From 3ba5d1cf2eb6ef28ac5f6d9f3d28020d00c5be50 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Mon, 30 Jul 2001 17:46:22 +0000
Subject: [PATCH] Make EVPs allocate context memory, thus making them
 extensible. Rationalise DES's keyschedules.

I know these two should be separate, and I'll back out the DES changes if they
are deemed to be an error.

Note that there is a memory leak lurking in SSL somewhere in this version.
---
 crypto/des/Makefile.ssl   |  43 ++++++------
 crypto/des/cbc_cksm.c     |   4 +-
 crypto/des/cfb64ede.c     |   5 +-
 crypto/des/cfb64enc.c     |   4 +-
 crypto/des/cfb_enc.c      |   2 +-
 crypto/des/des.h          |  88 ++++++++++++------------
 crypto/des/des_enc.c      |  21 +++---
 crypto/des/des_locl.h     |   4 +-
 crypto/des/destest.c      | 136 +++++++++++++++++++++-----------------
 crypto/des/ecb3_enc.c     |   3 +-
 crypto/des/ecb_enc.c      |   4 +-
 crypto/des/ede_cbcm_enc.c |   4 +-
 crypto/des/enc_read.c     |   2 +-
 crypto/des/enc_writ.c     |   2 +-
 crypto/des/fcrypt.c       |   8 +--
 crypto/des/fcrypt_b.c     |   4 +-
 crypto/des/ncbc_enc.c     |  12 ++--
 crypto/des/ofb64ede.c     |   7 +-
 crypto/des/ofb64enc.c     |   4 +-
 crypto/des/ofb_enc.c      |   3 +-
 crypto/des/pcbc_enc.c     |   3 +-
 crypto/des/rpc_enc.c      |   6 +-
 crypto/des/set_key.c      |  14 ++--
 crypto/des/str2key.c      |  16 ++---
 crypto/des/xcbc_enc.c     |   5 +-
 25 files changed, 216 insertions(+), 188 deletions(-)

diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl
index c13a802e68..6087e242cf 100644
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@@ -142,24 +142,24 @@ clean:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cbc_cksm.o: ../../include/openssl/opensslconf.h cbc_cksm.c des_locl.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
 cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cbc_enc.o: ../../include/openssl/opensslconf.h cbc_enc.c des_locl.h ncbc_enc.c
+cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
 cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cfb64ede.o: ../../include/openssl/opensslconf.h cfb64ede.c des_locl.h
+cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
 cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cfb64enc.o: ../../include/openssl/opensslconf.h cfb64enc.c des_locl.h
+cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
 cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-cfb_enc.o: ../../include/openssl/opensslconf.h cfb_enc.c des_locl.h
+cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-des_enc.o: ../../include/openssl/opensslconf.h des_enc.c des_locl.h ncbc_enc.c
+des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
 ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h ecb3_enc.c
+ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecb_enc.o: des_locl.h ecb_enc.c spr.h
+ecb_enc.o: des_locl.h spr.h
 ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h ede_cbcm_enc.c
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 enc_read.o: ../../e_os.h ../../include/openssl/bio.h
 enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 enc_read.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
@@ -167,7 +167,7 @@ enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 enc_read.o: ../../include/openssl/opensslconf.h
 enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-enc_read.o: ../cryptlib.h des_locl.h enc_read.c
+enc_read.o: ../cryptlib.h des_locl.h
 enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
 enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 enc_writ.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
@@ -176,30 +176,27 @@ enc_writ.o: ../../include/openssl/opensslconf.h
 enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
 enc_writ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 enc_writ.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h
-enc_writ.o: enc_writ.c
 fcrypt.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h fcrypt.c
+fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h
 fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h fcrypt_b.c
+fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
 ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h ofb64ede.c
+ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
 ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h ofb64enc.c
+ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
 ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h ofb_enc.c
+ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h pcbc_enc.c
+pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h qud_cksm.c
+qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
 rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
-rand_key.o: rand_key.c
 rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
-rpc_enc.o: rpc_enc.c
 set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-set_key.o: ../../include/openssl/opensslconf.h des_locl.h set_key.c
+set_key.o: ../../include/openssl/opensslconf.h des_locl.h
 str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-str2key.o: ../../include/openssl/opensslconf.h des_locl.h str2key.c
+str2key.o: ../../include/openssl/opensslconf.h des_locl.h
 xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h xcbc_enc.c
+xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
index b857df0985..69efc56b16 100644
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -59,8 +59,8 @@
 #include "des_locl.h"
 
