Bugtraq mailing list archives
Perl Crypt::CBC concern
From: darryl () NETBAUDS NET (Darryl Miles)
Date: Sun, 18 Jun 2000 04:31:43 +0100
I wonder if you can put my mind at rest, I have recently been developing applications in C to be compatible with the Perl implementation of Crypt-CBC and Crypt-Blowfish. However in doing this I am concerned over a small detail of the Perl CBC implementation. Just recently I have reviewed the accompanying documentation with both Perl modules and it clains compatability with SSLeasy and openssl. When I originaly tried to use these implementations I had trouble and ended up porting the Crypt-CBC into C directly from the Perl module. It was at this point my attention was raised a part of Crypt::CBC I don't understand/ can't see the logic behind. I have included my recent emails to the opensrs mailing list on the subject, no one there is batted an eyelid in either agreeing with me, or putting me right in the errors of my ways. To summarise what I think I can see: A fragment of code in the initialisation of the CBC, means that private keys longer than 16 bytes are only as secure as a 16 byte key would be. This would imply that it can affect any cypher which can be used with Crypt::CBC that is able to use a key of more than 16 bytes. The original longer than 16 byte (e.g. with Crypt::Blowfish this can be 56 bytes) "private key" is passed through MD5 once (resulting in hash collisions and thus loss of bit information). The result of this is then used to initialise the cypher, all be it with the key beefed up back to at least 56 bytes by calling MD5 in a factorial fashion. My point is that the strength of the 56 bytes key of only as strong as the 16 byte stem of the key actually used after is has been passed through MD5 once. That is to say bytes 17 thru 56 can be derived from knowing bytes 1 through to 16. The reality of this is that since a huge parts of the possible 56 byte keyspace is not possible to obtain, and the number of permutations of the 56 byte key passed to initialise the cypher is only 2^128 (16 bytes). I am not sure here is if it indeed ad error in the CBC which claims some form of compatability with SSLeasy/openssl, to which I am not sure if
128 bit SSL keys are possible anyway. The problem could be in the documentation of Crypt::Blowfish with the perception that you get 56 byte keys (when used in conjunction with Crypt::CBC) and the security against brute force attack that provides with today^H^H^Hmorrows hardware.
As I say I am no crypto expert, so would appreciate comments either way. My only experience with using MD5 in this way has been as documented in the RADIUS protocol, where a random number is generated, sent in the clear, a shared secrey (key) is used and XOR with blocks of 16 byte data. I understand how that works, but I can't at all see the logic in this CBC implementation. Thanks, -- Darryl Miles Webtraffik Netbauds Ltd www.netbauds.net
From - Fri Jun 16 17:09:36 2000
Received: from www.opensrs.com ([207.136.98.175]:45835 "EHLO opensrs.org")
by relay-1.netbauds.net with ESMTP id <S4068690AbQFMAZf>;
Tue, 13 Jun 2000 01:25:35 +0100
Received: (from majordomo@localhost)
by opensrs.org (8.9.3/8.9.3) id TAA25002
for dev-list-outgoing; Mon, 12 Jun 2000 19:51:15 -0400
X-Authentication-Warning: opensrs.org: majordomo set sender to owner-dev-list () opensrs org using -f
Received: from ns1.netbauds.net (IDENT:root () ns1 netbauds net [194.207.240.11])
by opensrs.org (8.9.3/8.9.3) with ESMTP id TAA24999
for <dev-list () opensrs org>; Mon, 12 Jun 2000 19:51:14 -0400
Received: from gw.darryl.netbauds.net ([194.207.243.217]:10255 "EHLO
netbauds.net") by relay-1.netbauds.net with ESMTP
id <S4068874AbQFLXuz>; Tue, 13 Jun 2000 00:50:55 +0100
Message-ID: <39457757.8ACA69F7 () netbauds net>
Date: Tue, 13 Jun 2000 00:50:47 +0100
From: Darryl Miles <darryl () netbauds net>
Organization: Netbauds Ltd
X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.11 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: William Porquet <wporquet () tucows com>, dev-list () opensrs org
Subject: Re: OpenSRS protocol spec DRAFT
References: <Pine.LNX.4.10.10006091724580.9586-100000 () toronto mail tucows com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-dev-list () opensrs org
Precedence: bulk
Return-Path: <owner-dev-list () opensrs org>
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000
X-UIDL: <39457757.8ACA69F7 () netbauds net>
William Porquet wrote:
{Developer testing indicates that the server terminates the
connection without sending a status message in the event of failed
authentication. This is bad behavior on the part of the server,
and furthermore not the documented behavior.}
Agreed.
