summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rc2
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rc2')
-rw-r--r--src/lib/libcrypto/rc2/rc2.c (renamed from src/lib/libcrypto/rc2/rc2_cbc.c)373
-rw-r--r--src/lib/libcrypto/rc2/rc2.h9
-rw-r--r--src/lib/libcrypto/rc2/rc2_ecb.c91
-rw-r--r--src/lib/libcrypto/rc2/rc2_local.h7
-rw-r--r--src/lib/libcrypto/rc2/rc2_skey.c142
-rw-r--r--src/lib/libcrypto/rc2/rc2cfb64.c124
-rw-r--r--src/lib/libcrypto/rc2/rc2ofb64.c111
-rw-r--r--src/lib/libcrypto/rc2/rrc2.doc219
-rw-r--r--src/lib/libcrypto/rc2/version22
9 files changed, 312 insertions, 786 deletions
diff --git a/src/lib/libcrypto/rc2/rc2_cbc.c b/src/lib/libcrypto/rc2/rc2.c
index 1d8e2def99..c122d4b810 100644
--- a/src/lib/libcrypto/rc2/rc2_cbc.c
+++ b/src/lib/libcrypto/rc2/rc2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rc2_cbc.c,v 1.8 2023/07/07 13:40:44 beck Exp $ */ 1/* $OpenBSD: rc2.c,v 1.1 2025/05/25 05:29:54 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -57,86 +57,89 @@
57 */ 57 */
58 58
59#include <openssl/rc2.h> 59#include <openssl/rc2.h>
60
60#include "rc2_local.h" 61#include "rc2_local.h"
61 62
63static const unsigned char key_table[256]={
64 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
65 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
66 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
67 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
68 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
69 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
70 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
71 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
72 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
73 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
74 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
75 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
76 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
77 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
78 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
79 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
80 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
81 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
82 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
83 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
84 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
85 0xfe,0x7f,0xc1,0xad,
86 };
87
88/* It has come to my attention that there are 2 versions of the RC2
89 * key schedule. One which is normal, and anther which has a hook to
90 * use a reduced key length.
91 * BSAFE uses the 'retarded' version. What I previously shipped is
92 * the same as specifying 1024 for the 'bits' parameter. Bsafe uses
93 * a version where the bits parameter is the same as len*8 */
62void 94void
63RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, 95RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
64 RC2_KEY *ks, unsigned char *iv, int encrypt)
65{ 96{
66 unsigned long tin0, tin1; 97 int i, j;
67 unsigned long tout0, tout1, xor0, xor1; 98 unsigned char *k;
68 long l = length; 99 RC2_INT *ki;
69 unsigned long tin[2]; 100 unsigned int c, d;
70 101
71 if (encrypt) { 102 k = (unsigned char *)&(key->data[0]);
72 c2l(iv, tout0); 103 *k = 0; /* for if there is a zero length key */
73 c2l(iv, tout1); 104
74 iv -= 8; 105 if (len > 128)
75 for (l -= 8; l >= 0; l -= 8) 106 len = 128;
76 { 107 if (bits <= 0)
77 c2l(in, tin0); 108 bits = 1024;
78 c2l(in, tin1); 109 if (bits > 1024)
79 tin0 ^= tout0; 110 bits = 1024;
80 tin1 ^= tout1; 111
81 tin[0] = tin0; 112 for (i = 0; i < len; i++)
82 tin[1] = tin1; 113 k[i] = data[i];
83 RC2_encrypt(tin, ks); 114
84 tout0 = tin[0]; 115 /* expand table */
85 l2c(tout0, out); 116 d = k[len - 1];
86 tout1 = tin[1]; 117 j = 0;
