Consolidate blowfish code.

Requested by tb@

6 files changed, 381 insertions, 639 deletions

diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 4ea8d0c2ad3..606dc617925 100644
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.176 2024/03/27 11:12:08 jsing Exp $
+# $OpenBSD: Makefile,v 1.177 2024/03/27 11:24:15 jsing Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -142,11 +142,7 @@ SRCS+= x_x509.c
 SRCS+= x_x509a.c
 
 # bf/
-SRCS+= bf_cfb64.c
-SRCS+= bf_ecb.c
-SRCS+= bf_enc.c
-SRCS+= bf_ofb64.c
-SRCS+= bf_skey.c
+SRCS+= blowfish.c
 
 # bio/
 SRCS+= b_dump.c
diff --git a/lib/libcrypto/bf/bf_cfb64.c b/lib/libcrypto/bf/bf_cfb64.c
deleted file mode 100644
index 87dccae2639..00000000000
--- a/lib/libcrypto/bf/bf_cfb64.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* $OpenBSD: bf_cfb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-
-#include "bf_local.h"
-
-/*
- * The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void
-BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-    const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
-{
-	BF_LONG v0, v1, t;
-	int n= *num;
-	long l = length;
-	BF_LONG ti[2];
-	unsigned char *iv, c, cc;
-
-	iv = (unsigned char *)ivec;
-	if (encrypt) {
-		while (l--) {
-			if (n == 0) {
-				n2l(iv, v0);
-				ti[0] = v0;
-				n2l(iv, v1);
-				ti[1] = v1;
-				BF_encrypt((BF_LONG *)ti, schedule);
-				iv = (unsigned char *)ivec;
-				t = ti[0];
-				l2n(t, iv);
-				t = ti[1];
-				l2n(t, iv);
-				iv = (unsigned char *)ivec;
-			}
-			c= *(in++)^iv[n];
-			*(out++) = c;
-			iv[n] = c;
-			n = (n + 1)&0x07;
-		}
-	} else {
-		while (l--) {
-			if (n == 0) {
-				n2l(iv, v0);
-				ti[0] = v0;
-				n2l(iv, v1);
-				ti[1] = v1;
-				BF_encrypt((BF_LONG *)ti, schedule);
-				iv = (unsigned char *)ivec;
-				t = ti[0];
-				l2n(t, iv);
-				t = ti[1];
-				l2n(t, iv);
-				iv = (unsigned char *)ivec;
-			}
-			cc= *(in++);
-			c = iv[n];
-			iv[n] = cc;
-			*(out++) = c^cc;
-			n = (n + 1)&0x07;
-		}
-	}
-	v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
-	*num = n;
-}
diff --git a/lib/libcrypto/bf/bf_ecb.c b/lib/libcrypto/bf/bf_ecb.c
deleted file mode 100644
index eda6f193b37..00000000000
--- a/lib/libcrypto/bf/bf_ecb.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* $OpenBSD: bf_ecb.c,v 1.10 2023/07/28 10:35:14 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include <openssl/opensslv.h>
-
-#include "bf_local.h"
-
-/*
- * Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-void
-BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-    const BF_KEY *key, int encrypt)
-{
-	BF_LONG l, d[2];
-
-	n2l(in, l);
-	d[0] = l;
-	n2l(in, l);
-	d[1] = l;
-	if (encrypt)
-		BF_encrypt(d, key);
-	else
-		BF_decrypt(d, key);
-	l = d[0];
-	l2n(l, out);
-	l = d[1];
-	l2n(l, out);
-	l = d[0] = d[1] = 0;
-}
diff --git a/lib/libcrypto/bf/bf_enc.c b/lib/libcrypto/bf/bf_enc.c
deleted file mode 100644
index bbefe7d526c..00000000000
--- a/lib/libcrypto/bf/bf_enc.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/* $OpenBSD: bf_enc.c,v 1.9 2022/11/26 16:08:51 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-
-#include "bf_local.h"
-
-/*
- * Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
-to modify the code.
