1 From cfc93329e00cd23c226f34b3ffd5552a93c35bd7 Mon Sep 17 00:00:00 2001
2 From: Hauke Mehrtens <hauke@hauke-m.de>
3 Date: Mon, 23 Mar 2020 22:33:46 +0100
4 Subject: Revert "Disallow use of DES encryption functions in new programs."
6 This reverts commit b10a0accee709a5efff2fadf0b0bbb79ff0ad759.
8 ppp still uses the encrypt functions from the libc. musl libc also
11 conform/data/stdlib.h-data | 3 +
12 conform/data/unistd.h-data | 6 ++
13 crypt/cert.c | 26 -----
14 crypt/crypt-entry.c | 15 ++-
15 crypt/crypt.h | 16 +++
16 crypt/crypt_util.c | 9 --
17 manual/conf.texi | 2 -
18 manual/crypt.texi | 201 +++++++++++++++++++++++++++++++++++++
19 manual/string.texi | 82 +++++++--------
20 posix/unistd.h | 22 ++--
21 stdlib/stdlib.h | 6 ++
22 sunrpc/Makefile | 2 +-
23 sunrpc/des_crypt.c | 7 +-
24 sunrpc/des_soft.c | 2 +-
25 14 files changed, 303 insertions(+), 96 deletions(-)
27 --- a/conform/data/stdlib.h-data
28 +++ b/conform/data/stdlib.h-data
29 @@ -149,6 +149,9 @@ function {unsigned short int*} seed48 (u
30 #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98
31 function int setenv (const char*, const char*, int)
33 +#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008
34 +function void setkey (const char*)
36 #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008
37 function {char*} setstate (char*)
39 --- a/conform/data/unistd.h-data
40 +++ b/conform/data/unistd.h-data
41 @@ -437,6 +437,9 @@ function int chroot (const char*)
42 function int chown (const char*, uid_t, gid_t)
43 function int close (int)
44 function size_t confstr (int, char*, size_t)
45 +#if !defined POSIX && !defined POSIX2008
46 +function {char*} crypt (const char*, const char*)
48 #if defined XPG4 || defined XPG42 || defined UNIX98
49 function {char*} ctermid (char*)
50 function {char*} cuserid (char*)
51 @@ -446,6 +449,9 @@ allow cuserid
53 function int dup (int)
54 function int dup2 (int, int)
55 +#if !defined POSIX && !defined POSIX2008
56 +function void encrypt (char[64], int)
58 function int execl (const char*, const char*, ...)
59 function int execle (const char*, const char*, ...)
60 function int execlp (const char*, const char*, ...)
67 -/* This file tests the deprecated setkey/encrypt interface. */
68 -#include <shlib-compat.h>
69 -#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
71 -#define libcrypt_version_reference(symbol, version) \
72 - _libcrypt_version_reference (symbol, VERSION_libcrypt_##version)
73 -#define _libcrypt_version_reference(symbol, version) \
74 - __libcrypt_version_reference (symbol, version)
75 -#define __libcrypt_version_reference(symbol, version) \
76 - __asm__ (".symver " #symbol ", " #symbol "@" #version)
78 -extern void setkey (const char *);
79 -extern void encrypt (const char *, int);
80 -libcrypt_version_reference (setkey, GLIBC_2_0);
81 -libcrypt_version_reference (encrypt, GLIBC_2_0);
85 int main (int argc, char *argv[]);
86 @@ -120,13 +104,3 @@ put8 (char *cp)
91 -#else /* encrypt and setkey are not available. */
96 - return 77; /* UNSUPPORTED */
100 --- a/crypt/crypt-entry.c
101 +++ b/crypt/crypt-entry.c
105 #include "crypt-private.h"
106 -#include <shlib-compat.h>
108 /* Prototypes for local functions. */
109 #ifndef __GNU_LIBRARY__
110 @@ -177,7 +176,17 @@ crypt (const char *key, const char *salt
111 return __crypt_r (key, salt, &_ufc_foobar);
114 -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
117 + * To make fcrypt users happy.
118 + * They don't need to call init_des.
