[openwrt/openwrt] toolchain: glibc: update to 2.41
LEDE Commits
lede-commits at lists.infradead.org
Sat Jul 12 14:41:16 PDT 2025
hauke pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/39c1ca333235d4acda4c18e98f263f9797391bf4
commit 39c1ca333235d4acda4c18e98f263f9797391bf4
Author: Konstantin Demin <rockdrilla at gmail.com>
AuthorDate: Fri Jul 4 11:03:14 2025 +0300
toolchain: glibc: update to 2.41
glibc 2.39 has removed libcrypt completely:
- configuration flag "--enable-crypt" is obsolete and removed
- patch "050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch"
does not matter anymore
Signed-off-by: Konstantin Demin <rockdrilla at gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
toolchain/glibc/common.mk | 9 +-
...llow-use-of-DES-encryption-functions-in-n.patch | 677 ---------------------
2 files changed, 4 insertions(+), 682 deletions(-)
diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk
index 343c68a2df..eccce6c4d8 100644
--- a/toolchain/glibc/common.mk
+++ b/toolchain/glibc/common.mk
@@ -7,13 +7,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=glibc
-PKG_VERSION:=2.38
-PKG_RELEASE:=3
+PKG_VERSION:=2.41
+PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=ca41fe44a552a78e78b1b5de6116c67ef712eb74
-PKG_MIRROR_HASH:=1671a22ad65e725689bb27708e8b555a81a4cd055a134e58f160ed5540b63bc5
+PKG_SOURCE_VERSION:=74f59e9271cbb4071671e5a474e7d4f1622b186f
+PKG_MIRROR_HASH:=379dc25c8c511fb7d76552157442d8082ef86084c290875565f7fc30e2947832
PKG_SOURCE_URL:=https://sourceware.org/git/glibc.git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.zst
PKG_CPE_ID:=cpe:/a:gnu:glibc
@@ -61,7 +61,6 @@ GLIBC_CONFIGURE:= \
--without-gd \
--without-cvs \
--enable-add-ons \
- --enable-crypt \
--$(if $(CONFIG_SOFT_FLOAT),without,with)-fp \
$(if $(CONFIG_PKG_CC_STACKPROTECTOR_REGULAR),--enable-stack-protector=yes) \
$(if $(CONFIG_PKG_CC_STACKPROTECTOR_STRONG),--enable-stack-protector=strong) \
diff --git a/toolchain/glibc/patches/050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch b/toolchain/glibc/patches/050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch
deleted file mode 100644
index 771cb4c374..0000000000
--- a/toolchain/glibc/patches/050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch
+++ /dev/null
@@ -1,677 +0,0 @@
-From 08f5e0df46ce1ad617bcde1fd5542545397630b9 Mon Sep 17 00:00:00 2001
-From: Hans Dedecker <dedeckeh at gmail.com>
-Date: Sat, 24 Oct 2020 21:13:30 +0200
-Subject: Revert "Disallow use of DES encryption functions in new programs."
-
-This reverts commit b10a0accee709a5efff2fadf0b0bbb79ff0ad759.
-
-ppp still uses the encrypt functions from the libc while musl libc also
-provides them.
----
- conform/data/stdlib.h-data | 3 +
- conform/data/unistd.h-data | 6 ++
- crypt/cert.c | 26 -----
- crypt/crypt-entry.c | 15 ++-
- crypt/crypt.h | 16 +++
- crypt/crypt_util.c | 9 --
- manual/conf.texi | 2 -
- manual/crypt.texi | 204 +++++++++++++++++++++++++++++++++++++
- manual/string.texi | 82 +++++++--------
- posix/unistd.h | 17 +++-
- stdlib/stdlib.h | 6 ++
- sunrpc/des_crypt.c | 7 +-
- sunrpc/des_soft.c | 2 +-
- 13 files changed, 305 insertions(+), 90 deletions(-)
-
---- a/conform/data/stdlib.h-data
-+++ b/conform/data/stdlib.h-data
-@@ -149,6 +149,9 @@ function {unsigned short int*} seed48 (u
- #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined XPG4 && !defined XPG42 && !defined UNIX98
- function int setenv (const char*, const char*, int)
- #endif
-+#if !defined ISO && !defined ISO99 && !defined ISO11 && !defined POSIX && !defined POSIX2008
-+function void setkey (const char*)
-+#endif
- #if !defined ISO && !defined ISO99 && !defined ISO11 && !defined XPG4 && !defined POSIX && !defined POSIX2008
- function {char*} setstate (char*)
- #endif
---- a/conform/data/unistd.h-data
-+++ b/conform/data/unistd.h-data
-@@ -437,6 +437,9 @@ function int chroot (const char*)
- function int chown (const char*, uid_t, gid_t)
- function int close (int)
- function size_t confstr (int, char*, size_t)
-+#if !defined POSIX && !defined POSIX2008
-+function {char*} crypt (const char*, const char*)
-+#endif
- #if defined XPG4 || defined XPG42 || defined UNIX98
- function {char*} ctermid (char*)
- function {char*} cuserid (char*)
-@@ -446,6 +449,9 @@ allow cuserid
- #endif
- function int dup (int)
- function int dup2 (int, int)
-+#if !defined POSIX && !defined POSIX2008
-+function void encrypt (char[64], int)
-+#endif
- function int execl (const char*, const char*, ...)