-#endif
-
-void
-BF_encrypt(BF_LONG *data, const BF_KEY *key)
-{
-#ifndef BF_PTR2
-	BF_LONG l, r;
-	const BF_LONG *p, *s;
-
-	p = key->P;
-	s = &(key->S[0]);
-	l = data[0];
-	r = data[1];
-
-	l ^= p[0];
-	BF_ENC(r, l,s, p[1]);
-	BF_ENC(l, r,s, p[2]);
-	BF_ENC(r, l,s, p[3]);
-	BF_ENC(l, r,s, p[4]);
-	BF_ENC(r, l,s, p[5]);
-	BF_ENC(l, r,s, p[6]);
-	BF_ENC(r, l,s, p[7]);
-	BF_ENC(l, r,s, p[8]);
-	BF_ENC(r, l,s, p[9]);
-	BF_ENC(l, r,s, p[10]);
-	BF_ENC(r, l,s, p[11]);
-	BF_ENC(l, r,s, p[12]);
-	BF_ENC(r, l,s, p[13]);
-	BF_ENC(l, r,s, p[14]);
-	BF_ENC(r, l,s, p[15]);
-	BF_ENC(l, r,s, p[16]);
-#if BF_ROUNDS == 20
-	BF_ENC(r, l,s, p[17]);
-	BF_ENC(l, r,s, p[18]);
-	BF_ENC(r, l,s, p[19]);
-	BF_ENC(l, r,s, p[20]);
-#endif
-	r ^= p[BF_ROUNDS + 1];
-
-	data[1] = l&0xffffffffL;
-	data[0] = r&0xffffffffL;
-#else
-	BF_LONG l, r,t, *k;
-
-	l = data[0];
-	r = data[1];
-	k = (BF_LONG*)key;
-
-	l ^= k[0];
-	BF_ENC(r, l, k, 1);
-	BF_ENC(l, r, k, 2);
-	BF_ENC(r, l, k, 3);
-	BF_ENC(l, r, k, 4);
-	BF_ENC(r, l, k, 5);
-	BF_ENC(l, r, k, 6);
-	BF_ENC(r, l, k, 7);
-	BF_ENC(l, r, k, 8);
-	BF_ENC(r, l, k, 9);
-	BF_ENC(l, r,k, 10);
-	BF_ENC(r, l,k, 11);
-	BF_ENC(l, r,k, 12);
-	BF_ENC(r, l,k, 13);
-	BF_ENC(l, r,k, 14);
-	BF_ENC(r, l,k, 15);
-	BF_ENC(l, r,k, 16);
-#if BF_ROUNDS == 20
-	BF_ENC(r, l,k, 17);
-	BF_ENC(l, r,k, 18);
-	BF_ENC(r, l,k, 19);
-	BF_ENC(l, r,k, 20);
-#endif
-	r ^= k[BF_ROUNDS + 1];
-
-	data[1] = l&0xffffffffL;
-	data[0] = r&0xffffffffL;
-#endif
-}
-
-#ifndef BF_DEFAULT_OPTIONS
-
-void
-BF_decrypt(BF_LONG *data, const BF_KEY *key)
-{
-#ifndef BF_PTR2
-	BF_LONG l, r;
-	const BF_LONG *p, *s;
-
-	p = key->P;
-	s = &(key->S[0]);
-	l = data[0];
-	r = data[1];
-
-	l ^= p[BF_ROUNDS + 1];
-#if BF_ROUNDS == 20
-	BF_ENC(r, l,s, p[20]);
-	BF_ENC(l, r,s, p[19]);
-	BF_ENC(r, l,s, p[18]);
-	BF_ENC(l, r,s, p[17]);
-#endif
-	BF_ENC(r, l,s, p[16]);
-	BF_ENC(l, r,s, p[15]);
-	BF_ENC(r, l,s, p[14]);
-	BF_ENC(l, r,s, p[13]);
-	BF_ENC(r, l,s, p[12]);
-	BF_ENC(l, r,s, p[11]);
-	BF_ENC(r, l,s, p[10]);
-	BF_ENC(l, r,s, p[9]);
-	BF_ENC(r, l,s, p[8]);
-	BF_ENC(l, r,s, p[7]);
-	BF_ENC(r, l,s, p[6]);
-	BF_ENC(l, r,s, p[5]);
-	BF_ENC(r, l,s, p[4]);
-	BF_ENC(l, r,s, p[3]);
-	BF_ENC(r, l,s, p[2]);
-	BF_ENC(l, r,s, p[1]);
-	r ^= p[0];
-
-	data[1] = l&0xffffffffL;
-	data[0] = r&0xffffffffL;
-#else
-	BF_LONG l, r,t, *k;
-
-	l = data[0];
-	r = data[1];
-	k = (BF_LONG *)key;
-
-	l ^= k[BF_ROUNDS + 1];
-#if BF_ROUNDS == 20
-	BF_ENC(r, l,k, 20);
-	BF_ENC(l, r,k, 19);
-	BF_ENC(r, l,k, 18);
-	BF_ENC(l, r,k, 17);
-#endif
-	BF_ENC(r, l,k, 16);
-	BF_ENC(l, r,k, 15);
-	BF_ENC(r, l,k, 14);
-	BF_ENC(l, r,k, 13);
-	BF_ENC(r, l,k, 12);
-	BF_ENC(l, r,k, 11);
-	BF_ENC(r, l,k, 10);