 DES_LONG des_cbc_cksum(const unsigned char *in, des_cblock *output,
-		long length,
-		des_key_schedule schedule, const_des_cblock *ivec)
+		       long length, des_key_schedule *schedule,
+		       const_des_cblock *ivec)
 	{
 	register DES_LONG tout0,tout1,tin0,tin1;
 	register long l=length;
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index 5362a551bf..f9d13ef90a 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -64,8 +64,9 @@
  */
 
 void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3, des_cblock *ivec, int *num, int enc)
+			    long length, des_key_schedule *ks1,
+			    des_key_schedule *ks2, des_key_schedule *ks3,
+			    des_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 105530dfa3..6061fb2e11 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -64,8 +64,8 @@
  */
 
 void des_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, des_key_schedule schedule, des_cblock *ivec,
-	     int *num, int enc)
+		       long length, des_key_schedule *schedule,
+		       des_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
index ec4fd4ea67..4af6f7fbf8 100644
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -65,7 +65,7 @@
  * byte.
  */
 void des_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+		     long length, des_key_schedule *schedule, des_cblock *ivec, int enc)
 	{
 	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
diff --git a/crypto/des/des.h b/crypto/des/des.h
index 67ca1ff103..151f0abf76 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -84,16 +84,20 @@ typedef /* const */ unsigned char const_des_cblock[8];
 /* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
  * and const_des_cblock * are incompatible pointer types. */
 
-typedef struct des_ks_struct
+typedef struct des_ks
+    {
+    union
 	{
-	union	{
-		des_cblock cblock;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG deslong[2];
-		} ks;
-	int weak_key;
-	} des_key_schedule[16];
+	des_cblock cblock;
+	/* make sure things are correct size on machines with
+	 * 8 byte longs */
+	DES_LONG deslong[2];
+	} ks[16];
+#if OPENBSD_DEV_CRYPTO
+    struct session_op *session;
+    unsigned char key[8];
+#endif
+    } des_key_schedule;
 
 #define DES_KEY_SZ 	(sizeof(des_cblock))
 #define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
@@ -123,26 +127,26 @@ OPENSSL_DECLARE_GLOBAL(int,des_rw_mode);	/* defaults to DES_PCBC_MODE */
 
 const char *des_options(void);
 void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
-		      des_key_schedule ks1,des_key_schedule ks2,
-		      des_key_schedule ks3, int enc);
+		      des_key_schedule *ks1,des_key_schedule *ks2,
+		      des_key_schedule *ks3, int enc);
 DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
-		       long length,des_key_schedule schedule,
+		       long length,des_key_schedule *schedule,
 		       const_des_cblock *ivec);
 /* des_cbc_encrypt does not update the IV!  Use des_ncbc_encrypt instead. */
 void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
-		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     long length,des_key_schedule *schedule,des_cblock *ivec,
 		     int enc);
 void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      long length,des_key_schedule *schedule,des_cblock *ivec,
 		      int enc);
 void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      long length,des_key_schedule *schedule,des_cblock *ivec,
 		      const_des_cblock *inw,const_des_cblock *outw,int enc);
 void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,des_key_schedule schedule,des_cblock *ivec,
+		     long length,des_key_schedule *schedule,des_cblock *ivec,
 		     int enc);
 void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
-		     des_key_schedule ks,int enc);
+		     des_key_schedule *ks,int enc);
 
 /* 	This is the DES encryption function that gets called by just about
 	every other DES routine in the library.  You should not use this
@@ -153,7 +157,7 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
 	Data is a pointer to 2 unsigned long's and ks is the
 	des_key_schedule to use.  enc, is non zero specifies encryption,
 	zero if decryption. */
-void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt1(DES_LONG *data,des_key_schedule *ks, int enc);
 
 /* 	This functions is the same as des_encrypt1() except that the DES
 	initial permutation (IP) and final permutation (FP) have been left
@@ -161,37 +165,37 @@ void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);
 	It is used by the routines in the library that implement triple DES.
 	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
 	as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
+void des_encrypt2(DES_LONG *data,des_key_schedule *ks, int enc);
 
