From 945c0b6dde0c31b0269ce84b30011d8012a03603 Mon Sep 17 00:00:00 2001
From: Mark Murray <markm@FreeBSD.org>
Date: Sat, 23 Jan 1999 08:26:11 +0000
Subject: [PATCH] The new crypt code breaks "make world". Back it out.

---
 secure/lib/libcrypt/Makefile          |   2 +-
 secure/lib/libcrypt/README            |  98 ++++++++++++
 secure/lib/libcrypt/README.FreeBSD    |  21 +++
 secure/lib/libcrypt/crypt-md5.c       | 157 +++++++++++++++++++
 secure/lib/libcrypt/crypt.3           | 159 ++++++++++++++++++++
 secure/lib/libcrypt/test/Makefile     |  42 ++++++
 secure/lib/libcrypt/test/README       |  10 ++
 secure/lib/libcrypt/test/cert.c       | 208 ++++++++++++++++++++++++++
 secure/lib/libcrypt/test/cert.input   | 179 ++++++++++++++++++++++
 secure/lib/libcrypt/test/speedcrypt.c |  76 ++++++++++
 10 files changed, 951 insertions(+), 1 deletion(-)
 create mode 100644 secure/lib/libcrypt/README
 create mode 100644 secure/lib/libcrypt/README.FreeBSD
 create mode 100644 secure/lib/libcrypt/crypt-md5.c
 create mode 100644 secure/lib/libcrypt/crypt.3
 create mode 100644 secure/lib/libcrypt/test/Makefile
 create mode 100644 secure/lib/libcrypt/test/README
 create mode 100644 secure/lib/libcrypt/test/cert.c
 create mode 100644 secure/lib/libcrypt/test/cert.input
 create mode 100644 secure/lib/libcrypt/test/speedcrypt.c

diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile
index 25e11bc7d596..1f947c93eec3 100644
--- a/secure/lib/libcrypt/Makefile
+++ b/secure/lib/libcrypt/Makefile
@@ -1,5 +1,5 @@
 #
-# $Id: Makefile,v 1.13 1997/09/05 12:21:22 peter Exp $
+# $Id$
 #
 
 LCRYPTBASE=     libcrypt
diff --git a/secure/lib/libcrypt/README b/secure/lib/libcrypt/README
new file mode 100644
index 000000000000..b02ff5a15bd0
--- /dev/null
+++ b/secure/lib/libcrypt/README
@@ -0,0 +1,98 @@
+
+	FreeSec - NetBSD libcrypt replacement
+
+	  David Burren <davidb@werj.com.au>
+	  Release 1.0, March 1994
+
+    Document ref: $Id$
+
+
+Description
+===========
+This library is a drop-in replacement for the libcrypt used in U.S. copies
+of NetBSD, duplicating that library's functionality.  A suite of verification
+and benchmark tools is provided.
+
+FreeSec 1.0 is an original implementation of the DES algorithm and the
+crypt(3) interfaces used in Unix-style operating systems.  It was produced
+in Australia and as such is not covered by U.S. export restrictions (at
+least for copies that remain outside the U.S.).
+
+
+History
+=======
+An earlier version of the FreeSec library was built using the UFC-crypt
+package that is distributed as part of the GNU library.  UFC-crypt did not
+support the des_cipher() or des_setkey() functions, nor the new-style
+crypt with long keys.  These were implemented in FreeSec 0.2, but at least
+one bug remained, where encryption would only succeed if either the salt
+or the plaintext was zero.  Because of its heritage FreeSec 0.2 was covered
+by the GNU Library Licence.
+
+FreeSec 1.0 is an original implementation by myself, and has been tested
+against the verification suite I'd been using with FreeSec 0.2 (this is not
+encumbered by any licence).  FreeSec 1.0 is covered by a Berkeley-style
+licence, which better fits into the *BSD hierarchy than the earlier GNU
+licence.
+
+
+Why should you use FreeSec?
+===========================
+FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
+to act as a baseline for encryption functionality.
+
+Some other packages (such as Eric Young's libdes package) are faster and
+more complete than FreeSec, but typically have different licencing
+arrangements.  While some applications will justify the use of these
+packages, the idea here is that everyone should have access to *at least*
+the functionality of FreeSec.
+
+
+Performance of FreeSec 1.0
+==========================
+I compare below the performance of three libcrypt implementations.  As can be
+seen, it's between the U.S. library and UFC-crypt.  While the performance of
+FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
+future versions.  I was interested to note that while UFC-crypt is faster on
+a 386, hardware characteristics can have markedly different effects on each
+implementation.
