summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/des
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/des/des.c1022
-rw-r--r--src/lib/libcrypto/des/des.h206
-rw-r--r--src/lib/libcrypto/des/des_cksum.c173
-rw-r--r--src/lib/libcrypto/des/des_enc.c611
-rw-r--r--src/lib/libcrypto/des/des_fcrypt.c254
-rw-r--r--src/lib/libcrypto/des/des_key.c523
-rw-r--r--src/lib/libcrypto/des/des_local.h226
7 files changed, 0 insertions, 3015 deletions
diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c
deleted file mode 100644
index 113fc4b9f9..0000000000
--- a/src/lib/libcrypto/des/des.c
+++ /dev/null
@@ -1,1022 +0,0 @@
1/* $OpenBSD: des.c,v 1.9 2024/08/31 15:56:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <endian.h>
60
61#include <openssl/opensslconf.h>
62
63#include "des_local.h"
64
65void
66DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
67 DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
68{
69 DES_LONG tin0, tin1;
70 DES_LONG tout0, tout1, xor0, xor1;
71 long l = length;
72 DES_LONG tin[2];
73 unsigned char *iv;
74
75 iv = &(*ivec)[0];
76
77 if (enc) {
78 c2l(iv, tout0);
79 c2l(iv, tout1);
80 for (l -= 8; l >= 0; l -= 8) {
81 c2l(in, tin0);
82 c2l(in, tin1);
83 tin0 ^= tout0;
84 tin[0] = tin0;
85 tin1 ^= tout1;
86 tin[1] = tin1;
87 DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
88 tout0 = tin[0];
89 l2c(tout0, out);
90 tout1 = tin[1];
91 l2c(tout1, out);
92 }
93 if (l != -8) {
94 c2ln(in, tin0, tin1, l + 8);
95 tin0 ^= tout0;
96 tin[0] = tin0;
97 tin1 ^= tout1;
98 tin[1] = tin1;
99 DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
100 tout0 = tin[0];
101 l2c(tout0, out);
102 tout1 = tin[1];
103 l2c(tout1, out);
104 }
105 } else {
106 c2l(iv, xor0);
107 c2l(iv, xor1);
108 for (l -= 8; l >= 0; l -= 8) {
109 c2l(in, tin0);
110 tin[0] = tin0;
111 c2l(in, tin1);
112 tin[1] = tin1;
113 DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
114 tout0 = tin[0] ^ xor0;
115 tout1 = tin[1] ^ xor1;
116 l2c(tout0, out);
117 l2c(tout1, out);
118 xor0 = tin0;
119 xor1 = tin1;
120 }
121 if (l != -8) {
122 c2l(in, tin0);
123 tin[0] = tin0;
124 c2l(in, tin1);
125 tin[1] = tin1;
126 DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
127 tout0 = tin[0] ^ xor0;
128 tout1 = tin[1] ^ xor1;
129 l2cn(tout0, tout1, out, l + 8);
130 }
131 }
132 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
133 tin[0] = tin[1] = 0;
134}
135LCRYPTO_ALIAS(DES_cbc_encrypt);
136
137/* The input and output encrypted as though 64bit cfb mode is being
138 * used. The extra state information to record how much of the
139 * 64bit block we have used is contained in *num;
140 */
141
142void
143DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
144 long length, DES_key_schedule *ks1,
145 DES_key_schedule *ks2, DES_key_schedule *ks3,
146 DES_cblock *ivec, int *num, int enc)
147{
148 DES_LONG v0, v1;
149 long l = length;
150 int n = *num;
151 DES_LONG ti[2];
152 unsigned char *iv, c, cc;
153
154 iv = &(*ivec)[0];
155 if (enc) {
156 while (l--) {
157 if (n == 0) {
158 c2l(iv, v0);
159 c2l(iv, v1);
160
161 ti[0] = v0;
162 ti[1] = v1;
163 DES_encrypt3(ti, ks1, ks2, ks3);
164 v0 = ti[0];
165 v1 = ti[1];
166
167 iv = &(*ivec)[0];
168 l2c(v0, iv);
169 l2c(v1, iv);
170 iv = &(*ivec)[0];
171 }
172 c = *(in++) ^ iv[n];
173 *(out++) = c;
174 iv[n] = c;
175 n = (n + 1) & 0x07;
176 }
177 } else {
178 while (l--) {
179 if (n == 0) {
180 c2l(iv, v0);
181 c2l(iv, v1);
182
183 ti[0] = v0;
184 ti[1] = v1;
185 DES_encrypt3(ti, ks1, ks2, ks3);
186 v0 = ti[0];
187 v1 = ti[1];
188
189 iv = &(*ivec)[0];
190 l2c(v0, iv);
191 l2c(v1, iv);
192 iv = &(*ivec)[0];
193 }
194 cc = *(in++);
195 c = iv[n];
196 iv[n] = cc;
197 *(out++) = c ^ cc;
198 n = (n + 1) & 0x07;
199 }
200 }
201 v0 = v1 = ti[0] = ti[1] = c = cc = 0;
202 *num = n;
203}
204LCRYPTO_ALIAS(DES_ede3_cfb64_encrypt);
205
206/* This is compatible with the single key CFB-r for DES, even thought that's
207 * not what EVP needs.
208 */
209
210void
211DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
212 int numbits, long length, DES_key_schedule *ks1,
213 DES_key_schedule *ks2, DES_key_schedule *ks3,
214 DES_cblock *ivec, int enc)
215{
216 DES_LONG d0, d1, v0, v1;
217 unsigned long l = length, n = ((unsigned int)numbits + 7)/8;
218 int num = numbits, i;
219 DES_LONG ti[2];
220 unsigned char *iv;
221 unsigned char ovec[16];
222
223 if (num > 64)
224 return;
225 iv = &(*ivec)[0];
226 c2l(iv, v0);
227 c2l(iv, v1);
228 if (enc) {
229 while (l >= n) {
230 l -= n;
231 ti[0] = v0;
232 ti[1] = v1;
233 DES_encrypt3(ti, ks1, ks2, ks3);
234 c2ln(in, d0, d1, n);
235 in += n;
236 d0 ^= ti[0];
237 d1 ^= ti[1];
238 l2cn(d0, d1, out, n);
239 out += n;
240 /* 30-08-94 - eay - changed because l>>32 and
241 * l<<32 are bad under gcc :-( */
242 if (num == 32) {
243 v0 = v1;
244 v1 = d0;
245 } else if (num == 64) {
246 v0 = d0;
247 v1 = d1;
248 } else {
249 iv = &ovec[0];
250 l2c(v0, iv);
251 l2c(v1, iv);
252 l2c(d0, iv);
253 l2c(d1, iv);
254 /* shift ovec left most of the bits... */
255 memmove(ovec, ovec + num/8,
256 8 + (num % 8 ? 1 : 0));
257 /* now the remaining bits */
258 if (num % 8 != 0) {
259 for (i = 0; i < 8; ++i) {
260 ovec[i] <<= num % 8;
261 ovec[i] |= ovec[i + 1] >>
262 (8 - num % 8);
263 }
264 }
265 iv = &ovec[0];
266 c2l(iv, v0);
267 c2l(iv, v1);
268 }
269 }
270 } else {
271 while (l >= n) {
272 l -= n;
273 ti[0] = v0;
274 ti[1] = v1;
275 DES_encrypt3(ti, ks1, ks2, ks3);
276 c2ln(in, d0, d1, n);
277 in += n;
278 /* 30-08-94 - eay - changed because l>>32 and
279 * l<<32 are bad under gcc :-( */
280 if (num == 32) {
281 v0 = v1;
282 v1 = d0;
283 } else if (num == 64) {
284 v0 = d0;
285 v1 = d1;
286 } else {
287 iv = &ovec[0];
288 l2c(v0, iv);
289 l2c(v1, iv);
290 l2c(d0, iv);
291 l2c(d1, iv);
292 /* shift ovec left most of the bits... */
293 memmove(ovec, ovec + num/8,
294 8 + (num % 8 ? 1 : 0));
295 /* now the remaining bits */
296 if (num % 8 != 0) {
297 for (i = 0; i < 8; ++i) {
298 ovec[i] <<= num % 8;
299 ovec[i] |= ovec[i + 1] >>
300 (8 - num % 8);
301 }
302 }
303 iv = &ovec[0];
304 c2l(iv, v0);
305 c2l(iv, v1);
306 }
307 d0 ^= ti[0];
308 d1 ^= ti[1];
309 l2cn(d0, d1, out, n);
310 out += n;
311 }
312 }
313 iv = &(*ivec)[0];
314 l2c(v0, iv);
315 l2c(v1, iv);
316 v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
317}
318LCRYPTO_ALIAS(DES_ede3_cfb_encrypt);
319
320/* The input and output encrypted as though 64bit cfb mode is being
321 * used. The extra state information to record how much of the
322 * 64bit block we have used is contained in *num;
323 */
324
325void
326DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
327 long length, DES_key_schedule *schedule,
328 DES_cblock *ivec, int *num, int enc)
329{
330 DES_LONG v0, v1;
331 long l = length;
332 int n = *num;
333 DES_LONG ti[2];
334 unsigned char *iv, c, cc;
335
336 iv = &(*ivec)[0];
337 if (enc) {
338 while (l--) {
339 if (n == 0) {
340 c2l(iv, v0);
341 ti[0] = v0;
342 c2l(iv, v1);
343 ti[1] = v1;
344 DES_encrypt1(ti, schedule, DES_ENCRYPT);
345 iv = &(*ivec)[0];
346 v0 = ti[0];
347 l2c(v0, iv);
348 v0 = ti[1];
349 l2c(v0, iv);
350 iv = &(*ivec)[0];
351 }
352 c = *(in++) ^ iv[n];
353 *(out++) = c;
354 iv[n] = c;
355 n = (n + 1) & 0x07;
356 }
357 } else {
358 while (l--) {
359 if (n == 0) {
360 c2l(iv, v0);
361 ti[0] = v0;
362 c2l(iv, v1);
363 ti[1] = v1;
364 DES_encrypt1(ti, schedule, DES_ENCRYPT);
365 iv = &(*ivec)[0];
366 v0 = ti[0];
367 l2c(v0, iv);
368 v0 = ti[1];
369 l2c(v0, iv);
370 iv = &(*ivec)[0];
371 }
372 cc = *(in++);
373 c = iv[n];
374 iv[n] = cc;
375 *(out++) = c ^ cc;
376 n = (n + 1) & 0x07;
377 }
378 }
379 v0 = v1 = ti[0] = ti[1] = c = cc = 0;
380 *num = n;
381}
382LCRYPTO_ALIAS(DES_cfb64_encrypt);
383
384/* The input and output are loaded in multiples of 8 bits.