- function int execle (const char*, const char*, ...)
- function int execlp (const char*, const char*, ...)
---- a/crypt/cert.c
-+++ b/crypt/cert.c
-@@ -10,22 +10,6 @@
- #include <stdlib.h>
- #include "crypt.h"
-
--/* This file tests the deprecated setkey/encrypt interface. */
--#include <shlib-compat.h>
--#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
--
--#define libcrypt_version_reference(symbol, version) \
-- _libcrypt_version_reference (symbol, VERSION_libcrypt_##version)
--#define _libcrypt_version_reference(symbol, version) \
-- __libcrypt_version_reference (symbol, version)
--#define __libcrypt_version_reference(symbol, version) \
-- __asm__ (".symver " #symbol ", " #symbol "@" #version)
--
--extern void setkey (const char *);
--extern void encrypt (const char *, int);
--libcrypt_version_reference (setkey, GLIBC_2_0);
--libcrypt_version_reference (encrypt, GLIBC_2_0);
--
- int totfails = 0;
-
- int main (int argc, char *argv[]);
-@@ -123,13 +107,3 @@ put8 (char *cp)
- printf("%02x", t);
- }
- }
--
--#else /* encrypt and setkey are not available. */
--
--int
--main (void)
--{
-- return 77; /* UNSUPPORTED */
--}
--
--#endif
---- a/crypt/crypt-entry.c
-+++ b/crypt/crypt-entry.c
-@@ -35,7 +35,6 @@
- #endif
-
- #include "crypt-private.h"
--#include <shlib-compat.h>
-
- /* Prototypes for local functions. */
- #ifndef __GNU_LIBRARY__
-@@ -177,7 +176,17 @@ crypt (const char *key, const char *salt
- return __crypt_r (key, salt, &_ufc_foobar);
- }
-
--#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
-+
-+/*
-+ * To make fcrypt users happy.
-+ * They don't need to call init_des.
-+ */
-+#ifdef _LIBC
- weak_alias (crypt, fcrypt)
--compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0);
-+#else
-+char *
-+__fcrypt (const char *key, const char *salt)
-+{
-+ return crypt (key, salt);
-+}
- #endif
---- a/crypt/crypt.h
-+++ b/crypt/crypt.h
-@@ -36,6 +36,14 @@ __BEGIN_DECLS
- extern char *crypt (const char *__phrase, const char *__salt)
- __THROW __nonnull ((1, 2));
-
-+/* Setup DES tables according KEY. */
-+extern void setkey (const char *__key) __THROW __nonnull ((1));
-+
-+/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
-+ block in place. */
-+extern void encrypt (char *__glibc_block, int __edflag)
-+ __THROW __nonnull ((1));
-+
- #ifdef __USE_GNU
-
- /* This structure provides scratch and output buffers for 'crypt_r'.
