pull up 3des implementation from the marc-3des branch

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970

25 files changed, 206 insertions, 1885 deletions

diff --git a/src/lib/crypto/des/.rconf b/src/lib/crypto/des/.rconf
deleted file mode 100644
index b88696486..000000000
--- a/src/lib/crypto/des/.rconf
+++ /dev/null
@@ -1,8 +0,0 @@
-ignore fp.c
-ignore ip.c
-ignore key_perm.h
-ignore odd.h
-ignore p.c
-ignore p_table.h
-ignore s_table.h
-ignore doc
diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog
index e236a9cb9..70c431aa5 100644
--- a/src/lib/crypto/des/ChangeLog
+++ b/src/lib/crypto/des/ChangeLog
@@ -1,3 +1,7 @@
+Sun Jul 19 12:00:00 1998  Marc Horowitz <marc@mit.edu>
+
+	* *.c: replace the crypto layer.
+
 Wed Feb 18 16:06:23 1998  Tom Yu  <tlyu@mit.edu>
 
 	* Makefile.in: Remove trailing slash from thisconfigdir.  Fix up
diff --git a/src/lib/crypto/des/FUNCTIONS b/src/lib/crypto/des/FUNCTIONS
deleted file mode 100644
index 7ed082e32..000000000
--- a/src/lib/crypto/des/FUNCTIONS
+++ /dev/null
@@ -1,26 +0,0 @@
-File		Function				Where?
-
-weak_key.c	mit_des_is_weak_key			crypto
-string2key.c	mit_des_string_to_key			?
-random_key.c	mit_des_random_key			?
-process_ky.c	mit_des_process_key			?
-new_rn_key.c	mit_des_new_random_key			?
-		mit_des_init_random_number_generator	?
-		mit_des_set_random_generator_seed	?
-		mit_des_set_sequence_number		?
-		mit_des_generate_random_block		?
-krb_glue.c	mit_des_encrypt_func			?
-		mit_des_decrypt_func			?
-key_sched.c	mit_des_key_sched			crypto
-key_parity.c	mit_des_fixup_key_parity		crypto
-		mit_des_check_key_parity		crypto
-init_rkey.c	mit_des_init_random_key			crypto
-finish_key.c	mit_des_finish_key			crypto
-fin_rndkey.c	mit_des_finish_random_key		crypto
-enc_dec.c	mit_des_cbc_encrypt			crypto
-des.c		mit_des_ecb_encrypt			crypto
-cs_entry.c	(var) mit_des_cryptosystem_entry	krb5
-		(var) krb5_des_cst_entry		krb5
-		(var) mit_des_cbc_cksumtable_entry	krb5
-cksum.c		mit_des_cbc_cksum			crypto
-cbc_cksum.c	mit_des_cbc_checksum			crypto
diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in
index 3f9311b96..fdef9e869 100644
--- a/src/lib/crypto/des/Makefile.in
+++ b/src/lib/crypto/des/Makefile.in
@@ -13,77 +13,41 @@ PROG_RPATH=$(KRB5_LIBDIR)
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 
 STLIBOBJS=\
-	afsstring2key.o \
-	cbc_cksum.o	\
-	finish_key.o	\
-	fin_rndkey.o	\
-	init_rkey.o	\
-	process_ky.o	\
-	random_key.o	\
-	string2key.o	\
-	key_sched.o	\
-	weak_key.o	\
+	afsstring2key.o	\
+	d3_cbc.o	\
+	d3_kysched.o	\
 	f_cbc.o 	\
-	f_cksum.o 	\
-	f_sched.o 	\
-	f_ecb.o 	\
+	f_cksum.o	\
 	f_parity.o 	\
+	f_sched.o 	\
 	f_tables.o	\
-	d3_cbc.o 	\
-	d3_ecb.o	\
-	d3_kysched.o	\
-	d3_procky.o 	\
-	d3_str2ky.o	\
-	u_nfold.o	\
-	u_rn_key.o
-
-OBJS=	afsstring2key.$(OBJEXT) \
-	cbc_cksum.$(OBJEXT)	\
-	finish_key.$(OBJEXT)	\
-	fin_rndkey.$(OBJEXT)	\
-	init_rkey.$(OBJEXT)	\
-	process_ky.$(OBJEXT)	\
-	random_key.$(OBJEXT)	\
-	string2key.$(OBJEXT)	\
-	key_sched.$(OBJEXT)	\
-	weak_key.$(OBJEXT)	\
+	key_sched.o	\
+	string2key.o	\
+	weak_key.o
+
+OBJS=	afsstring2key.$(OBJEXT)	\
+	d3_cbc.$(OBJEXT)	\
+	d3_kysched.$(OBJEXT)	\
 	f_cbc.$(OBJEXT) 	\
-	f_cksum.$(OBJEXT) 	\
-	f_sched.$(OBJEXT) 	\
-	f_ecb.$(OBJEXT) 	\
+	f_cksum.$(OBJEXT)	\
 	f_parity.$(OBJEXT) 	\
+	f_sched.$(OBJEXT) 	\
 	f_tables.$(OBJEXT)	\
-	d3_cbc.$(OBJEXT) 	\
-	d3_ecb.$(OBJEXT)	\
-	d3_kysched.$(OBJEXT)	\
-	d3_procky.$(OBJEXT) 	\
-	d3_str2ky.$(OBJEXT)	\
-	u_nfold.$(OBJEXT)	\
-	u_rn_key.$(OBJEXT)
-
-SRCS=	$(srcdir)/afsstring2key.c \
-	$(srcdir)/cbc_cksum.c	\
-	$(srcdir)/finish_key.c	\
-	$(srcdir)/fin_rndkey.c	\
-	$(srcdir)/init_rkey.c	\
-	$(srcdir)/process_ky.c	\
-	$(srcdir)/random_key.c	\
-	$(srcdir)/string2key.c	\
+	key_sched.$(OBJEXT)	\
+	string2key.$(OBJEXT)	\
+	weak_key.$(OBJEXT)
+
+SRCS=	$(srcdir)/afsstring2key.c	\
+	$(srcdir)/d3_cbc.c	\
+	$(srcdir)/d3_kysched.c	\
+	$(srcdir)/f_cbc.c	\
+	$(srcdir)/f_cksum.c	\
+	$(srcdir)/f_parity.c	\
+	$(srcdir)/f_sched.c	\
+	$(srcdir)/f_tables.c	\
 	$(srcdir)/key_sched.c	\
 	$(srcdir)/weak_key.c	\
-	$(srcdir)/f_cbc.c \
-	$(srcdir)/f_cksum.c \
-	$(srcdir)/f_sched.c \
-	$(srcdir)/f_ecb.c \
-	$(srcdir)/f_parity.c \
-	$(srcdir)/f_tables.c \
-	$(srcdir)/d3_cbc.c \
-	$(srcdir)/d3_ecb.c \
-	$(srcdir)/d3_kysched.c \
-	$(srcdir)/d3_procky.c \
-	$(srcdir)/d3_str2ky.c \
-	$(srcdir)/u_nfold.c \
-	$(srcdir)/u_rn_key.c
+	$(srcdir)/string2key.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
@@ -93,22 +57,18 @@ includes:: depend
 
 depend:: $(SRCS)
 
-# FIXME, this is left from the previous DES implementation.
-clean::
-	$(RM) fp.c ip.c key_perm.h odd.h p.c p_table.h s_table.h
-
-verify$(EXEEXT): t_verify.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o $@ t_verify.$(OBJEXT) process_ky.o  key_sched.o \
-	../cryptoconf.o ../des_crc.o $(KRB5_BASE_LIBS)
+TOBJS = key_sched.$(OBJEXT) f_sched.$(OBJEXT) f_cbc.$(OBJEXT) \
+	f_tables.$(OBJEXT) f_cksum.$(OBJEXT)
 
-destest$(EXEEXT): destest.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o $@ destest.$(OBJEXT) process_ky.o key_sched.o \
-	../cryptoconf.o ../des_crc.o $(KRB5_BASE_LIBS)
+verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \
+	$(COM_ERR_DEPLIB)
+	$(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \
+		-lcom_err
 
-t_random$(EXEEXT): t_random.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o $@ t_random.$(OBJEXT) $(KRB5_BASE_LIBS)
+destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS)
+	$(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS)
 
-check-unix:: destest verify
+check-unix:: verify destest
 	$(RUN_SETUP) ./verify -z
 	$(RUN_SETUP) ./verify -m
 	$(RUN_SETUP) ./verify
@@ -118,6 +78,6 @@ check-windows::
 
 clean:: 
 	$(RM) destest$(EXEEXT) verify$(EXEEXT) destest.$(OBJEXT) \
-	t_verify.$(OBJEXT) t_random.$(OBJEXT) t_random$(EXEEXT)
+	t_verify.$(OBJEXT)
 
 clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/des/afsstring2key.c b/src/lib/crypto/des/afsstring2key.c
index 36c42c482..7eac0807c 100644
--- a/src/lib/crypto/des/afsstring2key.c
+++ b/src/lib/crypto/des/afsstring2key.c
@@ -6,6 +6,32 @@
  * constructed by Mark Eichin, Cygnus Support, 1995.
  */
 