385 * What this means is that if you hame numbits=12 and length=2
386 * the first 12 bits will be retrieved from the first byte and half
387 * the second. The second 12 bits will come from the 3rd and half the 4th
388 * byte.
389 */
390/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
391 * will not be compatible with any encryption prior to that date. Ben. */
392void
393DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
394 long length, DES_key_schedule *schedule, DES_cblock *ivec,
395 int enc)
396{
397 DES_LONG d0, d1, v0, v1;
398 unsigned long l = length;
399 int num = numbits/8, n = (numbits + 7)/8, i, rem = numbits % 8;
400 DES_LONG ti[2];
401 unsigned char *iv;
402#if BYTE_ORDER != LITTLE_ENDIAN
403 unsigned char ovec[16];
404#else
405 unsigned int sh[4];
406 unsigned char *ovec = (unsigned char *)sh;
407#endif
408
409 if (numbits <= 0 || numbits > 64)
410 return;
411 iv = &(*ivec)[0];
412 c2l(iv, v0);
413 c2l(iv, v1);
414 if (enc) {
415 while (l >= (unsigned long)n) {
416 l -= n;
417 ti[0] = v0;
418 ti[1] = v1;
419 DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
420 c2ln(in, d0, d1, n);
421 in += n;
422 d0 ^= ti[0];
423 d1 ^= ti[1];
424 l2cn(d0, d1, out, n);
425 out += n;
426 /* 30-08-94 - eay - changed because l>>32 and
427 * l<<32 are bad under gcc :-( */
428 if (numbits == 32) {
429 v0 = v1;
430 v1 = d0;
431 } else if (numbits == 64) {
432 v0 = d0;
433 v1 = d1;
434 } else {
435#if BYTE_ORDER != LITTLE_ENDIAN
436 iv = &ovec[0];
437 l2c(v0, iv);
438 l2c(v1, iv);
439 l2c(d0, iv);
440 l2c(d1, iv);
441#else
442 sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
443#endif
444 if (rem == 0)
445 memmove(ovec, ovec + num, 8);
446 else
447 for (i = 0; i < 8; ++i)
448 ovec[i] = ovec[i + num] << rem |
449 ovec[i + num + 1] >> (8 -
450 rem);
451#if BYTE_ORDER == LITTLE_ENDIAN
452 v0 = sh[0], v1 = sh[1];
453#else
454 iv = &ovec[0];
455 c2l(iv, v0);
456 c2l(iv, v1);
457#endif
458 }
459 }
460 } else {
461 while (l >= (unsigned long)n) {
462 l -= n;
463 ti[0] = v0;
464 ti[1] = v1;
465 DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
466 c2ln(in, d0, d1, n);
467 in += n;
468 /* 30-08-94 - eay - changed because l>>32 and
469 * l<<32 are bad under gcc :-( */
470 if (numbits == 32) {
471 v0 = v1;
472 v1 = d0;
473 } else if (numbits == 64) {
474 v0 = d0;
475 v1 = d1;
476 } else {
477#if BYTE_ORDER != LITTLE_ENDIAN
478 iv = &ovec[0];
479 l2c(v0, iv);
480 l2c(v1, iv);
481 l2c(d0, iv);
482 l2c(d1, iv);
483#else
484 sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
485#endif
486 if (rem == 0)
487 memmove(ovec, ovec + num, 8);
488 else
489 for (i = 0; i < 8; ++i)
490 ovec[i] = ovec[i + num] << rem |
491 ovec[i + num + 1] >> (8 -
492 rem);
493#if BYTE_ORDER == LITTLE_ENDIAN
494 v0 = sh[0], v1 = sh[1];
495#else
496 iv = &ovec[0];
497 c2l(iv, v0);
498 c2l(iv, v1);
499#endif
500 }
501 d0 ^= ti[0];
502 d1 ^= ti[1];
503 l2cn(d0, d1, out, n);
504 out += n;
505 }
506 }
507 iv = &(*ivec)[0];
508 l2c(v0, iv);
509 l2c(v1, iv);
510 v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
511}
512LCRYPTO_ALIAS(DES_cfb_encrypt);
513
514void
515DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
516 DES_key_schedule *ks1, DES_key_schedule *ks2,
517 DES_key_schedule *ks3,
518 int enc)
519{
520 DES_LONG l0, l1;
521 DES_LONG ll[2];
522 const unsigned char *in = &(*input)[0];
523 unsigned char *out = &(*output)[0];
524
525 c2l(in, l0);
526 c2l(in, l1);
527 ll[0] = l0;
528 ll[1] = l1;
529 if (enc)
530 DES_encrypt3(ll, ks1, ks2, ks3);
531 else
532 DES_decrypt3(ll, ks1, ks2, ks3);
533 l0 = ll[0];
534 l1 = ll[1];
535 l2c(l0, out);
536 l2c(l1, out);
537}
538LCRYPTO_ALIAS(DES_ecb3_encrypt);
539
540void
541DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
542 DES_key_schedule *ks, int enc)
543{
544 DES_LONG l;
545 DES_LONG ll[2];
546 const unsigned char *in = &(*input)[0];
547 unsigned char *out = &(*output)[0];
548
549 c2l(in, l);
550 ll[0] = l;
551 c2l(in, l);
552 ll[1] = l;
553 DES_encrypt1(ll, ks, enc);
554 l = ll[0];
555 l2c(l, out);
556 l = ll[1];
557 l2c(l, out);
558 l = ll[0] = ll[1] = 0;
559}
560LCRYPTO_ALIAS(DES_ecb_encrypt);
561
562/*
563
564This is an implementation of Triple DES Cipher Block Chaining with Output
565Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
566
567Note that there is a known attack on this by Biham and Knudsen but it takes
568a lot of work:
569
570http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
571
572*/
573
574#ifndef OPENSSL_NO_DESCBCM
575void
576DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
577 long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
578 DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
579 int enc)
580{
581 DES_LONG tin0, tin1;
582 DES_LONG tout0, tout1, xor0, xor1, m0, m1;
583 long l = length;
584 DES_LONG tin[2];
585 unsigned char *iv1, *iv2;
586
587 iv1 = &(*ivec1)[0];
588 iv2 = &(*ivec2)[0];
589
590 if (enc) {
591 c2l(iv1, m0);
592 c2l(iv1, m1);
593 c2l(iv2, tout0);
594 c2l(iv2, tout1);
595 for (l -= 8; l >= -7; l -= 8) {
596 tin[0] = m0;
597 tin[1] = m1;
598 DES_encrypt1(tin, ks3, 1);
599 m0 = tin[0];
600 m1 = tin[1];
601
602 if (l < 0) {
603 c2ln(in, tin0, tin1, l + 8);
604 } else {
605 c2l(in, tin0);
606 c2l(in, tin1);
607 }
608 tin0 ^= tout0;
609 tin1 ^= tout1;
610
611 tin[0] = tin0;
612 tin[1] = tin1;
613 DES_encrypt1(tin, ks1, 1);
614 tin[0] ^= m0;
615 tin[1] ^= m1;
616 DES_encrypt1(tin, ks2, 0);
617 tin[0] ^= m0;
618 tin[1] ^= m1;
619 DES_encrypt1(tin, ks1, 1);
620 tout0 = tin[0];
621 tout1 = tin[1];
622
623 l2c(tout0, out);
624 l2c(tout1, out);
625 }
626 iv1 = &(*ivec1)[0];
627 l2c(m0, iv1);
628 l2c(m1, iv1);
629
630 iv2 = &(*ivec2)[0];
631 l2c(tout0, iv2);
632 l2c(tout1, iv2);
633 } else {
634 DES_LONG t0, t1;
635
636 c2l(iv1, m0);
637 c2l(iv1, m1);
638 c2l(iv2, xor0);
639 c2l(iv2, xor1);
640 for (l -= 8; l >= -7; l -= 8) {
641 tin[0] = m0;
642 tin[1] = m1;
643 DES_encrypt1(tin, ks3, 1);
644 m0 = tin[0];
645 m1 = tin[1];
646
647 c2l(in, tin0);
648 c2l(in, tin1);
649
650 t0 = tin0;
651 t1 = tin1;
652
653 tin[0] = tin0;
654 tin[1] = tin1;
655 DES_encrypt1(tin, ks1, 0);
656 tin[0] ^= m0;
657 tin[1] ^= m1;
658 DES_encrypt1(tin, ks2, 1);
659 tin[0] ^= m0;
660 tin[1] ^= m1;
661 DES_encrypt1(tin, ks1, 0);
662 tout0 = tin[0];
663 tout1 = tin[1];
664
665 tout0 ^= xor0;
666 tout1 ^= xor1;
667 if (l < 0) {
668 l2cn(tout0, tout1, out, l + 8);
669 } else {
670 l2c(tout0, out);
671 l2c(tout1, out);
672 }
673 xor0 = t0;
674 xor1 = t1;
675 }
676
677 iv1 = &(*ivec1)[0];
678 l2c(m0, iv1);
679 l2c(m1, iv1);
680
681 iv2 = &(*ivec2)[0];
682 l2c(xor0, iv2);
683 l2c(xor1, iv2);
684 }
685 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
686 tin[0] = tin[1] = 0;
687}
688LCRYPTO_ALIAS(DES_ede3_cbcm_encrypt);
689#endif
690
691/* The input and output encrypted as though 64bit ofb mode is being
692 * used. The extra state information to record how much of the
693 * 64bit block we have used is contained in *num;
694 */
695void
696DES_ede3_ofb64_encrypt(const unsigned char *in,
697 unsigned char *out, long length,
698 DES_key_schedule *k1, DES_key_schedule *k2,
699 DES_key_schedule *k3, DES_cblock *ivec,
700 int *num)
701{
702 DES_LONG v0, v1;
703 int n = *num;
704 long l = length;
705 DES_cblock d;
706 char *dp;
707 DES_LONG ti[2];
708 unsigned char *iv;
709 int save = 0;
710
711 iv = &(*ivec)[0];
712 c2l(iv, v0);
713 c2l(iv, v1);
714 ti[0] = v0;
715 ti[1] = v1;
716 dp = (char *)d;
717 l2c(v0, dp);
718 l2c(v1, dp);
719 while (l--) {
720 if (n == 0) {
721 /* ti[0]=v0; */
722 /* ti[1]=v1; */
723 DES_encrypt3(ti, k1, k2, k3);
724 v0 = ti[0];
725 v1 = ti[1];
726
727 dp = (char *)d;
