[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[patches] [PATCH] EGLIBC_CRYPT and EGLIBC_CRYPT_UFC option groups



The attached patch adds two new option groups to EGLIBC and control building of the libcrypt library.

The first option group OPTION_EGLIBC_CRYPT controls if libcrypt should be installed at all. Normally, linux systems will want to have that library present.

The second option group enables removal of the ultra-fast implementation of the DES algorithm (MD5 will be used by default instead). The two reasons for this option group are (a) to avoid libcrypt allocating a 160 KB static buffer for internal purposes and (b) to make libcrypt 25% smaller (35 KB -> 26 KB on i686).

The patch was tested on a cross-compiled i686 toolchain with no failures.

OK to check in?

Regards,

--
Maxim Kuvyrkov
CodeSourcery
maxim@xxxxxxxxxxxxxxxx
(650) 331-3385 x724
2009-11-14  Maxim Kuvyrkov  <maxim@xxxxxxxxxxxxxxxx>

	OPTION_EGLIBC_CRYPT and OPTION_EGLIBC_CRYPT_UFC.
	
	* option-groups.def: Describe new option groups.
	* option-groups.defaults: Set defaults.
	* crypt/Makefile: Don't build libcrypt if OPTION_EGLIBC_CRYPT is not
	selected, don't compile UFC implementation if OPTION_EGLIBC_CRYPT_UFC
	is not selected; adjust tests accordingly.
	* crypt/crypt-entry.c: Include <gnu/option-groups.h>.
	(__crypt_r, crypt): Handle OPTION_EGLIBC_CRYPT_UFC, fallback to MD5
	if DES is not available.
diff --git a/crypt/Makefile b/crypt/Makefile
index b9c8797..2585e39 100644
--- a/crypt/Makefile
+++ b/crypt/Makefile
@@ -19,24 +19,28 @@
 #
 #	Sub-makefile for crypt() portion of the library.
 #
+include ../option-groups.mak
+
 subdir	:= crypt
 
 headers := crypt.h
 
-extra-libs := libcrypt
-extra-libs-others := $(extra-libs)
+extra-libs-$(OPTION_EGLIBC_CRYPT) := libcrypt
+extra-libs-others-y := $(extra-libs-y)
 
-libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \
-		     crypt_util
+libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt
+libcrypt-routines-$(OPTION_EGLIBC_CRYPT_UFC) := crypt_util crypt
+libcrypt-routines += $(libcrypt-routines-y)
 
-tests := cert md5c-test sha256c-test sha512c-test
+tests-$(OPTION_EGLIBC_CRYPT) := md5c-test sha256c-test sha512c-test
+tests-$(OPTION_EGLIBC_CRYPT_UFC) += cert
 
 distribute := ufc-crypt.h crypt-private.h ufc.c speeds.c README.ufc-crypt \
 	      Banner md5.h sha256.h sha512.h
 
 include ../Makeconfig
 
-ifeq ($(crypt-in-libc),yes)
+ifeq ($(crypt-in-libc)$(OPTION_EGLIBC_CRYPT),yesy)
 routines += $(libcrypt-routines)
 endif
 
@@ -48,7 +52,7 @@ LDLIBS-crypt.so = -lfreebl3
 else
 libcrypt-routines += md5 sha256 sha512
 
-tests += md5test sha256test sha512test
+tests-$(OPTION_EGLIBC_CRYPT) += md5test sha256test sha512test
 
 $(objpfx)md5test: $(objpfx)md5.o
 $(objpfx)sha256test: $(objpfx)sha256.o
@@ -57,6 +61,7 @@ endif
 
 include ../Rules
 
+ifeq ($(OPTION_EGLIBC_CRYPT),y)
 ifeq (yes,$(build-shared))
 $(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so
 else
@@ -65,6 +70,7 @@ endif
 ifeq (yes,$(build-bounded))
 $(tests:%=$(objpfx)%-bp): $(objpfx)libcrypt_b.a
 endif
+endif # eglibc: OPTION_EGLIBC_CRYPT
 