-@@ -63,6 +71,14 @@ struct crypt_data
- extern char *crypt_r (const char *__phrase, const char *__salt,
- struct crypt_data * __restrict __data)
- __THROW __nonnull ((1, 2, 3));
-+
-+extern void setkey_r (const char *__key,
-+ struct crypt_data * __restrict __data)
-+ __THROW __nonnull ((1, 2));
-+
-+extern void encrypt_r (char *__glibc_block, int __edflag,
-+ struct crypt_data * __restrict __data)
-+ __THROW __nonnull ((1, 3));
- #endif
-
- __END_DECLS
---- a/crypt/crypt_util.c
-+++ b/crypt/crypt_util.c
-@@ -34,7 +34,6 @@
- #endif
-
- #include "crypt-private.h"
--#include <shlib-compat.h>
-
- /* Prototypes for local functions. */
- #ifndef __GNU_LIBRARY__
-@@ -151,7 +150,6 @@ static const int sbox[8][4][16]= {
- }
- };
-
--#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
- /*
- * This is the initial
- * permutation matrix
-@@ -162,7 +160,6 @@ static const int initial_perm[64] = {
- 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
- 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
- };
--#endif
-
- /*
- * This is the final
-@@ -788,7 +785,6 @@ _ufc_output_conversion_r (ufc_long v1, u
- __data->crypt_3_buf[13] = 0;
- }
-
--#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28)
-
- /*
- * UNIX encrypt function. Takes a bitvector
-@@ -889,14 +885,12 @@ __encrypt_r (char *__block, int __edflag
- }
- }
- weak_alias (__encrypt_r, encrypt_r)
--compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0);
-
- void
- encrypt (char *__block, int __edflag)
- {
- __encrypt_r(__block, __edflag, &_ufc_foobar);
- }
--compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0);
-
-
- /*
-@@ -921,15 +915,12 @@ __setkey_r (const char *__key, struct cr
- _ufc_mk_keytab_r((char *) ktab, __data);
- }
- weak_alias (__setkey_r, setkey_r)
--compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0);
-
- void
- setkey (const char *__key)
- {
- __setkey_r(__key, &_ufc_foobar);
- }
--compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0);
--#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */
-
- void
- __b64_from_24bit (char **cp, int *buflen,
---- a/manual/conf.texi
-+++ b/manual/conf.texi
-@@ -780,8 +780,6 @@ Inquire about the parameter correspondin
- @item _SC_XOPEN_CRYPT
- @standards{X/Open, unistd.h}
- Inquire about the parameter corresponding to @code{_XOPEN_CRYPT}.
-- at Theglibc no longer implements the @code{_XOPEN_CRYPT} extensions,
--so @samp{sysconf (_SC_XOPEN_CRYPT)} always returns @code{-1}.
-
- @item _SC_XOPEN_ENH_I18N
- @standards{X/Open, unistd.h}
---- a/manual/crypt.texi
-+++ b/manual/crypt.texi
-@@ -16,8 +16,19 @@ subject to them, even if you do not use
- yourself. The restrictions vary from place to place and are changed
- often, so we cannot give any more specific advice than this warning.
-
-+ at vindex AUTH_DES
-+ at cindex FIPS 140-2
-+It also provides support for Secure RPC, and some library functions that
-+can be used to perform normal DES encryption. The @code{AUTH_DES}
-+authentication flavor in Secure RPC, as provided by @theglibc{},
-+uses DES and does not comply with FIPS 140-2 nor does any other use of DES
-+within @theglibc{}. It is recommended that Secure RPC should not be used
-+for systems that need to comply with FIPS 140-2 since all flavors of
-+encrypted authentication use normal DES.
-+
- @menu
- * Passphrase Storage:: One-way hashing for passphrases.
-+* crypt:: A one-way function for passwords.
- * Unpredictable Bytes:: Randomness for cryptographic purposes.
- @end menu
-
-@@ -190,6 +201,199 @@ unpredictable as possible; @pxref{Unpred
- @include genpass.c.texi
- @end smallexample
-
-+ at node DES Encryption
-+ at section DES Encryption
-+
-+ at cindex FIPS 46-3
-+The Data Encryption Standard is described in the US Government Federal
-+Information Processing Standards (FIPS) 46-3 published by the National
-+Institute of Standards and Technology. The DES has been very thoroughly
-+analyzed since it was developed in the late 1970s, and no new
-+significant flaws have been found.
-+
-+However, the DES uses only a 56-bit key (plus 8 parity bits), and a
-+machine has been built in 1998 which can search through all possible
-+keys in about 6 days, which cost about US$200000; faster searches would
-+be possible with more money. This makes simple DES insecure for most
-+purposes, and NIST no longer permits new US government systems
-+to use simple DES.
-+
-+For serious encryption functionality, it is recommended that one of the
-+many free encryption libraries be used instead of these routines.
-+
-+The DES is a reversible operation which takes a 64-bit block and a
-+64-bit key, and produces another 64-bit block. Usually the bits are
-+numbered so that the most-significant bit, the first bit, of each block
-+is numbered 1.