87 l2c(tout1, out); 118 for (i = len; i < 128; i++, j++)
88 } 119 {
89 if (l != -8) { 120 d = key_table[(k[j] + d) & 0xff];
90 c2ln(in, tin0, tin1, l + 8); 121 k[i] = d;
91 tin0 ^= tout0;
92 tin1 ^= tout1;
93 tin[0] = tin0;
94 tin[1] = tin1;
95 RC2_encrypt(tin, ks);
96 tout0 = tin[0];
97 l2c(tout0, out);
98 tout1 = tin[1];
99 l2c(tout1, out);
100 }
101 l2c(tout0, iv);
102 l2c(tout1, iv);
103 } else {
104 c2l(iv, xor0);
105 c2l(iv, xor1);
106 iv -= 8;
107 for (l -= 8; l >= 0; l -= 8)
108 {
109 c2l(in, tin0);
110 tin[0] = tin0;
111 c2l(in, tin1);
112 tin[1] = tin1;
113 RC2_decrypt(tin, ks);
114 tout0 = tin[0] ^ xor0;
115 tout1 = tin[1] ^ xor1;
116 l2c(tout0, out);
117 l2c(tout1, out);
118 xor0 = tin0;
119 xor1 = tin1;
120 }
121 if (l != -8) {
122 c2l(in, tin0);
123 tin[0] = tin0;
124 c2l(in, tin1);
125 tin[1] = tin1;
126 RC2_decrypt(tin, ks);
127 tout0 = tin[0] ^ xor0;
128 tout1 = tin[1] ^ xor1;
129 l2cn(tout0, tout1, out, l + 8);
130 xor0 = tin0;
131 xor1 = tin1;
132 }
133 l2c(xor0, iv);
134 l2c(xor1, iv);
135 } 122 }
136 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; 123
137 tin[0] = tin[1] = 0; 124 /* hmm.... key reduction to 'bits' bits */
125
126 j = (bits + 7) >> 3;
127 i = 128 - j;
128 c = (0xff >> (-bits & 0x07));
129
130 d = key_table[k[i] & c];
131 k[i] = d;
132 while (i--) {
133 d = key_table[k[i + j] ^ d];
134 k[i] = d;
135 }
136
137 /* copy from bytes into RC2_INT's */
138 ki = &(key->data[63]);
139 for (i = 127; i >= 0; i -= 2)
140 *(ki--) = ((k[i] << 8)|k[i - 1]) & 0xffff;
138} 141}
139LCRYPTO_ALIAS(RC2_cbc_encrypt); 142LCRYPTO_ALIAS(RC2_set_key);
140 143
141void 144void
142RC2_encrypt(unsigned long *d, RC2_KEY *key) 145RC2_encrypt(unsigned long *d, RC2_KEY *key)
@@ -234,3 +237,225 @@ RC2_decrypt(unsigned long *d, RC2_KEY *key)
234 16L); 237 16L);
235} 238}
236LCRYPTO_ALIAS(RC2_decrypt); 239LCRYPTO_ALIAS(RC2_decrypt);
240
241void
242RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
243 RC2_KEY *ks, unsigned char *iv, int encrypt)
244{
245 unsigned long tin0, tin1;
246 unsigned long tout0, tout1, xor0, xor1;
247 long l = length;
248 unsigned long tin[2];
249
250 if (encrypt) {
251 c2l(iv, tout0);
252 c2l(iv, tout1);
253 iv -= 8;
254 for (l -= 8; l >= 0; l -= 8)
255 {
256 c2l(in, tin0);
257 c2l(in, tin1);
258 tin0 ^= tout0;
259 tin1 ^= tout1;
260 tin[0] = tin0;
261 tin[1] = tin1;
262 RC2_encrypt(tin, ks);
263 tout0 = tin[0];
264 l2c(tout0, out);
265 tout1 = tin[1];
266 l2c(tout1, out);
267 }
268 if (l != -8) {
269 c2ln(in, tin0, tin1, l + 8);
270 tin0 ^= tout0;
271 tin1 ^= tout1;
272 tin[0] = tin0;
273 tin[1] = tin1;
274 RC2_encrypt(tin, ks);
275 tout0 = tin[0];
276 l2c(tout0, out);
277 tout1 = tin[1];
278 l2c(tout1, out);
279 }
280 l2c(tout0, iv);
281 l2c(tout1, iv);
282 } else {
283 c2l(iv, xor0);
284 c2l(iv, xor1);
285 iv -= 8;
286 for (l -= 8; l >= 0; l -= 8)
287 {
288 c2l(in, tin0);
289 tin[0] = tin0;
290 c2l(in, tin1);
291 tin[1] = tin1;
292 RC2_decrypt(tin, ks);
293 tout0 = tin[0] ^ xor0;
294 tout1 = tin[1] ^ xor1;
295 l2c(tout0, out);
296 l2c(tout1, out);
297 xor0 = tin0;
298 xor1 = tin1;
299 }
300 if (l != -8) {
301 c2l(in, tin0);
302 tin[0] = tin0;
303 c2l(in, tin1);
304 tin[1] = tin1;
305 RC2_decrypt(tin, ks);
306 tout0 = tin[0] ^ xor0;
307 tout1 = tin[1] ^ xor1;
308 l2cn(tout0, tout1, out, l + 8);
309 xor0 = tin0;
310 xor1 = tin1;
311 }
312 l2c(xor0, iv);
313 l2c(xor1, iv);
314 }
315 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
316 tin[0] = tin[1] = 0;
317}
318LCRYPTO_ALIAS(RC2_cbc_encrypt);
319
320/* The input and output encrypted as though 64bit cfb mode is being
321 * used. The extra state information to record how much of the
322 * 64bit block we have used is contained in *num;
323 */
324void
325RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
