1 Fixed the weak key values which were wrong :-( 2 Defining SIGACTION causes sigaction() to be used instead of signal(). 3 SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it 4 can cause problems. This should hopefully not affect normal 5 applications. 6 7Version 4.04 8 Fixed a few tests in destest. Also added x86 assember for 9 des_ncbc_encrypt() which is the standard cbc mode function. 10 This makes a very very large performace difference. 11 Ariel Glenn ariel@columbia.edu reports that the terminal 12 'turn echo off' can return (errno == EINVAL) under solaris 13 when redirection is used. So I now catch that as well as ENOTTY. 14 15 16Version 4.03 17 Left a static out of enc_write.c, which caused to buffer to be 18 continiously malloc()ed. Does anyone use these functions? I keep 19 on feeling like removing them since I only had these in there 20 for a version of kerberised login. Anyway, this was pointed out 21 by Theo de Raadt <deraadt@cvs.openbsd.org> 22 The 'n' bit ofb code was wrong, it was not shifting the shift 23 register. It worked correctly for n == 64. Thanks to 24 Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out. 25 26Version 4.02 27 I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)' 28 when checking for weak keys which is wrong :-(, pointed out by 29 Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>. 30 31Version 4.01 32 Even faster inner loop in the DES assembler for x86 and a modification 33 for IP/FP which is faster on x86. Both of these changes are 34 from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. His 35 changes make the assembler run %40 faster on a pentium. This is just 36 a case of getting the instruction sequence 'just right'. 37 All credit to 'Svend' :-) 38 Quite a few special x86 'make' targets. 39 A libdes-l (lite) distribution. 40 41Version 4.00 42 After a bit of a pause, I'll up the major version number since this 43 is mostly a performace release. I've added x86 assembler and 44 added more options for performance. A %28 speedup for gcc 45 on a pentium and the assembler is a %50 speedup. 46 MIPS CPU's, sparc and Alpha are the main CPU's with speedups. 47 Run des_opts to work out which options should be used. 48 DES_RISC1/DES_RISC2 use alternative inner loops which use 49 more registers but should give speedups on any CPU that does 50 dual issue (pentium). DES_UNROLL unrolls the inner loop, 51 which costs in code size. 52 53Version 3.26 54 I've finally removed one of the shifts in D_ENCRYPT. This 55 meant I've changed the des_SPtrans table (spr.h), the set_key() 56 function and some things in des_enc.c. This has definitly 57 made things faster :-). I've known about this one for some 58 time but I've been too lazy to follow it up :-). 59 Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^.. 60 instead of L^=((..)|(..)|(..).. This should save a register at 61 least. 62 Assember for x86. The file to replace is des_enc.c, which is replaced 63 by one of the assembler files found in asm. Look at des/asm/readme 64 for more info. 65 66 /* Modification to fcrypt so it can be compiled to support 67 HPUX 10.x's long password format, define -DLONGCRYPT to use this. 68 Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */ 69 70 SIGWINCH case put in des_read_passwd() so the function does not 71 'exit' if this function is recieved. 72 73Version 3.25 17/07/96 74 Modified read_pwd.c so that stdin can be read if not a tty. 75 Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches. 76 des_init_random_number_generator() shortened due to VMS linker 77 limits. 78 Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 79 8 byte quantites xored before and after encryption. 80 des_xcbc_encryption() - the name is funny to preserve the des_ 81 prefix on all functions. 82 83Version 3.24 20/04/96 84 The DES_PTR macro option checked and used by SSLeay configuration 85 86Version 3.23 11/04/96 87 Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, 88 it gives a %20 speedup :-) 89 Fixed the problem with des.pl under perl5. The patches were 90 sent by Ed Kubaitis (ejk@uiuc.edu). 