xcrypt 0.1.0

data/ext/libxcrypt/lib/crypt.h.in

@@ -0,0 +1,249 @@
+/* High-level libcrypt interfaces.
+
+   Copyright (C) 1991-2017 Free Software Foundation, Inc.
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License
+   as published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _CRYPT_H
+#define _CRYPT_H 1
+
+@BEGIN_DECLS@
+
+/* The strings returned by crypt, crypt_r, crypt_rn, and crypt_ra will
+   be no longer than this, counting the terminating NUL.  (Existing
+   algorithms all produce much shorter strings, but we have reserved
+   generous space for future expansion.)  This is NOT the appropriate
+   size to use in allocating the buffer supplied to crypt_rn; use
+   sizeof (struct crypt_data) instead.  */
+#define CRYPT_OUTPUT_SIZE 384
+
+/* Passphrases longer than this (counting the terminating NUL) are not
+   supported.  Note that some hash algorithms have lower limits.  */
+#define CRYPT_MAX_PASSPHRASE_SIZE 512
+
+/* The strings returned by crypt_gensalt, crypt_gensalt_rn, and
+   crypt_gensalt_ra will be no longer than this.  This IS the
+   appropriate size to use when allocating the buffer supplied to
+   crypt_gensalt_rn.  (Again, existing algorithms all produce
+   much shorter strings, but we have reserved generous space for
+   future expansion.)  */
+#define CRYPT_GENSALT_OUTPUT_SIZE 192
+
+/* One-way hash the passphrase PHRASE as specified by SETTING, and
+   return a string suitable for storage in a Unix-style "passwd" file.
+
+   If SETTING is a previously hashed passphrase, the string returned
+   will be equal to SETTING if and only if PHRASE is the same as the
+   passphrase that was previously hashed.  See the documentation for
+   other ways to use this function.
+
+   The string returned by this function is stored in a statically-
+   allocated buffer, and will be overwritten if the function is called
+   again.  It is not safe to call this function from multiple threads
+   concurrently.
+
+   If an error occurs (such as SETTING being nonsense or unsupported)
+   the string returned will begin with '*', and will not be equal to
+   SETTING nor to any valid hashed passphrase.  Otherwise, the string
+   will not begin with '*'.  */
+extern char *crypt (const char *__phrase, const char *__setting)
+__THROW;
+
+/* These sizes are chosen to make sizeof (struct crypt_data) add up to
+   exactly 32768 bytes.  */
+#define CRYPT_DATA_RESERVED_SIZE 767
+#define CRYPT_DATA_INTERNAL_SIZE 30720
+
+/* Memory area used by crypt_r.  */
+struct crypt_data
+{
+  /* crypt_r writes the hashed password to this field of its 'data'
+     argument.  crypt_rn and crypt_ra do the same, treating the
+     untyped data area they are supplied with as this struct.  */
+  char output[CRYPT_OUTPUT_SIZE];
+
+  /* Applications are encouraged, but not required, to use this field
+     to store the "setting" string that must be passed to crypt_*.
+     Future extensions to the API may make this more ergonomic.
+
+     A valid "setting" is either previously hashed password or the
+     string produced by one of the crypt_gensalt functions; see the
+     crypt_gensalt documentation for further details.  */
+  char setting[CRYPT_OUTPUT_SIZE];
+
+  /* Applications are encouraged, but not required, to use this field
+     to store the unhashed passphrase they will pass to crypt_*.
