diff options
| author | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2021-06-15 10:04:11 +0000 |
|---|---|---|
| committer | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2021-06-15 10:06:40 +0000 |
| commit | 7d681ad774f00cf06c4ef910add91e0f8a79f7ae (patch) | |
| tree | 684ded22193614c7ec26a51985a218b74f98f680 /secure/lib | |
| parent | 9d167945e8409c739442a02e3fbacb3bcdcc3306 (diff) | |
| download | src-7d681ad774f00cf06c4ef910add91e0f8a79f7ae.tar.gz src-7d681ad774f00cf06c4ef910add91e0f8a79f7ae.zip | |
crypt_r(3): fix reentrancy problems with DES
This code was originally written for non-reentrant crypt(3).
In 5f521d7ba72, a thread-safe crypt_r(3) was introduced. However,
it looks like the DES implementation is still not re-entrant;
routines like setup_salt() or des_setkey() still use global
variables.
Instead of something drastic, eg removing DES support altogether,
just mark those variables as thread-local. This adds about 30kB
of data per thread.
Given that this only applies to DES, I think the impact is minimal.
Reviewed By: markj
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D30674
Diffstat (limited to 'secure/lib')
| -rw-r--r-- | secure/lib/libcrypt/crypt-des.c | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c index 4601e46fe31b..6d8591330ecd 100644 --- a/secure/lib/libcrypt/crypt-des.c +++ b/secure/lib/libcrypt/crypt-des.c @@ -74,27 +74,27 @@ __FBSDID("$FreeBSD$"); #endif -static u_char IP[64] = { +static const u_char IP[64] = { 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 }; -static u_char inv_key_perm[64]; -static u_char key_perm[56] = { +static __thread u_char inv_key_perm[64]; +static const u_char key_perm[56] = { 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 }; -static u_char key_shifts[16] = { +static const u_char key_shifts[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; -static u_char inv_comp_perm[56]; -static u_char comp_perm[48] = { +static __thread u_char inv_comp_perm[56]; +static const u_char comp_perm[48] = { 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, @@ -105,8 +105,8 @@ static u_char comp_perm[48] = { * No E box is used, as it's replaced by some ANDs, shifts, and ORs. */ -static u_char u_sbox[8][64]; -static u_char sbox[8][64] = { +static __thread u_char u_sbox[8][64]; +static const u_char sbox[8][64] = { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, @@ -157,13 +157,13 @@ static u_char sbox[8][64] = { } }; -static u_char un_pbox[32]; -static u_char pbox[32] = { +static __thread u_char un_pbox[32]; +static const u_char pbox[32] = { 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 }; -static u_int32_t bits32[32] = +static const u_int32_t bits32[32] = { 0x80000000, 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000, 0x01000000, @@ -175,24 +175,24 @@ static u_int32_t bits32[32] = 0x00000008, 0x00000004, 0x00000002, 0x00000001 }; -static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; - -static u_int32_t saltbits; -static u_int32_t old_salt; -static u_int32_t *bits28, *bits24; -static u_char init_perm[64], final_perm[64]; -static u_int32_t en_keysl[16], en_keysr[16]; -static u_int32_t de_keysl[16], de_keysr[16]; -static int des_initialised = 0; -static u_char m_sbox[4][4096]; -static u_int32_t psbox[4][256]; -static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; -static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; -static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; -static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; -static u_int32_t old_rawkey0, old_rawkey1; - -static u_char ascii64[] = +static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static __thread u_int32_t saltbits; +static __thread u_int32_t old_salt; +static __thread const u_int32_t *bits28, *bits24; +static __thread u_char init_perm[64], final_perm[64]; +static __thread u_int32_t en_keysl[16], en_keysr[16]; +static __thread u_int32_t de_keysl[16], de_keysr[16]; +static __thread int des_initialised = 0; +static __thread u_char m_sbox[4][4096]; +static __thread u_int32_t psbox[4][256]; +static __thread u_int32_t ip_maskl[8][256], ip_maskr[8][256]; +static __thread u_int32_t fp_maskl[8][256], fp_maskr[8][256]; +static __thread u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; +static __thread u_int32_t comp_maskl[8][128], comp_maskr[8][128]; +static __thread u_int32_t old_rawkey0, old_rawkey1; + +static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* 0000000000111111111122222222223333333333444444444455555555556666 */ /* 0123456789012345678901234567890123456789012345678901234567890123 */ |