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
+void des_encrypt3(DES_LONG *data, des_key_schedule *ks1,
+		  des_key_schedule *ks2, des_key_schedule *ks3);
+void des_decrypt3(DES_LONG *data, des_key_schedule *ks1,
+		  des_key_schedule *ks2, des_key_schedule *ks3);
 void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
 			  long length,
-			  des_key_schedule ks1,des_key_schedule ks2,
-			  des_key_schedule ks3,des_cblock *ivec,int enc);
+			  des_key_schedule *ks1,des_key_schedule *ks2,
+			  des_key_schedule *ks3,des_cblock *ivec,int enc);
 void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
 			   long length,
-			   des_key_schedule ks1,des_key_schedule ks2,
-			   des_key_schedule ks3,
+			   des_key_schedule *ks1,des_key_schedule *ks2,
+			   des_key_schedule *ks3,
 			   des_cblock *ivec1,des_cblock *ivec2,
 			   int enc);
 void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,des_key_schedule ks1,
-			    des_key_schedule ks2,des_key_schedule ks3,
+			    long length,des_key_schedule *ks1,
+			    des_key_schedule *ks2,des_key_schedule *ks3,
 			    des_cblock *ivec,int *num,int enc);
 void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,des_key_schedule ks1,
-			    des_key_schedule ks2,des_key_schedule ks3,
+			    long length,des_key_schedule *ks1,
+			    des_key_schedule *ks2,des_key_schedule *ks3,
 			    des_cblock *ivec,int *num);
 
 void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
 		       des_cblock *out_white);
 
-int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
+int des_enc_read(int fd,void *buf,int len,des_key_schedule *sched,
 		 des_cblock *iv);
-int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
+int des_enc_write(int fd,const void *buf,int len,des_key_schedule *sched,
 		  des_cblock *iv);
 char *des_fcrypt(const char *buf,const char *salt, char *ret);
 char *des_crypt(const char *buf,const char *salt);
@@ -199,9 +203,9 @@ char *des_crypt(const char *buf,const char *salt);
 char *crypt(const char *buf,const char *salt);
 #endif
 void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,des_key_schedule schedule,des_cblock *ivec);
+		     long length,des_key_schedule *schedule,des_cblock *ivec);
 void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,des_key_schedule schedule,des_cblock *ivec,
+		      long length,des_key_schedule *schedule,des_cblock *ivec,
 		      int enc);
 DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
 			long length,int out_count,des_cblock *seed);
@@ -213,17 +217,18 @@ int des_is_weak_key(const_des_cblock *key);
 /* des_set_key (= set_key = des_key_sched = key_sched) calls
  * des_set_key_checked if global variable des_check_key is set,
  * des_set_key_unchecked otherwise. */
-int des_set_key(const_des_cblock *key,des_key_schedule schedule);
-int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
-int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule);
-void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule);
+int des_set_key(const_des_cblock *key,des_key_schedule *schedule);
+int des_key_sched(const_des_cblock *key,des_key_schedule *schedule);
+int des_set_key_checked(const_des_cblock *key,des_key_schedule *schedule);
+void des_set_key_unchecked(const_des_cblock *key,des_key_schedule *schedule);
+void des_release_key(des_key_schedule *schedule);
 void des_string_to_key(const char *str,des_cblock *key);
 void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
 void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       des_key_schedule schedule,des_cblock *ivec,int *num,
+		       des_key_schedule *schedule,des_cblock *ivec,int *num,
 		       int enc);
 void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       des_key_schedule schedule,des_cblock *ivec,int *num);
+		       des_key_schedule *schedule,des_cblock *ivec,int *num);
 /* The following definitions provide compatibility with the MIT Kerberos
  * library. The des_key_schedule structure is not binary compatible. */
 
@@ -256,7 +261,6 @@ void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
 #  define check_parity des_check_key_parity
 #endif
 
-typedef des_key_schedule bit_64;
 #define des_fixup_key_parity des_set_odd_parity
 
 #ifdef  __cplusplus
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
index 0bd9fa39bc..81633c0c67 100644
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,7 +58,7 @@
 
 #include "des_locl.h"
 
-void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
+void des_encrypt1(DES_LONG *data, des_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
@@ -84,7 +84,7 @@ void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=ks->ks.deslong;
+	s=ks->ks->deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -156,7 +156,7 @@ void des_encrypt1(DES_LONG *data, des_key_schedule ks, int enc)
 	l=r=t=u=0;
 	}
 
-void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+void des_encrypt2(DES_LONG *data, des_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
@@ -180,7 +180,7 @@ void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=ks->ks.deslong;
+	s=ks->ks->deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -247,8 +247,8 @@ void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
 	l=r=t=u=0;
 	}
 