91 if fcrypt.c, changed values to handle illegal salt values the way 92 normal crypt() implementations do. Some programs apparently use 93 them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se> 94 95Version 3.22 29/11/95 96 Bug in des(1), an error with the uuencoding stuff when the 97 'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au> 98 for the patch. 99 100Version 3.21 22/11/95 101 After some emailing back and forth with 102 Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things 103 and in a future version I will probably put in some of the 104 optimisation he suggested for use with the DES_USE_PTR option. 105 Extra routines from Mark Murray <mark@grondar.za> for use in 106 freeBSD. They mostly involve random number generation for use 107 with kerberos. They involve evil machine specific system calls 108 etc so I would normally suggest pushing this stuff into the 109 application and/or using RAND_seed()/RAND_bytes() if you are 110 using this DES library as part of SSLeay. 111 Redone the read_pw() function so that it is cleaner and 112 supports termios, thanks to Sameer Parekh <sameer@c2.org> 113 for the initial patches for this. 114 Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been 115 done just to make things more consistent. 116 I have also now added triple DES versions of cfb and ofb. 117 118Version 3.20 119 Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com, 120 my des_random_seed() function was only copying 4 bytes of the 121 passed seed into the init structure. It is now fixed to copy 8. 122 My own suggestion is to used something like MD5 :-) 123 124Version 3.19 125 While looking at my code one day, I though, why do I keep on 126 calling des_encrypt(in,out,ks,enc) when every function that 127 calls it has in and out the same. So I dropped the 'out' 128 parameter, people should not be using this function. 129 130Version 3.18 30/08/95 131 Fixed a few bit with the distribution and the filenames. 132 3.17 had been munged via a move to DOS and back again. 133 NO CODE CHANGES 134 135Version 3.17 14/07/95 136 Fixed ede3 cbc which I had broken in 3.16. I have also 137 removed some unneeded variables in 7-8 of the routines. 138 139Version 3.16 26/06/95 140 Added des_encrypt2() which does not use IP/FP, used by triple 141 des routines. Tweaked things a bit elsewhere. %13 speedup on 142 sparc and %6 on a R4400 for ede3 cbc mode. 143 144Version 3.15 06/06/95 145 Added des_ncbc_encrypt(), it is des_cbc mode except that it is 146 'normal' and copies the new iv value back over the top of the 147 passed parameter. 148 CHANGED des_ede3_cbc_encrypt() so that it too now overwrites 149 the iv. THIS WILL BREAK EXISTING CODE, but since this function 150 only new, I feel I can change it, not so with des_cbc_encrypt :-(. 151 I need to update the documentation. 152 153Version 3.14 31/05/95 154 New release upon the world, as part of my SSL implementation. 155 New copyright and usage stuff. Basically free for all to use 156 as long as you say it came from me :-) 157 158Version 3.13 31/05/95 159 A fix in speed.c, if HZ is not defined, I set it to 100.0 160 which is reasonable for most unixes except SunOS 4.x. 161 I now have a #ifdef sun but timing for SunOS 4.x looked very 162 good :-(. At my last job where I used SunOS 4.x, it was 163 defined to be 60.0 (look at the old INSTALL documentation), at 164 the last release had it changed to 100.0 since I now work with 165 Solaris2 and SVR4 boxes. 166 Thanks to Rory Chisholm <rchishol@math.ethz.ch> for pointing this 167 one out. 168 169Version 3.12 08/05/95 170 As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>, 171 my D_ENCRYPT macro in crypt() had an un-necessary variable. 172 It has been removed. 173 174Version 3.11 03/05/95 175 Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys 176 and one iv. It is a standard and I needed it for my SSL code. 177 It makes more sense to use this for triple DES than 178 3cbc_encrypt(). I have also added (or should I say tested :-) 179 cfb64_encrypt() which is cfb64 but it will encrypt a partial 180 number of bytes - 3 bytes in 3 bytes out. Again this is for 181 my SSL library, as a form of encryption to use with SSL 182 telnet. 183 184Version 3.10 22/03/95 185 Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls 186 to cbc3_encrypt, the 2 iv values that were being returned to 187 be used in the next call were reversed :-(. 