-+
-+Under that numbering, every 8th bit of the key (the 8th, 16th, and so
-+on) is not used by the encryption algorithm itself. But the key must
-+have odd parity; that is, out of bits 1 through 8, and 9 through 16, and
-+so on, there must be an odd number of `1' bits, and this completely
-+specifies the unused bits.
-+
-+ at deftypefun void setkey (const char *@var{key})
-+ at standards{BSD, crypt.h}
-+ at standards{SVID, crypt.h}
-+ at safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
-+ at c The static buffer stores the key, making it fundamentally
-+ at c thread-unsafe. The locking issues are only in the initialization
-+ at c path; cancelling the initialization will leave the lock held, it
-+ at c would otherwise repeat the initialization on the next call.
-+
-+The @code{setkey} function sets an internal data structure to be an
-+expanded form of @var{key}. @var{key} is specified as an array of 64
-+bits each stored in a @code{char}, the first bit is @code{key[0]} and
-+the 64th bit is @code{key[63]}. The @var{key} should have the correct
-+parity.
-+ at end deftypefun
-+
-+ at deftypefun void encrypt (char *@var{block}, int @var{edflag})
-+ at standards{BSD, crypt.h}
-+ at standards{SVID, crypt.h}
-+ at safety{@prelim{}@mtunsafe{@mtasurace{:crypt}}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
-+ at c Same issues as setkey.
-+
-+The @code{encrypt} function encrypts @var{block} if
-+ at var{edflag} is 0, otherwise it decrypts @var{block}, using a key
-+previously set by @code{setkey}. The result is
-+placed in @var{block}.
-+
-+Like @code{setkey}, @var{block} is specified as an array of 64 bits each
-+stored in a @code{char}, but there are no parity bits in @var{block}.
-+ at end deftypefun
-+
-+ at deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
-+ at deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
-+ at standards{GNU, crypt.h}
-+ at c setkey_r: @safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
-+ at safety{@prelim{}@mtsafe{}@asunsafe{@asucorrupt{} @asulock{}}@acunsafe{@aculock{}}}
-+
-+These are reentrant versions of @code{setkey} and @code{encrypt}. The
-+only difference is the extra parameter, which stores the expanded
-+version of @var{key}. Before calling @code{setkey_r} the first time,
-+ at code{data->initialized} must be cleared to zero.
-+ at end deftypefun
-+
-+The @code{setkey_r} and @code{encrypt_r} functions are GNU extensions.
-+ at code{setkey}, @code{encrypt}, @code{setkey_r}, and @code{encrypt_r} are
-+defined in @file{crypt.h}.
-+
-+ at deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode})
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+ at safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
-+
-+The function @code{ecb_crypt} encrypts or decrypts one or more blocks
-+using DES. Each block is encrypted independently.
-+
-+The @var{blocks} and the @var{key} are stored packed in 8-bit bytes, so
-+that the first bit of the key is the most-significant bit of
-+ at code{key[0]} and the 63rd bit of the key is stored as the
-+least-significant bit of @code{key[7]}. The @var{key} should have the
-+correct parity.
-+
-+ at var{len} is the number of bytes in @var{blocks}. It should be a
-+multiple of 8 (so that there are a whole number of blocks to encrypt).
-+ at var{len} is limited to a maximum of @code{DES_MAXDATA} bytes.
-+
-+The result of the encryption replaces the input in @var{blocks}.
-+
-+The @var{mode} parameter is the bitwise OR of two of the following:
-+
-+ at vtable @code
-+ at item DES_ENCRYPT
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+This constant, used in the @var{mode} parameter, specifies that
-+ at var{blocks} is to be encrypted.
-+
-+ at item DES_DECRYPT
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+This constant, used in the @var{mode} parameter, specifies that
-+ at var{blocks} is to be decrypted.
-+
-+ at item DES_HW
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+This constant, used in the @var{mode} parameter, asks to use a hardware
-+device. If no hardware device is available, encryption happens anyway,
-+but in software.
-+
-+ at item DES_SW
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+This constant, used in the @var{mode} parameter, specifies that no
-+hardware device is to be used.
-+ at end vtable
-+
-+The result of the function will be one of these values:
-+
-+ at vtable @code
-+ at item DESERR_NONE
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+The encryption succeeded.
-+
-+ at item DESERR_NOHWDEVICE
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+The encryption succeeded, but there was no hardware device available.
-+
-+ at item DESERR_HWERROR
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+The encryption failed because of a hardware problem.