+     Future extensions to the API may make this more ergonomic.  */
+  char input[CRYPT_MAX_PASSPHRASE_SIZE];
+
+  /* Reserved for future application-visible fields.  For maximum
+     forward compatibility, applications should set this field to all
+     bytes zero before calling crypt_r, crypt_rn, or crypt_ra for the
+     first time with a just-allocated 'struct crypt_data'.  Future
+     extensions to the API may make this more ergonomic.  */
+  char reserved[CRYPT_DATA_RESERVED_SIZE];
+
+  /* This field should be set to 0 before calling crypt_r, crypt_rn,
+     or crypt_ra for the first time with a just-allocated
+     'struct crypt_data'.  This is not required if crypt_ra is allowed
+     to do the allocation itself (i.e. if the *DATA argument is a null
+     pointer).  Future extensions to the API may make this more ergonomic.  */
+  char initialized;
+
+  /* Scratch space used internally.  Applications should not read or
+     write this field.  All data written to this area is erased before
+     returning from the library.  */
+  char internal[CRYPT_DATA_INTERNAL_SIZE];
+};
+
+/* Thread-safe version of crypt.  Instead of writing to a static
+   storage area, the string returned by this function will be within
+   DATA->output.  Otherwise, behaves exactly the same as crypt.  */
+extern char *crypt_r (const char *__phrase, const char *__setting,
+                      struct crypt_data *__restrict __data)
+__THROW;
+
+/* Another thread-safe version of crypt.  Instead of writing to a
+   static storage area, the string returned by this function will be
+   somewhere within the space provided at DATA, which is of length SIZE
+   bytes.  SIZE must be at least sizeof (struct crypt_data).
+
+   Also, if an error occurs, this function returns a null pointer,
+   not a special string.  (However, the string returned on success
+   still will never begin with '*'.)  */
+extern char *crypt_rn (const char *__phrase, const char *__setting,
+                       void *__data, int __size)
+__THROW;
+
+/* Yet a third thread-safe version of crypt; this one works like
+   getline(3).  *DATA must be either 0 or a pointer to memory
+   allocated by malloc, and *SIZE must be the size of the allocation.
+   This space will be allocated or reallocated as necessary and the
+   values updated.  The string returned by this function will be
+   somewhere within the space at *DATA.  It is safe to deallocate
+   this space with free when it is no longer needed.
+
+   Like crypt_rn, this function returns a null pointer on failure, not
+   a special string.  */
+extern char *crypt_ra (const char *__phrase, const char *__setting,
+                       void **__data, int *__size)
+__THROW;
+
+
+/* Generate a string suitable for use as the setting when hashing a
+   new passphrase.  PREFIX controls which hash function will be used,
+   COUNT controls the computational cost of the hash (for functions
+   where this is tunable), and RBYTES should point to NRBYTES bytes of
+   random data.  If PREFIX is a null pointer, the current best default
+   is used; if RBYTES is a null pointer, random data will be retrieved
+   from the operating system if possible.  (Caution: setting PREFIX to
+   an *empty string* selects the use of the oldest and least secure
+   hash in the library.  Don't do that.)
+
+   The string returned is stored in a statically-allocated buffer, and
+   will be overwritten if the function is called again.  It is not
+   safe to call this function from multiple threads concurrently.
+   However, within a single thread, it is safe to pass the string as
+   the SETTING argument to crypt without copying it first; the two
+   functions use separate buffers.
+
+   If an error occurs (e.g. a prefix that does not correspond to a
+   supported hash function, or an inadequate amount of random data),
+   this function returns a null pointer.  */
+extern char *crypt_gensalt (const char *__prefix, unsigned long __count,
+                            const char *__rbytes, int __nrbytes)
+__THROW;
+
+/* Thread-safe version of crypt_gensalt; instead of a
+   statically-allocated buffer, the generated setting string is
+   written to OUTPUT, which is OUTPUT_SIZE bytes long.  OUTPUT_SIZE
+   must be at least CRYPT_GENSALT_OUTPUT_SIZE (see above).
+
+   If an error occurs, this function returns a null pointer and writes
+   a string that does not correspond to any valid setting into OUTPUT.  */
+extern char *crypt_gensalt_rn (const char *__prefix, unsigned long __count,
+                               const char *__rbytes, int __nrbytes,
+                               char *__output, int __output_size)
+__THROW;
+
+/* Kept for code compatibility with libxcrypt (v3.1.1 and earlier).