728 l2c(v0, dp);
729 l2c(v1, dp);
730 save++;
731 }
732 *(out++) = *(in++) ^ d[n];
733 n = (n + 1) & 0x07;
734 }
735 if (save) {
736 iv = &(*ivec)[0];
737 l2c(v0, iv);
738 l2c(v1, iv);
739 }
740 v0 = v1 = ti[0] = ti[1] = 0;
741 *num = n;
742}
743LCRYPTO_ALIAS(DES_ede3_ofb64_encrypt);
744
745/* The input and output encrypted as though 64bit ofb mode is being
746 * used. The extra state information to record how much of the
747 * 64bit block we have used is contained in *num;
748 */
749void
750DES_ofb64_encrypt(const unsigned char *in,
751 unsigned char *out, long length,
752 DES_key_schedule *schedule, DES_cblock *ivec, int *num)
753{
754 DES_LONG v0, v1, t;
755 int n = *num;
756 long l = length;
757 DES_cblock d;
758 unsigned char *dp;
759 DES_LONG ti[2];
760 unsigned char *iv;
761 int save = 0;
762
763 iv = &(*ivec)[0];
764 c2l(iv, v0);
765 c2l(iv, v1);
766 ti[0] = v0;
767 ti[1] = v1;
768 dp = d;
769 l2c(v0, dp);
770 l2c(v1, dp);
771 while (l--) {
772 if (n == 0) {
773 DES_encrypt1(ti, schedule, DES_ENCRYPT);
774 dp = d;
775 t = ti[0];
776 l2c(t, dp);
777 t = ti[1];
778 l2c(t, dp);
779 save++;
780 }
781 *(out++) = *(in++) ^ d[n];
782 n = (n + 1) & 0x07;
783 }
784 if (save) {
785 v0 = ti[0];
786 v1 = ti[1];
787 iv = &(*ivec)[0];
788 l2c(v0, iv);
789 l2c(v1, iv);
790 }
791 t = v0 = v1 = ti[0] = ti[1] = 0;
792 *num = n;
793}
794LCRYPTO_ALIAS(DES_ofb64_encrypt);
795
796/* The input and output are loaded in multiples of 8 bits.
797 * What this means is that if you hame numbits=12 and length=2
798 * the first 12 bits will be retrieved from the first byte and half
799 * the second. The second 12 bits will come from the 3rd and half the 4th
800 * byte.
801 */
802void
803DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
804 long length, DES_key_schedule *schedule,
805 DES_cblock *ivec)
806{
807 DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7)/8;
808 DES_LONG mask0, mask1;
809 long l = length;
810 int num = numbits;
811 DES_LONG ti[2];
812 unsigned char *iv;
813
814 if (num > 64)
815 return;
816 if (num > 32) {
817 mask0 = 0xffffffffL;
818 if (num >= 64)
819 mask1 = mask0;
820 else
821 mask1 = (1L << (num - 32)) - 1;
822 } else {
823 if (num == 32)
824 mask0 = 0xffffffffL;
825 else
826 mask0 = (1L << num) - 1;
827 mask1 = 0x00000000L;
828 }
829
830 iv = &(*ivec)[0];
831 c2l(iv, v0);
832 c2l(iv, v1);
833 ti[0] = v0;
834 ti[1] = v1;
835 while (l-- > 0) {
836 ti[0] = v0;
837 ti[1] = v1;
838 DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
839 vv0 = ti[0];
840 vv1 = ti[1];
841 c2ln(in, d0, d1, n);
842 in += n;
843 d0 = (d0 ^ vv0) & mask0;
844 d1 = (d1 ^ vv1) & mask1;
845 l2cn(d0, d1, out, n);
846 out += n;
847
848 if (num == 32) {
849 v0 = v1;
850 v1 = vv0;
851 } else if (num == 64) {
852 v0 = vv0;
853 v1 = vv1;
854 } else if (num > 32) { /* && num != 64 */
855 v0 = ((v1 >> (num - 32))|(vv0 << (64 - num))) &
856 0xffffffffL;
857 v1 = ((vv0 >> (num - 32))|(vv1 << (64 - num))) &
858 0xffffffffL;
859 } else /* num < 32 */ {
860 v0 = ((v0 >> num)|(v1 << (32 - num))) & 0xffffffffL;
861 v1 = ((v1 >> num)|(vv0 << (32 - num))) & 0xffffffffL;
862 }
863 }
864 iv = &(*ivec)[0];
865 l2c(v0, iv);
866 l2c(v1, iv);
867 v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
868}
869LCRYPTO_ALIAS(DES_ofb_encrypt);
870
871void
872DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
873 long length, DES_key_schedule *schedule,
874 DES_cblock *ivec, int enc)
875{
876 DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
877 DES_LONG tin[2];
878 const unsigned char *in;
879 unsigned char *out, *iv;
880
881 in = input;
882 out = output;
883 iv = &(*ivec)[0];
884
885 if (enc) {
886 c2l(iv, xor0);
887 c2l(iv, xor1);
888 for (; length > 0; length -= 8) {
889 if (length >= 8) {
890 c2l(in, sin0);
891 c2l(in, sin1);
892 } else
893 c2ln(in, sin0, sin1, length);
894 tin[0] = sin0 ^ xor0;
895 tin[1] = sin1 ^ xor1;
896 DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
897 tout0 = tin[0];
898 tout1 = tin[1];
899 xor0 = sin0 ^ tout0;
900 xor1 = sin1 ^ tout1;
901 l2c(tout0, out);
902 l2c(tout1, out);
903 }
904 } else {
905 c2l(iv, xor0);
906 c2l(iv, xor1);
907 for (; length > 0; length -= 8) {
908 c2l(in, sin0);
909 c2l(in, sin1);
910 tin[0] = sin0;
911 tin[1] = sin1;
912 DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
913 tout0 = tin[0] ^ xor0;
914 tout1 = tin[1] ^ xor1;
915 if (length >= 8) {
916 l2c(tout0, out);
917 l2c(tout1, out);
918 } else
919 l2cn(tout0, tout1, out, length);
920 xor0 = tout0 ^ sin0;
921 xor1 = tout1 ^ sin1;
922 }
923 }
924 tin[0] = tin[1] = 0;
925 sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
926}
927LCRYPTO_ALIAS(DES_pcbc_encrypt);
928
929/* RSA's DESX */
930
931void
932DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
933 long length, DES_key_schedule *schedule,
934 DES_cblock *ivec, const_DES_cblock *inw,
935 const_DES_cblock *outw, int enc)
936{
937 DES_LONG tin0, tin1;
938 DES_LONG tout0, tout1, xor0, xor1;
939 DES_LONG inW0, inW1, outW0, outW1;
940 const unsigned char *in2;
941 long l = length;
942 DES_LONG tin[2];
943 unsigned char *iv;
944
945 in2 = &(*inw)[0];
946 c2l(in2, inW0);
947 c2l(in2, inW1);
948 in2 = &(*outw)[0];
949 c2l(in2, outW0);
950 c2l(in2, outW1);
951
952 iv = &(*ivec)[0];
953
954 if (enc) {
955 c2l(iv, tout0);
956 c2l(iv, tout1);
957 for (l -= 8; l >= 0; l -= 8) {
958 c2l(in, tin0);
959 c2l(in, tin1);
960 tin0 ^= tout0 ^ inW0;
961 tin[0] = tin0;
962 tin1 ^= tout1 ^ inW1;
963 tin[1] = tin1;
964 DES_encrypt1(tin, schedule, DES_ENCRYPT);
965 tout0 = tin[0] ^ outW0;
966 l2c(tout0, out);
967 tout1 = tin[1] ^ outW1;
968 l2c(tout1, out);
969 }
970 if (l != -8) {
971 c2ln(in, tin0, tin1, l + 8);
972 tin0 ^= tout0 ^ inW0;
973 tin[0] = tin0;
974 tin1 ^= tout1 ^ inW1;
975 tin[1] = tin1;
976 DES_encrypt1(tin, schedule, DES_ENCRYPT);
977 tout0 = tin[0] ^ outW0;
978 l2c(tout0, out);
979 tout1 = tin[1] ^ outW1;
980 l2c(tout1, out);
981 }
982 iv = &(*ivec)[0];
983 l2c(tout0, iv);
984 l2c(tout1, iv);
985 } else {
986 c2l(iv, xor0);
987 c2l(iv, xor1);
988 for (l -= 8; l > 0; l -= 8) {
989 c2l(in, tin0);
990 tin[0] = tin0 ^ outW0;
991 c2l(in, tin1);
992 tin[1] = tin1 ^ outW1;
993 DES_encrypt1(tin, schedule, DES_DECRYPT);
994 tout0 = tin[0] ^ xor0 ^ inW0;
995 tout1 = tin[1] ^ xor1 ^ inW1;
996 l2c(tout0, out);
997 l2c(tout1, out);
998 xor0 = tin0;
999 xor1 = tin1;
1000 }
1001 if (l != -8) {
1002 c2l(in, tin0);
1003 tin[0] = tin0 ^ outW0;
1004 c2l(in, tin1);
1005 tin[1] = tin1 ^ outW1;
1006 DES_encrypt1(tin, schedule, DES_DECRYPT);
1007 tout0 = tin[0] ^ xor0 ^ inW0;
1008 tout1 = tin[1] ^ xor1 ^ inW1;
1009 l2cn(tout0, tout1, out, l + 8);
1010 xor0 = tin0;
1011 xor1 = tin1;
1012 }
1013
1014 iv = &(*ivec)[0];
1015 l2c(xor0, iv);
1016 l2c(xor1, iv);
1017 }
1018 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
1019 inW0 = inW1 = outW0 = outW1 = 0;
1020 tin[0] = tin[1] = 0;
1021}
1022LCRYPTO_ALIAS(DES_xcbc_encrypt);
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
deleted file mode 100644
index 2d957a192c..0000000000
--- a/src/lib/libcrypto/des/des.h
+++ /dev/null
@@ -1,206 +0,0 @@
1/* $OpenBSD: des.h,v 1.23 2025/01/25 17:59:44 tb Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_NEW_DES_H
60#define HEADER_NEW_DES_H
61
62#include <openssl/opensslconf.h>
63
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68typedef unsigned char DES_cblock[8];
69typedef /* const */ unsigned char const_DES_cblock[8];
70/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
71 * and const_DES_cblock * are incompatible pointer types. */
72
73typedef struct DES_ks {
74 union {
75 DES_cblock cblock;
76 /* make sure things are correct size on machines with