+
+
+386DX40, 128k cache	| U.S. BSD	| FreeSec 1.0	| FreeSec 0.2
+CFLAGS=-O2		|		|		|
+========================+===============+===============+==================
+crypt (alternate keys)	| 317		| 341		| 395
+	crypt/sec	|		|		|
+------------------------+---------------+---------------+------------------
+crypt (constant key)	| 317		| 368		| 436
+	crypt/sec	|		|		|
+------------------------+---------------+---------------+------------------
+des_cipher( , , , 1)	| 6037		| 7459		| 3343
+	blocks/sec	|		|		|
+------------------------+---------------+---------------+------------------
+des_cipher( , , , 25)	| 8871		| 9627		| 15926
+	blocks/sec	|		|		|
+
+Notes:	The results tabled here are the average over 10 runs.
+	The entry/exit code for FreeSec 0.2's des_cipher() is particularly
+	inefficient, thus the anomalous result for single encryptions.
+
+
+As an experiment using a machine with a larger register set and an
+obscenely fast CPU, I obtained the following results:
+
+	60 MHz R4400		| FreeSec 1.0	| FreeSec 0.2
+	========================+=================================
+	crypt (alternate keys)	| 2545		| 2702
+		crypt/sec	|		|
+	------------------------+---------------------------------
+	crypt (constant key)	| 2852		| 2981
+		crypt/sec	|		|
+	------------------------+---------------------------------
+	des_cipher( , , , 1)	| 56443		| 21409
+		blocks/sec	|		|
+	------------------------+---------------------------------
+	des_cipher( , , , 25)	| 82531		| 18276
+		blocks/sec	|		|
+
+Obviously your mileage will vary with your hardware and your compiler...
diff --git a/secure/lib/libcrypt/README.FreeBSD b/secure/lib/libcrypt/README.FreeBSD
new file mode 100644
index 000000000000..4a9260b31fcb
--- /dev/null
+++ b/secure/lib/libcrypt/README.FreeBSD
@@ -0,0 +1,21 @@
+$Id$
+
+This is FreeSec package for NetBSD,  unchanged for
+FreeBSD, except for the Makefile.
+
+FreeSec was written by David Burren <davidb@werj.com.au>
+
+A few bugs in the original FreeSec release have been fixed.
+
+In order to make libcrypt binaries exportable from the USA,
+only the symbol _crypt() (later to be changed to ___crypt())
+is exported from libcrypt.
+
+This source code was developed outside the USA, and can be
+obtained outside the USA.
+
+					Geoff Rehmet
+					Rhodes University
+					Grahamstown 
+					South Africa
+					8 August 1994
diff --git a/secure/lib/libcrypt/crypt-md5.c b/secure/lib/libcrypt/crypt-md5.c
new file mode 100644
index 000000000000..02675388e23c
--- /dev/null
+++ b/secure/lib/libcrypt/crypt-md5.c
@@ -0,0 +1,157 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ * 
+ * This has had its entry point changed to crypt_md5 for use in 
+ * a dual-personality (DES & MD5) environment)  -- MarkM - Nov 1995
+ *
+ * $Id$
+ *
+ */
+
+#if 0
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$Header$";
+#endif /* LIBC_SCCS and not lint */
+#endif
+
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <md5.h>
+
+static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+static void
+to64(s, v, n)
+	char *s;
+	unsigned long v;
+	int n;
+{
+	while (--n >= 0) {
+		*s++ = itoa64[v&0x3f];
+		v >>= 6;
+	}
+}
+
+/*
+ * UNIX password
+ *
+ * Use MD5 for what it is best at...
