xcrypt 0.1.0

data/ext/libxcrypt/lib/crypt-gensalt-static.c

@@ -0,0 +1,40 @@
+/* Copyright (C) 2007-2017 Thorsten Kukuk
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License
+   as published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include "crypt-port.h"
+
+/* The functions that use global state objects are isolated in their
+   own files so that a statically-linked program that doesn't use them
+   will not have the state objects in its data segment.  */
+
+#if INCLUDE_crypt_gensalt
+char *
+crypt_gensalt (const char *prefix, unsigned long count,
+               const char *rbytes, int nrbytes)
+{
+  static char output[CRYPT_GENSALT_OUTPUT_SIZE];
+
+  return crypt_gensalt_rn (prefix, count,
+                           rbytes, nrbytes, output, sizeof (output));
+}
+SYMVER_crypt_gensalt;
+#endif
+
+/* For code compatibility with older versions (v3.1.1 and earlier).  */
+#if INCLUDE_crypt_gensalt && INCLUDE_xcrypt_gensalt
+strong_alias (crypt_gensalt, xcrypt_gensalt);
+SYMVER_xcrypt_gensalt;
+#endif

data/ext/libxcrypt/lib/crypt-gost-yescrypt.c

@@ -0,0 +1,182 @@
+/* Copyright (C) 2018 vt@altlinux.org
+ * Copyright (C) 2018 Björn Esser besser82@fedoraproject.org
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "crypt-port.h"
+
+#if INCLUDE_gost_yescrypt
+
+#define YESCRYPT_INTERNAL
+#include "alg-yescrypt.h"
+#undef YESCRYPT_INTERNAL
+
+#include "alg-gost3411-2012-hmac.h"
+
+#include <errno.h>
+
+/* upper level hmac for tests */
+#ifndef outer_gost_hmac256
+#define outer_gost_hmac256 gost_hmac256
+#endif
+
+/* For use in scratch space by crypt_gost_yescrypt_rn().  */
+typedef struct
+{
+  yescrypt_local_t local;
+  gost_hmac_256_t gostbuf;
+  uint8_t outbuf[CRYPT_OUTPUT_SIZE];
+  uint8_t gsetting[CRYPT_OUTPUT_SIZE];
+  uint8_t hk[32], interm[32], y[32];
+  uint8_t *retval;
+} crypt_gost_yescrypt_internal_t;
+
+static_assert (sizeof (crypt_gost_yescrypt_internal_t) <= ALG_SPECIFIC_SIZE,
+               "ALG_SPECIFIC_SIZE is too small for GOST-YESCRYPT.");
+
+/*
+ * As OUTPUT is initialized with a failure token before gensalt_yescrypt_rn
+ * is called, in case of an error we could just set an appropriate errno
+ * and return.
+ */
+void
+gensalt_gost_yescrypt_rn (unsigned long count,
+                          const uint8_t *rbytes, size_t nrbytes,
+                          uint8_t *output, size_t o_size)
+{
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
+  if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 ||
+      CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1)
+    {
+      errno = ERANGE;
+      return;
+    }
+
+  /* We pass 'o_size - 1' to gensalt, because we need to shift
+           the prefix by 1 char to insert the gost marker.  */
+  gensalt_yescrypt_rn (count, rbytes, nrbytes, output, o_size - 1);
+
+  /* Check for failures.  */
+  if (output[0] == '*')
+    return;
+
+  /* Shift output one byte further.  */
+  memmove (output + 1, output, strlen ((const char *) output) + 1);
+
+  /* Insert the gost marker.  */