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
 #include "k5-int.h"
 #include "des_int.h"
 #include <ctype.h>
@@ -13,8 +39,7 @@
 static char *afs_crypt PROTOTYPE((char*,char*));
 
 krb5_error_code
-mit_afs_string_to_key (eblock, keyblock, data, salt)
-     const krb5_encrypt_block FAR * eblock;
+mit_afs_string_to_key (keyblock, data, salt)
      krb5_keyblock FAR * keyblock;
      const krb5_data FAR * data;
      const krb5_data FAR * salt;
@@ -29,7 +54,7 @@ mit_afs_string_to_key (eblock, keyblock, data, salt)
     register krb5_octet *key = keyblock->contents;
 
     if (data->length <= 8) {
-      char password[9];		/* trailing null for crypt() */
+      char password[9];		/* trailing nul for crypt() */
       strncpy(password, realm, 8);
       for (i=0; i<8; i++)
 	if (isupper(password[i]))
@@ -39,6 +64,7 @@ mit_afs_string_to_key (eblock, keyblock, data, salt)
       for (i=0; i<8; i++)
 	if (password[i] == '\0')
 	  password[i] = 'X';
+      password[8] = '\0';
       strncpy(key, (char *) afs_crypt(password, "#~") + 2, 8);
       for (i=0; i<8; i++)
 	key[i] <<= 1;
diff --git a/src/lib/crypto/des/cbc_cksum.c b/src/lib/crypto/des/cbc_cksum.c
deleted file mode 100644
index 29a38a0a5..000000000
--- a/src/lib/crypto/des/cbc_cksum.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * lib/crypto/des/cbc_cksum.c
- *
- * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
- * of Technology.
- * All Rights Reserved.
- *
- * Under U.S. law, this software may not be exported outside the US
- * without license from the U.S. Commerce department.
- *
- * These routines form the library interface to the DES facilities.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-/*
-	produces cbc cheksum of sequence "in" of the length "in_length" 
-	with the help of key "key" of size "key_size" (which should be 8);
-	fills out krb5_checksum structure.
-
-	caller is responsible for allocating & freeing "contents" element in 
-	krb5_checksum structure.
-
-	returns: errors
-*/
-
-static krb5_error_code mit_des_cbc_checksum
-    PROTOTYPE((krb5_const krb5_pointer,
-	       krb5_const size_t,
-	       krb5_const krb5_pointer,
-	       krb5_const size_t,
-	       krb5_checksum FAR * ));
-
-static krb5_error_code mit_des_cbc_verf_cksum
-    PROTOTYPE ((krb5_const krb5_checksum FAR *,
-		krb5_const krb5_pointer,
-		krb5_const size_t,
-		krb5_const krb5_pointer,
-                krb5_const size_t ));
-
-static krb5_error_code
-mit_des_cbc_checksum(in, in_length, key, key_size, cksum)
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer key;
-    krb5_const size_t key_size;
-    krb5_checksum FAR * cksum;
-{
-    struct mit_des_ks_struct       *schedule;      /* pointer to key schedules */
-
-    if (cksum->length < sizeof(mit_des_cblock))
-	return KRB5_BAD_MSIZE;
-    if (key_size != sizeof(mit_des_cblock))
-	return KRB5_BAD_KEYSIZE;
-
-    if (!(schedule = (struct mit_des_ks_struct *) malloc(sizeof(mit_des_key_schedule))))
-        return ENOMEM;
-
-#define cleanup() { memset((char *)schedule, 0, sizeof(mit_des_key_schedule));\
-		    free( (char *) schedule); }
-
-    switch (mit_des_key_sched ((krb5_octet *)key, schedule)) {
-    case -1:
-        cleanup();
-        return KRB5DES_BAD_KEYPAR;
-
-    case -2:
-        cleanup();
-        return KRB5DES_WEAK_KEY;
-
-    default:
-        ;
-    }
-
-    cksum->checksum_type = CKSUMTYPE_DESCBC;
-    cksum->length = sizeof(mit_des_cblock);
-    mit_des_cbc_cksum(in, cksum->contents, in_length, schedule, key);
-
-    cleanup();
-
-    return 0;
-}
-    
-static krb5_error_code
-mit_des_cbc_verf_cksum(cksum, in, in_length, key, key_size)
-    krb5_const krb5_checksum FAR * cksum;
-    krb5_const krb5_pointer in;
-    krb5_const size_t in_length;
-    krb5_const krb5_pointer key;
-    krb5_const size_t key_size;
-{
-    struct mit_des_ks_struct       *schedule;      /* pointer to key schedules */
-    mit_des_cblock	contents;
-    krb5_error_code	retval;
-
-    if (key_size != sizeof(mit_des_cblock))
-	return KRB5_BAD_KEYSIZE;
-
-    if (!(schedule = (struct mit_des_ks_struct *) malloc(sizeof(mit_des_key_schedule))))
-        return ENOMEM;
-
-#define cleanup() { memset((char *)schedule, 0, sizeof(mit_des_key_schedule));\
-		    free( (char *) schedule); }
-
-    switch (mit_des_key_sched ((krb5_octet *)key, schedule)) {
-    case -1:
-        cleanup();
-        return KRB5DES_BAD_KEYPAR;
-
-    case -2:
-        cleanup();
-        return KRB5DES_WEAK_KEY;
-
-    default:
-        ;
-    }
-
-    mit_des_cbc_cksum(in, contents, in_length, schedule, key);
-
-    retval = 0;
-    if (cksum->checksum_type == CKSUMTYPE_DESCBC) {
-	if (cksum->length == sizeof(mit_des_cblock)) {
-	    if (memcmp((char *) cksum->contents,
-		       (char *) contents,
-		       sizeof(mit_des_cblock)))
-		retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	}
-	else
-	    retval = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-    }
-    else
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
-    cleanup();
-
-    return retval;
-}
-
-krb5_checksum_entry krb5_des_cbc_cksumtable_entry = {
-    0,
-    mit_des_cbc_checksum,
-    mit_des_cbc_verf_cksum,
-    sizeof(mit_des_cblock),
-    1,					/* is collision proof */
-    1,					/* is keyed */
-};
diff --git a/src/lib/crypto/des/d3_ecb.c b/src/lib/crypto/des/d3_ecb.c
deleted file mode 100644
index 306f97dd6..000000000
--- a/src/lib/crypto/des/d3_ecb.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
- * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission.  Richard P. Basch,
- * Lehman Brothers and M.I.T. make no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- */
-
-#include "des_int.h"
-#include "f_tables.h"
-
-/*
- * Triple-DES ECB encryption mode.
- */
-
-int
-mit_des3_ecb_encrypt(in, out, sched1, sched2, sched3, encrypt)
-	const mit_des_cblock FAR *in;
-	mit_des_cblock FAR *out;
-	mit_des_key_schedule sched1, sched2, sched3;
-	int encrypt;
-{
-	if (encrypt) {
-		mit_des_ecb_encrypt(in, out, sched1, encrypt);
-		mit_des_ecb_encrypt(out, out, sched2, !encrypt);
-		mit_des_ecb_encrypt(out, out, sched3, encrypt);
-	} else {
-		mit_des_ecb_encrypt(in, out, sched3, encrypt);
-		mit_des_ecb_encrypt(out, out, sched2, !encrypt);
-		mit_des_ecb_encrypt(out, out, sched1, encrypt);
-	}
-	return 0;
-}
diff --git a/src/lib/crypto/des/d3_procky.c b/src/lib/crypto/des/d3_procky.c
deleted file mode 100644
index 9c969a823..000000000
--- a/src/lib/crypto/des/d3_procky.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
- * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission.  Richard P. Basch,
- * Lehman Brothers and M.I.T. make no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-krb5_error_code
-mit_des3_process_key (eblock, keyblock)
-    krb5_encrypt_block * eblock;
-    const krb5_keyblock * keyblock;
-{
-    struct mit_des_ks_struct       *schedule;      /* pointer to key schedules */
-
-    if ((keyblock->enctype != ENCTYPE_DES3_CBC_SHA) &&
-	(keyblock->enctype != ENCTYPE_DES3_CBC_RAW))
-	return KRB5_PROG_ETYPE_NOSUPP;
-
-    if (keyblock->length != sizeof (mit_des3_cblock))
-	return KRB5_BAD_KEYSIZE;
-
-    if ( !(schedule = (struct mit_des_ks_struct *) malloc(3*sizeof(mit_des_key_schedule))) )
-        return ENOMEM;
-#define cleanup() { free( (char *) schedule); }
-
-    switch (mit_des3_key_sched (*(mit_des3_cblock *)keyblock->contents,
-				*(mit_des3_key_schedule *)schedule)) {
-    case -1:
-	cleanup();
-	return KRB5DES_BAD_KEYPAR;
-
-    case -2:
-	cleanup();
-	return KRB5DES_WEAK_KEY;
-    }
-
-    eblock->key = (krb5_keyblock *) keyblock;
-    eblock->priv = (krb5_pointer) schedule;
-    eblock->priv_size = (krb5_int32) 3*sizeof(mit_des_key_schedule);
-
-    return 0;
-}
diff --git a/src/lib/crypto/des/d3_str2ky.c b/src/lib/crypto/des/d3_str2ky.c
deleted file mode 100644
index ed9f5183d..000000000
--- a/src/lib/crypto/des/d3_str2ky.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
- * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission.  Richard P. Basch,
- * Lehman Brothers and M.I.T. make no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-/*
- * Triple-DES string-to-key algorithm
- *
- * 168-fold the input string (appended with any salt), and treat the resulting
- * 168 bits as three DES keys sans parity.  Process each set of 56 bits into
- * a usable DES key with odd parity, and twice encrypt the set of three usable
- * DES keys using Triple-DES CBC mode.  The result is then treated as three
- * DES keys, and should be corrected for parity.  Any DES key that is weak or
- * semi-weak is to be corrected by eXclusive-ORing with 00000000000000F0.
- */
-
-static mit_des_cblock zero_ivec = { 0, 0, 0, 0, 0, 0, 0, 0 };
-
-krb5_error_code
-mit_des3_string_to_key (eblock, keyblock, data, salt)
-const krb5_encrypt_block FAR * eblock;
-krb5_keyblock FAR * keyblock;
-const krb5_data FAR * data;
-const krb5_data FAR * salt;
-{
-    char *copystr;
-    mit_des_cblock *key;
-    unsigned int j;
-
-    int length;
-    mit_des3_key_schedule ks;
-    krb5_enctype enctype = eblock->crypto_entry->proto_enctype;
-
-    if ((enctype == ENCTYPE_DES3_CBC_SHA) ||
-	(enctype == ENCTYPE_DES3_CBC_RAW))
-	keyblock->length = sizeof(mit_des3_cblock);
-    else
-	return (KRB5_PROG_ETYPE_NOSUPP);
-
-    if ( !(keyblock->contents = (krb5_octet *)malloc(keyblock->length)) )
-	return(ENOMEM);
-
-    keyblock->magic = KV5M_KEYBLOCK;
-    keyblock->enctype = enctype;
-    key = (mit_des_cblock *)keyblock->contents;
-
-    if (salt)
-	length = data->length + salt->length;
-    else
-	length = data->length;
-
-    if (length < keyblock->length)
-	length = keyblock->length;
-
-    copystr = malloc((size_t) length);
-    if (!copystr) {
-	free(keyblock->contents);
-	keyblock->contents = 0;
-	return ENOMEM;
-    }
-
-    memset(copystr, 0, length);
-    memcpy(copystr, (char *) data->data, data->length);
-    if (salt)
-	memcpy(copystr + data->length, (char *)salt->data, salt->length);
-
-    /* n-fold into des3 key sans parity */
-    if (mit_des_n_fold(copystr, length, keyblock->contents,
-		       keyblock->length * 7 / 8))
-	return EINVAL;
-
-    /* Add space for parity (low bit) */
-    for (j = keyblock->length; j--; ) {
-	register int k;
-
-	k = (8-(j%8)) & 7;
-	keyblock->contents[j] =
-	    ((keyblock->contents[j*7/8] << k) & 0xfe) +
-	    ((k>1) ? keyblock->contents[j*7/8 +1] >> (8-k) : 0);
-    }
-	
-    /* fix key parity */
-    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
-	mit_des_fixup_key_parity(key[j]);
-	if (mit_des_is_weak_key(key[j]))
-	    ((krb5_octet *)(key[j]))[7] ^= 0xf0;
-    }
-
-    /* Now, CBC encrypt with itself */
-    (void) mit_des3_key_sched(*((mit_des3_cblock *)key), ks);
-    (void) mit_des3_cbc_encrypt(key, key, keyblock->length,
-				((mit_des_key_schedule *)ks)[0],
-				((mit_des_key_schedule *)ks)[1],
-				((mit_des_key_schedule *)ks)[2],
-				zero_ivec, TRUE);
-    (void) mit_des3_cbc_encrypt(key, key, keyblock->length,
-				((mit_des_key_schedule *)ks)[0],
-				((mit_des_key_schedule *)ks)[1],
-				((mit_des_key_schedule *)ks)[2],
-				key[2], TRUE);
-
-    /* erase key_sked */
-    memset((char *)ks, 0, sizeof(ks));
-
-    /* clean & free the input string */
-    memset(copystr, 0, (size_t) length);
-    krb5_xfree(copystr);
-
-    /* now fix up key parity again */
-    for (j = 0; j < keyblock->length/sizeof(mit_des_cblock); j++) {
-	mit_des_fixup_key_parity(key[j]);
-	if (mit_des_is_weak_key(key[j]))
-	    ((krb5_octet *)(key[j]))[7] ^= 0xf0;
-    }
-
-    return 0;
-}
diff --git a/src/lib/crypto/des/des.h b/src/lib/crypto/des/des.h
deleted file mode 100644
index bd0a30b37..000000000
--- a/src/lib/crypto/des/des.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * include/des.h
- *
- * Copyright 1987, 1988 by the Massachusetts Institute of Technology.
- *
- * For copying and distribution information, please see the file
- * <mit-copyright.h>.
- *
- * Include file for the Data Encryption Standard library.
- */
-
-/* only do the whole thing once	 */
-#ifndef DES_DEFS
-#define DES_DEFS
-
-#include "k5-int.h"
-
-#ifndef DES_INT32
-#ifdef SIZEOF_INT
-#if SIZEOF_INT >= 4
-#define DES_INT32 int
-#else
-#define DES_INT32 long
-#endif
-#else /* !defined(SIZEOF_INT) */
-#include <limits.h>
-#if (UINT_MAX >= 0xffffffff)
-#define DES_INT32 int
-#else
-#define DES_INT32 long
-#endif
-#endif /* !defined(SIZEOF_INT) */
-#endif /* !defined(DES_INT32) */
-
-#ifndef DES_UINT32
-#define DES_UINT32 unsigned DES_INT32
-#endif
-
-#ifndef NCOMPAT
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define key_sched des_key_sched
-#define cbc_encrypt des_cbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define C_Block_print des_cblock_print
-#define quad_cksum des_quad_cksum
-typedef struct des_ks_struct bit_64;
-#endif
-
-#define des_cblock_print(x) des_cblock_print_file(x, stdout)
-
-#endif /* DES_DEFS */
diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h
index df8e9ca1e..0f8190861 100644
--- a/src/lib/crypto/des/des_int.h
+++ b/src/lib/crypto/des/des_int.h
@@ -24,6 +24,32 @@
  * Private include file for the Data Encryption Standard library.
  */
 