+ */
+
+char *
+crypt_md5(pw, salt)
+	register const char *pw;
+	register const char *salt;
+{
+	static char	*magic = "$1$";	/*
+						 * This string is magic for
+						 * this algorithm.  Having
+						 * it this way, we can get
+						 * get better later on
+						 */
+	static char     passwd[120], *p;
+	static const char *sp,*ep;
+	unsigned char	final[16];
+	int sl,pl,i,j;
+	MD5_CTX	ctx,ctx1;
+	unsigned long l;
+
+	/* Refine the Salt first */
+	sp = salt;
+
+	/* If it starts with the magic string, then skip that */
+	if(!strncmp(sp,magic,strlen(magic)))
+		sp += strlen(magic);
+
+	/* It stops at the first '$', max 8 chars */
+	for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+		continue;
+
+	/* get the length of the true salt */
+	sl = ep - sp;
+
+	MD5Init(&ctx);
+
+	/* The password first, since that is what is most unknown */
+	MD5Update(&ctx,pw,strlen(pw));
+
+	/* Then our magic string */
+	MD5Update(&ctx,magic,strlen(magic));
+
+	/* Then the raw salt */
+	MD5Update(&ctx,sp,sl);
+
+	/* Then just as many characters of the MD5(pw,salt,pw) */
+	MD5Init(&ctx1);
+	MD5Update(&ctx1,pw,strlen(pw));
+	MD5Update(&ctx1,sp,sl);
+	MD5Update(&ctx1,pw,strlen(pw));
+	MD5Final(final,&ctx1);
+	for(pl = strlen(pw); pl > 0; pl -= 16)
+		MD5Update(&ctx,final,pl>16 ? 16 : pl);
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final,0,sizeof final);
+
+	/* Then something really weird... */
+	for (j=0,i = strlen(pw); i ; i >>= 1)
+		if(i&1)
+		    MD5Update(&ctx, final+j, 1);
+		else
+		    MD5Update(&ctx, pw+j, 1);
+
+	/* Now make the output string */
+	strcpy(passwd,magic);
+	strncat(passwd,sp,sl);
+	strcat(passwd,"$");
+
+	MD5Final(final,&ctx);
+
+	/*
+	 * and now, just to make sure things don't run too fast
+	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * need 30 seconds to build a 1000 entry dictionary...
+	 */
+	for(i=0;i<1000;i++) {
+		MD5Init(&ctx1);
+		if(i & 1)
+			MD5Update(&ctx1,pw,strlen(pw));
+		else
+			MD5Update(&ctx1,final,16);
+
+		if(i % 3)
+			MD5Update(&ctx1,sp,sl);
+
+		if(i % 7)
+			MD5Update(&ctx1,pw,strlen(pw));
+
+		if(i & 1)
+			MD5Update(&ctx1,final,16);
+		else
+			MD5Update(&ctx1,pw,strlen(pw));
+		MD5Final(final,&ctx1);
+	}
+
+	p = passwd + strlen(passwd);
+
+	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
+	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
+	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
+	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
+	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
+	l =                    final[11]                ; to64(p,l,2); p += 2;
+	*p = '\0';
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final,0,sizeof final);
+
+	return passwd;
+}
+
diff --git a/secure/lib/libcrypt/crypt.3 b/secure/lib/libcrypt/crypt.3
new file mode 100644
index 000000000000..6ab054153df4
--- /dev/null
+++ b/secure/lib/libcrypt/crypt.3
@@ -0,0 +1,159 @@
+.\" FreeSec: libcrypt for NetBSD
+.\"
+.\" Copyright (c) 1994 David Burren
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the author nor the names of other contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	$Id$
+.\"
+.\" Manual page, using -mandoc macros
+.\"
+.Dd March 9, 1994
+.Dt CRYPT 3
+.Os "FreeSec 1.0"
+.Sh NAME
+.Nm crypt
+.Nd DES trapdoor encryption
+.Sh SYNOPSIS
+.Ft char
+.Fn *crypt "const char *key" "const char *setting"
+.Sh DESCRIPTION
+The
+.Fn crypt
+function performs password encryption, based on the
+.Tn NBS
+Data Encryption Standard (DES).
+Additional code has been added to deter key search attempts.
+The first argument to
+.Nm crypt
+is a
+.Dv null Ns -terminated
+string, typically a user's typed password.
+The second is in one of three forms:
+if it begins with an underscore (``_'') then an extended format is used
+in interpreting both the the key and the setting, as outlined below.
+if it begins with the string ``$1$'' then an exportable format is used.
+.Ss Extended crypt:
+.Pp
+The
+.Ar key
+is divided into groups of 8 characters (the last group is null-padded)
+and the low-order 7 bits of each each character (56 bits per group) are
+used to form the DES key as follows:
+the first group of 56 bits becomes the initial DES key.
+For each additional group, the XOR of the encryption of the current DES
+key with itself and the group bits becomes the next DES key.
+.Pp
+The setting is a 9-character array consisting of an underscore followed
+by 4 bytes of iteration count and 4 bytes of salt.
+These are encoded as printable characters, 6 bits per character,
+least significant character first.
+The values 0 to 63 are encoded as ``./0-9A-Za-z''.
+This allows 24 bits for both
+.Fa count
+and
+.Fa salt .
+.Ss "Traditional" crypt:
+.Pp
+The first 8 bytes of the key are null-padded, and the low-order 7 bits of
+each character is used to form the 56-bit
+.Tn DES
+key.
+.Pp
+The setting is a 2-character array of the ASCII-encoded salt.
