1 From 08f5e0df46ce1ad617bcde1fd5542545397630b9 Mon Sep 17 00:00:00 2001
2 From: Hans Dedecker <dedeckeh@gmail.com>
3 Date: Sat, 24 Oct 2020 21:13:30 +0200
4 Subject: Revert "Disallow use of DES encryption functions in new programs."
6 This reverts commit b10a0accee709a5efff2fadf0b0bbb79ff0ad759.
8 ppp still uses the encrypt functions from the libc while musl libc also
11 conform/data/stdlib.h-data | 3 +
12 conform/data/unistd.h-data | 6 ++
13 crypt/cert.c | 26 -----
14 crypt/crypt-entry.c | 15 ++-
15 crypt/crypt.h | 16 +++
16 crypt/crypt_util.c | 9 --
17 manual/conf.texi | 2 -
18 manual/crypt.texi | 204 +++++++++++++++++++++++++++++++++++++
19 manual/string.texi | 82 +++++++--------
20 posix/unistd.h | 17 +++-
21 stdlib/stdlib.h | 6 ++
22 sunrpc/des_crypt.c | 7 +-
23 sunrpc/des_soft.c | 2 +-
24 13 files changed, 305 insertions(+), 90 deletions(-)
26 --- a/conform/data/stdlib.h-data
27 +++ b/conform/data/stdlib.h-data
28 @@ -149,6 +149,9 @@ function {unsigned short int*} seed48 (u
29 #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98
30 function int setenv (const char*, const char*, int)
32 +#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008
33 +function void setkey (const char*)
35 #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008
36 function {char*} setstate (char*)
38 --- a/conform/data/unistd.h-data
39 +++ b/conform/data/unistd.h-data
40 @@ -437,6 +437,9 @@ function int chroot (const char*)
41 function int chown (const char*, uid_t, gid_t)
42 function int close (int)
43 function size_t confstr (int, char*, size_t)
44 +#if !defined POSIX && !defined POSIX2008
45 +function {char*} crypt (const char*, const char*)
47 #if defined XPG4 || defined XPG42 || defined UNIX98
48 function {char*} ctermid (char*)
49 function {char*} cuserid (char*)
50 @@ -446,6 +449,9 @@ allow cuserid
52 function int dup (int)
53 function int dup2 (int, int)
54 +#if !defined POSIX && !defined POSIX2008
55 +function void encrypt (char[64], int)
57 function int execl (const char*, const char*, ...)
58 function int execle (const char*, const char*, ...)
59 function int execlp (const char*, const char*, ...)
66 -/* This file tests the deprecated setkey/encrypt interface. */
67 -#include <shlib-compat.h>
68 -#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
70 -#define libcrypt_version_reference(symbol, version) \
71 - _libcrypt_version_reference (symbol, VERSION_libcrypt_##version)
72 -#define _libcrypt_version_reference(symbol, version) \
73 - __libcrypt_version_reference (symbol, version)
74 -#define __libcrypt_version_reference(symbol, version) \
75 - __asm__ (".symver " #symbol ", " #symbol "@" #version)
77 -extern void setkey (const char *);
78 -extern void encrypt (const char *, int);
79 -libcrypt_version_reference (setkey, GLIBC_2_0);
80 -libcrypt_version_reference (encrypt, GLIBC_2_0);
84 int main (int argc, char *argv[]);
85 @@ -120,13 +104,3 @@ put8 (char *cp)
90 -#else /* encrypt and setkey are not available. */
95 - return 77; /* UNSUPPORTED */
99 --- a/crypt/crypt-entry.c
100 +++ b/crypt/crypt-entry.c
104 #include "crypt-private.h"
105 -#include <shlib-compat.h>
107 /* Prototypes for local functions. */
108 #ifndef __GNU_LIBRARY__
109 @@ -177,7 +176,17 @@ crypt (const char *key, const char *salt
110 return __crypt_r (key, salt, &_ufc_foobar);
113 -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
116 + * To make fcrypt users happy.
117 + * They don't need to call init_des.