121 weak_alias (crypt, fcrypt)
122 -compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
125 +__fcrypt (const char *key, const char *salt)
127 + return crypt (key, salt);
132 @@ -36,6 +36,14 @@ __BEGIN_DECLS
133 extern char *crypt (const char *__phrase, const char *__salt)
134 __THROW __nonnull ((1, 2));
136 +/* Setup DES tables according KEY. */
137 +extern void setkey (const char *__key) __THROW __nonnull ((1));
139 +/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
141 +extern void encrypt (char *__glibc_block, int __edflag)
142 + __THROW __nonnull ((1));
146 /* This structure provides scratch and output buffers for 'crypt_r'.
147 @@ -63,6 +71,14 @@ struct crypt_data
148 extern char *crypt_r (const char *__phrase, const char *__salt,
149 struct crypt_data * __restrict __data)
150 __THROW __nonnull ((1, 2, 3));
152 +extern void setkey_r (const char *__key,
153 + struct crypt_data * __restrict __data)
154 + __THROW __nonnull ((1, 2));
156 +extern void encrypt_r (char *__glibc_block, int __edflag,
157 + struct crypt_data * __restrict __data)
158 + __THROW __nonnull ((1, 3));
162 --- a/crypt/crypt_util.c
163 +++ b/crypt/crypt_util.c
167 #include "crypt-private.h"
168 -#include <shlib-compat.h>
170 /* Prototypes for local functions. */
171 #ifndef __GNU_LIBRARY__
172 @@ -151,7 +150,6 @@ static const int sbox[8][4][16]= {
176 -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
178 * This is the initial
180 @@ -162,7 +160,6 @@ static const int initial_perm[64] = {
181 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
182 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
188 @@ -788,7 +785,6 @@ _ufc_output_conversion_r (ufc_long v1, u
189 __data->crypt_3_buf[13] = 0;
192 -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
195 * UNIX encrypt function. Takes a bitvector
196 @@ -889,14 +885,12 @@ __encrypt_r (char *__block, int __edflag
199 weak_alias (__encrypt_r, encrypt_r)
200 -compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0);
203 encrypt (char *__block, int __edflag)
205 __encrypt_r(__block, __edflag, &_ufc_foobar);
207 -compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0);
211 @@ -921,15 +915,12 @@ __setkey_r (const char *__key, struct cr
212 _ufc_mk_keytab_r((char *) ktab, __data);
214 weak_alias (__setkey_r, setkey_r)
215 -compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0);
218 setkey (const char *__key)
220 __setkey_r(__key, &_ufc_foobar);
222 -compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0);
223 -#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */
226 __b64_from_24bit (char **cp, int *buflen,
227 --- a/manual/conf.texi
228 +++ b/manual/conf.texi
229 @@ -780,8 +780,6 @@ Inquire about the parameter correspondin
230 @item _SC_XOPEN_CRYPT
231 @standards{X/Open, unistd.h}
232 Inquire about the parameter corresponding to @code{_XOPEN_CRYPT}.
233 -@Theglibc no longer implements the @code{_XOPEN_CRYPT} extensions,
234 -so @samp{sysconf (_SC_XOPEN_CRYPT)} always returns @code{-1}.
236 @item _SC_XOPEN_ENH_I18N
237 @standards{X/Open, unistd.h}
238 --- a/manual/crypt.texi
239 +++ b/manual/crypt.texi
240 @@ -16,8 +16,19 @@ subject to them, even if you do not use
241 yourself. The restrictions vary from place to place and are changed
242 often, so we cannot give any more specific advice than this warning.
246 +It also provides support for Secure RPC, and some library functions that
247 +can be used to perform normal DES encryption. The @code{AUTH_DES}
248 +authentication flavor in Secure RPC, as provided by @theglibc{},
249 +uses DES and does not comply with FIPS 140-2 nor does any other use of DES
250 +within @theglibc{}. It is recommended that Secure RPC should not be used
251 +for systems that need to comply with FIPS 140-2 since all flavors of
252 +encrypted authentication use normal DES.
255 * Passphrase Storage:: One-way hashing for passphrases.
256 +* DES Encryption:: Routines for DES encryption.
257 * Unpredictable Bytes:: Randomness for cryptographic purposes.
260 @@ -200,6 +211,196 @@ hashes for the same passphrase.
