DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
-DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
unsigned char *output, long length, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
int enc);
- void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
- int enc);
void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
the key; it is used to speed the encryption process.
DES_random_key() generates a random key. The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>). If the PRNG
+prior to using this function (see L<rand(3)>). If the PRNG
could not generate a secure key, 0 is returned.
Before a DES key can be used, it must be converted into the
DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
-is ok. The probability that a randomly generated key is weak is
-1/2^52, so it is not really worth checking for them.
+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
+is ok.
The following routines mostly operate on an input and output stream of
I<DES_cblock>s.
DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
three keys. This means that each DES operation inside the CBC mode is
-really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
(via CBC encryption). The last 4 bytes of the checksum are returned
and the complete 8 bytes are placed in I<output>. This function is
used by Kerberos v4. Other applications should use
-L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead.
+L<EVP_DigestInit(3)> etc. instead.
DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
checksum from the input bytes. The algorithm can be iterated over the
default), DES_pcbc_encrypt is used. If set to I<DES_CBC_MODE>
DES_cbc_encrypt is used.
-=head1 NOTES
-
-Single-key DES is insecure due to its short key size. ECB mode is
-not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
-
-The L<evp(3)|evp(3)> library provides higher-level encryption functions.
-
=head1 BUGS
DES_3cbc_encrypt() is flawed and must not be used in applications.
The B<des> library was written to be source code compatible with
the MIT Kerberos library.
-=head1 SEE ALSO
-
-crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
-clashes with older versions of libdes. Compatibility des_ functions
-are provided for a short while, as well as crypt().
-Declarations for these are in <openssl/des_old.h>. There is no DES_
-variant for des_random_seed().
-This will happen to other functions
-as well if they are deemed redundant (des_random_seed() just calls
-RAND_seed() and is present for backward compatibility only), buggy or
-already scheduled for removal.
-
-des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
-des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
-des_quad_cksum(), des_random_key() and des_string_to_key()
-are available in the MIT Kerberos library;
-des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
-are available in newer versions of that library.
-
-des_set_key_checked() and des_set_key_unchecked() were added in
-OpenSSL 0.9.5.
+=head1 NOTES
-des_generate_random_block(), des_init_random_number_generator(),
-des_new_random_key(), des_set_random_generator_seed() and
-des_set_sequence_number() and des_rand_data() are used in newer
-versions of Kerberos but are not implemented here.
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)> etc. instead of calling these
+functions directly.
-des_random_key() generated cryptographically weak random data in
-SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
-MIT library.
+Single-key DES is insecure due to its short key size. ECB mode is
+not suitable for most applications; see L<des_modes(7)>.
-=head1 AUTHOR
+=head1 SEE ALSO
-Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project
-(http://www.openssl.org).
+L<des_modes(7)>,
+L<EVP_EncryptInit(3)>
=cut