326 long length, RC2_KEY *schedule, unsigned char *ivec,
327 int *num, int encrypt)
328{
329 unsigned long v0, v1, t;
330 int n = *num;
331 long l = length;
332 unsigned long ti[2];
333 unsigned char *iv, c, cc;
334
335 iv = (unsigned char *)ivec;
336 if (encrypt) {
337 while (l--) {
338 if (n == 0) {
339 c2l(iv, v0);
340 ti[0] = v0;
341 c2l(iv, v1);
342 ti[1] = v1;
343 RC2_encrypt((unsigned long *)ti, schedule);
344 iv = (unsigned char *)ivec;
345 t = ti[0];
346 l2c(t, iv);
347 t = ti[1];
348 l2c(t, iv);
349 iv = (unsigned char *)ivec;
350 }
351 c = *(in++) ^ iv[n];
352 *(out++) = c;
353 iv[n] = c;
354 n = (n + 1) & 0x07;
355 }
356 } else {
357 while (l--) {
358 if (n == 0) {
359 c2l(iv, v0);
360 ti[0] = v0;
361 c2l(iv, v1);
362 ti[1] = v1;
363 RC2_encrypt((unsigned long *)ti, schedule);
364 iv = (unsigned char *)ivec;
365 t = ti[0];
366 l2c(t, iv);
367 t = ti[1];
368 l2c(t, iv);
369 iv = (unsigned char *)ivec;
370 }
371 cc = *(in++);
372 c = iv[n];
373 iv[n] = cc;
374 *(out++) = c ^ cc;
375 n = (n + 1) & 0x07;
376 }
377 }
378 v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
379 *num = n;
380}
381LCRYPTO_ALIAS(RC2_cfb64_encrypt);
382
383/* RC2 as implemented frm a posting from
384 * Newsgroups: sci.crypt
385 * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
386 * Subject: Specification for Ron Rivests Cipher No.2
387 * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
388 * Date: 11 Feb 1996 06:45:03 GMT
389 */
390void
391RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
392 int encrypt)
393{
394 unsigned long l, d[2];
395
396 c2l(in, l);
397 d[0] = l;
398 c2l(in, l);
399 d[1] = l;
400 if (encrypt)
401 RC2_encrypt(d, ks);
402 else
403 RC2_decrypt(d, ks);
404 l = d[0];
405 l2c(l, out);
406 l = d[1];
407 l2c(l, out);
408 l = d[0] = d[1] = 0;
409}
410LCRYPTO_ALIAS(RC2_ecb_encrypt);
411
412/* The input and output encrypted as though 64bit ofb mode is being
413 * used. The extra state information to record how much of the
414 * 64bit block we have used is contained in *num;
415 */
416void
417RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
418 long length, RC2_KEY *schedule, unsigned char *ivec,
419 int *num)
420{
421 unsigned long v0, v1, t;
422 int n = *num;
423 long l = length;
424 unsigned char d[8];
425 char *dp;
426 unsigned long ti[2];
427 unsigned char *iv;
428 int save = 0;
429
430 iv = (unsigned char *)ivec;
431 c2l(iv, v0);
432 c2l(iv, v1);
433 ti[0] = v0;
434 ti[1] = v1;
435 dp = (char *)d;
436 l2c(v0, dp);
437 l2c(v1, dp);
438 while (l--) {
439 if (n == 0) {
440 RC2_encrypt((unsigned long *)ti, schedule);
441 dp = (char *)d;
442 t = ti[0];
443 l2c(t, dp);
444 t = ti[1];
445 l2c(t, dp);
446 save++;
447 }
448 *(out++) = *(in++) ^ d[n];
449 n = (n + 1) & 0x07;
450 }
451 if (save) {
452 v0 = ti[0];
453 v1 = ti[1];
454 iv = (unsigned char *)ivec;
455 l2c(v0, iv);
456 l2c(v1, iv);
457 }
458 t = v0 = v1 = ti[0] = ti[1] = 0;
459 *num = n;
460}
461LCRYPTO_ALIAS(RC2_ofb64_encrypt);
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h
index 96e395f32d..ead308cf51 100644
--- a/src/lib/libcrypto/rc2/rc2.h
+++ b/src/lib/libcrypto/rc2/rc2.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: rc2.h,v 1.13 2025/01/25 17:59:44 tb Exp $ */ 1/* $OpenBSD: rc2.h,v 1.14 2025/06/09 14:37:49 tb Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,7 +59,12 @@
59#ifndef HEADER_RC2_H 59#ifndef HEADER_RC2_H
60#define HEADER_RC2_H 60#define HEADER_RC2_H
61 61
62#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */ 62#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2 */
63
64#ifndef RC2_INT
65/* XXX - typedef */
66#define RC2_INT unsigned int
67#endif
63 68
64#define RC2_ENCRYPT 1 69#define RC2_ENCRYPT 1
65#define RC2_DECRYPT 0 70#define RC2_DECRYPT 0
diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c