-	BF_ENC(l, r, k, 9);
-	BF_ENC(r, l, k, 8);
-	BF_ENC(l, r, k, 7);
-	BF_ENC(r, l, k, 6);
-	BF_ENC(l, r, k, 5);
-	BF_ENC(r, l, k, 4);
-	BF_ENC(l, r, k, 3);
-	BF_ENC(r, l, k, 2);
-	BF_ENC(l, r, k, 1);
-	r ^= k[0];
-
-	data[1] = l&0xffffffffL;
-	data[0] = r&0xffffffffL;
-#endif
-}
-
-void
-BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-{
-	BF_LONG tin0, tin1;
-	BF_LONG tout0, tout1, xor0, xor1;
-	long l = length;
-	BF_LONG tin[2];
-
-	if (encrypt) {
-		n2l(ivec, tout0);
-		n2l(ivec, tout1);
-		ivec -= 8;
-		for (l -= 8; l >= 0; l -= 8) {
-			n2l(in, tin0);
-			n2l(in, tin1);
-			tin0 ^= tout0;
-			tin1 ^= tout1;
-			tin[0] = tin0;
-			tin[1] = tin1;
-			BF_encrypt(tin, schedule);
-			tout0 = tin[0];
-			tout1 = tin[1];
-			l2n(tout0, out);
-			l2n(tout1, out);
-		}
-		if (l != -8) {
-			n2ln(in, tin0, tin1, l + 8);
-			tin0 ^= tout0;
-			tin1 ^= tout1;
-			tin[0] = tin0;
-			tin[1] = tin1;
-			BF_encrypt(tin, schedule);
-			tout0 = tin[0];
-			tout1 = tin[1];
-			l2n(tout0, out);
-			l2n(tout1, out);
-		}
-		l2n(tout0, ivec);
-		l2n(tout1, ivec);
-	} else {
-		n2l(ivec, xor0);
-		n2l(ivec, xor1);
-		ivec -= 8;
-		for (l -= 8; l >= 0; l -= 8) {
-			n2l(in, tin0);
-			n2l(in, tin1);
-			tin[0] = tin0;
-			tin[1] = tin1;
-			BF_decrypt(tin, schedule);
-			tout0 = tin[0]^xor0;
-			tout1 = tin[1]^xor1;
-			l2n(tout0, out);
-			l2n(tout1, out);
-			xor0 = tin0;
-			xor1 = tin1;
-		}
-		if (l != -8) {
-			n2l(in, tin0);
-			n2l(in, tin1);
-			tin[0] = tin0;
-			tin[1] = tin1;
-			BF_decrypt(tin, schedule);
-			tout0 = tin[0]^xor0;
-			tout1 = tin[1]^xor1;
-			l2nn(tout0, tout1, out, l + 8);
-			xor0 = tin0;
-			xor1 = tin1;
-		}
-		l2n(xor0, ivec);
-		l2n(xor1, ivec);
-	}
-	tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
-	tin[0] = tin[1] = 0;
-}
-
-#endif
diff --git a/lib/libcrypto/bf/bf_ofb64.c b/lib/libcrypto/bf/bf_ofb64.c
deleted file mode 100644
index 8fe24782634..00000000000
--- a/lib/libcrypto/bf/bf_ofb64.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* $OpenBSD: bf_ofb64.c,v 1.8 2022/11/26 16:08:51 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-
-#include "bf_local.h"
-
-/*
- * The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void
-BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-    const BF_KEY *schedule, unsigned char *ivec, int *num)
-{
-	BF_LONG v0, v1, t;
-	int n= *num;
-	long l = length;
-	unsigned char d[8];
-	char *dp;
-	BF_LONG ti[2];
-	unsigned char *iv;
-	int save = 0;
-
-	iv = (unsigned char *)ivec;
-	n2l(iv, v0);
-	n2l(iv, v1);
-	ti[0] = v0;
-	ti[1] = v1;
-	dp = (char *)d;
-	l2n(v0, dp);
-	l2n(v1, dp);
-	while (l--) {
-		if (n == 0) {
-			BF_encrypt((BF_LONG *)ti, schedule);
