizeof(RC4_INT)).
1.98 + *
1.99 + * (*) "this" means code which recognizes the case when input
1.100 + * and output pointers appear to be aligned at natural CPU
1.101 + * word boundary
1.102 + * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
1.103 + * crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
1.104 + *
1.105 + * Cavets.
1.106 + *
1.107 + * - RC4_CHUNK="unsigned long long" should be a #1 choice for
1.108 + * UltraSPARC. Unfortunately gcc generates very slow code
1.109 + * (2.5-3 times slower than one generated by Sun's WorkShop
1.110 + * C) and therefore gcc (at least 2.95 and earlier) should
1.111 + * always be told that RC4_CHUNK="unsigned long".
1.112 + *
1.113 + * <appro@fy.chalmers.se>
1.114 + */
1.115 +
1.116 +# define RC4_STEP ( \
1.117 + x=(x+1) &0xff, \
1.118 + tx=d[x], \
1.119 + y=(tx+y)&0xff, \
1.120 + ty=d[y], \
1.121 + d[y]=tx, \
1.122 + d[x]=ty, \
1.123 + (RC4_CHUNK)d[(tx+ty)&0xff]\
1.124 + )
1.125 +
1.126 + if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) |
1.127 + ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
1.128 + {
1.129 + RC4_CHUNK ichunk,otp;
1.130 + const union { long one; char little; } is_endian = {1};
1.131 +
1.132 + /*
1.133 + * I reckon we can afford to implement both endian
1.134 + * cases and to decide which way to take at run-time
1.135 + * because the machine code appears to be very compact
1.136 + * and redundant 1-2KB is perfectly tolerable (i.e.
1.137 + * in case the compiler fails to eliminate it:-). By
1.138 + * suggestion from Terrel Larson <terr@terralogic.net>
1.139 + * who also stands for the is_endian union:-)
1.140 + *
1.141 + * Special notes.
1.142 + *
1.143 + * - is_endian is declared automatic as doing otherwise
1.144 + * (declaring static) prevents gcc from eliminating
1.145 + * the redundant code;
1.146 + * - compilers (those I've tried) don't seem to have
1.147 + * problems eliminating either the operators guarded
1.148 + * by "if (sizeof(RC4_CHUNK)==8)" or the condition
1.149 + * expressions themselves so I've got 'em to replace
1.150 + * corresponding #ifdefs from the previous version;
1.151 + * - I chose to let the redundant switch cases when
1.152 + * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
1.153 + * before);
1.154 + * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
1.155 + * [LB]ESHFT guards against "shift is out of range"
1.156 + * warnings when sizeof(RC4_CHUNK)!=8
1.157 + *
1.158 + * <appro@fy.chalmers.se>
1.159 + */
1.160 + if (!is_endian.little)
1.161 + { /* BIG-ENDIAN CASE */
1.162 +# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
1.163 + for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
1.164 + {
1.165 + ichunk = *(RC4_CHUNK *)indata;
1.166 + otp = RC4_STEP<<BESHFT(0);
1.167 + otp |= RC4_STEP<<BESHFT(1);
1.168 + otp |= RC4_STEP<<BESHFT(2);
1.169 + otp |= RC4_STEP<<BESHFT(3);
1.170 + if (sizeof(RC4_CHUNK)==8)
1.171 + {
1.172 + otp |= RC4_STEP<<BESHFT(4);
1.173 + otp |= RC4_STEP<<BESHFT(5);
1.174 + otp |= RC4_STEP<<BESHFT(6);
1.175 + otp |= RC4_STEP<<BESHFT(7);
1.176 + }
1.177 + *(RC4_CHUNK *)outdata = otp^ichunk;
1.178 + indata += sizeof(RC4_CHUNK);
1.179 + outdata += sizeof(RC4_CHUNK);
1.180 + }
1.181 + if (len)
1.182 + {
1.183 + RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
1.184 +
1.185 + ichunk = *(RC4_CHUNK *)indata;
1.186 + ochunk = *(RC4_CHUNK *)outdata;
1.187 + otp = 0;
1.188 + i = BESHFT(0);
1.189 + mask <<= (sizeof(RC4_CHUNK)-len)<<3;
1.190 + switch (len&(sizeof(RC4_CHUNK)-1))
1.191 + {
1.192 + case 7: otp = RC4_STEP<<i, i-=8;
1.193 + case 6: otp |= RC4_STEP<<i, i-=8;
1.194 + case 5: otp |= RC4_STEP<<i, i-=8;
1.195 + case 4: otp |= RC4_STEP<<i, i-=8;
1.196 + case 3: otp |= RC4_STEP<<i, i-=8;
1.197 + case 2: otp |= RC4_STEP<<i, i-=8;
1.198 + case 1: otp |= RC4_STEP<<i, i-=8;
1.199 + case 0: ; /*
1.200 + * it's never the case,
1.201 + * but it has to be here
1.202 + * for ultrix?