deleted file mode 100644
index 6a3c8098eb..0000000000
--- a/src/lib/libcrypto/rc2/rc2_ecb.c
+++ /dev/null
@@ -1,91 +0,0 @@
1/* $OpenBSD: rc2_ecb.c,v 1.9 2023/07/07 13:40:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/rc2.h>
60#include "rc2_local.h"
61#include <openssl/opensslv.h>
62
63/* RC2 as implemented frm a posting from
64 * Newsgroups: sci.crypt
65 * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
66 * Subject: Specification for Ron Rivests Cipher No.2
67 * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
68 * Date: 11 Feb 1996 06:45:03 GMT
69 */
70
71void
72RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
73 int encrypt)
74{
75 unsigned long l, d[2];
76
77 c2l(in, l);
78 d[0] = l;
79 c2l(in, l);
80 d[1] = l;
81 if (encrypt)
82 RC2_encrypt(d, ks);
83 else
84 RC2_decrypt(d, ks);
85 l = d[0];
86 l2c(l, out);
87 l = d[1];
88 l2c(l, out);
89 l = d[0] = d[1] = 0;
90}
91LCRYPTO_ALIAS(RC2_ecb_encrypt);
diff --git a/src/lib/libcrypto/rc2/rc2_local.h b/src/lib/libcrypto/rc2/rc2_local.h
index dd5598760e..885b17aa5e 100644
--- a/src/lib/libcrypto/rc2/rc2_local.h
+++ b/src/lib/libcrypto/rc2/rc2_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: rc2_local.h,v 1.3 2024/03/29 05:03:48 jsing Exp $ */ 1/* $OpenBSD: rc2_local.h,v 1.4 2025/11/26 10:19:57 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,6 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifndef HEADER_RC2_LOCAL_H
60#define HEADER_RC2_LOCAL_H
61
59#undef c2l 62#undef c2l
60#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ 63#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
61 l|=((unsigned long)(*((c)++)))<< 8L, \ 64 l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -110,3 +113,5 @@
110 x2=(t<<3)|(t>>13); \ 113 x2=(t<<3)|(t>>13); \
111 t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ 114 t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
112 x3=(t<<5)|(t>>11); 115 x3=(t<<5)|(t>>11);
116
117#endif /* HEADER_RC2_LOCAL_H */
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
deleted file mode 100644
index d33c02da8c..0000000000
--- a/src/lib/libcrypto/rc2/rc2_skey.c
+++ /dev/null
@@ -1,142 +0,0 @@
1/* $OpenBSD: rc2_skey.c,v 1.15 2023/07/07 13:40:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/crypto.h>
60#include <openssl/rc2.h>
61#include "rc2_local.h"
62
63static const unsigned char key_table[256]={
64 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
65 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
66 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
67 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
68 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
69 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
70 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
71 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
72 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
73 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
74 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
75 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
76 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
77 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
78 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
79 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
80 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
81 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
82 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
83 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
84 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
85 0xfe,0x7f,0xc1,0xad,
86 };
87
88/* It has come to my attention that there are 2 versions of the RC2
89 * key schedule. One which is normal, and anther which has a hook to
90 * use a reduced key length.