-			dp = (char *)d;
-			t = ti[0];
-			l2n(t, dp);
-			t = ti[1];
-			l2n(t, dp);
-			save++;
-		}
-		*(out++)= *(in++)^d[n];
-		n = (n + 1)&0x07;
-	}
-	if (save) {
-		v0 = ti[0];
-		v1 = ti[1];
-		iv = (unsigned char *)ivec;
-		l2n(v0, iv);
-		l2n(v1, iv);
-	}
-	t = v0 = v1 = ti[0] = ti[1] = 0;
-	*num = n;
-}
diff --git a/lib/libcrypto/bf/bf_skey.c b/lib/libcrypto/bf/blowfish.c
index cc31034f182..4fa8a563f16 100644
--- a/lib/libcrypto/bf/bf_skey.c
+++ b/lib/libcrypto/bf/blowfish.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_skey.c,v 1.17 2022/11/26 16:08:51 tb Exp $ */
+/* $OpenBSD: blowfish.c,v 1.1 2024/03/27 11:24:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,14 +56,23 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
 #include <openssl/blowfish.h>
 
+#include <string.h>
+
 #include "bf_local.h"
 
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
 static const BF_KEY bf_init = {
 	.P = {
 		0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
@@ -333,6 +342,370 @@ static const BF_KEY bf_init = {
 };
 
 void
+BF_encrypt(BF_LONG *data, const BF_KEY *key)
+{
+#ifndef BF_PTR2
+	BF_LONG l, r;
+	const BF_LONG *p, *s;
+
+	p = key->P;
+	s = &(key->S[0]);
+	l = data[0];
+	r = data[1];
+
+	l ^= p[0];
+	BF_ENC(r, l,s, p[1]);
+	BF_ENC(l, r,s, p[2]);
+	BF_ENC(r, l,s, p[3]);
+	BF_ENC(l, r,s, p[4]);
+	BF_ENC(r, l,s, p[5]);
+	BF_ENC(l, r,s, p[6]);
+	BF_ENC(r, l,s, p[7]);
+	BF_ENC(l, r,s, p[8]);
+	BF_ENC(r, l,s, p[9]);
+	BF_ENC(l, r,s, p[10]);
+	BF_ENC(r, l,s, p[11]);
+	BF_ENC(l, r,s, p[12]);
+	BF_ENC(r, l,s, p[13]);
+	BF_ENC(l, r,s, p[14]);
+	BF_ENC(r, l,s, p[15]);
+	BF_ENC(l, r,s, p[16]);
+#if BF_ROUNDS == 20
+	BF_ENC(r, l,s, p[17]);
+	BF_ENC(l, r,s, p[18]);
+	BF_ENC(r, l,s, p[19]);
+	BF_ENC(l, r,s, p[20]);
+#endif
+	r ^= p[BF_ROUNDS + 1];
+
+	data[1] = l&0xffffffffL;
+	data[0] = r&0xffffffffL;
+#else
+	BF_LONG l, r,t, *k;
+
+	l = data[0];
+	r = data[1];
+	k = (BF_LONG*)key;
+
+	l ^= k[0];
+	BF_ENC(r, l, k, 1);
+	BF_ENC(l, r, k, 2);
+	BF_ENC(r, l, k, 3);
+	BF_ENC(l, r, k, 4);
+	BF_ENC(r, l, k, 5);
+	BF_ENC(l, r, k, 6);
+	BF_ENC(r, l, k, 7);
+	BF_ENC(l, r, k, 8);
+	BF_ENC(r, l, k, 9);
+	BF_ENC(l, r,k, 10);
+	BF_ENC(r, l,k, 11);
+	BF_ENC(l, r,k, 12);
+	BF_ENC(r, l,k, 13);
+	BF_ENC(l, r,k, 14);
+	BF_ENC(r, l,k, 15);
+	BF_ENC(l, r,k, 16);
+#if BF_ROUNDS == 20
+	BF_ENC(r, l,k, 17);
+	BF_ENC(l, r,k, 18);
+	BF_ENC(r, l,k, 19);
+	BF_ENC(l, r,k, 20);
+#endif
+	r ^= k[BF_ROUNDS + 1];
+
+	data[1] = l&0xffffffffL;
+	data[0] = r&0xffffffffL;
+#endif
+}
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void
+BF_decrypt(BF_LONG *data, const BF_KEY *key)
+{
+#ifndef BF_PTR2
+	BF_LONG l, r;
+	const BF_LONG *p, *s;
+