77 * 8 byte longs */
78 DES_LONG deslong[2];
79 } ks[16];
80} DES_key_schedule;
81
82#define DES_KEY_SZ (sizeof(DES_cblock))
83#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
84
85#define DES_ENCRYPT 1
86#define DES_DECRYPT 0
87
88#define DES_CBC_MODE 0
89#define DES_PCBC_MODE 1
90
91#define DES_ecb2_encrypt(i,o,k1,k2,e) \
92 DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
93
94#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
95 DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
96
97#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
98 DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
99
100#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
101 DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
102
103extern int DES_check_key; /* defaults to false */
104
105void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
106 DES_key_schedule *ks1, DES_key_schedule *ks2,
107 DES_key_schedule *ks3, int enc);
108DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
109 long length, DES_key_schedule *schedule,
110 const_DES_cblock *ivec);
111/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
112void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
113 long length, DES_key_schedule *schedule, DES_cblock *ivec,
114 int enc);
115void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
116 long length, DES_key_schedule *schedule, DES_cblock *ivec,
117 int enc);
118void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
119 long length, DES_key_schedule *schedule, DES_cblock *ivec,
120 const_DES_cblock *inw, const_DES_cblock *outw, int enc);
121void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
122 long length, DES_key_schedule *schedule, DES_cblock *ivec,
123 int enc);
124void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
125 DES_key_schedule *ks, int enc);
126
127/* This is the DES encryption function that gets called by just about
128 every other DES routine in the library. You should not use this
129 function except to implement 'modes' of DES. I say this because the
130 functions that call this routine do the conversion from 'char *' to
131 long, and this needs to be done to make sure 'non-aligned' memory
132 access do not occur. The characters are loaded 'little endian'.
133 Data is a pointer to 2 unsigned long's and ks is the
134 DES_key_schedule to use. enc, is non zero specifies encryption,
135 zero if decryption. */
136void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
137
138/* This functions is the same as DES_encrypt1() except that the DES
139 initial permutation (IP) and final permutation (FP) have been left
140 out. As for DES_encrypt1(), you should not use this function.
141 It is used by the routines in the library that implement triple DES.
142 IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
143 as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
144void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
145
146void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
147 DES_key_schedule *ks2, DES_key_schedule *ks3);
148void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
149 DES_key_schedule *ks2, DES_key_schedule *ks3);
150void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
151 long length,
152 DES_key_schedule *ks1, DES_key_schedule *ks2,
153 DES_key_schedule *ks3, DES_cblock *ivec, int enc);
154void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
155 long length,
156 DES_key_schedule *ks1, DES_key_schedule *ks2,
157 DES_key_schedule *ks3,
158 DES_cblock *ivec1, DES_cblock *ivec2,
159 int enc);
160void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
161 long length, DES_key_schedule *ks1,
162 DES_key_schedule *ks2, DES_key_schedule *ks3,
163 DES_cblock *ivec, int *num, int enc);
164void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
165 int numbits, long length, DES_key_schedule *ks1,
166 DES_key_schedule *ks2, DES_key_schedule *ks3,
167 DES_cblock *ivec, int enc);
168void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
169 long length, DES_key_schedule *ks1,
170 DES_key_schedule *ks2, DES_key_schedule *ks3,
171 DES_cblock *ivec, int *num);
172char *DES_fcrypt(const char *buf, const char *salt, char *ret);
173char *DES_crypt(const char *buf, const char *salt);
174void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
175 long length, DES_key_schedule *schedule, DES_cblock *ivec);
176void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
177 long length, DES_key_schedule *schedule, DES_cblock *ivec,
178 int enc);
179DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
180 long length, int out_count, DES_cblock *seed);
181int DES_random_key(DES_cblock *ret);
182void DES_set_odd_parity(DES_cblock *key);
183int DES_check_key_parity(const_DES_cblock *key);
184int DES_is_weak_key(const_DES_cblock *key);
185/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
186 * DES_set_key_checked if global variable DES_check_key is set,
187 * DES_set_key_unchecked otherwise. */
188int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
189int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
190int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
191void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
192void DES_string_to_key(const char *str, DES_cblock *key);
193void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
194void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
195 DES_key_schedule *schedule, DES_cblock *ivec, int *num,
196 int enc);
197void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
198 DES_key_schedule *schedule, DES_cblock *ivec, int *num);
199
200#define DES_fixup_key_parity DES_set_odd_parity
201
202#ifdef __cplusplus
203}
204#endif
205
206#endif
diff --git a/src/lib/libcrypto/des/des_cksum.c b/src/lib/libcrypto/des/des_cksum.c
deleted file mode 100644
index 6dfb8a0340..0000000000
--- a/src/lib/libcrypto/des/des_cksum.c
+++ /dev/null
@@ -1,173 +0,0 @@
1/* $OpenBSD: des_cksum.c,v 1.1 2024/08/31 15:56:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer
60 * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
61 * This module in only based on the code in this paper and is
62 * almost definitely not the same as the MIT implementation.
63 */
64#include "des_local.h"
65
66/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
67#define Q_B0(a) (((DES_LONG)(a)))
68#define Q_B1(a) (((DES_LONG)(a))<<8)
69#define Q_B2(a) (((DES_LONG)(a))<<16)
70#define Q_B3(a) (((DES_LONG)(a))<<24)
71
72/* used to scramble things a bit */
73/* Got the value MIT uses via brute force :-) 2/10/90 eay */
74#define NOISE ((DES_LONG)83653421L)
75
76DES_LONG
77DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
78 long length, DES_key_schedule *schedule,
79 const_DES_cblock *ivec)
80{
81 DES_LONG tout0, tout1, tin0, tin1;
82 long l = length;
83 DES_LONG tin[2];
84 unsigned char *out = &(*output)[0];
85 const unsigned char *iv = &(*ivec)[0];
86
87 c2l(iv, tout0);
88 c2l(iv, tout1);
89 for (; l > 0; l -= 8) {
90 if (l >= 8) {
91 c2l(in, tin0);
92 c2l(in, tin1);
93 } else
94 c2ln(in, tin0, tin1, l);
95
96 tin0 ^= tout0;
97 tin[0] = tin0;
98 tin1 ^= tout1;
99 tin[1] = tin1;
100 DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
101 /* fix 15/10/91 eay - thanks to keithr@sco.COM */
102 tout0 = tin[0];
103 tout1 = tin[1];
104 }
105 if (out != NULL) {
106 l2c(tout0, out);
107 l2c(tout1, out);
108 }
109 tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
110 /*
111 Transform the data in tout1 so that it will
112 match the return value that the MIT Kerberos
113 mit_des_cbc_cksum API returns.