Encryption ========== The encryption algorithims DES and Blowfish are currently supported. The suggested method of using these encryption types is through their respective Perl modules, Crypt::DES and Crypt::Blowfish, which are then accessed through a common interface created by Crypt::CBC. Crypt::CBC is now included in the OpenSRS client distribution. While DES only supports keys of 8 bytes, it has been scrutinized for many years and has held up very well. Blowfish supports much larger keys (up to 56 bytes) but is relatively new on the encryption scene. It is holding up well under examination and is slowly being adopted by various vendors. (OpenBSD, known for their attention to security, now uses the Blowfish algorithim for encrypting system passwords.)
Hmm I wonder about this. I have had to take Crypt::Blowfish apart to
use it from 'C', (I stupidly thought blowfish was blowfish and the
implementation in openssl would be compatible). However the Perl::CBC
module does some interesting things, I am not completely sure if they
are for the better or worse.
The 56 byte key is put through MD5 (MD5 hashes always output 16 bytes),
so your 56 byte key always ends up truncated to 16 bytes. This 16 bytes
is then repeatidly put through MD5 and appended to the first 16 bytes,
etc.. until we have enough (supposidly unguessable) data to setup the
key and the block size (which CBC needs to feedback on).
The extract is in my version of CBC 1.23 (Crypto/CBC.pm):
# the real key is computed from the first N bytes of the
# MD5 hash of the provided key.
my $material = MD5->hash($key);
while (length($material) < $ks + $bs) {
$material .= MD5->hash($material);
}
I am no crypto expert, but I think the code would be far better if it
used:
# the real key is computed from the first N bytes of the
# MD5 hash of the provided key.
my $material;
if(length($key) > 16) {
$material = $key;
} else {
$material = MD5->hash($key);
}
while (length($material) < $ks + $bs) {
$material .= MD5->hash($material);
}
My reasoning for this is that:
If $key is 56 byte long binary data, (your private key).
The first pass though MD5 ('my $material = MD5->hash($key);') truncates
it to 16 bytes, and therefore since you will get hash collisions and
thus loss of bit information, (i.e. at least two of the once 56 byte
keys have now been effectivly truncated to the same 16 byte start value,
mathmatically this must be true on an enormous scale, i.e. 2^(40 * 8) =
2^320 collisions will occur with a 56 byte input and 16 byte hash output
which is supposidly mathmatically evenly distrubited).
Once you have truncated the key and accepted the collisions, you can
MD5 the result and append, and MD5 the result of this and append, any
number of times. The number of possible output values you will get for
doing this is still 2^(16 * 8) = 2^128 = Number of bit permutations of
an MD5 hash.
The $material value the goes on to initialise the actual key and first
block of data used to perform CBC.
I can only presume Crypt::DES came first, and in porting it to (keysize
16 bytes) Cryptos someone didn't notice this hole.
So really Crypt::CBC + Crypt::Blowfish only gives you 16 byte keys. Further more! The reason all this MD5->hash() appears to be going on is to generate a few more bits from the key which can be used to initalise the first block CBC contents for the CBC encoding to take place. But when you call the perl function to encrypt() the data, it throws this computation away. It then calls rand(255) 8 times to generate the new start pool and sends this just after the data 'RandomIV'. So it appears the MD5 hashing it used to beef up to pool of data forming the key, to only then be disregarded anyway. This feature I think is documented in the last comment to the new() function of Crypt::CBC. Since the initialisation value will be known to both parties (without needing to communicate it to each other, as Crypt::CBC seems to do now, and yet you still theoretically can't derive a single bit from the original key from knowing the starting CBC block value (IV, initialisation value ?? inter-block value ?? ). Which leaves its only useful purpose to take a small key (say 4 byte) and turn it into the right keysize for the cypto, but in my book it should simply error on this, since if you havn't supplied exactly the right size key for the Crypto you are using then you don't know what you are doing. You can even ask the Cypto for the key length is wants if you need to truncate something. Knowing all this it is probably possible to greatly simplify new().
Another note of interest relates to the length of the private key that is used. Starting with this client release, private keys will be 112 characters in length to provide the maximum security for people using Blowfish. Clients who continue to use DES will not be affected as Crypt::CBC only uses the portion of the private key that is needed. DES, therefore, simply ignores everything after the first 16 characters of the key.