+  output[1] = 'g';
+}
+
+void
+crypt_gost_yescrypt_rn (const char *phrase, size_t phr_size,
+                        const char *setting, size_t set_size,
+                        uint8_t *output, size_t o_size,
+                        void *scratch, size_t s_size)
+{
+  if (o_size < set_size + 1 + 43 + 1 ||
+      CRYPT_OUTPUT_SIZE < set_size + 1 + 43 + 1 ||
+      s_size < sizeof (crypt_gost_yescrypt_internal_t))
+    {
+      errno = ERANGE;
+      return;
+    }
+
+  /* Fail when called with wrong prefix.  */
+  if (strncmp (setting, "$gy$", 4))
+    {
+      errno = EINVAL;
+      return;
+    }
+
+  crypt_gost_yescrypt_internal_t *intbuf = scratch;
+
+  if (yescrypt_init_local (&intbuf->local))
+    return;
+
+  /* convert gost setting to yescrypt setting */
+  intbuf->gsetting[0] = '$';
+  intbuf->gsetting[1] = 'y';
+  intbuf->gsetting[2] = '$';
+  strcpy_or_abort (&intbuf->gsetting[3], set_size - 3, setting + 4);
+
+  intbuf->retval = yescrypt_r (NULL, &intbuf->local,
+                               (const uint8_t *) phrase, phr_size,
+                               intbuf->gsetting, NULL,
+                               intbuf->outbuf + 1, o_size - 1);
+
+  if (!intbuf->retval)
+    errno = EINVAL;
+
+  if (yescrypt_free_local (&intbuf->local) || !intbuf->retval)
+    return;
+
+  intbuf->outbuf[0] = '$';
+  intbuf->outbuf[1] = 'g';
+
+  /* extract yescrypt output from "$y$param$salt$output" */
+  char *hptr = strchr ((const char *) intbuf->retval + 3, '$');
+  if (!hptr)
+    {
+      errno = EINVAL;
+      return;
+    }
+  hptr = strchr (hptr + 1, '$');
+  if (!hptr)
+    {
+      errno = EINVAL;
+      return;
+    }
+  hptr++; /* start of output */
+
+  /* decode yescrypt output into its raw 256-bit form */
+  size_t ylen = sizeof (intbuf->y);
+  if (!decode64 (intbuf->y, &ylen, (uint8_t *) hptr, strlen (hptr)) ||
+      ylen != sizeof (intbuf->y))
+    {
+      errno = EINVAL;
+      return;
+    }
+
+  /*
+   * HMAC_GOSTR3411_2012_256(
+   *   HMAC_GOSTR3411_2012_256(GOST2012_256(K), S),
+   *   yescrypt(K, S)
+   * )
+   * yescrypt output is used in place of message,
+   * thus, its crypto properties are superseded by GOST.
+   * Password is always hashed for inner hmac to avoid
+   * collisions between hashed and unhashed passwords.
+   */
+  gost_hash256 ((const uint8_t *) phrase, phr_size, intbuf->hk, &intbuf->gostbuf.ctx);
+  gost_hmac256 (intbuf->hk, sizeof (intbuf->hk),
+                (const uint8_t *) setting,
+                (size_t) ((uint8_t *) hptr - intbuf->retval),
+                intbuf->interm, &intbuf->gostbuf);
+  outer_gost_hmac256 (intbuf->interm, sizeof (intbuf->interm),
+                      intbuf->y, sizeof (intbuf->y), intbuf->y, &intbuf->gostbuf);
+
+  encode64 ((uint8_t *) hptr, o_size - (size_t) ((uint8_t *) hptr - intbuf->retval),
+            intbuf->y, sizeof (intbuf->y));
+
+  strcpy_or_abort (output, o_size, intbuf->outbuf);
+  return;
+}
+
+#endif /* INCLUDE_gost_yescrypt */

