42 files changed, 9388 insertions, 331 deletions

diff --git a/secure/Makefile b/secure/Makefile
new file mode 100644
index 0000000..344ac69
--- /dev/null
+++ b/secure/Makefile
@@ -0,0 +1,37 @@
+# $FreeBSD$
+
+# lib must be first, or it will not work.  This is because we reference
+# the lib's in the directory where they are built from the binaries we
+# want to build.
+
+MAINTAINER=	markm
+
+SUBDIR= lib usr.bin
+
+SDIR= ${.CURDIR}/..
+
+CODAI=	${MAKE} ${MFLAGS} cleandir; \
+	${MAKE} ${MFLAGS} obj; \
+	${MAKE} ${MFLAGS} depend all install
+
+CODAD=	${MAKE} ${MFLAGS} cleandir; \
+	${MAKE} ${MFLAGS} obj; \
+	${MAKE} ${MFLAGS} depend all distribute
+
+# These are the programs which depend on secure libs
+sprog:
+	cd ${SDIR}/bin/ed; ${CODAI}
+	cd ${SDIR}/sbin/init; ${CODAI}
+
+bootstrap:
+	( cd include; ${MAKE} ${MFLAGS} install )
+	( cd lib; ${MAKE} ${MFLAGS} depend all install )
+	${MAKE} ${MFLAGS} cleandir
+	${MAKE} ${MFLAGS} obj
+	${MAKE} ${MFLAGS} depend all install sprog
+
+help-distribute:	distribute
+	cd ${SDIR}/bin/ed; ${CODAD}
+	cd ${SDIR}/sbin/init; ${CODAD}
+
+.include <bsd.subdir.mk>
diff --git a/secure/Makefile.inc b/secure/Makefile.inc
new file mode 100644
index 0000000..885e72c
--- /dev/null
+++ b/secure/Makefile.inc
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+DISTRIBUTION=des
+
+.if exists(${.CURDIR}/../../lib/libcrypt/obj)
+CRYPTOBJDIR=	${.CURDIR}/../../lib/libcrypt/obj
+.else
+CRYPTOBJDIR=	${.CURDIR}/../../lib/libcrypt
+.endif
diff --git a/secure/lib/Makefile b/secure/lib/Makefile
new file mode 100644
index 0000000..ac99188
--- /dev/null
+++ b/secure/lib/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SUBDIR= libcipher libdes
+
+.include <bsd.subdir.mk>
+
diff --git a/secure/lib/Makefile.inc b/secure/lib/Makefile.inc
new file mode 100644
index 0000000..1410b21
--- /dev/null
+++ b/secure/lib/Makefile.inc
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+.include "${.CURDIR}/../../Makefile.inc"
+.if exists(${.CURDIR}/../../../lib/Makefile.inc)
+.include "${.CURDIR}/../../../lib/Makefile.inc"
+.endif
diff --git a/secure/lib/libcipher/Makefile b/secure/lib/libcipher/Makefile
new file mode 100644
index 0000000..a93667f
--- /dev/null
+++ b/secure/lib/libcipher/Makefile
@@ -0,0 +1,16 @@
+#
+# $FreeBSD$
+#
+
+LIB=		cipher
+SRCS=		crypt.c
+PRECIOUSLIB=	yes
+#NOPROFILE=	yes
+
+MAN3=   cipher.3
+MLINKS= cipher.3 encrypt.3 cipher.3 setkey.3
+MLINKS+=cipher.3 des_cipher.3 cipher.3 des_setkey.3
+
+#SUBDIR=		test
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libcipher/README b/secure/lib/libcipher/README
new file mode 100644
index 0000000..ab8af5a
--- /dev/null
+++ b/secure/lib/libcipher/README
@@ -0,0 +1,98 @@
+
+	FreeSec - NetBSD libcrypt replacement
+
+	  David Burren <davidb@werj.com.au>
+	  Release 1.0, March 1994
+
+    Document ref: $FreeBSD$
+
+
+Description
+===========
+This library is a drop-in replacement for the libcrypt used in U.S. copies
+of NetBSD, duplicating that library's functionality.  A suite of verification
+and benchmark tools is provided.
+
+FreeSec 1.0 is an original implementation of the DES algorithm and the
+crypt(3) interfaces used in Unix-style operating systems.  It was produced
+in Australia and as such is not covered by U.S. export restrictions (at
+least for copies that remain outside the U.S.).
+
+
+History
+=======
+An earlier version of the FreeSec library was built using the UFC-crypt
+package that is distributed as part of the GNU library.  UFC-crypt did not
+support the des_cipher() or des_setkey() functions, nor the new-style
+crypt with long keys.  These were implemented in FreeSec 0.2, but at least
+one bug remained, where encryption would only succeed if either the salt
+or the plaintext was zero.  Because of its heritage FreeSec 0.2 was covered
+by the GNU Library Licence.
+
+FreeSec 1.0 is an original implementation by myself, and has been tested
+against the verification suite I'd been using with FreeSec 0.2 (this is not
+encumbered by any licence).  FreeSec 1.0 is covered by a Berkeley-style
+licence, which better fits into the *BSD hierarchy than the earlier GNU
+licence.
+
+
+Why should you use FreeSec?
+===========================
+FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
+to act as a baseline for encryption functionality.
+
+Some other packages (such as Eric Young's libdes package) are faster and
+more complete than FreeSec, but typically have different licencing
+arrangements.  While some applications will justify the use of these
+packages, the idea here is that everyone should have access to *at least*
+the functionality of FreeSec.
+
+
+Performance of FreeSec 1.0
+==========================
+I compare below the performance of three libcrypt implementations.  As can be
+seen, it's between the U.S. library and UFC-crypt.  While the performance of
+FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
+future versions.  I was interested to note that while UFC-crypt is faster on
+a 386, hardware characteristics can have markedly different effects on each
+implementation.
+
+
+386DX40, 128k cache	| U.S. BSD	| FreeSec 1.0	| FreeSec 0.2
+CFLAGS=-O2		|		|		|
+========================+===============+===============+==================
+crypt (alternate keys)	| 317		| 341		| 395
+	crypt/sec	|		|		|
+------------------------+---------------+---------------+------------------
+crypt (constant key)	| 317		| 368		| 436
+	crypt/sec	|		|		|
+------------------------+---------------+---------------+------------------
+des_cipher( , , , 1)	| 6037		| 7459		| 3343
+	blocks/sec	|		|		|
+------------------------+---------------+---------------+------------------
+des_cipher( , , , 25)	| 8871		| 9627		| 15926
+	blocks/sec	|		|		|
+
+Notes:	The results tabled here are the average over 10 runs.
+	The entry/exit code for FreeSec 0.2's des_cipher() is particularly
+	inefficient, thus the anomalous result for single encryptions.
+
+
+As an experiment using a machine with a larger register set and an
+obscenely fast CPU, I obtained the following results:
+
+	60 MHz R4400		| FreeSec 1.0	| FreeSec 0.2
+	========================+=================================
+	crypt (alternate keys)	| 2545		| 2702
+		crypt/sec	|		|
+	------------------------+---------------------------------
+	crypt (constant key)	| 2852		| 2981
+		crypt/sec	|		|
+	------------------------+---------------------------------
+	des_cipher( , , , 1)	| 56443		| 21409
+		blocks/sec	|		|
+	------------------------+---------------------------------
+	des_cipher( , , , 25)	| 82531		| 18276
+		blocks/sec	|		|
+
+Obviously your mileage will vary with your hardware and your compiler...
diff --git a/secure/lib/libcipher/README.FreeBSD b/secure/lib/libcipher/README.FreeBSD
new file mode 100644
index 0000000..2379f73
--- /dev/null
+++ b/secure/lib/libcipher/README.FreeBSD
@@ -0,0 +1,6 @@
+$FreeBSD$
+
+This is FreeSec package for NetBSD,  unchanged for
+FreeBSD, except for the Makefile.
+
+The other stuff in libcrypt will be added in stages!
diff --git a/secure/lib/libcipher/cipher.3 b/secure/lib/libcipher/cipher.3
new file mode 100644
index 0000000..a534fd7
--- /dev/null
+++ b/secure/lib/libcipher/cipher.3
@@ -0,0 +1,150 @@
+.\" FreeSec: libcrypt for NetBSD
+.\"
+.\" Copyright (c) 1994 David Burren
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the author nor the names of other contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd March 9, 1994
+.Dt CIPHER 3
+.Os "FreeSec 1.0"
+.Sh NAME
+.Nm setkey ,
+.Nm encrypt ,
+.Nm des_setkey ,
+.Nm des_cipher ,
+.Nd DES encryption
+.Sh SYNOPSIS
+.Ft int
+.Fn setkey "char *key"
+.Ft int
+.Fn encrypt "char *block" "int flag"
+.Ft int
+.Fn des_setkey "const char *key"
+.Ft int
+.Fn des_cipher "const char *in" "char *out" "long salt" "int count"
+.Sh DESCRIPTION
+The functions,
+.Fn encrypt ,
+.Fn setkey ,
+.Fn des_setkey
+and
+.Fn des_cipher
+provide access to the
+.Tn DES
+algorithm.
+.Fn setkey
+is passed a 64-byte array of binary values (numeric 0 or 1).
+A 56-bit key is extracted from this array by dividing the
+array into groups of 8, and ignoring the last bit in each group.
+That bit is reserved for a byte parity check by DES, but is ignored
+by these functions.
+.Pp
+The
+.Fa block
+argument to
+.Fn encrypt
+is also a 64-byte array of binary values.
+If the value of
+.Fa flag
+is 0,
+.Fa block
+is encrypted otherwise it is decrypted.
+The result is returned in the original array
+.Fa block
+after using the key specified by
+.Fn setkey
+to process it.
+.Pp
+The argument to
+.Fn des_setkey
+is a character array of length 8.
+The least significant bit (the parity bit) in each character is ignored,
+and the remaining bits are concatenated to form a 56-bit key.
+The function
+.Fn des_cipher
+encrypts (or decrypts if
+.Fa count
+is negative) the 64-bits stored in the 8 characters at
+.Fa in
+using
+.Xr abs 3
+of
+.Fa count
+iterations of
+.Tn DES
+and stores the 64-bit result in the 8 characters at
+.Fa out
+(which may be the same as
+.Fa in
+).
+The
+.Fa salt
+introduces disorder in the
+.Tn DES
+algorithm in one of 16777216 or 4096 possible ways
+(ie. with 24 or 12 bits: if bit
+.Em i
+of the
+.Ar salt
+is set, then bits
+.Em i
+and
+.Em i+24
+are swapped in the
+.Tn DES
+E-box output).
+.Pp
+The functions
+.Fn setkey ,
+.Fn encrypt ,
+.Fn des_setkey ,
+and
+.Fn des_cipher
+return 0 on success and 1 on failure.
+.Pp
+The
+.Fn setkey
+and
+.Fn des_setkey
+functions manipulate the same key space.
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr passwd 1 ,
+.Xr crypt 3 ,
+.Xr getpass 3 ,
+.Xr passwd 5
+.Sh HISTORY
+This library (FreeSec 1.0) was developed outside the United States of America
+as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption
+library.
+Users should be aware that this code (and programs staticly linked with it)
+may not be exported from the U.S., although it apparently can be imported.
+.Sh AUTHORS
+.An David Burren Aq davidb@werj.com.au
diff --git a/secure/lib/libcipher/crypt.c b/secure/lib/libcipher/crypt.c
new file mode 100644
index 0000000..4798371
--- /dev/null
+++ b/secure/lib/libcipher/crypt.c
@@ -0,0 +1,623 @@
+/*
+ * FreeSec: libcrypt for NetBSD
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *	B. Schneier, Applied Cryptography: protocols, algorithms,
+ *	and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * ARCHITECTURE ASSUMPTIONS:
+ *	This code assumes that u_longs are 32 bits.  It will probably not
+ *	operate on 64-bit machines without modifications.
+ *	It is assumed that the 8-byte arrays passed by reference can be
+ *	addressed as arrays of u_longs (ie. the CPU is not picky about
+ *	alignment).
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+
+#ifdef DEBUG
+# include <stdio.h>
+#endif
+
+
+static u_char	IP[64] = {
+	58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+	62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+	57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+	61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+
+static u_char	inv_key_perm[64];
+static u_char	u_key_perm[56];
+static u_char	key_perm[56] = {
+	57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+	10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+	63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+	14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+static u_char	key_shifts[16] = {
+	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+static u_char	inv_comp_perm[56];
+static u_char	comp_perm[48] = {
+	14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+	23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static u_char	u_sbox[8][64];
+static u_char	sbox[8][64] = {
+	{
+		14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+		 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+		 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+		15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+	},
+	{
+		15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+		 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+		 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+		13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+	},
+	{
+		10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+		13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+		13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+		 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+	},
+	{
+		 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+		13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+		10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+		 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+	},
+	{
+		 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+		14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+		 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+		11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+	},
+	{
+		12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+		10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+		 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+		 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+	},
+	{
+		 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+		13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+		 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+		 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+	},
+	{
+		13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+		 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+		 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+		 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+	}
+};
+
+static u_char	un_pbox[32];
+static u_char	pbox[32] = {
+	16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+	 2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+static u_long	bits32[32] =
+{
+	0x80000000, 0x40000000, 0x20000000, 0x10000000,
+	0x08000000, 0x04000000, 0x02000000, 0x01000000,
+	0x00800000, 0x00400000, 0x00200000, 0x00100000,
+	0x00080000, 0x00040000, 0x00020000, 0x00010000,
+	0x00008000, 0x00004000, 0x00002000, 0x00001000,
+	0x00000800, 0x00000400, 0x00000200, 0x00000100,
+	0x00000080, 0x00000040, 0x00000020, 0x00000010,
+	0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static u_long	saltbits;
+static long	old_salt;
+static u_long	*bits28, *bits24;
+static u_char	init_perm[64], final_perm[64];
+static u_long	en_keysl[16], en_keysr[16];
+static u_long	de_keysl[16], de_keysr[16];
+static int	des_initialised = 0;
+static u_char	m_sbox[4][4096];
+static u_long	psbox[4][256];
+static u_long	ip_maskl[8][256], ip_maskr[8][256];
+static u_long	fp_maskl[8][256], fp_maskr[8][256];
+static u_long	key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_long	comp_maskl[8][128], comp_maskr[8][128];
+static u_long	old_rawkey0, old_rawkey1;
+
+static u_char	ascii64[] =
+	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*	  0000000000111111111122222222223333333333444444444455555555556666 */
+/*	  0123456789012345678901234567890123456789012345678901234567890123 */
+
+static inline int
+ascii_to_bin(char ch)
+{
+	if (ch > 'z')
+		return(0);
+	if (ch >= 'a')
+		return(ch - 'a' + 38);
+	if (ch > 'Z')
+		return(0);
+	if (ch >= 'A')
+		return(ch - 'A' + 12);
+	if (ch > '9')
+		return(0);
+	if (ch >= '.')
+		return(ch - '.');
+	return(0);
+}
+
+
+static void
+des_init()
+{
+	int	i, j, b, k, inbit, obit;
+	u_long	*p, *il, *ir, *fl, *fr;
+
+	old_rawkey0 = old_rawkey1 = 0L;
+	saltbits = 0L;
+	old_salt = 0L;
+	bits24 = (bits28 = bits32 + 4) + 4;
+
+	/*
+	 * Invert the S-boxes, reordering the input bits.
+	 */
+	for (i = 0; i < 8; i++)
+		for (j = 0; j < 64; j++) {
+			b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+			u_sbox[i][j] = sbox[i][b];
+		}
+
+	/*
+	 * Convert the inverted S-boxes into 4 arrays of 8 bits.
+	 * Each will handle 12 bits of the S-box input.
+	 */
+	for (b = 0; b < 4; b++)
+		for (i = 0; i < 64; i++)
+			for (j = 0; j < 64; j++)
+				m_sbox[b][(i << 6) | j] =
+					(u_sbox[(b << 1)][i] << 4) |
+					u_sbox[(b << 1) + 1][j];
+
+	/*
+	 * Set up the initial & final permutations into a useful form, and
+	 * initialise the inverted key permutation.
+	 */
+	for (i = 0; i < 64; i++) {
+		init_perm[final_perm[i] = IP[i] - 1] = i;
+		inv_key_perm[i] = 255;
+	}
+
+	/*
+	 * Invert the key permutation and initialise the inverted key
+	 * compression permutation.
+	 */
+	for (i = 0; i < 56; i++) {
+		u_key_perm[i] = key_perm[i] - 1;
+		inv_key_perm[key_perm[i] - 1] = i;
+		inv_comp_perm[i] = 255;
+	}
+
+	/*
+	 * Invert the key compression permutation.
+	 */
+	for (i = 0; i < 48; i++) {
+		inv_comp_perm[comp_perm[i] - 1] = i;
+	}
+
+	/*
+	 * Set up the OR-mask arrays for the initial and final permutations,
+	 * and for the key initial and compression permutations.
+	 */
+	for (k = 0; k < 8; k++) {
+		for (i = 0; i < 256; i++) {
+			*(il = &ip_maskl[k][i]) = 0L;
+			*(ir = &ip_maskr[k][i]) = 0L;
+			*(fl = &fp_maskl[k][i]) = 0L;
+			*(fr = &fp_maskr[k][i]) = 0L;
+			for (j = 0; j < 8; j++) {
+				inbit = 8 * k + j;
+				if (i & bits8[j]) {
+					if ((obit = init_perm[inbit]) < 32)
+						*il |= bits32[obit];
+					else
+						*ir |= bits32[obit-32];
+					if ((obit = final_perm[inbit]) < 32)
+						*fl |= bits32[obit];
+					else
+						*fr |= bits32[obit - 32];
+				}
+			}
+		}
+		for (i = 0; i < 128; i++) {
+			*(il = &key_perm_maskl[k][i]) = 0L;
+			*(ir = &key_perm_maskr[k][i]) = 0L;
+			for (j = 0; j < 7; j++) {
+				inbit = 8 * k + j;
+				if (i & bits8[j + 1]) {
+					if ((obit = inv_key_perm[inbit]) == 255)
+						continue;
+					if (obit < 28)
+						*il |= bits28[obit];
+					else
+						*ir |= bits28[obit - 28];
+				}
+			}
+			*(il = &comp_maskl[k][i]) = 0L;
+			*(ir = &comp_maskr[k][i]) = 0L;
+			for (j = 0; j < 7; j++) {
+				inbit = 7 * k + j;
+				if (i & bits8[j + 1]) {
+					if ((obit=inv_comp_perm[inbit]) == 255)
+						continue;
+					if (obit < 24)
+						*il |= bits24[obit];
+					else
+						*ir |= bits24[obit - 24];
+				}
+			}
+		}
+	}
+
+	/*
+	 * Invert the P-box permutation, and convert into OR-masks for
+	 * handling the output of the S-box arrays setup above.
+	 */
+	for (i = 0; i < 32; i++)
+		un_pbox[pbox[i] - 1] = i;
+
+	for (b = 0; b < 4; b++)
+		for (i = 0; i < 256; i++) {
+			*(p = &psbox[b][i]) = 0L;
+			for (j = 0; j < 8; j++) {
+				if (i & bits8[j])
+					*p |= bits32[un_pbox[8 * b + j]];
+			}
+		}
+
+	des_initialised = 1;
+}
+
+
+static void
+setup_salt(long salt)
+{
+	u_long	obit, saltbit;
+	int	i;
+
+	if (salt == old_salt)
+		return;
+	old_salt = salt;
+
+	saltbits = 0L;
+	saltbit = 1;
+	obit = 0x800000;
+	for (i = 0; i < 24; i++) {
+		if (salt & saltbit)
+			saltbits |= obit;
+		saltbit <<= 1;
+		obit >>= 1;
+	}
+}
+
+
+int
+des_setkey(const char *key)
+{
+	u_long	k0, k1, rawkey0, rawkey1;
+	int	shifts, i, b, round;
+
+	if (!des_initialised)
+		des_init();
+
+	rawkey0 = ntohl(*(u_long *) key);
+	rawkey1 = ntohl(*(u_long *) (key + 4));
+
+	if ((rawkey0 | rawkey1)
+	    && rawkey0 == old_rawkey0
+	    && rawkey1 == old_rawkey1) {
+		/*
+		 * Already setup for this key.
+		 * This optimisation fails on a zero key (which is weak and
+		 * has bad parity anyway) in order to simplify the starting
+		 * conditions.
+		 */
+		return(0);
+	}
+	old_rawkey0 = rawkey0;
+	old_rawkey1 = rawkey1;
+
+	/*
+	 *	Do key permutation and split into two 28-bit subkeys.
+	 */
+	k0 = key_perm_maskl[0][rawkey0 >> 25]
+	   | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+	   | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+	   | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+	   | key_perm_maskl[4][rawkey1 >> 25]
+	   | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+	   | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+	   | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+	k1 = key_perm_maskr[0][rawkey0 >> 25]
+	   | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+	   | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+	   | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+	   | key_perm_maskr[4][rawkey1 >> 25]
+	   | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+	   | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+	   | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+	/*
+	 *	Rotate subkeys and do compression permutation.
+	 */
+	shifts = 0;
+	for (round = 0; round < 16; round++) {
+		u_long	t0, t1;
+		int	bit;
+
+		shifts += key_shifts[round];
+
+		t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+		t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+
+		de_keysl[15 - round] =
+		en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+				| comp_maskl[1][(t0 >> 14) & 0x7f]
+				| comp_maskl[2][(t0 >> 7) & 0x7f]
+				| comp_maskl[3][t0 & 0x7f]
+				| comp_maskl[4][(t1 >> 21) & 0x7f]
+				| comp_maskl[5][(t1 >> 14) & 0x7f]
+				| comp_maskl[6][(t1 >> 7) & 0x7f]
+				| comp_maskl[7][t1 & 0x7f];
+
+		de_keysr[15 - round] =
+		en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+				| comp_maskr[1][(t0 >> 14) & 0x7f]
+				| comp_maskr[2][(t0 >> 7) & 0x7f]
+				| comp_maskr[3][t0 & 0x7f]
+				| comp_maskr[4][(t1 >> 21) & 0x7f]
+				| comp_maskr[5][(t1 >> 14) & 0x7f]
+				| comp_maskr[6][(t1 >> 7) & 0x7f]
+				| comp_maskr[7][t1 & 0x7f];
+	}
+	return(0);
+}
+
+
+static int
+do_des(	u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count)
+{
+	/*
+	 *	l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+	 */
+	u_long	mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1;
+	u_long	f, r48l, r48r;
+	int	i, j, b, round;
+
+	if (count == 0) {
+		return(1);
+	} else if (count > 0) {
+		/*
+		 * Encrypting
+		 */
+		kl1 = en_keysl;
+		kr1 = en_keysr;
+	} else {
+		/*
+		 * Decrypting
+		 */
+		count = -count;
+		kl1 = de_keysl;
+		kr1 = de_keysr;
+	}
+
+	/*
+	 *	Do initial permutation (IP).
+	 */
+	l = ip_maskl[0][l_in >> 24]
+	  | ip_maskl[1][(l_in >> 16) & 0xff]
+	  | ip_maskl[2][(l_in >> 8) & 0xff]
+	  | ip_maskl[3][l_in & 0xff]
+	  | ip_maskl[4][r_in >> 24]
+	  | ip_maskl[5][(r_in >> 16) & 0xff]
+	  | ip_maskl[6][(r_in >> 8) & 0xff]
+	  | ip_maskl[7][r_in & 0xff];
+	r = ip_maskr[0][l_in >> 24]
+	  | ip_maskr[1][(l_in >> 16) & 0xff]
+	  | ip_maskr[2][(l_in >> 8) & 0xff]
+	  | ip_maskr[3][l_in & 0xff]
+	  | ip_maskr[4][r_in >> 24]
+	  | ip_maskr[5][(r_in >> 16) & 0xff]
+	  | ip_maskr[6][(r_in >> 8) & 0xff]
+	  | ip_maskr[7][r_in & 0xff];
+
+	while (count--) {
+		/*
+		 * Do each round.
+		 */
+		kl = kl1;
+		kr = kr1;
+		round = 16;
+		while (round--) {
+			/*
+			 * Expand R to 48 bits (simulate the E-box).
+			 */
+			r48l	= ((r & 0x00000001) << 23)
+				| ((r & 0xf8000000) >> 9)
+				| ((r & 0x1f800000) >> 11)
+				| ((r & 0x01f80000) >> 13)
+				| ((r & 0x001f8000) >> 15);
+
+			r48r	= ((r & 0x0001f800) << 7)
+				| ((r & 0x00001f80) << 5)
+				| ((r & 0x000001f8) << 3)
+				| ((r & 0x0000001f) << 1)
+				| ((r & 0x80000000) >> 31);
+			/*
+			 * Do salting for crypt() and friends, and
+			 * XOR with the permuted key.
+			 */
+			f = (r48l ^ r48r) & saltbits;
+			r48l ^= f ^ *kl++;
+			r48r ^= f ^ *kr++;
+			/*
+			 * Do sbox lookups (which shrink it back to 32 bits)
+			 * and do the pbox permutation at the same time.
+			 */
+			f = psbox[0][m_sbox[0][r48l >> 12]]
+			  | psbox[1][m_sbox[1][r48l & 0xfff]]
+			  | psbox[2][m_sbox[2][r48r >> 12]]
+			  | psbox[3][m_sbox[3][r48r & 0xfff]];
+			/*
+			 * Now that we've permuted things, complete f().
+			 */
+			f ^= l;
+			l = r;
+			r = f;
+		}
+		r = l;
+		l = f;
+	}
+	/*
+	 * Do final permutation (inverse of IP).
+	 */
+	*l_out	= fp_maskl[0][l >> 24]
+		| fp_maskl[1][(l >> 16) & 0xff]
+		| fp_maskl[2][(l >> 8) & 0xff]
+		| fp_maskl[3][l & 0xff]
+		| fp_maskl[4][r >> 24]
+		| fp_maskl[5][(r >> 16) & 0xff]
+		| fp_maskl[6][(r >> 8) & 0xff]
+		| fp_maskl[7][r & 0xff];
+	*r_out	= fp_maskr[0][l >> 24]
+		| fp_maskr[1][(l >> 16) & 0xff]
+		| fp_maskr[2][(l >> 8) & 0xff]
+		| fp_maskr[3][l & 0xff]
+		| fp_maskr[4][r >> 24]
+		| fp_maskr[5][(r >> 16) & 0xff]
+		| fp_maskr[6][(r >> 8) & 0xff]
+		| fp_maskr[7][r & 0xff];
+	return(0);
+}
+
+
+int
+des_cipher(const char *in, char *out, long salt, int count)
+{
+	u_long	l_out, r_out, rawl, rawr;
+	int	retval;
+
+	if (!des_initialised)
+		des_init();
+
+	setup_salt(salt);
+
+	rawl = ntohl(*((u_long *) in)++);
+	rawr = ntohl(*((u_long *) in));
+
+	retval = do_des(rawl, rawr, &l_out, &r_out, count);
+
+	*((u_long *) out)++ = htonl(l_out);
+	*((u_long *) out) = htonl(r_out);
+	return(retval);
+}
+
+
+int
+setkey(char *key)
+{
+	int	i, j;
+	u_long	packed_keys[2];
+	u_char	*p;
+
+	p = (u_char *) packed_keys;
+
+	for (i = 0; i < 8; i++) {
+		p[i] = 0;
+		for (j = 0; j < 8; j++)
+			if (*key++ & 1)
+				p[i] |= bits8[j];
+	}
+	return(des_setkey(p));
+}
+
+
+int
+encrypt(char *block, int flag)
+{
+	u_long	io[2];
+	u_char	*p;
+	int	i, j, retval;
+
+	if (!des_initialised)
+		des_init();
+
+	setup_salt(0L);
+	p = block;
+	for (i = 0; i < 2; i++) {
+		io[i] = 0L;
+		for (j = 0; j < 32; j++)
+			if (*p++ & 1)
+				io[i] |= bits32[j];
+	}
+	retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
+	for (i = 0; i < 2; i++)
+		for (j = 0; j < 32; j++)
+			block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
+	return(retval);
+}
+
diff --git a/secure/lib/libcipher/test/Makefile b/secure/lib/libcipher/test/Makefile
new file mode 100644
index 0000000..50ae571
--- /dev/null
+++ b/secure/lib/libcipher/test/Makefile
@@ -0,0 +1,56 @@
+#
+#	Hacked Makefile to compile and run the DES-certification program,
+#	but not install anything.
+#
+# $FreeBSD$
+#
+LIBCRYPT!=cd $(.CURDIR)/..; \
+	printf "xxx:\n\techo \$${.OBJDIR}/libcipher.a\n" | make -r -s -f - xxx
+
+#CFLAGS+= -DHAVE_CRYPT16
+LIBCRYPT+= -lcrypt
+
+TARGETS=cert speedcrypt speeddes
+
+all: ${TARGETS}
+
+test: all testcrypt testencrypt testdes testspeed
+
+testcrypt: cert
+	@./cert -c
+
+testencrypt: cert
+	@./cert -e < ${.CURDIR}/cert.input
+
+testdes: cert
+	@./cert -d < ${.CURDIR}/cert.input
+
+testspeed: cryptspeed desspeed
+
+cryptspeed: speedcrypt
+	@./speedcrypt 30 1
+	@./speedcrypt 30 1
+	@./speedcrypt 30 0
+	@./speedcrypt 30 0
+
+desspeed: speeddes
+	@./speeddes 30 1
+	@./speeddes 30 1
+	@./speeddes 40 25
+	@./speeddes 40 25
+
+cert: cert.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT}
+
+speedcrypt: speedcrypt.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT}
+
+speeddes: speeddes.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o speeddes ${.CURDIR}/speeddes.c ${LIBCRYPT}
+
+clean:
+	rm -f ${TARGETS}
+
+install:
+
+.include <bsd.prog.mk>
diff --git a/secure/lib/libcipher/test/README b/secure/lib/libcipher/test/README
new file mode 100644
index 0000000..eb6b0be
--- /dev/null
+++ b/secure/lib/libcipher/test/README
@@ -0,0 +1,10 @@
+This directory contains test programs to certify DES operation and to
+time the crypt() call (of curiosity value).
+
+Simply type `make test` to run the tests.
+
+The normal `make all` and `make install` that get done during library building
+and installation will build these programs BUT NOT INSTALL THEM.  After all,
+they're only for testing...
+
+- David Burren, January 1994
diff --git a/secure/lib/libcipher/test/cert.c b/secure/lib/libcipher/test/cert.c
new file mode 100644
index 0000000..e9907b9
--- /dev/null
+++ b/secure/lib/libcipher/test/cert.c
@@ -0,0 +1,344 @@
+/*
+ * This DES validation program shipped with FreeSec is derived from that
+ * shipped with UFC-crypt which is apparently derived from one distributed
+ * with Phil Karns PD DES package.
+ *
+ * $FreeBSD$
+ */
+
+#include <stdio.h>
+
+int totfails = 0;
+
+char *crypt();
+#ifdef HAVE_CRYPT16
+char *crypt16();
+#endif /* HAVE_CRYPT16 */
+
+
+static struct crypt_test {
+	char	*key, *setting, *answer;
+} crypt_tests[] = {
+	"foob",			"ar",		"arlEKn0OzVJn.",
+	"holyhooplasbatman!",	"_X.......",	"_X.......N89y2Z.e4WU",
+	"holyhooplasbatman!",	"_X...X...",	"_X...X...rSUDQ5Na/QM",
+	"holyhooplasbatman!",	"_XX..X...",	"_XX..X...P8vb9xU4JAk",
+	"holyhooplasbatman!",	"_XX..XX..",	"_XX..XX..JDs5IlGLqT2",
+	"holyhooplasbatman!",	"_XX..XXa.",	"_XX..XXa.bFVsOnCNh8Y",
+	"holyhooplasbatman!",	"_XXa.X...",	"_XXa.X...Ghsb3QKNaps",
+#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS
+	"holyhooplasbatman!",	"_arararar",	"_ararararNGMzvpNjeCc",
+#endif
+	NULL, NULL, NULL,
+};
+
+
+static struct crypt_test crypt16_tests[] = {
+	"foob",			"ar",		"arxo23jZDD5AYbHbqoy9Dalg",
+	"holyhooplasbatman!",	"ar",		"arU5FRLJ3kxIoedlmyrOelEw",
+	NULL, NULL, NULL
+};
+
+
+void good_bye()
+{
+  if(totfails == 0) {
+    printf(" Passed validation\n");
+    exit(0);
+  } else {
+    printf(" %d failures during validation!!!\n", totfails);
+    exit(1);
+  }
+}
+
+
+void put8(cp)
+char *cp;
+{
+	int i,j,t;
+
+	for(i = 0; i < 8; i++){
+		t = 0;
+		for(j = 0; j < 8; j++)
+			t = t << 1 | *cp++;
+		printf("%02x", t);
+	}
+}
+
+
+void print_bits(bits)
+unsigned char *bits;
+{
+	int	i;
+
+	for (i = 0; i < 8; i++) {
+		printf("%02x", bits[i]);
+	}
+}
+
+
+int parse_line(buff, salt, key, plain, answer)
+char *buff;
+long *salt;
+char *key, *plain, *answer;
+{
+	char *ptr1, *ptr2;
+	int val;
+	int i,j,t;
+
+	/*
+	 * Extract salt
+	 */
+	if (sscanf(buff, "%lu", salt) != 1)
+		return(-1);
+	for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+
+	/*
+	 * Extract key
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*key++ = (t & 1 << (7 - j)) != 0;
+	}
+
+	/*
+	 * Extract plain
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*plain++ = (t & 1 << (7 - j)) != 0;
+	}
+
+	/*
+	 * Extract answer
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*answer++ = (t & 1 << (7 - j)) != 0;
+	}
+	return(0);
+}
+
+/*
+ * Test the setkey and encrypt functions
+ */
+void test_encrypt()
+{
+	char key[64],plain[64],cipher[64],answer[64];
+	char buff[BUFSIZ];
+	unsigned long salt;
+	int i;
+	int test;
+	int fail;
+
+	printf("Testing setkey/encrypt\n");
+
+	for(test=0;fgets(buff, BUFSIZ, stdin);test++){
+
+		/*
+		 * Allow comments.
+		 */
+		if (*buff == '#')
+			continue;
+
+		if ((fail = parse_line(buff, &salt, key, plain, answer)) < 0){
+			printf("test %d garbled (%d)\n", test, fail);
+			continue;
+		}
+
+		if (salt)
+			continue;	/* encrypt has no salt support */
+
+		printf(" K: "); put8(key);
+		printf(" P: "); put8(plain);
+		printf(" C: "); put8(answer);
+
+		setkey(key);
+		for(i = 0; i < 64; i++)
+			cipher[i] = plain[i];
+		encrypt(cipher, 0);
+
+		for(i=0;i<64;i++)
+			if(cipher[i] != answer[i])
+				break;
+		fail = 0;
+		if(i != 64){
+			printf(" Enc FAIL ");
+			put8(cipher);
+			fail++; totfails++;
+		}
+
+		encrypt(cipher, 1);
+
+		for(i=0;i<64;i++)
+			if(cipher[i] != plain[i])
+				break;
+		if(i != 64){
+			printf(" Dec FAIL");
+			fail++; totfails++;
+		}
+
+		if(fail == 0)
+			printf(" OK");
+		printf("\n");
+	}
+}
+
+
+void bytes_to_bits(bytes, bits)
+char *bytes;
+unsigned char *bits;
+{
+	int	i, j;
+
+	for (i = 0; i < 8; i++) {
+		bits[i] = 0;
+		for (j = 0; j < 8; j++) {
+			bits[i] |= (bytes[i*8+j] & 1) << (7 - j);
+		}
+	}
+}
+
+
+/*
+ * Test the des_setkey and des_cipher functions
+ */
+void test_des()
+{
+	char ckey[64], cplain[64], canswer[64];
+	unsigned char key[8], plain[8], cipher[8], answer[8];
+	char buff[BUFSIZ];
+	unsigned long salt;
+	int i;
+	int test;
+	int fail;
+
+	printf("Testing des_setkey/des_cipher\n");
+
+	for(test=0;fgets(buff, BUFSIZ, stdin);test++){
+
+		/*
+		 * Allow comments.
+		 */
+		if (*buff == '#')
+			continue;
+
+		if ((fail = parse_line(buff, &salt, ckey, cplain, canswer)) <0){
+			printf("test %d garbled (%d)\n", test, fail);
+			continue;
+		}
+
+		printf(" S: %06x", salt);
+		printf(" K: "); put8(ckey);
+		printf(" P: "); put8(cplain);
+		printf(" C: "); put8(canswer);
+
+		bytes_to_bits(ckey, key);
+		bytes_to_bits(cplain, plain);
+		bytes_to_bits(canswer, answer);
+		des_setkey(key);
+		des_cipher(plain, cipher, salt, 1);
+
+		for(i = 0; i < 8; i++)
+			if(cipher[i] != answer[i])
+				break;
+		fail = 0;
+		if(i != 8){
+			printf(" Enc FAIL ");
+			print_bits(cipher);
+			fail++; totfails++;
+		}
+
+		des_cipher(cipher, cipher, salt, -1);
+
+		for(i = 0; i < 8; i++)
+			if(cipher[i] != plain[i])
+				break;
+		if(i != 8){
+			printf(" Dec FAIL");
+			fail++; totfails++;
+		}
+
+		if(fail == 0)
+			printf(" OK");
+		printf("\n");
+	}
+}
+
+
+/*
+ *	Test the old-style crypt(), the new-style crypt(), and crypt16().