120 weak_alias (crypt, fcrypt)
121 -compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
124 +__fcrypt (const char *key, const char *salt)
126 + return crypt (key, salt);
131 @@ -36,6 +36,14 @@ __BEGIN_DECLS
132 extern char *crypt (const char *__phrase, const char *__salt)
133 __THROW __nonnull ((1, 2));
135 +/* Setup DES tables according KEY. */
136 +extern void setkey (const char *__key) __THROW __nonnull ((1));
138 +/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
140 +extern void encrypt (char *__glibc_block, int __edflag)
141 + __THROW __nonnull ((1));
145 /* This structure provides scratch and output buffers for 'crypt_r'.
146 @@ -63,6 +71,14 @@ struct crypt_data
147 extern char *crypt_r (const char *__phrase, const char *__salt,
148 struct crypt_data * __restrict __data)
149 __THROW __nonnull ((1, 2, 3));
151 +extern void setkey_r (const char *__key,
152 + struct crypt_data * __restrict __data)
153 + __THROW __nonnull ((1, 2));
155 +extern void encrypt_r (char *__glibc_block, int __edflag,
156 + struct crypt_data * __restrict __data)
157 + __THROW __nonnull ((1, 3));
161 --- a/crypt/crypt_util.c
162 +++ b/crypt/crypt_util.c
166 #include "crypt-private.h"
167 -#include <shlib-compat.h>
169 /* Prototypes for local functions. */
170 #ifndef __GNU_LIBRARY__
171 @@ -151,7 +150,6 @@ static const int sbox[8][4][16]= {
175 -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
177 * This is the initial
179 @@ -162,7 +160,6 @@ static const int initial_perm[64] = {
180 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
181 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
187 @@ -788,7 +785,6 @@ _ufc_output_conversion_r (ufc_long v1, u
188 __data->crypt_3_buf[13] = 0;
191 -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
194 * UNIX encrypt function. Takes a bitvector
195 @@ -889,14 +885,12 @@ __encrypt_r (char *__block, int __edflag
198 weak_alias (__encrypt_r, encrypt_r)
199 -compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0);
202 encrypt (char *__block, int __edflag)
204 __encrypt_r(__block, __edflag, &_ufc_foobar);
206 -compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0);
210 @@ -921,15 +915,12 @@ __setkey_r (const char *__key, struct cr
211 _ufc_mk_keytab_r((char *) ktab, __data);
213 weak_alias (__setkey_r, setkey_r)
214 -compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0);
217 setkey (const char *__key)
219 __setkey_r(__key, &_ufc_foobar);
221 -compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0);
222 -#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */
225 __b64_from_24bit (char **cp, int *buflen,
226 --- a/manual/conf.texi
227 +++ b/manual/conf.texi
228 @@ -780,8 +780,6 @@ Inquire about the parameter correspondin
229 @item _SC_XOPEN_CRYPT
230 @standards{X/Open, unistd.h}
231 Inquire about the parameter corresponding to @code{_XOPEN_CRYPT}.
232 -@Theglibc no longer implements the @code{_XOPEN_CRYPT} extensions,
233 -so @samp{sysconf (_SC_XOPEN_CRYPT)} always returns @code{-1}.
235 @item _SC_XOPEN_ENH_I18N
236 @standards{X/Open, unistd.h}
237 --- a/manual/crypt.texi
238 +++ b/manual/crypt.texi
239 @@ -16,8 +16,19 @@ subject to them, even if you do not use
240 yourself. The restrictions vary from place to place and are changed
241 often, so we cannot give any more specific advice than this warning.
245 +It also provides support for Secure RPC, and some library functions that
246 +can be used to perform normal DES encryption. The @code{AUTH_DES}
247 +authentication flavor in Secure RPC, as provided by @theglibc{},
248 +uses DES and does not comply with FIPS 140-2 nor does any other use of DES
249 +within @theglibc{}. It is recommended that Secure RPC should not be used
250 +for systems that need to comply with FIPS 140-2 since all flavors of
251 +encrypted authentication use normal DES.
254 * Passphrase Storage:: One-way hashing for passphrases.
