CMSCOPE changed

1 files changed, 487 insertions, 0 deletions

diff --git a/usr/man/man3/des.3 b/usr/man/man3/des.3
new file mode 100755
index 000000000..243aa8e94
--- /dev/null
+++ b/usr/man/man3/des.3
@@ -0,0 +1,487 @@
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "des 3"
+.TH des 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
+DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
+DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
+DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
+DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
+DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
+DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write \- DES encryption
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/des.h>
+\&
+\& void DES_random_key(DES_cblock *ret);
+\&
+\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+\& int DES_set_key_checked(const_DES_cblock *key,
+\&        DES_key_schedule *schedule);
+\& void DES_set_key_unchecked(const_DES_cblock *key,
+\&        DES_key_schedule *schedule);
+\&
+\& void DES_set_odd_parity(DES_cblock *key);
+\& int DES_is_weak_key(const_DES_cblock *key);
+\&
+\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, 
+\&        DES_key_schedule *ks, int enc);
+\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, 
+\&        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, 
+\&        DES_key_schedule *ks1, DES_key_schedule *ks2, 
+\&        DES_key_schedule *ks3, int enc);
+\&
+\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
+\&        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+\&        int enc);
+\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+\&        int numbits, long length, DES_key_schedule *schedule,
+\&        DES_cblock *ivec, int enc);
+\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+\&        int numbits, long length, DES_key_schedule *schedule,
+\&        DES_cblock *ivec);
+\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
+\&        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+\&        int enc);
+\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\&        int *num, int enc);
+\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+\&        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+\&        int *num);
+\&
+\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
+\&        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+\&        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+\&
+\& void DES_ede2_cbc_encrypt(const unsigned char *input,
+\&        unsigned char *output, long length, DES_key_schedule *ks1,
+\&        DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+\& void DES_ede2_cfb64_encrypt(const unsigned char *in,
+\&        unsigned char *out, long length, DES_key_schedule *ks1,
+\&        DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
+\& void DES_ede2_ofb64_encrypt(const unsigned char *in,
+\&        unsigned char *out, long length, DES_key_schedule *ks1,
+\&        DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+\&
+\& void DES_ede3_cbc_encrypt(const unsigned char *input,
+\&        unsigned char *output, long length, DES_key_schedule *ks1,
+\&        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
+\&        int enc);
+\& void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
+\&        long length, DES_key_schedule *ks1, DES_key_schedule *ks2, 
+\&        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, 
+\&        int enc);
+\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
+\&        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+\&        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+\&        long length, DES_key_schedule *ks1, 
+\&        DES_key_schedule *ks2, DES_key_schedule *ks3, 
+\&        DES_cblock *ivec, int *num);
+\&
+\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, 
+\&        long length, DES_key_schedule *schedule, 
+\&        const_DES_cblock *ivec);
+\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], 
+\&        long length, int out_count, DES_cblock *seed);
+\& void DES_string_to_key(const char *str, DES_cblock *key);
+\& void DES_string_to_2keys(const char *str, DES_cblock *key1,
+\&        DES_cblock *key2);
+\&
+\& char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+\& char *DES_crypt(const char *buf, const char *salt);
+\&
+\& int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+\&        DES_cblock *iv);
+\& int DES_enc_write(int fd, const void *buf, int len,
+\&        DES_key_schedule *sched, DES_cblock *iv);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+This library contains a fast implementation of the \s-1DES\s0 encryption
+algorithm.
+.PP
+There are two phases to the use of \s-1DES\s0 encryption.  The first is the
+generation of a \fIDES_key_schedule\fR from a key, the second is the
+actual encryption.  A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is
+consists of 8 bytes with odd parity.  The least significant bit in
+each byte is the parity bit.  The key schedule is an expanded form of
+the key; it is used to speed the encryption process.
+.PP
+\&\fIDES_random_key()\fR generates a random key.  The \s-1PRNG\s0 must be seeded
+prior to using this function (see \fIrand\fR\|(3)).  If the \s-1PRNG\s0
+could not generate a secure key, 0 is returned.
+.PP
+Before a \s-1DES\s0 key can be used, it must be converted into the
+architecture dependent \fIDES_key_schedule\fR via the
+\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function.
+.PP
+\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity
+and is not a week or semi-weak key.  If the parity is wrong, then \-1
+is returned.  If the key is a weak key, then \-2 is returned.  If an
+error is returned, the key schedule is not generated.