+ */
+void test_crypt()
+{
+	char	*result;
+	struct crypt_test	*p;
+
+	printf("Testing crypt() family\n");
+
+	for (p = crypt_tests; p->key; p++) {
+		printf(" crypt(\"%s\", \"%s\"), \"%s\" expected",
+			p->key, p->setting, p->answer);
+		fflush(stdout);
+		result = crypt(p->key, p->setting);
+		if(!strcmp(result, p->answer)) {
+			printf(", OK\n");
+		} else {
+			printf("\n  failed (\"%s\")\n", result);
+			totfails++;
+		}
+	}
+
+#ifdef HAVE_CRYPT16
+	for (p = crypt16_tests; p->key; p++) {
+		printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected",
+			p->key, p->setting, p->answer);
+		fflush(stdout);
+		result = crypt16(p->key, p->setting);
+		if(!strcmp(result, p->answer)) {
+			printf(", OK\n");
+		} else {
+			printf("\n  failed (\"%s\")\n", result);
+			totfails++;
+		}
+	}
+#endif /* HAVE_CRYPT16 */
+}
+
+main(argc, argv)
+int argc;
+char *argv[];
+{
+	if(argc < 1 || !strcmp(argv[1], "-e"))
+		test_encrypt();
+	else if(!strcmp(argv[1], "-d"))
+		test_des();
+	else if(!strcmp(argv[1], "-c"))
+		test_crypt();
+	good_bye();
+}
diff --git a/secure/lib/libcipher/test/cert.input b/secure/lib/libcipher/test/cert.input
new file mode 100644
index 0000000..e7c715c
--- /dev/null
+++ b/secure/lib/libcipher/test/cert.input
@@ -0,0 +1,179 @@
+# $FreeBSD$
+#
+# Salt, key, plaintext, ciphertext
+#
+0 0101010101010101 95f8a5e5dd31d900 8000000000000000
+0 0101010101010101 dd7f121ca5015619 4000000000000000
+0 0101010101010101 2e8653104f3834ea 2000000000000000
+0 0101010101010101 4bd388ff6cd81d4f 1000000000000000
+0 0101010101010101 20b9e767b2fb1456 0800000000000000
+0 0101010101010101 55579380d77138ef 0400000000000000
+0 0101010101010101 6cc5defaaf04512f 0200000000000000
+0 0101010101010101 0d9f279ba5d87260 0100000000000000
+0 0101010101010101 d9031b0271bd5a0a 0080000000000000
+0 0101010101010101 424250b37c3dd951 0040000000000000
+0 0101010101010101 b8061b7ecd9a21e5 0020000000000000
+0 0101010101010101 f15d0f286b65bd28 0010000000000000
+0 0101010101010101 add0cc8d6e5deba1 0008000000000000
+0 0101010101010101 e6d5f82752ad63d1 0004000000000000
+0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000
+0 0101010101010101 f356834379d165cd 0001000000000000
+0 0101010101010101 2b9f982f20037fa9 0000800000000000
+0 0101010101010101 889de068a16f0be6 0000400000000000
+0 0101010101010101 e19e275d846a1298 0000200000000000
+0 0101010101010101 329a8ed523d71aec 0000100000000000
+0 0101010101010101 e7fce22557d23c97 0000080000000000
+0 0101010101010101 12a9f5817ff2d65d 0000040000000000
+0 0101010101010101 a484c3ad38dc9c19 0000020000000000
+0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000
+0 0101010101010101 750d079407521363 0000008000000000
+0 0101010101010101 64feed9c724c2faf 0000004000000000
+0 0101010101010101 f02b263b328e2b60 0000002000000000
+0 0101010101010101 9d64555a9a10b852 0000001000000000
+0 0101010101010101 d106ff0bed5255d7 0000000800000000
+0 0101010101010101 e1652c6b138c64a5 0000000400000000
+0 0101010101010101 e428581186ec8f46 0000000200000000
+0 0101010101010101 aeb5f5ede22d1a36 0000000100000000
+0 0101010101010101 e943d7568aec0c5c 0000000080000000
+0 0101010101010101 df98c8276f54b04b 0000000040000000
+0 0101010101010101 b160e4680f6c696f 0000000020000000
+0 0101010101010101 fa0752b07d9c4ab8 0000000010000000
+0 0101010101010101 ca3a2b036dbc8502 0000000008000000
+0 0101010101010101 5e0905517bb59bcf 0000000004000000
+0 0101010101010101 814eeb3b91d90726 0000000002000000
+0 0101010101010101 4d49db1532919c9f 0000000001000000
+0 0101010101010101 25eb5fc3f8cf0621 0000000000800000
+0 0101010101010101 ab6a20c0620d1c6f 0000000000400000
+0 0101010101010101 79e90dbc98f92cca 0000000000200000
+0 0101010101010101 866ecedd8072bb0e 0000000000100000
+0 0101010101010101 8b54536f2f3e64a8 0000000000080000
+0 0101010101010101 ea51d3975595b86b 0000000000040000
+0 0101010101010101 caffc6ac4542de31 0000000000020000
+0 0101010101010101 8dd45a2ddf90796c 0000000000010000
+0 0101010101010101 1029d55e880ec2d0 0000000000008000
+0 0101010101010101 5d86cb23639dbea9 0000000000004000
+0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000
+0 0101010101010101 ce332329248f3228 0000000000001000
+0 0101010101010101 8405d1abe24fb942 0000000000000800
+0 0101010101010101 e643d78090ca4207 0000000000000400
+0 0101010101010101 48221b9937748a23 0000000000000200
+0 0101010101010101 dd7c0bbd61fafd54 0000000000000100
+0 0101010101010101 2fbc291a570db5c4 0000000000000080
+0 0101010101010101 e07c30d7e4e26e12 0000000000000040
+0 0101010101010101 0953e2258e8e90a1 0000000000000020
+0 0101010101010101 5b711bc4ceebf2ee 0000000000000010
+0 0101010101010101 cc083f1e6d9e85f6 0000000000000008
+0 0101010101010101 d2fd8867d50d2dfe 0000000000000004
+0 0101010101010101 06e7ea22ce92708f 0000000000000002
+0 0101010101010101 166b40b44aba4bd6 0000000000000001
+0 8001010101010101 0000000000000000 95a8d72813daa94d
+0 4001010101010101 0000000000000000 0eec1487dd8c26d5
+0 2001010101010101 0000000000000000 7ad16ffb79c45926
+0 1001010101010101 0000000000000000 d3746294ca6a6cf3
+0 0801010101010101 0000000000000000 809f5f873c1fd761
+0 0401010101010101 0000000000000000 c02faffec989d1fc
+0 0201010101010101 0000000000000000 4615aa1d33e72f10
+0 0180010101010101 0000000000000000 2055123350c00858
+0 0140010101010101 0000000000000000 df3b99d6577397c8
+0 0120010101010101 0000000000000000 31fe17369b5288c9
+0 0110010101010101 0000000000000000 dfdd3cc64dae1642
+0 0108010101010101 0000000000000000 178c83ce2b399d94
+0 0104010101010101 0000000000000000 50f636324a9b7f80
+0 0102010101010101 0000000000000000 a8468ee3bc18f06d
+0 0101800101010101 0000000000000000 a2dc9e92fd3cde92
+0 0101400101010101 0000000000000000 cac09f797d031287
+0 0101200101010101 0000000000000000 90ba680b22aeb525
+0 0101100101010101 0000000000000000 ce7a24f350e280b6
+0 0101080101010101 0000000000000000 882bff0aa01a0b87
+0 0101040101010101 0000000000000000 25610288924511c2
+0 0101020101010101 0000000000000000 c71516c29c75d170
+0 0101018001010101 0000000000000000 5199c29a52c9f059
+0 0101014001010101 0000000000000000 c22f0a294a71f29f
+0 0101012001010101 0000000000000000 ee371483714c02ea
+0 0101011001010101 0000000000000000 a81fbd448f9e522f
+0 0101010801010101 0000000000000000 4f644c92e192dfed
+0 0101010401010101 0000000000000000 1afa9a66a6df92ae
+0 0101010201010101 0000000000000000 b3c1cc715cb879d8
+0 0101010180010101 0000000000000000 19d032e64ab0bd8b
+0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc
+0 0101010120010101 0000000000000000 b7265f7f447ac6f3
+0 0101010110010101 0000000000000000 9db73b3c0d163f54
+0 0101010108010101 0000000000000000 8181b65babf4a975
+0 0101010104010101 0000000000000000 93c9b64042eaa240
+0 0101010102010101 0000000000000000 5570530829705592
+0 0101010101800101 0000000000000000 8638809e878787a0
+0 0101010101400101 0000000000000000 41b9a79af79ac208
+0 0101010101200101 0000000000000000 7a9be42f2009a892
+0 0101010101100101 0000000000000000 29038d56ba6d2745
+0 0101010101080101 0000000000000000 5495c6abf1e5df51
+0 0101010101040101 0000000000000000 ae13dbd561488933
+0 0101010101020101 0000000000000000 024d1ffa8904e389
+0 0101010101018001 0000000000000000 d1399712f99bf02e
+0 0101010101014001 0000000000000000 14c1d7c1cffec79e
+0 0101010101012001 0000000000000000 1de5279dae3bed6f
+0 0101010101011001 0000000000000000 e941a33f85501303
+0 0101010101010801 0000000000000000 da99dbbc9a03f379
+0 0101010101010401 0000000000000000 b7fc92f91d8e92e9
+0 0101010101010201 0000000000000000 ae8e5caa3ca04e85
+0 0101010101010180 0000000000000000 9cc62df43b6eed74
+0 0101010101010140 0000000000000000 d863dbb5c59a91a0
+0 0101010101010120 0000000000000000 a1ab2190545b91d7
+0 0101010101010110 0000000000000000 0875041e64c570f7
+0 0101010101010108 0000000000000000 5a594528bebef1cc
+0 0101010101010104 0000000000000000 fcdb3291de21f0c0
+0 0101010101010102 0000000000000000 869efd7f9f265a09
+0 1046913489980131 0000000000000000 88d55e54f54c97b4
+0 1007103489988020 0000000000000000 0c0cc00c83ea48fd
+0 10071034c8980120 0000000000000000 83bc8ef3a6570183
+0 1046103489988020 0000000000000000 df725dcad94ea2e9
+0 1086911519190101 0000000000000000 e652b53b550be8b0
+0 1086911519580101 0000000000000000 af527120c485cbb0
+0 5107b01519580101 0000000000000000 0f04ce393db926d5
+0 1007b01519190101 0000000000000000 c9f00ffc74079067
+0 3107915498080101 0000000000000000 7cfd82a593252b4e
+0 3107919498080101 0000000000000000 cb49a2f9e91363e3
+0 10079115b9080140 0000000000000000 00b588be70d23f56
+0 3107911598080140 0000000000000000 406a9a6ab43399ae
+0 1007d01589980101 0000000000000000 6cb773611dca9ada
+0 9107911589980101 0000000000000000 67fd21c17dbb5d70
+0 9107d01589190101 0000000000000000 9592cb4110430787
+0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3
+0 1007940498190101 0000000000000000 4d102196c914ca16
+0 0107910491190401 0000000000000000 2dfa9f4573594965
+0 0107910491190101 0000000000000000 b46604816c0e0774
+0 0107940491190401 0000000000000000 6e7e6221a4f34e87
+0 19079210981a0101 0000000000000000 aa85e74643233199
+0 1007911998190801 0000000000000000 2e5a19db4d1962d6
+0 10079119981a0801 0000000000000000 23a866a809d30894
+0 1007921098190101 0000000000000000 d812d961f017d320
+0 100791159819010b 0000000000000000 055605816e58608f
+0 1004801598190101 0000000000000000 abd88e8b1b7716f1
+0 1004801598190102 0000000000000000 537ac95be69da1e1
+0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8
+0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d
+0 1002911598190104 0000000000000000 61c79c71921a2ef8
+0 1002911598100201 0000000000000000 e2f5728f0995013c
+0 1002911698100101 0000000000000000 1aeac39a61f0a464
+0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b
+0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271
+0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a
+0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a
+0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095
+0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b
+0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09
+0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a
+0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f
+0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088
+0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77
+0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a
+0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56
+0 025816164629b007 480d39006ee762f2 a1f9915541020b56
+0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556
+0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac
+0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a
+0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41
+0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
+1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60
+57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae
+1 8001010101010101 0000000000000000 f501029f268e45dc
+0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
diff --git a/secure/lib/libcipher/test/speedcrypt.c b/secure/lib/libcipher/test/speedcrypt.c
new file mode 100644
index 0000000..f7507fd
--- /dev/null
+++ b/secure/lib/libcipher/test/speedcrypt.c
@@ -0,0 +1,76 @@
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include <stdio.h>
+
+int		keep_going, count, alternate, seconds;
+struct rusage	prior, now;
+
+void
+finish()
+{
+	keep_going = 0;
+}
+
+
+main(int argc, char *argv[])
+{
+	struct itimerval itv;
+	u_long		msecs, key1[8], key2[8];
+	char		*k1, *k2;
+
+	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
+		seconds = 20;
+
+	if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1)
+		alternate = 0;
+
+	printf ("Running crypt%s for %d seconds of vtime...\n",
+		alternate ? " with alternate keys" : "", seconds);
+
+	bzero(&itv, sizeof (itv));
+	signal (SIGVTALRM, finish);
+	itv.it_value.tv_sec = seconds;
+	itv.it_value.tv_usec = 0;
+	setitimer(ITIMER_VIRTUAL, &itv, NULL);
+
+	keep_going = 1;
+	if (getrusage(0, &prior) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+
+	k1 = (char *) key1;
+	k2 = (char *) key2;
+	strcpy(k1, "fredfredfredfredfred");
+	strcpy(k2, "joejoejoejoejoejoejo");
+
+	if (alternate)
+		for (count = 0; keep_going; count++)
+		{
+#if defined(LONGCRYPT)
+			crypt((count & 1) ? k1 : k2, "_ara.X...");
+#else
+			crypt((count & 1) ? k1 : k2, "eek");
+#endif
+		}
+	else
+		for (count = 0; keep_going; count++)
+		{
+#if defined(LONGCRYPT)
+			crypt(k1, "_ara.X...");
+#else
+			crypt(k1, "eek");
+#endif
+		}
+
+	if (getrusage(0, &now) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
+	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
+	printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs);
+	exit(0);
+}
diff --git a/secure/lib/libcipher/test/speeddes.c b/secure/lib/libcipher/test/speeddes.c
new file mode 100644
index 0000000..a582236
--- /dev/null
+++ b/secure/lib/libcipher/test/speeddes.c
@@ -0,0 +1,61 @@
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include <stdio.h>
+
+int		keep_going, count, alternate, seconds, iters;
+struct rusage	prior, now;
+u_long		block[3];
+char		*blk;
+
+void
+finish()
+{
+	keep_going = 0;
+}
+
+
+main(int argc, char *argv[])
+{
+	struct itimerval itv;
+	u_long	msecs;
+
+	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
+		seconds = 20;
+
+	if (argc < 3 || sscanf(argv[2], "%d", &iters) != 1)
+		iters = 1;
+
+	printf ("Running des_cipher( , , 0L, %d) for %d seconds of vtime...\n",
+		iters, seconds);
+
+	bzero(&itv, sizeof (itv));
+	signal (SIGVTALRM, finish);
+	itv.it_value.tv_sec = seconds;
+	itv.it_value.tv_usec = 0;
+	setitimer(ITIMER_VIRTUAL, &itv, NULL);
+
+	keep_going = 1;
+	if (getrusage(0, &prior) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+
+	blk = (char *) block;
+	(void)des_setkey(blk);
+	for (count = 0; keep_going; count++)
+		(void) des_cipher(blk, blk, 0, iters);
+
+	if (getrusage(0, &now) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+
+	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
+	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
+	printf ("Did %d encryptions per second, each of %d iteration(s).\n",
+		1000 * count / msecs, iters);
+	printf ("\tTotal %d blocks per second.\n", (1000*iters*count)/msecs);
+	exit(0);
+}
diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile
new file mode 100644
index 0000000..3d3a907
--- /dev/null
+++ b/secure/lib/libcrypt/Makefile
@@ -0,0 +1,61 @@
+#
+# $FreeBSD$
+#
+
+LCRYPTBASE=     libcrypt
+LDCRYPTBASE=    libdescrypt
+
+.if ${OBJFORMAT} != elf
+LCRYPTSO=       $(LCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+LDCRYPTSO=      $(LDCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+.else
+LCRYPTSO=       $(LCRYPTBASE).so.$(SHLIB_MAJOR)
+LDCRYPTSO=      $(LDCRYPTBASE).so.$(SHLIB_MAJOR)
+.endif
+
+.PATH:	${.CURDIR}/../../../lib/libmd
+
+LIB=	descrypt
+SRCS=	crypt.c crypt-md5.c md5c.c
+MAN3=	crypt.3
+CFLAGS+=	-I${.CURDIR}/../../../lib/libmd -Wall
+PRECIOUSLIB=	yes
+
+.if ${OBJFORMAT} == elf
+SONAME=	${LCRYPTBASE}.so.$(SHLIB_MAJOR)
+.endif
+
+test:
+	cd test ; make test ; make clean
+
+.include <bsd.lib.mk>
+
+# We only install the links if they do not already exist.
+# This may have to be revised
+afterinstall:
+.if !defined(NOPIC) && defined(SHLIB_MAJOR)
+	@cd $(DESTDIR)/$(LIBDIR); \
+	if [ ! -e $(LCRYPTSO) ]; then \
+	rm -f $(LCRYPTSO); \
+	ln -sf $(LDCRYPTSO) $(LCRYPTSO); \
+	fi
+.endif
+.if !defined(NOPIC) && defined(SHLIB_MAJOR) && ${OBJFORMAT} == elf
+	@cd $(DESTDIR)/$(LIBDIR); \
+	if [ ! -e $(LCRYPTBASE).so ]; then \
+	rm -f $(LCRYPTBASE).so; \
+	ln -sf $(LDCRYPTBASE).so libcrypt.so; \
+	fi
+.endif
+	@cd  $(DESTDIR)/$(LIBDIR); \
+	if [ ! -e $(LCRYPTBASE).a ]; then \
+	rm -f $(LCRYPTBASE).a; \
+	ln -sf $(LDCRYPTBASE).a libcrypt.a; \
+	fi
+.if !defined(NOPROFILE)
+	@cd  $(DESTDIR)/$(LIBDIR); \
+	if [ ! -e $(LCRYPTBASE)_p.a ]; then \
+	rm -f $(LCRYPTBASE)_p.a; \
+	ln -sf $(LDCRYPTBASE)_p.a libcrypt_p.a; \
+	fi
+.endif
diff --git a/secure/lib/libcrypt/README b/secure/lib/libcrypt/README
new file mode 100644
index 0000000..ab8af5a
--- /dev/null
+++ b/secure/lib/libcrypt/README
@@ -0,0 +1,98 @@
+
+	FreeSec - NetBSD libcrypt replacement
+
+	  David Burren <davidb@werj.com.au>
+	  Release 1.0, March 1994
+
+    Document ref: $FreeBSD$
+
+
+Description
+===========
+This library is a drop-in replacement for the libcrypt used in U.S. copies
+of NetBSD, duplicating that library's functionality.  A suite of verification
+and benchmark tools is provided.
+
+FreeSec 1.0 is an original implementation of the DES algorithm and the
+crypt(3) interfaces used in Unix-style operating systems.  It was produced
+in Australia and as such is not covered by U.S. export restrictions (at
+least for copies that remain outside the U.S.).
+
+
+History
+=======
+An earlier version of the FreeSec library was built using the UFC-crypt
+package that is distributed as part of the GNU library.  UFC-crypt did not
+support the des_cipher() or des_setkey() functions, nor the new-style
+crypt with long keys.  These were implemented in FreeSec 0.2, but at least
+one bug remained, where encryption would only succeed if either the salt
+or the plaintext was zero.  Because of its heritage FreeSec 0.2 was covered
+by the GNU Library Licence.
+
+FreeSec 1.0 is an original implementation by myself, and has been tested
+against the verification suite I'd been using with FreeSec 0.2 (this is not
+encumbered by any licence).  FreeSec 1.0 is covered by a Berkeley-style
+licence, which better fits into the *BSD hierarchy than the earlier GNU
+licence.
+
+
+Why should you use FreeSec?
+===========================
+FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
+to act as a baseline for encryption functionality.
+
+Some other packages (such as Eric Young's libdes package) are faster and
+more complete than FreeSec, but typically have different licencing
+arrangements.  While some applications will justify the use of these
+packages, the idea here is that everyone should have access to *at least*
+the functionality of FreeSec.
+
+
+Performance of FreeSec 1.0
+==========================
+I compare below the performance of three libcrypt implementations.  As can be
+seen, it's between the U.S. library and UFC-crypt.  While the performance of
+FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
+future versions.  I was interested to note that while UFC-crypt is faster on
+a 386, hardware characteristics can have markedly different effects on each
+implementation.
+
+
+386DX40, 128k cache	| U.S. BSD	| FreeSec 1.0	| FreeSec 0.2
+CFLAGS=-O2		|		|		|
+========================+===============+===============+==================
+crypt (alternate keys)	| 317		| 341		| 395
+	crypt/sec	|		|		|
+------------------------+---------------+---------------+------------------
+crypt (constant key)	| 317		| 368		| 436
+	crypt/sec	|		|		|
+------------------------+---------------+---------------+------------------
+des_cipher( , , , 1)	| 6037		| 7459		| 3343
+	blocks/sec	|		|		|
+------------------------+---------------+---------------+------------------
+des_cipher( , , , 25)	| 8871		| 9627		| 15926
+	blocks/sec	|		|		|
+
+Notes:	The results tabled here are the average over 10 runs.
+	The entry/exit code for FreeSec 0.2's des_cipher() is particularly
+	inefficient, thus the anomalous result for single encryptions.
+
+
+As an experiment using a machine with a larger register set and an
+obscenely fast CPU, I obtained the following results:
+
+	60 MHz R4400		| FreeSec 1.0	| FreeSec 0.2
+	========================+=================================
+	crypt (alternate keys)	| 2545		| 2702
+		crypt/sec	|		|
+	------------------------+---------------------------------
+	crypt (constant key)	| 2852		| 2981
+		crypt/sec	|		|
+	------------------------+---------------------------------
+	des_cipher( , , , 1)	| 56443		| 21409
+		blocks/sec	|		|
+	------------------------+---------------------------------
+	des_cipher( , , , 25)	| 82531		| 18276
+		blocks/sec	|		|
+
+Obviously your mileage will vary with your hardware and your compiler...
diff --git a/secure/lib/libcrypt/README.FreeBSD b/secure/lib/libcrypt/README.FreeBSD
new file mode 100644
index 0000000..e940aeb
--- /dev/null
+++ b/secure/lib/libcrypt/README.FreeBSD
@@ -0,0 +1,21 @@
+$FreeBSD$
+
+This is FreeSec package for NetBSD,  unchanged for
+FreeBSD, except for the Makefile.
+
+FreeSec was written by David Burren <davidb@werj.com.au>
+
+A few bugs in the original FreeSec release have been fixed.
+
+In order to make libcrypt binaries exportable from the USA,
+only the symbol _crypt() (later to be changed to ___crypt())
+is exported from libcrypt.
+
+This source code was developed outside the USA, and can be
+obtained outside the USA.
+
+					Geoff Rehmet
+					Rhodes University
+					Grahamstown 
+					South Africa
+					8 August 1994
diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c
new file mode 100644
index 0000000..9e8c5ca
--- /dev/null
+++ b/secure/lib/libcrypt/crypt-des.c
@@ -0,0 +1,697 @@
+/*
+ * FreeSec: libcrypt for NetBSD
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
+ *	crypt.c should now *only* export crypt(), in order to make
+ *	binaries of libcrypt exportable from the USA
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *	B. Schneier, Applied Cryptography: protocols, algorithms,
+ *	and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * ARCHITECTURE ASSUMPTIONS:
+ *	This code assumes that u_longs are 32 bits.  It will probably not
+ *	operate on 64-bit machines without modifications.
+ *	It is assumed that the 8-byte arrays passed by reference can be
+ *	addressed as arrays of u_longs (ie. the CPU is not picky about
+ *	alignment).
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <string.h>
+
+char *crypt_md5(const char *pw, const char *salt);
+
+/* We can't always assume gcc */
+#ifdef __GNUC__
+#define INLINE inline
+#endif
+
+
+static u_char	IP[64] = {
+	58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+	62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+	57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+	61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+
+static u_char	inv_key_perm[64];
+static u_char	u_key_perm[56];
+static u_char	key_perm[56] = {
+	57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+	10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+	63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+	14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+static u_char	key_shifts[16] = {
+	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+static u_char	inv_comp_perm[56];
+static u_char	comp_perm[48] = {
+	14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+	23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static u_char	u_sbox[8][64];
+static u_char	sbox[8][64] = {
+	{
+		14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+		 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+		 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+		15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+	},
+	{
+		15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+		 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+		 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+		13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+	},
+	{
+		10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+		13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+		13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+		 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+	},
+	{
+		 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+		13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+		10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+		 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+	},
+	{
+		 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+		14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+		 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+		11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+	},
+	{
+		12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+		10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+		 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+		 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+	},
+	{
+		 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+		13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+		 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+		 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+	},
+	{
+		13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+		 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+		 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+		 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+	}
+};
+
+static u_char	un_pbox[32];
+static u_char	pbox[32] = {
+	16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+	 2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+static u_long	bits32[32] =
+{
+	0x80000000, 0x40000000, 0x20000000, 0x10000000,
+	0x08000000, 0x04000000, 0x02000000, 0x01000000,
+	0x00800000, 0x00400000, 0x00200000, 0x00100000,
+	0x00080000, 0x00040000, 0x00020000, 0x00010000,
+	0x00008000, 0x00004000, 0x00002000, 0x00001000,
+	0x00000800, 0x00000400, 0x00000200, 0x00000100,
+	0x00000080, 0x00000040, 0x00000020, 0x00000010,
+	0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static u_long	saltbits;
+static long	old_salt;
+static u_long	*bits28, *bits24;
+static u_char	init_perm[64], final_perm[64];
+static u_long	en_keysl[16], en_keysr[16];
+static u_long	de_keysl[16], de_keysr[16];
+static int	des_initialised = 0;
+static u_char	m_sbox[4][4096];
+static u_long	psbox[4][256];
+static u_long	ip_maskl[8][256], ip_maskr[8][256];
+static u_long	fp_maskl[8][256], fp_maskr[8][256];
+static u_long	key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_long	comp_maskl[8][128], comp_maskr[8][128];
+static u_long	old_rawkey0, old_rawkey1;
+
+static u_char	ascii64[] =
+	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*	  0000000000111111111122222222223333333333444444444455555555556666 */
+/*	  0123456789012345678901234567890123456789012345678901234567890123 */
+
+static INLINE int
+ascii_to_bin(char ch)
+{
+	if (ch > 'z')
+		return(0);
+	if (ch >= 'a')
+		return(ch - 'a' + 38);
+	if (ch > 'Z')
+		return(0);
+	if (ch >= 'A')
+		return(ch - 'A' + 12);
+	if (ch > '9')
+		return(0);
+	if (ch >= '.')
+		return(ch - '.');
+	return(0);
+}
+
+static void
+des_init()
+{
+	int	i, j, b, k, inbit, obit;
+	u_long	*p, *il, *ir, *fl, *fr;
+
+	old_rawkey0 = old_rawkey1 = 0L;
+	saltbits = 0L;
+	old_salt = 0L;
+	bits24 = (bits28 = bits32 + 4) + 4;
+
+	/*
+	 * Invert the S-boxes, reordering the input bits.
+	 */
+	for (i = 0; i < 8; i++)
+		for (j = 0; j < 64; j++) {
+			b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+			u_sbox[i][j] = sbox[i][b];
+		}
+
+	/*
+	 * Convert the inverted S-boxes into 4 arrays of 8 bits.
+	 * Each will handle 12 bits of the S-box input.
+	 */
+	for (b = 0; b < 4; b++)
+		for (i = 0; i < 64; i++)
+			for (j = 0; j < 64; j++)
+				m_sbox[b][(i << 6) | j] =
+					(u_sbox[(b << 1)][i] << 4) |
+					u_sbox[(b << 1) + 1][j];
+
+	/*
+	 * Set up the initial & final permutations into a useful form, and
+	 * initialise the inverted key permutation.
+	 */
+	for (i = 0; i < 64; i++) {
+		init_perm[final_perm[i] = IP[i] - 1] = i;
+		inv_key_perm[i] = 255;
+	}
+
+	/*
+	 * Invert the key permutation and initialise the inverted key
+	 * compression permutation.
+	 */
+	for (i = 0; i < 56; i++) {
+		u_key_perm[i] = key_perm[i] - 1;
+		inv_key_perm[key_perm[i] - 1] = i;
+		inv_comp_perm[i] = 255;
+	}
+
+	/*
+	 * Invert the key compression permutation.
+	 */
+	for (i = 0; i < 48; i++) {
+		inv_comp_perm[comp_perm[i] - 1] = i;
+	}
+
+	/*
+	 * Set up the OR-mask arrays for the initial and final permutations,
+	 * and for the key initial and compression permutations.
+	 */
+	for (k = 0; k < 8; k++) {
+		for (i = 0; i < 256; i++) {
+			*(il = &ip_maskl[k][i]) = 0L;
+			*(ir = &ip_maskr[k][i]) = 0L;
+			*(fl = &fp_maskl[k][i]) = 0L;
+			*(fr = &fp_maskr[k][i]) = 0L;
+			for (j = 0; j < 8; j++) {
+				inbit = 8 * k + j;
+				if (i & bits8[j]) {
+					if ((obit = init_perm[inbit]) < 32)
+						*il |= bits32[obit];
+					else
+						*ir |= bits32[obit-32];
+					if ((obit = final_perm[inbit]) < 32)
+						*fl |= bits32[obit];
+					else
+						*fr |= bits32[obit - 32];
+				}
+			}
+		}
+		for (i = 0; i < 128; i++) {
+			*(il = &key_perm_maskl[k][i]) = 0L;
+			*(ir = &key_perm_maskr[k][i]) = 0L;
+			for (j = 0; j < 7; j++) {
+				inbit = 8 * k + j;
+				if (i & bits8[j + 1]) {
+					if ((obit = inv_key_perm[inbit]) == 255)
+						continue;
+					if (obit < 28)
+						*il |= bits28[obit];
+					else
+						*ir |= bits28[obit - 28];
+				}
+			}
+			*(il = &comp_maskl[k][i]) = 0L;
+			*(ir = &comp_maskr[k][i]) = 0L;
+			for (j = 0; j < 7; j++) {
+				inbit = 7 * k + j;
+				if (i & bits8[j + 1]) {
+					if ((obit=inv_comp_perm[inbit]) == 255)
+						continue;
+					if (obit < 24)
+						*il |= bits24[obit];
+					else
+						*ir |= bits24[obit - 24];
+				}
+			}
+		}
+	}
+
+	/*
+	 * Invert the P-box permutation, and convert into OR-masks for
+	 * handling the output of the S-box arrays setup above.
+	 */
+	for (i = 0; i < 32; i++)
+		un_pbox[pbox[i] - 1] = i;
+
+	for (b = 0; b < 4; b++)
+		for (i = 0; i < 256; i++) {
+			*(p = &psbox[b][i]) = 0L;
+			for (j = 0; j < 8; j++) {
+				if (i & bits8[j])
+					*p |= bits32[un_pbox[8 * b + j]];
+			}
+		}
+
+	des_initialised = 1;
+}
+
+static void
+setup_salt(long salt)
+{
+	u_long	obit, saltbit;
+	int	i;
+
+	if (salt == old_salt)
+		return;
+	old_salt = salt;
+
+	saltbits = 0L;
+	saltbit = 1;
+	obit = 0x800000;
+	for (i = 0; i < 24; i++) {
+		if (salt & saltbit)
+			saltbits |= obit;
+		saltbit <<= 1;
+		obit >>= 1;
+	}
+}
+
+static int
+des_setkey(const char *key)
+{
+	u_long	k0, k1, rawkey0, rawkey1;
+	int	shifts, round;
+
+	if (!des_initialised)
+		des_init();
+
+	rawkey0 = ntohl(*(u_long *) key);
+	rawkey1 = ntohl(*(u_long *) (key + 4));
+
+	if ((rawkey0 | rawkey1)
+	    && rawkey0 == old_rawkey0
+	    && rawkey1 == old_rawkey1) {
+		/*
+		 * Already setup for this key.
+		 * This optimisation fails on a zero key (which is weak and
+		 * has bad parity anyway) in order to simplify the starting
+		 * conditions.
+		 */
+		return(0);
+	}
+	old_rawkey0 = rawkey0;
+	old_rawkey1 = rawkey1;
+
+	/*
+	 *	Do key permutation and split into two 28-bit subkeys.
+	 */
+	k0 = key_perm_maskl[0][rawkey0 >> 25]
+	   | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+	   | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+	   | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+	   | key_perm_maskl[4][rawkey1 >> 25]
+	   | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+	   | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+	   | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+	k1 = key_perm_maskr[0][rawkey0 >> 25]
+	   | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+	   | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+	   | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+	   | key_perm_maskr[4][rawkey1 >> 25]
+	   | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+	   | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+	   | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+	/*
+	 *	Rotate subkeys and do compression permutation.
+	 */
+	shifts = 0;
+	for (round = 0; round < 16; round++) {
+		u_long	t0, t1;
+
+		shifts += key_shifts[round];
+
+		t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+		t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+
+		de_keysl[15 - round] =
+		en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+				| comp_maskl[1][(t0 >> 14) & 0x7f]
+				| comp_maskl[2][(t0 >> 7) & 0x7f]
+				| comp_maskl[3][t0 & 0x7f]
+				| comp_maskl[4][(t1 >> 21) & 0x7f]
+				| comp_maskl[5][(t1 >> 14) & 0x7f]
+				| comp_maskl[6][(t1 >> 7) & 0x7f]
+				| comp_maskl[7][t1 & 0x7f];
+
+		de_keysr[15 - round] =
+		en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+				| comp_maskr[1][(t0 >> 14) & 0x7f]
+				| comp_maskr[2][(t0 >> 7) & 0x7f]
+				| comp_maskr[3][t0 & 0x7f]
+				| comp_maskr[4][(t1 >> 21) & 0x7f]
+				| comp_maskr[5][(t1 >> 14) & 0x7f]
+				| comp_maskr[6][(t1 >> 7) & 0x7f]
+				| comp_maskr[7][t1 & 0x7f];
+	}
+	return(0);
+}
+
+static int
+do_des(	u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count)
+{
+	/*
+	 *	l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+	 */
+	u_long	l, r, *kl, *kr, *kl1, *kr1;
+	u_long	f, r48l, r48r;
+	int	round;
+
+	if (count == 0) {
+		return(1);
+	} else if (count > 0) {
+		/*
+		 * Encrypting
+		 */
+		kl1 = en_keysl;
+		kr1 = en_keysr;
+	} else {
+		/*
+		 * Decrypting
+		 */
+		count = -count;
+		kl1 = de_keysl;
+		kr1 = de_keysr;
+	}
+
+	/*
+	 *	Do initial permutation (IP).
+	 */
+	l = ip_maskl[0][l_in >> 24]
+	  | ip_maskl[1][(l_in >> 16) & 0xff]
+	  | ip_maskl[2][(l_in >> 8) & 0xff]
+	  | ip_maskl[3][l_in & 0xff]
+	  | ip_maskl[4][r_in >> 24]
+	  | ip_maskl[5][(r_in >> 16) & 0xff]
+	  | ip_maskl[6][(r_in >> 8) & 0xff]
+	  | ip_maskl[7][r_in & 0xff];
+	r = ip_maskr[0][l_in >> 24]
+	  | ip_maskr[1][(l_in >> 16) & 0xff]
+	  | ip_maskr[2][(l_in >> 8) & 0xff]
+	  | ip_maskr[3][l_in & 0xff]
+	  | ip_maskr[4][r_in >> 24]
+	  | ip_maskr[5][(r_in >> 16) & 0xff]
+	  | ip_maskr[6][(r_in >> 8) & 0xff]
+	  | ip_maskr[7][r_in & 0xff];
+
+	while (count--) {
+		/*
+		 * Do each round.
+		 */
+		kl = kl1;
+		kr = kr1;
+		round = 16;
+		while (round--) {
+			/*
+			 * Expand R to 48 bits (simulate the E-box).
+			 */
+			r48l	= ((r & 0x00000001) << 23)
+				| ((r & 0xf8000000) >> 9)
+				| ((r & 0x1f800000) >> 11)
+				| ((r & 0x01f80000) >> 13)
+				| ((r & 0x001f8000) >> 15);
+
+			r48r	= ((r & 0x0001f800) << 7)
+				| ((r & 0x00001f80) << 5)
+				| ((r & 0x000001f8) << 3)
+				| ((r & 0x0000001f) << 1)
+				| ((r & 0x80000000) >> 31);
+			/*
+			 * Do salting for crypt() and friends, and
+			 * XOR with the permuted key.
+			 */
+			f = (r48l ^ r48r) & saltbits;
+			r48l ^= f ^ *kl++;
+			r48r ^= f ^ *kr++;
+			/*
+			 * Do sbox lookups (which shrink it back to 32 bits)
+			 * and do the pbox permutation at the same time.
+			 */
+			f = psbox[0][m_sbox[0][r48l >> 12]]
+			  | psbox[1][m_sbox[1][r48l & 0xfff]]
+			  | psbox[2][m_sbox[2][r48r >> 12]]
+			  | psbox[3][m_sbox[3][r48r & 0xfff]];
+			/*
+			 * Now that we've permuted things, complete f().
+			 */
+			f ^= l;
+			l = r;
+			r = f;
+		}
+		r = l;
+		l = f;
+	}
+	/*
+	 * Do final permutation (inverse of IP).
+	 */
+	*l_out	= fp_maskl[0][l >> 24]
+		| fp_maskl[1][(l >> 16) & 0xff]
+		| fp_maskl[2][(l >> 8) & 0xff]
+		| fp_maskl[3][l & 0xff]
+		| fp_maskl[4][r >> 24]
+		| fp_maskl[5][(r >> 16) & 0xff]
+		| fp_maskl[6][(r >> 8) & 0xff]
+		| fp_maskl[7][r & 0xff];
+	*r_out	= fp_maskr[0][l >> 24]
+		| fp_maskr[1][(l >> 16) & 0xff]
+		| fp_maskr[2][(l >> 8) & 0xff]
+		| fp_maskr[3][l & 0xff]
+		| fp_maskr[4][r >> 24]
+		| fp_maskr[5][(r >> 16) & 0xff]
+		| fp_maskr[6][(r >> 8) & 0xff]
+		| fp_maskr[7][r & 0xff];
+	return(0);
+}
+
+static int
+des_cipher(const char *in, char *out, long salt, int count)
+{
+	u_long	l_out, r_out, rawl, rawr;
+	int	retval;
+
+	if (!des_initialised)
+		des_init();
+
+	setup_salt(salt);
+
+	rawl = ntohl(*((u_long *) in)++);
+	rawr = ntohl(*((u_long *) in));
+
+	retval = do_des(rawl, rawr, &l_out, &r_out, count);
+
+	*((u_long *) out)++ = htonl(l_out);
+	*((u_long *) out) = htonl(r_out);
+	return(retval);
+}
+
+char *
+crypt(char *key, char *setting)
+{
+	int		i;
+	u_long		count, salt, l, r0, r1, keybuf[2];
+	u_char		*p, *q;
+	static u_char	output[21];
+
+	if (!strncmp(setting, "$1$", 3))
+		return crypt_md5(key, setting);
+
+	if (!des_initialised)
+		des_init();
+
+
+	/*
+	 * Copy the key, shifting each character up by one bit
+	 * and padding with zeros.
+	 */
+	q = (u_char *) keybuf;
+	while (q - (u_char *) keybuf - 8) {
+		if ((*q++ = *key << 1))
+			key++;
+	}
+	if (des_setkey((u_char *) keybuf))
+		return(NULL);
+
+	if (*setting == _PASSWORD_EFMT1) {
+		/*
+		 * "new"-style:
+		 *	setting - underscore, 4 bytes of count, 4 bytes of salt
+		 *	key - unlimited characters
+		 */
+		for (i = 1, count = 0L; i < 5; i++)
+			count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
+
+		for (i = 5, salt = 0L; i < 9; i++)
+			salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
+
+		while (*key) {
+			/*
+			 * Encrypt the key with itself.
+			 */
+			if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1))
+				return(NULL);
+			/*
+			 * And XOR with the next 8 characters of the key.
+			 */
+			q = (u_char *) keybuf;
+			while (q - (u_char *) keybuf - 8 && *key)
+				*q++ ^= *key++ << 1;
+
+			if (des_setkey((u_char *) keybuf))
+				return(NULL);
+		}
+		strncpy(output, setting, 9);
+
+		/*
+		 * Double check that we weren't given a short setting.