+Thus only 12 bits of
+.Fa salt
+are used.
+.Fa count
+is set to 25.
+.Ss "FreeBSD" or "Exportable" crypt:
+.Pp
+If the salt begins with ``$1$'' then the freely exportable 
+.Tn MD5
+algorithm is used to calculate a hash value, from which the password string
+is generated. The
+.Tn MD5
+derived routine is designed to be time-consuming like the DES based version.
+.Ss Algorithm:
+.Pp
+The
+.Fa salt
+introduces disorder in the
+.Tn DES
+algorithm in one of 16777216 or 4096 possible ways
+(ie. with 24 or 12 bits: if bit
+.Em i
+of the
+.Ar salt
+is set, then bits
+.Em i
+and
+.Em i+24
+are swapped in the
+.Tn DES
+E-box output).
+.Pp
+The DES key is used to encrypt a 64-bit constant using
+.Ar count
+iterations of
+.Tn DES .
+The value returned is a
+.Dv null Ns -terminated
+string, 20 or 13 bytes (plus null) in length, consisting of the
+.Ar setting
+followed by the encoded 64-bit encryption.
+.Pp
+The function
+.Fn crypt
+returns a pointer to the encrypted value on success, and NULL on failure.
+.Sh SEE ALSO
+.Xr login 1 ,
+.Xr passwd 1 ,
+.Xr getpass 3 ,
+.Xr passwd 5
+.Sh BUGS
+The
+.Fn crypt
+function returns a pointer to static data, and subsequent calls to
+.Fn crypt
+will modify the same object.
+.Sh HISTORY
+A rotor-based
+.Fn crypt
+function appeared in
+.At v6 .
+The current style
+.Fn crypt
+first appeared in
+.At v7 .
+.Pp
+This library (FreeSec 1.0) was developed outside the United States of America
+as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption
+library.
+Users should be aware that this code (and programs staticly linked with it)
+may not be exported from the U.S., although it apparently can be imported.
+.Sh AUTHOR
+David Burren <davidb@werj.com.au>
diff --git a/secure/lib/libcrypt/test/Makefile b/secure/lib/libcrypt/test/Makefile
new file mode 100644
index 000000000000..a26e718ca1ae
--- /dev/null
+++ b/secure/lib/libcrypt/test/Makefile
@@ -0,0 +1,42 @@
+#
+#	Hacked Makefile to compile and run the DES-certification program,
+#	but not install anything.
+#
+# $Id$
+#
+LIBCRYPT= $(.OBJDIR)/libdescrypt.a
+
+#CFLAGS+= -DHAVE_CRYPT16
+
+TARGETS=cert speedcrypt
+
+all: ${TARGETS}
+
+test: all testcrypt testspeed
+
+testcrypt: cert
+	@./cert -c
+
+testspeed: cryptspeed
+
+cryptspeed: speedcrypt
+	@./speedcrypt 30 1
+	@./speedcrypt 30 1
+	@./speedcrypt 30 0
+	@./speedcrypt 30 0
+
+cert: cert.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT}
+
+speedcrypt: speedcrypt.c ${LIBCRYPT}
+	$(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT}
+
+
+clean:
+	rm -f ${TARGETS}
+
+install:
+
+obj:
+
+.include <bsd.prog.mk>
diff --git a/secure/lib/libcrypt/test/README b/secure/lib/libcrypt/test/README
new file mode 100644
index 000000000000..eb6b0bebbc1d
--- /dev/null
+++ b/secure/lib/libcrypt/test/README
@@ -0,0 +1,10 @@
+This directory contains test programs to certify DES operation and to
+time the crypt() call (of curiosity value).
+
+Simply type `make test` to run the tests.
+
+The normal `make all` and `make install` that get done during library building
+and installation will build these programs BUT NOT INSTALL THEM.  After all,
+they're only for testing...
+
+- David Burren, January 1994
diff --git a/secure/lib/libcrypt/test/cert.c b/secure/lib/libcrypt/test/cert.c
new file mode 100644
index 000000000000..4e207adfa2e0
--- /dev/null
+++ b/secure/lib/libcrypt/test/cert.c
@@ -0,0 +1,208 @@
+/*
+ * This DES validation program shipped with FreeSec is derived from that
+ * shipped with UFC-crypt which is apparently derived from one distributed
+ * with Phil Karns PD DES package.