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
 /* only do the whole thing once	 */
 #ifndef DES_INTERNAL_DEFS
 #define DES_INTERNAL_DEFS
@@ -112,8 +138,7 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
 
 /* afsstring2key.c */
 extern krb5_error_code mit_afs_string_to_key
-	PROTOTYPE((const krb5_encrypt_block FAR *eblock,
-		   krb5_keyblock FAR *keyblock,
+	PROTOTYPE((krb5_keyblock FAR *keyblock,
 		   const krb5_data FAR *data,
 		   const krb5_data FAR *salt));
 
diff --git a/src/lib/crypto/des/destest.c b/src/lib/crypto/des/destest.c
index 1e077a423..bf442e869 100644
--- a/src/lib/crypto/des/destest.c
+++ b/src/lib/crypto/des/destest.c
@@ -25,20 +25,43 @@
  */
 
 
-#include "k5-int.h"
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
 #include "des_int.h"
 #include "com_err.h"
 
-extern int errno;
-extern mit_des_ecb_encrypt();
-
 #include <stdio.h>
 
-
 void convert PROTOTYPE((char *, unsigned char []));
 
 void des_cblock_print_file PROTOTYPE((mit_des_cblock, FILE *));
 
+char zeroblock[8] = {0,0,0,0,0,0,0,0};
+
 void
 main(argc, argv)
 int argc;
@@ -46,38 +69,23 @@ char *argv[];
 {
     char block1[17], block2[17], block3[17];
 
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock;
-    krb5_context context;
     mit_des_cblock key, input, output, output2;
-    krb5_error_code retval;
+    mit_des_key_schedule sched;
     int num = 0;
+    int retval;
 
     int error = 0;
-    /* This is a crock and we know it... We win because 
-       none of these tests rely on a valid context pointer */
-    context = 0;
-
-    /* do some initialisation */
-    initialize_krb5_error_table();
-
-    krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC);
-    keyblock.magic = KV5M_KEYBLOCK;
-    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-    keyblock.length = sizeof (mit_des_cblock);
-    keyblock.contents = (krb5_octet *)key;
 
     while (scanf("%16s %16s %16s", block1, block2, block3) == 3) {
 	convert(block1, key);
 	convert(block2, input);
 	convert(block3, output);
 
-        if (retval = krb5_process_key(context, &eblock,&keyblock)) {
-            com_err("des test", retval, "can't process key");
-            exit(-1);
+	if (retval = mit_des_key_sched(key, sched)) {
+            fprintf(stderr, "des test: can't process key");
+            exit(1);
         }
-	mit_des_ecb_encrypt(&input, &output2,
-			    (struct mit_des_ks_struct *)eblock.priv,1);
+	mit_des_cbc_encrypt(&input, &output2, 8, sched, zeroblock, 1);
 
 	if (memcmp((char *)output2, (char *)output, 8)) {
 	    fprintf(stderr, 
@@ -91,8 +99,7 @@ char *argv[];
 	/*
 	 * Now try decrypting....
 	 */
-	mit_des_ecb_encrypt(&output, &output2,
-			    (struct mit_des_ks_struct *)eblock.priv,0);
+	mit_des_cbc_encrypt(&output, &output2, 8, sched, zeroblock, 0);
 
 	if (memcmp((char *)output2, (char *)input, 8)) {
 	    fprintf(stderr, 
@@ -103,10 +110,6 @@ char *argv[];
 	    error++;
 	}
 
-        if (retval = krb5_finish_key(context, &eblock)) {
-            com_err("des verify", retval, "can't finish key");
-            exit(-1);
-        }
 	num++;
     }
 