+		 * If we were, the above code will probably have created
+		 * wierd values for count and salt, but we don't really care.
+		 * Just make sure the output string doesn't have an extra
+		 * NUL in it.
+		 */
+		output[9] = '\0';
+		p = output + strlen(output);
+	} else {
+		/*
+		 * "old"-style:
+		 *	setting - 2 bytes of salt
+		 *	key - up to 8 characters
+		 */
+		count = 25;
+
+		salt = (ascii_to_bin(setting[1]) << 6)
+		     |  ascii_to_bin(setting[0]);
+
+		output[0] = setting[0];
+		/*
+		 * If the encrypted password that the salt was extracted from
+		 * is only 1 character long, the salt will be corrupted.  We
+		 * need to ensure that the output string doesn't have an extra
+		 * NUL in it!
+		 */
+		output[1] = setting[1] ? setting[1] : output[0];
+
+		p = output + 2;
+	}
+	setup_salt(salt);
+	/*
+	 * Do it.
+	 */
+	if (do_des(0L, 0L, &r0, &r1, count))
+		return(NULL);
+	/*
+	 * Now encode the result...
+	 */
+	l = (r0 >> 8);
+	*p++ = ascii64[(l >> 18) & 0x3f];
+	*p++ = ascii64[(l >> 12) & 0x3f];
+	*p++ = ascii64[(l >> 6) & 0x3f];
+	*p++ = ascii64[l & 0x3f];
+
+	l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+	*p++ = ascii64[(l >> 18) & 0x3f];
+	*p++ = ascii64[(l >> 12) & 0x3f];
+	*p++ = ascii64[(l >> 6) & 0x3f];
+	*p++ = ascii64[l & 0x3f];
+
+	l = r1 << 2;
+	*p++ = ascii64[(l >> 12) & 0x3f];
+	*p++ = ascii64[(l >> 6) & 0x3f];
+	*p++ = ascii64[l & 0x3f];
+	*p = 0;
+
+	return(output);
+}
diff --git a/secure/lib/libcrypt/crypt-md5.c b/secure/lib/libcrypt/crypt-md5.c
new file mode 100644
index 0000000..b10f8ea
--- /dev/null
+++ b/secure/lib/libcrypt/crypt-md5.c
@@ -0,0 +1,158 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ * 
+ * This has had its entry point changed to crypt_md5 for use in 
+ * a dual-personality (DES & MD5) environment)  -- MarkM - Nov 1995
+ *
+ * $FreeBSD$
+ *
+ */
+
+#if 0
+#if defined(LIBC_SCCS) && !defined(lint)
+static const char rcsid[] =
+  "$FreeBSD$";
+#endif /* LIBC_SCCS and not lint */
+#endif
+
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <md5.h>
+
+static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+static void
+to64(s, v, n)
+	char *s;
+	unsigned long v;
+	int n;
+{
+	while (--n >= 0) {
+		*s++ = itoa64[v&0x3f];
+		v >>= 6;
+	}
+}
+
+/*
+ * UNIX password
+ *
+ * Use MD5 for what it is best at...
+ */
+
+char *
+crypt_md5(pw, salt)
+	register const char *pw;
+	register const char *salt;
+{
+	static char	*magic = "$1$";	/*
+						 * This string is magic for
+						 * this algorithm.  Having
+						 * it this way, we can get
+						 * get better later on
+						 */
+	static char     passwd[120], *p;
+	static const char *sp,*ep;
+	unsigned char	final[16];
+	int sl,pl,i,j;
+	MD5_CTX	ctx,ctx1;
+	unsigned long l;
+
+	/* Refine the Salt first */
+	sp = salt;
+
+	/* If it starts with the magic string, then skip that */
+	if(!strncmp(sp,magic,strlen(magic)))
+		sp += strlen(magic);
+
+	/* It stops at the first '$', max 8 chars */
+	for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+		continue;
+
+	/* get the length of the true salt */
+	sl = ep - sp;
+
+	MD5Init(&ctx);
+
+	/* The password first, since that is what is most unknown */
+	MD5Update(&ctx,pw,strlen(pw));
+
+	/* Then our magic string */
+	MD5Update(&ctx,magic,strlen(magic));
+
+	/* Then the raw salt */
+	MD5Update(&ctx,sp,sl);
+
+	/* Then just as many characters of the MD5(pw,salt,pw) */
+	MD5Init(&ctx1);
+	MD5Update(&ctx1,pw,strlen(pw));
+	MD5Update(&ctx1,sp,sl);
+	MD5Update(&ctx1,pw,strlen(pw));
+	MD5Final(final,&ctx1);
+	for(pl = strlen(pw); pl > 0; pl -= 16)
+		MD5Update(&ctx,final,pl>16 ? 16 : pl);
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final,0,sizeof final);
+
+	/* Then something really weird... */
+	for (j=0,i = strlen(pw); i ; i >>= 1)
+		if(i&1)
+		    MD5Update(&ctx, final+j, 1);
+		else
+		    MD5Update(&ctx, pw+j, 1);
+
+	/* Now make the output string */
+	strcpy(passwd,magic);
+	strncat(passwd,sp,sl);
+	strcat(passwd,"$");
+
+	MD5Final(final,&ctx);
+
+	/*
+	 * and now, just to make sure things don't run too fast
+	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * need 30 seconds to build a 1000 entry dictionary...
+	 */
+	for(i=0;i<1000;i++) {
+		MD5Init(&ctx1);
+		if(i & 1)
+			MD5Update(&ctx1,pw,strlen(pw));
+		else
+			MD5Update(&ctx1,final,16);
+
+		if(i % 3)
+			MD5Update(&ctx1,sp,sl);
+
+		if(i % 7)
+			MD5Update(&ctx1,pw,strlen(pw));
+
+		if(i & 1)
+			MD5Update(&ctx1,final,16);
+		else
+			MD5Update(&ctx1,pw,strlen(pw));
+		MD5Final(final,&ctx1);
+	}
+
+	p = passwd + strlen(passwd);
+
+	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
+	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
+	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
+	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
+	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
+	l =                    final[11]                ; to64(p,l,2); p += 2;
+	*p = '\0';
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final,0,sizeof final);
+
+	return passwd;
+}
+
diff --git a/secure/lib/libcrypt/crypt.3 b/secure/lib/libcrypt/crypt.3
new file mode 100644
index 0000000..9726b40
--- /dev/null
+++ b/secure/lib/libcrypt/crypt.3
@@ -0,0 +1,159 @@
+.\" FreeSec: libcrypt for NetBSD
+.\"
+.\" Copyright (c) 1994 David Burren
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the author nor the names of other contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd March 9, 1994
+.Dt CRYPT 3
+.Os "FreeSec 1.0"
+.Sh NAME
+.Nm crypt
+.Nd DES trapdoor encryption
+.Sh SYNOPSIS
+.Ft char
+.Fn *crypt "const char *key" "const char *setting"
+.Sh DESCRIPTION
+The
+.Fn crypt
+function performs password encryption, based on the
+.Tn NBS
+Data Encryption Standard (DES).
+Additional code has been added to deter key search attempts.
+The first argument to
+.Nm crypt
+is a
+.Dv null Ns -terminated
+string, typically a user's typed password.
+The second is in one of three forms:
+if it begins with an underscore (``_'') then an extended format is used
+in interpreting both the the key and the setting, as outlined below.
+if it begins with the string ``$1$'' then an exportable format is used.
+.Ss Extended crypt:
+.Pp
+The
+.Ar key
+is divided into groups of 8 characters (the last group is null-padded)
+and the low-order 7 bits of each each character (56 bits per group) are
+used to form the DES key as follows:
+the first group of 56 bits becomes the initial DES key.
+For each additional group, the XOR of the encryption of the current DES
+key with itself and the group bits becomes the next DES key.
+.Pp
+The setting is a 9-character array consisting of an underscore followed
+by 4 bytes of iteration count and 4 bytes of salt.
+These are encoded as printable characters, 6 bits per character,
+least significant character first.
+The values 0 to 63 are encoded as ``./0-9A-Za-z''.
+This allows 24 bits for both
+.Fa count
+and
+.Fa salt .
+.Ss "Traditional" crypt:
+.Pp
+The first 8 bytes of the key are null-padded, and the low-order 7 bits of
+each character is used to form the 56-bit
+.Tn DES
+key.
+.Pp
+The setting is a 2-character array of the ASCII-encoded salt.
+Thus only 12 bits of
+.Fa salt
+are used.
+.Fa count
+is set to 25.
+.Ss "FreeBSD" or "Exportable" crypt:
+.Pp
+If the salt begins with ``$1$'' then the freely exportable 
+.Tn MD5
+algorithm is used to calculate a hash value, from which the password string
+is generated. The
+.Tn MD5
+derived routine is designed to be time-consuming like the DES based version.
+.Ss Algorithm:
+.Pp
+The
+.Fa salt
+introduces disorder in the
+.Tn DES
+algorithm in one of 16777216 or 4096 possible ways
+(ie. with 24 or 12 bits: if bit
+.Em i
+of the
+.Ar salt
+is set, then bits
+.Em i
+and
+.Em i+24
+are swapped in the
+.Tn DES
+E-box output).
+.Pp
+The DES key is used to encrypt a 64-bit constant using
+.Ar count
+iterations of
+.Tn DES .
+The value returned is a
+.Dv null Ns -terminated
+string, 20 or 13 bytes (plus null) in length, consisting of the
+.Ar setting
+followed by the encoded 64-bit encryption.
+.Pp
+The function
+.Fn crypt
+returns a pointer to the encrypted value on success, and NULL on failure.
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr passwd 1 ,
+.Xr getpass 3 ,
+.Xr passwd 5
+.Sh BUGS
+The
+.Fn crypt
+function returns a pointer to static data, and subsequent calls to
+.Fn crypt
+will modify the same object.
+.Sh HISTORY
+A rotor-based
+.Fn crypt
+function appeared in
+.At v6 .
+The current style
+.Fn crypt
+first appeared in
+.At v7 .
+.Pp
+This library (FreeSec 1.0) was developed outside the United States of America
+as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption
+library.
+Users should be aware that this code (and programs staticly linked with it)
+may not be exported from the U.S., although it apparently can be imported.
+.Sh AUTHORS
+.An David Burren Aq davidb@werj.com.au
diff --git a/secure/lib/libcrypt/crypt.c b/secure/lib/libcrypt/crypt.c
new file mode 100644
index 0000000..9e8c5ca
--- /dev/null
+++ b/secure/lib/libcrypt/crypt.c
@@ -0,0 +1,697 @@
+/*
+ * FreeSec: libcrypt for NetBSD
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
+ *	crypt.c should now *only* export crypt(), in order to make
+ *	binaries of libcrypt exportable from the USA
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *	B. Schneier, Applied Cryptography: protocols, algorithms,
+ *	and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * ARCHITECTURE ASSUMPTIONS:
+ *	This code assumes that u_longs are 32 bits.  It will probably not
+ *	operate on 64-bit machines without modifications.
+ *	It is assumed that the 8-byte arrays passed by reference can be
+ *	addressed as arrays of u_longs (ie. the CPU is not picky about
+ *	alignment).
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <string.h>
+
+char *crypt_md5(const char *pw, const char *salt);
+
+/* We can't always assume gcc */
+#ifdef __GNUC__
+#define INLINE inline
+#endif
+
+
+static u_char	IP[64] = {
+	58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+	62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+	57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+	61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+
+static u_char	inv_key_perm[64];
+static u_char	u_key_perm[56];
+static u_char	key_perm[56] = {
+	57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+	10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+	63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+	14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+static u_char	key_shifts[16] = {
+	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+static u_char	inv_comp_perm[56];
+static u_char	comp_perm[48] = {
+	14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+	23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static u_char	u_sbox[8][64];
+static u_char	sbox[8][64] = {
+	{
+		14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+		 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+		 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+		15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+	},
+	{
+		15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+		 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+		 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+		13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+	},
+	{
+		10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+		13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+		13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+		 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+	},
+	{
+		 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+		13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+		10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+		 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+	},
+	{
+		 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+		14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+		 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+		11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+	},
+	{
+		12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+		10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+		 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+		 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+	},
+	{
+		 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+		13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+		 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+		 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+	},
+	{
+		13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+		 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+		 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+		 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+	}
+};
+
+static u_char	un_pbox[32];
+static u_char	pbox[32] = {
+	16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+	 2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+static u_long	bits32[32] =
+{
+	0x80000000, 0x40000000, 0x20000000, 0x10000000,
+	0x08000000, 0x04000000, 0x02000000, 0x01000000,
+	0x00800000, 0x00400000, 0x00200000, 0x00100000,
+	0x00080000, 0x00040000, 0x00020000, 0x00010000,
+	0x00008000, 0x00004000, 0x00002000, 0x00001000,
+	0x00000800, 0x00000400, 0x00000200, 0x00000100,
+	0x00000080, 0x00000040, 0x00000020, 0x00000010,
+	0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static u_long	saltbits;
+static long	old_salt;
+static u_long	*bits28, *bits24;
+static u_char	init_perm[64], final_perm[64];
+static u_long	en_keysl[16], en_keysr[16];
+static u_long	de_keysl[16], de_keysr[16];
+static int	des_initialised = 0;
+static u_char	m_sbox[4][4096];
+static u_long	psbox[4][256];
+static u_long	ip_maskl[8][256], ip_maskr[8][256];
+static u_long	fp_maskl[8][256], fp_maskr[8][256];
+static u_long	key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_long	comp_maskl[8][128], comp_maskr[8][128];
+static u_long	old_rawkey0, old_rawkey1;
+
+static u_char	ascii64[] =
+	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*	  0000000000111111111122222222223333333333444444444455555555556666 */
+/*	  0123456789012345678901234567890123456789012345678901234567890123 */
+
+static INLINE int
+ascii_to_bin(char ch)
+{
+	if (ch > 'z')
+		return(0);
+	if (ch >= 'a')
+		return(ch - 'a' + 38);
+	if (ch > 'Z')
+		return(0);
+	if (ch >= 'A')
+		return(ch - 'A' + 12);
+	if (ch > '9')
+		return(0);
+	if (ch >= '.')
+		return(ch - '.');
+	return(0);
+}
+
+static void
+des_init()
+{
+	int	i, j, b, k, inbit, obit;
+	u_long	*p, *il, *ir, *fl, *fr;
+
+	old_rawkey0 = old_rawkey1 = 0L;
+	saltbits = 0L;
+	old_salt = 0L;
+	bits24 = (bits28 = bits32 + 4) + 4;
+
+	/*
+	 * Invert the S-boxes, reordering the input bits.
+	 */
+	for (i = 0; i < 8; i++)
+		for (j = 0; j < 64; j++) {
+			b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+			u_sbox[i][j] = sbox[i][b];
+		}
+
+	/*
+	 * Convert the inverted S-boxes into 4 arrays of 8 bits.
+	 * Each will handle 12 bits of the S-box input.
+	 */
+	for (b = 0; b < 4; b++)
+		for (i = 0; i < 64; i++)
+			for (j = 0; j < 64; j++)
+				m_sbox[b][(i << 6) | j] =
+					(u_sbox[(b << 1)][i] << 4) |
+					u_sbox[(b << 1) + 1][j];
+
+	/*
+	 * Set up the initial & final permutations into a useful form, and
+	 * initialise the inverted key permutation.
+	 */
+	for (i = 0; i < 64; i++) {
+		init_perm[final_perm[i] = IP[i] - 1] = i;
+		inv_key_perm[i] = 255;
+	}
+
+	/*
+	 * Invert the key permutation and initialise the inverted key
+	 * compression permutation.
+	 */
+	for (i = 0; i < 56; i++) {
+		u_key_perm[i] = key_perm[i] - 1;
+		inv_key_perm[key_perm[i] - 1] = i;
+		inv_comp_perm[i] = 255;
+	}
+
+	/*
+	 * Invert the key compression permutation.
+	 */
+	for (i = 0; i < 48; i++) {
+		inv_comp_perm[comp_perm[i] - 1] = i;
+	}
+
+	/*
+	 * Set up the OR-mask arrays for the initial and final permutations,
+	 * and for the key initial and compression permutations.
+	 */
+	for (k = 0; k < 8; k++) {
+		for (i = 0; i < 256; i++) {
+			*(il = &ip_maskl[k][i]) = 0L;
+			*(ir = &ip_maskr[k][i]) = 0L;
+			*(fl = &fp_maskl[k][i]) = 0L;
+			*(fr = &fp_maskr[k][i]) = 0L;
+			for (j = 0; j < 8; j++) {
+				inbit = 8 * k + j;
+				if (i & bits8[j]) {
+					if ((obit = init_perm[inbit]) < 32)
+						*il |= bits32[obit];
+					else
+						*ir |= bits32[obit-32];
+					if ((obit = final_perm[inbit]) < 32)
+						*fl |= bits32[obit];
+					else
+						*fr |= bits32[obit - 32];
+				}
+			}
+		}
+		for (i = 0; i < 128; i++) {
+			*(il = &key_perm_maskl[k][i]) = 0L;
+			*(ir = &key_perm_maskr[k][i]) = 0L;
+			for (j = 0; j < 7; j++) {
+				inbit = 8 * k + j;
+				if (i & bits8[j + 1]) {
+					if ((obit = inv_key_perm[inbit]) == 255)
+						continue;
+					if (obit < 28)
+						*il |= bits28[obit];
+					else
+						*ir |= bits28[obit - 28];
+				}
+			}
+			*(il = &comp_maskl[k][i]) = 0L;
+			*(ir = &comp_maskr[k][i]) = 0L;
+			for (j = 0; j < 7; j++) {
+				inbit = 7 * k + j;
+				if (i & bits8[j + 1]) {
+					if ((obit=inv_comp_perm[inbit]) == 255)
+						continue;
+					if (obit < 24)
+						*il |= bits24[obit];
+					else
+						*ir |= bits24[obit - 24];
+				}
+			}
+		}
+	}
+
+	/*
+	 * Invert the P-box permutation, and convert into OR-masks for
+	 * handling the output of the S-box arrays setup above.
+	 */
+	for (i = 0; i < 32; i++)
+		un_pbox[pbox[i] - 1] = i;
+
+	for (b = 0; b < 4; b++)
+		for (i = 0; i < 256; i++) {
+			*(p = &psbox[b][i]) = 0L;
+			for (j = 0; j < 8; j++) {
+				if (i & bits8[j])
+					*p |= bits32[un_pbox[8 * b + j]];
+			}
+		}
+
+	des_initialised = 1;
+}
+
+static void
+setup_salt(long salt)
+{
+	u_long	obit, saltbit;
+	int	i;
+
+	if (salt == old_salt)
+		return;
+	old_salt = salt;
+
+	saltbits = 0L;
+	saltbit = 1;
+	obit = 0x800000;
+	for (i = 0; i < 24; i++) {
+		if (salt & saltbit)
+			saltbits |= obit;
+		saltbit <<= 1;
+		obit >>= 1;
+	}
+}
+
+static int
+des_setkey(const char *key)
+{
+	u_long	k0, k1, rawkey0, rawkey1;
+	int	shifts, round;
+
+	if (!des_initialised)
+		des_init();
+
+	rawkey0 = ntohl(*(u_long *) key);
+	rawkey1 = ntohl(*(u_long *) (key + 4));
+
+	if ((rawkey0 | rawkey1)
+	    && rawkey0 == old_rawkey0
+	    && rawkey1 == old_rawkey1) {
+		/*
+		 * Already setup for this key.
+		 * This optimisation fails on a zero key (which is weak and
+		 * has bad parity anyway) in order to simplify the starting
+		 * conditions.
+		 */
+		return(0);
+	}
+	old_rawkey0 = rawkey0;
+	old_rawkey1 = rawkey1;
+
+	/*
+	 *	Do key permutation and split into two 28-bit subkeys.
+	 */
+	k0 = key_perm_maskl[0][rawkey0 >> 25]
+	   | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+	   | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+	   | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+	   | key_perm_maskl[4][rawkey1 >> 25]
+	   | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+	   | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+	   | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+	k1 = key_perm_maskr[0][rawkey0 >> 25]
+	   | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+	   | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+	   | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+	   | key_perm_maskr[4][rawkey1 >> 25]
+	   | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+	   | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+	   | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+	/*
+	 *	Rotate subkeys and do compression permutation.
+	 */
+	shifts = 0;
+	for (round = 0; round < 16; round++) {
+		u_long	t0, t1;
+
+		shifts += key_shifts[round];
+
+		t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+		t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+
+		de_keysl[15 - round] =
+		en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+				| comp_maskl[1][(t0 >> 14) & 0x7f]
+				| comp_maskl[2][(t0 >> 7) & 0x7f]
+				| comp_maskl[3][t0 & 0x7f]
+				| comp_maskl[4][(t1 >> 21) & 0x7f]
+				| comp_maskl[5][(t1 >> 14) & 0x7f]
+				| comp_maskl[6][(t1 >> 7) & 0x7f]
+				| comp_maskl[7][t1 & 0x7f];
+
+		de_keysr[15 - round] =
+		en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+				| comp_maskr[1][(t0 >> 14) & 0x7f]
+				| comp_maskr[2][(t0 >> 7) & 0x7f]
+				| comp_maskr[3][t0 & 0x7f]
+				| comp_maskr[4][(t1 >> 21) & 0x7f]
+				| comp_maskr[5][(t1 >> 14) & 0x7f]
+				| comp_maskr[6][(t1 >> 7) & 0x7f]
+				| comp_maskr[7][t1 & 0x7f];
+	}
+	return(0);
+}
+
+static int
+do_des(	u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count)
+{
+	/*
+	 *	l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+	 */
+	u_long	l, r, *kl, *kr, *kl1, *kr1;
+	u_long	f, r48l, r48r;
+	int	round;
+
+	if (count == 0) {
+		return(1);
+	} else if (count > 0) {
+		/*
+		 * Encrypting
+		 */
+		kl1 = en_keysl;
+		kr1 = en_keysr;
+	} else {
+		/*
+		 * Decrypting
+		 */
+		count = -count;
+		kl1 = de_keysl;
+		kr1 = de_keysr;
+	}
+
+	/*
+	 *	Do initial permutation (IP).
+	 */
+	l = ip_maskl[0][l_in >> 24]
+	  | ip_maskl[1][(l_in >> 16) & 0xff]
+	  | ip_maskl[2][(l_in >> 8) & 0xff]
+	  | ip_maskl[3][l_in & 0xff]
+	  | ip_maskl[4][r_in >> 24]
+	  | ip_maskl[5][(r_in >> 16) & 0xff]
+	  | ip_maskl[6][(r_in >> 8) & 0xff]
+	  | ip_maskl[7][r_in & 0xff];
+	r = ip_maskr[0][l_in >> 24]
+	  | ip_maskr[1][(l_in >> 16) & 0xff]
+	  | ip_maskr[2][(l_in >> 8) & 0xff]
+	  | ip_maskr[3][l_in & 0xff]
+	  | ip_maskr[4][r_in >> 24]
+	  | ip_maskr[5][(r_in >> 16) & 0xff]
+	  | ip_maskr[6][(r_in >> 8) & 0xff]
+	  | ip_maskr[7][r_in & 0xff];
+
+	while (count--) {
+		/*
+		 * Do each round.
+		 */
+		kl = kl1;
+		kr = kr1;
+		round = 16;
+		while (round--) {
+			/*
+			 * Expand R to 48 bits (simulate the E-box).
+			 */
+			r48l	= ((r & 0x00000001) << 23)
+				| ((r & 0xf8000000) >> 9)
+				| ((r & 0x1f800000) >> 11)
+				| ((r & 0x01f80000) >> 13)
+				| ((r & 0x001f8000) >> 15);
+
+			r48r	= ((r & 0x0001f800) << 7)
+				| ((r & 0x00001f80) << 5)
+				| ((r & 0x000001f8) << 3)
+				| ((r & 0x0000001f) << 1)
+				| ((r & 0x80000000) >> 31);
+			/*
+			 * Do salting for crypt() and friends, and
+			 * XOR with the permuted key.
+			 */
+			f = (r48l ^ r48r) & saltbits;
+			r48l ^= f ^ *kl++;
+			r48r ^= f ^ *kr++;
+			/*
+			 * Do sbox lookups (which shrink it back to 32 bits)
+			 * and do the pbox permutation at the same time.
+			 */
+			f = psbox[0][m_sbox[0][r48l >> 12]]
+			  | psbox[1][m_sbox[1][r48l & 0xfff]]
+			  | psbox[2][m_sbox[2][r48r >> 12]]
+			  | psbox[3][m_sbox[3][r48r & 0xfff]];
+			/*
+			 * Now that we've permuted things, complete f().
+			 */
+			f ^= l;
+			l = r;
+			r = f;
+		}
+		r = l;
+		l = f;
+	}
+	/*
+	 * Do final permutation (inverse of IP).
+	 */
+	*l_out	= fp_maskl[0][l >> 24]
+		| fp_maskl[1][(l >> 16) & 0xff]
+		| fp_maskl[2][(l >> 8) & 0xff]
+		| fp_maskl[3][l & 0xff]
+		| fp_maskl[4][r >> 24]
+		| fp_maskl[5][(r >> 16) & 0xff]
+		| fp_maskl[6][(r >> 8) & 0xff]
+		| fp_maskl[7][r & 0xff];
+	*r_out	= fp_maskr[0][l >> 24]
+		| fp_maskr[1][(l >> 16) & 0xff]
+		| fp_maskr[2][(l >> 8) & 0xff]
+		| fp_maskr[3][l & 0xff]
+		| fp_maskr[4][r >> 24]
+		| fp_maskr[5][(r >> 16) & 0xff]
+		| fp_maskr[6][(r >> 8) & 0xff]
+		| fp_maskr[7][r & 0xff];
+	return(0);
+}
+
+static int
+des_cipher(const char *in, char *out, long salt, int count)
+{
+	u_long	l_out, r_out, rawl, rawr;
+	int	retval;
+
+	if (!des_initialised)
+		des_init();
+
+	setup_salt(salt);
+
+	rawl = ntohl(*((u_long *) in)++);
+	rawr = ntohl(*((u_long *) in));
+
+	retval = do_des(rawl, rawr, &l_out, &r_out, count);
+
+	*((u_long *) out)++ = htonl(l_out);
+	*((u_long *) out) = htonl(r_out);
+	return(retval);
+}
+
+char *
+crypt(char *key, char *setting)
+{
+	int		i;
+	u_long		count, salt, l, r0, r1, keybuf[2];
+	u_char		*p, *q;
+	static u_char	output[21];
+
+	if (!strncmp(setting, "$1$", 3))
+		return crypt_md5(key, setting);
+
+	if (!des_initialised)
+		des_init();
+
+
+	/*
+	 * Copy the key, shifting each character up by one bit
+	 * and padding with zeros.
+	 */
+	q = (u_char *) keybuf;
+	while (q - (u_char *) keybuf - 8) {
+		if ((*q++ = *key << 1))
+			key++;
+	}
+	if (des_setkey((u_char *) keybuf))
+		return(NULL);
+
+	if (*setting == _PASSWORD_EFMT1) {
+		/*
+		 * "new"-style:
+		 *	setting - underscore, 4 bytes of count, 4 bytes of salt
+		 *	key - unlimited characters
+		 */
+		for (i = 1, count = 0L; i < 5; i++)
+			count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
+
+		for (i = 5, salt = 0L; i < 9; i++)
+			salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
+
+		while (*key) {
+			/*
+			 * Encrypt the key with itself.
+			 */
+			if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1))
+				return(NULL);
+			/*
+			 * And XOR with the next 8 characters of the key.
+			 */
+			q = (u_char *) keybuf;
+			while (q - (u_char *) keybuf - 8 && *key)
+				*q++ ^= *key++ << 1;
+
+			if (des_setkey((u_char *) keybuf))
+				return(NULL);
+		}
+		strncpy(output, setting, 9);
+
+		/*
+		 * Double check that we weren't given a short setting.
+		 * If we were, the above code will probably have created
+		 * wierd values for count and salt, but we don't really care.
+		 * Just make sure the output string doesn't have an extra
+		 * NUL in it.
+		 */
+		output[9] = '\0';
+		p = output + strlen(output);
+	} else {
+		/*
+		 * "old"-style:
+		 *	setting - 2 bytes of salt
+		 *	key - up to 8 characters
+		 */
+		count = 25;
+
+		salt = (ascii_to_bin(setting[1]) << 6)
+		     |  ascii_to_bin(setting[0]);
+
+		output[0] = setting[0];
+		/*
+		 * If the encrypted password that the salt was extracted from
+		 * is only 1 character long, the salt will be corrupted.  We
+		 * need to ensure that the output string doesn't have an extra
+		 * NUL in it!
+		 */
+		output[1] = setting[1] ? setting[1] : output[0];
+
+		p = output + 2;
+	}
+	setup_salt(salt);
+	/*
+	 * Do it.
+	 */
+	if (do_des(0L, 0L, &r0, &r1, count))
+		return(NULL);
+	/*
+	 * Now encode the result...
+	 */
+	l = (r0 >> 8);
+	*p++ = ascii64[(l >> 18) & 0x3f];
+	*p++ = ascii64[(l >> 12) & 0x3f];
+	*p++ = ascii64[(l >> 6) & 0x3f];
+	*p++ = ascii64[l & 0x3f];
+
+	l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+	*p++ = ascii64[(l >> 18) & 0x3f];
+	*p++ = ascii64[(l >> 12) & 0x3f];
+	*p++ = ascii64[(l >> 6) & 0x3f];
+	*p++ = ascii64[l & 0x3f];
+
+	l = r1 << 2;
+	*p++ = ascii64[(l >> 12) & 0x3f];
+	*p++ = ascii64[(l >> 6) & 0x3f];
+	*p++ = ascii64[l & 0x3f];
+	*p = 0;
+
+	return(output);
+}
diff --git a/secure/lib/libcrypt/test/Makefile b/secure/lib/libcrypt/test/Makefile
new file mode 100644
index 0000000..0ba817f
--- /dev/null
+++ b/secure/lib/libcrypt/test/Makefile
@@ -0,0 +1,42 @@
+#
+#	Hacked Makefile to compile and run the DES-certification program,
+#	but not install anything.
+#
+# $FreeBSD$
+#
+LIBCRYPT= $(.OBJDIR)/libdescrypt.a
+
+#CFLAGS+= -DHAVE_CRYPT16
+
+TARGETS=cert speedcrypt
+
+all: ${TARGETS}
+
+test: all testcrypt testspeed
+
+testcrypt: cert
+	@./cert -c
+
+testspeed: cryptspeed
+
+cryptspeed: speedcrypt
+	@./speedcrypt 30 1
+	@./speedcrypt 30 1
+	@./speedcrypt 30 0
+	@./speedcrypt 30 0
+
+cert: cert.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT}
+
+speedcrypt: speedcrypt.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT}
+
+
+clean:
+	rm -f ${TARGETS}
+
+install:
+
+obj:
+
+.include <bsd.prog.mk>
diff --git a/secure/lib/libcrypt/test/README b/secure/lib/libcrypt/test/README
new file mode 100644
index 0000000..eb6b0be
--- /dev/null
+++ b/secure/lib/libcrypt/test/README
@@ -0,0 +1,10 @@
+This directory contains test programs to certify DES operation and to
+time the crypt() call (of curiosity value).
+
+Simply type `make test` to run the tests.
+
+The normal `make all` and `make install` that get done during library building
+and installation will build these programs BUT NOT INSTALL THEM.  After all,
+they're only for testing...
+
+- David Burren, January 1994
diff --git a/secure/lib/libcrypt/test/cert.c b/secure/lib/libcrypt/test/cert.c
new file mode 100644
index 0000000..54c606c
--- /dev/null
+++ b/secure/lib/libcrypt/test/cert.c
@@ -0,0 +1,208 @@
+/*
+ * This DES validation program shipped with FreeSec is derived from that
+ * shipped with UFC-crypt which is apparently derived from one distributed
+ * with Phil Karns PD DES package.
+ *
+ * $FreeBSD$
+ */
+
+#include <stdio.h>
+
+int totfails = 0;
+
+char *crypt();
+#ifdef HAVE_CRYPT16
+char *crypt16();
+#endif /* HAVE_CRYPT16 */
+
+
+static struct crypt_test {
+	char	*key, *setting, *answer;
+} crypt_tests[] = {
+	"foob",			"ar",		"arlEKn0OzVJn.",
+	"holyhooplasbatman!",	"_X.......",	"_X.......N89y2Z.e4WU",
+	"holyhooplasbatman!",	"_X...X...",	"_X...X...rSUDQ5Na/QM",
+	"holyhooplasbatman!",	"_XX..X...",	"_XX..X...P8vb9xU4JAk",
+	"holyhooplasbatman!",	"_XX..XX..",	"_XX..XX..JDs5IlGLqT2",
+	"holyhooplasbatman!",	"_XX..XXa.",	"_XX..XXa.bFVsOnCNh8Y",
+	"holyhooplasbatman!",	"_XXa.X...",	"_XXa.X...Ghsb3QKNaps",
+#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS
+	"holyhooplasbatman!",	"_arararar",	"_ararararNGMzvpNjeCc",
+#endif
+	NULL, NULL, NULL,
+};
+
+
+static struct crypt_test crypt16_tests[] = {
+	"foob",			"ar",		"arxo23jZDD5AYbHbqoy9Dalg",
+	"holyhooplasbatman!",	"ar",		"arU5FRLJ3kxIoedlmyrOelEw",
+	NULL, NULL, NULL
+};
+
+
+void good_bye()
+{
+  if(totfails == 0) {
+    printf(" Passed validation\n");
+    exit(0);
+  } else {
+    printf(" %d failures during validation!!!\n", totfails);
+    exit(1);
+  }
+}
+
+
+void put8(cp)
+char *cp;
+{
+	int i,j,t;
+
+	for(i = 0; i < 8; i++){
+		t = 0;
+		for(j = 0; j < 8; j++)
+			t = t << 1 | *cp++;
+		printf("%02x", t);
+	}
+}
+
+
+void print_bits(bits)
+unsigned char *bits;
+{
+	int	i;
+
+	for (i = 0; i < 8; i++) {
+		printf("%02x", bits[i]);
+	}
+}
+
+
+int parse_line(buff, salt, key, plain, answer)
+char *buff;
+long *salt;
+char *key, *plain, *answer;
+{
+	char *ptr1, *ptr2;
+	int val;
+	int i,j,t;
+
+	/*
+	 * Extract salt
+	 */
+	if (sscanf(buff, "%lu", salt) != 1)
+		return(-1);
+	for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+
+	/*
+	 * Extract key
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*key++ = (t & 1 << (7 - j)) != 0;
+	}
+
+	/*
+	 * Extract plain
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*plain++ = (t & 1 << (7 - j)) != 0;
+	}
+
+	/*
+	 * Extract answer
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*answer++ = (t & 1 << (7 - j)) != 0;
+	}
+	return(0);
+}
+
+void bytes_to_bits(bytes, bits)
+char *bytes;
+unsigned char *bits;
+{
+	int	i, j;
+
+	for (i = 0; i < 8; i++) {
+		bits[i] = 0;
+		for (j = 0; j < 8; j++) {
+			bits[i] |= (bytes[i*8+j] & 1) << (7 - j);
+		}
+	}
+}
+
+
+
+/*
+ *	Test the old-style crypt(), the new-style crypt(), and crypt16().