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3)
+void des_encrypt3(DES_LONG *data, des_key_schedule *ks1,
+		  des_key_schedule *ks2, des_key_schedule *ks3)
 	{
 	register DES_LONG l,r;
 
@@ -267,8 +267,8 @@ void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
 	data[1]=r;
 	}
 
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3)
+void des_decrypt3(DES_LONG *data, des_key_schedule *ks1,
+		  des_key_schedule *ks2, des_key_schedule *ks3)
 	{
 	register DES_LONG l,r;
 
@@ -293,8 +293,9 @@ void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2,
 #include "ncbc_enc.c" /* des_ncbc_encrypt */
 
 void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
-	     long length, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3, des_cblock *ivec, int enc)
+			  long length, des_key_schedule *ks1,
+			  des_key_schedule *ks2, des_key_schedule *ks3,
+			  des_cblock *ivec, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
index 8c49894e1c..22a24943e5 100644
--- a/crypto/des/des_locl.h
+++ b/crypto/des/des_locl.h
@@ -412,6 +412,6 @@
 
 OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64];
 
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
+void fcrypt_body(DES_LONG *out,des_key_schedule *ks,
+		 DES_LONG Eswap0, DES_LONG Eswap1);
 #endif
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
index 1be401fb21..33f1656268 100644
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -351,17 +351,17 @@ int main(int argc, char *argv[])
 
 #ifndef OPENSSL_NO_DESCBCM
 	printf("Doing cbcm\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=des_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0)
+	if ((j=des_set_key_checked(&cbc2_key,&ks2)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0)
+	if ((j=des_set_key_checked(&cbc3_key,&ks3)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -373,9 +373,9 @@ int main(int argc, char *argv[])
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 	memset(iv2,'\0',sizeof iv2);
 
-	des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,&iv2,
+	des_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
 			      DES_ENCRYPT);
-	des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,ks,ks2,ks3,
+	des_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
 			      &iv3,&iv2,DES_ENCRYPT);
 	/*	if (memcmp(cbc_out,cbc3_ok,
 		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
@@ -386,7 +386,7 @@ int main(int argc, char *argv[])
 	*/
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 	memset(iv2,'\0',sizeof iv2);
-	des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,&iv2,DES_DECRYPT);
+	des_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		int n;
@@ -405,12 +405,12 @@ int main(int argc, char *argv[])
 	printf("Doing ecb\n");
 	for (i=0; i<NUM_TESTS; i++)
 		{
-		des_set_key_unchecked(&key_data[i],ks);
+		des_set_key_unchecked(&key_data[i],&ks);
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
-		des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
+		des_ecb_encrypt(&in,&out,&ks,DES_ENCRYPT);
+		des_ecb_encrypt(&out,&outin,&ks,DES_DECRYPT);
 
 		if (memcmp(out,cipher_data[i],8) != 0)
 			{
@@ -431,14 +431,14 @@ int main(int argc, char *argv[])
 	printf("Doing ede ecb\n");
 	for (i=0; i<(NUM_TESTS-1); i++)
 		{
-		des_set_key_unchecked(&key_data[i],ks);
-		des_set_key_unchecked(&key_data[i+1],ks2);
-		des_set_key_unchecked(&key_data[i+2],ks3);
+		des_set_key_unchecked(&key_data[i],&ks);
+		des_set_key_unchecked(&key_data[i+1],&ks2);
+		des_set_key_unchecked(&key_data[i+2],&ks3);
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
-		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
+		des_ecb2_encrypt(&in,&out,&ks,&ks2,DES_ENCRYPT);
+		des_ecb2_encrypt(&out,&outin,&ks,&ks2,DES_DECRYPT);
 
 		if (memcmp(out,cipher_ecb2[i],8) != 0)
 			{
@@ -457,7 +457,7 @@ int main(int argc, char *argv[])
 #endif
 
 	printf("Doing cbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=des_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -465,7 +465,7 @@ int main(int argc, char *argv[])
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks,
 			 &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc_ok,32) != 0)
 		{
@@ -474,7 +474,7 @@ int main(int argc, char *argv[])
 		}
 
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,
 			 &iv3,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
 		{
@@ -484,7 +484,7 @@ int main(int argc, char *argv[])
 