+.PP
+\&\fIDES_set_key()\fR works like
+\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero,
+otherwise like \fIDES_set_key_unchecked()\fR.  These functions are available
+for compatibility; it is recommended to use a function that does not
+depend on a global variable.
+.PP
+\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd.
+.PP
+\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it
+is ok.  The probability that a randomly generated key is weak is
+1/2^52, so it is not really worth checking for them.
+.PP
+The following routines mostly operate on an input and output stream of
+\&\fIDES_cblock\fRs.
+.PP
+\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or
+decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR
+(\s-1ECB\s0) mode.  It always transforms the input data, pointed to by
+\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument.
+If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR
+(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the
+key_schedule specified by the \fIschedule\fR argument, previously set via
+\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now
+ciphertext) is decrypted into the \fIoutput\fR (now cleartext).  Input
+and output may overlap.  \fIDES_ecb_encrypt()\fR does not return a value.
+.PP
+\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using
+three-key Triple-DES encryption in \s-1ECB\s0 mode.  This involves encrypting
+the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and
+then encrypting with \fIks3\fR.  This routine greatly reduces the chances
+of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR,
+\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption
+using \s-1ECB\s0 mode and \fIks1\fR as the key.
+.PP
+The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
+encryption by using \fIks1\fR for the final encryption.
+.PP
+\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
+(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the
+routine cipher-block-chain encrypts the cleartext data pointed to by
+the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
+argument, using the key schedule provided by the \fIschedule\fR argument,
+and initialization vector provided by the \fIivec\fR argument.  If the
+\&\fIlength\fR argument is not an integral multiple of eight bytes, the
+last block is copied to a temporary area and zero filled.  The output
+is always an integral multiple of eight bytes.
+.PP
+\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and
+\&\fIoutw\fR to 'whiten' the encryption.  \fIinw\fR and \fIoutw\fR are secret
+(unlike the iv) and are as such, part of the key.  So the key is sort
+of 24 bytes.  This is much better than \s-1CBC DES.\s0
+.PP
+\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with
+three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
+really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR.  This mode is used by \s-1SSL.\s0
+.PP
+The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
+reusing \fIks1\fR for the final encryption.  \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
+This form of Triple-DES is used by the \s-1RSAREF\s0 library.
+.PP
+\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block
+chaining mode used by Kerberos v4. Its parameters are the same as
+\&\fIDES_ncbc_encrypt()\fR.
+.PP
+\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode.  This
+method takes an array of characters as input and outputs and array of
+characters.  It does not require any padding to 8 character groups.
+Note: the \fIivec\fR variable is changed and the new changed value needs to
+be passed to the next call to this function.  Since this function runs
+a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
+suggested for use when sending small numbers of characters.
+.PP
+\&\fIDES_cfb64_encrypt()\fR
+implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback.  Why is this
+useful you ask?  Because this routine will allow you to encrypt an
+arbitrary number of bytes, no 8 byte padding.  Each call to this
+routine will encrypt the input bytes to output and then update ivec
+and num.  num contains 'how far' we are though ivec.  If this does
+not make much sense, read more about cfb mode of \s-1DES :\-\s0).
+.PP
+\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
+\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
+.PP
+\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode.  This method
+takes an array of characters as input and outputs and array of
+characters.  It does not require any padding to 8 character groups.
+Note: the \fIivec\fR variable is changed and the new changed value needs to
+be passed to the next call to this function.  Since this function runs
+a complete \s-1DES ECB\s0 encryption per numbits, this function is only
+suggested for use when sending small numbers of characters.
+.PP
+\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
+Feed Back mode.
+.PP
+\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as
+\&\fIDES_ofb64_encrypt()\fR, using Triple-DES.
+.PP
+The following functions are included in the \s-1DES\s0 library for
+compatibility with the \s-1MIT\s0 Kerberos library.
+.PP
+\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream
+(via \s-1CBC\s0 encryption).  The last 4 bytes of the checksum are returned
+and the complete 8 bytes are placed in \fIoutput\fR. This function is
+used by Kerberos v4.  Other applications should use
+\&\fIEVP_DigestInit\fR\|(3) etc. instead.
+.PP
+\&\fIDES_quad_cksum()\fR is a Kerberos v4 function.  It returns a 4 byte
+checksum from the input bytes.  The algorithm can be iterated over the
+input, depending on \fIout_count\fR, 1, 2, 3 or 4 times.  If \fIoutput\fR is
+non-NULL, the 8 bytes generated by each pass are written into
+\&\fIoutput\fR.