data/ext/libxcrypt/lib/crypt-md5.c

@@ -0,0 +1,232 @@
+/* One way encryption based on MD5 sum.
+   Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0.
+
+   Copyright (C) 1996-2017 Free Software Foundation, Inc.
+   Modified by Björn Esser <besser82 at fedoraproject.org> in 2020.
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License
+   as published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include "crypt-port.h"
+#include "alg-md5.h"
+
+#include <errno.h>
+
+#if INCLUDE_md5crypt
+
+/* Define our magic string to mark salt for MD5 "encryption"
+   replacement.  This is meant to be the same as for other MD5 based
+   encryption implementations.  */
+static const char md5_salt_prefix[] = "$1$";
+
+/* The maximum length of an MD5 salt string (just the actual salt, not
+   the entire prefix).  */
+#define SALT_LEN_MAX 8
+
+/* The length of an MD5-hashed password string, including the
+   terminating NUL character.  Prefix (including its NUL) + 8 bytes of
+   salt + separator + 22 bytes of hashed password.  */
+#define MD5_HASH_LENGTH \
+  (sizeof (md5_salt_prefix) + SALT_LEN_MAX + 1 + 22)
+
+static_assert (MD5_HASH_LENGTH <= CRYPT_OUTPUT_SIZE,
+               "CRYPT_OUTPUT_SIZE is too small for MD5");
+
+/* An md5_buffer holds all of the sensitive intermediate data.  */
+struct md5_buffer
+{
+  MD5_CTX ctx;
+  uint8_t result[16];
+};
+
+static_assert (sizeof (struct md5_buffer) <= ALG_SPECIFIC_SIZE,
+               "ALG_SPECIFIC_SIZE is too small for MD5");
+
+
+/* This entry point is equivalent to the `crypt' function in Unix
+   libcs.  */
+void
+crypt_md5crypt_rn (const char *phrase, size_t phr_size,
+                   const char *setting, size_t ARG_UNUSED (set_size),
+                   uint8_t *output, size_t out_size,
+                   void *scratch, size_t scr_size)
+{
+  /* This shouldn't ever happen, but...  */
+  if (out_size < MD5_HASH_LENGTH || scr_size < sizeof (struct md5_buffer))
+    {
+      errno = ERANGE;
+      return;
+    }
+
+  struct md5_buffer *buf = scratch;
+  MD5_CTX *ctx = &buf->ctx;
+  uint8_t *result = buf->result;
+  char *cp = (char *)output;
+  const char *salt = setting;
+
+  size_t salt_size;
+  size_t cnt;
+
+  /* Find beginning of salt string.  The prefix should normally always
+     be present.  Just in case it is not.  */
+  if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0)
+    /* Skip salt prefix.  */
+    salt += sizeof (md5_salt_prefix) - 1;
+
+
+  /* The salt ends at the next '$' or the end of the string.
+     Ensure ':' does not appear in the salt (it is used as a separator in /etc/passwd).
+     Also check for '\n', as in /etc/passwd the whole parameters of the user data must
+     be on a single line. */
+  salt_size = strcspn (salt, "$:\n");
+  if (!(salt[salt_size] == '$' || !salt[salt_size]))
+    {
+      errno = EINVAL;
+      return;
+    }
+
+  /* Ensure we do not use more salt than SALT_LEN_MAX. */
+  if (salt_size > SALT_LEN_MAX)
+    salt_size = SALT_LEN_MAX;
+
+  /* Compute alternate MD5 sum with input PHRASE, SALT, and PHRASE.  The
+     final result will be added to the first context.  */
+  MD5_Init (ctx);
+
+  /* Add phrase.  */
+  MD5_Update (ctx, phrase, phr_size);
+
+  /* Add salt.  */
+  MD5_Update (ctx, salt, salt_size);
+
+  /* Add phrase again.  */
+  MD5_Update (ctx, phrase, phr_size);
+
+  /* Now get result of this (16 bytes).  */
+  MD5_Final (result, ctx);
+
+  /* Prepare for the real work.  */
+  MD5_Init (ctx);
+
+  /* Add the phrase string.  */
+  MD5_Update (ctx, phrase, phr_size);
+
+  /* Because the SALT argument need not always have the salt prefix we
+     add it separately.  */