 #ifndef LIBDES_LIT
 	printf("Doing desx cbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=des_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -492,7 +492,7 @@ int main(int argc, char *argv[])
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks,
 			 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
 	if (memcmp(cbc_out,xcbc_ok,32) != 0)
 		{
@@ -500,7 +500,7 @@ int main(int argc, char *argv[])
 		err=1;
 		}
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,
 			 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
@@ -510,17 +510,17 @@ int main(int argc, char *argv[])
 #endif
 
 	printf("Doing ede cbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=des_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc2_key,ks2)) != 0)
+	if ((j=des_set_key_checked(&cbc2_key,&ks2)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_set_key_checked(&cbc3_key,ks3)) != 0)
+	if ((j=des_set_key_checked(&cbc3_key,&ks3)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -531,41 +531,58 @@ int main(int argc, char *argv[])
 	/* i=((i+7)/8)*8; */
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 
-	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,DES_ENCRYPT);
-	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,
+			     DES_ENCRYPT);
+	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,&ks,&ks2,&ks3,
 			     &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc3_ok,
 		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
 		{
+		int n;
+
 		printf("des_ede3_cbc_encrypt encrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_out[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc3_ok[n]);
+		printf("\n");
 		err=1;
 		}
 
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
+		int n;
+
 		printf("des_ede3_cbc_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
 		err=1;
 		}
 
 #ifndef LIBDES_LIT
 	printf("Doing pcbc\n");
-	if ((j=des_set_key_checked(&cbc_key,ks)) != 0)
+	if ((j=des_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
-	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,&ks,
 			 &cbc_iv,DES_ENCRYPT);
 	if (memcmp(cbc_out,pcbc_ok,32) != 0)
 		{
 		printf("pcbc_encrypt encrypt error\n");
 		err=1;
 		}
-	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,&ks,&cbc_iv,
 			 DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
@@ -591,7 +608,7 @@ int main(int argc, char *argv[])
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	for (i=0; i<sizeof(plain); i++)
 		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
-			8,1,ks,&cfb_tmp,DES_ENCRYPT);
+			8,1,&ks,&cfb_tmp,DES_ENCRYPT);
 	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
 		{
 		printf("cfb_encrypt small encrypt error\n");
@@ -601,7 +618,7 @@ int main(int argc, char *argv[])
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	for (i=0; i<sizeof(plain); i++)
 		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
-			8,1,ks,&cfb_tmp,DES_DECRYPT);
+			8,1,&ks,&cfb_tmp,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		printf("cfb_encrypt small decrypt error\n");
@@ -614,9 +631,9 @@ int main(int argc, char *argv[])
 	printf("done\n");
 
 	printf("Doing ofb\n");
-	des_set_key_checked(&ofb_key,ks);
+	des_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
+	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,&ks,&ofb_tmp);
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
 		printf("ofb_encrypt encrypt error\n");
@@ -629,7 +646,7 @@ ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
 		err=1;
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
+	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,&ks,&ofb_tmp);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb_encrypt decrypt error\n");
@@ -643,14 +660,14 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ofb64\n");
-	des_set_key_checked(&ofb_key,ks);
+	des_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
 	num=0;
 	for (i=0; i<sizeof(plain); i++)
 		{
-		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,&ks,&ofb_tmp,
 				  &num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
@@ -660,7 +677,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,&num);
+	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),&ks,&ofb_tmp,
+			  &num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb64_encrypt decrypt error\n");
@@ -668,15 +686,15 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ede_ofb64\n");
-	des_set_key_checked(&ofb_key,ks);
+	des_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
 	num=0;
 	for (i=0; i<sizeof(plain); i++)
 		{
-		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
-				       &ofb_tmp,&num);
+		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,&ks,&ks,
+				       &ks,&ofb_tmp,&num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
@@ -685,8 +703,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,
-			       ks,ks,&ofb_tmp,&num);
+	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),&ks,&ks,&ks,
+			       &ofb_tmp,&num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ede_ofb64_encrypt decrypt error\n");
@@ -694,8 +712,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing cbc_cksum\n");
-	des_set_key_checked(&cbc_key,ks);
-	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
+	des_set_key_checked(&cbc_key,&ks);
+	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),&ks,&cbc_iv);
 	if (cs != cbc_cksum_ret)
 		{
 		printf("bad return value (%08lX), should be %08lX\n",
@@ -775,7 +793,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		{
 		printf(" %d",i);
 		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
-				 strlen((char *)cbc_data)+1,ks,
+				 strlen((char *)cbc_data)+1,&ks,
 				 &cbc_iv,DES_ENCRYPT);
 		}
 	printf("\noutput word alignment test");
@@ -783,7 +801,7 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		{
 		printf(" %d",i);
 		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
-				 strlen((char *)cbc_data)+1,ks,
+				 strlen((char *)cbc_data)+1,&ks,
 				 &cbc_iv,DES_ENCRYPT);
 		}
 	printf("\n");
@@ -830,9 +848,9 @@ static int cfb_test(int bits, unsigned char *cfb_cipher)
 	des_key_schedule ks;
 	int i,err=0;
 