+ *
+ * $Id$
+ */
+
+#include <stdio.h>
+
+int totfails = 0;
+
+char *crypt();
+#ifdef HAVE_CRYPT16
+char *crypt16();
+#endif /* HAVE_CRYPT16 */
+
+
+static struct crypt_test {
+	char	*key, *setting, *answer;
+} crypt_tests[] = {
+	"foob",			"ar",		"arlEKn0OzVJn.",
+	"holyhooplasbatman!",	"_X.......",	"_X.......N89y2Z.e4WU",
+	"holyhooplasbatman!",	"_X...X...",	"_X...X...rSUDQ5Na/QM",
+	"holyhooplasbatman!",	"_XX..X...",	"_XX..X...P8vb9xU4JAk",
+	"holyhooplasbatman!",	"_XX..XX..",	"_XX..XX..JDs5IlGLqT2",
+	"holyhooplasbatman!",	"_XX..XXa.",	"_XX..XXa.bFVsOnCNh8Y",
+	"holyhooplasbatman!",	"_XXa.X...",	"_XXa.X...Ghsb3QKNaps",
+#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS
+	"holyhooplasbatman!",	"_arararar",	"_ararararNGMzvpNjeCc",
+#endif
+	NULL, NULL, NULL,
+};
+
+
+static struct crypt_test crypt16_tests[] = {
+	"foob",			"ar",		"arxo23jZDD5AYbHbqoy9Dalg",
+	"holyhooplasbatman!",	"ar",		"arU5FRLJ3kxIoedlmyrOelEw",
+	NULL, NULL, NULL
+};
+
+
+void good_bye()
+{
+  if(totfails == 0) {
+    printf(" Passed validation\n");
+    exit(0);
+  } else {
+    printf(" %d failures during validation!!!\n", totfails);
+    exit(1);
+  }
+}
+
+
+void put8(cp)
+char *cp;
+{
+	int i,j,t;
+
+	for(i = 0; i < 8; i++){
+		t = 0;
+		for(j = 0; j < 8; j++)
+			t = t << 1 | *cp++;
+		printf("%02x", t);
+	}
+}
+
+
+void print_bits(bits)
+unsigned char *bits;
+{
+	int	i;
+
+	for (i = 0; i < 8; i++) {
+		printf("%02x", bits[i]);
+	}
+}
+
+
+int parse_line(buff, salt, key, plain, answer)
+char *buff;
+long *salt;
+char *key, *plain, *answer;
+{
+	char *ptr1, *ptr2;
+	int val;
+	int i,j,t;
+
+	/*
+	 * Extract salt
+	 */
+	if (sscanf(buff, "%lu", salt) != 1)
+		return(-1);
+	for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+
+	/*
+	 * Extract key
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*key++ = (t & 1 << (7 - j)) != 0;
+	}
+
+	/*
+	 * Extract plain
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*plain++ = (t & 1 << (7 - j)) != 0;
+	}
+
+	/*
+	 * Extract answer
+	 */
+	for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++)
+		;
+	for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++)
+		;
+	if (ptr2 - ptr1 != 16)
+		return(-1);
+	for (i = 0; i < 8; i++){
+		if (sscanf(ptr1 + 2*i, "%2x", &t) != 1)
+			return(-2);
+		for (j = 0; j < 8; j++)
+			*answer++ = (t & 1 << (7 - j)) != 0;
+	}
+	return(0);
+}
+
+void bytes_to_bits(bytes, bits)
+char *bytes;
+unsigned char *bits;
+{
+	int	i, j;
+
+	for (i = 0; i < 8; i++) {
+		bits[i] = 0;
+		for (j = 0; j < 8; j++) {
+			bits[i] |= (bytes[i*8+j] & 1) << (7 - j);
+		}
+	}
+}
+
+
+
+/*
+ *	Test the old-style crypt(), the new-style crypt(), and crypt16().