255 +* crypt:: A one-way function for passwords.
256 * Unpredictable Bytes:: Randomness for cryptographic purposes.
259 @@ -190,6 +201,199 @@ unpredictable as possible; @pxref{Unpred
260 @include genpass.c.texi
263 +@node DES Encryption
264 +@section DES Encryption
267 +The Data Encryption Standard is described in the US Government Federal
268 +Information Processing Standards (FIPS) 46-3 published by the National
269 +Institute of Standards and Technology. The DES has been very thoroughly
270 +analyzed since it was developed in the late 1970s, and no new
271 +significant flaws have been found.
273 +However, the DES uses only a 56-bit key (plus 8 parity bits), and a
274 +machine has been built in 1998 which can search through all possible
275 +keys in about 6 days, which cost about US$200000; faster searches would
276 +be possible with more money. This makes simple DES insecure for most
277 +purposes, and NIST no longer permits new US government systems
280 +For serious encryption functionality, it is recommended that one of the
281 +many free encryption libraries be used instead of these routines.
283 +The DES is a reversible operation which takes a 64-bit block and a
284 +64-bit key, and produces another 64-bit block. Usually the bits are
285 +numbered so that the most-significant bit, the first bit, of each block
288 +Under that numbering, every 8th bit of the key (the 8th, 16th, and so
289 +on) is not used by the encryption algorithm itself. But the key must
290 +have odd parity; that is, out of bits 1 through 8, and 9 through 16, and
291 +so on, there must be an odd number of `1' bits, and this completely
292 +specifies the unused bits.
294 +@deftypefun void setkey (const char *@var{key})
295 +@standards{BSD, crypt.h}
296 +@standards{SVID, crypt.h}
297 +@safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
298 +@c The static buffer stores the key, making it fundamentally
299 +@c thread-unsafe. The locking issues are only in the initialization
300 +@c path; cancelling the initialization will leave the lock held, it
301 +@c would otherwise repeat the initialization on the next call.
303 +The @code{setkey} function sets an internal data structure to be an
304 +expanded form of @var{key}. @var{key} is specified as an array of 64
305 +bits each stored in a @code{char}, the first bit is @code{key[0]} and
306 +the 64th bit is @code{key[63]}. The @var{key} should have the correct
310 +@deftypefun void encrypt (char *@var{block}, int @var{edflag})
311 +@standards{BSD, crypt.h}
312 +@standards{SVID, crypt.h}
313 +@safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
314 +@c Same issues as setkey.
316 +The @code{encrypt} function encrypts @var{block} if
317 +@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
318 +previously set by @code{setkey}. The result is
319 +placed in @var{block}.
321 +Like @code{setkey}, @var{block} is specified as an array of 64 bits each
322 +stored in a @code{char}, but there are no parity bits in @var{block}.
325 +@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
326 +@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
327 +@standards{GNU, crypt.h}
328 +@c setkey_r: @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
329 +@safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
331 +These are reentrant versions of @code{setkey} and @code{encrypt}. The
332 +only difference is the extra parameter, which stores the expanded
333 +version of @var{key}. Before calling @code{setkey_r} the first time,
334 +@code{data->initialized} must be cleared to zero.
337 +The @code{setkey_r} and @code{encrypt_r} functions are GNU extensions.
338 +@code{setkey}, @code{encrypt}, @code{setkey_r}, and @code{encrypt_r} are
339 +defined in @file{crypt.h}.
341 +@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode})
342 +@standards{SUNRPC, rpc/des_crypt.h}
343 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
345 +The function @code{ecb_crypt} encrypts or decrypts one or more blocks
346 +using DES. Each block is encrypted independently.
348 +The @var{blocks} and the @var{key} are stored packed in 8-bit bytes, so
349 +that the first bit of the key is the most-significant bit of
350 +@code{key[0]} and the 63rd bit of the key is stored as the
351 +least-significant bit of @code{key[7]}. The @var{key} should have the
354 +@var{len} is the number of bytes in @var{blocks}. It should be a
355 +multiple of 8 (so that there are a whole number of blocks to encrypt).
356 +@var{len} is limited to a maximum of @code{DES_MAXDATA} bytes.
358 +The result of the encryption replaces the input in @var{blocks}.
360 +The @var{mode} parameter is the bitwise OR of two of the following:
364 +@standards{SUNRPC, rpc/des_crypt.h}
365 +This constant, used in the @var{mode} parameter, specifies that
366 +@var{blocks} is to be encrypted.
369 +@standards{SUNRPC, rpc/des_crypt.h}
370 +This constant, used in the @var{mode} parameter, specifies that
371 +@var{blocks} is to be decrypted.
374 +@standards{SUNRPC, rpc/des_crypt.h}
375 +This constant, used in the @var{mode} parameter, asks to use a hardware
376 +device. If no hardware device is available, encryption happens anyway,
380 +@standards{SUNRPC, rpc/des_crypt.h}
381 +This constant, used in the @var{mode} parameter, specifies that no
382 +hardware device is to be used.
385 +The result of the function will be one of these values:
389 +@standards{SUNRPC, rpc/des_crypt.h}
390 +The encryption succeeded.
392 +@item DESERR_NOHWDEVICE
393 +@standards{SUNRPC, rpc/des_crypt.h}
394 +The encryption succeeded, but there was no hardware device available.
396 +@item DESERR_HWERROR
397 +@standards{SUNRPC, rpc/des_crypt.h}
398 +The encryption failed because of a hardware problem.
400 +@item DESERR_BADPARAM
401 +@standards{SUNRPC, rpc/des_crypt.h}
402 +The encryption failed because of a bad parameter, for instance @var{len}
403 +is not a multiple of 8 or @var{len} is larger than @code{DES_MAXDATA}.
407 +@deftypefun int DES_FAILED (int @var{err})
408 +@standards{SUNRPC, rpc/des_crypt.h}
409 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
410 +This macro returns 1 if @var{err} is a `success' result code from
411 +@code{ecb_crypt} or @code{cbc_crypt}, and 0 otherwise.
414 +@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode}, char *@var{ivec})
415 +@standards{SUNRPC, rpc/des_crypt.h}
416 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
418 +The function @code{cbc_crypt} encrypts or decrypts one or more blocks
419 +using DES in Cipher Block Chaining mode.
421 +For encryption in CBC mode, each block is exclusive-ored with @var{ivec}
422 +before being encrypted, then @var{ivec} is replaced with the result of
423 +the encryption, then the next block is processed. Decryption is the
424 +reverse of this process.
426 +This has the advantage that blocks which are the same before being
427 +encrypted are very unlikely to be the same after being encrypted, making
428 +it much harder to detect patterns in the data.
430 +Usually, @var{ivec} is set to 8 random bytes before encryption starts.
431 +Then the 8 random bytes are transmitted along with the encrypted data
432 +(without themselves being encrypted), and passed back in as @var{ivec}
433 +for decryption. Another possibility is to set @var{ivec} to 8 zeroes
434 +initially, and have the first block encrypted consist of 8 random
437 +Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
440 +@deftypefun void des_setparity (char *@var{key})
441 +@standards{SUNRPC, rpc/des_crypt.h}
442 +@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
444 +The function @code{des_setparity} changes the 64-bit @var{key}, stored
445 +packed in 8-bit bytes, to have odd parity by altering the low bits of
449 +The @code{ecb_crypt}, @code{cbc_crypt}, and @code{des_setparity}
450 +functions and their accompanying macros are all defined in the header
451 +@file{rpc/des_crypt.h}.
453 +@node Unpredictable Bytes
454 +@section Generating Unpredictable Bytes
456 The next program demonstrates how to verify a passphrase. It checks a
457 hash hardcoded into the program, because looking up real users' hashed
458 passphrases may require special privileges (@pxref{User Database}).
459 --- a/manual/string.texi
460 +++ b/manual/string.texi
461 @@ -36,8 +36,8 @@ too.
463 * Erasing Sensitive Data:: Clearing memory which contains sensitive
464 data, after it's no longer needed.
465 -* Shuffling Bytes:: Or how to flash-cook a string.