@@ -157,7 +160,6 @@ unsigned char cblock[];
  * Fake out the DES library, for the purposes of testing.
  */
 
-#include "des.h"
 #include "des_int.h"
 
 int
diff --git a/src/lib/crypto/des/f_README b/src/lib/crypto/des/f_README
deleted file mode 100644
index 0d381e373..000000000
--- a/src/lib/crypto/des/f_README
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1990 Dennis Ferguson.  All rights reserved.
- *
- * Commercial use is permitted only if products which are derived from
- * or include this software are made available for purchase and/or use
- * in Canada.  Otherwise, redistribution and use in source and binary
- * forms are permitted.
- */
-
-Sorry about the poor quality of installation instructions.  Included
-here are replacements for the DES portions of Eric Young's kerberos
-DES library replacement.  To use this you will need his distribution.
-Untar the latter and:
-
-(1) Copy all .c and .h files into the distribution directory.  This will
-    overwrite some files and add others.
-
-(2) Apply the patch included here to set_key.c in the distribution directory.
-
-(3) Edit the Imakefile (or the Makefile) to include the following files
-    on the SRCS= line:
-
-	des_tables.c ecb_buffer.c make_sched.c
-
-    Add the following files to the OBJS= line:
-
-	des_tables.o ecb_buffer.o make_sched.o
-
-    Add the following file to the CODE= line:
-
-	des_tables.h
-
-Recompile and you're done.
-
-The salient differences between this DES and Eric Young's are as follows:
-
-(1) There are no dependencies on byte ordering, the ability to do
-    unaligned loads and stores, or any other machine dependencies
-    that I know of.  There are no #ifdef's.  The code could probably
-    be made faster by adding such things, but not enough to be worth
-    it.
-
-(2) Combined S and P tables are used for the inner loop of the cipher
-    routine and the E expansion is computed on the fly, like Eric
-    Young's code, but the computation is reordered from the standard
-    to save instructions.
-
-(3) The initial and final permutations are table driven, and take
-    about the same amount of work as a single round of the inner
-    loop (i.e. only about 12% of the work done for an ecb encryption
-    is spent in the IP and FP code).
-
-(4) Since NTP (for which this DES was originally implemented) uses
-    lots of keys to encrypt small things, the key permutation code
-    has been well worked over and is quite speedy (the amount of
-    work required to permute a key is on the order of that required
-    to do a single ECB encryption, more or less).
-
-(5) Since the code required to do an ECB encryption using the tables
-    is actually fairly compact, even with lots of inlining, it was
-    implemented as a macro and is expanded in situ where needed.
-
-On the one machine I ran a comparison on this code ran 80% faster than
-Eric's, compiled into a slightly smaller space, and did pass destest.
-I suspect this stuff is also faster, and not a lot larger, than the
-library MIT doesn't export with kerberos.  You mileage may vary.
-
-The silly copyright was a (probably ineffective) afterthought.  If it
-really inconveniences you give me a call.
diff --git a/src/lib/crypto/des/f_ecb.c b/src/lib/crypto/des/f_ecb.c
deleted file mode 100644
index a1d1dcb0c..000000000
--- a/src/lib/crypto/des/f_ecb.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 1990 Dennis Ferguson.  All rights reserved.
- *
- * Commercial use is permitted only if products which are derived from
- * or include this software are made available for purchase and/or use
- * in Canada.  Otherwise, redistribution and use in source and binary
- * forms are permitted.
- */
-
-/*
- * des_ecb_encrypt.c - do an encryption in ECB mode
- */
-#include "des_int.h"
-#include "f_tables.h"
-
-/*
- * des_ecb_encrypt - {en,de}crypt a block in ECB mode
- */
-int
-mit_des_ecb_encrypt(in, out, schedule, encrypt)
-	const mit_des_cblock *in;
-	mit_des_cblock *out;
-	mit_des_key_schedule schedule;
-	int encrypt;
-{
-	register unsigned DES_INT32 left, right;
-	register unsigned DES_INT32 temp;
-	register int i;
-
-	{
-		/*
-		 * Need a temporary for copying the data in
-		 */
-		register unsigned char *datap;
-
-		/*
-		 * Copy the input block into the registers
-		 */
-		datap = (unsigned char *)in;
-		GET_HALF_BLOCK(left, datap);
-		GET_HALF_BLOCK(right, datap);
-	}
-
-	/*
-	 * Do the initial permutation.
-	 */
-	DES_INITIAL_PERM(left, right, temp);
-
-	/*
-	 * Now the rounds.  Use different code depending on whether it
-	 * is an encryption or a decryption (gross, should keep both
-	 * sets of keys in the key schedule instead).
-	 */
-	if (encrypt) {
-		register unsigned DES_INT32 *kp;
-
-		kp = (unsigned DES_INT32 *)schedule;
-		for (i = 0; i < 8; i++) {
-			DES_SP_ENCRYPT_ROUND(left, right, temp, kp);
-			DES_SP_ENCRYPT_ROUND(right, left, temp, kp);
-		}
-	} else {
-		register unsigned DES_INT32 *kp;
-
-		/*
-		 * Point kp past end of schedule
-		 */
-		kp = ((unsigned DES_INT32 *)schedule) + (2 * 16);;
-		for (i = 0; i < 8; i++) {
-			DES_SP_DECRYPT_ROUND(left, right, temp, kp);
-			DES_SP_DECRYPT_ROUND(right, left, temp, kp);
-		}
-	}
-
-	/*
-	 * Do the final permutation
-	 */
-	DES_FINAL_PERM(left, right, temp);
-
-	/*
-	 * Finally, copy the result out a byte at a time
-	 */
-	{
-		register unsigned char *datap;
-
-		datap = (unsigned char *)out;
-		PUT_HALF_BLOCK(left, datap);
-		PUT_HALF_BLOCK(right, datap);
-	}
-
-	/*
-	 * return nothing
-	 */
-	return (0);
-}
diff --git a/src/lib/crypto/des/f_pcbc.c b/src/lib/crypto/des/f_pcbc.c
deleted file mode 100644
index cb445446b..000000000
--- a/src/lib/crypto/des/f_pcbc.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright (c) 1990 Dennis Ferguson.  All rights reserved.
- *
- * Commercial use is permitted only if products which are derived from
- * or include this software are made available for purchase and/or use
- * in Canada.  Otherwise, redistribution and use in source and binary
- * forms are permitted.
- */
-
-/*
- * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode
- */
-#include "des_int.h"
-#include "f_tables.h"
-
-/*
- * des_pcbc_encrypt - {en,de}crypt a stream in PCBC mode
- */
-int
-mit_des_pcbc_encrypt(in, out, length, schedule, ivec, encrypt)
-	mit_des_cblock *in;
-	mit_des_cblock *out;
-	long length;
-	mit_des_key_schedule schedule;
-	mit_des_cblock ivec;
-	int encrypt;
-{
-	register unsigned DES_INT32 left, right;
-	register unsigned DES_INT32 temp;
-	register unsigned DES_INT32 *kp;
-	register unsigned char *ip, *op;
-
-	/*
-	 * Copy the key pointer, just once
-	 */
-	kp = (unsigned DES_INT32 *)schedule;
-
-	/*
-	 * Deal with encryption and decryption separately.
-	 */
-	if (encrypt) {
-		register unsigned DES_INT32 plainl;
-		register unsigned DES_INT32 plainr;
-
-		/*
-		 * Initialize left and right with the contents of the initial
-		 * vector.
-		 */
-		ip = (unsigned char *)ivec;
-		GET_HALF_BLOCK(left, ip);
-		GET_HALF_BLOCK(right, ip);
-
-		/*
-		 * Suitably initialized, now work the length down 8 bytes
-		 * at a time.
-		 */
-		ip = (unsigned char *)in;
-		op = (unsigned char *)out;
-		while (length > 0) {
-			/*
-			 * Get block of input.  If the length is
-			 * greater than 8 this is straight
-			 * forward.  Otherwise we have to fart around.
-			 */
-			if (length > 8) {
-				GET_HALF_BLOCK(plainl, ip);
-				GET_HALF_BLOCK(plainr, ip);
-				left ^= plainl;
-				right ^= plainr;
-				length -= 8;
-			} else {
-				/*
-				 * Oh, shoot.  We need to pad the
-				 * end with zeroes.  Work backwards
-				 * to do this.  We know this is the
-				 * last block, though, so we don't have
-				 * to save the plain text.
-				 */
-				ip += (int) length;
-				switch(length) {
-				case 8:
-					right ^=  *(--ip) & FF_UINT32;
-				case 7:
-					right ^= (*(--ip) & FF_UINT32) <<  8;
-				case 6:
-					right ^= (*(--ip) & FF_UINT32) << 16;
-				case 5:
-					right ^= (*(--ip) & FF_UINT32) << 24;
-				case 4:
-					left  ^=  *(--ip) & FF_UINT32;
-				case 3:
-					left  ^= (*(--ip) & FF_UINT32) <<  8;
-				case 2:
-					left  ^= (*(--ip) & FF_UINT32) << 16;
-				case 1:
-					left  ^= (*(--ip) & FF_UINT32) << 24;
-					break;
-				}
-				length = 0;
-			}
-
-			/*
-			 * Encrypt what we have
-			 */
-			DES_DO_ENCRYPT(left, right, temp, kp);
-
-			/*
-			 * Copy the results out
-			 */
-			PUT_HALF_BLOCK(left, op);
-			PUT_HALF_BLOCK(right, op);
-
-			/*
-			 * Xor with the old plain text
-			 */
-			left ^= plainl;
-			right ^= plainr;
-		}
-	} else {
-		/*
-		 * Decrypting is harder than encrypting because of
-		 * the necessity of remembering a lot more things.
-		 * Should think about this a little more...
-		 */
-		unsigned DES_INT32 ocipherl, ocipherr;
-		unsigned DES_INT32 cipherl, cipherr;
-
-		if (length <= 0)
-			return 0;
-
-		/*
-		 * Prime the old cipher with ivec.
-		 */
-		ip = (unsigned char *)ivec;
-		GET_HALF_BLOCK(ocipherl, ip);
-		GET_HALF_BLOCK(ocipherr, ip);
-
-		/*
-		 * Now do this in earnest until we run out of length.
-		 */
-		ip = (unsigned char *)in;
-		op = (unsigned char *)out;
-		for (;;) {		/* check done inside loop */
-			/*
-			 * Read a block from the input into left and
-			 * right.  Save this cipher block for later.
-			 */
-			GET_HALF_BLOCK(left, ip);
-			GET_HALF_BLOCK(right, ip);
-			cipherl = left;
-			cipherr = right;
-
-			/*
-			 * Decrypt this.
-			 */
-			DES_DO_DECRYPT(left, right, temp, kp);
-
-			/*
-			 * Xor with the old cipher to get plain
-			 * text.  Output 8 or less bytes of this.
-			 */
-			left ^= ocipherl;
-			right ^= ocipherr;
-			if (length > 8) {
-				length -= 8;
-				PUT_HALF_BLOCK(left, op);
-				PUT_HALF_BLOCK(right, op);
-				/*
-				 * Save current cipher block here
-				 */
-				ocipherl = cipherl ^ left;
-				ocipherr = cipherr ^ right;
-			} else {
-				/*
-				 * Trouble here.  Start at end of output,
-				 * work backwards.
-				 */
-				op += (int) length;
-				switch(length) {
-				case 8:
-					*(--op) = (unsigned char) (right & 0xff);
-				case 7:
-					*(--op) = (unsigned char) ((right >> 8) & 0xff);
-				case 6:
-					*(--op) = (unsigned char) ((right >> 16) & 0xff);
-				case 5:
-					*(--op) = (unsigned char) ((right >> 24) & 0xff);
-				case 4:
-					*(--op) = (unsigned char) (left & 0xff);
-				case 3:
-					*(--op) = (unsigned char) ((left >> 8) & 0xff);
-				case 2:
-					*(--op) = (unsigned char) ((left >> 16) & 0xff);
-				case 1:
-					*(--op) = (unsigned char) ((left >> 24) & 0xff);
-					break;
-				}
-				break;		/* we're done */
-			}
-		}
-	}
-
-	/*
-	 * Done, return nothing.
-	 */
-	return 0;
-}
diff --git a/src/lib/crypto/des/fin_rndkey.c b/src/lib/crypto/des/fin_rndkey.c
deleted file mode 100644
index 7b8a2c385..000000000
--- a/src/lib/crypto/des/fin_rndkey.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * lib/crypto/des/fin_rndkey.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * Copyright 1996 by Lehman Brothers, Inc.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. or Lehman Brothers not be used in advertising or