1.203 + */
1.204 + }
1.205 + ochunk &= ~mask;
1.206 + ochunk |= (otp^ichunk) & mask;
1.207 + *(RC4_CHUNK *)outdata = ochunk;
1.208 + }
1.209 + key->x=x;
1.210 + key->y=y;
1.211 + return;
1.212 + }
1.213 + else
1.214 + { /* LITTLE-ENDIAN CASE */
1.215 +# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
1.216 + for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
1.217 + {
1.218 + ichunk = *(RC4_CHUNK *)indata;
1.219 + otp = RC4_STEP;
1.220 + otp |= RC4_STEP<<8;
1.221 + otp |= RC4_STEP<<16;
1.222 + otp |= RC4_STEP<<24;
1.223 + if (sizeof(RC4_CHUNK)==8)
1.224 + {
1.225 + otp |= RC4_STEP<<LESHFT(4);
1.226 + otp |= RC4_STEP<<LESHFT(5);
1.227 + otp |= RC4_STEP<<LESHFT(6);
1.228 + otp |= RC4_STEP<<LESHFT(7);
1.229 + }
1.230 + *(RC4_CHUNK *)outdata = otp^ichunk;
1.231 + indata += sizeof(RC4_CHUNK);
1.232 + outdata += sizeof(RC4_CHUNK);
1.233 + }
1.234 + if (len)
1.235 + {
1.236 + RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
1.237 +
1.238 + ichunk = *(RC4_CHUNK *)indata;
1.239 + ochunk = *(RC4_CHUNK *)outdata;
1.240 + otp = 0;
1.241 + i = 0;
1.242 + mask >>= (sizeof(RC4_CHUNK)-len)<<3;
1.243 + switch (len&(sizeof(RC4_CHUNK)-1))
1.244 + {
1.245 + case 7: otp = RC4_STEP, i+=8;
1.246 + case 6: otp |= RC4_STEP<<i, i+=8;
1.247 + case 5: otp |= RC4_STEP<<i, i+=8;
1.248 + case 4: otp |= RC4_STEP<<i, i+=8;
1.249 + case 3: otp |= RC4_STEP<<i, i+=8;
1.250 + case 2: otp |= RC4_STEP<<i, i+=8;
1.251 + case 1: otp |= RC4_STEP<<i, i+=8;
1.252 + case 0: ; /*
1.253 + * it's never the case,
1.254 + * but it has to be here
1.255 + * for ultrix?
1.256 + */
1.257 + }
1.258 + ochunk &= ~mask;
1.259 + ochunk |= (otp^ichunk) & mask;
1.260 + *(RC4_CHUNK *)outdata = ochunk;
1.261 + }
1.262 + key->x=x;
1.263 + key->y=y;
1.264 + return;
1.265 + }
1.266 + }
1.267 +#endif
1.268 +#define LOOP(in,out) \
1.269 + x=((x+1)&0xff); \
1.270 + tx=d[x]; \
1.271 + y=(tx+y)&0xff; \
1.272 + d[x]=ty=d[y]; \
1.273 + d[y]=tx; \
1.274 + (out) = d[(tx+ty)&0xff]^ (in);
1.275 +
1.276 +#ifndef RC4_INDEX
1.277 +#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
1.278 +#else
1.279 +#define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
1.280 +#endif
1.281 +
1.282 + i=(int)(len>>3L);
1.283 + if (i)
1.284 + {
1.285 + for (;;)
1.286 + {
1.287 + RC4_LOOP(indata,outdata,0);
1.288 + RC4_LOOP(indata,outdata,1);
1.289 + RC4_LOOP(indata,outdata,2);
1.290 + RC4_LOOP(indata,outdata,3);
1.291 + RC4_LOOP(indata,outdata,4);
1.292 + RC4_LOOP(indata,outdata,5);
1.293 + RC4_LOOP(indata,outdata,6);
1.294 + RC4_LOOP(indata,outdata,7);
1.295 +#ifdef RC4_INDEX
1.296 + indata+=8;
1.297 + outdata+=8;
1.298 +#endif
1.299 + if (--i == 0) break;
1.300 + }
1.301 + }
1.302 + i=(int)len&0x07;
1.303 + if (i)
1.304 + {
1.305 + for (;;)
1.306 + {
1.307 + RC4_LOOP(indata,outdata,0); if (--i == 0) break;
1.308 + RC4_LOOP(indata,outdata,1); if (--i == 0) break;
1.309 + RC4_LOOP(indata,outdata,2); if (--i == 0) break;
1.310 + RC4_LOOP(indata,outdata,3); if (--i == 0) break;
1.311 + RC4_LOOP(indata,outdata,4); if (--i == 0) break;
1.312 + RC4_LOOP(indata,outdata,5); if (--i == 0) break;
1.313 + RC4_LOOP(indata,outdata,6); if (--i == 0) break;
1.314 + }
1.315 + }
1.316 + key->x=x;
1.317 + key->y=y;
1.318 + }