+  MD5_Update (ctx, md5_salt_prefix, sizeof (md5_salt_prefix) - 1);
+
+  /* The last part is the salt string.  This must be at most 8
+     characters and it ends at the first `$' character (for
+     compatibility with existing implementations).  */
+  MD5_Update (ctx, salt, salt_size);
+
+
+  /* Add for any character in the phrase one byte of the alternate sum.  */
+  for (cnt = phr_size; cnt > 16; cnt -= 16)
+    MD5_Update (ctx, result, 16);
+  MD5_Update (ctx, result, cnt);
+
+  /* For the following code we need a NUL byte.  */
+  *result = '\0';
+
+  /* The original implementation now does something weird: for every 1
+     bit in the phrase the first 0 is added to the buffer, for every 0
+     bit the first character of the phrase.  This does not seem to be
+     what was intended but we have to follow this to be compatible.  */
+  for (cnt = phr_size; cnt > 0; cnt >>= 1)
+    MD5_Update (ctx, (cnt & 1) != 0 ? (const char *) result : phrase, 1);
+
+  /* Create intermediate result.  */
+  MD5_Final (result, ctx);
+
+  /* Now comes another weirdness.  In fear of password crackers here
+     comes a quite long loop which just processes the output of the
+     previous round again.  We cannot ignore this here.  */
+  for (cnt = 0; cnt < 1000; ++cnt)
+    {
+      /* New context.  */
+      MD5_Init (ctx);
+
+      /* Add phrase or last result.  */
+      if ((cnt & 1) != 0)
+        MD5_Update (ctx, phrase, phr_size);
+      else
+        MD5_Update (ctx, result, 16);
+
+      /* Add salt for numbers not divisible by 3.  */
+      if (cnt % 3 != 0)
+        MD5_Update (ctx, salt, salt_size);
+
+      /* Add phrase for numbers not divisible by 7.  */
+      if (cnt % 7 != 0)
+        MD5_Update (ctx, phrase, phr_size);
+
+      /* Add phrase or last result.  */
+      if ((cnt & 1) != 0)
+        MD5_Update (ctx, result, 16);
+      else
+        MD5_Update (ctx, phrase, phr_size);
+
+      /* Create intermediate result.  */
+      MD5_Final (result, ctx);
+    }
+
+  /* Now we can construct the result string.  It consists of three
+     parts.  We already know that there is enough space at CP.  */
+  memcpy (cp, md5_salt_prefix, sizeof (md5_salt_prefix) - 1);
+  cp += sizeof (md5_salt_prefix) - 1;
+
+  memcpy (cp, salt, salt_size);
+  cp += salt_size;
+  *cp++ = '$';
+
+#define b64_from_24bit(B2, B1, B0, N)                   \
+  do {                                                  \
+    unsigned int w = ((((unsigned int)(B2)) << 16) |    \
+                      (((unsigned int)(B1)) << 8) |     \
+                      ((unsigned int)(B0)));            \
+    int n = (N);                                        \
+    while (n-- > 0)                                     \
+      {                                                 \
+        *cp++ = b64t[w & 0x3f];                         \
+        w >>= 6;                                        \
+      }                                                 \
+  } while (0)
+
+
+  b64_from_24bit (result[0], result[6], result[12], 4);
+  b64_from_24bit (result[1], result[7], result[13], 4);
+  b64_from_24bit (result[2], result[8], result[14], 4);
+  b64_from_24bit (result[3], result[9], result[15], 4);
+  b64_from_24bit (result[4], result[10], result[5], 4);
+  b64_from_24bit (0, 0, result[11], 2);
+
+  *cp = '\0';
+}
+
+void
+gensalt_md5crypt_rn (unsigned long count,
+                     const uint8_t *rbytes, size_t nrbytes,
+                     uint8_t *output, size_t output_size)
+{
+  if (count != 0)
+    {
+      errno = EINVAL;
+      return;
+    }
+  gensalt_sha_rn ("1", 8, 1000, 1000, 1000, 1000,
+                  rbytes, nrbytes, output, output_size);
+}
+
+#endif

