summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorwpaul <wpaul@FreeBSD.org>1997-06-17 18:03:52 +0000
committerwpaul <wpaul@FreeBSD.org>1997-06-17 18:03:52 +0000
commit8a67f91ff926c6a89583d091afd5bc2e8533b626 (patch)
tree56645fcc3da35d2269eef520d46afaa3d18f03fc /sys
parentec7ac3a30e38c701708d07fc6d764a4ae492f877 (diff)
downloadFreeBSD-src-8a67f91ff926c6a89583d091afd5bc2e8533b626.zip
FreeBSD-src-8a67f91ff926c6a89583d091afd5bc2e8533b626.tar.gz
Work around a bug (deficiency?) in the libdes Secure RPC compat interface.
The way Secure RPC is set up, the ecb_crypt() routine is expected to be able to encrypt a buffer of any size up to 8192 bytes. However, the des_ecb_encrypt() routine in libdes only encrypts 8 bytes (64 bits) at a time. The rpc_enc.c module should compensate for this by calling des_ecb_encrypt() repeatedly until it has encrypted the entire supplied buffer, but it does not do this. As a workaround, keyserv now handles this itself: if we're using DES encryption, and the caller requested ECB mode, keyserv will do the right thing. Also changed all references to 'rc4' into 'arcfour' just in case some litigious bastard from RSA is watching. Note that I discovered and fixed this problem while trying to get a part of NIS+ working: rpc.nisd signs directory objects with a 16-byte MD5 digest that is encrypted with ecb_crypt(). Previously, only the first 8 bytes of the digest were being properly encrypted, which caused the Sun nis_cachemgr to reject the signatures as invalid. I failed to notice this before since Secure RPC usually never has to encrypt more than 8 bytes of data during normal operations.
Diffstat (limited to 'sys')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud