7 files changed, 99 insertions, 34 deletions
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl
index d6e98f0811..ef7eee766c 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-586.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl
@@ -200,22 +200,23 @@ sub RC4
        &lea    ($ty,&DWP(0,$in,$ty));
        &mov    (&swtmp(2),$ty);
+        &movz   ($tx,&BP(0,$d,$x));
        # strangely enough unrolled loop performs over 20% slower...
        &set_label("RC4_CHAR_loop");
-                &movz   ($tx,&BP(0,$d,$x));
                &add    (&LB($y),&LB($tx));
                &movz   ($ty,&BP(0,$d,$y));
                &movb   (&BP(0,$d,$y),&LB($tx));
                &movb   (&BP(0,$d,$x),&LB($ty));
                &add    (&LB($ty),&LB($tx));
                &movz   ($ty,&BP(0,$d,$ty));
+                &add    (&LB($x),1);
                &xorb   (&LB($ty),&BP(0,$in));
-                &movb   (&BP(0,$out),&LB($ty));
+                &lea    ($in,&DWP(1,$in));
-                &inc    (&LB($x));
+                &movz   ($tx,&BP(0,$d,$x));
-                &inc    ($in);
-                &inc    ($out);
                &cmp    ($in,&swtmp(2));
+                &movb   (&BP(0,$out),&LB($ty));
+                &lea    ($out,&DWP(1,$out));
        &jb     (&label("RC4_CHAR_loop"));
        &set_label("finished");
diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c
index b39c070292..c900b26055 100644
--- a/src/lib/libcrypto/rc4/rc4.c
+++ b/src/lib/libcrypto/rc4/rc4.c
@@ -60,6 +60,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/rc4.h>
+#include <openssl/evp.h>
 char *usage[]={
 "usage: rc4 args\n",
@@ -162,7 +163,7 @@ bad:
                keystr=buf;
                }
-        EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
+        EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL);
        OPENSSL_cleanse(keystr,strlen(keystr));
        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
        
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
index ae0cea75b8..7aec04fe93 100644
--- a/src/lib/libcrypto/rc4/rc4.h
+++ b/src/lib/libcrypto/rc4/rc4.h
@@ -59,12 +59,11 @@
 #ifndef HEADER_RC4_H
 #define HEADER_RC4_H
+#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */
 #ifdef OPENSSL_NO_RC4
 #error RC4 is disabled.
 #endif
-#include <openssl/opensslconf.h> /* RC4_INT */
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -77,9 +76,6 @@ typedef struct rc4_key_st
 
 const char *RC4_options(void);
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-#endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                unsigned char *outdata);
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
index d5f18a3a70..0660ea60a2 100644
--- a/src/lib/libcrypto/rc4/rc4_enc.c
+++ b/src/lib/libcrypto/rc4/rc4_enc.c
@@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                if (!is_endian.little)
                        {       /* BIG-ENDIAN CASE */
 # define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
+                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP<<BESHFT(0);
@@ -210,7 +210,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                else
                        {       /* LITTLE-ENDIAN CASE */
 # define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
+                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP;
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
index 60510624fd..46b77ec321 100644
--- a/src/lib/libcrypto/rc4/rc4_skey.c
+++ b/src/lib/libcrypto/rc4/rc4_skey.c
@@ -57,12 +57,10 @@
 */
 #include <openssl/rc4.h>
-#include <openssl/crypto.h>
-#include <openssl/fips.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
-const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
+const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
 const char *RC4_options(void)
        {
@@ -87,7 +85,7 @@ const char *RC4_options(void)
 * Date: Wed, 14 Sep 1994 06:35:31 GMT
 */
-FIPS_NON_FIPS_VCIPHER_Init(RC4)
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
        {
        register RC4_INT tmp;
        register int id1,id2;
@@ -95,26 +93,59 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
        unsigned int i;
        
        d= &(key->data[0]);
-        for (i=0; i<256; i++)
-                d[i]=i;
        key->x = 0;     
        key->y = 0;     
        id1=id2=0;     
-#define SK_LOOP(n) { \
+#define SK_LOOP(d,n) { \
                tmp=d[(n)]; \
                id2 = (data[id1] + tmp + id2) & 0xff; \
                if (++id1 == len) id1=0; \
                d[(n)]=d[id2]; \
                d[id2]=tmp; }
+#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
+# if    defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__INTEL__) || \
+        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
+        if (sizeof(RC4_INT) > 1) {
+                /*
+                 * Unlike all other x86 [and x86_64] implementations,
+                 * Intel P4 core [including EM64T] was found to perform
+                 * poorly with wider RC4_INT. Performance improvement
+                 * for IA-32 hand-coded assembler turned out to be 2.8x
+                 * if re-coded for RC4_CHAR! It's however inappropriate
+                 * to just switch to RC4_CHAR for x86[_64], as non-P4
+                 * implementations suffer from significant performance
+                 * losses then, e.g. PIII exhibits >2x deterioration,
+                 * and so does Opteron. In order to assure optimal
+                 * all-round performance, we detect P4 at run-time by
+                 * checking upon reserved bit 20 in CPU capability
+                 * vector and set up compressed key schedule, which is
+                 * recognized by correspondingly updated assembler
+                 * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
+                 *
+                 *                              <appro@fy.chalmers.se>
+                 */
+                if (OPENSSL_ia32cap_P & (1<<20)) {
+                        unsigned char *cp=(unsigned char *)d;
+                        for (i=0;i<256;i++) cp[i]=i;
+                        for (i=0;i<256;i++) SK_LOOP(cp,i);
+                        /* mark schedule as compressed! */
+                        d[256/sizeof(RC4_INT)]=-1;
+                        return;
+                }
+        }
+# endif
+#endif
+        for (i=0; i < 256; i++) d[i]=i;
        for (i=0; i < 256; i+=4)
                {
-                SK_LOOP(i+0);
+                SK_LOOP(d,i+0);
-                SK_LOOP(i+1);
+                SK_LOOP(d,i+1);
-                SK_LOOP(i+2);
+                SK_LOOP(d,i+2);
-                SK_LOOP(i+3);
+                SK_LOOP(d,i+3);
                }
        }
    
diff --git a/src/lib/libcrypto/rc4/rc4speed.c b/src/lib/libcrypto/rc4/rc4speed.c
index ced98c52df..0ebd38123d 100644
--- a/src/lib/libcrypto/rc4/rc4speed.c
+++ b/src/lib/libcrypto/rc4/rc4speed.c
@@ -69,7 +69,10 @@
 #include OPENSSL_UNISTD_IO
 OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
 #include <signal.h>
+#endif
 #ifndef _IRIX
 #include <time.h>
 #endif
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
index b9d8f20975..54b597fa26 100644
--- a/src/lib/libcrypto/rc4/rc4test.c
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -70,6 +70,7 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/rc4.h>
+#include <openssl/sha.h>
 static unsigned char keys[7][30]={
        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
@@ -113,13 +114,11 @@ static unsigned char output[7][30]={
 int main(int argc, char *argv[])
        {
-        int i,err=0;
+        int err=0;
-        int j;
+        unsigned int i, j;
        unsigned char *p;
        RC4_KEY key;
-        unsigned char buf[512],obuf[512];
+        unsigned char obuf[512];
-        for (i=0; i<512; i++) buf[i]=0x01;
        for (i=0; i<6; i++)
                {
@@ -130,12 +129,12 @@ int main(int argc, char *argv[])
                        {
                        printf("error calculating RC4\n");
                        printf("output:");
-                        for (j=0; j<data_len[i]+1; j++)
+                        for (j=0; j<data_len[i]+1U; j++)
                                printf(" %02x",obuf[j]);
                        printf("\n");
                        printf("expect:");
                        p= &(output[i][0]);
-                        for (j=0; j<data_len[i]+1; j++)
+                        for (j=0; j<data_len[i]+1U; j++)
                                printf(" %02x",*(p++));
                        printf("\n");
                        err++;
@@ -181,12 +180,12 @@ int main(int argc, char *argv[])
                        {
                        printf("error in RC4 multi-call processing\n");
                        printf("output:");
-                        for (j=0; j<data_len[3]+1; j++)
+                        for (j=0; j<data_len[3]+1U; j++)
                                printf(" %02x",obuf[j]);
                        printf("\n");
                        printf("expect:");
                        p= &(output[3][0]);
-                        for (j=0; j<data_len[3]+1; j++)
+                        for (j=0; j<data_len[3]+1U; j++)
                                printf(" %02x",*(p++));
                        err++;
                        }
@@ -197,6 +196,40 @@ int main(int argc, char *argv[])
                        }
                }
        printf("done\n");
+        printf("bulk test ");
+        {   unsigned char buf[513];
+            SHA_CTX c;
+            unsigned char md[SHA_DIGEST_LENGTH];
+            static unsigned char expected[]={
+                0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
+                0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
+                RC4_set_key(&key,keys[0][0],&(keys[3][1]));
+                memset(buf,'\0',sizeof(buf));
+                SHA1_Init(&c);
+                for (i=0;i<2571;i++) {
+                        RC4(&key,sizeof(buf),buf,buf);
+                        SHA1_Update(&c,buf,sizeof(buf));
+                }
+                SHA1_Final(md,&c);
+                if (memcmp(md,expected,sizeof(md))) {
+                        printf("error in RC4 bulk test\n");
+                        printf("output:");
+                        for (j=0; j<sizeof(md); j++)
+                                printf(" %02x",md[j]);
+                        printf("\n");
+                        printf("expect:");
+                        for (j=0; j<sizeof(md); j++)
+                                printf(" %02x",expected[j]);
+                        printf("\n");
+                        err++;
+                }
+                else    printf("ok\n");
+        }
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
        EXIT(err);
        return(0);
        }