-	des_set_key_checked(&cfb_key,ks);
+	des_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),&ks,&cfb_tmp,
 			DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
@@ -842,7 +860,7 @@ static int cfb_test(int bits, unsigned char *cfb_cipher)
 			printf("%s\n",pt(&(cfb_buf1[i])));
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),&ks,&cfb_tmp,
 			DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
@@ -859,11 +877,11 @@ static int cfb64_test(unsigned char *cfb_cipher)
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_set_key_checked(&cfb_key,ks);
+	des_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
-	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+	des_cfb64_encrypt(plain,cfb_buf1,12,&ks,&cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,&ks,
 			  &cfb_tmp,&n,DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
@@ -874,9 +892,9 @@ static int cfb64_test(unsigned char *cfb_cipher)
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
+	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,&ks,&cfb_tmp,&n,DES_DECRYPT);
 	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
+			  sizeof(plain)-17,&ks,&cfb_tmp,&n,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -892,13 +910,13 @@ static int ede_cfb64_test(unsigned char *cfb_cipher)
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_set_key_checked(&cfb_key,ks);
+	des_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,&ks,&ks,&ks,&cfb_tmp,&n,
 			       DES_ENCRYPT);
 	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-			       sizeof(plain)-12,ks,ks,ks,
+			       sizeof(plain)-12,&ks,&ks,&ks,
 			       &cfb_tmp,&n,DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
@@ -909,10 +927,10 @@ static int ede_cfb64_test(unsigned char *cfb_cipher)
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&ks,&ks,&ks,
 			       &cfb_tmp,&n,DES_DECRYPT);
 	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-			       sizeof(plain)-17,ks,ks,ks,
+			       sizeof(plain)-17,&ks,&ks,&ks,
 			       &cfb_tmp,&n,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
index fb28b97e1a..f5c0367274 100644
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -59,7 +59,8 @@
 #include "des_locl.h"
 
 void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
-	     des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3,
+		      des_key_schedule *ks1, des_key_schedule *ks2,
+		      des_key_schedule *ks3,
 	     int enc)
 	{
 	register DES_LONG l0,l1;
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
index d481327ef3..1e29238cbf 100644
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -104,8 +104,7 @@ const char *des_options(void)
 		
 
 void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
-	     des_key_schedule ks,
-	     int enc)
+		     des_key_schedule *ks, int enc)
 	{
 	register DES_LONG l;
 	DES_LONG ll[2];
@@ -119,4 +118,3 @@ void des_ecb_encrypt(const_des_cblock *input, des_cblock *output,
 	l=ll[1]; l2c(l,out);
 	l=ll[0]=ll[1]=0;
 	}
-
diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c
index ceadec4070..81cba24411 100644
--- a/crypto/des/ede_cbcm_enc.c
+++ b/crypto/des/ede_cbcm_enc.c
@@ -72,8 +72,8 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
 #include "des_locl.h"
 
 void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, des_key_schedule ks1, des_key_schedule ks2,
-	     des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2,
+	     long length, des_key_schedule *ks1, des_key_schedule *ks2,
+	     des_key_schedule *ks3, des_cblock *ivec1, des_cblock *ivec2,
 	     int enc)
     {
     register DES_LONG tin0,tin1;
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
index e8a5763abf..5881caf3d5 100644
--- a/crypto/des/enc_read.c
+++ b/crypto/des/enc_read.c
@@ -84,7 +84,7 @@ OPENSSL_IMPLEMENT_GLOBAL(int,des_rw_mode)=DES_PCBC_MODE;
  */
 