 # Depend on libc.so so a DT_NEEDED is generated in the shared objects.
 # This ensures they will load libc.so for needed symbols if loaded by
diff --git a/crypt/crypt-entry.c b/crypt/crypt-entry.c
index fdddad2..145c40f 100644
--- a/crypt/crypt-entry.c
+++ b/crypt/crypt-entry.c
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #endif
 #include <string.h>
+#include <gnu/option-groups.h>
 
 #ifndef STATIC
 #define STATIC static
@@ -87,9 +88,11 @@ __crypt_r (key, salt, data)
      const char *salt;
      struct crypt_data * __restrict data;
 {
+#if __OPTION_EGLIBC_CRYPT_UFC
   ufc_long res[4];
   char ktab[9];
   ufc_long xx = 25; /* to cope with GCC long long compiler bugs */
+#endif /*__OPTION_EGLIBC_CRYPT_UFC*/
 
 #ifdef _LIBC
   /* Try to find out whether we have to use MD5 encryption replacement.  */
@@ -108,6 +111,7 @@ __crypt_r (key, salt, data)
 			     sizeof (struct crypt_data));
 #endif
 
+#if __OPTION_EGLIBC_CRYPT_UFC
   /*
    * Hack DES tables according to salt
    */
@@ -136,6 +140,10 @@ __crypt_r (key, salt, data)
    */
   _ufc_output_conversion_r (res[0], res[1], salt, data);
   return data->crypt_3_buf;
+#else /* __OPTION_EGLIBC_CRYPT_UFC */
+  return __md5_crypt_r (key, salt, (char *) data,
+			sizeof (struct crypt_data));
+#endif /* __OPTION_EGLIBC_CRYPT_UFC */
 }
 weak_alias (__crypt_r, crypt_r)
 
@@ -158,7 +166,11 @@ crypt (key, salt)
     return __sha512_crypt (key, salt);
 #endif
 
+#if __OPTION_EGLIBC_CRYPT_UFC
   return __crypt_r (key, salt, &_ufc_foobar);
+#else /* __OPTION_EGLIBC_CRYPT_UFC */
+  return __md5_crypt (key, salt);
+#endif /* __OPTION_EGLIBC_CRYPT_UFC */
 }
 
 
diff --git a/option-groups.def b/option-groups.def
index 26ef4bb..4d13a0a 100644
--- a/option-groups.def
+++ b/option-groups.def
@@ -198,6 +198,23 @@ config OPTION_EGLIBC_CHARSETS
           WCHAR_T           - EGLIBC's internal form (target-endian,
                               32-bit ISO 10646)
 
+config OPTION_EGLIBC_CRYPT
+   bool "Encryption library"
+   help
+       This option group includes the `libcrypt' library which
+       provides functions for one-way encryption.  Supported
+       encryption algorithms include MD5, SHA-256, SHA-512 and DES.
+
+config OPTION_EGLIBC_CRYPT_UFC
+   bool "Ultra fast `crypt' implementation"
+   depends OPTION_EGLIBC_CRYPT
+   help
+       This option group provides ultra fast DES-based implementation of
+       the `crypt' function.  When this option group is disabled,
+       (a) the library will not provide the setkey[_r] and encrypt[_r]
+       functions and (b) the crypt[_r] function will use the MD5 algorithm
+       by default.
+
 config OPTION_EGLIBC_DB_ALIASES
    bool "Functions for accessing the mail aliases database"
    help
diff --git a/option-groups.defaults b/option-groups.defaults
index 4653e64..5d6be82 100644
--- a/option-groups.defaults
+++ b/option-groups.defaults
@@ -15,6 +15,8 @@ OPTION_EGLIBC_BSD = y
 OPTION_EGLIBC_CXX_TESTS = y
 OPTION_EGLIBC_CATGETS = y
 OPTION_EGLIBC_CHARSETS = y
+OPTION_EGLIBC_CRYPT = y
+OPTION_EGLIBC_CRYPT_UFC = y
 OPTION_EGLIBC_DB_ALIASES = y
 OPTION_EGLIBC_ENVZ = y
 OPTION_EGLIBC_FCVT = y