114 */
115 tout1 = ((tout1 >> 24L) & 0x000000FF) |
116 ((tout1 >> 8L) & 0x0000FF00) |
117 ((tout1 << 8L) & 0x00FF0000) |
118 ((tout1 << 24L) & 0xFF000000);
119 return (tout1);
120}
121LCRYPTO_ALIAS(DES_cbc_cksum);
122
123DES_LONG
124DES_quad_cksum(const unsigned char *input, DES_cblock output[],
125 long length, int out_count, DES_cblock *seed)
126{
127 DES_LONG z0, z1, t0, t1;
128 int i;
129 long l;
130 const unsigned char *cp;
131 DES_LONG *lp;
132
133 if (out_count < 1)
134 out_count = 1;
135 lp = (DES_LONG *)&(output[0])[0];
136
137 z0 = Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3(
138 (*seed)[3]);
139 z1 = Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3(
140 (*seed)[7]);
141
142 for (i = 0; ((i < 4) && (i < out_count)); i++) {
143 cp = input;
144 l = length;
145 while (l > 0) {
146 if (l > 1) {
147 t0 = (DES_LONG)(*(cp++));
148 t0 |= (DES_LONG)Q_B1(*(cp++));
149 l--;
150 } else
151 t0 = (DES_LONG)(*(cp++));
152 l--;
153 /* add */
154 t0 += z0;
155 t0 &= 0xffffffffL;
156 t1 = z1;
157 /* square, well sort of square */
158 z0 = ((((t0*t0) & 0xffffffffL) +
159 ((t1*t1) & 0xffffffffL)) & 0xffffffffL) %
160 0x7fffffffL;
161 z1 = ((t0*((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) %
162 0x7fffffffL;
163 }
164 if (lp != NULL) {
165 /* The MIT library assumes that the checksum is
166 * composed of 2*out_count 32 bit ints */
167 *lp++ = z0;
168 *lp++ = z1;
169 }
170 }
171 return (z0);
172}
173LCRYPTO_ALIAS(DES_quad_cksum);
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
deleted file mode 100644
index deec50bffb..0000000000
--- a/src/lib/libcrypto/des/des_enc.c
+++ /dev/null
@@ -1,611 +0,0 @@
1/* $OpenBSD: des_enc.c,v 1.20 2024/08/31 16:17:13 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include "des_local.h"
60
61const DES_LONG DES_SPtrans[8][64] = {
62 {
63/* nibble 0 */
64 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
65 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
66 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
67 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
68 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
69 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
70 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
71 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
72 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
73 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
74 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
75 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
76 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
77 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
78 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
79 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
80 }, {
81/* nibble 1 */
82 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
83 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
84 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
85 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
86 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
87 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
88 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
89 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
90 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
91 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
92 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
93 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
94 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
95 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
96 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
97 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
98 }, {
99/* nibble 2 */
100 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
101 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
102 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
103 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
104 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
105 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
106 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
107 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
108 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
109 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
110 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
111 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
112 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
113 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
114 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
115 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
116 }, {
117/* nibble 3 */
118 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
119 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
120 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
121 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
122 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
123 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
124 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
125 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
126 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
127 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
128 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
129 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
130 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
131 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
132 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
133 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
134 }, {
135/* nibble 4 */
136 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
137 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
138 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
139 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
140 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
141 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
142 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
143 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
144 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
145 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
146 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
147 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
148 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
149 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
150 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
151 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
152 }, {
153/* nibble 5 */
154 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
155 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
156 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
157 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
158 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
159 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
160 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
161 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
162 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
163 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
164 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
165 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
166 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
167 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
168 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
169 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
170 }, {
171/* nibble 6 */
172 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
173 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
174 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
175 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
176 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
177 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
178 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
179 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
180 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
181 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
182 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
183 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
184 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
185 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
186 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
187 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
188 }, {
189/* nibble 7 */
190 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
191 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
192 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
193 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
194 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
195 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
196 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
197 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
198 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
199 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
200 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
201 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
202 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
203 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
204 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
205 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
206 },
207};
208
209void
210DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
211{
212 DES_LONG l, r, t, u;
213#ifndef DES_UNROLL
214 int i;
215#endif
216 DES_LONG *s;
217
218 r = data[0];
219 l = data[1];
220
221 IP(r, l);
222 /* Things have been modified so that the initial rotate is
223 * done outside the loop. This required the
224 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
225 * One perl script later and things have a 5% speed up on a sparc2.
226 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
227 * for pointing this out. */
228 /* clear the top bits on machines with 8byte longs */
229 /* shift left by 2 */
230 r = ROTATE(r, 29) & 0xffffffffL;