-+
-+ at item DESERR_BADPARAM
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+The encryption failed because of a bad parameter, for instance @var{len}
-+is not a multiple of 8 or @var{len} is larger than @code{DES_MAXDATA}.
-+ at end vtable
-+ at end deftypefun
-+
-+ at deftypefun int DES_FAILED (int @var{err})
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+ at safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
-+This macro returns 1 if @var{err} is a `success' result code from
-+ at code{ecb_crypt} or @code{cbc_crypt}, and 0 otherwise.
-+ at end deftypefun
-+
-+ at deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned int @var{len}, unsigned int @var{mode}, char *@var{ivec})
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+ at safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
-+
-+The function @code{cbc_crypt} encrypts or decrypts one or more blocks
-+using DES in Cipher Block Chaining mode.
-+
-+For encryption in CBC mode, each block is exclusive-ored with @var{ivec}
-+before being encrypted, then @var{ivec} is replaced with the result of
-+the encryption, then the next block is processed. Decryption is the
-+reverse of this process.
-+
-+This has the advantage that blocks which are the same before being
-+encrypted are very unlikely to be the same after being encrypted, making
-+it much harder to detect patterns in the data.
-+
-+Usually, @var{ivec} is set to 8 random bytes before encryption starts.
-+Then the 8 random bytes are transmitted along with the encrypted data
-+(without themselves being encrypted), and passed back in as @var{ivec}
-+for decryption. Another possibility is to set @var{ivec} to 8 zeroes
-+initially, and have the first block encrypted consist of 8 random
-+bytes.
-+
-+Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
-+ at end deftypefun
-+
-+ at deftypefun void des_setparity (char *@var{key})
-+ at standards{SUNRPC, rpc/des_crypt.h}
-+ at safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
-+
-+The function @code{des_setparity} changes the 64-bit @var{key}, stored
-+packed in 8-bit bytes, to have odd parity by altering the low bits of
-+each byte.
-+ at end deftypefun
-+
-+The @code{ecb_crypt}, @code{cbc_crypt}, and @code{des_setparity}
-+functions and their accompanying macros are all defined in the header
-+ at file{rpc/des_crypt.h}.
-+
-+ at node Unpredictable Bytes
-+ at section Generating Unpredictable Bytes
-+
- The next program demonstrates how to verify a passphrase. It checks a
- hash hardcoded into the program, because looking up real users' hashed
- passphrases may require special privileges (@pxref{User Database}).
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -36,8 +36,8 @@ too.
- for delimiters.
- * Erasing Sensitive Data:: Clearing memory which contains sensitive
- data, after it's no longer needed.
--* Shuffling Bytes:: Or how to flash-cook a string.
--* Obfuscating Data:: Reversibly obscuring data from casual view.
-+* strfry:: Function for flash-cooking a string.
-+* Trivial Encryption:: Obscuring data.
- * Encode Binary Data:: Encoding and Decoding of Binary Data.
- * Argz and Envz Vectors:: Null-separated string vectors.
- @end menu
-@@ -2512,73 +2512,73 @@ functionality under a different name, su
- systems it may be in @file{strings.h} instead.
- @end deftypefun
-
--
-- at node Shuffling Bytes
-- at section Shuffling Bytes
-+ at node strfry
-+ at section strfry
-
- The function below addresses the perennial programming quandary: ``How do
- I take good data in string form and painlessly turn it into garbage?''
--This is not a difficult thing to code for oneself, but the authors of
-- at theglibc{} wish to make it as convenient as possible.
-+This is actually a fairly simple task for C programmers who do not use
-+ at theglibc{} string functions, but for programs based on @theglibc{},
-+the @code{strfry} function is the preferred method for
-+destroying string data.
-
--To @emph{erase} data, use @code{explicit_bzero} (@pxref{Erasing
--Sensitive Data}); to obfuscate it reversibly, use @code{memfrob}
--(@pxref{Obfuscating Data}).
-+The prototype for this function is in @file{string.h}.
-
- @deftypefun {char *} strfry (char *@var{string})
- @standards{GNU, string.h}
- @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
- @c Calls initstate_r, time, getpid, strlen, and random_r.
-
-- at code{strfry} performs an in-place shuffle on @var{string}. Each
--character is swapped to a position selected at random, within the
--portion of the string starting with the character's original position.
--(This is the Fisher-Yates algorithm for unbiased shuffling.)
--
--Calling @code{strfry} will not disturb any of the random number
--generators that have global state (@pxref{Pseudo-Random Numbers}).