+ */
+void test_crypt()
+{
+	char	*result;
+	struct crypt_test	*p;
+
+	printf("Testing crypt() family\n");
+
+	for (p = crypt_tests; p->key; p++) {
+		printf(" crypt(\"%s\", \"%s\"), \"%s\" expected",
+			p->key, p->setting, p->answer);
+		fflush(stdout);
+		result = crypt(p->key, p->setting);
+		if(!strcmp(result, p->answer)) {
+			printf(", OK\n");
+		} else {
+			printf("\n  failed (\"%s\")\n", result);
+			totfails++;
+		}
+	}
+
+#ifdef HAVE_CRYPT16
+	for (p = crypt16_tests; p->key; p++) {
+		printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected",
+			p->key, p->setting, p->answer);
+		fflush(stdout);
+		result = crypt16(p->key, p->setting);
+		if(!strcmp(result, p->answer)) {
+			printf(", OK\n");
+		} else {
+			printf("\n  failed (\"%s\")\n", result);
+			totfails++;
+		}
+	}
+#endif /* HAVE_CRYPT16 */
+}
+
+main(argc, argv)
+int argc;
+char *argv[];
+{
+	test_crypt();
+	good_bye();
+}
diff --git a/secure/lib/libcrypt/test/cert.input b/secure/lib/libcrypt/test/cert.input
new file mode 100644
index 000000000000..db1749e20886
--- /dev/null
+++ b/secure/lib/libcrypt/test/cert.input
@@ -0,0 +1,179 @@
+# $Id$
+#
+# Salt, key, plaintext, ciphertext
+#
+0 0101010101010101 95f8a5e5dd31d900 8000000000000000
+0 0101010101010101 dd7f121ca5015619 4000000000000000
+0 0101010101010101 2e8653104f3834ea 2000000000000000
+0 0101010101010101 4bd388ff6cd81d4f 1000000000000000
+0 0101010101010101 20b9e767b2fb1456 0800000000000000
+0 0101010101010101 55579380d77138ef 0400000000000000
+0 0101010101010101 6cc5defaaf04512f 0200000000000000
+0 0101010101010101 0d9f279ba5d87260 0100000000000000
+0 0101010101010101 d9031b0271bd5a0a 0080000000000000
+0 0101010101010101 424250b37c3dd951 0040000000000000
+0 0101010101010101 b8061b7ecd9a21e5 0020000000000000
+0 0101010101010101 f15d0f286b65bd28 0010000000000000
+0 0101010101010101 add0cc8d6e5deba1 0008000000000000
+0 0101010101010101 e6d5f82752ad63d1 0004000000000000
+0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000
+0 0101010101010101 f356834379d165cd 0001000000000000
+0 0101010101010101 2b9f982f20037fa9 0000800000000000
+0 0101010101010101 889de068a16f0be6 0000400000000000
+0 0101010101010101 e19e275d846a1298 0000200000000000
+0 0101010101010101 329a8ed523d71aec 0000100000000000
+0 0101010101010101 e7fce22557d23c97 0000080000000000
+0 0101010101010101 12a9f5817ff2d65d 0000040000000000
+0 0101010101010101 a484c3ad38dc9c19 0000020000000000
+0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000
+0 0101010101010101 750d079407521363 0000008000000000
+0 0101010101010101 64feed9c724c2faf 0000004000000000
+0 0101010101010101 f02b263b328e2b60 0000002000000000
+0 0101010101010101 9d64555a9a10b852 0000001000000000
+0 0101010101010101 d106ff0bed5255d7 0000000800000000
+0 0101010101010101 e1652c6b138c64a5 0000000400000000
+0 0101010101010101 e428581186ec8f46 0000000200000000
+0 0101010101010101 aeb5f5ede22d1a36 0000000100000000
+0 0101010101010101 e943d7568aec0c5c 0000000080000000
+0 0101010101010101 df98c8276f54b04b 0000000040000000
+0 0101010101010101 b160e4680f6c696f 0000000020000000
+0 0101010101010101 fa0752b07d9c4ab8 0000000010000000
+0 0101010101010101 ca3a2b036dbc8502 0000000008000000
+0 0101010101010101 5e0905517bb59bcf 0000000004000000
+0 0101010101010101 814eeb3b91d90726 0000000002000000
+0 0101010101010101 4d49db1532919c9f 0000000001000000
+0 0101010101010101 25eb5fc3f8cf0621 0000000000800000
+0 0101010101010101 ab6a20c0620d1c6f 0000000000400000
+0 0101010101010101 79e90dbc98f92cca 0000000000200000
+0 0101010101010101 866ecedd8072bb0e 0000000000100000
+0 0101010101010101 8b54536f2f3e64a8 0000000000080000
+0 0101010101010101 ea51d3975595b86b 0000000000040000
+0 0101010101010101 caffc6ac4542de31 0000000000020000
+0 0101010101010101 8dd45a2ddf90796c 0000000000010000
+0 0101010101010101 1029d55e880ec2d0 0000000000008000
+0 0101010101010101 5d86cb23639dbea9 0000000000004000
+0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000
+0 0101010101010101 ce332329248f3228 0000000000001000
+0 0101010101010101 8405d1abe24fb942 0000000000000800
+0 0101010101010101 e643d78090ca4207 0000000000000400
+0 0101010101010101 48221b9937748a23 0000000000000200
