X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fcrypto%2Fdes.pod;h=6f0cf1cc5e5f1fc006cdaea404fa8be6e640fe02;hb=64cee65ebc4a5a23d9f6d6f73cb25e78a80af5c2;hp=23f59b670e9a033a108ee798dac9f28504d20ea7;hpb=c2e4f17c1a0d4d5115c6ede9492de1615fe392ac;p=oweals%2Fopenssl.git diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 23f59b670e..6f0cf1cc5e 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -9,7 +9,6 @@ DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, -DES_read_password, DES_read_2passwords, DES_read_pw_string, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption @@ -86,12 +85,6 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num); - int DES_read_password(DES_cblock *key, const char *prompt, int verify); - int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, - const char *prompt, int verify); - int DES_read_pw_string(char *buf, int length, const char *prompt, - int verify); - DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, long length, DES_key_schedule *schedule, const_DES_cblock *ivec); @@ -122,11 +115,8 @@ each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. DES_random_key() generates a random key. The PRNG must be seeded -prior to using this function (see L; for backward -compatibility the function DES_random_seed() is available as well). -If the PRNG could not generate a secure key, 0 is returned. In -earlier versions of the library, DES_random_key() did not generate -secure keys. +prior to using this function (see L). If the PRNG +could not generate a secure key, 0 is returned. Before a DES key can be used, it must be converted into the architecture dependent I via the @@ -137,14 +127,13 @@ and is not a week or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. -DES_set_key() (called DES_key_sched() in the MIT library) works like +DES_set_key() works like DES_set_key_checked() if the I flag is non-zero, otherwise like DES_set_key_unchecked(). These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. -DES_set_odd_parity() (called DES_fixup_key_parity() in the MIT -library) sets the parity of the passed I to odd. +DES_set_odd_parity() sets the parity of the passed I to odd. DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it is ok. The probability that a randomly generated key is weak is @@ -236,24 +225,7 @@ DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as DES_ofb64_encrypt(), using Triple-DES. The following functions are included in the DES library for -compatibility with the MIT Kerberos library. DES_read_pw_string() -is also available under the name EVP_read_pw_string(). - -DES_read_pw_string() writes the string specified by I to -standard output, turns echo off and reads in input string from the -terminal. The string is returned in I, which must have space for -at least I bytes. If I is set, the user is asked for -the password twice and unless the two copies match, an error is -returned. A return code of -1 indicates a system error, 1 failure due -to use interaction, and 0 is success. - -DES_read_password() does the same and converts the password to a DES -key by calling DES_string_to_key(); DES_read_2password() operates in -the same way as DES_read_password() except that it generates two keys -by using the DES_string_to_2key() function. DES_string_to_key() is -available for backward compatibility with the MIT library. New -applications should use a cryptographic hash function. The same -applies for DES_string_to_2key(). +compatibility with the MIT Kerberos library. DES_cbc_cksum() produces an 8 byte checksum based on the input stream (via CBC encryption). The last 4 bytes of the checksum are returned @@ -311,7 +283,7 @@ DES_cbc_encrypt is used. =head1 NOTES Single-key DES is insecure due to its short key size. ECB mode is -not suitable for most applications; see L. +not suitable for most applications; see L. The L library provides higher-level encryption functions. @@ -332,8 +304,9 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! -DES_read_pw_string() is the most machine/OS dependent function and -normally generates the most problems when porting this code. +DES_string_to_key() is available for backward compatibility with the +MIT library. New applications should use a cryptographic hash function. +The same applies for DES_string_to_2key(). =head1 CONFORMING TO @@ -348,14 +321,20 @@ crypt(3), L, L, L =head1 HISTORY -In OpenSSL 0.9.7, All des_ functions were renamed to DES_ to avoid +In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid clashes with older versions of libdes. Compatibility des_ functions are provided for a short while, as well as crypt(). +Declarations for these are in . There is no DES_ +variant for des_random_seed(). +This will happen to other functions +as well if they are deemed redundant (des_random_seed() just calls +RAND_seed() and is present for backward compatibility only), buggy or +already scheduled for removal. des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(), des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(), -des_quad_cksum(), des_random_key(), des_read_password() and -des_string_to_key() are available in the MIT Kerberos library; +des_quad_cksum(), des_random_key() and des_string_to_key() +are available in the MIT Kerberos library; des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key() are available in newer versions of that library.