- * publicity pertaining to distribution of the software without
- * specific, written prior permission.  M.I.T. and Lehman Brothers
- * make no representations about the suitability of this software for
- * any purpose.  It is provided "as is" without express or implied
- * warranty.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-/*
-        free any resources held by "seed" and assigned by init_random_key()
- */
-
-krb5_error_code mit_des_finish_random_key (eblock, p_state)
-    const krb5_encrypt_block * eblock;
-    krb5_pointer * p_state;
-{
-    mit_des_random_state * state = *p_state;
-
-    if (! state) return 0;
-
-    if (state->sequence.data) {
-	memset((char *)state->sequence.data, 0, state->sequence.length);
-	krb5_xfree(state->sequence.data);
-    }
-
-    mit_des_finish_key(&state->eblock);
-
-    krb5_xfree(state);
-    *p_state = 0;
-    return 0;
-}
diff --git a/src/lib/crypto/des/finish_key.c b/src/lib/crypto/des/finish_key.c
deleted file mode 100644
index e7e9e13ae..000000000
--- a/src/lib/crypto/des/finish_key.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * lib/crypto/des/finish_key.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-/*
-	does any necessary clean-up on the eblock (such as releasing
-	resources held by eblock->priv).
-
-	returns: errors
- */
-
-krb5_error_code
-mit_des_finish_key (eblock)
-    krb5_encrypt_block FAR * eblock;
-{
-    if (eblock->priv) {
-	memset((char *)eblock->priv, 0, (size_t) eblock->priv_size);
-	free(eblock->priv);
-    }
-    eblock->priv = 0;
-    eblock->priv_size = 0;
-    /* free/clear other stuff here? */
-    return 0;
-}
diff --git a/src/lib/crypto/des/init_rkey.c b/src/lib/crypto/des/init_rkey.c
deleted file mode 100644
index 5096647ec..000000000
--- a/src/lib/crypto/des/init_rkey.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * lib/crypto/des/init_rkey.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-/*
-        initialize the random key generator using the encryption key,
-        "seedblock", and allocating private sequence information, filling
-        in "seed" with the address of such information.
-        "seed" is later passed to the random_key() function to provide
-        sequence information.
- */
-
-#ifndef min
-#define min(a,b) (((a) > (b)) ? (b) : (a))
-#endif
-
-krb5_error_code
-mit_des_init_random_key (eblock, seedblock, state)
-    const krb5_encrypt_block * eblock;
-    const krb5_keyblock * seedblock;
-    krb5_pointer * state;
-{
-    mit_des_random_state * p_state = 0;
-    krb5_keyblock *new_key;
-    krb5_enctype enctype = eblock->crypto_entry->proto_enctype;
-    krb5_error_code kret = 0;
-    krb5_address **addrs = 0;
-    krb5_data seed;
-    krb5_int32 now;
-    krb5_int32 unow;
-    unsigned char *cp;
-
-    switch (enctype)
-    {
-    case ENCTYPE_DES_CBC_CRC:
-    case ENCTYPE_DES_CBC_MD4:
-    case ENCTYPE_DES_CBC_MD5:
-    case ENCTYPE_DES_CBC_RAW:
-	enctype = ENCTYPE_DES_CBC_RAW;
-	break;
-
-    case ENCTYPE_DES3_CBC_SHA:
-    case ENCTYPE_DES3_CBC_RAW:
-	enctype = ENCTYPE_DES3_CBC_RAW;
-	break;
-
-    default:
-	return KRB5_BAD_ENCTYPE;
-    }
-
-    p_state = (mit_des_random_state *) malloc(sizeof(mit_des_random_state));
-    *state = (krb5_pointer) p_state;
-
-    if (! p_state) {
-	kret = ENOMEM;
-	goto cleanup;
-    }
-
-    memset(p_state, 0, sizeof(*p_state));
-    p_state->eblock.crypto_entry = krb5_enctype_array[enctype]->system;
-    p_state->sequence.length = p_state->eblock.crypto_entry->keysize;
-    p_state->sequence.data = (krb5_pointer) malloc(p_state->sequence.length);
-
-    if (! p_state->sequence.data) {
-	kret = ENOMEM;
-	goto cleanup;
-    }
-
-    /*
-     * Generate a temporary value that is based on the
-     * input seed and the hostid (sequence number)
-     * such that it gives no useful information about the input.
-     *
-     * Then use the temporary value as the new seed and the current
-     * time as a sequence number to give us a stream that was not
-     * previously used.
-     *
-     * This result will be the seed for the random number stream
-     * (the sequence number will start at zero).
-     */
-
-    /* seed = input */
-    seed.data = seedblock->contents;
-    seed.length = seedblock->length;
-    kret = mit_des_set_random_generator_seed(&seed, p_state);
-    if (kret) goto cleanup;
-
-    /* sequence = hostid */
-    if (!krb5_crypto_os_localaddr(&addrs) && addrs && *addrs) {
-	memcpy((char *)p_state->sequence.data, (char *)addrs[0]->contents,
-	      min(p_state->sequence.length, addrs[0]->length));
-	/* XXX may not do all of the sequence number. */
-    }
-    if (addrs) {
-	/* can't use krb5_free_addresses due to circular dependencies in
-	   libraries */
-	register krb5_address **addr2;
-	for (addr2 = addrs; *addr2; addr2++) {
-	    krb5_xfree((*addr2)->contents);
-	    krb5_xfree(*addr2);
-	}
-	krb5_xfree(addrs);
-    }
-
-    /* tmp.seed = random(input,hostid) */
-    kret = mit_des_random_key(NULL, p_state, &new_key);
-    if (kret) goto cleanup;
-    seed.data = new_key->contents;
-    seed.length = new_key->length;
-    kret = mit_des_set_random_generator_seed(&seed, p_state);
-    (void) memset(new_key->contents, 0, new_key->length);
-    krb5_xfree(new_key->contents);
-    krb5_xfree(new_key);
-    if (kret) goto cleanup;
-
-    /* sequence = time */
-    (void) krb5_crypto_us_timeofday(&now, &unow);
-    cp = p_state->sequence.data;
-    *cp++ = (now >> 24) & 0xff;
-    *cp++ = (now >> 16) & 0xff;
-    *cp++ = (now >> 8) & 0xff;
-    *cp++ = now & 0xff;
-    *cp++ = (unow >> 24) & 0xff;
-    *cp++ = (unow >> 16) & 0xff;
-    *cp++ = (unow >> 8) & 0xff;
-    *cp++ = unow &0xff;
-
-    /* seed = random(tmp.seed, time) */
-    kret = mit_des_random_key(NULL, p_state, &new_key);
-    if (kret) goto cleanup;
-    seed.data = new_key->contents;
-    seed.length = new_key->length;
-    kret = mit_des_set_random_generator_seed(&seed, p_state);
-    (void) memset(new_key->contents, 0, new_key->length);
-    krb5_xfree(new_key->contents);
-    krb5_xfree(new_key);
-    if (kret) goto cleanup;
-    
-    return 0;
-
-cleanup:
-    if (kret)
-	mit_des_finish_random_key(eblock, state);
-    return kret;
-}
diff --git a/src/lib/crypto/des/process_ky.c b/src/lib/crypto/des/process_ky.c
deleted file mode 100644
index 64cef57ad..000000000
--- a/src/lib/crypto/des/process_ky.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * lib/crypto/des/process_ky.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-/*
-        does any necessary key preprocessing (such as computing key
-                schedules for DES).
-        eblock->crypto_entry must be set by the caller; the other elements
-        of eblock are to be assigned by this function.
-        [in particular, eblock->key must be set by this function if the key
-        is needed in raw form by the encryption routine]
-
-        The caller may not move or reallocate "keyblock" before calling
-        finish_key on "eblock"
-
-        returns: errors
- */
-
-krb5_error_code
-mit_des_process_key (eblock, keyblock)
-    krb5_encrypt_block * eblock;
-    const krb5_keyblock * keyblock;
-{
-    struct mit_des_ks_struct       *schedule;      /* pointer to key schedules */
-    
-    if (keyblock->length != sizeof (mit_des_cblock))
-	return KRB5_BAD_KEYSIZE;
-
-    if ( !(schedule = (struct mit_des_ks_struct *) malloc(sizeof(mit_des_key_schedule))) )
-        return ENOMEM;
-#define cleanup() { free( (char *) schedule); }
-
-    switch (mit_des_key_sched (keyblock->contents, schedule)) {
-    case -1:
-	cleanup();
-	return KRB5DES_BAD_KEYPAR;
-
-    case -2:
-	cleanup();
-	return KRB5DES_WEAK_KEY;
-
-    default:
-	eblock->key = (krb5_keyblock *) keyblock;
-	eblock->priv = (krb5_pointer) schedule;
-	eblock->priv_size = (krb5_int32) sizeof(mit_des_key_schedule);
-	return 0;
-    }
-}
diff --git a/src/lib/crypto/des/random_key.c b/src/lib/crypto/des/random_key.c
deleted file mode 100644
index 1dc4600b4..000000000
--- a/src/lib/crypto/des/random_key.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * lib/crypto/des/random_key.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * Copyright 1996 by Lehman Brothers, Inc.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. or Lehman Brothers not be used in advertising or
- * publicity pertaining to distribution of the software without
- * specific, written prior permission.  M.I.T. and Lehman Brothers
- * make no representations about the suitability of this software for
- * any purpose.  It is provided "as is" without express or implied
- * warranty.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-static void mit_des_generate_random_key
-	PROTOTYPE((mit_des_random_state * state, krb5_keyblock * randkey));
-
-
-/*
-        generate a random encryption key, allocating storage for it and
-        filling in the keyblock address in *keyblock
- */
-
-krb5_error_code
-mit_des_random_key (eblock, state, keyblock)
-    const krb5_encrypt_block * eblock;
-    krb5_pointer state;
-    krb5_keyblock ** keyblock;
-{
-    krb5_keyblock *randkey;
-    int keysize = ((mit_des_random_state *)state)->eblock.crypto_entry->keysize;
-
-    if (eblock == NULL)
-	/* We are being called from the random number initialization routine */
-	eblock = &((mit_des_random_state *)state)->eblock;
-
-    if (!(randkey = (krb5_keyblock *)malloc(sizeof(*randkey))))
-	return ENOMEM;
-    if (!(randkey->contents = (krb5_octet *)malloc(keysize))) {
-	krb5_xfree(randkey);
-	return ENOMEM;
-    }
-    randkey->magic = KV5M_KEYBLOCK;
-    randkey->length = keysize;
-    randkey->enctype = eblock->crypto_entry->proto_enctype;
-
-    do {
-	mit_des_generate_random_key(state, randkey);
-	mit_des_fixup_keyblock_parity(randkey);
-    } while (mit_des_is_weak_keyblock(randkey));
-
-    *keyblock = randkey;
-    return 0;
-}
-
-static mit_des_cblock zero_ivec = { 0, 0, 0, 0, 0, 0, 0, 0 };
-
-static void
-mit_des_generate_random_key(state, randkey)
-    mit_des_random_state * state;
-    krb5_keyblock * randkey;
-{
-    krb5_encrypt_block *eblock = &state->eblock;
-    int i;
-
-    (* state->eblock.crypto_entry->encrypt_func)
-	(state->sequence.data /*in*/, randkey->contents /*out*/,
-	 state->sequence.length, eblock, zero_ivec);
-    if (state->sequence.length > sizeof(mit_des_cblock))
-	(* state->eblock.crypto_entry->encrypt_func)
-	    (randkey->contents /*in*/, randkey->contents /*out*/,
-	     randkey->length, eblock,
-	     randkey->contents + randkey->length - sizeof(mit_des_cblock));
-
-    /* Increment the sequence number, with wraparound (LSB) */
-    for (i = 0; i < state->sequence.length; i++) {
-	state->sequence.data[i] = (state->sequence.data[i] + 1) & 0xff;
-	if (state->sequence.data[i])
-	    break;
-    }
-}
diff --git a/src/lib/crypto/des/string2key.c b/src/lib/crypto/des/string2key.c
index 8a2b1415b..79b7c9cbd 100644
--- a/src/lib/crypto/des/string2key.c
+++ b/src/lib/crypto/des/string2key.c
@@ -21,6 +21,32 @@
  * or implied warranty.
  */
 