231 l = ROTATE(l, 29) & 0xffffffffL;
232
233 s = ks->ks->deslong;
234 /* I don't know if it is worth the effort of loop unrolling the
235 * inner loop */
236 if (enc) {
237#ifdef DES_UNROLL
238 D_ENCRYPT(l, r, 0); /* 1 */
239 D_ENCRYPT(r, l, 2); /* 2 */
240 D_ENCRYPT(l, r, 4); /* 3 */
241 D_ENCRYPT(r, l, 6); /* 4 */
242 D_ENCRYPT(l, r, 8); /* 5 */
243 D_ENCRYPT(r, l, 10); /* 6 */
244 D_ENCRYPT(l, r, 12); /* 7 */
245 D_ENCRYPT(r, l, 14); /* 8 */
246 D_ENCRYPT(l, r, 16); /* 9 */
247 D_ENCRYPT(r, l, 18); /* 10 */
248 D_ENCRYPT(l, r, 20); /* 11 */
249 D_ENCRYPT(r, l, 22); /* 12 */
250 D_ENCRYPT(l, r, 24); /* 13 */
251 D_ENCRYPT(r, l, 26); /* 14 */
252 D_ENCRYPT(l, r, 28); /* 15 */
253 D_ENCRYPT(r, l, 30); /* 16 */
254#else
255 for (i = 0; i < 32; i += 4) {
256 D_ENCRYPT(l, r, i + 0); /* 1 */
257 D_ENCRYPT(r, l, i + 2); /* 2 */
258 }
259#endif
260 } else {
261#ifdef DES_UNROLL
262 D_ENCRYPT(l, r, 30); /* 16 */
263 D_ENCRYPT(r, l, 28); /* 15 */
264 D_ENCRYPT(l, r, 26); /* 14 */
265 D_ENCRYPT(r, l, 24); /* 13 */
266 D_ENCRYPT(l, r, 22); /* 12 */
267 D_ENCRYPT(r, l, 20); /* 11 */
268 D_ENCRYPT(l, r, 18); /* 10 */
269 D_ENCRYPT(r, l, 16); /* 9 */
270 D_ENCRYPT(l, r, 14); /* 8 */
271 D_ENCRYPT(r, l, 12); /* 7 */
272 D_ENCRYPT(l, r, 10); /* 6 */
273 D_ENCRYPT(r, l, 8); /* 5 */
274 D_ENCRYPT(l, r, 6); /* 4 */
275 D_ENCRYPT(r, l, 4); /* 3 */
276 D_ENCRYPT(l, r, 2); /* 2 */
277 D_ENCRYPT(r, l, 0); /* 1 */
278#else
279 for (i = 30; i > 0; i -= 4) {
280 D_ENCRYPT(l, r, i - 0); /* 16 */
281 D_ENCRYPT(r, l, i - 2); /* 15 */
282 }
283#endif
284 }
285
286 /* rotate and clear the top bits on machines with 8byte longs */
287 l = ROTATE(l, 3) & 0xffffffffL;
288 r = ROTATE(r, 3) & 0xffffffffL;
289
290 FP(r, l);
291 data[0] = l;
292 data[1] = r;
293 l = r = t = u = 0;
294}
295LCRYPTO_ALIAS(DES_encrypt1);
296
297void
298DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
299{
300 DES_LONG l, r, t, u;
301#ifndef DES_UNROLL
302 int i;
303#endif
304 DES_LONG *s;
305
306 r = data[0];
307 l = data[1];
308
309 /* Things have been modified so that the initial rotate is
310 * done outside the loop. This required the
311 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
312 * One perl script later and things have a 5% speed up on a sparc2.
313 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
314 * for pointing this out. */
315 /* clear the top bits on machines with 8byte longs */
316 r = ROTATE(r, 29) & 0xffffffffL;
317 l = ROTATE(l, 29) & 0xffffffffL;
318
319 s = ks->ks->deslong;
320 /* I don't know if it is worth the effort of loop unrolling the
321 * inner loop */
322 if (enc) {
323#ifdef DES_UNROLL
324 D_ENCRYPT(l, r, 0); /* 1 */
325 D_ENCRYPT(r, l, 2); /* 2 */
326 D_ENCRYPT(l, r, 4); /* 3 */
327 D_ENCRYPT(r, l, 6); /* 4 */
328 D_ENCRYPT(l, r, 8); /* 5 */
329 D_ENCRYPT(r, l, 10); /* 6 */
330 D_ENCRYPT(l, r, 12); /* 7 */
331 D_ENCRYPT(r, l, 14); /* 8 */
332 D_ENCRYPT(l, r, 16); /* 9 */
333 D_ENCRYPT(r, l, 18); /* 10 */
334 D_ENCRYPT(l, r, 20); /* 11 */
335 D_ENCRYPT(r, l, 22); /* 12 */
336 D_ENCRYPT(l, r, 24); /* 13 */
337 D_ENCRYPT(r, l, 26); /* 14 */
338 D_ENCRYPT(l, r, 28); /* 15 */
339 D_ENCRYPT(r, l, 30); /* 16 */
340#else
341 for (i = 0; i < 32; i += 4) {
342 D_ENCRYPT(l, r, i + 0); /* 1 */
343 D_ENCRYPT(r, l, i + 2); /* 2 */
344 }
345#endif
346 } else {
347#ifdef DES_UNROLL
348 D_ENCRYPT(l, r, 30); /* 16 */
349 D_ENCRYPT(r, l, 28); /* 15 */
350 D_ENCRYPT(l, r, 26); /* 14 */
351 D_ENCRYPT(r, l, 24); /* 13 */
352 D_ENCRYPT(l, r, 22); /* 12 */
353 D_ENCRYPT(r, l, 20); /* 11 */
354 D_ENCRYPT(l, r, 18); /* 10 */
355 D_ENCRYPT(r, l, 16); /* 9 */
356 D_ENCRYPT(l, r, 14); /* 8 */
357 D_ENCRYPT(r, l, 12); /* 7 */
358 D_ENCRYPT(l, r, 10); /* 6 */
359 D_ENCRYPT(r, l, 8); /* 5 */
360 D_ENCRYPT(l, r, 6); /* 4 */
361 D_ENCRYPT(r, l, 4); /* 3 */
362 D_ENCRYPT(l, r, 2); /* 2 */
363 D_ENCRYPT(r, l, 0); /* 1 */
364#else
365 for (i = 30; i > 0; i -= 4) {
366 D_ENCRYPT(l, r, i - 0); /* 16 */
367 D_ENCRYPT(r, l, i - 2); /* 15 */
368 }
369#endif
370 }
371 /* rotate and clear the top bits on machines with 8byte longs */
372 data[0] = ROTATE(l, 3) & 0xffffffffL;
373 data[1] = ROTATE(r, 3) & 0xffffffffL;
374 l = r = t = u = 0;
375}
376LCRYPTO_ALIAS(DES_encrypt2);
377
378void
379DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
380 DES_key_schedule *ks2, DES_key_schedule *ks3)
381{
382 DES_LONG l, r;
383
384 l = data[0];
385 r = data[1];
386 IP(l, r);
387 data[0] = l;
388 data[1] = r;
389 DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
390 DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
391 DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
392 l = data[0];
393 r = data[1];
394 FP(r, l);
395 data[0] = l;
396 data[1] = r;
397}
398LCRYPTO_ALIAS(DES_encrypt3);
399
400void
401DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
402 DES_key_schedule *ks2, DES_key_schedule *ks3)
403{
404 DES_LONG l, r;
405
406 l = data[0];
407 r = data[1];
408 IP(l, r);
409 data[0] = l;
410 data[1] = r;
411 DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
412 DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
413 DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
414 l = data[0];
415 r = data[1];
416 FP(r, l);
417 data[0] = l;
418 data[1] = r;
419}
420LCRYPTO_ALIAS(DES_decrypt3);
421
422#ifndef DES_DEFAULT_OPTIONS
423
424void
425DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
426 DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
427{
428 DES_LONG tin0, tin1;
429 DES_LONG tout0, tout1, xor0, xor1;
430 long l = length;
431 DES_LONG tin[2];
432 unsigned char *iv;
433
434 iv = &(*ivec)[0];
435
436 if (enc) {
437 c2l(iv, tout0);
438 c2l(iv, tout1);
439 for (l -= 8; l >= 0; l -= 8) {
440 c2l(in, tin0);
441 c2l(in, tin1);
442 tin0 ^= tout0;
443 tin[0] = tin0;
444 tin1 ^= tout1;
445 tin[1] = tin1;
446 DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
447 tout0 = tin[0];
448 l2c(tout0, out);
449 tout1 = tin[1];
450 l2c(tout1, out);
451 }
452 if (l != -8) {
453 c2ln(in, tin0, tin1, l + 8);
454 tin0 ^= tout0;
455 tin[0] = tin0;
456 tin1 ^= tout1;
457 tin[1] = tin1;
458 DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
459 tout0 = tin[0];
460 l2c(tout0, out);
461 tout1 = tin[1];
462 l2c(tout1, out);
463 }
464 iv = &(*ivec)[0];
465 l2c(tout0, iv);
466 l2c(tout1, iv);
467 } else {
468 c2l(iv, xor0);
469 c2l(iv, xor1);
470 for (l -= 8; l >= 0; l -= 8) {
471 c2l(in, tin0);
472 tin[0] = tin0;
473 c2l(in, tin1);
474 tin[1] = tin1;
475 DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
476 tout0 = tin[0] ^ xor0;
477 tout1 = tin[1] ^ xor1;
478 l2c(tout0, out);
479 l2c(tout1, out);
480 xor0 = tin0;
481 xor1 = tin1;
482 }
483 if (l != -8) {
484 c2l(in, tin0);
485 tin[0] = tin0;
486 c2l(in, tin1);
487 tin[1] = tin1;
488 DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
489 tout0 = tin[0] ^ xor0;
490 tout1 = tin[1] ^ xor1;
491 l2cn(tout0, tout1, out, l + 8);
492 xor0 = tin0;
493 xor1 = tin1;
494 }
495 iv = &(*ivec)[0];
496 l2c(xor0, iv);
497 l2c(xor1, iv);
498 }
499 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
500 tin[0] = tin[1] = 0;
501}
502LCRYPTO_ALIAS(DES_ncbc_encrypt);
503
504void
505DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
506 long length, DES_key_schedule *ks1,
507 DES_key_schedule *ks2, DES_key_schedule *ks3,
508 DES_cblock *ivec, int enc)
509{
510 DES_LONG tin0, tin1;
511 DES_LONG tout0, tout1, xor0, xor1;
512 const unsigned char *in;
513 unsigned char *out;
514 long l = length;
515 DES_LONG tin[2];
516 unsigned char *iv;
517
518 in = input;
519 out = output;
520 iv = &(*ivec)[0];
521
522 if (enc) {
523 c2l(iv, tout0);
524 c2l(iv, tout1);
525 for (l -= 8; l >= 0; l -= 8) {
526 c2l(in, tin0);
527 c2l(in, tin1);
528 tin0 ^= tout0;
529 tin1 ^= tout1;
530
531 tin[0] = tin0;
532 tin[1] = tin1;
533 DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
534 tout0 = tin[0];
535 tout1 = tin[1];
536
537 l2c(tout0, out);
538 l2c(tout1, out);
539 }
540 if (l != -8) {
541 c2ln(in, tin0, tin1, l + 8);
542 tin0 ^= tout0;
543 tin1 ^= tout1;
544
545 tin[0] = tin0;
546 tin[1] = tin1;
547 DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
548 tout0 = tin[0];
549 tout1 = tin[1];
550
551 l2c(tout0, out);
552 l2c(tout1, out);
553 }
554 iv = &(*ivec)[0];
555 l2c(tout0, iv);
556 l2c(tout1, iv);
557 } else {
558 DES_LONG t0, t1;
559
560 c2l(iv, xor0);
561 c2l(iv, xor1);
562 for (l -= 8; l >= 0; l -= 8) {
563 c2l(in, tin0);
564 c2l(in, tin1);
565
566 t0 = tin0;
567 t1 = tin1;
568
569 tin[0] = tin0;
570 tin[1] = tin1;
571 DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
572 tout0 = tin[0];
573 tout1 = tin[1];
574
575 tout0 ^= xor0;
576 tout1 ^= xor1;
577 l2c(tout0, out);
578 l2c(tout1, out);
579 xor0 = t0;
580 xor1 = t1;
581 }
582 if (l != -8) {
583 c2l(in, tin0);
584 c2l(in, tin1);
585
586 t0 = tin0;
587 t1 = tin1;
588
589 tin[0] = tin0;
590 tin[1] = tin1;
591 DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
592 tout0 = tin[0];
593 tout1 = tin[1];
594
595 tout0 ^= xor0;
596 tout1 ^= xor1;
597 l2cn(tout0, tout1, out, l + 8);
598 xor0 = t0;
599 xor1 = t1;
600 }
601
602 iv = &(*ivec)[0];
603 l2c(xor0, iv);
604 l2c(xor1, iv);
605 }
606 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
607 tin[0] = tin[1] = 0;
608}
609LCRYPTO_ALIAS(DES_ede3_cbc_encrypt);
610
611#endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libcrypto/des/des_fcrypt.c b/src/lib/libcrypto/des/des_fcrypt.c
deleted file mode 100644
index b33b1240c2..0000000000
--- a/src/lib/libcrypto/des/des_fcrypt.c
+++ /dev/null
@@ -1,254 +0,0 @@
1/* $OpenBSD: des_fcrypt.c,v 1.4 2024/08/31 16:22:18 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61/* This version of crypt has been developed from my MIT compatible
62 * DES library.
63 * Eric Young (eay@cryptsoft.com)
64 */
65
66/* Modification by Jens Kupferschmidt (Cu)
67 * I have included directive PARA for shared memory computers.
68 * I have included a directive LONGCRYPT to using this routine to cipher
69 * passwords with more than 8 bytes like HP-UX 10.x it used. The MAXPLEN
70 * definition is the maximum of length of password and can changed. I have
71 * defined 24.