+ */
+void test_crypt()
+{
+	char	*result;
+	struct crypt_test	*p;
+
+	printf("Testing crypt() family\n");
+
+	for (p = crypt_tests; p->key; p++) {
+		printf(" crypt(\"%s\", \"%s\"), \"%s\" expected",
+			p->key, p->setting, p->answer);
+		fflush(stdout);
+		result = crypt(p->key, p->setting);
+		if(!strcmp(result, p->answer)) {
+			printf(", OK\n");
+		} else {
+			printf("\n  failed (\"%s\")\n", result);
+			totfails++;
+		}
+	}
+
+#ifdef HAVE_CRYPT16
+	for (p = crypt16_tests; p->key; p++) {
+		printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected",
+			p->key, p->setting, p->answer);
+		fflush(stdout);
+		result = crypt16(p->key, p->setting);
+		if(!strcmp(result, p->answer)) {
+			printf(", OK\n");
+		} else {
+			printf("\n  failed (\"%s\")\n", result);
+			totfails++;
+		}
+	}
+#endif /* HAVE_CRYPT16 */
+}
+
+main(argc, argv)
+int argc;
+char *argv[];
+{
+	test_crypt();
+	good_bye();
+}
diff --git a/secure/lib/libcrypt/test/cert.input b/secure/lib/libcrypt/test/cert.input
new file mode 100644
index 0000000..e7c715c
--- /dev/null
+++ b/secure/lib/libcrypt/test/cert.input
@@ -0,0 +1,179 @@
+# $FreeBSD$
+#
+# Salt, key, plaintext, ciphertext
+#
+0 0101010101010101 95f8a5e5dd31d900 8000000000000000
+0 0101010101010101 dd7f121ca5015619 4000000000000000
+0 0101010101010101 2e8653104f3834ea 2000000000000000
+0 0101010101010101 4bd388ff6cd81d4f 1000000000000000
+0 0101010101010101 20b9e767b2fb1456 0800000000000000
+0 0101010101010101 55579380d77138ef 0400000000000000
+0 0101010101010101 6cc5defaaf04512f 0200000000000000
+0 0101010101010101 0d9f279ba5d87260 0100000000000000
+0 0101010101010101 d9031b0271bd5a0a 0080000000000000
+0 0101010101010101 424250b37c3dd951 0040000000000000
+0 0101010101010101 b8061b7ecd9a21e5 0020000000000000
+0 0101010101010101 f15d0f286b65bd28 0010000000000000
+0 0101010101010101 add0cc8d6e5deba1 0008000000000000
+0 0101010101010101 e6d5f82752ad63d1 0004000000000000
+0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000
+0 0101010101010101 f356834379d165cd 0001000000000000
+0 0101010101010101 2b9f982f20037fa9 0000800000000000
+0 0101010101010101 889de068a16f0be6 0000400000000000
+0 0101010101010101 e19e275d846a1298 0000200000000000
+0 0101010101010101 329a8ed523d71aec 0000100000000000
+0 0101010101010101 e7fce22557d23c97 0000080000000000
+0 0101010101010101 12a9f5817ff2d65d 0000040000000000
+0 0101010101010101 a484c3ad38dc9c19 0000020000000000
+0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000
+0 0101010101010101 750d079407521363 0000008000000000
+0 0101010101010101 64feed9c724c2faf 0000004000000000
+0 0101010101010101 f02b263b328e2b60 0000002000000000
+0 0101010101010101 9d64555a9a10b852 0000001000000000
+0 0101010101010101 d106ff0bed5255d7 0000000800000000
+0 0101010101010101 e1652c6b138c64a5 0000000400000000
+0 0101010101010101 e428581186ec8f46 0000000200000000
+0 0101010101010101 aeb5f5ede22d1a36 0000000100000000
+0 0101010101010101 e943d7568aec0c5c 0000000080000000
+0 0101010101010101 df98c8276f54b04b 0000000040000000
+0 0101010101010101 b160e4680f6c696f 0000000020000000
+0 0101010101010101 fa0752b07d9c4ab8 0000000010000000
+0 0101010101010101 ca3a2b036dbc8502 0000000008000000
+0 0101010101010101 5e0905517bb59bcf 0000000004000000
+0 0101010101010101 814eeb3b91d90726 0000000002000000
+0 0101010101010101 4d49db1532919c9f 0000000001000000
+0 0101010101010101 25eb5fc3f8cf0621 0000000000800000
+0 0101010101010101 ab6a20c0620d1c6f 0000000000400000
+0 0101010101010101 79e90dbc98f92cca 0000000000200000
+0 0101010101010101 866ecedd8072bb0e 0000000000100000
+0 0101010101010101 8b54536f2f3e64a8 0000000000080000
+0 0101010101010101 ea51d3975595b86b 0000000000040000
+0 0101010101010101 caffc6ac4542de31 0000000000020000
+0 0101010101010101 8dd45a2ddf90796c 0000000000010000
+0 0101010101010101 1029d55e880ec2d0 0000000000008000
+0 0101010101010101 5d86cb23639dbea9 0000000000004000
+0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000
+0 0101010101010101 ce332329248f3228 0000000000001000
+0 0101010101010101 8405d1abe24fb942 0000000000000800
+0 0101010101010101 e643d78090ca4207 0000000000000400
+0 0101010101010101 48221b9937748a23 0000000000000200
+0 0101010101010101 dd7c0bbd61fafd54 0000000000000100
+0 0101010101010101 2fbc291a570db5c4 0000000000000080
+0 0101010101010101 e07c30d7e4e26e12 0000000000000040
+0 0101010101010101 0953e2258e8e90a1 0000000000000020
+0 0101010101010101 5b711bc4ceebf2ee 0000000000000010
+0 0101010101010101 cc083f1e6d9e85f6 0000000000000008
+0 0101010101010101 d2fd8867d50d2dfe 0000000000000004
+0 0101010101010101 06e7ea22ce92708f 0000000000000002
+0 0101010101010101 166b40b44aba4bd6 0000000000000001
+0 8001010101010101 0000000000000000 95a8d72813daa94d
+0 4001010101010101 0000000000000000 0eec1487dd8c26d5
+0 2001010101010101 0000000000000000 7ad16ffb79c45926
+0 1001010101010101 0000000000000000 d3746294ca6a6cf3
+0 0801010101010101 0000000000000000 809f5f873c1fd761
+0 0401010101010101 0000000000000000 c02faffec989d1fc
+0 0201010101010101 0000000000000000 4615aa1d33e72f10
+0 0180010101010101 0000000000000000 2055123350c00858
+0 0140010101010101 0000000000000000 df3b99d6577397c8
+0 0120010101010101 0000000000000000 31fe17369b5288c9
+0 0110010101010101 0000000000000000 dfdd3cc64dae1642
+0 0108010101010101 0000000000000000 178c83ce2b399d94
+0 0104010101010101 0000000000000000 50f636324a9b7f80
+0 0102010101010101 0000000000000000 a8468ee3bc18f06d
+0 0101800101010101 0000000000000000 a2dc9e92fd3cde92
+0 0101400101010101 0000000000000000 cac09f797d031287
+0 0101200101010101 0000000000000000 90ba680b22aeb525
+0 0101100101010101 0000000000000000 ce7a24f350e280b6
+0 0101080101010101 0000000000000000 882bff0aa01a0b87
+0 0101040101010101 0000000000000000 25610288924511c2
+0 0101020101010101 0000000000000000 c71516c29c75d170
+0 0101018001010101 0000000000000000 5199c29a52c9f059
+0 0101014001010101 0000000000000000 c22f0a294a71f29f
+0 0101012001010101 0000000000000000 ee371483714c02ea
+0 0101011001010101 0000000000000000 a81fbd448f9e522f
+0 0101010801010101 0000000000000000 4f644c92e192dfed
+0 0101010401010101 0000000000000000 1afa9a66a6df92ae
+0 0101010201010101 0000000000000000 b3c1cc715cb879d8
+0 0101010180010101 0000000000000000 19d032e64ab0bd8b
+0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc
+0 0101010120010101 0000000000000000 b7265f7f447ac6f3
+0 0101010110010101 0000000000000000 9db73b3c0d163f54
+0 0101010108010101 0000000000000000 8181b65babf4a975
+0 0101010104010101 0000000000000000 93c9b64042eaa240
+0 0101010102010101 0000000000000000 5570530829705592
+0 0101010101800101 0000000000000000 8638809e878787a0
+0 0101010101400101 0000000000000000 41b9a79af79ac208
+0 0101010101200101 0000000000000000 7a9be42f2009a892
+0 0101010101100101 0000000000000000 29038d56ba6d2745
+0 0101010101080101 0000000000000000 5495c6abf1e5df51
+0 0101010101040101 0000000000000000 ae13dbd561488933
+0 0101010101020101 0000000000000000 024d1ffa8904e389
+0 0101010101018001 0000000000000000 d1399712f99bf02e
+0 0101010101014001 0000000000000000 14c1d7c1cffec79e
+0 0101010101012001 0000000000000000 1de5279dae3bed6f
+0 0101010101011001 0000000000000000 e941a33f85501303
+0 0101010101010801 0000000000000000 da99dbbc9a03f379
+0 0101010101010401 0000000000000000 b7fc92f91d8e92e9
+0 0101010101010201 0000000000000000 ae8e5caa3ca04e85
+0 0101010101010180 0000000000000000 9cc62df43b6eed74
+0 0101010101010140 0000000000000000 d863dbb5c59a91a0
+0 0101010101010120 0000000000000000 a1ab2190545b91d7
+0 0101010101010110 0000000000000000 0875041e64c570f7
+0 0101010101010108 0000000000000000 5a594528bebef1cc
+0 0101010101010104 0000000000000000 fcdb3291de21f0c0
+0 0101010101010102 0000000000000000 869efd7f9f265a09
+0 1046913489980131 0000000000000000 88d55e54f54c97b4
+0 1007103489988020 0000000000000000 0c0cc00c83ea48fd
+0 10071034c8980120 0000000000000000 83bc8ef3a6570183
+0 1046103489988020 0000000000000000 df725dcad94ea2e9
+0 1086911519190101 0000000000000000 e652b53b550be8b0
+0 1086911519580101 0000000000000000 af527120c485cbb0
+0 5107b01519580101 0000000000000000 0f04ce393db926d5
+0 1007b01519190101 0000000000000000 c9f00ffc74079067
+0 3107915498080101 0000000000000000 7cfd82a593252b4e
+0 3107919498080101 0000000000000000 cb49a2f9e91363e3
+0 10079115b9080140 0000000000000000 00b588be70d23f56
+0 3107911598080140 0000000000000000 406a9a6ab43399ae
+0 1007d01589980101 0000000000000000 6cb773611dca9ada
+0 9107911589980101 0000000000000000 67fd21c17dbb5d70
+0 9107d01589190101 0000000000000000 9592cb4110430787
+0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3
+0 1007940498190101 0000000000000000 4d102196c914ca16
+0 0107910491190401 0000000000000000 2dfa9f4573594965
+0 0107910491190101 0000000000000000 b46604816c0e0774
+0 0107940491190401 0000000000000000 6e7e6221a4f34e87
+0 19079210981a0101 0000000000000000 aa85e74643233199
+0 1007911998190801 0000000000000000 2e5a19db4d1962d6
+0 10079119981a0801 0000000000000000 23a866a809d30894
+0 1007921098190101 0000000000000000 d812d961f017d320
+0 100791159819010b 0000000000000000 055605816e58608f
+0 1004801598190101 0000000000000000 abd88e8b1b7716f1
+0 1004801598190102 0000000000000000 537ac95be69da1e1
+0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8
+0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d
+0 1002911598190104 0000000000000000 61c79c71921a2ef8
+0 1002911598100201 0000000000000000 e2f5728f0995013c
+0 1002911698100101 0000000000000000 1aeac39a61f0a464
+0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b
+0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271
+0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a
+0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a
+0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095
+0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b
+0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09
+0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a
+0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f
+0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088
+0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77
+0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a
+0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56
+0 025816164629b007 480d39006ee762f2 a1f9915541020b56
+0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556
+0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac
+0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a
+0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41
+0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
+1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60
+57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae
+1 8001010101010101 0000000000000000 f501029f268e45dc
+0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
diff --git a/secure/lib/libcrypt/test/speedcrypt.c b/secure/lib/libcrypt/test/speedcrypt.c
new file mode 100644
index 0000000..f7507fd
--- /dev/null
+++ b/secure/lib/libcrypt/test/speedcrypt.c
@@ -0,0 +1,76 @@
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include <stdio.h>
+
+int		keep_going, count, alternate, seconds;
+struct rusage	prior, now;
+
+void
+finish()
+{
+	keep_going = 0;
+}
+
+
+main(int argc, char *argv[])
+{
+	struct itimerval itv;
+	u_long		msecs, key1[8], key2[8];
+	char		*k1, *k2;
+
+	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
+		seconds = 20;
+
+	if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1)
+		alternate = 0;
+
+	printf ("Running crypt%s for %d seconds of vtime...\n",
+		alternate ? " with alternate keys" : "", seconds);
+
+	bzero(&itv, sizeof (itv));
+	signal (SIGVTALRM, finish);
+	itv.it_value.tv_sec = seconds;
+	itv.it_value.tv_usec = 0;
+	setitimer(ITIMER_VIRTUAL, &itv, NULL);
+
+	keep_going = 1;
+	if (getrusage(0, &prior) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+
+	k1 = (char *) key1;
+	k2 = (char *) key2;
+	strcpy(k1, "fredfredfredfredfred");
+	strcpy(k2, "joejoejoejoejoejoejo");
+
+	if (alternate)
+		for (count = 0; keep_going; count++)
+		{
+#if defined(LONGCRYPT)
+			crypt((count & 1) ? k1 : k2, "_ara.X...");
+#else
+			crypt((count & 1) ? k1 : k2, "eek");
+#endif
+		}
+	else
+		for (count = 0; keep_going; count++)
+		{
+#if defined(LONGCRYPT)
+			crypt(k1, "_ara.X...");
+#else
+			crypt(k1, "eek");
+#endif
+		}
+
+	if (getrusage(0, &now) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
+	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
+	printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs);
+	exit(0);
+}
diff --git a/secure/lib/libdes/Makefile b/secure/lib/libdes/Makefile
new file mode 100644
index 0000000..64abbaf
--- /dev/null
+++ b/secure/lib/libdes/Makefile
@@ -0,0 +1,41 @@
+#	@(#)Makefile	5.4 (Berkeley) 5/7/91
+# $FreeBSD$
+
+LIB=	des
+SRCS=	cbc3_enc.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+	ecb3_enc.c ecb_enc.c  ede_enc.c  enc_read.c enc_writ.c \
+	ncbc_enc.c new_rkey.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+	str2key.c  cfb64ede.c ofb64ede.c supp.c     xcbc_enc.c
+HEADER=	des.h
+
+SHLIB_MAJOR=	3
+SHLIB_MINOR=	0
+
+CFLAGS+=	-Wall
+CLEANFILES+=	des_crypt.3
+
+MAN3=	des_crypt.3
+
+des_crypt.3: des_crypt.man
+	cp ${.OODATE} ${.TARGET}
+
+MLINKS= des_crypt.3 des_read_password.3 \
+	des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \
+	des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \
+	des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \
+	des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \
+	des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \
+	des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \
+	des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \
+	des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \
+	des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \
+	des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3
+
+beforeinstall:
+.for i in ${HEADER}
+	${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/$i \
+		${DESTDIR}/usr/include
+.endfor
+
+.include <bsd.lib.mk>
diff --git a/secure/lib/libdes/des.h b/secure/lib/libdes/des.h
index 0315418..9a837f5 100644
--- a/secure/lib/libdes/des.h
+++ b/secure/lib/libdes/des.h
@@ -165,6 +165,7 @@ int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
 	des_cblock *iv);
 int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
 	des_cblock *iv);
+#if 0
 #ifdef PERL5
 char *des_crypt(const char *buf,const char *salt);
 #else
@@ -176,6 +177,7 @@ char *crypt(const char *buf,const char *salt);
 char *crypt();
 #endif
 #endif
+#endif
 void des_ofb_encrypt(unsigned char *in,unsigned char *out,
 	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
 void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
@@ -228,11 +230,13 @@ void des_encrypt2();
 void des_ede3_cbc_encrypt();
 int des_enc_read();
 int des_enc_write();
+#if 0
 #ifdef PERL5
 char *des_crypt();
 #else
 char *crypt();
 #endif
+#endif
 void des_ofb_encrypt();
 void des_pcbc_encrypt();
 DES_LONG des_quad_cksum();
@@ -255,13 +259,11 @@ void des_cblock_print_file();
 /* The following functions are not in the normal unix build or the
  * SSLeay build.  When using the SSLeay build, use RAND_seed()
  * and RAND_bytes() instead. */
-#ifdef FreeBSD
 int des_new_random_key();
 void des_init_random_number_generator();
 void des_set_random_generator_seed();
 void des_set_sequence_number();
 void des_generate_random_block();
-#endif
 
 #endif
 
diff --git a/secure/lib/libdes/des_locl.org b/secure/lib/libdes/des_locl.org
deleted file mode 100644
index 80a4ccd..0000000
--- a/secure/lib/libdes/des_locl.org
+++ /dev/null
@@ -1,276 +0,0 @@
-/* lib/des/des_locl.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-#include "des.h"
-
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_USE_PTR
-#undef DES_USE_PTR
-#endif
-
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <time.h>
-#include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
-#endif
-
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-extern int errno;
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#ifdef __STDC__
-#undef NOPROTO
-#endif
-
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
-
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs. */
-#ifdef DES_USR_PTR
-#define D_ENCRYPT(L,R,S) { \
-	u=((R^s[S  ])<<2);	\
-	t= R^s[S+1]; \
-	t=((t>>2)+(t<<30)); \
-	L^= \
-	*(unsigned long *)(des_SP+0x0100+((t    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0300+((t>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0500+((t>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0700+((t>>24)&0xfc))+ \
-	*(unsigned long *)(des_SP+       ((u    )&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0200+((u>> 8)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0400+((u>>16)&0xfc))+ \
-	*(unsigned long *)(des_SP+0x0600+((u>>24)&0xfc)); }
-#else /* original version */
-#ifdef MSDOS
-#define D_ENCRYPT(L,R,S)	\
-	U.l=R^s[S+1]; \
-	T.s[0]=((U.s[0]>>4)|(U.s[1]<<12))&0x3f3f; \
-	T.s[1]=((U.s[1]>>4)|(U.s[0]<<12))&0x3f3f; \
-	U.l=(R^s[S  ])&0x3f3f3f3fL; \
-	L^=	des_SPtrans[1][(T.c[0])]| \
-		des_SPtrans[3][(T.c[1])]| \
-		des_SPtrans[5][(T.c[2])]| \
-		des_SPtrans[7][(T.c[3])]| \
-		des_SPtrans[0][(U.c[0])]| \
-		des_SPtrans[2][(U.c[1])]| \
-		des_SPtrans[4][(U.c[2])]| \
-		des_SPtrans[6][(U.c[3])];
-#else
-#define D_ENCRYPT(Q,R,S) {\
-	u=(R^s[S  ]); \
-	t=R^s[S+1]; \
-	t=((t>>4L)+(t<<28L)); \
-	Q^=	des_SPtrans[1][(t     )&0x3f]| \
-		des_SPtrans[3][(t>> 8L)&0x3f]| \
-		des_SPtrans[5][(t>>16L)&0x3f]| \
-		des_SPtrans[7][(t>>24L)&0x3f]| \
-		des_SPtrans[0][(u     )&0x3f]| \
-		des_SPtrans[2][(u>> 8L)&0x3f]| \
-		des_SPtrans[4][(u>>16L)&0x3f]| \
-		des_SPtrans[6][(u>>24L)&0x3f]; }
-#endif
-#endif
-
-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register unsigned long tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register unsigned long tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-#endif
diff --git a/secure/lib/libdes/enc_writ.c b/secure/lib/libdes/enc_writ.c
index 0b7a50b..2f15d08 100644
--- a/secure/lib/libdes/enc_writ.c
+++ b/secure/lib/libdes/enc_writ.c
@@ -65,7 +65,7 @@ des_cblock (*iv);
 
 	long rnum;
 	int i,j,k,outnum;
-	char *outbuf=NULL;
+	static char *outbuf=NULL;
 	char shortbuf[8];
 	char *p;
 	static int start=1;
diff --git a/secure/lib/libdes/new_rkey.c b/secure/lib/libdes/new_rkey.c
index 08153b4..3435df1 100644
--- a/secure/lib/libdes/new_rkey.c
+++ b/secure/lib/libdes/new_rkey.c
@@ -77,13 +77,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: new_rnd_key.c,v 1.1 1995/09/16 21:01:51 mark Exp $
+ * $FreeBSD$
  */
 
 /* 21-Nov-95 - eay - I've finally put this into libdes, I have made a
  * few changes since it need to compile on all version of unix and
  * there were a few things that would not :-) */
 
+#include <fcntl.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <sys/time.h>
@@ -160,9 +161,8 @@ des_new_random_key(new_key)
  *                                     to a truly nasty sequence using system
  *                                     supplied volatile variables.
  */
-/* Name shortened for VMS - there is a macro for the old name */
 void
-des_init_random_num_generator(key)
+des_init_random_number_generator(key)
 	des_cblock *key;
 {
 	/* 64-bit structures */
@@ -175,9 +175,11 @@ des_init_random_num_generator(key)
 		u_int32_t tv_sec;
 		u_int32_t tv_usec;
 	} time64bit;
+	u_int32_t devrandom[2];
 	des_cblock new_key;
 	int mib[2];
 	size_t len;
+	int dr;
 
 	/* Get host ID using official BSD 4.4 method */
 	mib[0] = CTL_KERN;
@@ -198,6 +200,25 @@ des_init_random_num_generator(key)
 	gettimeofday(&timeblock, NULL);
 	time64bit.tv_sec = (u_int32_t)timeblock.tv_sec;
 	time64bit.tv_usec = (u_int32_t)timeblock.tv_usec;
+	/* If /dev/random is available, read some muck */
+	dr = open("/dev/random", O_RDONLY);
+	if (dr >= 0) {
+		/* Set the descriptor into non-blocking mode. */
+		fcntl(dr, F_SETFL, O_NONBLOCK);
+		len = read(dr, devrandom, sizeof(devrandom));
+		close(dr);
+		if (len > 0) {
+			time64bit.tv_sec ^= devrandom[0];
+			time64bit.tv_usec ^= devrandom[1];
+		}
+#ifdef DEBUG
+		printf("DEBUG: read from /dev/random %d %x %x\n",
+			len, devrandom[0], devrandom[1]);
+#endif
+	}
+#ifdef DEBUG
+	else printf("Cannot open /dev/random\n");
+#endif
 	des_set_sequence_number((unsigned char *)&time64bit);
 
 	/* Do the work */
diff --git a/secure/lib/libdes/supp.c b/secure/lib/libdes/supp.c
index 0c959cc..c098f2e 100644
--- a/secure/lib/libdes/supp.c
+++ b/secure/lib/libdes/supp.c
@@ -76,7 +76,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id$
+ * $FreeBSD$
  */
 
 #include <stdio.h>
diff --git a/secure/lib/libdes/version.h b/secure/lib/libdes/version.h
deleted file mode 100644
index aee1190..0000000
--- a/secure/lib/libdes/version.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* lib/des/version.h */
-/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- * 
- * This file is part of an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL
- * specification.  This library and applications are
- * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
- * as long as the following conditions are aheared to.
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.  If this code is used in a product,
- * Eric Young should be given attribution as the author of the parts used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    This product includes software developed by Eric Young (eay@mincom.oz.au)
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-extern char *DES_version;
diff --git a/secure/usr.bin/Makefile b/secure/usr.bin/Makefile
new file mode 100644
index 0000000..ee8fddf
--- /dev/null
+++ b/secure/usr.bin/Makefile
@@ -0,0 +1,6 @@
+# $FreeBSD$
+
+SUBDIR= bdes
+
+.include <bsd.subdir.mk>
+
diff --git a/secure/usr.bin/Makefile.inc b/secure/usr.bin/Makefile.inc
new file mode 100644
index 0000000..c4fd273
--- /dev/null
+++ b/secure/usr.bin/Makefile.inc
@@ -0,0 +1,4 @@
+# $FreeBSD$
+
+BINDIR=	/usr/bin
+.include "${.CURDIR}/../../Makefile.inc"
diff --git a/secure/usr.bin/bdes/Makefile b/secure/usr.bin/bdes/Makefile
new file mode 100644
index 0000000..78af60c
--- /dev/null
+++ b/secure/usr.bin/bdes/Makefile
@@ -0,0 +1,16 @@
+#	@(#)Makefile	8.1 (Berkeley) 6/6/93
+# $FreeBSD$
+
+PROG=	bdes
+SRCS=	bdes.c
+
+.if exists(${.OBJDIR}/../../lib/libcipher)
+LDFLAGS+= -L${.OBJDIR}/../../lib/libcipher
+.else
+LDFLAGS+= -L${.CURDIR}/../../lib/libcipher
+.endif
+
+LDADD+= -lcipher
+DPADD+= libcipher.a
+
+.include <bsd.prog.mk>
diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1
new file mode 100644
index 0000000..48179fd
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.1
@@ -0,0 +1,304 @@
+.\" Copyright (c) 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" Matt Bishop of Dartmouth College.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)bdes.1	8.1 (Berkeley) 6/29/93
+.\"
+.TH BDES 1 "June 29, 1993"
+.UC 6
+.SH NAME
+bdes \- encrypt/decrypt using the Data Encryption Standard
+.SH SYNOPSIS
+.nf
+.ft B
+bdes [ \-abdp ] [ \-F N ] [ \-f N ] [ \-k key ]
+.ti +5
+[ \-m N ] [ \-o N ] [ \-v vector ]
+.ft R
+.fi
+.SH DESCRIPTION
+.I Bdes
+implements all DES modes of operation described in FIPS PUB 81, 
+including alternative cipher feedback mode and both authentication
+modes.
+.I Bdes
+reads from the standard input and writes to the standard output.
+By default, the input is encrypted using cipher block chaining mode.
+Using the same key for encryption and decryption preserves plain text.
+.PP
+All modes but the electronic code book mode require an initialization
+vector; if none is supplied, the zero vector is used.
+If no
+.I key
+is specified on the command line, the user is prompted for one (see
+.IR getpass (3)
+for more details).
+.PP
+The options are as follows:
+.TP
+\-a
+The key and initialization vector strings are to be taken as ASCII,
+suppressing the special interpretation given to leading ``0X'', ``0x'',
+``0B'', and ``0b'' characters.
+This flag applies to
+.I both
+the key and initialization vector.
+.TP
+\-b
+Use electronic code book mode.
+.TP
+\-d
+Decrypt the input.
+.TP
+\-F
+Use
+.IR N -bit
+alternative cipher feedback mode.
+Currently
+.I N
+must be a multiple of 7 between 7 and 56 inclusive (this does not conform
+to the alternative CFB mode specification).
+.TP
+\-f
+Use
+.IR N -bit
+cipher feedback mode.
+Currently
+.I N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the standard CFB mode specification).
+.TP
+\-k
+Use
+.I key
+as the cryptographic key.
+.TP
+\-m
+Compute a message authentication code (MAC) of
+.I N
+bits on the input.
+The value of
+.I N
+must be between 1 and 64 inclusive; if
+.I N
+is not a multiple of 8, enough 0 bits will be added to pad the MAC length
+to the nearest multiple of 8.
+Only the MAC is output.
+MACs are only available in cipher block chaining mode or in cipher feedback
+mode.
+.TP
+\-o
+Use
+.IR N -bit
+output feedback mode.
+Currently
+.I N
+must be a multiple of 8 between 8 and 64 inclusive (this does not conform
+to the OFB mode specification).
+.TP
+\-p
+Disable the resetting of the parity bit.
+This flag forces the parity bit of the key to be used as typed, rather than
+making each character be of odd parity.
+It is used only if the key is given in ASCII.
+.TP
+\-v
+Set the initialization vector to
+.IR vector ;
+the vector is interpreted in the same way as the key.
+The vector is ignored in electronic codebook mode.
+.PP
+The key and initialization vector are taken as sequences of ASCII
+characters which are then mapped into their bit representations.
+If either begins with ``0X'' or ``0x'',
+that one is taken as a sequence of hexadecimal digits indicating the
+bit pattern;
+if either begins with ``0B'' or ``0b'',
+that one is taken as a sequence of binary digits indicating the bit pattern.
+In either case,
+only the leading 64 bits of the key or initialization vector
+are used,
+and if fewer than 64 bits are provided, enough 0 bits are appended
+to pad the key to 64 bits.
+.PP
+According to the DES standard, the low-order bit of each character in the
+key string is deleted.
+Since most ASCII representations set the high-order bit to 0, simply
+deleting the low-order bit effectively reduces the size of the key space
+from 2\u\s-356\s0\d to 2\u\s-348\s0\d keys.
+To prevent this, the high-order bit must be a function depending in part
+upon the low-order bit; so, the high-order bit is set to whatever value
+gives odd parity.
+This preserves the key space size.
+Note this resetting of the parity bit is
+.I not
+done if the key is given in binary or hex, and can be disabled for ASCII
+keys as well.
+.PP
+The DES is considered a very strong cryptosystem, and other than table lookup
+attacks, key search attacks, and Hellman's time-memory tradeoff (all of which
+are very expensive and time-consuming), no cryptanalytic methods for breaking
+the DES are known in the open literature.
+No doubt the choice of keys and key security are the most vulnerable aspect
+of
+.IR bdes .
+.SH IMPLEMENTATION NOTES
+For implementors wishing to write software compatible with this program,
+the following notes are provided.
+This software is believed to be compatible with the implementation of the
+data encryption standard distributed by Sun Microsystems, Inc.
+.PP
+In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes,
+also called a block).
+To ensure that the plaintext file is encrypted correctly,
+.I bdes
+will (internally) append from 1 to 8 bytes, the last byte containing an
+integer stating how many bytes of that final block are from the plaintext
+file, and encrypt the resulting block.
+Hence, when decrypting, the last block may contain from 0 to 7 characters
+present in the plaintext file, and the last byte tells how many.
+Note that if during decryption the last byte of the file does not contain an
+integer between 0 and 7, either the file has been corrupted or an incorrect
+key has been given.
+A similar mechanism is used for the OFB and CFB modes, except that those
+simply require the length of the input to be a multiple of the mode size,
+and the final byte contains an integer between 0 and one less than the number
+of bytes being used as the mode.
+(This was another reason that the mode size must be a multiple of 8 for those
+modes.)
+.PP
+Unlike Sun's implementation, unused bytes of that last block are not filled
+with random data, but instead contain what was in those byte positions in
+the preceding block.
+This is quicker and more portable, and does not weaken the encryption
+significantly.
+.PP
+If the key is entered in ASCII, the parity bits of the key characters are set
+so that each key character is of odd parity.
+Unlike Sun's implementation, it is possible to enter binary or hexadecimal
+keys on the command line, and if this is done, the parity bits are
+.I not
+reset.
+This allows testing using arbitrary bit patterns as keys.
+.PP
+The Sun implementation always uses an initialization vector of 0
+(that is, all zeroes).
+By default,
+.I bdes
+does too, but this may be changed from the command line.
+.SH SEE ALSO
+crypt(3), getpass(3)
+.sp
+.IR "Data Encryption Standard" ,
+Federal Information Processing Standard #46,
+National Bureau of Standards,
+U.S. Department of Commerce,
+Washington DC
+(Jan. 1977)
+.sp
+.IR "DES Modes of Operation" ,
+Federal Information Processing Standard #81,
+National Bureau of Standards,
+U.S. Department of Commerce
+Washington DC
+(Dec. 1980)
+.sp
+Dorothy Denning,
+.IR "Cryptography and Data Security" ,
+Addison-Wesley Publishing Co.,
+Reading, MA
+\(co1982.
+.sp
+Matt Bishop,
+.IR "Implementation Notes on bdes(1)" ,
+Technical Report PCS-TR-91-158,
+Department of Mathematics and Computer Science,
+Dartmouth College,
+Hanover, NH  03755
+(Apr. 1991).
+.SH DISCLAIMER
+.nf
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+.fi
+.SH BUGS
+There is a controversy raging over whether the DES will still be secure
+in a few years.
+The advent of special-purpose hardware could reduce the cost of any of the
+methods of attack named above so that they are no longer computationally
+infeasible.
+.PP
+As the key or key schedule is stored in memory, the encryption can be
+compromised if memory is readable.
+Additionally, programs which display programs' arguments may compromise the
+key and initialization vector, if they are specified on the command line.
+To avoid this
+.I bdes
+overwrites its arguments, however, the obvious race cannot currently be
+avoided.
+.PP
+Certain specific keys should be avoided because they introduce potential
+weaknesses; these keys, called the
+.I weak
+and
+.I semiweak
+keys, are (in hex notation, where p is either 0 or 1, and P is either
+e or f):
+.sp
+.nf
+.in +10n
+.ta \w'0x0p0p0p0p0p0p0p0p\0\0\0'u+5n
+0x0p0p0p0p0p0p0p0p	0x0p1P0p1P0p0P0p0P
+0x0pep0pep0pfp0pfp	0x0pfP0pfP0pfP0pfP
+0x1P0p1P0p0P0p0P0p	0x1P1P1P1P0P0P0P0P
+0x1Pep1Pep0Pfp0Pfp	0x1PfP1PfP0PfP0PfP
+0xep0pep0pfp0pfp0p	0xep1Pep1pfp0Pfp0P
+0xepepepepepepepep	0xepfPepfPfpfPfpfP
+0xfP0pfP0pfP0pfP0p	0xfP1PfP1PfP0PfP0P
+0xfPepfPepfPepfPep	0xfPfPfPfPfPfPfPfP
+.fi
+.in -10n
+.sp
+This is inherent in the DES algorithm (see Moore and Simmons,
+\*(LqCycle structure of the DES with weak and semi-weak keys,\*(Rq
+.I "Advances in Cryptology \- Crypto '86 Proceedings" ,
+Springer-Verlag New York, \(co1987, pp. 9-32.)
diff --git a/secure/usr.bin/bdes/bdes.c b/secure/usr.bin/bdes/bdes.c
new file mode 100644
index 0000000..ed1f3e1
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.c
@@ -0,0 +1,1046 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Matt Bishop of Dartmouth College.
+ *
+ * The United States Government has rights in this work pursuant
+ * to contract no. NAG 2-680 between the National Aeronautics and
+ * Space Administration and Dartmouth College.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)bdes.c	8.1 (Berkeley) 6/6/93";
+#endif /* not lint */
+
+/*
+ * BDES -- DES encryption package for Berkeley Software Distribution 4.4
+ * options:
+ *	-a	key is in ASCII
+ *	-b	use ECB (electronic code book) mode
+ *	-d	invert (decrypt) input
+ *	-f b	use b-bit CFB (cipher feedback) mode
+ *	-F b	use b-bit CFB (cipher feedback) alternative mode
+ *	-k key	use key as the cryptographic key
+ *	-m b	generate a MAC of length b
+ *	-o b	use b-bit OFB (output feedback) mode
+ *	-p	don't reset the parity bit
+ *	-v v	use v as the initialization vector (ignored for ECB)
+ * note: the last character of the last block is the integer indicating
+ * how many characters of that block are to be output
+ *
+ * Author: Matt Bishop
+ *	   Department of Mathematics and Computer Science
+ *	   Dartmouth College
+ *	   Hanover, NH  03755
+ * Email:  Matt.Bishop@dartmouth.edu
+ *	   ...!decvax!dartvax!Matt.Bishop
+ *
+ * See Technical Report PCS-TR91-158, Department of Mathematics and Computer
+ * Science, Dartmouth College, for a detailed description of the implemen-
+ * tation and differences between it and Sun's.  The DES is described in
+ * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page
+ * or the technical report for a complete reference).
+ */
+
+#include <errno.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * BSD and System V systems offer special library calls that do
+ * block moves and fills, so if possible we take advantage of them
+ */
+#define	MEMCPY(dest,src,len)	bcopy((src),(dest),(len))
+#define	MEMZERO(dest,len)	bzero((dest),(len))
+
+/* Hide the calls to the primitive encryption routines. */
+#define	FASTWAY
+#ifdef	FASTWAY
+#define	DES_KEY(buf) \
+	if (des_setkey(buf)) \
+		err("des_setkey", 0);
+#define	DES_XFORM(buf) \
+	if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \
+		err("des_cipher", 0);
+#else
+#define	DES_KEY(buf)	{						\
+				char bits1[64];	/* bits of key */	\
+				expand(buf, bits1);			\
+				if (setkey(bits1))			\
+					err("setkey", 0);		\
+			}
+#define	DES_XFORM(buf)	{						\
+				char bits1[64];	/* bits of message */	\
+				expand(buf, bits1);			\
+				if (encrypt(bits1, inverse))		\
+					err("encrypt", 0);		\
+				compress(bits1, buf);			\
+			}
+#endif
+
+/*
+ * this does an error-checking write
+ */
+#define	READ(buf, n)	fread(buf, sizeof(char), n, stdin)
+#define WRITE(buf,n)						\
+		if (fwrite(buf, sizeof(char), n, stdout) != n)	\
+			err(bn, NULL);
+
+/*
+ * some things to make references easier
+ */
+typedef char Desbuf[8];
+#define	CHAR(x,i)	(x[i])
+#define	UCHAR(x,i)	(x[i])
+#define	BUFFER(x)	(x)
+#define	UBUFFER(x)	(x)
+
+/*
+ * global variables and related macros
+ */
+#define KEY_DEFAULT		0	/* interpret radix of key from key */
+#define KEY_ASCII		1	/* key is in ASCII characters */
+int keybase = KEY_DEFAULT;		/* how to interpret the key */
+
+enum { 					/* encrypt, decrypt, authenticate */
+	MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE
+} mode = MODE_ENCRYPT;
+enum {					/* ecb, cbc, cfb, cfba, ofb? */
+	ALG_ECB, ALG_CBC, ALG_CFB, ALG_OFB, ALG_CFBA
+} alg = ALG_CBC;
+
+Desbuf ivec;				/* initialization vector */
+char bits[] = {				/* used to extract bits from a char */
+	'\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001'
+};
+int inverse;				/* 0 to encrypt, 1 to decrypt */
+int macbits = -1;			/* number of bits in authentication */
+int fbbits = -1;			/* number of feedback bits */
+int pflag;				/* 1 to preserve parity bits */
+
+main(ac, av)
+	int ac;				/* arg count */
+	char **av;			/* arg vector */
+{
+	extern int optind;		/* option (argument) number */
+	extern char *optarg;		/* argument to option if any */
+	register int i;			/* counter in a for loop */
+	register char *p;		/* used to obtain the key */
+	Desbuf msgbuf;			/* I/O buffer */
+	int kflag;			/* command-line encryptiooon key */
+	int argc;			/* the real arg count */
+	char **argv;			/* the real argument vector */
+
+	/*
+	 * Hide the arguments from ps(1) by making private copies of them
+	 * and clobbering the global (visible to ps(1)) ones.