188 Many thanks to Bill Wade <wade@Stoner.COM> for pointing out 189 this error. 190 191Version 3.09 01/02/95 192 Fixed des_random_key to far more random, it was rather feeble 193 with regards to picking the initial seed. The problem was 194 pointed out by Olaf Kirch <okir@monad.swb.de>. 195 196Version 3.08 14/12/94 197 Added Makefile.PL so libdes can be built into perl5. 198 Changed des_locl.h so RAND is always defined. 199 200Version 3.07 05/12/94 201 Added GNUmake and stuff so the library can be build with 202 glibc. 203 204Version 3.06 30/08/94 205 Added rpc_enc.c which contains _des_crypt. This is for use in 206 secure_rpc v 4.0 207 Finally fixed the cfb_enc problems. 208 Fixed a few parameter parsing bugs in des (-3 and -b), thanks 209 to Rob McMillan <R.McMillan@its.gu.edu.au> 210 211Version 3.05 21/04/94 212 for unsigned long l; gcc does not produce ((l>>34) == 0) 213 This causes bugs in cfb_enc. 214 Thanks to Hadmut Danisch <danisch@ira.uka.de> 215 216Version 3.04 20/04/94 217 Added a version number to des.c and libdes.a 218 219Version 3.03 12/01/94 220 Fixed a bug in non zero iv in 3cbc_enc. 221 222Version 3.02 29/10/93 223 I now work in a place where there are 6+ architectures and 14+ 224 OS versions :-). 225 Fixed TERMIO definition so the most sys V boxes will work :-) 226 227Release upon comp.sources.misc 228Version 3.01 08/10/93 229 Added des_3cbc_encrypt() 230 231Version 3.00 07/10/93 232 Fixed up documentation. 233 quad_cksum definitely compatible with MIT's now. 234 235Version 2.30 24/08/93 236 Triple DES now defaults to triple cbc but can do triple ecb 237 with the -b flag. 238 Fixed some MSDOS uuen/uudecoding problems, thanks to 239 Added prototypes. 240 241Version 2.22 29/06/93 242 Fixed a bug in des_is_weak_key() which stopped it working :-( 243 thanks to engineering@MorningStar.Com. 244 245Version 2.21 03/06/93 246 des(1) with no arguments gives quite a bit of help. 247 Added -c (generate ckecksum) flag to des(1). 248 Added -3 (triple DES) flag to des(1). 249 Added cfb and ofb routines to the library. 250 251Version 2.20 11/03/93 252 Added -u (uuencode) flag to des(1). 253 I have been playing with byte order in quad_cksum to make it 254 compatible with MIT's version. All I can say is avid this 255 function if possible since MIT's output is endian dependent. 256 257Version 2.12 14/10/92 258 Added MSDOS specific macro in ecb_encrypt which gives a %70 259 speed up when the code is compiled with turbo C. 260 261Version 2.11 12/10/92 262 Speedup in set_key (recoding of PC-1) 263 I now do it in 47 simple operations, down from 60. 264 Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) 265 for motivating me to look for a faster system :-) 266 The speedup is probably less that 1% but it is still 13 267 instructions less :-). 268 269Version 2.10 06/10/92 270 The code now works on the 64bit ETA10 and CRAY without modifications or 271 #defines. I believe the code should work on any machine that 272 defines long, int or short to be 8 bytes long. 273 Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu) 274 for helping me fix the code to run on 64bit machines (he had 275 access to an ETA10). 276 Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov> 277 for testing the routines on a CRAY. 278 read_password.c has been renamed to read_passwd.c 279 string_to_key.c has been renamed to string2key.c 280 281Version 2.00 14/09/92 282 Made mods so that the library should work on 64bit CPU's. 283 Removed all my uchar and ulong defs. To many different 284 versions of unix define them in their header files in too many 285 different combinations :-) 286 IRIX - Sillicon Graphics mods (mostly in read_password.c). 287 Thanks to Andrew Daviel (advax@erich.triumf.ca) 288 289Version 1.99 26/08/92 290 Fixed a bug or 2 in enc_read.c 291 Fixed a bug in enc_write.c 292 Fixed a pseudo bug in fcrypt.c (very obscure). 293 294Version 1.98 31/07/92 295 Support for the ETA10. This is a strange machine that defines 296 longs and ints as 8 bytes and shorts as 4 bytes. 297 Since I do evil things with long * that assume that they are 4 298 bytes. Look in the Makefile for the option to compile for 299 this machine. quad_cksum appears to have problems but I 300 will don't have the time to fix it right now, and this is not 301 a function that uses DES and so will not effect the main uses 302 of the library. 