From owner-dev-commits-src-all@freebsd.org Tue Jun 15 10:07:19 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E11A064507C; Tue, 15 Jun 2021 10:07:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G43s35x7Dz3HQL; Tue, 15 Jun 2021 10:07:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B018926252; Tue, 15 Jun 2021 10:07:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 15FA7Jag074304; Tue, 15 Jun 2021 10:07:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 15FA7Jdh074303; Tue, 15 Jun 2021 10:07:19 GMT (envelope-from git) Date: Tue, 15 Jun 2021 10:07:19 GMT Message-Id: <202106151007.15FA7Jdh074303@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Edward Tomasz Napierala Subject: git: 7d681ad774f0 - main - crypt_r(3): fix reentrancy problems with DES MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: trasz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7d681ad774f00cf06c4ef910add91e0f8a79f7ae Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jun 2021 10:07:19 -0000 The branch main has been updated by trasz: URL: https://cgit.FreeBSD.org/src/commit/?id=7d681ad774f00cf06c4ef910add91e0f8a79f7ae commit 7d681ad774f00cf06c4ef910add91e0f8a79f7ae Author: Edward Tomasz Napierala AuthorDate: 2021-06-15 10:04:11 +0000 Commit: Edward Tomasz Napierala CommitDate: 2021-06-15 10:06:40 +0000 crypt_r(3): fix reentrancy problems with DES This code was originally written for non-reentrant crypt(3). In 5f521d7ba72, a thread-safe crypt_r(3) was introduced. However, it looks like the DES implementation is still not re-entrant; routines like setup_salt() or des_setkey() still use global variables. Instead of something drastic, eg removing DES support altogether, just mark those variables as thread-local. This adds about 30kB of data per thread. Given that this only applies to DES, I think the impact is minimal. Reviewed By: markj Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D30674 --- secure/lib/libcrypt/crypt-des.c | 58 ++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c index 4601e46fe31b..6d8591330ecd 100644 --- a/secure/lib/libcrypt/crypt-des.c +++ b/secure/lib/libcrypt/crypt-des.c @@ -74,27 +74,27 @@ __FBSDID("$FreeBSD$"); #endif -static u_char IP[64] = { +static const u_char IP[64] = { 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 }; -static u_char inv_key_perm[64]; -static u_char key_perm[56] = { +static __thread u_char inv_key_perm[64]; +static const u_char key_perm[56] = { 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 }; -static u_char key_shifts[16] = { +static const u_char key_shifts[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; -static u_char inv_comp_perm[56]; -static u_char comp_perm[48] = { +static __thread u_char inv_comp_perm[56]; +static const u_char comp_perm[48] = { 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, @@ -105,8 +105,8 @@ static u_char comp_perm[48] = { * No E box is used, as it's replaced by some ANDs, shifts, and ORs. */ -static u_char u_sbox[8][64]; -static u_char sbox[8][64] = { +static __thread u_char u_sbox[8][64]; +static const u_char sbox[8][64] = { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, @@ -157,13 +157,13 @@ static u_char sbox[8][64] = { } }; -static u_char un_pbox[32]; -static u_char pbox[32] = { +static __thread u_char un_pbox[32]; +static const u_char pbox[32] = { 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 }; -static u_int32_t bits32[32] = +static const u_int32_t bits32[32] = { 0x80000000, 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000, 0x01000000, @@ -175,24 +175,24 @@ static u_int32_t bits32[32] = 0x00000008, 0x00000004, 0x00000002, 0x00000001 }; -static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; - -static u_int32_t saltbits; -static u_int32_t old_salt; -static u_int32_t *bits28, *bits24; -static u_char init_perm[64], final_perm[64]; -static u_int32_t en_keysl[16], en_keysr[16]; -static u_int32_t de_keysl[16], de_keysr[16]; -static int des_initialised = 0; -static u_char m_sbox[4][4096]; -static u_int32_t psbox[4][256]; -static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; -static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; -static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; -static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; -static u_int32_t old_rawkey0, old_rawkey1; - -static u_char ascii64[] = +static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static __thread u_int32_t saltbits; +static __thread u_int32_t old_salt; +static __thread const u_int32_t *bits28, *bits24; +static __thread u_char init_perm[64], final_perm[64]; +static __thread u_int32_t en_keysl[16], en_keysr[16]; +static __thread u_int32_t de_keysl[16], de_keysr[16]; +static __thread int des_initialised = 0; +static __thread u_char m_sbox[4][4096]; +static __thread u_int32_t psbox[4][256]; +static __thread u_int32_t ip_maskl[8][256], ip_maskr[8][256]; +static __thread u_int32_t fp_maskl[8][256], fp_maskr[8][256]; +static __thread u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; +static __thread u_int32_t comp_maskl[8][128], comp_maskr[8][128]; +static __thread u_int32_t old_rawkey0, old_rawkey1; + +static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* 0000000000111111111122222222223333333333444444444455555555556666 */ /* 0123456789012345678901234567890123456789012345678901234567890123 */