+   We intentionally declare the function using a macro here, since
+   we actually want to link compiled applications against the
+   identical crypt_gensalt_rn function.  */
+#ifndef IN_LIBCRYPT  /* Defined when building libxcrypt. */
+# ifdef __REDIRECT_NTH
+extern char * __REDIRECT_NTH (crypt_gensalt_r, (const char *__prefix,
+                              unsigned long __count, const char *__rbytes,
+                              int __nrbytes, char *__output,
+                              int __output_size), crypt_gensalt_rn);
+# else
+#  define crypt_gensalt_r crypt_gensalt_rn
+# endif
+#endif
+
+/* Another thread-safe version of crypt_gensalt; the generated setting
+   string is in storage allocated by malloc, and should be deallocated
+   with free when it is no longer needed.  */
+extern char *crypt_gensalt_ra (const char *__prefix, unsigned long __count,
+                               const char *__rbytes, int __nrbytes)
+__THROW;
+
+/* Checks whether the given setting is a supported method.
+
+   The return value is 0 if there is nothing wrong with this setting.
+   Otherwise, it is one of the following constants.  */
+extern int crypt_checksalt (const char *__setting);
+
+/* Constants for checking the return value of the
+   crypt_checksalt function.  */
+#define CRYPT_SALT_OK              0
+#define CRYPT_SALT_INVALID         1
+#define CRYPT_SALT_METHOD_DISABLED 2  /* NOT implemented, yet. */
+#define CRYPT_SALT_METHOD_LEGACY   3
+#define CRYPT_SALT_TOO_CHEAP       4  /* NOT implemented, yet. */
+
+/* Convenience function to get the prefix of the preferred hash method,
+   which is also used by the crypt_gensalt functions, if their given
+   prefix parameter is NULL.
+
+   The return value is string that equals the prefix of the preferred
+   hash method.  Otherwise, it is NULL.  */
+extern const char *crypt_preferred_method (void);
+
+/* These macros could be checked by portable users of crypt_gensalt*
+   functions to find out whether null pointers could be specified
+   as PREFIX and RBYTES arguments.  */
+#define CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX @DEFAULT_PREFIX_ENABLED@
+#define CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY   1
+
+/* These macros can be checked by portable users of libxcrypt
+   to find out whether the function is implemented.  */
+#define CRYPT_CHECKSALT_AVAILABLE 1
+#define CRYPT_PREFERRED_METHOD_AVAILABLE 1
+
+/* Version number split in single integers.  */
+#define XCRYPT_VERSION_MAJOR @XCRYPT_VERSION_MAJOR@
+#define XCRYPT_VERSION_MINOR @XCRYPT_VERSION_MINOR@
+
+/* Version number coded into an integer.  */
+#define XCRYPT_VERSION_NUM ((XCRYPT_VERSION_MAJOR << 16) | \
+                             XCRYPT_VERSION_MINOR)
+
+/* Version number as a string constant.  */
+#define XCRYPT_VERSION_STR "@XCRYPT_VERSION_STR@"
+
+@END_DECLS@
+
+#endif /* crypt.h */

data/ext/libxcrypt/lib/gen-des-tables.c

@@ -0,0 +1,363 @@
+/*
+ * FreeSec: libcrypt for NetBSD
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
+ *	this file should now *only* export crypt(), in order to make
+ *	binaries of libcrypt exportable from the USA
+ *
+ * Adapted for FreeBSD-4.0 by Mark R V Murray
+ *	this file should now *only* export crypt_des(), in order to make
+ *	a module that can be optionally included in libcrypt.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ */
+
+/*
+ * This program can regenerate the tables in alg-des-tables.c.
+ * It is preserved as documentation, but it should no longer be
+ * necessary to run it.