466 -* Obfuscating Data:: Reversibly obscuring data from casual view.
467 +* strfry:: Function for flash-cooking a string.
468 +* Trivial Encryption:: Obscuring data.
469 * Encode Binary Data:: Encoding and Decoding of Binary Data.
470 * Argz and Envz Vectors:: Null-separated string vectors.
472 @@ -2423,73 +2423,73 @@ functionality under a different name, su
473 systems it may be in @file{strings.h} instead.
477 -@node Shuffling Bytes
478 -@section Shuffling Bytes
482 The function below addresses the perennial programming quandary: ``How do
483 I take good data in string form and painlessly turn it into garbage?''
484 -This is not a difficult thing to code for oneself, but the authors of
485 -@theglibc{} wish to make it as convenient as possible.
486 +This is actually a fairly simple task for C programmers who do not use
487 +@theglibc{} string functions, but for programs based on @theglibc{},
488 +the @code{strfry} function is the preferred method for
489 +destroying string data.
491 -To @emph{erase} data, use @code{explicit_bzero} (@pxref{Erasing
492 -Sensitive Data}); to obfuscate it reversibly, use @code{memfrob}
493 -(@pxref{Obfuscating Data}).
494 +The prototype for this function is in @file{string.h}.
496 @deftypefun {char *} strfry (char *@var{string})
497 @standards{GNU, string.h}
498 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
499 @c Calls initstate_r, time, getpid, strlen, and random_r.
501 -@code{strfry} performs an in-place shuffle on @var{string}. Each
502 -character is swapped to a position selected at random, within the
503 -portion of the string starting with the character's original position.
504 -(This is the Fisher-Yates algorithm for unbiased shuffling.)
506 -Calling @code{strfry} will not disturb any of the random number
507 -generators that have global state (@pxref{Pseudo-Random Numbers}).
508 +@code{strfry} creates a pseudorandom anagram of a string, replacing the
509 +input with the anagram in place. For each position in the string,
510 +@code{strfry} swaps it with a position in the string selected at random
511 +(from a uniform distribution). The two positions may be the same.
513 The return value of @code{strfry} is always @var{string}.
515 @strong{Portability Note:} This function is unique to @theglibc{}.
516 -It is declared in @file{string.h}.
521 -@node Obfuscating Data
522 -@section Obfuscating Data
523 +@node Trivial Encryption
524 +@section Trivial Encryption
528 +The @code{memfrob} function converts an array of data to something
529 +unrecognizable and back again. It is not encryption in its usual sense
530 +since it is easy for someone to convert the encrypted data back to clear
531 +text. The transformation is analogous to Usenet's ``Rot13'' encryption
532 +method for obscuring offensive jokes from sensitive eyes and such.
533 +Unlike Rot13, @code{memfrob} works on arbitrary binary data, not just
537 -The @code{memfrob} function reversibly obfuscates an array of binary
538 -data. This is not true encryption; the obfuscated data still bears a
539 -clear relationship to the original, and no secret key is required to
540 -undo the obfuscation. It is analogous to the ``Rot13'' cipher used on
541 -Usenet for obscuring offensive jokes, spoilers for works of fiction,
542 -and so on, but it can be applied to arbitrary binary data.
544 -Programs that need true encryption---a transformation that completely
545 -obscures the original and cannot be reversed without knowledge of a
546 -secret key---should use a dedicated cryptography library, such as
547 -@uref{https://www.gnu.org/software/libgcrypt/,,libgcrypt}.
549 -Programs that need to @emph{destroy} data should use
550 -@code{explicit_bzero} (@pxref{Erasing Sensitive Data}), or possibly
551 -@code{strfry} (@pxref{Shuffling Bytes}).
552 +For true encryption, @xref{Cryptographic Functions}.
554 +This function is declared in @file{string.h}.