With my reasoning, the same might as well be true for Blowfish. It just goes about it in a round about way. -- Darryl Miles Webtraffik Netbauds Ltd www.netbauds.net
From - Fri Jun 16 17:09:55 2000
Received: from www.opensrs.com ([207.136.98.175]:45317 "EHLO opensrs.org")
by relay-1.netbauds.net with ESMTP id <S4068969AbQFMWxj>;
Tue, 13 Jun 2000 23:53:39 +0100
Received: (from majordomo@localhost)
by opensrs.org (8.9.3/8.9.3) id SAA16195
for dev-list-outgoing; Tue, 13 Jun 2000 18:26:12 -0400
X-Authentication-Warning: opensrs.org: majordomo set sender to owner-dev-list () opensrs org using -f
Received: from ns1.netbauds.net (IDENT:root () ns1 netbauds net [194.207.240.11])
by opensrs.org (8.9.3/8.9.3) with ESMTP id SAA16192
for <dev-list () opensrs org>; Tue, 13 Jun 2000 18:26:10 -0400
Received: from gw.darryl.netbauds.net ([194.207.243.217]:41989 "EHLO
netbauds.net") by relay-1.netbauds.net with ESMTP
id <S4068960AbQFMWZk>; Tue, 13 Jun 2000 23:25:40 +0100
Message-ID: <3946B4E0.517F175C () netbauds net>
Date: Tue, 13 Jun 2000 23:25:36 +0100
From: Darryl Miles <darryl () netbauds net>
Organization: Netbauds Ltd
X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.11 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Paul Khavkine <paul () inet-interactive com>, dev-list () opensrs org
Subject: Re: Heeeeeeeeeerrre's Johnny! <think Jack Nicholson>
References: <Pine.BSF.4.10.10006131618180.83593-100000 () compaq inet-interactif com>
Content-Type: multipart/mixed;
boundary="------------A239B5C130215740D9C133D4"
Sender: owner-dev-list () opensrs org
Precedence: bulk
Return-Path: <owner-dev-list () opensrs org>
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000
X-UIDL: <3946B4E0.517F175C () netbauds net>
This is a multi-part message in MIME format.
--------------A239B5C130215740D9C133D4
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Paul Khavkine wrote:
HTML part is th easiest. The hard part is the authentication and encryption since it's using Crypt::CBC and it's kind of proprietary perl implementation. Cheers Paul
Not any more. Just add blowfish.o (from Crypt::Blowfish) and md5.o
(from anywhere).
cc -o perl_blowfish -DMAIN perl_blowfish.c blowfish.o md5.o
Please let me know if this works for you too.
I still stand by my recent contribution that the 56 byte Blowfish key
you are using is only as strong as a 16 byte Blowfish key is, because
Crypt::CBC truncates the 56 byte private key into a 16 byte private
key. This is because bytes 17 through to 56 can be derived from knowing
the value of bytes 1 through to 16 of the internally mangled key it
actually uses for the encryption. Crypt::CBC then proceeds to send the
random initialised value for the first CBC block in the clear. So all
that remains now is for someone to monitor an OpenSRS session and try a
brute force attack on the weaker 16 byte (128 bit) key. The attacher
does not need to know what your private key actually is, only what your
private key hashes to after being put through MD5 once.
Happy hacking :)
--
Darryl Miles
Webtraffik Netbauds Ltd
www.netbauds.net
--------------A239B5C130215740D9C133D4
Content-Type: text/plain; charset=us-ascii;
name="perl_blowfish.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="perl_blowfish.c"
/*
* $Id$
*
* $Log$
*
*
* Copyright (C) 2000 Darryl L. Miles
*
*
* Argh! Crypt::CBC + Crypt::Blowfish aren't compatible with say
* OpenSSLs BF_cbc_crypt() function.
*
* The root of the problem seems to be the implementation of blowfish
* in the CPAN PErl module Crypt::Blowfish is not compatible with the
* OpenSSL one. Given the SAME initialisation key they product
* different crypto output!