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
 #include "k5-int.h"
 #include "des_int.h"
 
@@ -41,8 +67,7 @@
  */
 
 krb5_error_code
-mit_des_string_to_key (eblock, keyblock, data, salt)
-const krb5_encrypt_block FAR * eblock;
+mit_des_string_to_key_int (keyblock, data, salt)
 krb5_keyblock FAR * keyblock;
 const krb5_data FAR * data;
 const krb5_data FAR * salt;
@@ -59,28 +84,19 @@ const krb5_data FAR * salt;
     register char *p_char;
     char k_char[64];
     mit_des_key_schedule key_sked;
-    krb5_enctype enctype = eblock->crypto_entry->proto_enctype;
 
 #ifndef min
 #define min(A, B) ((A) < (B) ? (A): (B))
 #endif
 
-    if ((enctype != ENCTYPE_DES_CBC_CRC) && (enctype != ENCTYPE_DES_CBC_MD4) &&
-       (enctype != ENCTYPE_DES_CBC_MD5) && (enctype != ENCTYPE_DES_CBC_RAW)) 
-	return (KRB5_PROG_ETYPE_NOSUPP);
-
-    if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) )
-	return(ENOMEM);
-
     keyblock->magic = KV5M_KEYBLOCK;
     keyblock->length = sizeof(mit_des_cblock);
-    keyblock->enctype = eblock->crypto_entry->proto_enctype;
     key = keyblock->contents;
 