+ */
+
+#include "crypt-port.h"
+
+#include <inttypes.h>
+#include <stdio.h>
+
+static const uint8_t	IP[64] =
+{
+  58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+  62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+  57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+  61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+
+static uint8_t	inv_key_perm[64];
+static const uint8_t	key_perm[56] =
+{
+  57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+  10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+  63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+  14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+
+static uint8_t	inv_comp_perm[56];
+static const uint8_t	comp_perm[48] =
+{
+  14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+  23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+
+/*
+ *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+
+static uint8_t	u_sbox[8][64];
+static const uint8_t	sbox[8][64] =
+{
+  {
+    14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+    0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+    4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+    15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+  },
+  {
+    15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+    3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+    0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+    13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+  },
+  {
+    10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+    13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+    13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+    1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+  },
+  {
+    7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+    13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+    10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+    3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+  },
+  {
+    2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+    14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+    4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+    11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+  },
+  {
+    12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+    10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+    9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+    4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+  },
+  {
+    4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+    13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+    1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+    6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+  },
+  {
+    13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+    1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+    7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+    2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+  }
+};
+
+static uint8_t	un_pbox[32];
+static const uint8_t	pbox[32] =
+{
+  16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+  2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+
+static const uint32_t	*bits28, *bits24;
+static uint8_t		init_perm[64], final_perm[64];
+
+static const uint32_t	bits32[32] =
+{
+  0x80000000, 0x40000000, 0x20000000, 0x10000000,
+  0x08000000, 0x04000000, 0x02000000, 0x01000000,
+  0x00800000, 0x00400000, 0x00200000, 0x00100000,
+  0x00080000, 0x00040000, 0x00020000, 0x00010000,
+  0x00008000, 0x00004000, 0x00002000, 0x00001000,
+  0x00000800, 0x00000400, 0x00000200, 0x00000100,
+  0x00000080, 0x00000040, 0x00000020, 0x00000010,
+  0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+
+static const uint8_t bits8[8] =
+{ 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+
+static uint8_t m_sbox_[4][4096];
+static uint32_t	ip_maskl_[8][256], ip_maskr_[8][256];
+static uint32_t	fp_maskl_[8][256], fp_maskr_[8][256];
+static uint32_t	key_perm_maskl_[8][128], key_perm_maskr_[8][128];
+static uint32_t	comp_maskl_[8][128], comp_maskr_[8][128];
+static uint32_t	psbox_[4][256];
+
+static void
+des_init(void)
+{
+  int	i, j, b, k, inbit, obit;
+  uint32_t	*p, *il, *ir, *fl, *fr;
+
+  bits24 = (bits28 = bits32 + 4) + 4;
+
+  /*
+   * Invert the S-boxes, reordering the input bits.
+   */
+  for (i = 0; i < 8; i++)
+    for (j = 0; j < 64; j++)
+      {
+        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+        u_sbox[i][j] = sbox[i][b];
+      }
+
+  /*
+   * Convert the inverted S-boxes into 4 arrays of 8 bits.
+   * Each will handle 12 bits of the S-box input.
+   */
+  for (b = 0; b < 4; b++)
+    for (i = 0; i < 64; i++)
+      for (j = 0; j < 64; j++)
+        m_sbox_[b][(i << 6) | j] =
+          (uint8_t)((u_sbox[(b << 1)][i] << 4) |
+                    u_sbox[(b << 1) + 1][j]);
+
+  /*
+   * Set up the initial & final permutations into a useful form, and
+   * initialise the inverted key permutation.
+   */
+  for (i = 0; i < 64; i++)
+    {
+      final_perm[i] = (uint8_t)(IP[i] - 1);
+      init_perm[final_perm[i]] = (uint8_t)i;
+      inv_key_perm[i] = 255;
+    }
+
+  /*
+   * Invert the key permutation and initialise the inverted key
+   * compression permutation.
+   */
+  for (i = 0; i < 56; i++)
+    {
+      inv_key_perm[key_perm[i] - 1] = (uint8_t)i;
+      inv_comp_perm[i] = 255;
+    }
+
+  /*
+   * Invert the key compression permutation.
+   */
+  for (i = 0; i < 48; i++)
+    {
+      inv_comp_perm[comp_perm[i] - 1] = (uint8_t)i;
+    }
+
+  /*
+   * Set up the OR-mask arrays for the initial and final permutations,
+   * and for the key initial and compression permutations.