72 */
73
74#define DES_FCRYPT
75#include "des_local.h"
76#undef DES_FCRYPT
77
78#undef PERM_OP
79#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)), \
80 (b)^=(t), \
81 (a)^=((t)<<(n)))
82
83#undef HPERM_OP
84#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)), \
85 (a)=(a)^(t)^(t>>(16-(n)))) \
86
87static void
88fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
89 DES_LONG Eswap1)
90{
91 DES_LONG l, r, t, u;
92 DES_LONG *s;
93 int j;
94 DES_LONG E0, E1;
95
96 l = 0;
97 r = 0;
98
99 s = (DES_LONG *)ks;
100 E0 = Eswap0;
101 E1 = Eswap1;
102
103 for (j = 0; j < 25; j++) {
104#ifndef DES_UNROLL
105 int i;
106
107 for (i = 0; i < 32; i += 4) {
108 D_ENCRYPT(l, r, i + 0); /* 1 */
109 D_ENCRYPT(r, l, i + 2); /* 2 */
110 }
111#else
112 D_ENCRYPT(l, r, 0); /* 1 */
113 D_ENCRYPT(r, l, 2); /* 2 */
114 D_ENCRYPT(l, r, 4); /* 3 */
115 D_ENCRYPT(r, l, 6); /* 4 */
116 D_ENCRYPT(l, r, 8); /* 5 */
117 D_ENCRYPT(r, l, 10); /* 6 */
118 D_ENCRYPT(l, r, 12); /* 7 */
119 D_ENCRYPT(r, l, 14); /* 8 */
120 D_ENCRYPT(l, r, 16); /* 9 */
121 D_ENCRYPT(r, l, 18); /* 10 */
122 D_ENCRYPT(l, r, 20); /* 11 */
123 D_ENCRYPT(r, l, 22); /* 12 */
124 D_ENCRYPT(l, r, 24); /* 13 */
125 D_ENCRYPT(r, l, 26); /* 14 */
126 D_ENCRYPT(l, r, 28); /* 15 */
127 D_ENCRYPT(r, l, 30); /* 16 */
128#endif
129
130 t = l;
131 l = r;
132 r = t;
133 }
134 l = ROTATE(l, 3) & 0xffffffffL;
135 r = ROTATE(r, 3) & 0xffffffffL;
136
137 PERM_OP(l, r, t, 1, 0x55555555L);
138 PERM_OP(r, l, t, 8, 0x00ff00ffL);
139 PERM_OP(l, r, t, 2, 0x33333333L);
140 PERM_OP(r, l, t, 16, 0x0000ffffL);
141 PERM_OP(l, r, t, 4, 0x0f0f0f0fL);
142
143 out[0] = r;
144 out[1] = l;
145}
146
147/* Added more values to handle illegal salt values the way normal
148 * crypt() implementations do. The patch was sent by
149 * Bjorn Gronvall <bg@sics.se>
150 */
151static unsigned const char con_salt[128] = {
152 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
153 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
154 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
155 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1,
156 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
157 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01,
158 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
159 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
160 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
161 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
162 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
163 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24,
164 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
165 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
166 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
167 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
168};
169
170static unsigned const char cov_2char[64] = {
171 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
172 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
173 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
174 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
175 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
176 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
177 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
178 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
179};
180
181char *
182DES_crypt(const char *buf, const char *salt)
183{
184 static char buff[14];
185
186 return (DES_fcrypt(buf, salt, buff));
187}
188LCRYPTO_ALIAS(DES_crypt);
189
190char *
191DES_fcrypt(const char *buf, const char *salt, char *ret)
192{
193 unsigned int i, j, x, y;
194 DES_LONG Eswap0, Eswap1;
195 DES_LONG out[2], ll;
196 DES_cblock key;
197 DES_key_schedule ks;
198 unsigned char bb[9];
199 unsigned char *b = bb;
200 unsigned char c, u;
201
202 /* eay 25/08/92
203 * If you call crypt("pwd","*") as often happens when you
204 * have * as the pwd field in /etc/passwd, the function
205 * returns *\0xxxxxxxxx
206 * The \0 makes the string look like * so the pwd "*" would
207 * crypt to "*". This was found when replacing the crypt in
208 * our shared libraries. People found that the disabled
209 * accounts effectively had no passwd :-(. */
210 x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
211 Eswap0 = con_salt[x] << 2;
212 x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
213 Eswap1 = con_salt[x] << 6;
214/* EAY
215r=strlen(buf);
216r=(r+7)/8;
217*/
218 for (i = 0; i < 8; i++) {
219 c = *(buf++);
220 if (!c)
221 break;
222 key[i] = (c << 1);
223 }
224 for (; i < 8; i++)
225 key[i] = 0;
226
227 DES_set_key_unchecked(&key, &ks);
228 fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1);
229
230 ll = out[0];
231 l2c(ll, b);
232 ll = out[1];
233 l2c(ll, b);
234 y = 0;
235 u = 0x80;
236 bb[8] = 0;
237 for (i = 2; i < 13; i++) {
238 c = 0;
239 for (j = 0; j < 6; j++) {
240 c <<= 1;
241 if (bb[y] & u)
242 c |= 1;
243 u >>= 1;
244 if (!u) {
245 y++;
246 u = 0x80;
247 }
248 }
249 ret[i] = cov_2char[c];
250 }
251 ret[13] = '\0';
252 return (ret);
253}
254LCRYPTO_ALIAS(DES_fcrypt);
diff --git a/src/lib/libcrypto/des/des_key.c b/src/lib/libcrypto/des/des_key.c
deleted file mode 100644
index eee8a7e127..0000000000
--- a/src/lib/libcrypto/des/des_key.c
+++ /dev/null
@@ -1,523 +0,0 @@
1/* $OpenBSD: des_key.c,v 1.1 2024/08/31 15:56:09 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdlib.h>
60
61#include <openssl/crypto.h>
62
63#include "des_local.h"
64
65int DES_check_key = 0; /* defaults to false */
66LCRYPTO_ALIAS(DES_check_key);
67
68static const unsigned char odd_parity[256] = {
69 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
70 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
71 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
72 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
73 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
74 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
75 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, 110,
76 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, 127,
77 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, 143,
78 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, 158,
79 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174,
80 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191,
81 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206,
82 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223,
83 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
84 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, 254,
85};
86
87void
88DES_set_odd_parity(DES_cblock *key)
89{
90 unsigned int i;
91
92 for (i = 0; i < DES_KEY_SZ; i++)
93 (*key)[i] = odd_parity[(*key)[i]];
94}
95LCRYPTO_ALIAS(DES_set_odd_parity);
96
97int
98DES_check_key_parity(const_DES_cblock *key)
99{
100 unsigned int i;
101
102 for (i = 0; i < DES_KEY_SZ; i++) {
103 if ((*key)[i] != odd_parity[(*key)[i]])
104 return (0);
105 }
106 return (1);
107}
108LCRYPTO_ALIAS(DES_check_key_parity);
109
110/* Weak and semi weak keys as taken from
111 * %A D.W. Davies
112 * %A W.L. Price
113 * %T Security for Computer Networks
114 * %I John Wiley & Sons
115 * %D 1984
116 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
117 * (and actual cblock values).
118 */
119#define NUM_WEAK_KEY 16
120static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
121 /* weak keys */
122 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
123 {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
124 {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
125 {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
126 /* semi-weak keys */
127 {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
128 {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
129 {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
130 {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
131 {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
132 {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
133 {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
134 {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
135 {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
136 {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
137 {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
138 {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1},
139};
140
141int
142DES_is_weak_key(const_DES_cblock *key)
143{
144 unsigned int i;
145
146 for (i = 0; i < NUM_WEAK_KEY; i++)
147 if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
148 return 1;
149 return 0;
150}
151LCRYPTO_ALIAS(DES_is_weak_key);
152
153/* NOW DEFINED IN des_local.h
154 * See ecb_encrypt.c for a pseudo description of these macros.
155 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
156 * (b)^=(t),\
157 * (a)=((a)^((t)<<(n))))
158 */
159
160#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)), \
161 (a)=(a)^(t)^(t>>(16-(n))))
162
163static const DES_LONG des_skb[8][64] = {
164 {
165 /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
166 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
167 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
168 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
169 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
170 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
171 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
172 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
173 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
174 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
175 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
176 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
177 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
178 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
179 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
180 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
181 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
182 }, {
183 /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
184 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
185 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
186 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
187 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
188 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
189 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
190 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
191 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
192 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
193 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
194 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
195 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
196 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
197 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
198 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
199 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
200 }, {
201 /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
202 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
203 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
204 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
205 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
206 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
207 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
208 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
209 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
210 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
211 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
212 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
213 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
214 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
215 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
216 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
217 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
218 }, {
219 /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
220 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
221 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
222 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
223 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
224 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
225 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
226 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
227 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
228 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
229 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
230 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
231 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
232 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
233 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
234 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
235 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
236 }, {
237 /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
238 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
239 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
240 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
241 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
242 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
243 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
244 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
245 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
246 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
247 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
248 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
249 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
250 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
251 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
252 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
253 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
254 }, {
255 /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
256 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
257 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
258 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
259 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
260 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
261 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
262 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
263 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
264 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
265 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
266 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
267 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
268 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
269 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
270 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
271 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
272 }, {
273 /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
274 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
275 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
276 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
277 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
278 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
279 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
280 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
281 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
282 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
283 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
284 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
285 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
286 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
287 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
288 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
289 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
290 }, {
291 /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
292 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
293 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
294 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
295 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
296 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
297 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
298 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
299 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
300 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
301 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
302 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
303 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
304 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
305 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
306 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
307 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
308 },
309};
310
311int
312DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
313{
314 if (DES_check_key) {
315 return DES_set_key_checked(key, schedule);
316 } else {
317 DES_set_key_unchecked(key, schedule);
318 return 0;
319 }
320}
321LCRYPTO_ALIAS(DES_set_key);
322
323/* return 0 if key parity is odd (correct),
324 * return -1 if key parity error,
325 * return -2 if illegal weak key.