     if (salt) {
       if (salt->length == -1) {
 	/* cheat and do AFS string2key instead */
-	return mit_afs_string_to_key (eblock, keyblock, data, salt);
+	return mit_afs_string_to_key (keyblock, data, salt);
       } else 
 	length = data->length + salt->length;
       }
diff --git a/src/lib/crypto/des/t_random.c b/src/lib/crypto/des/t_random.c
deleted file mode 100644
index bc013bdab..000000000
--- a/src/lib/crypto/des/t_random.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * lib/crypto/des/t_random.c
- *
- * Copyright 1996 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * Test a DES implementation against known inputs & outputs
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-#include <stdio.h>
-#include "com_err.h"
-
-extern krb5_cryptosystem_entry mit_des_cryptosystem_entry;
-
-char *progname;
-int nflag = 2;
-int vflag;
-int mflag;
-int zflag;
-int pid;
-int mit_des_debug;
-
-krb5_data kdata;
-
-unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
-unsigned char zerokey[8] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
-
-void print_key(key)
-	krb5_keyblock *key;
-{
-	int 	i;
-
-	printf("key type: %d, length = %d, contents =", key->enctype,
-	       key->length);
-	for (i=0; i < key->length; i++) {
-		printf(" %02x", key->contents[i]);
-	}
-	printf("\n");
-}
-
-/*
- * Can also add :
- * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
- */
-
-void
-main(argc,argv)
-    int argc;
-    char *argv[];
-{
-    /* Local Declarations */
-    krb5_context context;
-    krb5_encrypt_block eblock;
-    krb5_keyblock keyblock, *randkey;
-    void *random_seed = 0;
-
-#ifdef WINDOWS
-    /* Set screen window buffer to infinite size -- MS default is tiny.  */
-    _wsetscreenbuf (fileno (stdout), _WINBUFINF);
-#endif
-
-    /* do some initialisation */
-    krb5_init_context(&context);
-
-    krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC);
-    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-    keyblock.length = sizeof(mit_des_cblock);
-
-    keyblock.contents = key2;
-
-    printf("init_random: ");
-    print_key(&keyblock);
-    krb5_init_random_key(context, &eblock, &keyblock, &random_seed);
-    krb5_random_key(context, &eblock, random_seed, &randkey);
-    print_key(randkey);
-    krb5_free_keyblock(context, randkey);
-    krb5_random_key(context, &eblock, random_seed, &randkey);
-    print_key(randkey);
-    krb5_free_keyblock(context, randkey);
-    krb5_finish_random_key(context, &eblock, &random_seed);
-
-    keyblock.contents = zerokey;
-
-    printf("\n\ninit_random: ");
-    print_key(&keyblock);
-
-    krb5_init_random_key(context, &eblock, &keyblock, &random_seed);
-    krb5_random_key(context, &eblock, random_seed, &randkey);
-    print_key(randkey);
-    krb5_free_keyblock(context, randkey);
-    krb5_random_key(context, &eblock, random_seed, &randkey);
-    print_key(randkey);
-    krb5_free_keyblock(context, randkey);
-    krb5_finish_random_key(context, &eblock, &random_seed);
-
-    krb5_free_context(context);
-}
-
diff --git a/src/lib/crypto/des/t_verify.c b/src/lib/crypto/des/t_verify.c
index 82a73e21f..e8a7dc0ee 100644
--- a/src/lib/crypto/des/t_verify.c
+++ b/src/lib/crypto/des/t_verify.c
@@ -28,13 +28,37 @@
  * 		-1 ==> error
  */
 
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
 #include "k5-int.h"
 #include "des_int.h"
 #include <stdio.h>
 #include "com_err.h"
 
-extern krb5_cryptosystem_entry mit_des_cryptosystem_entry;
-
 char *progname;
 int nflag = 2;
 int vflag;
@@ -43,10 +67,6 @@ int zflag;
 int pid;
 int mit_des_debug;
 
-krb5_encrypt_block eblock;
-krb5_keyblock keyblock;
-krb5_data kdata;
-
 unsigned char cipher_text[64];
 unsigned char clear_text[64] = "Now is the time for all " ;
 unsigned char clear_text2[64] = "7654321 Now is the time for ";
@@ -56,23 +76,6 @@ unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0};
 unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */
 unsigned char *input;
 
-unsigned char *nfold_in[] = {
-    "basch",
-    "eichin",
-    "sommerfeld",
-    "MASSACHVSETTS INSTITVTE OF TECHNOLOGY" };
-
-unsigned char nfold_192[4][24] = {
-    { 0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde, 0x2d,
-      0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31, 0x64, 0x3f },
-    { 0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b, 0x1b, 0x43,
-      0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0, 0xd2, 0xdc, 0xca },
-    { 0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4, 0xe7, 0x11,
-      0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5, 0xde, 0xf7, 0x5c },
-    { 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, 0x08,
-      0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b }
-};
-
 /* 0x0123456789abcdef */
 unsigned char default_key[8] = {
     0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
@@ -86,7 +89,6 @@ unsigned char default_ivec[8] = {
 unsigned char *ivec;
 unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */
 int i,j;
-krb5_error_code retval;
 
 unsigned char cipher1[8] = {
     0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67
@@ -117,14 +119,15 @@ unsigned char mresult[8] = {
  * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
  */
 
-void
+mit_des_key_schedule sched;
+
+int
 main(argc,argv)
     int argc;
     char *argv[];
 {
     /* Local Declarations */
-    krb5_context context;
-    int	 in_length;
+    int	 in_length, retval;
     void do_encrypt();
     void do_decrypt();
 
@@ -164,23 +167,13 @@ main(argc,argv)
     }
 
     /* do some initialisation */
-    initialize_krb5_error_table(); 
-    krb5_init_context(&context);
-
-    krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC);
-    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-    keyblock.length = sizeof(mit_des_cblock);
 
     /* use known input and key */
 
     /* ECB zero text zero key */
     if (zflag) {
 	input = zero_text;
-	keyblock.contents = (krb5_octet *)zero_key;
-	if (retval = krb5_process_key(context, &eblock,&keyblock)) {
-	    com_err("des verify", retval, "can't process zero key");
-	    exit(-1);
-	}
+	mit_des_key_sched(zero_key, sched);
 	printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
 	do_encrypt(input,cipher_text);
 	printf("\tcipher  = (low to high bytes)\n\t\t");
@@ -188,26 +181,17 @@ main(argc,argv)
 	    printf("%02x ",cipher_text[j]);
 	printf("\n");
 	do_decrypt(output,cipher_text);
-	if (retval = krb5_finish_key(context, &eblock)) {
-	    com_err("des verify", retval, "can't finish zero key");
-	    exit(-1);
-	}
 	if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
 	    printf("verify: error in zero key test\n");
 	    exit(-1);
 	}
 
-	krb5_free_context(context);
 	exit(0);
     }
 
     if (mflag) {
 	input = msb_text;
-	keyblock.contents = (krb5_octet *)key3;
-	if (retval = krb5_process_key(context, &eblock,&keyblock)) {
-	    com_err("des verify", retval, "can't process key3");
-	    exit(-1);
-	}
+	mit_des_key_sched(key3, sched);
 	printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
 	printf("key = 0x80 01 01 01 01 01 01 01\n");
 	printf("	cipher = 0xa380e02a6be54696\n");
@@ -218,26 +202,17 @@ main(argc,argv)
 	}
 	printf("\n");
 	do_decrypt(output,cipher_text);
-	if (retval = krb5_finish_key(context, &eblock)) {
-	    com_err("des verify", retval, "can't finish key3");
-	    exit(-1);
-	}
 	if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
 	    printf("verify: error in msb test\n");
 	    exit(-1);
 	}
-	krb5_free_context(context);
 	exit(0);
     }
 
     /* ECB mode Davies and Price */
     {
 	input = zero_text;
-	keyblock.contents = (krb5_octet *)key2;
-	if (retval = krb5_process_key(context, &eblock,&keyblock)) {
-	    com_err("des verify", retval, "can't process key2");
-	    exit(-1);
-	}
+	mit_des_key_sched(key2, sched);
 	printf("Examples per FIPS publication 81, keys ivs and cipher\n");
 	printf("in hex.  These are the correct answers, see below for\n");
 	printf("the actual answers.\n\n");
@@ -253,10 +228,6 @@ main(argc,argv)
 	    printf("%02x ",cipher_text[j]);
 	printf("\n\n");
 	do_decrypt(output,cipher_text);
-	if (retval = krb5_finish_key(context, &eblock)) {
-	    com_err("des verify", retval, "can't finish key2");
-	    exit(-1);
-	}
 	if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
 	    printf("verify: error in ECB encryption\n");
 	    exit(-1);
@@ -267,11 +238,7 @@ main(argc,argv)
 
     /* ECB mode */
     {
-	keyblock.contents = (krb5_octet *)default_key;
-	if (retval = krb5_process_key(context, &eblock,&keyblock)) {
-	    com_err("des verify", retval, "can't process key2");
-	    exit(-1);
-	}
+	mit_des_key_sched(default_key, sched);
 	input = clear_text;
 	ivec = default_ivec;
 	printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
@@ -306,14 +273,14 @@ main(argc,argv)
     if (retval = mit_des_cbc_encrypt((mit_des_cblock *) input,
 				     (mit_des_cblock *) cipher_text,
 				     (size_t) in_length, 
-				     (struct mit_des_ks_struct *)eblock.priv,
+				     sched,
 				     ivec,
 				     MIT_DES_ENCRYPT)) {
 	com_err("des verify", retval, "can't encrypt");
 	exit(-1);
     }
     printf("\tciphertext = (low to high bytes)\n");
-    for (i = 0; i <= 7; i++) {
+    for (i = 0; i <= 2; i++) {
 	printf("\t\t");
 	for (j = 0; j <= 7; j++) {
 	    printf("%02x ",cipher_text[i*8+j]);
@@ -323,7 +290,7 @@ main(argc,argv)
     if (retval = mit_des_cbc_encrypt((mit_des_cblock *) cipher_text,
 				     (mit_des_cblock *) clear_text,
 				     (size_t) in_length, 
-				     eblock.priv,
+				     sched,
 				     ivec,
 				     MIT_DES_DECRYPT)) {
 	com_err("des verify", retval, "can't decrypt");
@@ -345,16 +312,12 @@ main(argc,argv)
     printf("or some part thereof\n");
     input = clear_text2;
     mit_des_cbc_cksum(input,cipher_text,(long) strlen((char *)input),
-		      eblock.priv,ivec);
+		      sched,ivec);
     printf("ACTUAL CBC checksum\n");
     printf("\t\tencrypted cksum = (low to high bytes)\n\t\t");
     for (j = 0; j<=7; j++)
 	printf("%02x ",cipher_text[j]);
     printf("\n\n");
-    if (retval = krb5_finish_key(context, &eblock)) {
-	com_err("des verify", retval, "can't finish key2");
-	exit(-1);
-    }
     if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) {
 	printf("verify: error in CBC cheksum\n");
 	exit(-1);
@@ -362,25 +325,6 @@ main(argc,argv)
     else 
 	printf("verify: CBC checksum is correct\n\n");
 