+	p = key->P;
+	s = &(key->S[0]);
+	l = data[0];
+	r = data[1];
+
+	l ^= p[BF_ROUNDS + 1];
+#if BF_ROUNDS == 20
+	BF_ENC(r, l,s, p[20]);
+	BF_ENC(l, r,s, p[19]);
+	BF_ENC(r, l,s, p[18]);
+	BF_ENC(l, r,s, p[17]);
+#endif
+	BF_ENC(r, l,s, p[16]);
+	BF_ENC(l, r,s, p[15]);
+	BF_ENC(r, l,s, p[14]);
+	BF_ENC(l, r,s, p[13]);
+	BF_ENC(r, l,s, p[12]);
+	BF_ENC(l, r,s, p[11]);
+	BF_ENC(r, l,s, p[10]);
+	BF_ENC(l, r,s, p[9]);
+	BF_ENC(r, l,s, p[8]);
+	BF_ENC(l, r,s, p[7]);
+	BF_ENC(r, l,s, p[6]);
+	BF_ENC(l, r,s, p[5]);
+	BF_ENC(r, l,s, p[4]);
+	BF_ENC(l, r,s, p[3]);
+	BF_ENC(r, l,s, p[2]);
+	BF_ENC(l, r,s, p[1]);
+	r ^= p[0];
+
+	data[1] = l&0xffffffffL;
+	data[0] = r&0xffffffffL;
+#else
+	BF_LONG l, r,t, *k;
+
+	l = data[0];
+	r = data[1];
+	k = (BF_LONG *)key;
+
+	l ^= k[BF_ROUNDS + 1];
+#if BF_ROUNDS == 20
+	BF_ENC(r, l,k, 20);
+	BF_ENC(l, r,k, 19);
+	BF_ENC(r, l,k, 18);
+	BF_ENC(l, r,k, 17);
+#endif
+	BF_ENC(r, l,k, 16);
+	BF_ENC(l, r,k, 15);
+	BF_ENC(r, l,k, 14);
+	BF_ENC(l, r,k, 13);
+	BF_ENC(r, l,k, 12);
+	BF_ENC(l, r,k, 11);
+	BF_ENC(r, l,k, 10);
+	BF_ENC(l, r, k, 9);
+	BF_ENC(r, l, k, 8);
+	BF_ENC(l, r, k, 7);
+	BF_ENC(r, l, k, 6);
+	BF_ENC(l, r, k, 5);
+	BF_ENC(r, l, k, 4);
+	BF_ENC(l, r, k, 3);
+	BF_ENC(r, l, k, 2);
+	BF_ENC(l, r, k, 1);
+	r ^= k[0];
+
+	data[1] = l&0xffffffffL;
+	data[0] = r&0xffffffffL;
+#endif
+}
+
+void
+BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+	BF_LONG tin0, tin1;
+	BF_LONG tout0, tout1, xor0, xor1;
+	long l = length;
+	BF_LONG tin[2];
+
+	if (encrypt) {
+		n2l(ivec, tout0);
+		n2l(ivec, tout1);
+		ivec -= 8;
+		for (l -= 8; l >= 0; l -= 8) {
+			n2l(in, tin0);
+			n2l(in, tin1);
+			tin0 ^= tout0;
+			tin1 ^= tout1;
+			tin[0] = tin0;
+			tin[1] = tin1;
+			BF_encrypt(tin, schedule);
+			tout0 = tin[0];
+			tout1 = tin[1];
+			l2n(tout0, out);
+			l2n(tout1, out);
+		}
+		if (l != -8) {
+			n2ln(in, tin0, tin1, l + 8);
+			tin0 ^= tout0;
+			tin1 ^= tout1;
+			tin[0] = tin0;
+			tin[1] = tin1;
+			BF_encrypt(tin, schedule);
+			tout0 = tin[0];
+			tout1 = tin[1];
+			l2n(tout0, out);
+			l2n(tout1, out);
+		}
+		l2n(tout0, ivec);
+		l2n(tout1, ivec);
+	} else {
+		n2l(ivec, xor0);
+		n2l(ivec, xor1);
+		ivec -= 8;
+		for (l -= 8; l >= 0; l -= 8) {
+			n2l(in, tin0);
+			n2l(in, tin1);
+			tin[0] = tin0;
+			tin[1] = tin1;
+			BF_decrypt(tin, schedule);
+			tout0 = tin[0]^xor0;
+			tout1 = tin[1]^xor1;
+			l2n(tout0, out);
+			l2n(tout1, out);
+			xor0 = tin0;
+			xor1 = tin1;
+		}
+		if (l != -8) {
+			n2l(in, tin0);
+			n2l(in, tin1);
+			tin[0] = tin0;
+			tin[1] = tin1;
+			BF_decrypt(tin, schedule);
+			tout0 = tin[0]^xor0;
+			tout1 = tin[1]^xor1;
+			l2nn(tout0, tout1, out, l + 8);