+.PP
+The following are DES-based transformations:
+.PP
+\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function.  This
+version takes only a small amount of space relative to other fast
+\&\fIcrypt()\fR implementations.  This is different to the normal crypt in
+that the third parameter is the buffer that the return value is
+written into.  It needs to be at least 14 bytes long.  This function
+is thread safe, unlike the normal crypt.
+.PP
+\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR.
+This function calls \fIDES_fcrypt()\fR with a static array passed as the
+third parameter.  This emulates the normal non-thread safe semantics
+of \fIcrypt\fR\|(3).
+.PP
+\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from
+buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default)
+using \fIsched\fR for the key and \fIiv\fR as a starting vector.  The actual
+data send down \fIfd\fR consists of 4 bytes (in network byte order)
+containing the length of the following encrypted data.  The encrypted
+data then follows, padded with random data out to a multiple of 8
+bytes.
+.PP
+\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor
+\&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to
+have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for
+the key schedule and \fIiv\fR for the initial vector.
+.PP
+\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR
+has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0
+bytes, \fIDES_enc_write()\fR will split the data into several chunks that
+are all encrypted using the same \s-1IV. \s0 So don't use these functions
+unless you are sure you know what you do (in which case you might not
+want to use them anyway).  They cannot handle non-blocking sockets.
+\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on
+multiple files.
+.PP
+\&\fIDES_rw_mode\fR is used to specify the encryption mode to use with
+\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR.  If set to \fI\s-1DES_PCBC_MODE\s0\fR (the
+default), DES_pcbc_encrypt is used.  If set to \fI\s-1DES_CBC_MODE\s0\fR
+DES_cbc_encrypt is used.
+.SH "NOTES"
+.IX Header "NOTES"
+Single-key \s-1DES\s0 is insecure due to its short key size.  \s-1ECB\s0 mode is
+not suitable for most applications; see \fIdes_modes\fR\|(7).
+.PP
+The \fIevp\fR\|(3) library provides higher-level encryption functions.
+.SH "BUGS"
+.IX Header "BUGS"
+\&\fIDES_3cbc_encrypt()\fR is flawed and must not be used in applications.
+.PP
+\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR
+instead.
+.PP
+\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits.
+What this means is that if you set numbits to 12, and length to 2, the
+first 12 bits will come from the 1st input byte and the low half of
+the second input byte.  The second 12 bits will have the low 8 bits
+taken from the 3rd input byte and the top 4 bits taken from the 4th
+input byte.  The same holds for output.  This function has been
+implemented this way because most people will be using a multiple of 8
+and because once you get into pulling bytes input bytes apart things
+get ugly!
+.PP
+\&\fIDES_string_to_key()\fR is available for backward compatibility with the
+\&\s-1MIT\s0 library.  New applications should use a cryptographic hash function.
+The same applies for \fIDES_string_to_2key()\fR.
+.SH "CONFORMING TO"
+.IX Header "CONFORMING TO"
+\&\s-1ANSI X3.106\s0
+.PP
+The \fBdes\fR library was written to be source code compatible with
+the \s-1MIT\s0 Kerberos library.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIcrypt\fR\|(3), \fIdes_modes\fR\|(7), \fIevp\fR\|(3), \fIrand\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid
+clashes with older versions of libdes.  Compatibility des_ functions
+are provided for a short while, as well as \fIcrypt()\fR.
+Declarations for these are in <openssl/des_old.h>. There is no \s-1DES_\s0
+variant for \fIdes_random_seed()\fR.
+This will happen to other functions
+as well if they are deemed redundant (\fIdes_random_seed()\fR just calls
+\&\fIRAND_seed()\fR and is present for backward compatibility only), buggy or
+already scheduled for removal.
+.PP
+\&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR,
+\&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR,
+\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR and \fIdes_string_to_key()\fR
+are available in the \s-1MIT\s0 Kerberos library;
+\&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR
+are available in newer versions of that library.
+.PP
+\&\fIdes_set_key_checked()\fR and \fIdes_set_key_unchecked()\fR were added in
+OpenSSL 0.9.5.
+.PP
+\&\fIdes_generate_random_block()\fR, \fIdes_init_random_number_generator()\fR,
+\&\fIdes_new_random_key()\fR, \fIdes_set_random_generator_seed()\fR and
+\&\fIdes_set_sequence_number()\fR and \fIdes_rand_data()\fR are used in newer
+versions of Kerberos but are not implemented here.
+.PP
+\&\fIdes_random_key()\fR generated cryptographically weak random data in
+SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
+\&\s-1MIT\s0 library.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project
+(http://www.openssl.org).