 
-int des_enc_read(int fd, void *buf, int len, des_key_schedule sched,
+int des_enc_read(int fd, void *buf, int len, des_key_schedule *sched,
 		 des_cblock *iv)
 	{
 	/* data to be unencrypted */
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index cc2b50fb50..ea9e4b48ca 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -78,7 +78,7 @@
  */
 
 int des_enc_write(int fd, const void *_buf, int len,
-		  des_key_schedule sched, des_cblock *iv)
+		  des_key_schedule *sched, des_cblock *iv)
 	{
 #ifdef _LIBC
 	extern unsigned long time();
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index 1d619316fd..caade4db9a 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -58,8 +58,8 @@ static unsigned const char cov_2char[64]={
 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
 };
 
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
+void fcrypt_body(DES_LONG *out,des_key_schedule *ks,
+		 DES_LONG Eswap0, DES_LONG Eswap1);
 
 #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
 char *crypt(const char *buf, const char *salt)
@@ -150,8 +150,8 @@ r=(r+7)/8;
 	for (; i<8; i++)
 		key[i]=0;
 
-	des_set_key_unchecked(&key,ks);
-	fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+	des_set_key_unchecked(&key,&ks);
+	fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
 
 	ll=out[0]; l2c(ll,b);
 	ll=out[1]; l2c(ll,b);
diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
index 22c87f5983..86253bd5ca 100644
--- a/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
@@ -77,8 +77,8 @@
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
 	(a)=(a)^(t)^(t>>(16-(n))))\
 
-void fcrypt_body(DES_LONG *out, des_key_schedule ks, DES_LONG Eswap0,
-	     DES_LONG Eswap1)
+void fcrypt_body(DES_LONG *out, des_key_schedule *ks, DES_LONG Eswap0,
+		 DES_LONG Eswap1)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
index b8db07b199..6be518486e 100644
--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -65,10 +65,10 @@
 
 #ifdef CBC_ENC_C__DONT_UPDATE_IV
 void des_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     des_key_schedule schedule, des_cblock *ivec, int enc)
+		     des_key_schedule *_schedule, des_cblock *ivec, int enc)
 #else
 void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     des_key_schedule schedule, des_cblock *ivec, int enc)
+		     des_key_schedule *_schedule, des_cblock *ivec, int enc)
 #endif
 	{
 	register DES_LONG tin0,tin1;
@@ -89,7 +89,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2l(in,tin1);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -98,7 +98,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			des_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -116,7 +116,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2c(tout0,out);
@@ -128,7 +128,7 @@ void des_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
+			des_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2cn(tout0,tout1,out,l+8);
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index 6eafe908da..9f389f7c23 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -63,9 +63,10 @@
  * 64bit block we have used is contained in *num;
  */
 void des_ede3_ofb64_encrypt(register const unsigned char *in,
-	     register unsigned char *out, long length, des_key_schedule k1,
-	     des_key_schedule k2, des_key_schedule k3, des_cblock *ivec,
-	     int *num)
+			    register unsigned char *out, long length,
+			    des_key_schedule *k1, des_key_schedule *k2,
+			    des_key_schedule *k3, des_cblock *ivec,
+			    int *num)
 	{
 	register DES_LONG v0,v1;
 	register int n= *num;
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index 1a1d1f1ac4..11be67c46c 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -63,8 +63,8 @@
  * 64bit block we have used is contained in *num;
  */
 void des_ofb64_encrypt(register const unsigned char *in,
-	     register unsigned char *out, long length, des_key_schedule schedule,
-	     des_cblock *ivec, int *num)
+		       register unsigned char *out, long length,
+		       des_key_schedule *schedule, des_cblock *ivec, int *num)
 	{
 	register DES_LONG v0,v1,t;
 	register int n= *num;
diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
index 70493e632c..715ecb291f 100644
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -65,7 +65,8 @@
  * byte.
  */
 void des_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-	     long length, des_key_schedule schedule, des_cblock *ivec)
+		     long length, des_key_schedule *schedule,
+		     des_cblock *ivec)
 	{
 	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
index 5b987f074d..62b2349afb 100644
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -59,7 +59,8 @@
 #include "des_locl.h"
 
 void des_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-	     long length, des_key_schedule schedule, des_cblock *ivec, int enc)
+		      long length, des_key_schedule *schedule,
+		      des_cblock *ivec, int enc)
 	{
 	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
 	DES_LONG tin[2];
diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
index 32d96d5cae..2a4a06672d 100644
--- a/crypto/des/rpc_enc.c
+++ b/crypto/des/rpc_enc.c
@@ -66,17 +66,17 @@ int _des_crypt(char *buf, int len, struct desparams *desp)
 	des_key_schedule ks;
 	int enc;
 