91 * BSAFE uses the 'retarded' version. What I previously shipped is
92 * the same as specifying 1024 for the 'bits' parameter. Bsafe uses
93 * a version where the bits parameter is the same as len*8 */
94void
95RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
96{
97 int i, j;
98 unsigned char *k;
99 RC2_INT *ki;
100 unsigned int c, d;
101
102 k = (unsigned char *)&(key->data[0]);
103 *k = 0; /* for if there is a zero length key */
104
105 if (len > 128)
106 len = 128;
107 if (bits <= 0)
108 bits = 1024;
109 if (bits > 1024)
110 bits = 1024;
111
112 for (i = 0; i < len; i++)
113 k[i] = data[i];
114
115 /* expand table */
116 d = k[len - 1];
117 j = 0;
118 for (i = len; i < 128; i++, j++)
119 {
120 d = key_table[(k[j] + d) & 0xff];
121 k[i] = d;
122 }
123
124 /* hmm.... key reduction to 'bits' bits */
125
126 j = (bits + 7) >> 3;
127 i = 128 - j;
128 c = (0xff >> (-bits & 0x07));
129
130 d = key_table[k[i] & c];
131 k[i] = d;
132 while (i--) {
133 d = key_table[k[i + j] ^ d];
134 k[i] = d;
135 }
136
137 /* copy from bytes into RC2_INT's */
138 ki = &(key->data[63]);
139 for (i = 127; i >= 0; i -= 2)
140 *(ki--) = ((k[i] << 8)|k[i - 1]) & 0xffff;
141}
142LCRYPTO_ALIAS(RC2_set_key);
diff --git a/src/lib/libcrypto/rc2/rc2cfb64.c b/src/lib/libcrypto/rc2/rc2cfb64.c
deleted file mode 100644
index 21266c430b..0000000000
--- a/src/lib/libcrypto/rc2/rc2cfb64.c
+++ /dev/null
@@ -1,124 +0,0 @@
1/* $OpenBSD: rc2cfb64.c,v 1.8 2023/07/07 13:40:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/rc2.h>
60#include "rc2_local.h"
61
62/* The input and output encrypted as though 64bit cfb mode is being
63 * used. The extra state information to record how much of the
64 * 64bit block we have used is contained in *num;
65 */
66
67void
68RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
69 long length, RC2_KEY *schedule, unsigned char *ivec,
70 int *num, int encrypt)
71{
72 unsigned long v0, v1, t;
73 int n = *num;
74 long l = length;
75 unsigned long ti[2];
76 unsigned char *iv, c, cc;
77
78 iv = (unsigned char *)ivec;
79 if (encrypt) {
80 while (l--) {
81 if (n == 0) {
82 c2l(iv, v0);
83 ti[0] = v0;
84 c2l(iv, v1);
85 ti[1] = v1;
86 RC2_encrypt((unsigned long *)ti, schedule);
87 iv = (unsigned char *)ivec;
88 t = ti[0];
89 l2c(t, iv);
90 t = ti[1];
91 l2c(t, iv);
92 iv = (unsigned char *)ivec;
93 }
94 c = *(in++) ^ iv[n];
95 *(out++) = c;
96 iv[n] = c;
97 n = (n + 1) & 0x07;
98 }
99 } else {
100 while (l--) {
101 if (n == 0) {
102 c2l(iv, v0);
103 ti[0] = v0;
104 c2l(iv, v1);
105 ti[1] = v1;
106 RC2_encrypt((unsigned long *)ti, schedule);
107 iv = (unsigned char *)ivec;
108 t = ti[0];
109 l2c(t, iv);
110 t = ti[1];
111 l2c(t, iv);
112 iv = (unsigned char *)ivec;
113 }
114 cc = *(in++);
115 c = iv[n];
116 iv[n] = cc;
117 *(out++) = c ^ cc;
118 n = (n + 1) & 0x07;
119 }
120 }
121 v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
122 *num = n;
123}
124LCRYPTO_ALIAS(RC2_cfb64_encrypt);
diff --git a/src/lib/libcrypto/rc2/rc2ofb64.c b/src/lib/libcrypto/rc2/rc2ofb64.c
deleted file mode 100644
index 73d8323e92..0000000000
--- a/src/lib/libcrypto/rc2/rc2ofb64.c
+++ /dev/null
@@ -1,111 +0,0 @@
1/* $OpenBSD: rc2ofb64.c,v 1.8 2023/07/07 13:40:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/rc2.h>
60#include "rc2_local.h"
61
62/* The input and output encrypted as though 64bit ofb mode is being
63 * used. The extra state information to record how much of the
64 * 64bit block we have used is contained in *num;
65 */
66void
67RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
68 long length, RC2_KEY *schedule, unsigned char *ivec,
69 int *num)
70{
71 unsigned long v0, v1, t;