303 304Version 1.97 20/05/92 eay 305 Fixed the Imakefile and made some changes to des.h to fix some 306 problems when building this package with Kerberos v 4. 307 308Version 1.96 18/05/92 eay 309 Fixed a small bug in string_to_key() where problems could 310 occur if des_check_key was set to true and the string 311 generated a weak key. 312 313Patch2 posted to comp.sources.misc 314Version 1.95 13/05/92 eay 315 Added an alternative version of the D_ENCRYPT macro in 316 ecb_encrypt and fcrypt. Depending on the compiler, one version or the 317 other will be faster. This was inspired by 318 Dana How <how@isl.stanford.edu>, and her pointers about doing the 319 *(ulong *)((uchar *)ptr+(value&0xfc)) 320 vs 321 ptr[value&0x3f] 322 to stop the C compiler doing a <<2 to convert the long array index. 323 324Version 1.94 05/05/92 eay 325 Fixed an incompatibility between my string_to_key and the MIT 326 version. When the key is longer than 8 chars, I was wrapping 327 with a different method. To use the old version, define 328 OLD_STR_TO_KEY in the makefile. Thanks to 329 viktor@newsu.shearson.com (Viktor Dukhovni). 330 331Version 1.93 28/04/92 eay 332 Fixed the VMS mods so that echo is now turned off in 333 read_password. Thanks again to brennan@coco.cchs.su.oz.AU. 334 MSDOS support added. The routines can be compiled with 335 Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. 336 337Patch1 posted to comp.sources.misc 338Version 1.92 13/04/92 eay 339 Changed D_ENCRYPT so that the rotation of R occurs outside of 340 the loop. This required rotating all the longs in sp.h (now 341 called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM> 342 speed.c has been changed so it will work without SIGALRM. If 343 times(3) is not present it will try to use ftime() instead. 344 345Version 1.91 08/04/92 eay 346 Added -E/-D options to des(1) so it can use string_to_key. 347 Added SVR4 mods suggested by witr@rwwa.COM 348 Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If 349 anyone knows how to turn of tty echo in VMS please tell me or 350 implement it yourself :-). 351 Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS 352 does not like IN/OUT being used. 353 354Libdes posted to comp.sources.misc 355Version 1.9 24/03/92 eay 356 Now contains a fast small crypt replacement. 357 Added des(1) command. 358 Added des_rw_mode so people can use cbc encryption with 359 enc_read and enc_write. 360 361Version 1.8 15/10/91 eay 362 Bug in cbc_cksum. 363 Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this 364 one out. 365 366Version 1.7 24/09/91 eay 367 Fixed set_key :-) 368 set_key is 4 times faster and takes less space. 369 There are a few minor changes that could be made. 370 371Version 1.6 19/09/1991 eay 372 Finally go IP and FP finished. 373 Now I need to fix set_key. 374 This version is quite a bit faster that 1.51 375 376Version 1.52 15/06/1991 eay 377 20% speedup in ecb_encrypt by changing the E bit selection 378 to use 2 32bit words. This also required modification of the 379 sp table. There is still a way to speedup the IP and IP-1 380 (hints from outer@sq.com) still working on this one :-(. 381 382Version 1.51 07/06/1991 eay 383 Faster des_encrypt by loop unrolling 384 Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu) 385 386Version 1.50 28/05/1991 eay 387 Optimised the code a bit more for the sparc. I have improved the 388 speed of the inner des_encrypt by speeding up the initial and 389 final permutations. 390 391Version 1.40 23/10/1990 eay 392 Fixed des_random_key, it did not produce a random key :-( 393 394Version 1.30 2/10/1990 eay 395 Have made des_quad_cksum the same as MIT's, the full package 396 should be compatible with MIT's 397 Have tested on a DECstation 3100 398 Still need to fix des_set_key (make it faster). 399 Does des_cbc_encrypts at 70.5k/sec on a 3100. 400 401Version 1.20 18/09/1990 eay 402 Fixed byte order dependencies. 403 Fixed (I hope) all the word alignment problems. 404 Speedup in des_ecb_encrypt. 405 406Version 1.10 11/09/1990 eay 407 Added des_enc_read and des_enc_write. 408 Still need to fix des_quad_cksum. 409 Still need to document des_enc_read and des_enc_write. 410 411Version 1.00 27/08/1990 eay 412 413