+			xor0 = tin0;
+			xor1 = tin1;
+		}
+		l2n(xor0, ivec);
+		l2n(xor1, ivec);
+	}
+	tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+	tin[0] = tin[1] = 0;
+}
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void
+BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+    const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+{
+	BF_LONG v0, v1, t;
+	int n= *num;
+	long l = length;
+	BF_LONG ti[2];
+	unsigned char *iv, c, cc;
+
+	iv = (unsigned char *)ivec;
+	if (encrypt) {
+		while (l--) {
+			if (n == 0) {
+				n2l(iv, v0);
+				ti[0] = v0;
+				n2l(iv, v1);
+				ti[1] = v1;
+				BF_encrypt((BF_LONG *)ti, schedule);
+				iv = (unsigned char *)ivec;
+				t = ti[0];
+				l2n(t, iv);
+				t = ti[1];
+				l2n(t, iv);
+				iv = (unsigned char *)ivec;
+			}
+			c= *(in++)^iv[n];
+			*(out++) = c;
+			iv[n] = c;
+			n = (n + 1)&0x07;
+		}
+	} else {
+		while (l--) {
+			if (n == 0) {
+				n2l(iv, v0);
+				ti[0] = v0;
+				n2l(iv, v1);
+				ti[1] = v1;
+				BF_encrypt((BF_LONG *)ti, schedule);
+				iv = (unsigned char *)ivec;
+				t = ti[0];
+				l2n(t, iv);
+				t = ti[1];
+				l2n(t, iv);
+				iv = (unsigned char *)ivec;
+			}
+			cc= *(in++);
+			c = iv[n];
+			iv[n] = cc;
+			*(out++) = c^cc;
+			n = (n + 1)&0x07;
+		}
+	}
+	v0 = v1 = ti[0] = ti[1] = t=c = cc = 0;
+	*num = n;
+}
+
+void
+BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+    const BF_KEY *key, int encrypt)
+{
+	BF_LONG l, d[2];
+
+	n2l(in, l);
+	d[0] = l;
+	n2l(in, l);
+	d[1] = l;
+	if (encrypt)
+		BF_encrypt(d, key);
+	else
+		BF_decrypt(d, key);
+	l = d[0];
+	l2n(l, out);
+	l = d[1];
+	l2n(l, out);
+	l = d[0] = d[1] = 0;
+}
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void
+BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+    const BF_KEY *schedule, unsigned char *ivec, int *num)
+{
+	BF_LONG v0, v1, t;
+	int n= *num;
+	long l = length;
+	unsigned char d[8];
+	char *dp;
+	BF_LONG ti[2];
+	unsigned char *iv;
+	int save = 0;
+
+	iv = (unsigned char *)ivec;
+	n2l(iv, v0);
+	n2l(iv, v1);
+	ti[0] = v0;
+	ti[1] = v1;
+	dp = (char *)d;
+	l2n(v0, dp);
+	l2n(v1, dp);
+	while (l--) {
+		if (n == 0) {
+			BF_encrypt((BF_LONG *)ti, schedule);
+			dp = (char *)d;
+			t = ti[0];
+			l2n(t, dp);
+			t = ti[1];
+			l2n(t, dp);
+			save++;
+		}
+		*(out++)= *(in++)^d[n];
+		n = (n + 1)&0x07;
+	}
+	if (save) {
+		v0 = ti[0];
+		v1 = ti[1];
+		iv = (unsigned char *)ivec;
+		l2n(v0, iv);
+		l2n(v1, iv);
+	}
+	t = v0 = v1 = ti[0] = ti[1] = 0;
+	*num = n;
+}
+
+void
 BF_set_key(BF_KEY *key, int len, const unsigned char *data)
 {
 	int i;
@@ -385,3 +758,4 @@ BF_set_key(BF_KEY *key, int len, const unsigned char *data)
 		p[i + 1] = in[1];
 	}
 }
+#endif