261 @include testpass.c.texi
264 +@node DES Encryption
265 +@section DES Encryption
268 +The Data Encryption Standard is described in the US Government Federal
269 +Information Processing Standards (FIPS) 46-3 published by the National
270 +Institute of Standards and Technology. The DES has been very thoroughly
271 +analyzed since it was developed in the late 1970s, and no new
272 +significant flaws have been found.
274 +However, the DES uses only a 56-bit key (plus 8 parity bits), and a
275 +machine has been built in 1998 which can search through all possible
276 +keys in about 6 days, which cost about US$200000; faster searches would
277 +be possible with more money. This makes simple DES insecure for most
278 +purposes, and NIST no longer permits new US government systems
281 +For serious encryption functionality, it is recommended that one of the
282 +many free encryption libraries be used instead of these routines.
284 +The DES is a reversible operation which takes a 64-bit block and a
285 +64-bit key, and produces another 64-bit block. Usually the bits are
286 +numbered so that the most-significant bit, the first bit, of each block
289 +Under that numbering, every 8th bit of the key (the 8th, 16th, and so
290 +on) is not used by the encryption algorithm itself. But the key must
291 +have odd parity; that is, out of bits 1 through 8, and 9 through 16, and
292 +so on, there must be an odd number of `1' bits, and this completely
293 +specifies the unused bits.
295 +@deftypefun void setkey (const char *@var{key})
296 +@standards{BSD, crypt.h}
297 +@standards{SVID, crypt.h}
298 +@safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
299 +@c The static buffer stores the key, making it fundamentally
300 +@c thread-unsafe. The locking issues are only in the initialization
301 +@c path; cancelling the initialization will leave the lock held, it
302 +@c would otherwise repeat the initialization on the next call.
304 +The @code{setkey} function sets an internal data structure to be an
305 +expanded form of @var{key}. @var{key} is specified as an array of 64
306 +bits each stored in a @code{char}, the first bit is @code{key[0]} and
307 +the 64th bit is @code{key[63]}. The @var{key} should have the correct
311 +@deftypefun void encrypt (char *@var{block}, int @var{edflag})
312 +@standards{BSD, crypt.h}
313 +@standards{SVID, crypt.h}
314 +@safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
315 +@c Same issues as setkey.
317 +The @code{encrypt} function encrypts @var{block} if
318 +@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
319 +previously set by @code{setkey}. The result is
320 +placed in @var{block}.
322 +Like @code{setkey}, @var{block} is specified as an array of 64 bits each
323 +stored in a @code{char}, but there are no parity bits in @var{block}.
326 +@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
327 +@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
328 +@standards{GNU, crypt.h}
329 +@c setkey_r: @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
330 +@safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
332 +These are reentrant versions of @code{setkey} and @code{encrypt}. The
333 +only difference is the extra parameter, which stores the expanded
334 +version of @var{key}. Before calling @code{setkey_r} the first time,
335 +@code{data->initialized} must be cleared to zero.
338 +The @code{setkey_r} and @code{encrypt_r} functions are GNU extensions.
339 +@code{setkey}, @code{encrypt}, @code{setkey_r}, and @code{encrypt_r} are
340 +defined in @file{crypt.h}.
342 +@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode})
343 +@standards{SUNRPC, rpc/des_crypt.h}
344 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
346 +The function @code{ecb_crypt} encrypts or decrypts one or more blocks
347 +using DES. Each block is encrypted independently.
349 +The @var{blocks} and the @var{key} are stored packed in 8-bit bytes, so
350 +that the first bit of the key is the most-significant bit of
351 +@code{key[0]} and the 63rd bit of the key is stored as the
352 +least-significant bit of @code{key[7]}. The @var{key} should have the
355 +@var{len} is the number of bytes in @var{blocks}. It should be a
356 +multiple of 8 (so that there are a whole number of blocks to encrypt).
357 +@var{len} is limited to a maximum of @code{DES_MAXDATA} bytes.
359 +The result of the encryption replaces the input in @var{blocks}.
361 +The @var{mode} parameter is the bitwise OR of two of the following:
365 +@standards{SUNRPC, rpc/des_crypt.h}
366 +This constant, used in the @var{mode} parameter, specifies that
367 +@var{blocks} is to be encrypted.
