DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
-DES_read_password, DES_read_2passwords, DES_read_pw_string,
DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
DES_key_schedule *ks2, DES_key_schedule *ks3,
DES_cblock *ivec, int *num);
- int DES_read_password(DES_cblock *key, const char *prompt, int verify);
- int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
- const char *prompt, int verify);
- int DES_read_pw_string(char *buf, int length, const char *prompt,
- int verify);
-
DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
long length, DES_key_schedule *schedule,
const_DES_cblock *ivec);
the key; it is used to speed the encryption process.
DES_random_key() generates a random key. The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>; for backward
-compatibility the function DES_random_seed() is available as well).
-If the PRNG could not generate a secure key, 0 is returned. In
-earlier versions of the library, DES_random_key() did not generate
-secure keys.
+prior to using this function (see L<rand(3)|rand(3)>). If the PRNG
+could not generate a secure key, 0 is returned.
Before a DES key can be used, it must be converted into the
architecture dependent I<DES_key_schedule> via the
is returned. If the key is a weak key, then -2 is returned. If an
error is returned, the key schedule is not generated.
-DES_set_key() (called DES_key_sched() in the MIT library) works like
+DES_set_key() works like
DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
otherwise like DES_set_key_unchecked(). These functions are available
for compatibility; it is recommended to use a function that does not
depend on a global variable.
-DES_set_odd_parity() (called DES_fixup_key_parity() in the MIT
-library) sets the parity of the passed I<key> to odd.
+DES_set_odd_parity() sets the parity of the passed I<key> to odd.
DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
is ok. The probability that a randomly generated key is weak is
DES_ofb64_encrypt(), using Triple-DES.
The following functions are included in the DES library for
-compatibility with the MIT Kerberos library. DES_read_pw_string()
-is also available under the name EVP_read_pw_string().
-
-DES_read_pw_string() writes the string specified by I<prompt> to
-standard output, turns echo off and reads in input string from the
-terminal. The string is returned in I<buf>, which must have space for
-at least I<length> bytes. If I<verify> is set, the user is asked for
-the password twice and unless the two copies match, an error is
-returned. A return code of -1 indicates a system error, 1 failure due
-to use interaction, and 0 is success.
-
-DES_read_password() does the same and converts the password to a DES
-key by calling DES_string_to_key(); DES_read_2password() operates in
-the same way as DES_read_password() except that it generates two keys
-by using the DES_string_to_2key() function. DES_string_to_key() is
-available for backward compatibility with the MIT library. New
-applications should use a cryptographic hash function. The same
-applies for DES_string_to_2key().
+compatibility with the MIT Kerberos library.
DES_cbc_cksum() produces an 8 byte checksum based on the input stream
(via CBC encryption). The last 4 bytes of the checksum are returned
=head1 NOTES
Single-key DES is insecure due to its short key size. ECB mode is
-not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
+not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
The L<evp(3)|evp(3)> library provides higher-level encryption functions.
and because once you get into pulling bytes input bytes apart things
get ugly!
-DES_read_pw_string() is the most machine/OS dependent function and
-normally generates the most problems when porting this code.
+DES_string_to_key() is available for backward compatibility with the
+MIT library. New applications should use a cryptographic hash function.
+The same applies for DES_string_to_2key().
=head1 CONFORMING TO
=head1 HISTORY
-In OpenSSL 0.9.7, All des_ functions were renamed to DES_ to avoid
+In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
clashes with older versions of libdes. Compatibility des_ functions
are provided for a short while, as well as crypt().
+Declarations for these are in <openssl/des_old.h>. There is no DES_
+variant for des_random_seed().
+This will happen to other functions
+as well if they are deemed redundant (des_random_seed() just calls
+RAND_seed() and is present for backward compatibility only), buggy or
+already scheduled for removal.
des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
-des_quad_cksum(), des_random_key(), des_read_password() and
-des_string_to_key() are available in the MIT Kerberos library;
+des_quad_cksum(), des_random_key() and des_string_to_key()
+are available in the MIT Kerberos library;
des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
are available in newer versions of that library.