From owner-cvs-usrsbin  Tue Jun 17 11:05:41 1997
Return-Path: <owner-cvs-usrsbin>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA26718
          for cvs-usrsbin-outgoing; Tue, 17 Jun 1997 11:05:41 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.cdrom.com [204.216.27.21])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA26516;
          Tue, 17 Jun 1997 11:03:55 -0700 (PDT)
From: Bill Paul <wpaul@FreeBSD.ORG>
Received: (from wpaul@localhost)
	by freefall.freebsd.org (8.8.5/8.8.5) id LAA01181;
	Tue, 17 Jun 1997 11:03:53 -0700 (PDT)
Date: Tue, 17 Jun 1997 11:03:53 -0700 (PDT)
Message-Id: <199706171803.LAA01181@freefall.freebsd.org>
To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrsbin@FreeBSD.ORG
Subject: cvs commit: src/usr.sbin/keyserv crypt_server.c
Sender: owner-cvs-usrsbin@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

wpaul       1997/06/17 11:03:53 PDT

  Modified files:
    usr.sbin/keyserv     crypt_server.c 
  Log:
  Work around a bug (deficiency?) in the libdes Secure RPC compat interface.
  The way Secure RPC is set up, the ecb_crypt() routine is expected to
  be able to encrypt a buffer of any size up to 8192 bytes. However, the
  des_ecb_encrypt() routine in libdes only encrypts 8 bytes (64 bits) at a
  time. The rpc_enc.c module should compensate for this by calling
  des_ecb_encrypt() repeatedly until it has encrypted the entire supplied
  buffer, but it does not do this.
  
  As a workaround, keyserv now handles this itself: if we're using DES
  encryption, and the caller requested ECB mode, keyserv will do the right
  thing.
  
  Also changed all references to 'rc4' into 'arcfour' just in case some
  litigious bastard from RSA is watching.
  
  Note that I discovered and fixed this problem while trying to get
  a part of NIS+ working: rpc.nisd signs directory objects with a 16-byte
  MD5 digest that is encrypted with ecb_crypt(). Previously, only the
  first 8 bytes of the digest were being properly encrypted, which caused
  the Sun nis_cachemgr to reject the signatures as invalid. I failed to
  notice this before since Secure RPC usually never has to encrypt more
  than 8 bytes of data during normal operations.
  
  Revision  Changes    Path
  1.2       +58 -24    src/usr.sbin/keyserv/crypt_server.c