370 +@standards{SUNRPC, rpc/des_crypt.h}
371 +This constant, used in the @var{mode} parameter, specifies that
372 +@var{blocks} is to be decrypted.
375 +@standards{SUNRPC, rpc/des_crypt.h}
376 +This constant, used in the @var{mode} parameter, asks to use a hardware
377 +device. If no hardware device is available, encryption happens anyway,
381 +@standards{SUNRPC, rpc/des_crypt.h}
382 +This constant, used in the @var{mode} parameter, specifies that no
383 +hardware device is to be used.
386 +The result of the function will be one of these values:
390 +@standards{SUNRPC, rpc/des_crypt.h}
391 +The encryption succeeded.
393 +@item DESERR_NOHWDEVICE
394 +@standards{SUNRPC, rpc/des_crypt.h}
395 +The encryption succeeded, but there was no hardware device available.
397 +@item DESERR_HWERROR
398 +@standards{SUNRPC, rpc/des_crypt.h}
399 +The encryption failed because of a hardware problem.
401 +@item DESERR_BADPARAM
402 +@standards{SUNRPC, rpc/des_crypt.h}
403 +The encryption failed because of a bad parameter, for instance @var{len}
404 +is not a multiple of 8 or @var{len} is larger than @code{DES_MAXDATA}.
408 +@deftypefun int DES_FAILED (int @var{err})
409 +@standards{SUNRPC, rpc/des_crypt.h}
410 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
411 +This macro returns 1 if @var{err} is a `success' result code from
412 +@code{ecb_crypt} or @code{cbc_crypt}, and 0 otherwise.
415 +@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode}, char *@var{ivec})
416 +@standards{SUNRPC, rpc/des_crypt.h}
417 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
419 +The function @code{cbc_crypt} encrypts or decrypts one or more blocks
420 +using DES in Cipher Block Chaining mode.
422 +For encryption in CBC mode, each block is exclusive-ored with @var{ivec}
423 +before being encrypted, then @var{ivec} is replaced with the result of
424 +the encryption, then the next block is processed. Decryption is the
425 +reverse of this process.
427 +This has the advantage that blocks which are the same before being
428 +encrypted are very unlikely to be the same after being encrypted, making
429 +it much harder to detect patterns in the data.
431 +Usually, @var{ivec} is set to 8 random bytes before encryption starts.
432 +Then the 8 random bytes are transmitted along with the encrypted data
433 +(without themselves being encrypted), and passed back in as @var{ivec}
434 +for decryption. Another possibility is to set @var{ivec} to 8 zeroes
435 +initially, and have the first block encrypted consist of 8 random
438 +Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
441 +@deftypefun void des_setparity (char *@var{key})
442 +@standards{SUNRPC, rpc/des_crypt.h}
443 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
445 +The function @code{des_setparity} changes the 64-bit @var{key}, stored
446 +packed in 8-bit bytes, to have odd parity by altering the low bits of
450 +The @code{ecb_crypt}, @code{cbc_crypt}, and @code{des_setparity}
451 +functions and their accompanying macros are all defined in the header
452 +@file{rpc/des_crypt.h}.
454 @node Unpredictable Bytes
455 @section Generating Unpredictable Bytes
456 @cindex randomness source
457 --- a/manual/string.texi
458 +++ b/manual/string.texi
459 @@ -36,8 +36,8 @@ too.
461 * Erasing Sensitive Data:: Clearing memory which contains sensitive
462 data, after it's no longer needed.
463 -* Shuffling Bytes:: Or how to flash-cook a string.
464 -* Obfuscating Data:: Reversibly obscuring data from casual view.
465 +* strfry:: Function for flash-cooking a string.
466 +* Trivial Encryption:: Obscuring data.
467 * Encode Binary Data:: Encoding and Decoding of Binary Data.
468 * Argz and Envz Vectors:: Null-separated string vectors.
470 @@ -2426,73 +2426,73 @@ functionality under a different name, su
471 systems it may be in @file{strings.h} instead.