+	 */
+	argc = ac;
+	ac = 1;
+	argv = malloc((argc + 1) * sizeof(char *));
+	for (i = 0; i < argc; ++i) {
+		argv[i] = strdup(av[i]);
+		MEMZERO(av[i], strlen(av[i]));
+	}
+	argv[argc] = NULL;
+
+	/* initialize the initialization vctor */
+	MEMZERO(ivec, 8);
+
+	/* process the argument list */
+	kflag = 0;
+	while ((i = getopt(argc, argv, "abdF:f:k:m:o:pv:")) != EOF)
+		switch(i) {
+		case 'a':		/* key is ASCII */
+			keybase = KEY_ASCII;
+			break;
+		case 'b':		/* use ECB mode */
+			alg = ALG_ECB;
+			break;
+		case 'd':		/* decrypt */
+			mode = MODE_DECRYPT;
+			break;
+		case 'F':		/* use alternative CFB mode */
+			alg = ALG_CFBA;
+			if ((fbbits = setbits(optarg, 7)) > 56 || fbbits == 0)
+				err(-1, "-F: number must be 1-56 inclusive");
+			else if (fbbits == -1)
+				err(-1, "-F: number must be a multiple of 7");
+			break;
+		case 'f':		/* use CFB mode */
+			alg = ALG_CFB;
+			if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
+				err(-1, "-f: number must be 1-64 inclusive");
+			else if (fbbits == -1)
+				err(-1, "-f: number must be a multiple of 8");
+			break;
+		case 'k':		/* encryption key */
+			kflag = 1;
+			cvtkey(BUFFER(msgbuf), optarg);
+			break;
+		case 'm':		/* number of bits for MACing */
+			mode = MODE_AUTHENTICATE;
+			if ((macbits = setbits(optarg, 1)) > 64)
+				err(-1, "-m: number must be 0-64 inclusive");
+			break;
+		case 'o':		/* use OFB mode */
+			alg = ALG_OFB;
+			if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0)
+				err(-1, "-o: number must be 1-64 inclusive");
+			else if (fbbits == -1)
+				err(-1, "-o: number must be a multiple of 8");
+			break;
+		case 'p':		/* preserve parity bits */
+			pflag = 1;
+			break;
+		case 'v':		/* set initialization vector */
+			cvtkey(BUFFER(ivec), optarg);
+			break;
+		default:		/* error */
+			usage();
+		}
+
+	if (!kflag) {
+		/*
+		 * if the key's not ASCII, assume it is
+		 */
+		keybase = KEY_ASCII;
+		/*
+		 * get the key
+		 */
+		p = getpass("Enter key: ");
+		/*
+		 * copy it, nul-padded, into the key area
+		 */
+		cvtkey(BUFFER(msgbuf), p);
+	}
+
+	makekey(msgbuf);
+	inverse = (alg == ALG_CBC || alg == ALG_ECB) && mode == MODE_DECRYPT;
+
+	switch(alg) {
+	case ALG_CBC:
+		switch(mode) {
+		case MODE_AUTHENTICATE:	/* authenticate using CBC mode */
+			cbcauth();
+			break;
+		case MODE_DECRYPT:	/* decrypt using CBC mode */
+			cbcdec();
+			break;
+		case MODE_ENCRYPT:	/* encrypt using CBC mode */
+			cbcenc();
+			break;
+		}
+		break;
+	case ALG_CFB:
+		switch(mode) {
+		case MODE_AUTHENTICATE:	/* authenticate using CFB mode */
+			cfbauth();
+			break;
+		case MODE_DECRYPT:	/* decrypt using CFB mode */
+			cfbdec();
+			break;
+		case MODE_ENCRYPT:	/* encrypt using CFB mode */
+			cfbenc();
+			break;
+		}
+		break;
+	case ALG_CFBA:
+		switch(mode) {
+		case MODE_AUTHENTICATE:	/* authenticate using CFBA mode */
+			err(-1, "can't authenticate with CFBA mode");
+			break;
+		case MODE_DECRYPT:	/* decrypt using CFBA mode */
+			cfbadec();
+			break;
+		case MODE_ENCRYPT:	/* encrypt using CFBA mode */
+			cfbaenc();
+			break;
+		}
+		break;
+	case ALG_ECB:
+		switch(mode) {
+		case MODE_AUTHENTICATE:	/* authenticate using ECB mode */
+			err(-1, "can't authenticate with ECB mode");
+			break;
+		case MODE_DECRYPT:	/* decrypt using ECB mode */
+			ecbdec();
+			break;
+		case MODE_ENCRYPT:	/* encrypt using ECB mode */
+			ecbenc();
+			break;
+		}
+		break;
+	case ALG_OFB:
+		switch(mode) {
+		case MODE_AUTHENTICATE:	/* authenticate using OFB mode */
+			err(-1, "can't authenticate with OFB mode");
+			break;
+		case MODE_DECRYPT:	/* decrypt using OFB mode */
+			ofbdec();
+			break;
+		case MODE_ENCRYPT:	/* encrypt using OFB mode */
+			ofbenc();
+			break;
+		}
+		break;
+	}
+	exit(0);
+}
+
+/*
+ * print a warning message and, possibly, terminate
+ */
+err(n, s)
+	int n;			/* offending block number */
+	char *s;		/* the message */
+{
+	if (n > 0)
+		(void)fprintf(stderr, "bdes (block %d): ", n);
+	else
+		(void)fprintf(stderr, "bdes: ");
+	(void)fprintf(stderr, "%s\n", s ? s : strerror(errno));
+	exit(1);
+}
+
+/*
+ * map a hex character to an integer
+ */
+tobinhex(c, radix)
+	char c;			/* char to be converted */
+	int radix;		/* base (2 to 16) */
+{
+	switch(c) {
+	case '0':		return(0x0);
+	case '1':		return(0x1);
+	case '2':		return(radix > 2 ? 0x2 : -1);
+	case '3':		return(radix > 3 ? 0x3 : -1);
+	case '4':		return(radix > 4 ? 0x4 : -1);
+	case '5':		return(radix > 5 ? 0x5 : -1);
+	case '6':		return(radix > 6 ? 0x6 : -1);
+	case '7':		return(radix > 7 ? 0x7 : -1);
+	case '8':		return(radix > 8 ? 0x8 : -1);
+	case '9':		return(radix > 9 ? 0x9 : -1);
+	case 'A': case 'a':	return(radix > 10 ? 0xa : -1);
+	case 'B': case 'b':	return(radix > 11 ? 0xb : -1);
+	case 'C': case 'c':	return(radix > 12 ? 0xc : -1);
+	case 'D': case 'd':	return(radix > 13 ? 0xd : -1);
+	case 'E': case 'e':	return(radix > 14 ? 0xe : -1);
+	case 'F': case 'f':	return(radix > 15 ? 0xf : -1);
+	}
+	/*
+	 * invalid character
+	 */
+	return(-1);
+}
+
+/*
+ * convert the key to a bit pattern
+ */
+cvtkey(obuf, ibuf)
+	char *obuf;			/* bit pattern */
+	char *ibuf;			/* the key itself */
+{
+	register int i, j;		/* counter in a for loop */
+	int nbuf[64];			/* used for hex/key translation */
+
+	/*
+	 * just switch on the key base
+	 */
+	switch(keybase) {
+	case KEY_ASCII:			/* ascii to integer */
+		(void)strncpy(obuf, ibuf, 8);
+		return;
+	case KEY_DEFAULT:		/* tell from context */
+		/*
+		 * leading '0x' or '0X' == hex key
+		 */
+		if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) {
+			ibuf = &ibuf[2];
+			/*
+			 * now translate it, bombing on any illegal hex digit
+			 */
+			for (i = 0; ibuf[i] && i < 16; i++)
+				if ((nbuf[i] = tobinhex(ibuf[i], 16)) == -1)
+					err(-1, "bad hex digit in key");
+			while (i < 16)
+				nbuf[i++] = 0;
+			for (i = 0; i < 8; i++)
+				obuf[i] =
+				    ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf);
+			/* preserve parity bits */
+			pflag = 1;
+			return;
+		}
+		/*
+		 * leading '0b' or '0B' == binary key
+		 */
+		if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) {
+			ibuf = &ibuf[2];
+			/*
+			 * now translate it, bombing on any illegal binary digit
+			 */
+			for (i = 0; ibuf[i] && i < 16; i++)
+				if ((nbuf[i] = tobinhex(ibuf[i], 2)) == -1)
+					err(-1, "bad binary digit in key");
+			while (i < 64)
+				nbuf[i++] = 0;
+			for (i = 0; i < 8; i++)
+				for (j = 0; j < 8; j++)
+					obuf[i] = (obuf[i]<<1)|nbuf[8*i+j];
+			/* preserve parity bits */
+			pflag = 1;
+			return;
+		}
+		/*
+		 * no special leader -- ASCII
+		 */
+		(void)strncpy(obuf, ibuf, 8);
+	}
+}
+
+/*
+ * convert an ASCII string into a decimal number:
+ * 1. must be between 0 and 64 inclusive
+ * 2. must be a valid decimal number
+ * 3. must be a multiple of mult
+ */
+setbits(s, mult)
+	char *s;			/* the ASCII string */
+	int mult;			/* what it must be a multiple of */
+{
+	register char *p;		/* pointer in a for loop */
+	register int n = 0;		/* the integer collected */
+
+	/*
+	 * skip white space
+	 */
+	while (isspace(*s))
+		s++;
+	/*
+	 * get the integer
+	 */
+	for (p = s; *p; p++) {
+		if (isdigit(*p))
+			n = n * 10 + *p - '0';
+		else {
+			err(-1, "bad decimal digit in MAC length");
+		}
+	}
+	/*
+	 * be sure it's a multiple of mult
+	 */
+	return((n % mult != 0) ? -1 : n);
+}
+
+/*****************
+ * DES FUNCTIONS *
+ *****************/
+/*
+ * This sets the DES key and (if you're using the deszip version)
+ * the direction of the transformation.  This uses the Sun
+ * to map the 64-bit key onto the 56 bits that the key schedule
+ * generation routines use: the old way, which just uses the user-
+ * supplied 64 bits as is, and the new way, which resets the parity
+ * bit to be the same as the low-order bit in each character.  The
+ * new way generates a greater variety of key schedules, since many
+ * systems set the parity (high) bit of each character to 0, and the
+ * DES ignores the low order bit of each character.
+ */
+makekey(buf)
+	Desbuf buf;				/* key block */
+{
+	register int i, j;			/* counter in a for loop */
+	register int par;			/* parity counter */
+
+	/*
+	 * if the parity is not preserved, flip it
+	 */
+	if (!pflag) {
+		for (i = 0; i < 8; i++) {
+			par = 0;
+			for (j = 1; j < 8; j++)
+				if ((bits[j]&UCHAR(buf, i)) != 0)
+					par++;
+			if ((par&01) == 01)
+				UCHAR(buf, i) = UCHAR(buf, i)&0177;
+			else
+				UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200;
+		}
+	}
+
+	DES_KEY(UBUFFER(buf));
+}
+
+/*
+ * This encrypts using the Electronic Code Book mode of DES
+ */
+ecbenc()
+{
+	register int n;		/* number of bytes actually read */
+	register int bn;	/* block number */
+	Desbuf msgbuf;		/* I/O buffer */
+
+	for (bn = 0; (n = READ(BUFFER(msgbuf),  8)) == 8; bn++) {
+		/*
+		 * do the transformation
+		 */
+		DES_XFORM(UBUFFER(msgbuf));
+		WRITE(BUFFER(msgbuf), 8);
+	}
+	/*
+	 * at EOF or last block -- in either case, the last byte contains
+	 * the character representation of the number of bytes in it
+	 */
+	bn++;
+	MEMZERO(&CHAR(msgbuf, n), 8 - n);
+	CHAR(msgbuf, 7) = n;
+	DES_XFORM(UBUFFER(msgbuf));
+	WRITE(BUFFER(msgbuf), 8);
+
+}
+
+/*
+ * This decrypts using the Electronic Code Book mode of DES
+ */
+ecbdec()
+{
+	register int n;		/* number of bytes actually read */
+	register int c;		/* used to test for EOF */
+	register int bn;	/* block number */
+	Desbuf msgbuf;		/* I/O buffer */
+
+	for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+		/*
+		 * do the transformation
+		 */
+		DES_XFORM(UBUFFER(msgbuf));
+		/*
+		 * if the last one, handle it specially
+		 */
+		if ((c = getchar()) == EOF) {
+			n = CHAR(msgbuf, 7);
+			if (n < 0 || n > 7)
+				err(bn, "decryption failed (block corrupted)");
+		}
+		else
+			(void)ungetc(c, stdin);
+		WRITE(BUFFER(msgbuf), n);
+	}
+	if (n > 0)
+		err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This encrypts using the Cipher Block Chaining mode of DES
+ */
+cbcenc()
+{
+	register int n;		/* number of bytes actually read */
+	register int bn;	/* block number */
+	Desbuf msgbuf;		/* I/O buffer */
+
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+		for (n = 0; n < 8; n++)
+			CHAR(msgbuf, n) ^= CHAR(ivec, n);
+		DES_XFORM(UBUFFER(msgbuf));
+		MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8);
+		WRITE(BUFFER(msgbuf), 8);
+	}
+	/*
+	 * at EOF or last block -- in either case, the last byte contains
+	 * the character representation of the number of bytes in it
+	 */
+	bn++;
+	MEMZERO(&CHAR(msgbuf, n), 8 - n);
+	CHAR(msgbuf, 7) = n;
+	for (n = 0; n < 8; n++)
+		CHAR(msgbuf, n) ^= CHAR(ivec, n);
+	DES_XFORM(UBUFFER(msgbuf));
+	WRITE(BUFFER(msgbuf), 8);
+
+}
+
+/*
+ * This decrypts using the Cipher Block Chaining mode of DES
+ */
+cbcdec()
+{
+	register int n;		/* number of bytes actually read */
+	Desbuf msgbuf;		/* I/O buffer */
+	Desbuf ibuf;		/* temp buffer for initialization vector */
+	register int c;		/* used to test for EOF */
+	register int bn;	/* block number */
+
+	for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) {
+		/*
+		 * do the transformation
+		 */
+		MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (c = 0; c < 8; c++)
+			UCHAR(msgbuf, c) ^= UCHAR(ivec, c);
+		MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8);
+		/*
+		 * if the last one, handle it specially
+		 */
+		if ((c = getchar()) == EOF) {
+			n = CHAR(msgbuf, 7);
+			if (n < 0 || n > 7)
+				err(bn, "decryption failed (block corrupted)");
+		}
+		else
+			(void)ungetc(c, stdin);
+		WRITE(BUFFER(msgbuf), n);
+	}
+	if (n > 0)
+		err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This authenticates using the Cipher Block Chaining mode of DES
+ */
+cbcauth()
+{
+	register int n, j;		/* number of bytes actually read */
+	Desbuf msgbuf;		/* I/O buffer */
+	Desbuf encbuf;		/* encryption buffer */
+
+	/*
+	 * do the transformation
+	 * note we DISCARD the encrypted block;
+	 * we only care about the last one
+	 */
+	while ((n = READ(BUFFER(msgbuf), 8)) == 8) {
+		for (n = 0; n < 8; n++)
+			CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n);
+		DES_XFORM(UBUFFER(encbuf));
+		MEMCPY(BUFFER(ivec), BUFFER(encbuf), 8);
+	}
+	/*
+	 * now compute the last one, right padding with '\0' if need be
+	 */
+	if (n > 0) {
+		MEMZERO(&CHAR(msgbuf, n), 8 - n);
+		for (n = 0; n < 8; n++)
+			CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n);
+		DES_XFORM(UBUFFER(encbuf));
+	}
+	/*
+	 * drop the bits
+	 * we write chars until fewer than 7 bits,
+	 * and then pad the last one with 0 bits
+	 */
+	for (n = 0; macbits > 7; n++, macbits -= 8)
+		(void)putchar(CHAR(encbuf, n));
+	if (macbits > 0) {
+		CHAR(msgbuf, 0) = 0x00;
+		for (j = 0; j < macbits; j++)
+			CHAR(msgbuf, 0) |= (CHAR(encbuf, n)&bits[j]);
+		(void)putchar(CHAR(msgbuf, 0));
+	}
+}
+
+/*
+ * This encrypts using the Cipher FeedBack mode of DES
+ */
+cfbenc()
+{
+	register int n;		/* number of bytes actually read */
+	register int nbytes;	/* number of bytes to read */
+	register int bn;	/* block number */
+	char ibuf[8];		/* input buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 8;
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (n = 0; n < 8 - nbytes; n++)
+			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+		for (n = 0; n < nbytes; n++)
+			UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n);
+		WRITE(&CHAR(ivec, 8-nbytes), nbytes);
+	}
+	/*
+	 * at EOF or last block -- in either case, the last byte contains
+	 * the character representation of the number of bytes in it
+	 */
+	bn++;
+	MEMZERO(&ibuf[n], nbytes - n);
+	ibuf[nbytes - 1] = n;
+	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+	DES_XFORM(UBUFFER(msgbuf));
+	for (n = 0; n < nbytes; n++)
+		ibuf[n] ^= UCHAR(msgbuf, n);
+	WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the Cipher Block Chaining mode of DES
+ */
+cfbdec()
+{
+	register int n;		/* number of bytes actually read */
+	register int c;		/* used to test for EOF */
+	register int nbytes;	/* number of bytes to read */
+	register int bn;	/* block number */
+	char ibuf[8];		/* input buffer */
+	char obuf[8];		/* output buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 8;
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (c = 0; c < 8 - nbytes; c++)
+			CHAR(ivec, c) = CHAR(ivec, c+nbytes);
+		for (c = 0; c < nbytes; c++) {
+			CHAR(ivec, 8-nbytes+c) = ibuf[c];
+			obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c);
+		}
+		/*
+		 * if the last one, handle it specially
+		 */
+		if ((c = getchar()) == EOF) {
+			n = obuf[nbytes-1];
+			if (n < 0 || n > nbytes-1)
+				err(bn, "decryption failed (block corrupted)");
+		}
+		else
+			(void)ungetc(c, stdin);
+		WRITE(obuf, n);
+	}
+	if (n > 0)
+		err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This encrypts using the alternative Cipher FeedBack mode of DES
+ */
+cfbaenc()
+{
+	register int n;		/* number of bytes actually read */
+	register int nbytes;	/* number of bytes to read */
+	register int bn;	/* block number */
+	char ibuf[8];		/* input buffer */
+	char obuf[8];		/* output buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 7;
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (n = 0; n < 8 - nbytes; n++)
+			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+		for (n = 0; n < nbytes; n++)
+			UCHAR(ivec, 8-nbytes+n) = (ibuf[n] ^ UCHAR(msgbuf, n))
+							|0200;
+		for (n = 0; n < nbytes; n++)
+			obuf[n] = CHAR(ivec, 8-nbytes+n)&0177;
+		WRITE(obuf, nbytes);
+	}
+	/*
+	 * at EOF or last block -- in either case, the last byte contains
+	 * the character representation of the number of bytes in it
+	 */
+	bn++;
+	MEMZERO(&ibuf[n], nbytes - n);
+	ibuf[nbytes - 1] = ('0' + n)|0200;
+	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+	DES_XFORM(UBUFFER(msgbuf));
+	for (n = 0; n < nbytes; n++)
+		ibuf[n] ^= UCHAR(msgbuf, n);
+	WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the alternative Cipher Block Chaining mode of DES
+ */
+cfbadec()
+{
+	register int n;		/* number of bytes actually read */
+	register int c;		/* used to test for EOF */
+	register int nbytes;	/* number of bytes to read */
+	register int bn;	/* block number */
+	char ibuf[8];		/* input buffer */
+	char obuf[8];		/* output buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 7;
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (c = 0; c < 8 - nbytes; c++)
+			CHAR(ivec, c) = CHAR(ivec, c+nbytes);
+		for (c = 0; c < nbytes; c++) {
+			CHAR(ivec, 8-nbytes+c) = ibuf[c]|0200;
+			obuf[c] = (ibuf[c] ^ UCHAR(msgbuf, c))&0177;
+		}
+		/*
+		 * if the last one, handle it specially
+		 */
+		if ((c = getchar()) == EOF) {
+			if ((n = (obuf[nbytes-1] - '0')) < 0
+						|| n > nbytes-1)
+				err(bn, "decryption failed (block corrupted)");
+		}
+		else
+			(void)ungetc(c, stdin);
+		WRITE(obuf, n);
+	}
+	if (n > 0)
+		err(bn, "decryption failed (incomplete block)");
+}
+
+
+/*
+ * This encrypts using the Output FeedBack mode of DES
+ */
+ofbenc()
+{
+	register int n;		/* number of bytes actually read */
+	register int c;		/* used to test for EOF */
+	register int nbytes;	/* number of bytes to read */
+	register int bn;	/* block number */
+	char ibuf[8];		/* input buffer */
+	char obuf[8];		/* output buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 8;
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (n = 0; n < 8 - nbytes; n++)
+			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+		for (n = 0; n < nbytes; n++) {
+			UCHAR(ivec, 8-nbytes+n) = UCHAR(msgbuf, n);
+			obuf[n] = ibuf[n] ^ UCHAR(msgbuf, n);
+		}
+		WRITE(obuf, nbytes);
+	}
+	/*
+	 * at EOF or last block -- in either case, the last byte contains
+	 * the character representation of the number of bytes in it
+	 */
+	bn++;
+	MEMZERO(&ibuf[n], nbytes - n);
+	ibuf[nbytes - 1] = n;
+	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+	DES_XFORM(UBUFFER(msgbuf));
+	for (c = 0; c < nbytes; c++)
+		ibuf[c] ^= UCHAR(msgbuf, c);
+	WRITE(ibuf, nbytes);
+}
+
+/*
+ * This decrypts using the Output Block Chaining mode of DES
+ */
+ofbdec()
+{
+	register int n;		/* number of bytes actually read */
+	register int c;		/* used to test for EOF */
+	register int nbytes;	/* number of bytes to read */
+	register int bn;	/* block number */
+	char ibuf[8];		/* input buffer */
+	char obuf[8];		/* output buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 8;
+	/*
+	 * do the transformation
+	 */
+	for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (c = 0; c < 8 - nbytes; c++)
+			CHAR(ivec, c) = CHAR(ivec, c+nbytes);
+		for (c = 0; c < nbytes; c++) {
+			CHAR(ivec, 8-nbytes+c) = UCHAR(msgbuf, c);
+			obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c);
+		}
+		/*
+		 * if the last one, handle it specially
+		 */
+		if ((c = getchar()) == EOF) {
+			n = obuf[nbytes-1];
+			if (n < 0 || n > nbytes-1)
+				err(bn, "decryption failed (block corrupted)");
+		}
+		else
+			(void)ungetc(c, stdin);
+		/*
+		 * dump it
+		 */
+		WRITE(obuf, n);
+	}
+	if (n > 0)
+		err(bn, "decryption failed (incomplete block)");
+}
+
+/*
+ * This authenticates using the Cipher FeedBack mode of DES
+ */
+cfbauth()
+{
+	register int n, j;	/* number of bytes actually read */
+	register int nbytes;	/* number of bytes to read */
+	char ibuf[8];		/* input buffer */
+	Desbuf msgbuf;		/* encryption buffer */
+
+	/*
+	 * do things in bytes, not bits
+	 */
+	nbytes = fbbits / 8;
+	/*
+	 * do the transformation
+	 */
+	while ((n = READ(ibuf, nbytes)) == nbytes) {
+		MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+		DES_XFORM(UBUFFER(msgbuf));
+		for (n = 0; n < 8 - nbytes; n++)
+			UCHAR(ivec, n) = UCHAR(ivec, n+nbytes);
+		for (n = 0; n < nbytes; n++)
+			UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n);
+	}
+	/*
+	 * at EOF or last block -- in either case, the last byte contains
+	 * the character representation of the number of bytes in it
+	 */
+	MEMZERO(&ibuf[n], nbytes - n);
+	ibuf[nbytes - 1] = '0' + n;
+	MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8);
+	DES_XFORM(UBUFFER(msgbuf));
+	for (n = 0; n < nbytes; n++)
+		ibuf[n] ^= UCHAR(msgbuf, n);
+	/*
+	 * drop the bits
+	 * we write chars until fewer than 7 bits,
+	 * and then pad the last one with 0 bits
+	 */
+	for (n = 0; macbits > 7; n++, macbits -= 8)
+		(void)putchar(CHAR(msgbuf, n));
+	if (macbits > 0) {
+		CHAR(msgbuf, 0) = 0x00;
+		for (j = 0; j < macbits; j++)
+			CHAR(msgbuf, 0) |= (CHAR(msgbuf, n)&bits[j]);
+		(void)putchar(CHAR(msgbuf, 0));
+	}
+}
+
+#ifndef FASTWAY
+/*
+ * change from 8 bits/Uchar to 1 bit/Uchar
+ */
+expand(from, to)
+	Desbuf from;			/* 8bit/unsigned char string */
+	char *to;			/* 1bit/char string */
+{
+	register int i, j;		/* counters in for loop */
+
+	for (i = 0; i < 8; i++)
+		for (j = 0; j < 8; j++)
+			*to++ = (CHAR(from, i)>>(7-j))&01;
+}
+
+/*
+ * change from 1 bit/char to 8 bits/Uchar
+ */
+compress(from, to)
+	char *from;			/* 1bit/char string */
+	Desbuf to;			/* 8bit/unsigned char string */
+{
+	register int i, j;		/* counters in for loop */
+
+	for (i = 0; i < 8; i++) {
+	 	CHAR(to, i) = 0;
+		for (j = 0; j < 8; j++)
+			CHAR(to, i) = ((*from++)<<(7-j))|CHAR(to, i);
+	}
+}
+#endif
+
+/*
+ * message about usage
+ */
+usage()
+{
+	(void)fprintf(stderr, "%s\n",
+"usage: bdes [-abdp] [-F bit] [-f bit] [-k key] [-m bit] [-o bit] [-v vector]");
+	exit(1);
+}
diff --git a/secure/usr.bin/bdes/bdes.ps b/secure/usr.bin/bdes/bdes.ps
new file mode 100644
index 0000000..471c267
--- /dev/null
+++ b/secure/usr.bin/bdes/bdes.ps
@@ -0,0 +1,2945 @@
+%!
+%%BoundingBox: (atend)
+%%Pages: (atend)
+%%DocumentFonts: (atend)
+%%EndComments
+%
+% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0
+% Copyright (c) 1986,87,89 by Frame Technology, Inc.  All rights reserved.
+%
+% Known Problems:
+%	Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1
+/FMversion (2.0) def 
+% Set up Color vs. Black-and-White
+	/FMPrintInColor systemdict /colorimage known def
+% Uncomment this line to force b&w on color printer
+%   /FMPrintInColor false def
+/FrameDict 190 dict def 
+systemdict /errordict known not {/errordict 10 dict def
+		errordict /rangecheck {stop} put} if
+% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk
+FrameDict /tmprangecheck errordict /rangecheck get put 
+errordict /rangecheck {FrameDict /bug true put} put 
+FrameDict /bug false put 
+mark 
+% Some PS machines read past the CR, so keep the following 3 lines together!
+currentfile 5 string readline
+00
+0000000000
+cleartomark 
+errordict /rangecheck FrameDict /tmprangecheck get put 
+FrameDict /bug get { 
+	/readline {
+		/gstring exch def
+		/gfile exch def
+		/gindex 0 def
+		{
+			gfile read pop 
+			dup 10 eq {exit} if 
+			dup 13 eq {exit} if 
+			gstring exch gindex exch put 
+			/gindex gindex 1 add def 
+		} loop
+		pop 
+		gstring 0 gindex getinterval true 
+		} def
+	} if
+/FMVERSION {
+	FMversion ne {
+		/Times-Roman findfont 18 scalefont setfont
+		100 100 moveto
+		(FrameMaker version does not match postscript_prolog!)
+		dup =
+		show showpage
+		} if
+	} def 
+/FMLOCAL {
+	FrameDict begin
+	0 def 
+	end 
+	} def 
+	/gstring FMLOCAL
+	/gfile FMLOCAL
+	/gindex FMLOCAL
+	/orgxfer FMLOCAL
+	/orgproc FMLOCAL
+	/organgle FMLOCAL
+	/orgfreq FMLOCAL
+	/yscale FMLOCAL
+	/xscale FMLOCAL
+	/manualfeed FMLOCAL
+	/paperheight FMLOCAL
+	/paperwidth FMLOCAL
+/FMDOCUMENT { 
+	array /FMfonts exch def 
+	/#copies exch def
+	FrameDict begin
+	0 ne dup {setmanualfeed} if
+	/manualfeed exch def
+	/paperheight exch def
+	/paperwidth exch def
+	setpapername
+	manualfeed {true} {papersize} ifelse 
+	{manualpapersize} {false} ifelse 
+	{desperatepapersize} if
+	/yscale exch def
+	/xscale exch def
+	currenttransfer cvlit /orgxfer exch def
+	currentscreen cvlit /orgproc exch def
+	/organgle exch def /orgfreq exch def
+	end 
+	} def 
+	/pagesave FMLOCAL
+	/orgmatrix FMLOCAL
+	/landscape FMLOCAL
+/FMBEGINPAGE { 
+	FrameDict begin 
+	/pagesave save def
+	3.86 setmiterlimit
+	/landscape exch 0 ne def
+	landscape { 
+		90 rotate 0 exch neg translate pop 
+		}
+		{pop pop}
+		ifelse
+	xscale yscale scale
+	/orgmatrix matrix def
+	gsave 
+	} def 
+/FMENDPAGE {
+	grestore 
+	pagesave restore
+	end 
+	showpage
+	} def 
+/FMDEFINEFONT { 
+	FrameDict begin
+	findfont 
+	ReEncode 
+	2 index exch 
+	definefont exch 
+	scalefont 
+	FMfonts 3 1 roll 
+	put
+	end 
+	} bind def
+/FMNORMALIZEGRAPHICS { 
+	newpath
+	0.0 0.0 moveto
+	1 setlinewidth
+	0 setlinecap
+	0 0 0 sethsbcolor
+	0 setgray 
+	} bind def
+	/fx FMLOCAL
+	/fy FMLOCAL
+	/fh FMLOCAL
+	/fw FMLOCAL
+	/llx FMLOCAL
+	/lly FMLOCAL
+	/urx FMLOCAL
+	/ury FMLOCAL
+/FMBEGINEPSF { 
+	end 
+	/FMEPSF save def 
+	/showpage {} def 
+	FMNORMALIZEGRAPHICS 
+	[/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall 
+	fx fy translate 
+	rotate
+	fw urx llx sub div fh ury lly sub div scale 
+	llx neg lly neg translate 
+	} bind def
+/FMENDEPSF {
+	FMEPSF restore
+	FrameDict begin 
+	} bind def
+FrameDict begin 
+/setmanualfeed {
+%%BeginFeature *ManualFeed True
+	 statusdict /manualfeed true put
+%%EndFeature
+	} def
+/max {2 copy lt {exch} if pop} bind def
+/min {2 copy gt {exch} if pop} bind def
+/inch {72 mul} def
+/pagedimen { 
+	paperheight sub abs 16 lt exch 
+	paperwidth sub abs 16 lt and
+	{/papername exch def} {pop} ifelse
+	} def
+	/papersizedict FMLOCAL
+/setpapername { 
+	/papersizedict 14 dict def 
+	papersizedict begin
+	/papername /unknown def 
+		/Letter 8.5 inch 11.0 inch pagedimen
+		/LetterSmall 7.68 inch 10.16 inch pagedimen
+		/Tabloid 11.0 inch 17.0 inch pagedimen
+		/Ledger 17.0 inch 11.0 inch pagedimen
+		/Legal 8.5 inch 14.0 inch pagedimen
+		/Statement 5.5 inch 8.5 inch pagedimen
+		/Executive 7.5 inch 10.0 inch pagedimen
+		/A3 11.69 inch 16.5 inch pagedimen
+		/A4 8.26 inch 11.69 inch pagedimen
+		/A4Small 7.47 inch 10.85 inch pagedimen
+		/B4 10.125 inch 14.33 inch pagedimen
+		/B5 7.16 inch 10.125 inch pagedimen
+	end
+	} def
+/papersize {
+	papersizedict begin
+		/Letter {lettertray} def
+		/LetterSmall {lettertray lettersmall} def
+		/Tabloid {11x17tray} def
+		/Ledger {ledgertray} def
+		/Legal {legaltray} def
+		/Statement {statementtray} def
+		/Executive {executivetray} def
+		/A3 {a3tray} def
+		/A4 {a4tray} def
+		/A4Small {a4tray a4small} def
+		/B4 {b4tray} def
+		/B5 {b5tray} def
+		/unknown {unknown} def
+	papersizedict dup papername known {papername} {/unknown} ifelse get
+	end
+	/FMdicttop countdictstack 1 add def
+	statusdict begin stopped end 
+	countdictstack -1 FMdicttop {pop end} for
+	} def
+/manualpapersize {
+	papersizedict begin
+		/Letter {letter} def
+		/LetterSmall {lettersmall} def
+		/Tabloid {11x17} def
+		/Ledger {ledger} def
+		/Legal {legal} def
+		/Statement {statement} def
+		/Executive {executive} def
+		/A3 {a3} def
+		/A4 {a4} def
+		/A4Small {a4small} def
+		/B4 {b4} def
+		/B5 {b5} def
+		/unknown {unknown} def
+	papersizedict dup papername known {papername} {/unknown} ifelse get
+	end
+	stopped 
+	} def
+/desperatepapersize {
+	statusdict /setpageparams known
+		{
+		paperwidth paperheight 0 1 
+		statusdict begin
+		{setpageparams} stopped pop 
+		end
+		} if
+	} def
+/savematrix {
+	orgmatrix currentmatrix pop
+	} bind def
+/restorematrix {
+	orgmatrix setmatrix
+	} bind def
+/dmatrix matrix def
+/dpi    72 0 dmatrix defaultmatrix dtransform
+    dup mul exch   dup mul add   sqrt def
+/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def
+/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def
+/DiacriticEncoding [
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl
+/numbersign /dollar /percent /ampersand /quotesingle /parenleft
+/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
+/two /three /four /five /six /seven /eight /nine /colon /semicolon
+/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K
+/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash
+/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h
+/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar
+/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute
+/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis
+/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis
+/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve
+/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex
+/udieresis /dagger /.notdef /cent /sterling /section /bullet
+/paragraph /germandbls /registered /copyright /trademark /acute
+/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef
+/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown
+/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef
+/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde
+/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright
+/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis
+/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl
+/periodcentered /quotesinglbase /quotedblbase /perthousand
+/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute
+/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve
+/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron
+/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
+] def
+/ReEncode { 
+	dup 
+	length 
+	dict begin 
+	{
+	1 index /FID ne 
+		{def} 
+		{pop pop} ifelse 
+	} forall
+	Encoding StandardEncoding eq 
+	{
+		/Encoding DiacriticEncoding def
+	}if
+	currentdict 
+	end 
+	} bind def
+/graymode true def
+	/bwidth FMLOCAL
+	/bpside FMLOCAL
+	/bstring FMLOCAL
+	/onbits FMLOCAL
+	/offbits FMLOCAL
+	/xindex FMLOCAL
+	/yindex FMLOCAL
+	/x FMLOCAL
+	/y FMLOCAL
+/setpattern {
+	 /bwidth  exch def
+	 /bpside  exch def
+	 /bstring exch def
+	 /onbits 0 def  /offbits 0 def
+	 freq sangle landscape {90 add} if 
+		{/y exch def
+		 /x exch def
+		 /xindex x 1 add 2 div bpside mul cvi def
+		 /yindex y 1 add 2 div bpside mul cvi def
+		 bstring yindex bwidth mul xindex 8 idiv add get
+		 1 7 xindex 8 mod sub bitshift and 0 ne
+		 {/onbits  onbits  1 add def 1}
+		 {/offbits offbits 1 add def 0}
+		 ifelse
+		}
+		setscreen
+	 {} settransfer
+	 offbits offbits onbits add div FMsetgray
+	/graymode false def
+	} bind def
+/grayness {
+	FMsetgray
+	graymode not {
+		/graymode true def
+		orgxfer cvx settransfer
+		orgfreq organgle orgproc cvx setscreen
+		} if
+	} bind def
+	/HUE FMLOCAL
+	/SAT FMLOCAL
+	/BRIGHT FMLOCAL
+	/Colors FMLOCAL
+FMPrintInColor 
+	
+	{
+	/HUE 0 def
+	/SAT 0 def
+	/BRIGHT 0 def
+	% array of arrays Hue and Sat values for the separations [HUE BRIGHT]
+	/Colors   
+	[[0    0  ]    % black
+	 [0    0  ]    % white
+	 [0.00 1.0]    % red
+	 [0.37 1.0]    % green
+	 [0.60 1.0]    % blue
+	 [0.50 1.0]    % cyan
+	 [0.83 1.0]    % magenta
+	 [0.16 1.0]    % comment / yellow
+	 ] def
+      
+	/BEGINBITMAPCOLOR { 
+		BITMAPCOLOR} def
+	/BEGINBITMAPCOLORc { 
+		BITMAPCOLORc} def
+	/K { 
+		Colors exch get dup
+		0 get /HUE exch store 
+		1 get /BRIGHT exch store
+		  HUE 0 eq BRIGHT 0 eq and
+			{1.0 SAT sub setgray}
+			{HUE SAT BRIGHT sethsbcolor} 
+		  ifelse
+		} def
+	/FMsetgray { 
+		/SAT exch 1.0 exch sub store 
+		  HUE 0 eq BRIGHT 0 eq and
+			{1.0 SAT sub setgray}
+			{HUE SAT BRIGHT sethsbcolor} 
+		  ifelse
+		} bind def
+	}
+	
+	{
+	/BEGINBITMAPCOLOR { 
+		BITMAPGRAY} def
+	/BEGINBITMAPCOLORc { 
+		BITMAPGRAYc} def
+	/FMsetgray {setgray} bind def
+	/K { 
+		pop
+		} def
+	}
+ifelse
+/normalize {
+	transform round exch round exch itransform
+	} bind def
+/dnormalize {
+	dtransform round exch round exch idtransform
+	} bind def
+/lnormalize { 
+	0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop
+	} bind def
+/H { 
+	lnormalize setlinewidth
+	} bind def
+/Z {
+	setlinecap
+	} bind def
+/X { 
+	fillprocs exch get exec
+	} bind def
+/V { 
+	gsave eofill grestore
+	} bind def
+/N { 
+	stroke
+	} bind def
+/M {newpath moveto} bind def
+/E {lineto} bind def
+/D {curveto} bind def
+/O {closepath} bind def
+	/n FMLOCAL
+/L { 
+ 	/n exch def
+	newpath
+	normalize
+	moveto 
+	2 1 n {pop normalize lineto} for
+	} bind def
+/Y { 
+	L 
+	closepath
+	} bind def
+	/x1 FMLOCAL
+	/x2 FMLOCAL
+	/y1 FMLOCAL
+	/y2 FMLOCAL
+	/rad FMLOCAL
+/R { 
+	/y2 exch def
+	/x2 exch def
+	/y1 exch def
+	/x1 exch def
+	x1 y1
+	x2 y1
+	x2 y2
+	x1 y2
+	4 Y 
+	} bind def
+/RR { 
+	/rad exch def
+	normalize
+	/y2 exch def
+	/x2 exch def
+	normalize
+	/y1 exch def
+	/x1 exch def
+	newpath
+	x1 y1 rad add moveto
+	x1 y2 x2 y2 rad arcto
+	x2 y2 x2 y1 rad arcto
+	x2 y1 x1 y1 rad arcto
+	x1 y1 x1 y2 rad arcto
+	closepath
+	16 {pop} repeat
+	} bind def
+/C { 
+	grestore
+	gsave
+	R 
+	clip
+	} bind def
+/U { 
+	grestore
+	gsave
+	} bind def
+/F { 
+	FMfonts exch get
+	setfont
+	} bind def
+/T { 
+	moveto show
+	} bind def
+/RF { 
+	rotate
+	0 ne {-1 1 scale} if
+	} bind def
+/TF { 
+	gsave
+	moveto 
+	RF
+	show
+	grestore
+	} bind def
+/P { 
+	moveto
+	0 32 3 2 roll widthshow
+	} bind def
+/PF { 
+	gsave
+	moveto 
+	RF
+	0 32 3 2 roll widthshow
+	grestore
+	} bind def
+/S { 
+	moveto
+	0 exch ashow
+	} bind def
+/SF { 
+	gsave
+	moveto
+	RF
+	0 exch ashow
+	grestore
+	} bind def
+/B { 
+	moveto
+	0 32 4 2 roll 0 exch awidthshow