72 int n = *num;
73 long l = length;
74 unsigned char d[8];
75 char *dp;
76 unsigned long ti[2];
77 unsigned char *iv;
78 int save = 0;
79
80 iv = (unsigned char *)ivec;
81 c2l(iv, v0);
82 c2l(iv, v1);
83 ti[0] = v0;
84 ti[1] = v1;
85 dp = (char *)d;
86 l2c(v0, dp);
87 l2c(v1, dp);
88 while (l--) {
89 if (n == 0) {
90 RC2_encrypt((unsigned long *)ti, schedule);
91 dp = (char *)d;
92 t = ti[0];
93 l2c(t, dp);
94 t = ti[1];
95 l2c(t, dp);
96 save++;
97 }
98 *(out++) = *(in++) ^ d[n];
99 n = (n + 1) & 0x07;
100 }
101 if (save) {
102 v0 = ti[0];
103 v1 = ti[1];
104 iv = (unsigned char *)ivec;
105 l2c(v0, iv);
106 l2c(v1, iv);
107 }
108 t = v0 = v1 = ti[0] = ti[1] = 0;
109 *num = n;
110}
111LCRYPTO_ALIAS(RC2_ofb64_encrypt);
diff --git a/src/lib/libcrypto/rc2/rrc2.doc b/src/lib/libcrypto/rc2/rrc2.doc
deleted file mode 100644
index f93ee003d2..0000000000
--- a/src/lib/libcrypto/rc2/rrc2.doc
+++ /dev/null
@@ -1,219 +0,0 @@
1>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
2Article 23601 of sci.crypt:
3Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
4>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
5Newsgroups: sci.crypt
6Subject: Specification for Ron Rivests Cipher No.2
7Date: 11 Feb 1996 06:45:03 GMT
8Organization: University of Auckland
9Lines: 203
10Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
11Message-ID: <4fk39f$f70@net.auckland.ac.nz>
12NNTP-Posting-Host: cs26.cs.auckland.ac.nz
13X-Newsreader: NN version 6.5.0 #3 (NOV)
14
15
16
17
18 Ron Rivest's Cipher No.2
19 ------------------------
20
21Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
22refer to it by other names) is word oriented, operating on a block of 64 bits
23divided into four 16-bit words, with a key table of 64 words. All data units
24are little-endian. This functional description of the algorithm is based in
25the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
26the same general layout, terminology, and pseudocode style.
27
28
29Notation and RRC.2 Primitive Operations
30
31RRC.2 uses the following primitive operations:
32
331. Two's-complement addition of words, denoted by "+". The inverse operation,
34 subtraction, is denoted by "-".
352. Bitwise exclusive OR, denoted by "^".
363. Bitwise AND, denoted by "&".
374. Bitwise NOT, denoted by "~".
385. A left-rotation of words; the rotation of word x left by y is denoted
39 x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
40
41These operations are directly and efficiently supported by most processors.
42
43
44The RRC.2 Algorithm
45
46RRC.2 consists of three components, a *key expansion* algorithm, an
47*encryption* algorithm, and a *decryption* algorithm.
48
49
50Key Expansion
51
52The purpose of the key-expansion routine is to expand the user's key K to fill
53the expanded key array S, so S resembles an array of random binary words
54determined by the user's secret key K.
55
56Initialising the S-box
57
58RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
59Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
60cryptography by enough time that there should be no concerns about trapdoors
61hidden in the data. They have been published widely, and the S-box can be
62easily recreated from the one-time pad values and the Beale Cipher data taken
63from a standard source. To initialise the S-box:
64
65 for i = 0 to 255 do
66 sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
67
68The contents of Beale Cipher No.1 and the necessary one-time pad are given as
69an appendix at the end of this document. For efficiency, implementors may wish
70to skip the Beale Cipher expansion and store the sBox table directly.