475 -@node Shuffling Bytes
476 -@section Shuffling Bytes
480 The function below addresses the perennial programming quandary: ``How do
481 I take good data in string form and painlessly turn it into garbage?''
482 -This is not a difficult thing to code for oneself, but the authors of
483 -@theglibc{} wish to make it as convenient as possible.
484 +This is actually a fairly simple task for C programmers who do not use
485 +@theglibc{} string functions, but for programs based on @theglibc{},
486 +the @code{strfry} function is the preferred method for
487 +destroying string data.
489 -To @emph{erase} data, use @code{explicit_bzero} (@pxref{Erasing
490 -Sensitive Data}); to obfuscate it reversibly, use @code{memfrob}
491 -(@pxref{Obfuscating Data}).
492 +The prototype for this function is in @file{string.h}.
494 @deftypefun {char *} strfry (char *@var{string})
495 @standards{GNU, string.h}
496 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
497 @c Calls initstate_r, time, getpid, strlen, and random_r.
499 -@code{strfry} performs an in-place shuffle on @var{string}. Each
500 -character is swapped to a position selected at random, within the
501 -portion of the string starting with the character's original position.
502 -(This is the Fisher-Yates algorithm for unbiased shuffling.)
504 -Calling @code{strfry} will not disturb any of the random number
505 -generators that have global state (@pxref{Pseudo-Random Numbers}).
506 +@code{strfry} creates a pseudorandom anagram of a string, replacing the
507 +input with the anagram in place. For each position in the string,
508 +@code{strfry} swaps it with a position in the string selected at random
509 +(from a uniform distribution). The two positions may be the same.
511 The return value of @code{strfry} is always @var{string}.
513 @strong{Portability Note:} This function is unique to @theglibc{}.
514 -It is declared in @file{string.h}.
519 -@node Obfuscating Data
520 -@section Obfuscating Data
521 +@node Trivial Encryption
522 +@section Trivial Encryption
526 +The @code{memfrob} function converts an array of data to something
527 +unrecognizable and back again. It is not encryption in its usual sense
528 +since it is easy for someone to convert the encrypted data back to clear
529 +text. The transformation is analogous to Usenet's ``Rot13'' encryption
530 +method for obscuring offensive jokes from sensitive eyes and such.
531 +Unlike Rot13, @code{memfrob} works on arbitrary binary data, not just
535 -The @code{memfrob} function reversibly obfuscates an array of binary
536 -data. This is not true encryption; the obfuscated data still bears a
537 -clear relationship to the original, and no secret key is required to
538 -undo the obfuscation. It is analogous to the ``Rot13'' cipher used on
539 -Usenet for obscuring offensive jokes, spoilers for works of fiction,
540 -and so on, but it can be applied to arbitrary binary data.
542 -Programs that need true encryption---a transformation that completely
543 -obscures the original and cannot be reversed without knowledge of a
544 -secret key---should use a dedicated cryptography library, such as
545 -@uref{https://www.gnu.org/software/libgcrypt/,,libgcrypt}.
547 -Programs that need to @emph{destroy} data should use
548 -@code{explicit_bzero} (@pxref{Erasing Sensitive Data}), or possibly
549 -@code{strfry} (@pxref{Shuffling Bytes}).
550 +For true encryption, @xref{Cryptographic Functions}.
552 +This function is declared in @file{string.h}.
555 @deftypefun {void *} memfrob (void *@var{mem}, size_t @var{length})
556 @standards{GNU, string.h}
557 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
559 -The function @code{memfrob} obfuscates @var{length} bytes of data
560 -beginning at @var{mem}, in place. Each byte is bitwise xor-ed with
561 -the binary pattern 00101010 (hexadecimal 0x2A). The return value is
564 -@code{memfrob} a second time on the same data returns it to
566 +@code{memfrob} transforms (frobnicates) each byte of the data structure
567 +at @var{mem}, which is @var{length} bytes long, by bitwise exclusive
568 +oring it with binary 00101010. It does the transformation in place and
569 +its return value is always @var{mem}.
571 +Note that @code{memfrob} a second time on the same data structure
572 +returns it to its original state.
574 +This is a good function for hiding information from someone who doesn't
575 +want to see it or doesn't want to see it very much. To really prevent
576 +people from retrieving the information, use stronger encryption such as
577 +that described in @xref{Cryptographic Functions}.