*
*/
#include <stdio.h>
#include <malloc.h>
#include <limits.h>
#include <md5.h>
#ifdef OPENSSL_IMPLEMENTATION
#include <openssl/blowfish.h>
#endif
#include "perl_blowfish.h"
struct perl_blowfish *
PerlBlowfishDestroy(struct perl_blowfish *pb)
{
PerlBlowfishEnd(pb);
free(pb);
return NULL;
}
struct perl_blowfish *
PerlBlowfishCreate(const void *key, unsigned int keylen)
{
struct perl_blowfish *pb;
pb = malloc(sizeof(*pb));
if(pb == NULL)
return NULL;
if(PerlBlowfishInit(pb, key, keylen) < 0) {
free(pb);
pb = NULL;
}
return pb;
}
void
PerlBlowfishClear(struct perl_blowfish *pb)
{
memset(pb, 0, sizeof(*pb));
return;
}
void
PerlBlowfishEnd(struct perl_blowfish *pb)
{
PerlBlowfishClear(pb);
return;
}
int
PerlBlowfishInit(struct perl_blowfish *pb, const void *key, unsigned int keylen)
{
const int keysize = 56;
const int blocksize = BF_BLOCK;
unsigned char fuzzykey[56 + BF_BLOCK + 16];
int fuzzykey_len;
memset(pb, 0, sizeof(*pb));
if(keylen > keysize)
keylen = keysize;
/* Hmm this has been gleened from the perl CBC module
* Crypt::CBC.
*
* We take the private key, and repeatidly perform an
* MD5 hash on it, and then its result, etc.. until the
* length of the data is longer than the keysize + blocksize.
* For Blowfish keysize = 56, blocksize = 8.
* Once the output is the same length or longer we take the
* for keysize bytes for the key. The next blocksize number
* of bytes to init the 'ivec' with.
*/
md5_calc(fuzzykey, key, keylen);
fuzzykey_len = 16;
while(fuzzykey_len < (blocksize + keysize)) {
md5_calc(fuzzykey + fuzzykey_len, fuzzykey, fuzzykey_len);
fuzzykey_len += 16;
}
#ifdef OPENSSL_IMPLEMENTATION
BF_set_key(&pb->blowfish_key, keysize, fuzzykey);
#else
blowfish_make_bfkey(fuzzykey, keysize, &pb->blowfish_key);
#endif
/* This is actually just randomly grouped */
memcpy(pb->blowfish_ivec_enc, fuzzykey + keysize, blocksize);
memcpy(pb->blowfish_ivec_dec, fuzzykey + keysize, blocksize);
/* FIXME: Open up /dev/random here and fill in 'blowfish_ivec_enc'
* and 'blowfish_ivec_dec' with that data.
*/
pb->left = 0;
pb->f_first_enc = 1;
pb->f_first_dec = 1;
return 0;
}
static void
string_xor(unsigned char *dest, const unsigned char *a, const unsigned char *b, unsigned int len)
{
while(len > 0) {
volatile unsigned char val;
val = *a++ ^ *b++;
*dest++ = val;
len--;
}
return;
}
void *
PerlBlowfishEncrypt(struct perl_blowfish *pb, void *dest, unsigned int *destlenptr, const void *src, unsigned int
srclen)
{
unsigned int nblock;
unsigned int nrem;
unsigned int destlen;
if(destlenptr != NULL)
destlen = *destlenptr;
else
destlen = INT_MAX;
srclen += pb->left;
nblock = srclen / BF_BLOCK;
nrem = srclen % BF_BLOCK;
if(pb->f_first_enc) {
memcpy(dest, "RandomIV", 8);
dest += 8;
destlen -= 8;
memcpy(dest, pb->blowfish_ivec_enc, BF_BLOCK);
dest += BF_BLOCK;
destlen -= BF_BLOCK;
pb->f_first_enc = 0;
}
while(nblock > 0) {
unsigned char xblock[BF_BLOCK];
unsigned char block[BF_BLOCK];
if(pb->left > 0) {
unsigned int flen;
flen = BF_BLOCK - pb->left;
/* Use up leftover */
memcpy(block, pb->leftover, pb->left);
/* Then take from src */
memcpy(block + pb->left, src, flen);
src += flen;
srclen -= flen;
pb->left = 0;
} else {
memcpy(block, src, BF_BLOCK);
src += BF_BLOCK;
srclen -= BF_BLOCK;
}
string_xor(xblock, block, pb->blowfish_ivec_enc, BF_BLOCK);
#ifdef OPENSSL_IMPLEMENTATION