71
72Expanding the Secret Key to 128 Bytes
73
74The secret key is first expanded to fill 128 bytes (64 words). The expansion
75consists of taking the sum of the first and last bytes in the user key, looking
76up the sum (modulo 256) in the S-box, and appending the result to the key. The
77operation is repeated with the second byte and new last byte of the key until
78all 128 bytes have been generated. Note that the following pseudocode treats
79the S array as an array of 128 bytes rather than 64 words.
80
81 for j = 0 to length-1 do
82 S[ j ] = K[ j ]
83 for j = length to 127 do
84 s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
85
86At this point it is possible to perform a truncation of the effective key
87length to ease the creation of espionage-enabled software products. However
88since the author cannot conceive why anyone would want to do this, it will not
89be considered further.
90
91The final phase of the key expansion involves replacing the first byte of S
92with the entry selected from the S-box:
93
94 S[ 0 ] = sBox[ S[ 0 ] ]
95
96
97Encryption
98
99The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
100rounds perform an additional transformation on the data. Note that the
101following pseudocode treats the S array as an array of 64 words rather than 128
102bytes.
103
104 for i = 0 to 15 do
105 j = i * 4;
106 word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
107 word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
108 word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
109 word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
110
111In addition the fifth and eleventh rounds add the contents of the S-box indexed
112by one of the data words to another of the data words following the four
113subrounds as follows:
114
115 word0 = word0 + S[ word3 & 63 ];
116 word1 = word1 + S[ word0 & 63 ];
117 word2 = word2 + S[ word1 & 63 ];
118 word3 = word3 + S[ word2 & 63 ];
119
120
121Decryption
122
123The decryption operation is simply the inverse of the encryption operation.
124Note that the following pseudocode treats the S array as an array of 64 words
125rather than 128 bytes.
126
127 for i = 15 downto 0 do
128 j = i * 4;
129 word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
130 word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
131 word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
132 word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
133
134In addition the fifth and eleventh rounds subtract the contents of the S-box
135indexed by one of the data words from another one of the data words following
136the four subrounds as follows:
137
138 word3 = word3 - S[ word2 & 63 ]
139 word2 = word2 - S[ word1 & 63 ]
140 word1 = word1 - S[ word0 & 63 ]
141 word0 = word0 - S[ word3 & 63 ]
142
143
144Test Vectors
145
146The following test vectors may be used to test the correctness of an RRC.2
147implementation:
148
149 Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
150 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
151 Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
152 Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
153
154 Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
155 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
156 Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
157 Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
158
159 Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
161 Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
162 Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
163
164 Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
165 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
166 Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
167 Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
168
169
170Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
171 Creating the S-Box
172
173Beale Cipher No.1.
174
175 71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
176 84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
177 126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
178 124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
179 145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
180 130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
181 280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
182 134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
183 160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
184 103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
185 36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
186 136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
187 122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
188 93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
189 2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
190 623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
191
192One-time Pad.
193
194 158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
195 146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
196 105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
197 193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
198 197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
199 144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
200 119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
201 126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
202 168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
203 241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
204 230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
205 17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
206 87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
207 142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
208 15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
209 170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
210
211
212Implementation
213
214A non-US based programmer who has never seen any encryption code before will
215shortly be implementing RRC.2 based solely on this specification and not on
216knowledge of any other encryption algorithms. Stand by.
217
218
219
diff --git a/src/lib/libcrypto/rc2/version b/src/lib/libcrypto/rc2/version
deleted file mode 100644
index 8ca161a613..0000000000
--- a/src/lib/libcrypto/rc2/version
+++ /dev/null
@@ -1,22 +0,0 @@
11.1 23/08/96 - eay
2 Changed RC2_set_key() so it now takes another argument. Many
3 thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
4 clarification and original specification of RC2. BSAFE uses
5 this last parameter, 'bits'. It the key is 128 bits, BSAFE
6 also sets this parameter to 128. The old behaviour can be
7 duplicated by setting this parameter to 1024.
8
91.0 08/04/96 - eay
10 First version of SSLeay with rc2. This has been written from the spec
11 posted sci.crypt. It is in this directory under rrc2.doc
12 I have no test values for any mode other than ecb, my wrappers for the
13 other modes should be ok since they are basically the same as
14 the ones taken from idea and des :-). I have implemented them as
15 little-endian operators.
16 While rc2 is included because it is used with SSL, I don't know how
17 far I trust it. It is about the same speed as IDEA and DES.
18 So if you are paranoid, used Triple DES, else IDEA. If RC2
19 does get used more, perhaps more people will look for weaknesses in
20 it.
21
22
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-13 20:02:53 +0000