+	} bind def
+/BF { 
+	gsave
+	moveto
+	RF
+	0 32 4 2 roll 0 exch awidthshow
+	grestore
+	} bind def
+	/x FMLOCAL
+	/y FMLOCAL
+	/dx FMLOCAL
+	/dy FMLOCAL
+	/dl FMLOCAL
+	/t FMLOCAL
+	/t2 FMLOCAL
+	/Cos FMLOCAL
+	/Sin FMLOCAL
+	/r FMLOCAL
+/W { 
+	dnormalize
+	/dy exch def
+	/dx exch def
+	normalize
+	/y  exch def
+	/x  exch def
+	/dl dx dx mul dy dy mul add sqrt def
+	dl 0.0 gt {
+		/t currentlinewidth def
+		savematrix
+		/Cos dx dl div def
+		/Sin dy dl div def
+		/r [Cos Sin Sin neg Cos 0.0 0.0] def
+		/t2 t 2.5 mul 3.5 max def
+		newpath
+		x y translate
+		r concat
+		0.0 0.0 moveto
+		dl t 2.7 mul sub 0.0 rlineto
+		stroke
+		restorematrix
+		x dx add y dy add translate
+		r concat
+		t 0.67 mul setlinewidth
+		t 1.61 mul neg  0.0 translate
+		0.0 0.0 moveto
+		t2 1.7 mul neg  t2 2.0 div     moveto
+		0.0 0.0 lineto
+		t2 1.7 mul neg  t2 2.0 div neg lineto
+		stroke
+		t setlinewidth
+		restorematrix
+		} if
+	} bind def
+/G { 
+	gsave
+	newpath
+	normalize translate 0.0 0.0 moveto 
+	dnormalize scale 
+	0.0 0.0 1.0 5 3 roll arc 
+	closepath fill
+	grestore
+	} bind def
+/A { 
+	gsave
+	savematrix
+	newpath
+	2 index 2 div add exch 3 index 2 div sub exch 
+	normalize 2 index 2 div sub exch 3 index 2 div add exch 
+	translate 
+	scale 
+	0.0 0.0 1.0 5 3 roll arc 
+	restorematrix
+	stroke
+	grestore
+	} bind def
+	/x FMLOCAL
+	/y FMLOCAL
+	/w FMLOCAL
+	/h FMLOCAL
+	/xx FMLOCAL
+	/yy FMLOCAL
+	/ww FMLOCAL
+	/hh FMLOCAL
+	/FMsaveobject FMLOCAL
+	/FMoptop FMLOCAL
+	/FMdicttop FMLOCAL
+/BEGINPRINTCODE { 
+	/FMdicttop countdictstack 1 add def 
+	/FMoptop count 4 sub def 
+	/FMsaveobject save def
+	userdict begin 
+	/showpage {} def 
+	FMNORMALIZEGRAPHICS 
+	3 index neg 3 index neg translate
+	} bind def
+/ENDPRINTCODE {
+	count -1 FMoptop {pop pop} for 
+	countdictstack -1 FMdicttop {pop end} for 
+	FMsaveobject restore 
+	} bind def
+/gn { 
+	0 
+	{	46 mul 
+		cf read pop 
+		32 sub 
+		dup 46 lt {exit} if 
+		46 sub add 
+		} loop
+	add 
+	} bind def
+	/str FMLOCAL
+/cfs { 
+	/str sl string def 
+	0 1 sl 1 sub {str exch val put} for 
+	str def 
+	} bind def
+/ic [ 
+	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
+	0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223
+	0
+	{0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx}
+	{10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx}
+	{19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12}
+	{13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh}
+	{4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh}
+	{13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl}
+	{7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl}
+	{0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl}
+	{10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl}
+	] def
+	/sl FMLOCAL
+	/val FMLOCAL
+	/ws FMLOCAL
+	/im FMLOCAL
+	/bs FMLOCAL
+	/cs FMLOCAL
+	/len FMLOCAL
+	/pos FMLOCAL
+/ms { 
+	/sl exch def 
+	/val 255 def 
+	/ws cfs 
+	/im cfs 
+	/val 0 def 
+	/bs cfs 
+	/cs cfs 
+	} bind def
+400 ms 
+/ip { 
+	is 
+	0 
+	cf cs readline pop 
+	{	ic exch get exec 
+		add 
+		} forall 
+	pop 
+	
+	} bind def
+/wh { 
+	/len exch def 
+	/pos exch def 
+	ws 0 len getinterval im pos len getinterval copy pop
+	pos len 
+	} bind def
+/bl { 
+	/len exch def 
+	/pos exch def 
+	bs 0 len getinterval im pos len getinterval copy pop
+	pos len 
+	} bind def
+/s1 1 string def
+/fl { 
+	/len exch def 
+	/pos exch def 
+	/val cf s1 readhexstring pop 0 get def
+	pos 1 pos len add 1 sub {im exch val put} for
+	pos len 
+	} bind def
+/hx { 
+	3 copy getinterval 
+	cf exch readhexstring pop pop 
+	} bind def
+	/h FMLOCAL
+	/w FMLOCAL
+	/d FMLOCAL
+	/lb FMLOCAL
+	/bitmapsave FMLOCAL
+	/is FMLOCAL
+	/cf FMLOCAL
+/wbytes { 
+	dup 
+	8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse
+	} bind def
+/BEGINBITMAPBWc { 
+	1 {} COMMONBITMAPc
+	} bind def
+/BEGINBITMAPGRAYc { 
+	8 {} COMMONBITMAPc
+	} bind def
+/BEGINBITMAP2BITc { 
+	2 {} COMMONBITMAPc
+	} bind def
+/COMMONBITMAPc { 
+	/r exch def
+	/d exch def
+	gsave
+	translate rotate scale /h exch def /w exch def
+	/lb w d wbytes def 
+	sl lb lt {lb ms} if 
+	/bitmapsave save def 
+	r                    
+	/is im 0 lb getinterval def 
+	ws 0 lb getinterval is copy pop 
+	/cf currentfile def 
+	w h d [w 0 0 h neg 0 h] 
+	{ip} image 
+	bitmapsave restore 
+	grestore
+	} bind def
+/BEGINBITMAPBW { 
+	1 {} COMMONBITMAP
+	} bind def
+/BEGINBITMAPGRAY { 
+	8 {} COMMONBITMAP
+	} bind def
+/BEGINBITMAP2BIT { 
+	2 {} COMMONBITMAP
+	} bind def
+/COMMONBITMAP { 
+	/r exch def
+	/d exch def
+	gsave
+	translate rotate scale /h exch def /w exch def
+	/bitmapsave save def 
+	r                    
+	/is w d wbytes string def
+	/cf currentfile def 
+	w h d [w 0 0 h neg 0 h] 
+	{cf is readhexstring pop} image
+	bitmapsave restore 
+	grestore
+	} bind def
+	/proc1 FMLOCAL
+	/proc2 FMLOCAL
+	/newproc FMLOCAL
+/Fmcc {
+    /proc2 exch cvlit def
+    /proc1 exch cvlit def
+    /newproc proc1 length proc2 length add array def
+    newproc 0 proc1 putinterval
+    newproc proc1 length proc2 putinterval
+    newproc cvx
+} bind def
+/ngrayt 256 array def
+/nredt 256 array def
+/nbluet 256 array def
+/ngreent 256 array def
+	/gryt FMLOCAL
+	/blut FMLOCAL
+	/grnt FMLOCAL
+	/redt FMLOCAL
+	/indx FMLOCAL
+	/cynu FMLOCAL
+	/magu FMLOCAL
+	/yelu FMLOCAL
+	/k FMLOCAL
+	/u FMLOCAL
+/colorsetup {
+	currentcolortransfer
+	/gryt exch def
+	/blut exch def
+	/grnt exch def
+	/redt exch def
+	0 1 255 {
+		/indx exch def
+		/cynu 1 red indx get 255 div sub def
+		/magu 1 green indx get 255 div sub def
+		/yelu 1 blue indx get 255 div sub def
+		/k cynu magu min yelu min def
+		/u k currentundercolorremoval exec def
+		nredt indx 1 0 cynu u sub max sub redt exec put
+		ngreent indx 1 0 magu u sub max sub grnt exec put
+		nbluet indx 1 0 yelu u sub max sub blut exec put
+		ngrayt indx 1 k currentblackgeneration exec sub gryt exec put
+	} for
+	{255 mul cvi nredt exch get}
+	{255 mul cvi ngreent exch get}
+	{255 mul cvi nbluet exch get}
+	{255 mul cvi ngrayt exch get}
+	setcolortransfer
+	{pop 0} setundercolorremoval
+	{} setblackgeneration
+	} bind def
+	/tran FMLOCAL
+/fakecolorsetup {
+	/tran 256 string def
+	0 1 255 {/indx exch def 
+		tran indx
+		red indx get 77 mul
+		green indx get 151 mul
+		blue indx get 28 mul
+		add add 256 idiv put} for
+	currenttransfer
+	{255 mul cvi tran exch get 255.0 div}
+	exch Fmcc settransfer
+} bind def
+/BITMAPCOLOR { 
+	/d 8 def
+	gsave
+	translate rotate scale /h exch def /w exch def
+	/bitmapsave save def 
+	colorsetup
+	/is w d wbytes string def
+	/cf currentfile def 
+	w h d [w 0 0 h neg 0 h] 
+	{cf is readhexstring pop} {is} {is} true 3 colorimage 
+	bitmapsave restore 
+	grestore
+	} bind def
+/BITMAPCOLORc { 
+	/d 8 def
+	gsave
+	translate rotate scale /h exch def /w exch def
+	/lb w d wbytes def 
+	sl lb lt {lb ms} if 
+	/bitmapsave save def 
+	colorsetup
+	/is im 0 lb getinterval def 
+	ws 0 lb getinterval is copy pop 
+	/cf currentfile def 
+	w h d [w 0 0 h neg 0 h] 
+	{ip} {is} {is} true 3 colorimage
+	bitmapsave restore 
+	grestore
+	} bind def
+/BITMAPGRAY { 
+	8 {fakecolorsetup} COMMONBITMAP
+	} bind def
+/BITMAPGRAYc { 
+	8 {fakecolorsetup} COMMONBITMAPc
+	} bind def
+/ENDBITMAP {
+	} bind def
+end 
+%%EndProlog
+%%BeginSetup
+(2.0) FMVERSION
+1 1 612 792 0 1 16 FMDOCUMENT
+/fillprocs 32 array def
+fillprocs 0 { 0.000000 grayness } put
+fillprocs 1 { 0.100000 grayness } put
+fillprocs 2 { 0.300000 grayness } put
+fillprocs 3 { 0.500000 grayness } put
+fillprocs 4 { 0.700000 grayness } put
+fillprocs 5 { 0.900000 grayness } put
+fillprocs 6 { 0.970000 grayness } put
+fillprocs 7 { 1.000000 grayness } put
+fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put
+fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put
+fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put
+fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put
+fillprocs 12 {<8142241818244281> 8 1 setpattern } put
+fillprocs 13 {<8040201008040201> 8 1 setpattern } put
+fillprocs 14 {<03060c183060c081> 8 1 setpattern } put
+fillprocs 15 {} put
+fillprocs 16 { 1.000000 grayness } put
+fillprocs 17 { 0.900000 grayness } put
+fillprocs 18 { 0.700000 grayness } put
+fillprocs 19 { 0.500000 grayness } put
+fillprocs 20 { 0.300000 grayness } put
+fillprocs 21 { 0.100000 grayness } put
+fillprocs 22 { 0.030000 grayness } put
+fillprocs 23 { 0.000000 grayness } put
+fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put
+fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put
+fillprocs 26 {<3333333333333333> 8 1 setpattern } put
+fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put
+fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put
+fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put
+fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put
+fillprocs 31 {} put
+%%EndSetup
+0 12 /Helvetica-Bold FMDEFINEFONT
+1 12 /Helvetica-BoldOblique FMDEFINEFONT
+%%Page: "-1" 1
+%%BeginPaperSize: Letter
+%%EndPaperSize
+612 792 0 FMBEGINPAGE
+144 144 468 396 R
+7 X
+0 K
+V
+0 F
+0 X
+1.2 (IMPLEMENT) 178.34 388 S
+1.2 (A) 258.88 388 S
+1.2 (TION NOTES ON ) 267.85 388 S
+1 F
+1.2 (bdes) 382.61 388 S
+0 F
+1.2 (\0501\051) 415.4 388 S
+1.2 (Matt Bishop) 265.09 338 S
+1.2 (T) 197.74 288 S
+1.2 (echnical Report PCS-TR91-158) 205.38 288 S
+FMENDPAGE
+%%EndPage: "-1" 2
+%%Page: "0" 2
+612 792 0 FMBEGINPAGE
+72 72 540 720 R
+7 X
+0 K
+V
+FMENDPAGE
+%%EndPage: "0" 3
+0 12 /Times-Roman FMDEFINEFONT
+1 18 /Times-Bold FMDEFINEFONT
+2 18 /Times-BoldItalic FMDEFINEFONT
+3 12 /Times-Italic FMDEFINEFONT
+4 12 /Times-Bold FMDEFINEFONT
+5 10 /Times-Roman FMDEFINEFONT
+6 12 /Courier FMDEFINEFONT
+7 12 /Courier-Oblique FMDEFINEFONT
+8 12 /ZapfDingbats FMDEFINEFONT
+9 12 /Symbol FMDEFINEFONT
+10 12 /Courier-Bold FMDEFINEFONT
+%%Page: "1" 3
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 1 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+1 F
+0 X
+(Implementation Notes on ) 179.84 708 T
+2 F
+(bdes) 378.21 708 T
+1 F
+(\0501\051) 411.19 708 T
+0 F
+( ) 432.17 708 T
+3 F
+(Matt Bishop) 276.51 676 T
+0 F
+(Department of Mathematics and Computer Science) 182.92 656 T
+(Dartmouth College) 259.86 642 T
+(Hanover) 257.45 628 T
+(, NH 03755) 298.26 628 T
+3 F
+(ABSTRACT) 277.68 602 T
+0 F
+0.27 (This note describes the implementation of ) 108 582 P
+3 F
+0.27 (bdes) 314.13 582 P
+0 F
+0.27 (, the \336le encryption program being) 336.12 582 P
+0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P
+(all modes of the Data Encryption Standard program.) 108 554 T
+4 F
+(1. Intr) 72 528 T
+(oduction) 104.43 528 T
+0 F
+-0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P
+-0.56 (siderably stronger than the algorithm used by the ) 72 484 P
+5 F
+-0.47 (UNIX) 305.36 484 P
+0 F
+-0.56 (\252 ) 330.34 484 P
+3 F
+-0.56 (crypt) 344.53 484 P
+0 F
+-0.56 (\0501\051 program, and therefore is a more) 369.18 484 P
+0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P
+5 F
+0.09 (ASCII) 466.05 464 P
+0 F
+0.11 ( \336les. The) 492.14 464 P
+-0.65 (program ) 72 444 P
+3 F
+-0.65 (bdes) 114.99 444 P
+0 F
+-0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P
+-0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P
+-0.04 (the layout of the encrypted \336les produced by ) 72 400 P
+3 F
+-0.04 (bdes) 288.86 400 P
+0 F
+-0.04 ( as well as internal details relevant to the imple-) 310.85 400 P
+-0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P
+3 F
+-0.15 (des) 408.04 380 P
+0 F
+-0.15 (\0501\051 program given in [4]) 424.03 380 P
+-0.2 (has been followed; thus, ) 72 360 P
+3 F
+-0.2 (bdes) 190.77 360 P
+0 F
+-0.2 ( is completely compatible with that program. However) 212.75 360 P
+-0.2 (, ) 473.33 360 P
+3 F
+-0.2 (bdes) 479.12 360 P
+0 F
+-0.2 ( also of-) 501.11 360 P
+(fers several extensions to ) 72 340 T
+3 F
+(des) 195.9 340 T
+0 F
+( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T
+-0.14 (In this note, strings typed as shown will be in ) 108 316 P
+6 F
+-0.34 (Courier Roman font) 326.78 316 P
+0 F
+-0.14 (, and strings to be) 455.62 316 P
+-0.42 (chosen by the user will be in ) 72 296 P
+7 F
+-1 (Courier Oblique font) 209.32 296 P
+0 F
+-0.42 (. The space character \050) 351.24 296 P
+5 F
+-0.35 (ASCII) 457.79 296 P
+0 F
+-0.42 ( <) 483.88 296 P
+5 F
+-0.35 (SP) 493.23 296 P
+0 F
+-0.42 (>, octal) 504.34 296 P
+-0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P
+8 F
+-0.47 (z) 296.98 276 P
+0 F
+-0.43 (\323 and the newline character \050) 301.96 276 P
+5 F
+-0.35 (ASCII) 438.03 276 P
+0 F
+-0.43 ( <) 464.13 276 P
+5 F
+-0.35 (NL) 473.46 276 P
+0 F
+-0.43 (>, octal 12,) 486.79 276 P
+-0.05 (decimal 10, hex a\051 as \322) 72 256 P
+9 F
+-0.05 (\277) 181.65 256 P
+0 F
+-0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P
+1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P
+10 F
+(Courier Bold font) 72 216 T
+0 F
+( with spaces often inserted for readability) 194.33 216 T
+(.) 392.07 216 T
+4 F
+(2. Overview and Use) 72 184 T
+3 F
+-0.39 (Bdes) 108 160 P
+0 F
+-0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P
+-0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P
+72 72 540 720 C
+72 72 540 117 C
+72 72 549 108 R
+7 X
+0 K
+V
+5 F
+0 X
+(This work is based on work funded by grant NAG2-680 from the National
+Aeronautics and Space Administration to ) 72 101.33 T
+(Dartmouth College.) 72 89.33 T
+(UNIX is a Registered T) 72 77.33 T
+(rademark of A) 166.58 77.33 T
+(T&T Bell Laboratories.) 223.75 77.33 T
+72 72 540 720 C
+0 0 612 792 C
+72 126 225 126 2 L
+7 X
+0 K
+V
+0.5 H
+2 Z
+0 X
+N
+FMENDPAGE
+%%EndPage: "1" 4
+%%Page: "2" 4
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 2 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.31 (Block Chaining, ) 72 712 P
+3 F
+0.31 (k) 154.25 712 P
+0 F
+0.31 (-bit Cipher Feed Back, and ) 159.58 712 P
+3 F
+0.31 (k) 293.71 712 P
+0 F
+0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P
+3 F
+0.31 (k) 530.68 712 P
+0 F
+0.31 (-) 536.01 712 P
+-0.04 (bit Cipher Feed Back mode. Further) 72 692 P
+-0.04 (, ) 244.52 692 P
+3 F
+-0.04 (bdes) 250.48 692 P
+0 F
+-0.04 ( supports message authentication code generation based) 272.46 692 P
+(on both the Cipher Block Chaining mode and the ) 72 672 T
+3 F
+(k) 310.86 672 T
+0 F
+(-bit Cipher Feed Back mode.) 316.19 672 T
+0.07 (By default, ) 108 648 P
+3 F
+0.07 (bdes) 164.43 648 P
+0 F
+0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P
+-0.4 (as a \336lter) 72 628 P
+-0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P
+(if the input \336le ) 72 608 T
+7 F
+(inputf) 145.96 608 T
+(ile) 189.14 608 T
+0 F
+( contains the message) 210.73 608 T
+6 F
+(a) 253.9 584 T
+8 F
+(z) 261.1 584 T
+6 F
+(test) 266.07 584 T
+8 F
+(z) 294.86 584 T
+6 F
+(message) 299.83 584 T
+9 F
+(\277) 350.21 584 T
+0 F
+(then the following command encrypts it using the key ) 72 560 T
+6 F
+(abcdefgh) 333.5 560 T
+0 F
+(:) 391.07 560 T
+6 F
+(bdes -k abcdefgh < ) 158.48 536 T
+7 F
+(inputf) 295.21 536 T
+(ile) 338.38 536 T
+6 F
+( > ) 359.97 536 T
+7 F
+(outputf) 381.56 536 T
+(ile) 431.93 536 T
+0 F
+(The option ) 72 512 T
+4 F
+(-k) 127.3 512 T
+0 F
+( indicates the next ar) 137.96 512 T
+(gument is the key) 237.01 512 T
+(. Now ) 321.17 512 T
+7 F
+(outputf) 353.48 512 T
+(ile) 403.86 512 T
+0 F
+( contains) 425.45 512 T
+10 F
+(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T
+0 F
+0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P
+(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T
+4 F
+(3. Keys and Parity) 72 412 T
+0 F
+0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P
+0.58 (, or as a string of) 456.48 388 P
+5 F
+0.12 (ASCII) 72 368 P
+0 F
+0.14 ( characters. If the key is given in hex or binary) 98.1 368 P
+0.14 (, it is used as is with no changes. However) 322.21 368 P
+0.14 (, if) 526.53 368 P
+-0.27 (the key is given in ) 72 348 P
+5 F
+-0.23 (ASCII) 161.59 348 P
+0 F
+-0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P
+-0.47 (This high-order bit is generally ignored by applications; but the DES
+does not do so. Instead, it dis-) 72 328 P
+-0.14 (cards the low-order bit, ef) 72 308 P
+-0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P
+5 F
+-0.12 (56) 495.97 312.8 P
+0 F
+-0.14 ( to 2) 505.97 308 P
+5 F
+-0.12 (48) 527.01 312.8 P
+0 F
+-0.14 (.) 537 308 P
+-0.46 ( T) 108 284 P
+-0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P
+-0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P
+-0.7 (odd parity) 72 244 P
+-0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P
+3 F
+-0.7 (not) 334.99 244 P
+0 F
+-0.7 ( used in this computation.\051 For example,) 350.31 244 P
+(if the key is ) 72 224 T
+6 F
+(abcdefgh) 131.29 224 T
+0 F
+(, the actual key bits used are determined as follows:) 188.86 224 T
+5 F
+(ASCII) 99 200 T
+0 F
+( key) 125.1 200 T
+6 F
+(a) 243 200 T
+(b) 279 200 T
+(c) 315 200 T
+(d) 351 200 T
+(e) 387 200 T
+(f) 423 200 T
+(g) 459 200 T
+(h) 495 200 T
+5 F
+(ASCII) 99 180 T
+0 F
+( key bits \050hex\051) 125.1 180 T
+10 F
+(61) 243 180 T
+(62) 279 180 T
+(63) 315 180 T
+(64) 351 180 T
+(65) 387 180 T
+(66) 423 180 T
+(67) 459 180 T
+(68) 495 180 T
+0 F
+(parity) 99 160 T
+(odd) 243 160 T
+(odd) 279 160 T
+(even) 315 160 T
+(odd) 351 160 T
+(even) 387 160 T
+(even) 423 160 T
+(odd) 459 160 T
+(odd) 495 160 T
+(key bits used \050hex\051) 99 140 T
+10 F
+(61) 243 140 T
+(62) 279 140 T
+(e3) 315 140 T
+(64) 351 140 T
+(e5) 387 140 T
+(e6) 423 140 T
+(67) 459 140 T
+(68) 495 140 T
+0 F
+0.18 (This convention \050as opposed to requiring even parity) 108 120 P
+0.18 (, or simply copying the low-order bit) 362 120 P
+-0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P
+3 F
+-0.41 (des) 486.77 100 P
+0 F
+-0.41 ( distrib-) 502.76 100 P
+-0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P
+FMENDPAGE
+%%EndPage: "2" 5
+%%Page: "3" 5
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 3 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P
+1.89 (s ) 471.02 712 P
+3 F
+1.89 (des) 480.58 712 P
+0 F
+1.89 (, so \336les) 496.56 712 P
+(encrypted on a Sun can be decrypted using ) 72 692 T
+3 F
+(bdes) 280.51 692 T
+0 F
+( \050and vice versa\051.) 302.49 692 T
+-0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P
+4 F
+-0.3 (p) 411.9 668 P
+0 F
+-0.3 ( will disable the parity bit) 418.57 668 P
+-0.62 (changing; with it, the parity bit is that of the character typed. This
+is useful when the key is a known) 72 648 P
+5 F
+(ASCII) 72 628 T
+0 F
+( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T
+-0.24 (A key may be represented as a bit vector) 108 604 P
+-0.24 (, rather than an ) 300.74 604 P
+5 F
+-0.2 (ASCII) 374.7 604 P
+0 F
+-0.24 ( string, in one of two ways. It) 400.8 604 P
+0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P
+0.16 (is right \336lled with 0 bits. Or) 72 564 P
+0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P
+0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit
+vector keys must be given on the) 72 544 P
+0.51 (command line, and must begin with the characters ) 72 524 P
+6 F
+1.24 (0x) 320.28 524 P
+0 F
+0.51 ( or ) 334.67 524 P
+6 F
+1.24 (0X) 351.69 524 P
+0 F
+0.51 ( \050for hexadecimal\051 or ) 366.08 524 P
+6 F
+1.24 (0b) 472.71 524 P
+0 F
+0.51 ( or ) 487.1 524 P
+6 F
+1.24 (0B) 504.12 524 P
+0 F
+0.51 ( \050for) 518.51 524 P
+(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T
+5 F
+(ASCII) 72 480 T
+0 F
+( key) 98.1 480 T
+6 F
+(abcdefgh) 180 480 T
+0 F
+(hexadecimal key) 72 460 T
+6 F
+(0x6162e364e5e66768) 180 460 T
+0 F
+(binary key) 72 440 T
+6 F
+(0b0110000101100010111000110110100011100101111000-) 180 440 T
+(1100110011101101000) 180 420 T
+0 F
+-0.14 ( Note that giving the key on the command line as ) 108 396 P
+6 F
+-0.34 (0x6162636465666768) 345.27 396 P
+0 F
+-0.14 ( will ) 474.8 396 P
+3 F
+-0.14 (not) 499.17 396 P
+0 F
+-0.14 ( reset) 514.5 396 P
+0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P
+5 F
+0.21 (ASCII) 416.58 376 P
+0 F
+0.25 ( characters. The dif-) 442.68 376 P
+0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P
+0.69 (, whereas \050on) 474.34 356 P
+0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P
+5 F
+0.21 (ASCII) 384.76 336 P
+0 F
+0.25 ( characters is set. On some) 410.85 336 P
+0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P
+5 F
+0.3 (ASCII) 407.23 316 P
+0 F
+0.36 ( character; should this) 433.33 316 P
+-0.3 (be the case and the user desire ) 72 296 P
+3 F
+-0.3 (bdes) 218.09 296 P
+0 F
+-0.3 ( not to reset the parity bit, the option ) 240.07 296 P
+4 F
+-0.3 (\320p) 415.25 296 P
+0 F
+-0.3 ( will force the parity bit) 427.92 296 P
+(to be used as typed.) 72 276 T
+4 F
+(4. Encryption Output Repr) 72 244 T
+(esentation) 211.05 244 T
+0 F
+0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P
+-0.25 (for ECB and CBC modes, and ) 72 200 P
+3 F
+-0.25 (k) 218.74 200 P
+0 F
+-0.25 ( bits for the ) 224.07 200 P
+3 F
+-0.25 (k) 281.02 200 P
+0 F
+-0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P
+-0.5 (put blocks as input blocks. However) 72 180 P
+-0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P
+-0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P
+0.29 (acters must be distinguished from the input characters somehow) 72 140 P
+0.29 (. The mechanism used is that the) 381.35 140 P
+0.31 (last character of the \050decrypted\051 last block is the
+\050integer\051 number of characters from the input in) 72 120 P
+(the last block.) 72 100 T
+FMENDPAGE
+%%EndPage: "3" 6
+%%Page: "4" 6
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 4 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+-0.59 (For example, suppose ) 108 712 P
+7 F
+-1.41 (inputf) 214.16 712 P
+-1.41 (ile) 257.34 712 P
+0 F
+-0.59 ( contains \322) 278.93 712 P
+6 F
+-1.41 (This) 329.04 712 P
+8 F
+-0.65 (z) 357.83 712 P
+6 F
+-1.41 (is) 362.8 712 P
+8 F
+-0.65 (z) 377.2 712 P
+6 F
+-1.41 (a) 382.17 712 P
+8 F
+-0.65 (z) 389.37 712 P
+6 F
+-1.41 (test) 394.35 712 P
+9 F
+-0.59 (\277) 423.13 712 P
+0 F
+-0.59 (\323, and it is encrypted in) 431.02 712 P
+(CBC mode using the key \322) 72 692 T
+6 F
+(abcdef#@) 200.93 692 T
+0 F
+(\323 and the initialization vector ) 258.5 692 T
+6 F
+(0x0) 401.4 692 T
+0 F
+(; the command is) 422.99 692 T
+6 F
+(bdes -k abcdef#@ < ) 158.48 668 T
+7 F
+(inputf) 295.21 668 T
+(ile) 338.38 668 T
+6 F
+( > ) 359.97 668 T
+7 F
+(outputf) 381.56 668 T
+(ile) 431.93 668 T
+0 F
+(as CBC is the default encryption mode and ) 72 644 T
+6 F
+(0x0) 281.2 644 T
+0 F
+( the default initialization vector:) 302.79 644 T
+(text) 72 620 T
+6 F
+(T) 117 620 T
+(h) 144 620 T
+(i) 171 620 T
+(s) 198 620 T
+8 F
+(z) 225 620 T
+6 F
+(i) 252 620 T
+(s) 279 620 T
+8 F
+(z) 306 620 T
+6 F
+(a) 333 620 T
+8 F
+(z) 360 620 T
+6 F
+(t) 387 620 T
+(e) 414 620 T
+(s) 441 620 T
+(t) 468 620 T
+9 F
+(\277) 495 620 T
+0 F
+(hex) 72 600 T
+10 F
+(54) 117 600 T
+(68) 144 600 T
+(69) 171 600 T
+(73) 198 600 T
+(20) 225 600 T
+(69) 252 600 T
+(73) 279 600 T
+(20) 306 600 T
+(61) 333 600 T
+(20) 360 600 T
+(74) 387 600 T
+(65) 414 600 T
+(73) 441 600 T
+(74) 468 600 T
+(0a) 495 600 T
+0 F
+(input) 72 580 T
+10 F
+(54) 117 580 T
+(68) 144 580 T
+(69) 171 580 T
+(73) 198 580 T
+(20) 225 580 T
+(69) 252 580 T
+(73) 279 580 T
+(20) 306 580 T
+(61) 333 580 T
+(20) 360 580 T
+(74) 387 580 T
+(65) 414 580 T
+(73) 441 580 T
+(74) 468 580 T
+(0a) 495 580 T
+(07) 522 580 T
+0 F
+(output) 72 560 T
+10 F
+(a5) 117 560 T
+(5f) 144 560 T
+(81) 171 560 T
+(53) 198 560 T
+(51) 225 560 T
+(98) 252 560 T
+(47) 279 560 T
+(02) 306 560 T
+(db) 333 560 T
+(5a) 360 560 T
+(c5) 387 560 T
+(fe) 414 560 T
+(50) 441 560 T
+(3d) 468 560 T
+(40) 495 560 T
+(ce) 522 560 T
+0 F
+0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P
+3 F
+0.22 (Bdes) 72 520 P
+0 F
+0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P
+5 F
+0.19 (ASCII) 399.67 520 P
+0 F
+0.22 ( character with numeric) 425.77 520 P
+(value 7 \050the ) 72 500 T
+5 F
+(ASCII) 131.62 500 T
+0 F
+( character <) 157.71 500 T
+5 F
+(BEL) 214.42 500 T
+0 F
+(>\051. The result is then encrypted.) 233.3 500 T
+0.44 (As another example, suppose ) 108 476 P
+7 F
+1.07 (inputf) 253.34 476 P
+1.07 (ile) 296.52 476 P
+0 F
+0.44 ( contains \322) 318.11 476 P
+6 F
+1.07 (test) 370.29 476 P
+0 F
+0.44 (\323, and it is encrypted in ECB) 399.08 476 P
+(mode using the key \322) 72 456 T
+6 F
+(abcdef#@) 173.93 456 T
+0 F
+(\323; the command is) 231.5 456 T
+6 F
+(bdes -b \320k abcdef#@ < ) 147.69 432 T
+7 F
+(inputf) 306 432 T
+(ile) 349.18 432 T
+6 F
+( > ) 370.76 432 T
+7 F
+(outputf) 392.35 432 T
+(ile) 442.73 432 T
+0 F
+(because the option ) 72 408 T
+4 F
+(\320b) 164.26 408 T
+0 F
+( signi\336es ECB mode:) 176.93 408 T
+(text) 72 384 T
+6 F
+(t) 144 384 T
+(e) 171 384 T
+(s) 198 384 T
+(t) 225 384 T
+0 F
+(hex) 72 364 T
+10 F
+(74) 144 364 T
+(65) 171 364 T
+(73) 198 364 T
+(74) 225 364 T
+0 F
+(input) 72 344 T
+10 F
+(74) 144 344 T
+(65) 171 344 T
+(73) 198 344 T
+(74) 225 344 T
+(00) 252 344 T
+(00) 279 344 T
+(00) 306 344 T
+(04) 333 344 T
+0 F
+(output) 72 324 T
+10 F
+(0d) 144 324 T
+(8a) 171 324 T
+(6e) 198 324 T
+(57) 225 324 T
+(9c) 252 324 T
+(8f) 279 324 T
+(27) 306 324 T
+(5d) 333 324 T
+0 F
+-0.31 (Finally) 108 304 P
+-0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P
+0.83 (all 0 bits is added. Suppose ) 72 284 P
+7 F
+1.99 (inputf) 210.57 284 P
+1.99 (ile) 253.74 284 P
+0 F
+0.83 ( contains \322) 275.33 284 P
+6 F
+1.99 (test) 328.28 284 P
+9 F
+0.83 (\277) 357.07 284 P
+0 F
+0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P
+1.51 (mode using the key \322) 72 264 P
+6 F
+3.62 (abcdef#@) 179.96 264 P
+0 F
+1.51 (\323 and the initialization vector ) 237.53 264 P
+6 F
+3.62 (0x0123456789abcdef) 387.97 264 P
+0 F
+1.51 (; the) 517.5 264 P
+(command is) 72 244 T
+6 F
+-0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P
+7 F
+-0.99 (inputf) 383.67 220 P
+-0.99 (ile) 426.85 220 P
+6 F
+-0.99 ( > ) 448.43 220 P
+7 F
+-0.99 (outputf) 468.04 220 P
+-0.99 (ile) 518.41 220 P
+0 F
+0.16 (because the option ) 72 196 P
+4 F
+0.16 (\320f40 ) 164.75 196 P
+0 F
+0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P
+4 F
+0.16 (-v0x01234566789abcdef) 343.96 196 P
+0 F
+0.16 ( sets the initial-) 465.89 196 P
+(ization vector \050note that spaces between the option and its ar) 72 176 T
+(gument are optional\051:) 361.57 176 T
+(text) 72 152 T
+6 F
+(t) 144 152 T
+(e) 171 152 T
+(s) 198 152 T
+(t) 225 152 T
+9 F
+(\277) 252 152 T
+0 F
+(hex) 72 132 T
+10 F
+(74) 144 132 T
+(65) 171 132 T
+(73) 198 132 T
+(74) 225 132 T
+(0a) 252 132 T
+0 F
+(input) 72 112 T
+10 F
+(74) 144 112 T
+(65) 171 112 T
+(73) 198 112 T
+(74) 225 112 T
+(0a) 252 112 T
+(00) 279 112 T
+(00) 306 112 T
+(00) 333 112 T
+(00) 360 112 T
+(00) 387 112 T
+0 F
+(output) 72 92 T
+10 F
+(e2) 144 92 T
+(c2) 171 92 T
+(69) 198 92 T
+(a4) 225 92 T
+(5b) 252 92 T
+(3c) 279 92 T
+(3d) 306 92 T
+(b3) 333 92 T
+(f5) 360 92 T
+(3c) 387 92 T
+FMENDPAGE
+%%EndPage: "4" 7
+1 12 /Times-BoldItalic FMDEFINEFONT
+2 14 /Symbol FMDEFINEFONT
+%%Page: "5" 7
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 5 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T
+-0.4 (This technique allows complete compatibility with Sun\325) 108 688 P
+-0.4 (s ) 374.11 688 P
+3 F
+-0.4 (des) 381.37 688 P
+0 F
+-0.4 ( program. In Sun\325) 397.36 688 P
+-0.4 (s implemen-) 480.77 688 P
+0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P
+0.85 (ically) 72 648 P
+0.85 (, this makes no dif) 97.87 648 P
+0.85 (ference, as the DES is a suf) 189.32 648 P
+0.85 (\336ciently good random cipher to obscure the) 325.74 648 P
+(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T
+(\336cult [1].) 451.82 628 T
+4 F
+(5. Differ) 72 596 T
+(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T
+1 F
+(bdes) 397.26 596 T
+0 F
+-0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P
+-0.08 (the CFB and OFB modes properly) 72 552 P
+-0.08 (, it would be necessary to read ) 235.74 552 P
+3 F
+-0.08 (k) 383.74 552 P
+0 F
+-0.08 ( bits from the \336le, where ) 389.07 552 P
+3 F
+-0.08 (k) 509.51 552 P
+0 F
+-0.08 ( is an) 514.84 552 P
+0.98 (integer between 1 and 64 inclusive. However) 72 532 P
+0.98 (, this would require considerable buf) 294.22 532 P
+0.98 (fering and be) 474.77 532 P
+0.23 (quite inef) 72 512 P
+0.23 (\336cient and prohibitively slow) 117.65 512 P
+0.23 (. For these reasons, the current implementation of ) 258.48 512 P
+3 F
+0.23 (bdes) 501.48 512 P
+0 F
+0.23 ( re-) 523.46 512 P
+0.47 (quires that ) 72 492 P
+3 F
+0.47 (k) 126.23 492 P
+0 F
+0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P
+(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T
+-0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P
+0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P
+3 F
+0.23 (k) 358.95 428 P
+0 F
+0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P
+(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T
+(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T
+4 F
+(6. Message Authentication Code Modes) 72 356 T
+0 F
+0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P
+1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P
+3 F
+1.27 (n) 373.32 312 P
+0 F
+1.27 (-bit message authentication code) 379.32 312 P
+0.62 (\050MAC\051 is generated, where 1) 72 292 P
+2 F
+0.73 ( ) 214.71 292 P
+9 F
+0.62 (\243) 218.94 292 P
+0 F
+0.62 ( ) 225.52 292 P
+3 F
+0.62 (n) 229.15 292 P
+0 F
+0.62 ( ) 235.14 292 P
+9 F
+0.62 (\243) 238.76 292 P
+0 F
+0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P
+(second on CFB mode. Both work the same.) 72 272 T
+0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P
+-0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but
+all encrypted text is discarded ex-) 72 228 P
+-0.44 (cept for the last block. The ) 72 208 P
+3 F
+-0.44 (n) 200.9 208 P
+0 F
+-0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P
+(size constrains the number of bits available as the MAC.) 72 188 T
+0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P
+-0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P
+-0.01 (,) 537 144 P
+-0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P
+-0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P
+-0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P
+-0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P
+FMENDPAGE
+%%EndPage: "5" 8
+%%Page: "6" 8
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 6 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+-0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with
+zeroes, the technique of forcing) 72 712 P
+(the last octet to contain the number of bytes in the message is ) 72 692 T
+3 F
+(not) 369.47 692 T
+0 F
+( used here.) 384.8 692 T
+-0.39 (For example, suppose ) 108 668 P
+7 F
+-0.94 (inputf) 214.76 668 P
+-0.94 (ile) 257.93 668 P
+0 F
+-0.39 ( contains \322) 279.52 668 P
+6 F
+-0.94 (This) 330.04 668 P
+8 F
+-0.43 (z) 358.82 668 P
+6 F
+-0.94 (is) 363.8 668 P
+8 F
+-0.43 (z) 378.19 668 P
+6 F
+-0.94 (a) 383.17 668 P
+8 F
+-0.43 (z) 390.36 668 P
+6 F
+-0.94 (test) 395.34 668 P
+9 F
+-0.39 (\277) 424.13 668 P
+0 F
+-0.39 (\323, and a 64-bit MAC is) 432.02 668 P
+-0.73 (to be generated using CBC mode, the key \322) 72 648 P
+6 F
+-1.74 (abcdef#@) 274.39 648 P
+0 F
+-0.73 (\323 and the initialization vector ) 331.96 648 P
+6 F
+-1.74 (0x0) 471.23 648 P
+0 F
+-0.73 (; the com-) 492.82 648 P
+(mand is) 72 628 T
+6 F
+(bdes -m 64 -k abcdef#@ < ) 136.89 604 T
+7 F
+(inputf) 316.79 604 T
+(ile) 359.97 604 T
+6 F
+( > ) 381.56 604 T
+7 F
+(outputf) 403.15 604 T
+(ile) 453.52 604 T
+0 F
+(as CBC is the default encryption mode and ) 72 580 T
+6 F
+(0x0) 281.2 580 T
+0 F
+( the default initialization vector:) 302.79 580 T
+(text) 72 556 T
+6 F
+(T) 117 556 T
+(h) 144 556 T
+(i) 171 556 T
+(s) 198 556 T
+8 F
+(z) 225 556 T
+6 F
+(i) 252 556 T
+(s) 279 556 T
+8 F
+(z) 306 556 T
+6 F
+(a) 333 556 T
+8 F
+(z) 360 556 T
+6 F
+(t) 387 556 T
+(e) 414 556 T
+(s) 441 556 T
+(t) 468 556 T
+9 F
+(\277) 495 556 T
+0 F
+(hex) 72 536 T
+10 F
+(54) 117 536 T
+(68) 144 536 T
+(69) 171 536 T
+(73) 198 536 T
+(20) 225 536 T
+(69) 252 536 T
+(73) 279 536 T
+(20) 306 536 T
+(61) 333 536 T
+(20) 360 536 T
+(74) 387 536 T
+(65) 414 536 T
+(73) 441 536 T
+(74) 468 536 T
+(0a) 495 536 T
+0 F
+(input) 72 516 T
+10 F
+(54) 117 516 T
+(68) 144 516 T
+(69) 171 516 T
+(73) 198 516 T
+(20) 225 516 T
+(69) 252 516 T
+(73) 279 516 T
+(20) 306 516 T
+(61) 333 516 T
+(20) 360 516 T
+(74) 387 516 T
+(65) 414 516 T
+(73) 441 516 T
+(74) 468 516 T
+(0a) 495 516 T
+(00) 522 516 T
+0 F
+(output) 72 496 T
+10 F
+(43) 117 496 T
+(18) 144 496 T
+(de) 171 496 T
+(74) 198 496 T
+(24) 225 496 T
+(a9) 252 496 T
+(65) 279 496 T
+(d1) 306 496 T
+0 F
+0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P
+3 F
+(Bdes) 72 456 T
+0 F
+( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T
+(last block of output is used as the MAC.) 72 436 T
+0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P
+6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P