+0 0101010101010101 dd7c0bbd61fafd54 0000000000000100
+0 0101010101010101 2fbc291a570db5c4 0000000000000080
+0 0101010101010101 e07c30d7e4e26e12 0000000000000040
+0 0101010101010101 0953e2258e8e90a1 0000000000000020
+0 0101010101010101 5b711bc4ceebf2ee 0000000000000010
+0 0101010101010101 cc083f1e6d9e85f6 0000000000000008
+0 0101010101010101 d2fd8867d50d2dfe 0000000000000004
+0 0101010101010101 06e7ea22ce92708f 0000000000000002
+0 0101010101010101 166b40b44aba4bd6 0000000000000001
+0 8001010101010101 0000000000000000 95a8d72813daa94d
+0 4001010101010101 0000000000000000 0eec1487dd8c26d5
+0 2001010101010101 0000000000000000 7ad16ffb79c45926
+0 1001010101010101 0000000000000000 d3746294ca6a6cf3
+0 0801010101010101 0000000000000000 809f5f873c1fd761
+0 0401010101010101 0000000000000000 c02faffec989d1fc
+0 0201010101010101 0000000000000000 4615aa1d33e72f10
+0 0180010101010101 0000000000000000 2055123350c00858
+0 0140010101010101 0000000000000000 df3b99d6577397c8
+0 0120010101010101 0000000000000000 31fe17369b5288c9
+0 0110010101010101 0000000000000000 dfdd3cc64dae1642
+0 0108010101010101 0000000000000000 178c83ce2b399d94
+0 0104010101010101 0000000000000000 50f636324a9b7f80
+0 0102010101010101 0000000000000000 a8468ee3bc18f06d
+0 0101800101010101 0000000000000000 a2dc9e92fd3cde92
+0 0101400101010101 0000000000000000 cac09f797d031287
+0 0101200101010101 0000000000000000 90ba680b22aeb525
+0 0101100101010101 0000000000000000 ce7a24f350e280b6
+0 0101080101010101 0000000000000000 882bff0aa01a0b87
+0 0101040101010101 0000000000000000 25610288924511c2
+0 0101020101010101 0000000000000000 c71516c29c75d170
+0 0101018001010101 0000000000000000 5199c29a52c9f059
+0 0101014001010101 0000000000000000 c22f0a294a71f29f
+0 0101012001010101 0000000000000000 ee371483714c02ea
+0 0101011001010101 0000000000000000 a81fbd448f9e522f
+0 0101010801010101 0000000000000000 4f644c92e192dfed
+0 0101010401010101 0000000000000000 1afa9a66a6df92ae
+0 0101010201010101 0000000000000000 b3c1cc715cb879d8
+0 0101010180010101 0000000000000000 19d032e64ab0bd8b
+0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc
+0 0101010120010101 0000000000000000 b7265f7f447ac6f3
+0 0101010110010101 0000000000000000 9db73b3c0d163f54
+0 0101010108010101 0000000000000000 8181b65babf4a975
+0 0101010104010101 0000000000000000 93c9b64042eaa240
+0 0101010102010101 0000000000000000 5570530829705592
+0 0101010101800101 0000000000000000 8638809e878787a0
+0 0101010101400101 0000000000000000 41b9a79af79ac208
+0 0101010101200101 0000000000000000 7a9be42f2009a892
+0 0101010101100101 0000000000000000 29038d56ba6d2745
+0 0101010101080101 0000000000000000 5495c6abf1e5df51
+0 0101010101040101 0000000000000000 ae13dbd561488933
+0 0101010101020101 0000000000000000 024d1ffa8904e389
+0 0101010101018001 0000000000000000 d1399712f99bf02e
+0 0101010101014001 0000000000000000 14c1d7c1cffec79e
+0 0101010101012001 0000000000000000 1de5279dae3bed6f
+0 0101010101011001 0000000000000000 e941a33f85501303
+0 0101010101010801 0000000000000000 da99dbbc9a03f379
+0 0101010101010401 0000000000000000 b7fc92f91d8e92e9
+0 0101010101010201 0000000000000000 ae8e5caa3ca04e85
+0 0101010101010180 0000000000000000 9cc62df43b6eed74
+0 0101010101010140 0000000000000000 d863dbb5c59a91a0
+0 0101010101010120 0000000000000000 a1ab2190545b91d7
+0 0101010101010110 0000000000000000 0875041e64c570f7
+0 0101010101010108 0000000000000000 5a594528bebef1cc
+0 0101010101010104 0000000000000000 fcdb3291de21f0c0
+0 0101010101010102 0000000000000000 869efd7f9f265a09
+0 1046913489980131 0000000000000000 88d55e54f54c97b4
+0 1007103489988020 0000000000000000 0c0cc00c83ea48fd
+0 10071034c8980120 0000000000000000 83bc8ef3a6570183
+0 1046103489988020 0000000000000000 df725dcad94ea2e9
+0 1086911519190101 0000000000000000 e652b53b550be8b0
+0 1086911519580101 0000000000000000 af527120c485cbb0
+0 5107b01519580101 0000000000000000 0f04ce393db926d5
+0 1007b01519190101 0000000000000000 c9f00ffc74079067
+0 3107915498080101 0000000000000000 7cfd82a593252b4e
+0 3107919498080101 0000000000000000 cb49a2f9e91363e3
+0 10079115b9080140 0000000000000000 00b588be70d23f56
+0 3107911598080140 0000000000000000 406a9a6ab43399ae
+0 1007d01589980101 0000000000000000 6cb773611dca9ada