-    printf("N-fold\n");
-    for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
-	kdata.data = nfold_in[i];
-	kdata.length = strlen(kdata.data);
-	printf("\tInput:\t\"%.*s\"\n", kdata.length, kdata.data);
-	printf("\t192-Fold:\t");
-	mit_des_n_fold(kdata.data, kdata.length, cipher_text, 24);
-	for (j=0; j<24; j++)
-	    printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
-	printf("\n");
-	if (memcmp(cipher_text, nfold_192[i], 24)) {
-	    printf("verify: error in n-fold\n");
-	    exit(-1);
-	};
-    }
-    printf("verify: N-fold is correct\n\n");
-
-    krb5_free_context(context);
-    
     exit(0);
 }
 
@@ -412,9 +356,11 @@ do_encrypt(in,out)
     char *out;
 {
     for (i =1; i<=nflag; i++) {
-	mit_des_ecb_encrypt((mit_des_cblock *)in,
+	mit_des_cbc_encrypt((mit_des_cblock *)in,
 			    (mit_des_cblock *)out,
-			    (struct mit_des_ks_struct *)eblock.priv,
+			    8,
+			    sched,
+			    zero_text,
 			    MIT_DES_ENCRYPT);
 	if (mit_des_debug) {
 	    printf("\nclear %s\n",in);
@@ -434,9 +380,11 @@ do_decrypt(in,out)
     /* try to invert it */
 {
     for (i =1; i<=nflag; i++) {
-	mit_des_ecb_encrypt((mit_des_cblock *)out,
+	mit_des_cbc_encrypt((mit_des_cblock *)out,
 			    (mit_des_cblock *)in,
-			    (struct mit_des_ks_struct *)eblock.priv,
+			    8,
+			    sched,
+			    zero_text,
 			    MIT_DES_DECRYPT);
 	if (mit_des_debug) {
 	    printf("clear %s\n",in);
@@ -453,8 +401,6 @@ do_decrypt(in,out)
  * Fake out the DES library, for the purposes of testing.
  */
 
-#include "des.h"
-
 int
 mit_des_is_weak_key(key)
     mit_des_cblock key;
diff --git a/src/lib/crypto/des/u_nfold.c b/src/lib/crypto/des/u_nfold.c
deleted file mode 100644
index 6da58cbef..000000000
--- a/src/lib/crypto/des/u_nfold.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
- * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission.  Richard P. Basch,
- * Lehman Brothers and M.I.T. make no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- *
- * N-folding algorithm
- *    Described in "A Better Key Schedule for DES-like Ciphers"
- *    by Uri Blumenthal and Steven M. Bellovin
- *    based on the work done by Lars Knudsen.
- *
- * To n-fold a number X, replicate the input value X to a length that is
- * the least common multiple of n and the length of X.  Before each
- * repetition, the input value is rotated to the right by 13 bit positions.
- * The successive n-bit chunks are added together using 1's complement
- * addition (addition with end-around carry) to yield a n-bit result.
- *
- * The algorithm here assumes that the input and output are padded to
- * octet boundaries (8-bit multiple).
- */
-
-#include "k5-int.h"
-
-#define ROTATE_VALUE 13
-
-krb5_error_code
-mit_des_n_fold(inbuf, inlen, outbuf, outlen)
-    krb5_octet *inbuf;
-    size_t inlen;
-    krb5_octet *outbuf;
-    size_t outlen;
-{
-    register int bytes;
-    register krb5_octet *tempbuf;
-    
-    if (inbuf == (krb5_octet *)NULL)
-	return EINVAL;
-    if (outbuf == (krb5_octet *)NULL)
-	return EINVAL;
-
-    tempbuf = (krb5_octet *)malloc(inlen);
-    if (tempbuf == (krb5_octet *)NULL)
-	return ENOMEM;
-
-    memset(outbuf, 0, outlen);
-    bytes = 0;
-
-#ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
-#endif
-
-    do {
-	unsigned int j, k;
-
-	/* Rotate input */
-	k = ((bytes/inlen) * ROTATE_VALUE) % (inlen*8);
-	for (j = (k+7)/8; j < inlen + (k+7)/8; j++)
-	    tempbuf[j % inlen] =
-		((inbuf[((8*j-k)/8)%inlen] << ((8-(k&7))&7)) +
-		 ((k&7) ? (inbuf[((8*j-k)/8 +1)%inlen] >> (k&7)) : 0))
-		& 0xff;
-
-	for (k=0, j=inlen; j--; ) {
-	    k += outbuf[(bytes+j) % outlen] + tempbuf[j];
-	    outbuf[(bytes+j) % outlen] = k & 0xff;
-	    k >>= 8;
-	}
-	j = bytes % outlen;
-	while (k) {
-	    if (j == 0)
-		j = outlen;
-	    j--;
-	    k += outbuf[j];
-	    outbuf[j] = k & 0xff;
-	    k >>= 8;
-	}
-	bytes += inlen;
-    } while (bytes % outlen);
-
-    free(tempbuf);
-    
-    return 0;
-}
diff --git a/src/lib/crypto/des/u_rn_key.c b/src/lib/crypto/des/u_rn_key.c
deleted file mode 100644
index 44d3c7383..000000000
--- a/src/lib/crypto/des/u_rn_key.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright 1996 by Richard P. Basch.  All Rights Reserved.
- * Copyright 1996 by Lehman Brothers, Inc.  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission.  Richard P. Basch,
- * Lehman Brothers and M.I.T. make no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- *
- * Based on the version written by Mark Lillibridge, MIT Project Athena.
- *
- * Under U.S. law, this software may not be exported outside the US
- * without license from the U.S. Commerce department.
- */
-
-#include "k5-int.h"
-#include "des_int.h"
-
-int
-mit_des_is_weak_keyblock(keyblock)
-    krb5_keyblock * keyblock;
-{
-    int i;
-    
-    for (i = 0; i < keyblock->length/sizeof(mit_des_cblock); i++)
-	if (mit_des_is_weak_key(*((mit_des_cblock *)keyblock->contents + i)))
-	    return 1;
-    return 0;
-}
-
-void
-mit_des_fixup_keyblock_parity(keyblock)
-    krb5_keyblock * keyblock;
-{
-    int i;
-    
-    for (i = 0; i < keyblock->length/sizeof(mit_des_cblock); i++)
-	mit_des_fixup_key_parity(*((mit_des_cblock *)keyblock->contents + i));
-}
-
-/*
- * mit_des_set_random_generator_seed: this routine is used to select a random
- *                                number stream.  The stream that results is
- *                                totally determined by the passed in key.
- *                                (I.e., calling this routine again with the
- *                                same key allows repeating a sequence of
- *                                random numbers)
- */
-krb5_error_code
-mit_des_set_random_generator_seed(seed, p_state)
-    const krb5_data * seed;
-    krb5_pointer p_state;
-{
-    krb5_error_code kret;
-    register int i;
-    mit_des_cblock *new_key;
-    mit_des_random_state *state = p_state;
-
-    if (state->eblock.key) {
-	if (state->eblock.key->contents) {
-	    memset(state->eblock.key->contents, 0, state->eblock.key->length);
-	    krb5_xfree(state->eblock.key->contents);
-	}
-    }
-
-    state->eblock.key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock));
-    if (! state->eblock.key)
-	return ENOMEM;
-
-    state->eblock.key->enctype = state->eblock.crypto_entry->proto_enctype;
-    state->eblock.key->length = state->eblock.crypto_entry->keysize;
-    state->eblock.key->contents = (krb5_octet *)malloc(state->eblock.key->length);
-    if (! state->eblock.key->contents) {
-	krb5_xfree(state->eblock.key);
-	state->eblock.key = 0;
-	return ENOMEM;
-    }
-
-    kret = mit_des_n_fold(seed->data, seed->length,
-		state->eblock.key->contents, state->eblock.key->length);
-    if (kret) return kret;
-
-    mit_des_fixup_keyblock_parity(state->eblock.key);
-
-    for (i = 0; i < state->eblock.key->length/sizeof(mit_des_cblock); i++) {
-	new_key = (mit_des_cblock *)state->eblock.key->contents + i;
-	if (mit_des_is_weak_key(*new_key)) {
-	    (*new_key)[0] ^= 0xF0;
-	    mit_des_fixup_key_parity(*new_key);
-	}
-    }
-
-    /* destroy any old key schedule */
-    mit_des_finish_key(&state->eblock);
-    
-    /* compute the key schedule */
-    (* state->eblock.crypto_entry->process_key)
-	(&state->eblock, state->eblock.key);
-
-    /* now we can destroy the key... */
-    memset(state->eblock.key->contents, 0, state->eblock.key->length);
-    krb5_xfree(state->eblock.key->contents);
-    krb5_xfree(state->eblock.key);
-    state->eblock.key = (krb5_keyblock *) 0;
-
-    /* "seek" to the start of the stream: */
-    memset(state->sequence.data, 0, state->sequence.length);
-
-    return 0;
-}
-
-krb5_error_code
-mit_des_set_random_sequence_number(sequence, p_state)
-    const krb5_data *sequence;
-    krb5_pointer p_state;
-{
-    mit_des_random_state *state = p_state;
-    int length = state->eblock.crypto_entry->keysize;
-
-    if (length > sequence->length)
-	length = sequence->length;
-
-    memcpy(state->sequence.data, sequence->data, length);
-    
-    return 0;
-}