+6 F
+16.58 (abcdef#@) 314.9 392 P
+0 F
+6.91 (\323 and the initialization vector) 372.47 392 P
+6 F
+(0x0123456789abcdef) 72 372 T
+0 F
+(; the command is) 201.53 372 T
+6 F
+(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T
+7 F
+(inputf) 374.36 348 T
+(ile) 417.54 348 T
+6 F
+( > ) 439.13 348 T
+7 F
+(outputf) 460.71 348 T
+(ile) 511.09 348 T
+0 F
+-0.19 (where ) 72 324 P
+4 F
+-0.19 (\320m 36) 104.11 324 P
+0 F
+-0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P
+4 F
+-0.19 (\320f 40) 327.79 324 P
+0 F
+-0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P
+4 F
+-0.31 (\320v 0x123456789abcdef) 72 304 P
+0 F
+-0.31 ( sets the initialization vector) 186.62 304 P
+-0.31 (. Note that, as the key is not given on the com-) 319.95 304 P
+(mand line, the user will be prompted for it. It gives:) 72 284 T
+(text) 72 260 T
+6 F
+(T) 117 260 T
+(h) 144 260 T
+(i) 171 260 T
+(s) 198 260 T
+8 F
+(z) 225 260 T
+6 F
+(i) 252 260 T
+(s) 279 260 T
+8 F
+(z) 306 260 T
+6 F
+(a) 333 260 T
+8 F
+(z) 360 260 T
+6 F
+(t) 387 260 T
+(e) 414 260 T
+(s) 441 260 T
+(t) 468 260 T
+9 F
+(\277) 495 260 T
+0 F
+(hex) 72 240 T
+10 F
+(54) 117 240 T
+(68) 144 240 T
+(69) 171 240 T
+(73) 198 240 T
+(20) 225 240 T
+(69) 252 240 T
+(73) 279 240 T
+(20) 306 240 T
+(61) 333 240 T
+(20) 360 240 T
+(74) 387 240 T
+(65) 414 240 T
+(73) 441 240 T
+(74) 468 240 T
+(0a) 495 240 T
+0 F
+(input) 72 220 T
+10 F
+(54) 117 220 T
+(68) 144 220 T
+(69) 171 220 T
+(73) 198 220 T
+(20) 225 220 T
+(69) 252 220 T
+(73) 279 220 T
+(20) 306 220 T
+(61) 333 220 T
+(20) 360 220 T
+(74) 387 220 T
+(65) 414 220 T
+(73) 441 220 T
+(74) 468 220 T
+(0a) 495 220 T
+0 F
+(output) 72 200 T
+10 F
+(2b) 117 200 T
+(18) 144 200 T
+(68) 171 200 T
+(2d) 198 200 T
+(60) 225 200 T
+0 F
+0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P
+(can be output.) 72 160 T
+4 F
+(7. Differ) 72 128 T
+(ences Between ) 114.41 128 T
+1 F
+(bdes) 191.01 128 T
+4 F
+( and Sun\325) 212.99 128 T
+(s DES Implementation) 261.88 128 T
+0 F
+0.02 (The program ) 108 104 P
+3 F
+0.02 (bdes) 173.33 104 P
+0 F
+0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P
+0.02 (s) 535.33 104 P
+0.57 (implementation of the Data Encryption Standard, called ) 72 84 P
+3 F
+0.57 (des) 347.14 84 P
+0 F
+0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P
+FMENDPAGE
+%%EndPage: "6" 9
+%%Page: "7" 9
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 7 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.44 (crypted using ) 72 712 P
+3 F
+0.44 (des) 140.84 712 P
+0 F
+0.44 ( can be decrypted using ) 156.83 712 P
+3 F
+0.44 (bdes) 275.29 712 P
+0 F
+0.44 (, and vice versa, provided modes common to both) 297.27 712 P
+-0.34 (are used. However) 72 692 P
+-0.34 (, ) 160.41 692 P
+3 F
+-0.34 (bdes) 166.06 692 P
+0 F
+-0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P
+-0.68 (hardware devices \050and so the ) 72 672 P
+4 F
+-0.68 (-s) 210.83 672 P
+0 F
+-0.68 ( and ) 219.49 672 P
+4 F
+-0.68 (-f) 241.45 672 P
+0 F
+-0.68 ( options of Sun\325) 249.44 672 P
+-0.68 (s ) 323.71 672 P
+3 F
+-0.68 (des) 330.7 672 P
+0 F
+-0.68 ( are not available\051. Further) 346.69 672 P
+-0.68 (, as encryption) 471.07 672 P
+-0.05 (is the default, the Sun ) 72 652 P
+3 F
+-0.05 (des) 179.01 652 P
+0 F
+-0.05 ( ) 195 652 P
+4 F
+-0.05 (-e) 197.95 652 P
+0 F
+-0.05 ( option is not recognized. As the manual page to ) 207.27 652 P
+3 F
+-0.05 (bdes) 441.6 652 P
+0 F
+-0.05 ( is in the appen-) 463.59 652 P
+(dix, these dif) 72 632 T
+(ferences will not be elaborated upon further) 134.08 632 T
+(.) 343.24 632 T
+0.44 (Sun\325) 108 608 P
+0.44 (s ) 130 608 P
+3 F
+0.44 (des) 138.1 608 P
+0 F
+0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P
+3 F
+1.33 (bdes) 72 588 P
+0 F
+1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P
+3 F
+1.33 (encrypt) 487.05 588 P
+0 F
+1.33 (\0503\051,) 523.02 588 P
+-0.09 (which may) 72 568 P
+-0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P
+-0.09 (ge a number of platforms) 419.11 568 P
+(as possible with installers needing to know as little about the hardware as possible.) 72 548 T
+-0.08 (Sun\325) 108 524 P
+-0.08 (s ) 130 524 P
+3 F
+-0.08 (des) 137.58 524 P
+0 F
+-0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P
+3 F
+-0.08 (bdes) 407.07 524 P
+0 F
+-0.08 ( supports all modes de-) 429.05 524 P
+0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P
+(and CFB-based MACs.) 72 484 T
+0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P
+-0.47 (both ) 72 440 P
+3 F
+-0.47 (des) 95.85 440 P
+0 F
+-0.47 ( and ) 111.84 440 P
+3 F
+-0.47 (bdes) 134.21 440 P
+0 F
+-0.47 (, dif) 156.19 440 P
+-0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P
+(Where ) 72 420 T
+3 F
+(bdes) 106.96 420 T
+0 F
+( puts zero bytes, ) 128.94 420 T
+3 F
+(des) 209.89 420 T
+0 F
+( puts bytes containing random values. The reason for Sun\325) 225.87 420 T
+(s doing) 505.02 420 T
+0.47 (so is to prevent a known plaintext attack on the \336le should an
+attacker determine that the input\325) 72 400 P
+0.47 (s) 535.33 400 P
+-0.29 (length were a multiple of the block size. W) 72 380 P
+-0.29 (ith ) 276.05 380 P
+3 F
+-0.29 (bdes) 291.43 380 P
+0 F
+-0.29 (, the plaintext contents of the last block of input) 313.41 380 P
+0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P
+0.31 (ith ) 333.99 360 P
+3 F
+0.31 (des) 349.96 360 P
+0 F
+0.31 (, the plaintext contents of that block) 365.95 360 P
+0.73 (are not known. Cryptanalytically) 72 340 P
+0.73 (, given the information about the strength of the DES currently) 231.29 340 P
+0.2 (known, it is widely believed that known plaintext attacks are infeasible
+\050see for example [1]\051 and) 72 320 P
+1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P
+1.86 (. But this) 492.63 300 P
+(means that ciphertexts produced from a plaintext by ) 72 280 T
+3 F
+(bdes) 324.48 280 T
+0 F
+( and ) 346.47 280 T
+3 F
+(des) 369.78 280 T
+0 F
+( will dif) 385.77 280 T
+(fer in the last block.) 423.54 280 T
+4 F
+(Refer) 72 248 T
+(ences) 100.41 248 T
+0 F
+([1]) 72 224 T
+0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P
+0.37 (ears of Public Scrutiny) 374.87 224 P
+0.37 (,\323 ) 484.8 224 P
+3 F
+0.37 (Pr) 496.49 224 P
+0.37 (oceed-) 508.04 224 P
+-0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P
+-0.47 (ence) 411.65 204 P
+0 F
+-0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P
+([2]) 72 180 T
+(A. Konheim, ) 108 180 T
+3 F
+(Cryptography: A Primer) 173.29 180 T
+0 F
+(, John W) 291.4 180 T
+(iley and Sons, Inc., New Y) 333.9 180 T
+(ork, NY \0501981\051.) 461.94 180 T
+([3]) 72 156 T
+3 F
+0.63 (DES Modes of Operation) 108 156 P
+0 F
+0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P
+-0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P
+-0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P
+([4]) 72 112 T
+3 F
+(UNIX User) 108 112 T
+(\325) 162.74 112 T
+(s Manual) 165.18 112 T
+0 F
+(, Sun Microsystems Inc., Mountain V) 210.16 112 T
+(iew) 390 112 T
+(, CA \050Mar) 406.54 112 T
+(. 1988\051.) 455.51 112 T
+4 F
+(Appendix. The UNIX System Manual Page for ) 72 80 T
+1 F
+(bdes) 313.2 80 T
+FMENDPAGE
+%%EndPage: "7" 10
+1 11 /Times-Bold FMDEFINEFONT
+%%Page: "8" 10
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 8 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+1 F
+0 X
+(NAME) 72 712.67 T
+0 F
+(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T
+1 F
+(SYNOPSIS) 72 663.67 T
+4 F
+(bdes) 108 640 T
+0 F
+( [) 131.33 640 T
+3 F
+( ) 138.32 640 T
+4 F
+(-abdp) 141.32 640 T
+0 F
+( ] [ ) 171.31 640 T
+4 F
+(-F) 188.3 640 T
+0 F
+( ) 199.62 640 T
+3 F
+(b) 202.62 640 T
+0 F
+( ] [ ) 208.61 640 T
+4 F
+(-f) 225.6 640 T
+0 F
+( ) 233.58 640 T
+3 F
+(b) 236.58 640 T
+0 F
+( ] [ ) 242.58 640 T
+4 F
+(-k) 259.56 640 T
+0 F
+( ) 270.22 640 T
+3 F
+(key) 273.22 640 T
+0 F
+( ] [ ) 289.2 640 T
+4 F
+(-m) 306.18 640 T
+0 F
+( ) 320.16 640 T
+3 F
+(b) 323.16 640 T
+0 F
+( ] [ ) 329.16 640 T
+4 F
+(-o) 346.14 640 T
+0 F
+( ) 356.13 640 T
+3 F
+(b) 359.13 640 T
+0 F
+( ] [ ) 365.13 640 T
+4 F
+(-v) 382.11 640 T
+0 F
+( ) 392.1 640 T
+3 F
+(vector) 395.1 640 T
+0 F
+( ]) 425.07 640 T
+1 F
+(DESCRIPTION) 72 614.67 T
+3 F
+-0.69 (Bdes) 108 591 P
+0 F
+-0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P
+-0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P
+0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P
+-0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P
+-0.14 (o protect the key and ini-) 420.44 549 P
+0.29 (tialization vector from being read by) 108 535 P
+3 F
+0.29 ( ps) 284.98 535 P
+0 F
+0.29 (\0501\051, ) 298.94 535 P
+3 F
+0.29 (bdes ) 319.21 535 P
+0 F
+0.29 (hides its ar) 344.48 535 P
+0.29 (guments on entry) 396.81 535 P
+0.29 (. If no ) 479.89 535 P
+3 F
+0.29 (key ) 512.74 535 P
+0 F
+0.29 (is) 532 535 P
+-0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P
+(dard input if not.) 108 507 T
+-0.17 (The key and initialization vector are taken as sequences of ) 108 489 P
+5 F
+-0.14 (ASCII) 389.38 489 P
+0 F
+-0.17 ( characters which are then) 415.48 489 P
+-0.35 (mapped into their bit representations. If either begins with
+\3240x\325 or \3240X\325, that one is taken as) 108 475 P
+1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P
+-0.73 (\3240B\325, that one is taken as a sequence of binary digits
+indicating the bit pattern. In either case,) 108 447 P
+-0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P
+0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P
+0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P
+0.03 (, because with 4.4 BSD,) 424.31 405 P
+-0.36 (the password reading function ) 108 391 P
+3 F
+-0.36 (getpass) 254.45 391 P
+0 F
+-0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P
+(keys to be entered.) 108 377 T
+0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P
+-0.18 (leted. Since most ) 108 345 P
+5 F
+-0.15 (ASCII) 192.75 345 P
+0 F
+-0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P
+-0.29 (order bit ef) 108 331 P
+-0.29 (fectively reduces the size of the key space from 2) 160.49 331 P
+5 F
+-0.24 (56) 394.67 335.8 P
+0 F
+-0.29 ( to 2) 404.67 331 P
+5 F
+-0.24 (48) 425.41 335.8 P
+0 F
+-0.29 ( keys. T) 435.4 331 P
+-0.29 (o prevent this,) 472.29 331 P
+-0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P
+0.11 (order bit is set to whatever value gives odd parity) 108 303 P
+0.11 (. This preserves the key space size. Note) 345.05 303 P
+(this resetting of the parity bit is ) 108 289 T
+3 F
+(not) 260.92 289 T
+0 F
+( done if the key is given in binary or hex.) 276.24 289 T
+-0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P
+0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P
+(text, so) 108 243 T
+( bdes ) 225.81 225 T
+3 F
+(key) 253.79 225 T
+0 F
+( < plaintext | bdes \320i ) 269.77 225 T
+3 F
+(key) 370.21 225 T
+0 F
+( ) 386.19 225 T
+(is a very expensive equivalent of ) 108 201 T
+3 F
+(cat) 268.54 201 T
+0 F
+(\0501\051.) 283.2 201 T
+(Options are:) 108 183 T
+( ) 108 165 T
+4 F
+(\320a) 111 165 T
+0 F
+-0.75 (The key and initialization vector strings are to be taken as ) 144 165 P
+5 F
+-0.62 (ASCII) 415.89 165 P
+0 F
+-0.75 ( suppressing the spe-) 441.98 165 P
+0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325,
+and \3240B\325 characters. Note this) 144 151 P
+(\337ag applies to ) 144 137 T
+3 F
+(both) 214.29 137 T
+0 F
+( the key and initialization vector) 235.62 137 T
+(.) 389.85 137 T
+4 F
+(\320b) 108 119 T
+0 F
+(Use electronic code book mode.) 144 119 T
+4 F
+(\320d) 108 101 T
+0 F
+(Decrypt the input.) 144 101 T
+FMENDPAGE
+%%EndPage: "8" 11
+%%Page: "9" 11
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 9 of 11) 479.71 34.7 T
+72 72 540 720 R
+7 X
+V
+4 F
+0 X
+(\320f) 108 712 T
+0 F
+( ) 117.99 712 T
+3 F
+(b) 120.99 712 T
+0 F
+-0.29 (Use ) 144 712 P
+3 F
+-0.29 (b) 165.36 712 P
+0 F
+-0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P
+3 F
+-0.29 (b) 350.42 712 P
+0 F
+-0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P
+(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T
+4 F
+(\320F) 108 680 T
+0 F
+( ) 121.32 680 T
+3 F
+(b) 124.32 680 T
+0 F
+-0.29 (Use ) 144 680 P
+3 F
+-0.29 (b) 165.36 680 P
+0 F
+-0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P
+3 F
+-0.29 (b) 403.77 680 P
+0 F
+-0.29 ( must be a multiple of 7 be-) 409.77 680 P
+-0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P
+(i\336cation\051.) 144 652 T
+4 F
+(\320k) 108 634 T
+0 F
+( ) 120.67 634 T
+3 F
+(key) 123.66 634 T
+0 F
+0.37 (Use the string ) 144 616 P
+3 F
+0.37 (key) 214.74 616 P
+0 F
+0.37 ( as the cryptographic key) 230.72 616 P
+0.37 (. If this ar) 352.01 616 P
+0.37 (gument is not given, the user) 399.54 616 P
+(will be prompted for the key) 144 602 T
+(.) 280.12 602 T
+4 F
+(\320m) 108 584 T
+0 F
+( ) 123.99 584 T
+3 F
+(b) 126.99 584 T
+0 F
+0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P
+3 F
+0.71 (b) 395.78 584 P
+0 F
+0.71 ( bits on the input. ) 401.77 584 P
+3 F
+0.71 (b) 491.94 584 P
+0 F
+0.71 ( must be) 497.94 584 P
+0.11 (between 1 and 64 inclusive; if ) 144 570 P
+3 F
+0.11 (b) 291.87 570 P
+0 F
+0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P
+-0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P
+(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T
+4 F
+(\320o) 108 524 T
+0 F
+( ) 119.99 524 T
+3 F
+(b) 122.99 524 T
+0 F
+-0.34 (Use ) 144 524 P
+3 F
+-0.34 (b) 165.31 524 P
+0 F
+-0.34 (-bit output feedback mode. Currently ) 171.31 524 P
+3 F
+-0.34 (b) 350.83 524 P
+0 F
+-0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P
+(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T
+4 F
+(\320p) 108 492 T
+0 F
+-0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P
+0.03 (used as typed, rather than making each character be of odd parity) 144 478 P
+0.03 (. It is used only if) 455.91 478 P
+(the key is given in ) 144 464 T
+5 F
+(ASCII) 234.95 464 T
+0 F
+(.) 261.04 464 T
+4 F
+(\320v) 108 446 T
+0 F
+( ) 119.99 446 T
+3 F
+(vector) 122.99 446 T
+0 F
+-0.5 (Set the initialization vector to ) 144 428 P
+3 F
+-0.5 (v) 286.44 428 P
+0 F
+-0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P
+-0.5 (.) 537 428 P
+(The vector is ignored in electronic codebook mode.) 144 414 T
+-0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P
+0.24 (search attacks, and Hellman\325) 108 382 P
+0.24 (s time-memory tradeof) 246.61 382 P
+0.24 (f \050all of which are very expensive and) 356.8 382 P
+0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P
+0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P
+3 F
+(bdes) 108 340 T
+0 F
+(.) 129.98 340 T
+4 F
+(IMPLEMENT) 72 314 T
+(A) 146.41 314 T
+(TION NOTES) 154.18 314 T
+0 F
+0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P
+-0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P
+(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T
+0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P
+0.52 (a block\051. T) 108 230 P
+0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P
+0.52 (, ) 413.01 230 P
+3 F
+0.52 (bdes ) 419.53 230 P
+0 F
+0.52 (will \050internally\051 ap-) 445.03 230 P
+0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P
+-0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P
+0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P
+-0.59 (last byte tells how many) 108 174 P
+-0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P
+0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P
+0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P
+0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P
+-0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P
+(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T
+FMENDPAGE
+%%EndPage: "9" 12
+%%Page: "10" 12
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 10 of 11) 473.71 34.7 T
+72 72 540 720 R
+7 X
+V
+0 X
+0.94 (Unlike Sun\325) 108 712 P
+0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P
+0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P
+(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T
+(.) 473.95 684 T
+0.36 (If the key is entered in ) 108 666 P
+5 F
+0.3 (ASCII) 220.76 666 P
+0 F
+0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P
+1.03 (character is of odd parity) 108 652 P
+1.03 (. Unlike Sun\325) 231.23 652 P
+1.03 (s implementation, it is possible to enter binary or) 296.92 652 P
+-0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P
+3 F
+-0.57 (not ) 472.85 638 P
+0 F
+-0.57 (reset. This) 490.61 638 P
+(allows testing using arbitrary bit patterns as keys.) 108 624 T
+0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P
+(default, ) 108 592 T
+3 F
+(bdes ) 147.3 592 T
+0 F
+(does too, but this may be changed from the command line.) 172.29 592 T
+4 F
+(FILES) 72 566 T
+0 F
+(/dev/tty) 108 542 T
+(controlling terminal for typed key) 180 542 T
+4 F
+(SEE ALSO) 72 516 T
+3 F
+(crypt) 108 492 T
+0 F
+(\0501\051, ) 132.65 492 T
+3 F
+(crypt) 152.63 492 T
+0 F
+(\0503\051) 177.27 492 T
+3 F
+-0.4 (Data Encryption Standar) 108 474 P
+-0.4 (d) 228.02 474 P
+0 F
+-0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P
+(of Standards, U.S. Department of Commerce, W) 108 460 T
+(ashington DC \050Jan. 1977\051.) 340.2 460 T
+3 F
+0.16 (DES) 108 442 P
+0 F
+0.16 ( ) 129.98 442 P
+3 F
+0.16 (Modes of Operation, ) 133.15 442 P
+0 F
+0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P
+(of Standards, U.S. Department of Commerce, W) 108 428 T
+(ashington DC \050Dec. 1980\051.) 340.2 428 T
+2.75 (Dorothy Denning, ) 108 410 P
+3 F
+2.75 (Cryptography and Data Security) 203.77 410 P
+0 F
+2.75 (, Addison-W) 368.8 410 P
+2.75 (esley Publishing Co.,) 432.55 410 P
+(Reading, MA \2511982.) 108 396 T
+-0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P
+3 F
+-0.19 (bdes) 305.76 378 P
+0 F
+-0.19 (\0501\051\323, T) 327.75 378 P
+-0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P
+0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P
+0.34 (, NH \050Apr) 488.01 364 P
+0.34 (.) 537 364 P
+(1991\051.) 108 350 T
+4 F
+(CAUTION) 72 324 T
+0 F
+-0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P
+-0.44 (keys, called the ) 108 286 P
+3 F
+-0.44 (weak) 183.95 286 P
+0 F
+-0.44 ( and ) 208.6 286 P
+3 F
+-0.44 (semiweak) 231.03 286 P
+0 F
+-0.44 ( keys, are \050in hex notation, where ) 277.66 286 P
+6 F
+-1.06 (p) 437.45 286 P
+0 F
+-0.44 ( is either ) 444.64 286 P
+6 F
+-1.06 (0) 487.63 286 P
+0 F
+-0.44 ( or ) 494.82 286 P
+6 F
+-1.06 (1) 509.93 286 P
+0 F
+-0.44 (, and) 517.12 286 P
+6 F
+(P) 108 272 T
+0 F
+( is either ) 115.2 272 T
+6 F
+(e) 159.5 272 T
+0 F
+( or ) 166.7 272 T
+6 F
+(f) 182.68 272 T
+0 F
+(\051:) 189.88 272 T
+6 F
+(0x0p0p0p0p0p0p0p0p) 144 254 T
+(0x0p1P0p1P0p0P0p0P) 360 254 T
+(0x0pep0pep0pfp0pfp) 144 236 T
+(0x0pfP0pfP0pfP0pfP) 360 236 T
+(0x1P0p1P0p0P0p0P0p) 144 218 T
+(0x1P1P1P1P0P0P0P0P) 360 218 T
+(0x1Pep1Pep0Pfp0Pfp) 144 200 T
+(0x1PfP1PfP0PfP0PfP) 360 200 T
+(0xep0pep0pfp0pfp0p) 144 182 T
+(0xep1Pep1pfp0Pfp0P) 360 182 T
+(0xepepepepepepepep) 144 164 T
+(0xepfPepfPfpfPfpfP) 360 164 T
+(0xfP0pfP0pfP0pfP0p) 144 146 T
+(0xfP1PfP1PfP0PfP0P) 360 146 T
+(0xfPepfPepfPepfPep) 144 128 T
+(0xfPfPfPfPfPfPfPfP) 360 128 T
+0 F
+0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P
+-0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P
+3 F
+-0.57 ( Advances in Cryp-) 449.43 96 P
+(tology \320 Crypto \32486 Pr) 108 82 T
+(oceedings) 216.83 82 T
+0 F
+(, Springer) 264.79 82 T
+(-V) 311.85 82 T
+(erlag New Y) 323.17 82 T
+(ork, \2511987, pp. 9-32\051.) 383.25 82 T
+FMENDPAGE
+%%EndPage: "10" 13
+%%Page: "11" 13
+612 792 0 FMBEGINPAGE
+72 745.99 540 756 R
+7 X
+0 K
+V
+72 32.69 540 42.7 R
+V
+0 F
+0 X
+(Page 11 of 11) 473.71 34.7 T
+72 72 540 720 R
+7 X
+V
+4 F
+0 X
+(BUGS) 72 712 T
+0 F
+-0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P
+0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P
+(named above so that they are no longer computationally infeasible.) 108 660 T
+0.32 (Programs which display programs\325 ar) 108 642 P
+0.32 (guments may compromise the key and initialization) 289.59 642 P
+0.76 (vector if they are speci\336ed on the command line. T) 108 628 P
+0.76 (o avoid this ) 358.46 628 P
+3 F
+0.76 (bdes) 419.7 628 P
+0 F
+0.76 ( overwrites its ar) 441.68 628 P
+0.76 (gu-) 524.01 628 P
+(ments. However) 108 614 T
+(, the obvious race cannot currently be avoided.) 186.12 614 T
+0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P
+(cryption can be compromised if memory is readable.) 108 582 T
+-0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P
+0.05 (nor any other warranty) 108 550 P
+0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P
+(rials or as to their suitability for any particular purpose.) 108 536 T
+-0.06 (Accordingly) 108 518 P
+-0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P
+-0.06 (, the author assumes) 442.93 518 P
+-0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P
+-0.25 (, or to furnish any additional) 404.69 504 P
+(information or documentation.) 108 490 T
+4 F
+(AUTHOR) 72 464 T
+0 F
+-0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P
+(College, Hanover) 108 426 T
+(, NH 03755) 192.12 426 T
+(Electronic mail addresses:) 108 408 T
+(Internet: Matt.Bishop@dartmouth.edu) 108 390 T
+(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T
+FMENDPAGE
+%%EndPage: "11" 14
+%%Trailer
+%%BoundingBox: 0 0 612 792
+%%Pages: 13 1
+%%DocumentFonts: Helvetica-Bold
+%%+ Helvetica-BoldOblique
+%%+ Times-Roman
+%%+ Times-Bold
+%%+ Times-BoldItalic
+%%+ Times-Italic
+%%+ Courier
+%%+ Courier-Oblique
+%%+ ZapfDingbats
+%%+ Symbol
+%%+ Courier-Bold
diff --git a/secure/usr.sbin/sendmail/Makefile b/secure/usr.sbin/sendmail/Makefile
new file mode 100644
index 0000000..2eaa13f
--- /dev/null
+++ b/secure/usr.sbin/sendmail/Makefile
@@ -0,0 +1,44 @@
+#	@(#)Makefile	8.8 (Berkeley) 3/28/97
+# $FreeBSD$
+
+SMDIR=	${.CURDIR}/../../contrib/sendmail/src
+.PATH:	${SMDIR}
+
+PROG=	sendmail
+
+# Define the database format to use for aliases et al.
+DBMDEF=	-DNEWDB
+
+# If you don't want NIS alias/map support, comment out this line
+NIS=	-DNIS
+
+# Map extensions
+MAPS=	-DMAP_REGEX
+
+CFLAGS+=-I${SMDIR} ${DBMDEF} ${NIS} -DTCPWRAPPERS ${MAPS}
+CFLAGS+=-D_FFR_MAX_MIME_HEADER_LENGTH
+CFLAGS+=-D_FFR_MAX_HEADERS_LENGTH
+
+SRCS=	alias.c arpadate.c clock.c collect.c conf.c control.c convtime.c \
+	daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c \
+	main.c map.c mci.c mime.c parseaddr.c queue.c readcf.c recipient.c \
+	safefile.c savemail.c snprintf.c srvrsmtp.c stab.c stats.c \
+	sysexits.c trace.c udb.c usersmtp.c util.c version.c
+DPADD=	${LIBUTIL} ${LIBWRAP}
+LDADD=	-lutil -lwrap
+MAN1=	mailq.1 newaliases.1
+MAN5=	aliases.5
+MAN8=	sendmail.8 
+LINKS=	${BINDIR}/sendmail /usr/bin/newaliases \
+	${BINDIR}/sendmail /usr/bin/mailq \
+	${BINDIR}/sendmail /usr/bin/hoststat \
+	${BINDIR}/sendmail ${BINDIR}/purgestat
+BINMODE=4555
+
+beforeinstall:
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 /dev/null \
+	    ${DESTDIR}/var/log/sendmail.st
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 ${SMDIR}/sendmail.hf \
+	    ${DESTDIR}/usr/share/misc
+
+.include <bsd.prog.mk>
diff --git a/secure/usr.sbin/xntpd/lib/authdes.c b/secure/usr.sbin/xntpd/lib/authdes.c
new file mode 100644
index 0000000..d6d8d1b
--- /dev/null
+++ b/secure/usr.sbin/xntpd/lib/authdes.c
@@ -0,0 +1,869 @@
+/*
+ * authdes.c - an implementation of the DES cipher algorithm for NTP
+ */
+#include <sys/types.h>
+
+#include <netinet/in.h>
+
+#if BYTE_ORDER == BIG_ENDIAN
+#define XNTP_BIG_ENDIAN
+#endif
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define XNTP_LITTLE_ENDIAN
+#endif
+
+/*
+ * There are two entries in here.  auth_subkeys() called to
+ * compute the encryption and decryption key schedules, while
+ * auth_des() is called to do the actual encryption/decryption
+ */
+
+/*
+ * Byte order woes.  The DES code is sensitive to byte order.  This
+ * used to be resolved by calling ntohl() and htonl() to swap things
+ * around, but this turned out to be quite costly on Vaxes where those
+ * things are actual functions.  The code now straightens out byte
+ * order troubles on its own, with no performance penalty for little
+ * end first machines, but at great expense to cleanliness.
+ */
+#if !defined(XNTP_BIG_ENDIAN) && !defined(XNTP_LITTLE_ENDIAN)
+	/*
+	 * Pick one or the other.
+	 */
+	BYTE_ORDER_NOT_DEFINED_FOR_AUTHENTICATION
+#endif
+
+/*
+ * Key setup.  Here we entirely permute a key, saving the results
+ * for both the encryption and decryption.  Note that while the
+ * decryption subkeys are simply the encryption keys reordered,
+ * we save both so that a common cipher routine may be used.
+ */
+
+/*
+ * Permuted choice 1 tables.  These are used to extract bits
+ * from the left and right parts of the key to form Ci and Di.
+ * The code that uses these tables knows which bits from which
+ * part of each key are used to form Ci and Di.
+ */
+static u_long PC1_CL[8] = {
+	0x00000000, 0x00000010, 0x00001000, 0x00001010,
+	0x00100000, 0x00100010, 0x00101000, 0x00101010
+};
+
+static u_long PC1_DL[16] = {
+	0x00000000, 0x00100000, 0x00001000, 0x00101000,
+	0x00000010, 0x00100010, 0x00001010, 0x00101010,
+	0x00000001, 0x00100001, 0x00001001, 0x00101001,
+	0x00000011, 0x00100011, 0x00001011, 0x00101011
+};
+
+static u_long PC1_CR[16] = {
+	0x00000000, 0x00000001, 0x00000100, 0x00000101,
+	0x00010000, 0x00010001, 0x00010100, 0x00010101,
+	0x01000000, 0x01000001, 0x01000100, 0x01000101,
+	0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static u_long PC1_DR[8] = {
+	0x00000000, 0x01000000, 0x00010000, 0x01010000,
+	0x00000100, 0x01000100, 0x00010100, 0x01010100
+};
+
+
+/*
+ * At the start of some iterations of the key schedule we do
+ * a circular left shift by one place, while for others we do a shift by
+ * two places.  This has bits set for the iterations where we do 2 bit
+ * shifts, starting at the low order bit.
+ */
+#define	TWO_BIT_SHIFTS	0x7efc
+
+/*
+ * Permuted choice 2 tables.  The first actually produces the low order
+ * 24 bits of the subkey Ki from the 28 bit value of Ci.  The second produces
+ * the high order 24 bits from Di.  The tables are indexed by six bit
+ * segments of Ci and Di respectively.  The code is handcrafted to compute
+ * the appropriate 6 bit chunks.
+ *
+ * Note that for ease of computation, the 24 bit values are produced with
+ * six bits going into each byte.
+ */
+static u_long PC2_C[4][64] = {
+	0x00000000, 0x00040000, 0x01000000, 0x01040000,
+	0x00000400, 0x00040400, 0x01000400, 0x01040400,
+	0x00200000, 0x00240000, 0x01200000, 0x01240000,
+	0x00200400, 0x00240400, 0x01200400, 0x01240400,
+	0x00000001, 0x00040001, 0x01000001, 0x01040001,
+	0x00000401, 0x00040401, 0x01000401, 0x01040401,
+	0x00200001, 0x00240001, 0x01200001, 0x01240001,
+	0x00200401, 0x00240401, 0x01200401, 0x01240401,
+	0x02000000, 0x02040000, 0x03000000, 0x03040000,
+	0x02000400, 0x02040400, 0x03000400, 0x03040400,
+	0x02200000, 0x02240000, 0x03200000, 0x03240000,
+	0x02200400, 0x02240400, 0x03200400, 0x03240400,
+	0x02000001, 0x02040001, 0x03000001, 0x03040001,
+	0x02000401, 0x02040401, 0x03000401, 0x03040401,
+	0x02200001, 0x02240001, 0x03200001, 0x03240001,
+	0x02200401, 0x02240401, 0x03200401, 0x03240401,
+
+	0x00000000, 0x00000002, 0x00000800, 0x00000802,
+	0x08000000, 0x08000002, 0x08000800, 0x08000802,
+	0x00010000, 0x00010002, 0x00010800, 0x00010802,
+	0x08010000, 0x08010002, 0x08010800, 0x08010802,
+	0x00000100, 0x00000102, 0x00000900, 0x00000902,
+	0x08000100, 0x08000102, 0x08000900, 0x08000902,
+	0x00010100, 0x00010102, 0x00010900, 0x00010902,
+	0x08010100, 0x08010102, 0x08010900, 0x08010902,
+	0x00000010, 0x00000012, 0x00000810, 0x00000812,
+	0x08000010, 0x08000012, 0x08000810, 0x08000812,
+	0x00010010, 0x00010012, 0x00010810, 0x00010812,
+	0x08010010, 0x08010012, 0x08010810, 0x08010812,
+	0x00000110, 0x00000112, 0x00000910, 0x00000912,
+	0x08000110, 0x08000112, 0x08000910, 0x08000912,
+	0x00010110, 0x00010112, 0x00010910, 0x00010912,
+	0x08010110, 0x08010112, 0x08010910, 0x08010912,
+
+	0x00000000, 0x04000000, 0x00002000, 0x04002000,
+	0x10000000, 0x14000000, 0x10002000, 0x14002000,
+	0x00000020, 0x04000020, 0x00002020, 0x04002020,
+	0x10000020, 0x14000020, 0x10002020, 0x14002020,
+	0x00080000, 0x04080000, 0x00082000, 0x04082000,
+	0x10080000, 0x14080000, 0x10082000, 0x14082000,
+	0x00080020, 0x04080020, 0x00082020, 0x04082020,
+	0x10080020, 0x14080020, 0x10082020, 0x14082020,
+	0x20000000, 0x24000000, 0x20002000, 0x24002000,
+	0x30000000, 0x34000000, 0x30002000, 0x34002000,
+	0x20000020, 0x24000020, 0x20002020, 0x24002020,
+	0x30000020, 0x34000020, 0x30002020, 0x34002020,
+	0x20080000, 0x24080000, 0x20082000, 0x24082000,
+	0x30080000, 0x34080000, 0x30082000, 0x34082000,
+	0x20080020, 0x24080020, 0x20082020, 0x24082020,
+	0x30080020, 0x34080020, 0x30082020, 0x34082020,
+
+	0x00000000, 0x00100000, 0x00000008, 0x00100008,
+	0x00000200, 0x00100200, 0x00000208, 0x00100208,
+	0x00020000, 0x00120000, 0x00020008, 0x00120008,
+	0x00020200, 0x00120200, 0x00020208, 0x00120208,
+	0x00000004, 0x00100004, 0x0000000c, 0x0010000c,
+	0x00000204, 0x00100204, 0x0000020c, 0x0010020c,
+	0x00020004, 0x00120004, 0x0002000c, 0x0012000c,
+	0x00020204, 0x00120204, 0x0002020c, 0x0012020c,
+	0x00001000, 0x00101000, 0x00001008, 0x00101008,
+	0x00001200, 0x00101200, 0x00001208, 0x00101208,
+	0x00021000, 0x00121000, 0x00021008, 0x00121008,
+	0x00021200, 0x00121200, 0x00021208, 0x00121208,
+	0x00001004, 0x00101004, 0x0000100c, 0x0010100c,
+	0x00001204, 0x00101204, 0x0000120c, 0x0010120c,
+	0x00021004, 0x00121004, 0x0002100c, 0x0012100c,
+	0x00021204, 0x00121204, 0x0002120c, 0x0012120c
+};
+
+static u_long PC2_D[4][64] = {
+	0x00000000, 0x00000200, 0x00020000, 0x00020200,
+	0x00000001, 0x00000201, 0x00020001, 0x00020201,
+	0x08000000, 0x08000200, 0x08020000, 0x08020200,
+	0x08000001, 0x08000201, 0x08020001, 0x08020201,
+	0x00200000, 0x00200200, 0x00220000, 0x00220200,
+	0x00200001, 0x00200201, 0x00220001, 0x00220201,
+	0x08200000, 0x08200200, 0x08220000, 0x08220200,
+	0x08200001, 0x08200201, 0x08220001, 0x08220201,
+	0x00000002, 0x00000202, 0x00020002, 0x00020202,
+	0x00000003, 0x00000203, 0x00020003, 0x00020203,
+	0x08000002, 0x08000202, 0x08020002, 0x08020202,
+	0x08000003, 0x08000203, 0x08020003, 0x08020203,
+	0x00200002, 0x00200202, 0x00220002, 0x00220202,
+	0x00200003, 0x00200203, 0x00220003, 0x00220203,
+	0x08200002, 0x08200202, 0x08220002, 0x08220202,
+	0x08200003, 0x08200203, 0x08220003, 0x08220203,
+
+	0x00000000, 0x00000010, 0x20000000, 0x20000010,
+	0x00100000, 0x00100010, 0x20100000, 0x20100010,
+	0x00000800, 0x00000810, 0x20000800, 0x20000810,
+	0x00100800, 0x00100810, 0x20100800, 0x20100810,
+	0x04000000, 0x04000010, 0x24000000, 0x24000010,
+	0x04100000, 0x04100010, 0x24100000, 0x24100010,
+	0x04000800, 0x04000810, 0x24000800, 0x24000810,
+	0x04100800, 0x04100810, 0x24100800, 0x24100810,
+	0x00000004, 0x00000014, 0x20000004, 0x20000014,
+	0x00100004, 0x00100014, 0x20100004, 0x20100014,
+	0x00000804, 0x00000814, 0x20000804, 0x20000814,
+	0x00100804, 0x00100814, 0x20100804, 0x20100814,
+	0x04000004, 0x04000014, 0x24000004, 0x24000014,
+	0x04100004, 0x04100014, 0x24100004, 0x24100014,
+	0x04000804, 0x04000814, 0x24000804, 0x24000814,
+	0x04100804, 0x04100814, 0x24100804, 0x24100814,
+
+	0x00000000, 0x00001000, 0x00010000, 0x00011000,
+	0x02000000, 0x02001000, 0x02010000, 0x02011000,
+	0x00000020, 0x00001020, 0x00010020, 0x00011020,
+	0x02000020, 0x02001020, 0x02010020, 0x02011020,
+	0x00040000, 0x00041000, 0x00050000, 0x00051000,
+	0x02040000, 0x02041000, 0x02050000, 0x02051000,
+	0x00040020, 0x00041020, 0x00050020, 0x00051020,
+	0x02040020, 0x02041020, 0x02050020, 0x02051020,
+	0x00002000, 0x00003000, 0x00012000, 0x00013000,
+	0x02002000, 0x02003000, 0x02012000, 0x02013000,
+	0x00002020, 0x00003020, 0x00012020, 0x00013020,
+	0x02002020, 0x02003020, 0x02012020, 0x02013020,
+	0x00042000, 0x00043000, 0x00052000, 0x00053000,
+	0x02042000, 0x02043000, 0x02052000, 0x02053000,
+	0x00042020, 0x00043020, 0x00052020, 0x00053020,
+	0x02042020, 0x02043020, 0x02052020, 0x02053020,
+
+	0x00000000, 0x00000400, 0x01000000, 0x01000400,
+	0x00000100, 0x00000500, 0x01000100, 0x01000500,
+	0x10000000, 0x10000400, 0x11000000, 0x11000400,
+	0x10000100, 0x10000500, 0x11000100, 0x11000500,
+	0x00080000, 0x00080400, 0x01080000, 0x01080400,
+	0x00080100, 0x00080500, 0x01080100, 0x01080500,
+	0x10080000, 0x10080400, 0x11080000, 0x11080400,
+	0x10080100, 0x10080500, 0x11080100, 0x11080500,
+	0x00000008, 0x00000408, 0x01000008, 0x01000408,
+	0x00000108, 0x00000508, 0x01000108, 0x01000508,
+	0x10000008, 0x10000408, 0x11000008, 0x11000408,
+	0x10000108, 0x10000508, 0x11000108, 0x11000508,
+	0x00080008, 0x00080408, 0x01080008, 0x01080408,
+	0x00080108, 0x00080508, 0x01080108, 0x01080508,
+	0x10080008, 0x10080408, 0x11080008, 0x11080408,
+	0x10080108, 0x10080508, 0x11080108, 0x11080508
+};
+
+
+
+/*
+ * Permute the key to give us our key schedule.