+0 9107911589980101 0000000000000000 67fd21c17dbb5d70
+0 9107d01589190101 0000000000000000 9592cb4110430787
+0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3
+0 1007940498190101 0000000000000000 4d102196c914ca16
+0 0107910491190401 0000000000000000 2dfa9f4573594965
+0 0107910491190101 0000000000000000 b46604816c0e0774
+0 0107940491190401 0000000000000000 6e7e6221a4f34e87
+0 19079210981a0101 0000000000000000 aa85e74643233199
+0 1007911998190801 0000000000000000 2e5a19db4d1962d6
+0 10079119981a0801 0000000000000000 23a866a809d30894
+0 1007921098190101 0000000000000000 d812d961f017d320
+0 100791159819010b 0000000000000000 055605816e58608f
+0 1004801598190101 0000000000000000 abd88e8b1b7716f1
+0 1004801598190102 0000000000000000 537ac95be69da1e1
+0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8
+0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d
+0 1002911598190104 0000000000000000 61c79c71921a2ef8
+0 1002911598100201 0000000000000000 e2f5728f0995013c
+0 1002911698100101 0000000000000000 1aeac39a61f0a464
+0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b
+0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271
+0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a
+0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a
+0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095
+0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b
+0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09
+0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a
+0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f
+0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088
+0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77
+0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a
+0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56
+0 025816164629b007 480d39006ee762f2 a1f9915541020b56
+0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556
+0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac
+0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a
+0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41
+0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
+1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60
+57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae
+1 8001010101010101 0000000000000000 f501029f268e45dc
+0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793
diff --git a/secure/lib/libcrypt/test/speedcrypt.c b/secure/lib/libcrypt/test/speedcrypt.c
new file mode 100644
index 000000000000..f7507fd789f0
--- /dev/null
+++ b/secure/lib/libcrypt/test/speedcrypt.c
@@ -0,0 +1,76 @@
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include <stdio.h>
+
+int		keep_going, count, alternate, seconds;
+struct rusage	prior, now;
+
+void
+finish()
+{
+	keep_going = 0;
+}
+
+
+main(int argc, char *argv[])
+{
+	struct itimerval itv;
+	u_long		msecs, key1[8], key2[8];
+	char		*k1, *k2;
+
+	if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1)
+		seconds = 20;
+
+	if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1)
+		alternate = 0;
+
+	printf ("Running crypt%s for %d seconds of vtime...\n",
+		alternate ? " with alternate keys" : "", seconds);
+
+	bzero(&itv, sizeof (itv));
+	signal (SIGVTALRM, finish);
+	itv.it_value.tv_sec = seconds;
+	itv.it_value.tv_usec = 0;
+	setitimer(ITIMER_VIRTUAL, &itv, NULL);
+
+	keep_going = 1;
+	if (getrusage(0, &prior) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+
+	k1 = (char *) key1;
+	k2 = (char *) key2;
+	strcpy(k1, "fredfredfredfredfred");
+	strcpy(k2, "joejoejoejoejoejoejo");
+
+	if (alternate)
+		for (count = 0; keep_going; count++)
+		{
+#if defined(LONGCRYPT)
+			crypt((count & 1) ? k1 : k2, "_ara.X...");
+#else
+			crypt((count & 1) ? k1 : k2, "eek");
+#endif
+		}
+	else
+		for (count = 0; keep_going; count++)
+		{
+#if defined(LONGCRYPT)
+			crypt(k1, "_ara.X...");
+#else
+			crypt(k1, "eek");
+#endif
+		}
+
+	if (getrusage(0, &now) < 0) {
+		perror("getrusage");
+		exit(1);
+	}
+	msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000
+	      + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000;
+	printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs);
+	exit(0);
+}