+   */
+  for (k = 0; k < 8; k++)
+    {
+      for (i = 0; i < 256; i++)
+        {
+          *(il = &ip_maskl_[k][i]) = 0L;
+          *(ir = &ip_maskr_[k][i]) = 0L;
+          *(fl = &fp_maskl_[k][i]) = 0L;
+          *(fr = &fp_maskr_[k][i]) = 0L;
+          for (j = 0; j < 8; j++)
+            {
+              inbit = 8 * k + j;
+              if (i & bits8[j])
+                {
+                  if ((obit = init_perm[inbit]) < 32)
+                    *il |= bits32[obit];
+                  else
+                    *ir |= bits32[obit-32];
+                  if ((obit = final_perm[inbit]) < 32)
+                    *fl |= bits32[obit];
+                  else
+                    *fr |= bits32[obit - 32];
+                }
+            }
+        }
+      for (i = 0; i < 128; i++)
+        {
+          *(il = &key_perm_maskl_[k][i]) = 0L;
+          *(ir = &key_perm_maskr_[k][i]) = 0L;
+          for (j = 0; j < 7; j++)
+            {
+              inbit = 8 * k + j;
+              if (i & bits8[j + 1])
+                {
+                  if ((obit = inv_key_perm[inbit]) == 255)
+                    continue;
+                  if (obit < 28)
+                    *il |= bits28[obit];
+                  else
+                    *ir |= bits28[obit - 28];
+                }
+            }
+          *(il = &comp_maskl_[k][i]) = 0L;
+          *(ir = &comp_maskr_[k][i]) = 0L;
+          for (j = 0; j < 7; j++)
+            {
+              inbit = 7 * k + j;
+              if (i & bits8[j + 1])
+                {
+                  if ((obit=inv_comp_perm[inbit]) == 255)
+                    continue;
+                  if (obit < 24)
+                    *il |= bits24[obit];
+                  else
+                    *ir |= bits24[obit - 24];
+                }
+            }
+        }
+    }
+
+  /*
+   * Invert the P-box permutation, and convert into OR-masks for
+   * handling the output of the S-box arrays setup above.
+   */
+  for (i = 0; i < 32; i++)
+    un_pbox[pbox[i] - 1] = (uint8_t)i;
+
+  for (b = 0; b < 4; b++)
+    for (i = 0; i < 256; i++)
+      {
+        *(p = &psbox_[b][i]) = 0L;
+        for (j = 0; j < 8; j++)
+          {
+            if (i & bits8[j])
+              *p |= bits32[un_pbox[8 * b + j]];
+          }
+      }
+}
+
+static void
+write_table_u8(size_t m, size_t n, const uint8_t *tbl, const char *name)
+{
+  printf("\nconst uint8_t %s[%zu][%zu] = {\n", name, m, n);
+  for (size_t i = 0; i < m; i++)
+    {
+      fputs("  {", stdout);
+      for (size_t j = 0; j < n; j++)
+        {
+          if (j % 12 == 0)
+            fputs("\n   ", stdout);
+          printf(" 0x%02x,", (unsigned int)tbl[i*n + j]);
+        }
+      puts("\n  },");
+    }
+  puts("};");
+}
+
+static void
+write_table_u32(size_t m, size_t n, const uint32_t *tbl, const char *name)
+{
+  printf("\nconst uint32_t %s[%zu][%zu] = {\n", name, m, n);
+  for (size_t i = 0; i < m; i++)
+    {
+      fputs("  {", stdout);
+      for (size_t j = 0; j < n; j++)
+        {
+          if (j % 6 == 0)
+            fputs("\n   ", stdout);
+          printf(" 0x%08"PRIx32",", tbl[i*n + j]);
+        }
+      puts("\n  },");
+    }
+  puts("};");
+}
+
+int
+main(void)
+{
+  des_init();
+
+  write_table_u8(4, 4096, &m_sbox_[0][0], "m_sbox");
+
+  write_table_u32(8, 256, &ip_maskl_[0][0], "ip_maskl");
+  write_table_u32(8, 256, &ip_maskr_[0][0], "ip_maskr");
+  write_table_u32(8, 256, &fp_maskl_[0][0], "fp_maskl");
+  write_table_u32(8, 256, &fp_maskr_[0][0], "fp_maskr");
+
+  write_table_u32(8, 128, &key_perm_maskl_[0][0], "key_perm_maskl");
+  write_table_u32(8, 128, &key_perm_maskr_[0][0], "key_perm_maskr");
+  write_table_u32(8, 128, &comp_maskl_[0][0], "comp_maskl");
+  write_table_u32(8, 128, &comp_maskr_[0][0], "comp_maskr");
+
+  write_table_u32(4, 256, &psbox_[0][0], "psbox");
+}

data/ext/libxcrypt/lib/hashes.conf

@@ -0,0 +1,59 @@
+# This file is read by expand-selected-hashes and gen-crypt-hashes-h.