data/ext/libxcrypt/lib/crypt-nthash.c

@@ -0,0 +1,134 @@
+/*-
+ * Copyright (c) 1998-1999 Whistle Communications, Inc.
+ * Copyright (c) 1998-1999 Archie Cobbs <archie@freebsd.org>
+ * Copyright (c) 2003 Michael Bretterklieber
+ * Copyright (c) 2017-2019 Björn Esser <besser82@fedoraproject.org>
+ * Copyright (c) 2017-2019 Zack Weinberg <zackw at panix.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "crypt-port.h"
+
+#if INCLUDE_nt
+
+#include "alg-md4.h"
+
+#include <errno.h>
+#include <stdlib.h>
+
+#define MD4_HASHLEN        16
+
+typedef struct
+{
+  MD4_CTX ctx;
+  uint8_t unipw[CRYPT_MAX_PASSPHRASE_SIZE * 2];
+  unsigned char hash[MD4_HASHLEN];
+} crypt_nt_internal_t;
+
+static_assert (sizeof (crypt_nt_internal_t) <= ALG_SPECIFIC_SIZE,
+               "ALG_SPECIFIC_SIZE is too small for NTHASH.");
+
+/*
+ * NT HASH = md4(str2unicode(phrase))
+ */
+
+void
+crypt_nt_rn (const char *phrase, size_t phr_size,
+             const char *setting, size_t ARG_UNUSED (set_size),
+             uint8_t *output, size_t out_size,
+             void *scratch, size_t scr_size)
+{
+  static const char *magic = "$3$";
+  static const uint8_t *hexconvtab = (const uint8_t*) "0123456789abcdef";
+
+  if ((out_size < strlen (magic) + MD4_HASHLEN * 2 + 1) ||
+      (scr_size < sizeof (crypt_nt_internal_t)))
+    {
+      errno = ERANGE;
+      return;
+    }
+
+  if (strncmp (setting, magic, strlen (magic)))
+    {
+      errno = EINVAL;
+      return;
+    }
+
+  crypt_nt_internal_t *intbuf = scratch;
+
+  /* Convert the input to UCS-2LE, blindly assuming that it was
+     IANA ISO_8859-1:1987 to begin with (i.e. 0x00 .. 0xFF
+     encode U+0000 .. U+FFFF; technically this is a superset
+     of the original ISO 8859.1).  Note that this does not
+     U+0000-terminate intbuf->unipw.  */
+  for (size_t i = 0; i < phr_size; i++)
+    {
+      intbuf->unipw[2*i    ] = (uint8_t)phrase[i];
+      intbuf->unipw[2*i + 1] = 0x00;
+    }
+
+  /* Compute MD4 of Unicode password.  */
+  MD4_Init (&intbuf->ctx);
+  MD4_Update (&intbuf->ctx, intbuf->unipw, phr_size * 2);
+  MD4_Final (intbuf->hash, &intbuf->ctx);
+
+  /* Write the computed hash to the output buffer.  */
+  output += strcpy_or_abort (output, out_size, magic);
+  *output++ = '$';
+  for (size_t i = 0; i < MD4_HASHLEN; i++)
+    {
+      *output++ = hexconvtab[intbuf->hash[i] >> 4];
+      *output++ = hexconvtab[intbuf->hash[i] & 0xf];
+    }
+  *output = '\0';
+}
+
+/* This function simply returns the magic string '$3$',
+   so it can be used as SETTING for the crypt function.  */
+void
+gensalt_nt_rn (unsigned long count,
+               ARG_UNUSED(const uint8_t *rbytes),
+               ARG_UNUSED(size_t nrbytes),
+               uint8_t *output,
+               size_t o_size)
+{
+  const char *prefix = "$3$";
+
+  /* Minimal O_SIZE to store the prefix.  */
+  if (o_size < strlen (prefix) + 1)
+    {
+      errno = ERANGE;
+      return;
+    }
+
+  if (count != 0)
+    {
+      errno = EINVAL;
+      return;
+    }
+
+  strcpy_or_abort (output, o_size, prefix);
+}
+
+#endif

data/ext/libxcrypt/lib/crypt-obsolete.h

@@ -0,0 +1,40 @@
+/* Prototypes for obsolete functions in libcrypt.
+
+   Copyright (C) 1991-2017 Free Software Foundation, Inc.
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License
+   as published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _CRYPT_OBSOLETE_H
+#define _CRYPT_OBSOLETE_H 1
+
+/* These API functions are obsolete and provided for binary backward
+   compatibility only.  New programs cannot be linked against them,
+   and we do not install this header, but we still need it to build the
+   library itself.  */
+
+/* Prepare to encrypt or decrypt data with DES, using KEY.  */
+extern void setkey (const char *key);
+
+extern void setkey_r (const char *key,
+                      struct crypt_data *restrict data);
+
+/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
+   block in place.  */
+extern void encrypt (char *block, int edflag);
+
+extern void encrypt_r (char *block, int edflag,
+                       struct crypt_data *restrict data);
+
+#endif /* crypt-obsolete.h */