+ */
+void
+DESauth_subkeys(key, encryptkeys, decryptkeys)
+	u_long *key;
+	u_char *encryptkeys;
+	u_char *decryptkeys;
+{
+	register u_long tmp;
+	register u_long c, d;
+	register u_char *ek, *dk;
+	register int two_bit_shifts;
+	register int i;
+
+	/*
+	 * The first permutted choice gives us the 28 bits for C0 and
+	 * 28 for D0.  C0 gets 12 bits from the left key and 16 from
+	 * the right, while D0 gets 16 from the left and 12 from the
+	 * right.  The code knows which bits go where.
+	 */
+	tmp = *key;	/* left part of key */
+	c =  PC1_CL[(tmp >> 29) & 0x7]
+	  | (PC1_CL[(tmp >> 21) & 0x7] << 1)
+	  | (PC1_CL[(tmp >> 13) & 0x7] << 2)
+	  | (PC1_CL[(tmp >>  5) & 0x7] << 3);
+	d =  PC1_DL[(tmp >> 25) & 0xf]
+	  | (PC1_DL[(tmp >> 17) & 0xf] << 1)
+	  | (PC1_DL[(tmp >>  9) & 0xf] << 2)
+	  | (PC1_DL[(tmp >>  1) & 0xf] << 3);
+
+	tmp = *(key+1);	/* right part of key */
+	c |= PC1_CR[(tmp >> 28) & 0xf]
+	  | (PC1_CR[(tmp >> 20) & 0xf] << 1)
+	  | (PC1_CR[(tmp >> 12) & 0xf] << 2)
+	  | (PC1_CR[(tmp >>  4) & 0xf] << 3);
+	d |= PC1_DR[(tmp >> 25) & 0x7]
+	  | (PC1_DR[(tmp >> 17) & 0x7] << 1)
+	  | (PC1_DR[(tmp >>  9) & 0x7] << 2)
+	  | (PC1_DR[(tmp >>  1) & 0x7] << 3);
+
+	/*
+	 * Now iterate to compute the key schedule.  Note that we
+	 * record the entire set of subkeys in 6 bit chunks since
+	 * they are used that way.  At 6 bits/char, we need
+	 * 48/6 char's/subkey * 16 subkeys/encryption == 128 chars.
+	 * encryptkeys and decryptkeys must be this big.
+	 */
+	ek = encryptkeys;
+	dk = decryptkeys + (8 * 15);
+	two_bit_shifts = TWO_BIT_SHIFTS;
+	for (i = 16; i > 0; i--) {
+		/*
+		 * Do the rotation.  One bit and two bit rotations
+		 * are done separately.  Note C and D are 28 bits.
+		 */
+		if (two_bit_shifts & 0x1) {
+			c = ((c << 2) & 0xffffffc) | (c >> 26);
+			d = ((d << 2) & 0xffffffc) | (d >> 26);
+		} else {
+			c = ((c << 1) & 0xffffffe) | (c >> 27);
+			d = ((d << 1) & 0xffffffe) | (d >> 27);
+		}
+		two_bit_shifts >>= 1;
+
+		/*
+		 * Apply permutted choice 2 to C to get the first
+		 * 24 bits worth of keys.  Note that bits 9, 18, 22
+		 * and 25 (using DES numbering) in C are unused.  The
+		 * shift-mask stuff is done to delete these bits from
+		 * the indices, since this cuts the table size in half.
+		 */
+		tmp = PC2_C[0][((c >> 22) & 0x3f)]
+		    | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
+		    | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
+		    | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
+		*ek++ = *dk++ = (u_char)(tmp >> 24);
+		*ek++ = *dk++ = (u_char)(tmp >> 16);
+		*ek++ = *dk++ = (u_char)(tmp >>  8);
+		*ek++ = *dk++ = (u_char)tmp;
+
+		/*
+		 * Apply permutted choice 2 to D to get the other half.
+		 * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
+		 * actually turns out to be cheaper here.
+		 */
+		tmp = PC2_D[0][((d >> 22) & 0x3f)]
+		    | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
+		    | PC2_D[2][((d >>  7) & 0x3f)]
+		    | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
+		*ek++ = *dk++ = (u_char)(tmp >> 24);
+		*ek++ = *dk++ = (u_char)(tmp >> 16);
+		*ek++ = *dk++ = (u_char)(tmp >>  8);
+		*ek++ = *dk++ = (u_char)tmp;
+
+		/*
+		 * We are filling in the decryption subkeys from the end.
+		 * Space it back 16 elements to get to the start of the
+		 * next set.
+		 */
+		dk -= 16;
+	}
+}
+
+/*
+ * The DES algorithm.  This is intended to be fairly speedy at the
+ * expense of some memory.
+ *
+ * This uses all the standard hacks.  The S boxes and the P permutation
+ * are precomputed into one table.  The E box never actually appears
+ * explicitly since it is easy to apply this algorithmically.  The
+ * initial permutation and final (inverse initial) permuation are
+ * computed from tables designed to permute four bits at a time.  This
+ * should run pretty fast on machines with 32 bit words and
+ * bit field/multiple bit shift instructions which are fast.
+ */
+
+/*
+ * The initial permutation array.  This is used to compute both the
+ * left and the right halves of the initial permutation using bytes
+ * from words made from the following operations:
+ *
+ * ((left & 0x55555555) << 1) | (right & 0x55555555)  for left half
+ * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1)  for right half
+ *
+ * The scheme is that we index into the table using each byte.  The
+ * result from the high order byte is or'd with the result from the
+ * next byte shifted left once is or'd with the result from the next
+ * byte shifted left twice if or'd with the result from the low order
+ * byte shifted left by three.  Clear?
+ */
+static u_long IP[256] = {
+	0x00000000, 0x00000010, 0x00000001, 0x00000011,
+	0x00001000, 0x00001010, 0x00001001, 0x00001011,
+	0x00000100, 0x00000110, 0x00000101, 0x00000111,
+	0x00001100, 0x00001110, 0x00001101, 0x00001111,
+	0x00100000, 0x00100010, 0x00100001, 0x00100011,
+	0x00101000, 0x00101010, 0x00101001, 0x00101011,
+	0x00100100, 0x00100110, 0x00100101, 0x00100111,
+	0x00101100, 0x00101110, 0x00101101, 0x00101111,
+	0x00010000, 0x00010010, 0x00010001, 0x00010011,
+	0x00011000, 0x00011010, 0x00011001, 0x00011011,
+	0x00010100, 0x00010110, 0x00010101, 0x00010111,
+	0x00011100, 0x00011110, 0x00011101, 0x00011111,
+	0x00110000, 0x00110010, 0x00110001, 0x00110011,
+	0x00111000, 0x00111010, 0x00111001, 0x00111011,
+	0x00110100, 0x00110110, 0x00110101, 0x00110111,
+	0x00111100, 0x00111110, 0x00111101, 0x00111111,
+	0x10000000, 0x10000010, 0x10000001, 0x10000011,
+	0x10001000, 0x10001010, 0x10001001, 0x10001011,
+	0x10000100, 0x10000110, 0x10000101, 0x10000111,
+	0x10001100, 0x10001110, 0x10001101, 0x10001111,
+	0x10100000, 0x10100010, 0x10100001, 0x10100011,
+	0x10101000, 0x10101010, 0x10101001, 0x10101011,
+	0x10100100, 0x10100110, 0x10100101, 0x10100111,
+	0x10101100, 0x10101110, 0x10101101, 0x10101111,
+	0x10010000, 0x10010010, 0x10010001, 0x10010011,
+	0x10011000, 0x10011010, 0x10011001, 0x10011011,
+	0x10010100, 0x10010110, 0x10010101, 0x10010111,
+	0x10011100, 0x10011110, 0x10011101, 0x10011111,
+	0x10110000, 0x10110010, 0x10110001, 0x10110011,
+	0x10111000, 0x10111010, 0x10111001, 0x10111011,
+	0x10110100, 0x10110110, 0x10110101, 0x10110111,
+	0x10111100, 0x10111110, 0x10111101, 0x10111111,
+	0x01000000, 0x01000010, 0x01000001, 0x01000011,
+	0x01001000, 0x01001010, 0x01001001, 0x01001011,
+	0x01000100, 0x01000110, 0x01000101, 0x01000111,
+	0x01001100, 0x01001110, 0x01001101, 0x01001111,
+	0x01100000, 0x01100010, 0x01100001, 0x01100011,
+	0x01101000, 0x01101010, 0x01101001, 0x01101011,
+	0x01100100, 0x01100110, 0x01100101, 0x01100111,
+	0x01101100, 0x01101110, 0x01101101, 0x01101111,
+	0x01010000, 0x01010010, 0x01010001, 0x01010011,
+	0x01011000, 0x01011010, 0x01011001, 0x01011011,
+	0x01010100, 0x01010110, 0x01010101, 0x01010111,
+	0x01011100, 0x01011110, 0x01011101, 0x01011111,
+	0x01110000, 0x01110010, 0x01110001, 0x01110011,
+	0x01111000, 0x01111010, 0x01111001, 0x01111011,
+	0x01110100, 0x01110110, 0x01110101, 0x01110111,
+	0x01111100, 0x01111110, 0x01111101, 0x01111111,
+	0x11000000, 0x11000010, 0x11000001, 0x11000011,
+	0x11001000, 0x11001010, 0x11001001, 0x11001011,
+	0x11000100, 0x11000110, 0x11000101, 0x11000111,
+	0x11001100, 0x11001110, 0x11001101, 0x11001111,
+	0x11100000, 0x11100010, 0x11100001, 0x11100011,
+	0x11101000, 0x11101010, 0x11101001, 0x11101011,
+	0x11100100, 0x11100110, 0x11100101, 0x11100111,
+	0x11101100, 0x11101110, 0x11101101, 0x11101111,
+	0x11010000, 0x11010010, 0x11010001, 0x11010011,
+	0x11011000, 0x11011010, 0x11011001, 0x11011011,
+	0x11010100, 0x11010110, 0x11010101, 0x11010111,
+	0x11011100, 0x11011110, 0x11011101, 0x11011111,
+	0x11110000, 0x11110010, 0x11110001, 0x11110011,
+	0x11111000, 0x11111010, 0x11111001, 0x11111011,
+	0x11110100, 0x11110110, 0x11110101, 0x11110111,
+	0x11111100, 0x11111110, 0x11111101, 0x11111111
+};
+
+/*
+ * The final permutation array.  Like the IP array, used
+ * to compute both the left and right results from the nibbles
+ * of words computed from:
+ *
+ * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f)  for left result
+ * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4)  for right result
+ *
+ * The result from the high order byte is shifted left 6 bits and
+ * or'd with the result from the next byte shifted left 4 bits, which
+ * is or'd with the result from the next byte shifted left 2 bits,
+ * which is or'd with the result from the low byte.
+ *
+ * There is one of these for big end machines (the natural order for
+ * DES) and a second for little end machines.  One is a byte swapped
+ * version of the other.
+ */
+#ifndef XNTP_LITTLE_ENDIAN
+	/*
+	 * Big end version
+	 */
+static u_long FP[256] = {
+	0x00000000, 0x02000000, 0x00020000, 0x02020000,
+	0x00000200, 0x02000200, 0x00020200, 0x02020200,
+	0x00000002, 0x02000002, 0x00020002, 0x02020002,
+	0x00000202, 0x02000202, 0x00020202, 0x02020202,
+	0x01000000, 0x03000000, 0x01020000, 0x03020000,
+	0x01000200, 0x03000200, 0x01020200, 0x03020200,
+	0x01000002, 0x03000002, 0x01020002, 0x03020002,
+	0x01000202, 0x03000202, 0x01020202, 0x03020202,
+	0x00010000, 0x02010000, 0x00030000, 0x02030000,
+	0x00010200, 0x02010200, 0x00030200, 0x02030200,
+	0x00010002, 0x02010002, 0x00030002, 0x02030002,
+	0x00010202, 0x02010202, 0x00030202, 0x02030202,
+	0x01010000, 0x03010000, 0x01030000, 0x03030000,
+	0x01010200, 0x03010200, 0x01030200, 0x03030200,
+	0x01010002, 0x03010002, 0x01030002, 0x03030002,
+	0x01010202, 0x03010202, 0x01030202, 0x03030202,
+	0x00000100, 0x02000100, 0x00020100, 0x02020100,
+	0x00000300, 0x02000300, 0x00020300, 0x02020300,
+	0x00000102, 0x02000102, 0x00020102, 0x02020102,
+	0x00000302, 0x02000302, 0x00020302, 0x02020302,
+	0x01000100, 0x03000100, 0x01020100, 0x03020100,
+	0x01000300, 0x03000300, 0x01020300, 0x03020300,
+	0x01000102, 0x03000102, 0x01020102, 0x03020102,
+	0x01000302, 0x03000302, 0x01020302, 0x03020302,
+	0x00010100, 0x02010100, 0x00030100, 0x02030100,
+	0x00010300, 0x02010300, 0x00030300, 0x02030300,
+	0x00010102, 0x02010102, 0x00030102, 0x02030102,
+	0x00010302, 0x02010302, 0x00030302, 0x02030302,
+	0x01010100, 0x03010100, 0x01030100, 0x03030100,
+	0x01010300, 0x03010300, 0x01030300, 0x03030300,
+	0x01010102, 0x03010102, 0x01030102, 0x03030102,
+	0x01010302, 0x03010302, 0x01030302, 0x03030302,
+	0x00000001, 0x02000001, 0x00020001, 0x02020001,
+	0x00000201, 0x02000201, 0x00020201, 0x02020201,
+	0x00000003, 0x02000003, 0x00020003, 0x02020003,
+	0x00000203, 0x02000203, 0x00020203, 0x02020203,
+	0x01000001, 0x03000001, 0x01020001, 0x03020001,
+	0x01000201, 0x03000201, 0x01020201, 0x03020201,
+	0x01000003, 0x03000003, 0x01020003, 0x03020003,
+	0x01000203, 0x03000203, 0x01020203, 0x03020203,
+	0x00010001, 0x02010001, 0x00030001, 0x02030001,
+	0x00010201, 0x02010201, 0x00030201, 0x02030201,
+	0x00010003, 0x02010003, 0x00030003, 0x02030003,
+	0x00010203, 0x02010203, 0x00030203, 0x02030203,
+	0x01010001, 0x03010001, 0x01030001, 0x03030001,
+	0x01010201, 0x03010201, 0x01030201, 0x03030201,
+	0x01010003, 0x03010003, 0x01030003, 0x03030003,
+	0x01010203, 0x03010203, 0x01030203, 0x03030203,
+	0x00000101, 0x02000101, 0x00020101, 0x02020101,
+	0x00000301, 0x02000301, 0x00020301, 0x02020301,
+	0x00000103, 0x02000103, 0x00020103, 0x02020103,
+	0x00000303, 0x02000303, 0x00020303, 0x02020303,
+	0x01000101, 0x03000101, 0x01020101, 0x03020101,
+	0x01000301, 0x03000301, 0x01020301, 0x03020301,
+	0x01000103, 0x03000103, 0x01020103, 0x03020103,
+	0x01000303, 0x03000303, 0x01020303, 0x03020303,
+	0x00010101, 0x02010101, 0x00030101, 0x02030101,
+	0x00010301, 0x02010301, 0x00030301, 0x02030301,
+	0x00010103, 0x02010103, 0x00030103, 0x02030103,
+	0x00010303, 0x02010303, 0x00030303, 0x02030303,
+	0x01010101, 0x03010101, 0x01030101, 0x03030101,
+	0x01010301, 0x03010301, 0x01030301, 0x03030301,
+	0x01010103, 0x03010103, 0x01030103, 0x03030103,
+	0x01010303, 0x03010303, 0x01030303, 0x03030303
+};
+#else
+	/*
+	 * Byte swapped for little end machines.
+	 */
+static u_long FP[256] = {
+	0x00000000, 0x00000002, 0x00000200, 0x00000202,
+	0x00020000, 0x00020002, 0x00020200, 0x00020202,
+	0x02000000, 0x02000002, 0x02000200, 0x02000202,
+	0x02020000, 0x02020002, 0x02020200, 0x02020202,
+	0x00000001, 0x00000003, 0x00000201, 0x00000203,
+	0x00020001, 0x00020003, 0x00020201, 0x00020203,
+	0x02000001, 0x02000003, 0x02000201, 0x02000203,
+	0x02020001, 0x02020003, 0x02020201, 0x02020203,
+	0x00000100, 0x00000102, 0x00000300, 0x00000302,
+	0x00020100, 0x00020102, 0x00020300, 0x00020302,
+	0x02000100, 0x02000102, 0x02000300, 0x02000302,
+	0x02020100, 0x02020102, 0x02020300, 0x02020302,
+	0x00000101, 0x00000103, 0x00000301, 0x00000303,
+	0x00020101, 0x00020103, 0x00020301, 0x00020303,
+	0x02000101, 0x02000103, 0x02000301, 0x02000303,
+	0x02020101, 0x02020103, 0x02020301, 0x02020303,
+	0x00010000, 0x00010002, 0x00010200, 0x00010202,
+	0x00030000, 0x00030002, 0x00030200, 0x00030202,
+	0x02010000, 0x02010002, 0x02010200, 0x02010202,
+	0x02030000, 0x02030002, 0x02030200, 0x02030202,
+	0x00010001, 0x00010003, 0x00010201, 0x00010203,
+	0x00030001, 0x00030003, 0x00030201, 0x00030203,
+	0x02010001, 0x02010003, 0x02010201, 0x02010203,
+	0x02030001, 0x02030003, 0x02030201, 0x02030203,
+	0x00010100, 0x00010102, 0x00010300, 0x00010302,
+	0x00030100, 0x00030102, 0x00030300, 0x00030302,
+	0x02010100, 0x02010102, 0x02010300, 0x02010302,
+	0x02030100, 0x02030102, 0x02030300, 0x02030302,
+	0x00010101, 0x00010103, 0x00010301, 0x00010303,
+	0x00030101, 0x00030103, 0x00030301, 0x00030303,
+	0x02010101, 0x02010103, 0x02010301, 0x02010303,
+	0x02030101, 0x02030103, 0x02030301, 0x02030303,
+	0x01000000, 0x01000002, 0x01000200, 0x01000202,
+	0x01020000, 0x01020002, 0x01020200, 0x01020202,
+	0x03000000, 0x03000002, 0x03000200, 0x03000202,
+	0x03020000, 0x03020002, 0x03020200, 0x03020202,
+	0x01000001, 0x01000003, 0x01000201, 0x01000203,
+	0x01020001, 0x01020003, 0x01020201, 0x01020203,
+	0x03000001, 0x03000003, 0x03000201, 0x03000203,
+	0x03020001, 0x03020003, 0x03020201, 0x03020203,
+	0x01000100, 0x01000102, 0x01000300, 0x01000302,
+	0x01020100, 0x01020102, 0x01020300, 0x01020302,
+	0x03000100, 0x03000102, 0x03000300, 0x03000302,
+	0x03020100, 0x03020102, 0x03020300, 0x03020302,
+	0x01000101, 0x01000103, 0x01000301, 0x01000303,
+	0x01020101, 0x01020103, 0x01020301, 0x01020303,
+	0x03000101, 0x03000103, 0x03000301, 0x03000303,
+	0x03020101, 0x03020103, 0x03020301, 0x03020303,
+	0x01010000, 0x01010002, 0x01010200, 0x01010202,
+	0x01030000, 0x01030002, 0x01030200, 0x01030202,
+	0x03010000, 0x03010002, 0x03010200, 0x03010202,
+	0x03030000, 0x03030002, 0x03030200, 0x03030202,
+	0x01010001, 0x01010003, 0x01010201, 0x01010203,
+	0x01030001, 0x01030003, 0x01030201, 0x01030203,
+	0x03010001, 0x03010003, 0x03010201, 0x03010203,
+	0x03030001, 0x03030003, 0x03030201, 0x03030203,
+	0x01010100, 0x01010102, 0x01010300, 0x01010302,
+	0x01030100, 0x01030102, 0x01030300, 0x01030302,
+	0x03010100, 0x03010102, 0x03010300, 0x03010302,
+	0x03030100, 0x03030102, 0x03030300, 0x03030302,
+	0x01010101, 0x01010103, 0x01010301, 0x01010303,
+	0x01030101, 0x01030103, 0x01030301, 0x01030303,
+	0x03010101, 0x03010103, 0x03010301, 0x03010303,
+	0x03030101, 0x03030103, 0x03030301, 0x03030303
+};
+#endif
+
+
+/*
+ * The SP table is actually the S boxes and the P permutation
+ * table combined.
+ */
+static u_long SP[8][64] = {
+	0x00808200, 0x00000000, 0x00008000, 0x00808202,
+	0x00808002, 0x00008202, 0x00000002, 0x00008000,
+	0x00000200, 0x00808200, 0x00808202, 0x00000200,
+	0x00800202, 0x00808002, 0x00800000, 0x00000002,
+	0x00000202, 0x00800200, 0x00800200, 0x00008200,
+	0x00008200, 0x00808000, 0x00808000, 0x00800202,
+	0x00008002, 0x00800002, 0x00800002, 0x00008002,
+	0x00000000, 0x00000202, 0x00008202, 0x00800000,
+	0x00008000, 0x00808202, 0x00000002, 0x00808000,
+	0x00808200, 0x00800000, 0x00800000, 0x00000200,
+	0x00808002, 0x00008000, 0x00008200, 0x00800002,
+	0x00000200, 0x00000002, 0x00800202, 0x00008202,
+	0x00808202, 0x00008002, 0x00808000, 0x00800202,
+	0x00800002, 0x00000202, 0x00008202, 0x00808200,
+	0x00000202, 0x00800200, 0x00800200, 0x00000000,
+	0x00008002, 0x00008200, 0x00000000, 0x00808002,
+
+	0x40084010, 0x40004000, 0x00004000, 0x00084010,
+	0x00080000, 0x00000010, 0x40080010, 0x40004010,
+	0x40000010, 0x40084010, 0x40084000, 0x40000000,
+	0x40004000, 0x00080000, 0x00000010, 0x40080010,
+	0x00084000, 0x00080010, 0x40004010, 0x00000000,
+	0x40000000, 0x00004000, 0x00084010, 0x40080000,
+	0x00080010, 0x40000010, 0x00000000, 0x00084000,
+	0x00004010, 0x40084000, 0x40080000, 0x00004010,
+	0x00000000, 0x00084010, 0x40080010, 0x00080000,
+	0x40004010, 0x40080000, 0x40084000, 0x00004000,
+	0x40080000, 0x40004000, 0x00000010, 0x40084010,
+	0x00084010, 0x00000010, 0x00004000, 0x40000000,
+	0x00004010, 0x40084000, 0x00080000, 0x40000010,
+	0x00080010, 0x40004010, 0x40000010, 0x00080010,
+	0x00084000, 0x00000000, 0x40004000, 0x00004010,
+	0x40000000, 0x40080010, 0x40084010, 0x00084000,
+
+	0x00000104, 0x04010100, 0x00000000, 0x04010004,
+	0x04000100, 0x00000000, 0x00010104, 0x04000100,
+	0x00010004, 0x04000004, 0x04000004, 0x00010000,
+	0x04010104, 0x00010004, 0x04010000, 0x00000104,
+	0x04000000, 0x00000004, 0x04010100, 0x00000100,
+	0x00010100, 0x04010000, 0x04010004, 0x00010104,
+	0x04000104, 0x00010100, 0x00010000, 0x04000104,
+	0x00000004, 0x04010104, 0x00000100, 0x04000000,
+	0x04010100, 0x04000000, 0x00010004, 0x00000104,
+	0x00010000, 0x04010100, 0x04000100, 0x00000000,
+	0x00000100, 0x00010004, 0x04010104, 0x04000100,
+	0x04000004, 0x00000100, 0x00000000, 0x04010004,
+	0x04000104, 0x00010000, 0x04000000, 0x04010104,
+	0x00000004, 0x00010104, 0x00010100, 0x04000004,
+	0x04010000, 0x04000104, 0x00000104, 0x04010000,
+	0x00010104, 0x00000004, 0x04010004, 0x00010100,
+
+	0x80401000, 0x80001040, 0x80001040, 0x00000040,
+	0x00401040, 0x80400040, 0x80400000, 0x80001000,
+	0x00000000, 0x00401000, 0x00401000, 0x80401040,
+	0x80000040, 0x00000000, 0x00400040, 0x80400000,
+	0x80000000, 0x00001000, 0x00400000, 0x80401000,
+	0x00000040, 0x00400000, 0x80001000, 0x00001040,
+	0x80400040, 0x80000000, 0x00001040, 0x00400040,
+	0x00001000, 0x00401040, 0x80401040, 0x80000040,
+	0x00400040, 0x80400000, 0x00401000, 0x80401040,
+	0x80000040, 0x00000000, 0x00000000, 0x00401000,
+	0x00001040, 0x00400040, 0x80400040, 0x80000000,
+	0x80401000, 0x80001040, 0x80001040, 0x00000040,
+	0x80401040, 0x80000040, 0x80000000, 0x00001000,
+	0x80400000, 0x80001000, 0x00401040, 0x80400040,
+	0x80001000, 0x00001040, 0x00400000, 0x80401000,
+	0x00000040, 0x00400000, 0x00001000, 0x00401040,
+
+	0x00000080, 0x01040080, 0x01040000, 0x21000080,
+	0x00040000, 0x00000080, 0x20000000, 0x01040000,
+	0x20040080, 0x00040000, 0x01000080, 0x20040080,
+	0x21000080, 0x21040000, 0x00040080, 0x20000000,
+	0x01000000, 0x20040000, 0x20040000, 0x00000000,
+	0x20000080, 0x21040080, 0x21040080, 0x01000080,
+	0x21040000, 0x20000080, 0x00000000, 0x21000000,
+	0x01040080, 0x01000000, 0x21000000, 0x00040080,
+	0x00040000, 0x21000080, 0x00000080, 0x01000000,
+	0x20000000, 0x01040000, 0x21000080, 0x20040080,
+	0x01000080, 0x20000000, 0x21040000, 0x01040080,
+	0x20040080, 0x00000080, 0x01000000, 0x21040000,
+	0x21040080, 0x00040080, 0x21000000, 0x21040080,
+	0x01040000, 0x00000000, 0x20040000, 0x21000000,
+	0x00040080, 0x01000080, 0x20000080, 0x00040000,
+	0x00000000, 0x20040000, 0x01040080, 0x20000080,
+
+	0x10000008, 0x10200000, 0x00002000, 0x10202008,
+	0x10200000, 0x00000008, 0x10202008, 0x00200000,
+	0x10002000, 0x00202008, 0x00200000, 0x10000008,
+	0x00200008, 0x10002000, 0x10000000, 0x00002008,
+	0x00000000, 0x00200008, 0x10002008, 0x00002000,
+	0x00202000, 0x10002008, 0x00000008, 0x10200008,
+	0x10200008, 0x00000000, 0x00202008, 0x10202000,
+	0x00002008, 0x00202000, 0x10202000, 0x10000000,
+	0x10002000, 0x00000008, 0x10200008, 0x00202000,
+	0x10202008, 0x00200000, 0x00002008, 0x10000008,
+	0x00200000, 0x10002000, 0x10000000, 0x00002008,
+	0x10000008, 0x10202008, 0x00202000, 0x10200000,
+	0x00202008, 0x10202000, 0x00000000, 0x10200008,
+	0x00000008, 0x00002000, 0x10200000, 0x00202008,
+	0x00002000, 0x00200008, 0x10002008, 0x00000000,
+	0x10202000, 0x10000000, 0x00200008, 0x10002008,
+
+	0x00100000, 0x02100001, 0x02000401, 0x00000000,
+	0x00000400, 0x02000401, 0x00100401, 0x02100400,
+	0x02100401, 0x00100000, 0x00000000, 0x02000001,
+	0x00000001, 0x02000000, 0x02100001, 0x00000401,
+	0x02000400, 0x00100401, 0x00100001, 0x02000400,
+	0x02000001, 0x02100000, 0x02100400, 0x00100001,
+	0x02100000, 0x00000400, 0x00000401, 0x02100401,
+	0x00100400, 0x00000001, 0x02000000, 0x00100400,
+	0x02000000, 0x00100400, 0x00100000, 0x02000401,
+	0x02000401, 0x02100001, 0x02100001, 0x00000001,
+	0x00100001, 0x02000000, 0x02000400, 0x00100000,
+	0x02100400, 0x00000401, 0x00100401, 0x02100400,
+	0x00000401, 0x02000001, 0x02100401, 0x02100000,
+	0x00100400, 0x00000000, 0x00000001, 0x02100401,
+	0x00000000, 0x00100401, 0x02100000, 0x00000400,
+	0x02000001, 0x02000400, 0x00000400, 0x00100001,
+
+	0x08000820, 0x00000800, 0x00020000, 0x08020820,
+	0x08000000, 0x08000820, 0x00000020, 0x08000000,
+	0x00020020, 0x08020000, 0x08020820, 0x00020800,
+	0x08020800, 0x00020820, 0x00000800, 0x00000020,
+	0x08020000, 0x08000020, 0x08000800, 0x00000820,
+	0x00020800, 0x00020020, 0x08020020, 0x08020800,
+	0x00000820, 0x00000000, 0x00000000, 0x08020020,
+	0x08000020, 0x08000800, 0x00020820, 0x00020000,
+	0x00020820, 0x00020000, 0x08020800, 0x00000800,
+	0x00000020, 0x08020020, 0x00000800, 0x00020820,
+	0x08000800, 0x00000020, 0x08000020, 0x08020000,
+	0x08020020, 0x08000000, 0x00020000, 0x08000820,
+	0x00000000, 0x08020820, 0x00020020, 0x08000020,
+	0x08020000, 0x08000800, 0x08000820, 0x00000000,
+	0x08020820, 0x00020800, 0x00020800, 0x00000820,
+	0x00000820, 0x00020020, 0x08000000, 0x08020800
+};
+
+
+
+/*
+ * DESauth_des - perform an in place DES encryption on 64 bits
+ *
+ * Note that the `data' argument is always in big-end-first
+ * byte order, i.e. *(char *)data is the high order byte of
+ * the 8 byte data word.  We modify the initial and final
+ * permutation computations for little-end-first machines to
+ * swap bytes into the natural host order at the beginning and
+ * back to big-end order at the end.  This is unclean but avoids
+ * a byte swapping performance penalty on Vaxes (which are slow already).
+ */
+void
+DESauth_des(data, subkeys)
+	u_long *data;
+	u_char *subkeys;
+{
+	register u_long left, right;
+	register u_long temp;
+	register u_char *kp;
+	register int i;
+
+	/*
+	 * Do the initial permutation.  The first operation gets
+	 * all the bits which are used to form the left half of the
+	 * permutted result in one word, which is then used to
+	 * index the appropriate table a byte at a time.
+	 */
+	temp = ((*data & 0x55555555) << 1) | (*(data+1) & 0x55555555);
+#ifdef XNTP_LITTLE_ENDIAN
+	/*
+	 * Modify the computation to use the opposite set of bytes.
+	 */
+	left = (IP[(temp >> 24) & 0xff] << 3)
+	     | (IP[(temp >> 16) & 0xff] << 2)
+	     | (IP[(temp >>  8) & 0xff] << 1)
+	     | IP[temp & 0xff];
+#else
+	left = IP[(temp >> 24) & 0xff]
+	     | (IP[(temp >> 16) & 0xff] << 1)
+	     | (IP[(temp >>  8) & 0xff] << 2)
+	     | (IP[temp & 0xff] << 3);
+#endif
+
+	/*
+	 * Same thing again except for the right half.
+	 */
+	temp = (*data & 0xaaaaaaaa) | ((*(data+1) & 0xaaaaaaaa) >> 1);
+#ifdef XNTP_LITTLE_ENDIAN
+	right = (IP[(temp >> 24) & 0xff] << 3)
+	      | (IP[(temp >> 16) & 0xff] << 2)
+	      | (IP[(temp >>  8) & 0xff] << 1)
+	      | IP[temp & 0xff];
+#else
+	right = IP[(temp >> 24) & 0xff]
+	      | (IP[(temp >> 16) & 0xff] << 1)
+	      | (IP[(temp >>  8) & 0xff] << 2)
+	      | (IP[temp & 0xff] << 3);
+#endif
+
+	/*
+	 * Do the 16 rounds through the cipher function.  We actually
+	 * do two at a time, one on the left half and one on the right
+	 * half.
+	 */
+	kp = subkeys;
+	for (i = 0; i < 8; i++) {
+		/*
+		 * The E expansion is easy to compute algorithmically.
+		 * Take a look at its form and compare it to
+		 * everything involving temp below.  Note that
+		 * since SP[0-7] don't have any bits in common set
+		 * it is okay to do the successive xor's.
+		 */
+		temp = (right >> 1) | ((right & 1) ? 0x80000000 : 0);
+		left ^= SP[0][((temp >> 26) & 0x3f) ^ *kp++];
+		left ^= SP[1][((temp >> 22) & 0x3f) ^ *kp++];
+		left ^= SP[2][((temp >> 18) & 0x3f) ^ *kp++];
+		left ^= SP[3][((temp >> 14) & 0x3f) ^ *kp++];
+		left ^= SP[4][((temp >> 10) & 0x3f) ^ *kp++];
+		left ^= SP[5][((temp >>  6) & 0x3f) ^ *kp++];
+		left ^= SP[6][((temp >>  2) & 0x3f) ^ *kp++];
+		left ^= SP[7][(((right << 1) | ((right & 0x80000000)?1:0))
+				& 0x3f) ^ *kp++];
+
+		/*
+		 * Careful here.  Right now `right' is actually the
+		 * left side and `left' is the right side.  Do the
+		 * same thing again, except swap `left' and `right'
+		 */
+		temp = (left >> 1) | ((left & 1) ? 0x80000000 : 0);
+		right ^= SP[0][((temp >> 26) & 0x3f) ^ *kp++];
+		right ^= SP[1][((temp >> 22) & 0x3f) ^ *kp++];
+		right ^= SP[2][((temp >> 18) & 0x3f) ^ *kp++];
+		right ^= SP[3][((temp >> 14) & 0x3f) ^ *kp++];
+		right ^= SP[4][((temp >> 10) & 0x3f) ^ *kp++];
+		right ^= SP[5][((temp >>  6) & 0x3f) ^ *kp++];
+		right ^= SP[6][((temp >>  2) & 0x3f) ^ *kp++];
+		right ^= SP[7][(((left << 1) | ((left & 0x80000000)?1:0))
+				& 0x3f) ^ *kp++];
+
+		/*
+		 * By the time we get here, all is straightened out
+		 * again.  `left' is left and `right' is right.
+		 */
+	}
+
+	/*
+	 * Now the final permutation.  Note this is like the IP above
+	 * except that the data is computed from
+	 *
+ 	 * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f)  for left result
+ 	 * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4)  for right result
+	 *
+	 * Just to confuse things more, we're supposed to swap the right
+	 * and the left halves before doing this.  Instead, we'll just
+	 * switch which goes where when computing the temporary.
+	 *
+	 * This operation also byte swaps stuff back into big end byte
+	 * order.  This is accomplished by modifying the FP table for
+	 * little end machines, however, so we don't have to worry about
+	 * it here.
+	 */
+	temp = ((right & 0x0f0f0f0f) << 4) | (left & 0x0f0f0f0f);
+	*data = (FP[(temp >> 24) & 0xff] << 6)
+	      | (FP[(temp >> 16) & 0xff] << 4)
+	      | (FP[(temp >>  8) & 0xff] << 2)
+	      |  FP[temp & 0xff];
+
+	temp = (right & 0xf0f0f0f0) | ((left & 0xf0f0f0f0) >> 4);
+	*(data+1) = (FP[(temp >> 24) & 0xff] << 6)
+		  | (FP[(temp >> 16) & 0xff] << 4)
+		  | (FP[(temp >>  8) & 0xff] << 2)
+		  |  FP[temp & 0xff];
+};