326 */
327int
328DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
329{
330 if (!DES_check_key_parity(key))
331 return (-1);
332 if (DES_is_weak_key(key))
333 return (-2);
334 DES_set_key_unchecked(key, schedule);
335 return 0;
336}
337LCRYPTO_ALIAS(DES_set_key_checked);
338
339void
340DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
341{
342 static const int shifts2[16] = {0, 0,1, 1,1, 1,1, 1,0, 1,1, 1,1, 1,1, 0};
343 DES_LONG c, d, t, s, t2;
344 const unsigned char *in;
345 DES_LONG *k;
346 int i;
347
348 k = &schedule->ks->deslong[0];
349 in = &(*key)[0];
350
351 c2l(in, c);
352 c2l(in, d);
353
354 /* do PC1 in 47 simple operations :-)
355 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
356 * for the inspiration. :-) */
357 PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
358 HPERM_OP(c, t, -2, 0xcccc0000L);
359 HPERM_OP(d, t, -2, 0xcccc0000L);
360 PERM_OP(d, c, t, 1, 0x55555555L);
361 PERM_OP(c, d, t, 8, 0x00ff00ffL);
362 PERM_OP(d, c, t, 1, 0x55555555L);
363 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
364 ((d & 0x00ff0000L) >> 16L)|((c & 0xf0000000L) >> 4L));
365 c &= 0x0fffffffL;
366
367 for (i = 0; i < ITERATIONS; i++) {
368 if (shifts2[i]) {
369 c = ((c >> 2L)|(c << 26L));
370 d = ((d >> 2L)|(d << 26L));
371 } else {
372 c = ((c >> 1L)|(c << 27L));
373 d = ((d >> 1L)|(d << 27L));
374 }
375 c &= 0x0fffffffL;
376 d &= 0x0fffffffL;
377 /* could be a few less shifts but I am to lazy at this
378 * point in time to investigate */
379 s = des_skb[0][(c)&0x3f]|
380 des_skb[1][((c >> 6L) & 0x03)|((c >> 7L) & 0x3c)]|
381 des_skb[2][((c >> 13L) & 0x0f)|((c >> 14L) & 0x30)]|
382 des_skb[3][((c >> 20L) & 0x01)|((c >> 21L) & 0x06) |
383 ((c >> 22L) & 0x38)];
384 t = des_skb[4][(d)&0x3f]|
385 des_skb[5][((d >> 7L) & 0x03)|((d >> 8L) & 0x3c)]|
386 des_skb[6][(d >> 15L) & 0x3f]|
387 des_skb[7][((d >> 21L) & 0x0f)|((d >> 22L) & 0x30)];
388
389 /* table contained 0213 4657 */
390 t2 = ((t << 16L)|(s & 0x0000ffffL)) & 0xffffffffL;
391 *(k++) = ROTATE(t2, 30) & 0xffffffffL;
392
393 t2 = ((s >> 16L)|(t & 0xffff0000L));
394 *(k++) = ROTATE(t2, 26) & 0xffffffffL;
395 }
396}
397LCRYPTO_ALIAS(DES_set_key_unchecked);
398
399int
400DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
401{
402 return (DES_set_key(key, schedule));
403}
404LCRYPTO_ALIAS(DES_key_sched);
405
406int
407DES_random_key(DES_cblock *ret)
408{
409 do {
410 arc4random_buf(ret, sizeof(DES_cblock));
411 DES_set_odd_parity(ret);
412 } while (DES_is_weak_key(ret));
413 return (1);
414}
415LCRYPTO_ALIAS(DES_random_key);
416
417void
418DES_string_to_key(const char *str, DES_cblock *key)
419{
420 DES_key_schedule ks;
421 int i, length;
422 unsigned char j;
423
424 memset(key, 0, 8);
425 length = strlen(str);
426#ifdef OLD_STR_TO_KEY
427 for (i = 0; i < length; i++)
428 (*key)[i % 8] ^= (str[i] << 1);
429#else /* MIT COMPATIBLE */
430 for (i = 0; i < length; i++) {
431 j = str[i];
432 if ((i % 16) < 8)
433 (*key)[i % 8] ^= (j << 1);
434 else {
435 /* Reverse the bit order 05/05/92 eay */
436 j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f);
437 j = ((j << 2) & 0xcc)|((j >> 2) & 0x33);
438 j = ((j << 1) & 0xaa)|((j >> 1) & 0x55);
439 (*key)[7 - (i % 8)] ^= j;
440 }
441 }
442#endif
443 DES_set_odd_parity(key);
444#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
445 if (DES_is_weak_key(key))
446 (*key)[7] ^= 0xF0;
447 DES_set_key(key, &ks);
448#else
449 DES_set_key_unchecked(key, &ks);
450#endif
451 DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
452 explicit_bzero(&ks, sizeof(ks));
453 DES_set_odd_parity(key);
454}
455LCRYPTO_ALIAS(DES_string_to_key);
456
457void
458DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
459{
460 DES_key_schedule ks;
461 int i, length;
462 unsigned char j;
463
464 memset(key1, 0, 8);
465 memset(key2, 0, 8);
466 length = strlen(str);
467#ifdef OLD_STR_TO_KEY
468 if (length <= 8) {
469 for (i = 0; i < length; i++) {
470 (*key2)[i] = (*key1)[i] = (str[i] << 1);
471 }
472 } else {
473 for (i = 0; i < length; i++) {
474 if ((i/8) & 1)
475 (*key2)[i % 8] ^= (str[i] << 1);
476 else
477 (*key1)[i % 8] ^= (str[i] << 1);
478 }
479 }
480#else /* MIT COMPATIBLE */
481 for (i = 0; i < length; i++) {
482 j = str[i];
483 if ((i % 32) < 16) {
484 if ((i % 16) < 8)
485 (*key1)[i % 8] ^= (j << 1);
486 else
487 (*key2)[i % 8] ^= (j << 1);
488 } else {
489 j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f);
490 j = ((j << 2) & 0xcc)|((j >> 2) & 0x33);
491 j = ((j << 1) & 0xaa)|((j >> 1) & 0x55);
492 if ((i % 16) < 8)
493 (*key1)[7 - (i % 8)] ^= j;
494 else
495 (*key2)[7 - (i % 8)] ^= j;
496 }
497 }
498 if (length <= 8)
499 memcpy(key2, key1, 8);
500#endif
501 DES_set_odd_parity(key1);
502 DES_set_odd_parity(key2);
503#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
504 if (DES_is_weak_key(key1))
505 (*key1)[7] ^= 0xF0;
506 DES_set_key(key1, &ks);
507#else
508 DES_set_key_unchecked(key1, &ks);
509#endif
510 DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
511#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
512 if (DES_is_weak_key(key2))
513 (*key2)[7] ^= 0xF0;
514 DES_set_key(key2, &ks);
515#else
516 DES_set_key_unchecked(key2, &ks);
517#endif
518 DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
519 explicit_bzero(&ks, sizeof(ks));
520 DES_set_odd_parity(key1);
521 DES_set_odd_parity(key2);
522}
523LCRYPTO_ALIAS(DES_string_to_2keys);
diff --git a/src/lib/libcrypto/des/des_local.h b/src/lib/libcrypto/des/des_local.h
deleted file mode 100644
index 61bfde7520..0000000000
--- a/src/lib/libcrypto/des/des_local.h
+++ /dev/null
@@ -1,226 +0,0 @@
1/* $OpenBSD: des_local.h,v 1.5 2024/08/31 16:22:18 jsing Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_DES_LOCL_H
60#define HEADER_DES_LOCL_H
61
62#include <math.h>
63#include <stdint.h>
64#include <stdio.h>
65#include <stdlib.h>
66#include <string.h>
67#include <unistd.h>
68
69#include <openssl/opensslconf.h>
70
71#include <openssl/des.h>
72
73__BEGIN_HIDDEN_DECLS
74
75#define ITERATIONS 16
76
77#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
78 l|=((DES_LONG)(*((c)++)))<< 8L, \
79 l|=((DES_LONG)(*((c)++)))<<16L, \
80 l|=((DES_LONG)(*((c)++)))<<24L)
81
82/* NOTE - c is not incremented as per c2l */
83#define c2ln(c,l1,l2,n) { \
84 c+=n; \
85 l1=l2=0; \
86 switch (n) { \
87 case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
88 case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
89 case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
90 case 5: l2|=((DES_LONG)(*(--(c)))); \
91 case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
92 case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
93 case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
94 case 1: l1|=((DES_LONG)(*(--(c)))); \
95 } \
96 }
97
98#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
99 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
100 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
101 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
102
103/* NOTE - c is not incremented as per l2c */
104#define l2cn(l1,l2,c,n) { \
105 c+=n; \
106 switch (n) { \
107 case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff);\
108 case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff);\
109 case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff);\
110 case 5: *(--(c))=(unsigned char)(((l2) )&0xff);\
111 case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff);\
112 case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff);\
113 case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff);\
114 case 1: *(--(c))=(unsigned char)(((l1) )&0xff);\
115 } \
116 }
117
118static inline uint32_t
119ROTATE(uint32_t a, uint32_t n)
120{
121 return (a >> n) + (a << (32 - n));
122}
123
124/* Don't worry about the LOAD_DATA() stuff, that is used by
125 * fcrypt() to add it's little bit to the front */
126
127#ifdef DES_FCRYPT
128
129#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
130 { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
131
132#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
133 t=R^(R>>16L); \
134 u=t&E0; t&=E1; \
135 tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
136 tmp=(t<<16); t^=R^s[S+1]; t^=tmp
137#else
138#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
139#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
140 u=R^s[S ]; \
141 t=R^s[S+1]
142#endif
143
144#define D_ENCRYPT(LL,R,S) { \
145 LOAD_DATA_tmp(R,S,u,t,E0,E1); \
146 t=ROTATE(t,4); \
147 LL^= \
148 DES_SPtrans[0][(u>> 2L)&0x3f]^ \
149 DES_SPtrans[2][(u>>10L)&0x3f]^ \
150 DES_SPtrans[4][(u>>18L)&0x3f]^ \
151 DES_SPtrans[6][(u>>26L)&0x3f]^ \
152 DES_SPtrans[1][(t>> 2L)&0x3f]^ \
153 DES_SPtrans[3][(t>>10L)&0x3f]^ \
154 DES_SPtrans[5][(t>>18L)&0x3f]^ \
155 DES_SPtrans[7][(t>>26L)&0x3f]; }
156
157 /* IP and FP
158 * The problem is more of a geometric problem that random bit fiddling.
159 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
160 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
161 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
162 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
163
164 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
165 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
166 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
167 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
168
169 The output has been subject to swaps of the form
170 0 1 -> 3 1 but the odd and even bits have been put into
171 2 3 2 0
172 different words. The main trick is to remember that
173 t=((l>>size)^r)&(mask);
174 r^=t;
175 l^=(t<<size);
176 can be used to swap and move bits between words.
177
178 So l = 0 1 2 3 r = 16 17 18 19
179 4 5 6 7 20 21 22 23
180 8 9 10 11 24 25 26 27
181 12 13 14 15 28 29 30 31
182 becomes (for size == 2 and mask == 0x3333)
183 t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
184 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
185 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
186 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
187
188 Thanks for hints from Richard Outerbridge - he told me IP&FP
189 could be done in 15 xor, 10 shifts and 5 ands.
190 When I finally started to think of the problem in 2D
191 I first got ~42 operations without xors. When I remembered
192 how to use xors :-) I got it to its final state.
193 */
194#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)), \
195 (b)^=(t), \
196 (a)^=((t)<<(n)))
197
198#define IP(l,r) \
199 { \
200 DES_LONG tt; \
201 PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
202 PERM_OP(l,r,tt,16,0x0000ffffL); \
203 PERM_OP(r,l,tt, 2,0x33333333L); \
204 PERM_OP(l,r,tt, 8,0x00ff00ffL); \
205 PERM_OP(r,l,tt, 1,0x55555555L); \
206 }
207
208#define FP(l,r) \
209 { \
210 DES_LONG tt; \
211 PERM_OP(l,r,tt, 1,0x55555555L); \
212 PERM_OP(r,l,tt, 8,0x00ff00ffL); \
213 PERM_OP(l,r,tt, 2,0x33333333L); \
214 PERM_OP(r,l,tt,16,0x0000ffffL); \
215 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
216 }
217
218extern const DES_LONG DES_SPtrans[8][64];
219
220#ifdef OPENSSL_SMALL_FOOTPRINT
221#undef DES_UNROLL
222#endif
223
224__END_HIDDEN_DECLS
225
226#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-23 22:58:36 +0000