BF_encrypt((void *)xblock, &pb->blowfish_key);
#else
blowfish_crypt_8bytes(xblock, xblock, &pb->blowfish_key, 0);
#endif
memcpy(dest, xblock, BF_BLOCK);
dest += BF_BLOCK;
destlen -= BF_BLOCK;
memcpy(pb->blowfish_ivec_enc, xblock, BF_BLOCK);
nblock--;
}
memcpy(pb->leftover + pb->left, src, srclen);
pb->left += srclen;
if(destlenptr != NULL)
*destlenptr = destlen;
return dest;
}
void *
PerlBlowfishEncryptFlush(struct perl_blowfish *pb, void *dest, unsigned int *destlenptr)
{
unsigned int destlen;
if(destlenptr != NULL)
destlen = *destlenptr;
else
destlen = INT_MAX;
if(pb->f_first_enc) /* You've not called Encrypt() */
return NULL;
{
unsigned char xblock[BF_BLOCK];
unsigned char block[BF_BLOCK];
unsigned int flen;
flen = BF_BLOCK - pb->left;
if(pb->left > 0) {
/* Use up leftover */
memcpy(block, pb->leftover, pb->left);
}
memset(block + pb->left, flen, flen);
string_xor(xblock, block, pb->blowfish_ivec_enc, BF_BLOCK);
#ifdef OPENSSL_IMPLEMENTATION
BF_encrypt((void *)xblock, &pb->blowfish_key);
#else
blowfish_crypt_8bytes(xblock, xblock, &pb->blowfish_key, 0);
#endif
memcpy(dest, xblock, BF_BLOCK);
dest += BF_BLOCK;
destlen -= BF_BLOCK;
memcpy(pb->blowfish_ivec_enc, xblock, BF_BLOCK);
}
pb->left = 0;
pb->f_first_enc = 1;
if(destlenptr != NULL)
*destlenptr = destlen;
return dest;
}
void *
PerlBlowfishDecrypt(struct perl_blowfish *pb, void *dest, unsigned int *destlenptr, const void *src, unsigned int
srclen)
{
unsigned int nblock;
unsigned int destlen;
if(destlenptr != NULL)
destlen = *destlenptr;
else
destlen = INT_MAX;
if(pb->f_first_dec) {
if(srclen < 8)
return NULL;
if(memcmp(src, "RandomIV", 8) == 0) {
src += 8;
srclen -= 8;
if(srclen < 8)
return NULL;
memcpy(pb->blowfish_ivec_dec, src, BF_BLOCK);
src += BF_BLOCK;
srclen -= BF_BLOCK;
}
pb->f_first_dec = 0;
}
if((srclen % BF_BLOCK) != 0)
return NULL;
nblock = srclen / BF_BLOCK;
while(nblock > 1) {
unsigned char xblock[BF_BLOCK];
unsigned char block[BF_BLOCK];
memcpy(block, src, BF_BLOCK);
src += BF_BLOCK;
srclen -= BF_BLOCK;
#ifdef OPENSSL_IMPLEMENTATION
BF_decrypt((void *)block, &pb->blowfish_key);
#else
/* (src, dest, key, f_dec) */
blowfish_crypt_8bytes(block, xblock, &pb->blowfish_key, 1);
#endif
string_xor(xblock, xblock, pb->blowfish_ivec_dec, BF_BLOCK);
memcpy(dest, xblock, BF_BLOCK);
dest += BF_BLOCK;
destlen -= BF_BLOCK;
memcpy(pb->blowfish_ivec_dec, block, BF_BLOCK);
nblock--;
}
/* Okay no we're on the last block */
if(nblock == 1) {
unsigned char xblock[BF_BLOCK];
unsigned char block[BF_BLOCK];
unsigned int padlen;
memcpy(block, src, BF_BLOCK);
src += BF_BLOCK;
srclen -= BF_BLOCK;
#ifdef OPENSSL_IMPLEMENTATION
BF_decrypt((void *)block, &pb->blowfish_key);
#else
/* (src, dest, key, f_dec) */
blowfish_crypt_8bytes(block, xblock, &pb->blowfish_key, 1);
#endif
string_xor(xblock, xblock, pb->blowfish_ivec_dec, BF_BLOCK);
padlen = xblock[BF_BLOCK - 1];
if(padlen < 1 || padlen > BF_BLOCK)
return NULL;
memcpy(dest, xblock, BF_BLOCK - padlen);
dest += (BF_BLOCK - padlen);
destlen -= (BF_BLOCK - padlen);
memcpy(pb->blowfish_ivec_dec, block, BF_BLOCK);
}
if(destlenptr != NULL)
*destlenptr = destlen;
return dest;
}
void
PerlBlowfishDecryptFlush(struct perl_blowfish *pb)
{
pb->f_first_dec = 1;
return;
}
#ifdef MAIN
int
main(int argc, char *argv[])
{
struct perl_blowfish pb;
char private_key[56];
const char *data = "hello world";