579 @strong{Portability Note:} This function is unique to @theglibc{}.
580 -It is declared in @file{string.h}.
584 @node Encode Binary Data
587 @@ -107,6 +107,9 @@ __BEGIN_DECLS
588 /* The X/Open Unix extensions are available. */
589 #define _XOPEN_UNIX 1
591 +/* Encryption is present. */
592 +#define _XOPEN_CRYPT 1
594 /* The enhanced internationalization capabilities according to XPG4.2
596 #define _XOPEN_ENH_I18N 1
597 @@ -1115,17 +1118,20 @@ ssize_t copy_file_range (int __infd, __o
598 extern int fdatasync (int __fildes);
599 #endif /* Use POSIX199309 */
602 -/* One-way hash PHRASE, returning a string suitable for storage in the
603 - user database. SALT selects the one-way function to use, and
604 - ensures that no two users' hashes are the same, even if they use
605 - the same passphrase. The return value points to static storage
606 - which will be overwritten by the next call to crypt. */
608 +/* XPG4.2 specifies that prototypes for the encryption functions must
609 + be defined here. */
611 +/* Encrypt at most 8 characters from KEY using salt to perturb DES. */
612 extern char *crypt (const char *__key, const char *__salt)
613 __THROW __nonnull ((1, 2));
617 +/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
619 +extern void encrypt (char *__glibc_block, int __edflag)
620 + __THROW __nonnull ((1));
623 /* Swab pairs bytes in the first N bytes of the area pointed to by
624 FROM and copy the result to TO. The value of TO must not be in the
625 range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM
626 --- a/stdlib/stdlib.h
627 +++ b/stdlib/stdlib.h
628 @@ -961,6 +961,12 @@ extern int getsubopt (char **__restrict
633 +/* Setup DES tables according KEY. */
634 +extern void setkey (const char *__key) __THROW __nonnull ((1));
638 /* X/Open pseudo terminal handling. */
640 #ifdef __USE_XOPEN2KXSI
641 --- a/sunrpc/Makefile
642 +++ b/sunrpc/Makefile
643 @@ -51,7 +51,7 @@ rpcsvc = bootparam_prot.x nlm_prot.x rst
644 headers-sunrpc = $(addprefix rpc/,auth.h auth_unix.h clnt.h pmap_clnt.h \
645 pmap_prot.h pmap_rmt.h rpc.h rpc_msg.h \
646 svc.h svc_auth.h types.h xdr.h auth_des.h \
648 + des_crypt.h key_prot.h rpc_des.h) \
649 $(rpcsvc:%=rpcsvc/%) rpcsvc/bootparam.h
650 headers = rpc/netdb.h
651 install-others = $(inst_sysconfdir)/rpc
652 --- a/sunrpc/des_crypt.c
653 +++ b/sunrpc/des_crypt.c
654 @@ -86,9 +86,6 @@ common_crypt (char *key, char *buf, regi
655 return desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE;
658 -/* Note: these cannot be excluded from the build yet, because they are
659 - still used internally. */
662 * CBC mode encryption
664 @@ -105,7 +102,7 @@ cbc_crypt (char *key, char *buf, unsigne
665 COPY8 (dp.des_ivec, ivec);
668 -hidden_nolink (cbc_crypt, libc, GLIBC_2_1)
669 +libc_hidden_nolink_sunrpc (cbc_crypt, GLIBC_2_1)
672 * ECB mode encryption
673 @@ -118,4 +115,4 @@ ecb_crypt (char *key, char *buf, unsigne
675 return common_crypt (key, buf, len, mode, &dp);
677 -hidden_nolink (ecb_crypt, libc, GLIBC_2_1)
678 +libc_hidden_nolink_sunrpc (ecb_crypt, GLIBC_2_1)
679 --- a/sunrpc/des_soft.c
680 +++ b/sunrpc/des_soft.c
681 @@ -71,4 +71,4 @@ des_setparity (char *p)
685 -hidden_nolink (des_setparity, libc, GLIBC_2_1)
686 +libc_hidden_nolink_sunrpc (des_setparity, GLIBC_2_1)