557 @deftypefun {void *} memfrob (void *@var{mem}, size_t @var{length})
558 @standards{GNU, string.h}
559 @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
561 -The function @code{memfrob} obfuscates @var{length} bytes of data
562 -beginning at @var{mem}, in place. Each byte is bitwise xor-ed with
563 -the binary pattern 00101010 (hexadecimal 0x2A). The return value is
566 -@code{memfrob} a second time on the same data returns it to
568 +@code{memfrob} transforms (frobnicates) each byte of the data structure
569 +at @var{mem}, which is @var{length} bytes long, by bitwise exclusive
570 +oring it with binary 00101010. It does the transformation in place and
571 +its return value is always @var{mem}.
573 +Note that @code{memfrob} a second time on the same data structure
574 +returns it to its original state.
576 +This is a good function for hiding information from someone who doesn't
577 +want to see it or doesn't want to see it very much. To really prevent
578 +people from retrieving the information, use stronger encryption such as
579 +that described in @xref{Cryptographic Functions}.
581 @strong{Portability Note:} This function is unique to @theglibc{}.
582 -It is declared in @file{string.h}.
586 @node Encode Binary Data
589 @@ -107,6 +107,9 @@ __BEGIN_DECLS
590 /* The X/Open Unix extensions are available. */
591 #define _XOPEN_UNIX 1
593 +/* Encryption is present. */
594 +#define _XOPEN_CRYPT 1
596 /* The enhanced internationalization capabilities according to XPG4.2
598 #define _XOPEN_ENH_I18N 1
599 @@ -1146,17 +1149,25 @@ ssize_t copy_file_range (int __infd, __o
600 extern int fdatasync (int __fildes);
601 #endif /* Use POSIX199309 */
604 +/* XPG4.2 specifies that prototypes for the encryption functions must
605 + be defined here. */
607 /* One-way hash PHRASE, returning a string suitable for storage in the
608 user database. SALT selects the one-way function to use, and
609 ensures that no two users' hashes are the same, even if they use
610 the same passphrase. The return value points to static storage
611 which will be overwritten by the next call to crypt. */
613 +/* Encrypt at most 8 characters from KEY using salt to perturb DES. */
614 extern char *crypt (const char *__key, const char *__salt)
615 __THROW __nonnull ((1, 2));
619 +/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
621 +extern void encrypt (char *__glibc_block, int __edflag)
622 + __THROW __nonnull ((1));
625 /* Swab pairs bytes in the first N bytes of the area pointed to by
626 FROM and copy the result to TO. The value of TO must not be in the
627 range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM
628 --- a/stdlib/stdlib.h
629 +++ b/stdlib/stdlib.h
630 @@ -968,6 +968,12 @@ extern int getsubopt (char **__restrict
635 +/* Setup DES tables according KEY. */
636 +extern void setkey (const char *__key) __THROW __nonnull ((1));
640 /* X/Open pseudo terminal handling. */
642 #ifdef __USE_XOPEN2KXSI
643 --- a/sunrpc/des_crypt.c
644 +++ b/sunrpc/des_crypt.c
645 @@ -86,9 +86,6 @@ common_crypt (char *key, char *buf, regi
646 return desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE;
649 -/* Note: these cannot be excluded from the build yet, because they are
650 - still used internally. */
653 * CBC mode encryption
655 @@ -105,7 +102,7 @@ cbc_crypt (char *key, char *buf, unsigne
656 COPY8 (dp.des_ivec, ivec);
659 -hidden_nolink (cbc_crypt, libc, GLIBC_2_1)
660 +libc_hidden_nolink_sunrpc (cbc_crypt, GLIBC_2_1)
663 * ECB mode encryption
664 @@ -118,4 +115,4 @@ ecb_crypt (char *key, char *buf, unsigne
666 return common_crypt (key, buf, len, mode, &dp);
668 -hidden_nolink (ecb_crypt, libc, GLIBC_2_1)
669 +libc_hidden_nolink_sunrpc (ecb_crypt, GLIBC_2_1)
670 --- a/sunrpc/des_soft.c
671 +++ b/sunrpc/des_soft.c
672 @@ -71,4 +71,4 @@ des_setparity (char *p)
676 -hidden_nolink (des_setparity, libc, GLIBC_2_1)
677 +libc_hidden_nolink_sunrpc (des_setparity, GLIBC_2_1)