char output[4096];
char *nptr;
int outlen;
/* Fill in the private_key here */
memset(private_key, 0, sizeof(private_key));
PerlBlowfishInit(&pb, private_key, sizeof(private_key));
outlen = sizeof(output);
/* Data to encrypt is in 'data' and its length is 'strlen(data)' */
nptr = PerlBlowfishEncrypt(&pb, output, &outlen, data, strlen(data));
nptr = PerlBlowfishEncryptFlush(&pb, nptr, &outlen);
printf("outlen=%d\n", sizeof(output) - outlen);
/* Encrypted data is in 'buffer' and its length is 'outlen' */
}
#endif
--------------A239B5C130215740D9C133D4
Content-Type: text/plain; charset=us-ascii;
name="perl_blowfish.h"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="perl_blowfish.h"
/*
* $Id$
*
* $Log$
*
*/
#ifndef _CRYPTO_PERL_BLOWFISH_H
#define _CRYPTO_PERL_BLOWFISH_H
#ifdef OPENSSL_IMPLEMENTATION
#include <openssl/blowfish.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef OPENSSL_IMPLEMENTATION
typedef unsigned int IntU32 ;
typedef unsigned char IntU8 ;
#define NROUNDS 16
typedef struct
{
IntU32 p[2][NROUNDS+2],
sbox[4][256] ;
} BFkey_type ;
#define BF_BLOCK 8
#endif
struct perl_blowfish {
#ifdef OPENSSL_IMPLEMENTATION
BF_KEY blowfish_key;
#else
BFkey_type blowfish_key;
#endif
unsigned char blowfish_ivec_enc[BF_BLOCK];
unsigned char blowfish_ivec_dec[BF_BLOCK];
unsigned char leftover[BF_BLOCK];
unsigned int left;
int f_first_enc;
int f_first_dec;
};
typedef struct perl_blowfish perl_blowfish_t;
extern void PerlBlowfishEnd(struct perl_blowfish *);
extern int PerlBlowfishInit(struct perl_blowfish *, const void *, unsigned int);
extern struct perl_blowfish *PerlBlowfishDestroy(struct perl_blowfish *);
extern struct perl_blowfish *PerlBlowfishCreate(const void *, unsigned int);
extern void *PerlBlowfishEncrypt(struct perl_blowfish *, void *, unsigned int *, const void *, unsigned int);
extern void *PerlBlowfishEncryptFlush(struct perl_blowfish *, void *, unsigned int *);
extern void *PerlBlowfishDecrypt(struct perl_blowfish *, void *, unsigned int *, const void *, unsigned int);
extern void PerlBlowfishDecryptFlush(struct perl_blowfish *);
#ifndef OPENSSL_IMPLEMENTATION
extern void blowfish_crypt_8bytes(IntU8 *, IntU8 *, BFkey_type *, short);
extern int blowfish_make_bfkey(unsigned char *, int, BFkey_type *);
#endif
#ifdef __cplusplus
}
#endif
#endif /* _CRYPTO_PERL_BLOWFISH_H */
--------------A239B5C130215740D9C133D4--
Current thread:
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH, (continued)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH Andreas Hasenack (Jun 10)
- Trustix Security Advisory Oystein Viggen (Jun 09)
- Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Tom Yu (Jun 09)
- Remote DOS in linux rpc.lockd mmurray () FSCINTERNET COM (Jun 08)
- Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Mike Friedman (Jun 09)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Antonio Galea (Jun 15)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Lionel Cons (Jun 16)
- Call For Participation - Raid 2000 Herve Debar (Jun 16)
- Veritas Volume Manager 3.0.x hole Dixie Flatline (Jun 16)
- Re: Veritas Volume Manager 3.0.x hole Louis-Philippe Reid (Jun 16)
- Perl Crypt::CBC concern Darryl Miles (Jun 17)
- Re: Veritas Volume Manager 3.0.x hole Doug Hughes (Jun 18)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Solar Designer (Jun 17)