-	des_set_key_unchecked(&desp->des_key,ks);
+	des_set_key_unchecked(&desp->des_key,&ks);
 	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
 
 	if (desp->des_mode == CBC)
 		des_ecb_encrypt((const_des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,ks,
+				(des_cblock *)desp->UDES.UDES_buf,&ks,
 				enc);
 	else
 		{
 		des_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
-				len,ks,&desp->des_ivec,enc);
+				len,&ks,&desp->des_ivec,enc);
 #ifdef undef
 		/* len will always be %8 if called from common_crypt
 		 * in secure_rpc.
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index 0dc79c9461..245b720a59 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -307,7 +307,7 @@ static const DES_LONG des_skb[8][64]={
 	0x00002822L,0x04002822L,0x00042822L,0x04042822L,
 	}};
 
-int des_set_key(const_des_cblock *key, des_key_schedule schedule)
+int des_set_key(const_des_cblock *key, des_key_schedule *schedule)
 	{
 	if (des_check_key)
 		{
@@ -324,7 +324,7 @@ int des_set_key(const_des_cblock *key, des_key_schedule schedule)
  * return -1 if key parity error,
  * return -2 if illegal weak key.
  */
-int des_set_key_checked(const_des_cblock *key, des_key_schedule schedule)
+int des_set_key_checked(const_des_cblock *key, des_key_schedule *schedule)
 	{
 	if (!des_check_key_parity(key))
 		return(-1);
@@ -334,7 +334,7 @@ int des_set_key_checked(const_des_cblock *key, des_key_schedule schedule)
 	return 0;
 	}
 
-void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
+void des_set_key_unchecked(const_des_cblock *key, des_key_schedule *schedule)
 	{
 	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
 	register DES_LONG c,d,t,s,t2;
@@ -342,7 +342,11 @@ void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
 	register DES_LONG *k;
 	register int i;
 
-	k = &schedule->ks.deslong[0];
+#if OPENBSD_DEV_CRYPTO
+	memcpy(schedule->key,key,sizeof schedule->key);
+	schedule->session=NULL;
+#endif
+	k = &schedule->ks->deslong[0];
 	in = &(*key)[0];
 
 	c2l(in,c);
@@ -390,7 +394,7 @@ void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
 		}
 	}
 
-int des_key_sched(const_des_cblock *key, des_key_schedule schedule)
+int des_key_sched(const_des_cblock *key, des_key_schedule *schedule)
 	{
 	return(des_set_key(key,schedule));
 	}
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index c6abb87201..ab1d8d1166 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -86,9 +86,9 @@ void des_string_to_key(const char *str, des_cblock *key)
 		}
 #endif
 	des_set_odd_parity(key);
-	des_set_key_unchecked(key,ks);
-	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
-	memset(ks,0,sizeof(ks));
+	des_set_key_unchecked(key,&ks);
+	des_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
+	memset(&ks,0,sizeof(ks));
 	des_set_odd_parity(key);
 	}
 
@@ -145,11 +145,11 @@ void des_string_to_2keys(const char *str, des_cblock *key1, des_cblock *key2)
 #endif
 	des_set_odd_parity(key1);
 	des_set_odd_parity(key2);
-	des_set_key_unchecked(key1,ks);
-	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
-	des_set_key_unchecked(key2,ks);
-	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
-	memset(ks,0,sizeof(ks));
+	des_set_key_unchecked(key1,&ks);
+	des_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
+	des_set_key_unchecked(key2,&ks);
+	des_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
+	memset(&ks,0,sizeof(ks));
 	des_set_odd_parity(key1);
 	des_set_odd_parity(key2);
 	}
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
index ccfede13ac..bb910a080d 100644
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -108,8 +108,9 @@ void des_xwhite_in2out(const_des_cblock *des_key, const_des_cblock *in_white,
 	}
 
 void des_xcbc_encrypt(const unsigned char *in, unsigned char *out,
-	    long length, des_key_schedule schedule, des_cblock *ivec,
-	    const_des_cblock *inw, const_des_cblock *outw, int enc)
+		      long length, des_key_schedule *schedule,
+		      des_cblock *ivec, const_des_cblock *inw,
+		      const_des_cblock *outw, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
-- 
GitLab