+# It lists, for each supported hash algorithm, the name to be used to
+# enable or disable it at configure time, which is also part of the
+# name used for the 'crypt_fn' and 'gensalt_fn' entry points to the
+# relevant algorithm module; the prefix used to identify the algorithm
+# in hash strings; the number of bytes of random data that
+# crypt_gensalt should draw from the OS when its caller doesn't supply
+# any; and a comma-separated list of flags.
+#
+# The current set of possible flags is: STRONG means the hash is still
+# considered strong enough to use for newly hashed passwords; this is
+# the set of hashes that will be enabled when the library is
+# configured with --enable-hashes=strong.  DEFAULT means that this
+# hash may be used as the default for newly hashed passwords;
+# when crypt_gensalt is called with a null pointer for its prefix
+# argument, it will use the first hash in this file that was enabled
+# and has a DEFAULT flag.  Hashes that are not STRONG should never be
+# marked DEFAULT.  If you change the set of DEFAULT hashes you must also
+# update test-gensalt.c to match.
+#
+# ALT, FREEBSD, GLIBC, NETBSD, OPENBSD, OSX, OWL, SOLARIS, and SUSE
+# mean that the hash was historically supported by crypt() as provided
+# by that operating system / C library.  These are also recognized by
+# --enable-hashes as sets of hashes that can be enabled.
+#
+# Fields are separated by whitespace. Lines beginning with # are
+# ignored; # is not otherwise significant.  Multiple flags are
+# separated by commas.  A field whose contents are a single colon (:)
+# is actually understood as an empty string; colon is used for this
+# purpose because it cannot be part of a hash prefix or a C identifier.
+#
+# Because the first DEFAULT entry that's enabled is used for new
+# hashes when crypt_gensalt() is called with a null prefix, the list
+# should be kept in decreasing order of cryptographic strength overall
+# (this only *matters* for DEFAULT entries, but it's easier to keep
+# the whole list sorted that way).  Because of how crypt() checks
+# prefixes, the hashes that use an empty prefix (bigcrypt and
+# descrypt) must be last (conveniently, these are also the weakest
+# supported hashes).
+#
+#name          h_prefix  nrbytes  flags
+yescrypt       $y$       16       STRONG,DEFAULT,ALT,DEBIAN,FEDORA
+gost_yescrypt  $gy$      16       STRONG,ALT
+sm3_yescrypt   $sm3y$    16       STRONG,EULER,KYLIN
+scrypt         $7$       16       STRONG
+bcrypt         $2b$      16       STRONG,DEFAULT,ALT,FREEBSD,NETBSD,OPENBSD,OWL,SOLARIS,SUSE
+bcrypt_y       $2y$      16       STRONG,ALT,OWL,SUSE
+bcrypt_a       $2a$      16       STRONG,ALT,FREEBSD,NETBSD,OPENBSD,OWL,SOLARIS,SUSE
+bcrypt_x       $2x$      16       ALT,OWL,SUSE
+sm3crypt       $sm3$     16       EULER,KYLIN
+sha512crypt    $6$       15       STRONG,DEFAULT,GLIBC,FREEBSD,SOLARIS
+sha256crypt    $5$       15       GLIBC,FREEBSD,SOLARIS
+sha1crypt      $sha1     20       NETBSD
+sunmd5         $md5      8        SOLARIS
+md5crypt       $1$       9        GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS
+nt             $3$       1        FREEBSD
+bsdicrypt      _         3        FREEBSD,NETBSD,OPENBSD,OSX
+bigcrypt       :         2        :
+descrypt       :         2        GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS,OSX