-+ at code{strfry} creates a pseudorandom anagram of a string, replacing the
-+input with the anagram in place. For each position in the string,
-+ at code{strfry} swaps it with a position in the string selected at random
-+(from a uniform distribution). The two positions may be the same.
-
- The return value of @code{strfry} is always @var{string}.
-
- @strong{Portability Note:} This function is unique to @theglibc{}.
--It is declared in @file{string.h}.
-+
- @end deftypefun
-
-
-- at node Obfuscating Data
-- at section Obfuscating Data
-+ at node Trivial Encryption
-+ at section Trivial Encryption
-+ at cindex encryption
-+
-+
-+The @code{memfrob} function converts an array of data to something
-+unrecognizable and back again. It is not encryption in its usual sense
-+since it is easy for someone to convert the encrypted data back to clear
-+text. The transformation is analogous to Usenet's ``Rot13'' encryption
-+method for obscuring offensive jokes from sensitive eyes and such.
-+Unlike Rot13, @code{memfrob} works on arbitrary binary data, not just
-+text.
- @cindex Rot13
-
--The @code{memfrob} function reversibly obfuscates an array of binary
--data. This is not true encryption; the obfuscated data still bears a
--clear relationship to the original, and no secret key is required to
--undo the obfuscation. It is analogous to the ``Rot13'' cipher used on
--Usenet for obscuring offensive jokes, spoilers for works of fiction,
--and so on, but it can be applied to arbitrary binary data.
--
--Programs that need true encryption---a transformation that completely
--obscures the original and cannot be reversed without knowledge of a
--secret key---should use a dedicated cryptography library, such as
-- at uref{https://www.gnu.org/software/libgcrypt/,,libgcrypt}.
--
--Programs that need to @emph{destroy} data should use
-- at code{explicit_bzero} (@pxref{Erasing Sensitive Data}), or possibly
-- at code{strfry} (@pxref{Shuffling Bytes}).
-+For true encryption, @xref{Cryptographic Functions}.
-+
-+This function is declared in @file{string.h}.
-+ at pindex string.h
-
- @deftypefun {void *} memfrob (void *@var{mem}, size_t @var{length})
- @standards{GNU, string.h}
- @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
-
--The function @code{memfrob} obfuscates @var{length} bytes of data
--beginning at @var{mem}, in place. Each byte is bitwise xor-ed with
--the binary pattern 00101010 (hexadecimal 0x2A). The return value is
--always @var{mem}.
--
-- at code{memfrob} a second time on the same data returns it to
--its original state.
-+ at code{memfrob} transforms (frobnicates) each byte of the data structure
-+at @var{mem}, which is @var{length} bytes long, by bitwise exclusive
-+oring it with binary 00101010. It does the transformation in place and
-+its return value is always @var{mem}.
-+
-+Note that @code{memfrob} a second time on the same data structure
-+returns it to its original state.
-+
-+This is a good function for hiding information from someone who doesn't
-+want to see it or doesn't want to see it very much. To really prevent
-+people from retrieving the information, use stronger encryption such as
-+that described in @xref{Cryptographic Functions}.
-
- @strong{Portability Note:} This function is unique to @theglibc{}.
--It is declared in @file{string.h}.
-+
- @end deftypefun
-
- @node Encode Binary Data
---- a/posix/unistd.h
-+++ b/posix/unistd.h
-@@ -107,6 +107,9 @@ __BEGIN_DECLS
- /* The X/Open Unix extensions are available. */
- #define _XOPEN_UNIX 1
-
-+/* Encryption is present. */
-+#define _XOPEN_CRYPT 1
-+
- /* The enhanced internationalization capabilities according to XPG4.2
- are present. */
- #define _XOPEN_ENH_I18N 1
-@@ -1150,17 +1153,25 @@ ssize_t copy_file_range (int __infd, __o
- extern int fdatasync (int __fildes);
- #endif /* Use POSIX199309 */
-
--#ifdef __USE_MISC
-+/* XPG4.2 specifies that prototypes for the encryption functions must
-+ be defined here. */
-+#ifdef __USE_XOPEN
- /* One-way hash PHRASE, returning a string suitable for storage in the
- user database. SALT selects the one-way function to use, and
- ensures that no two users' hashes are the same, even if they use
- the same passphrase. The return value points to static storage
- which will be overwritten by the next call to crypt. */
-+
-+/* Encrypt at most 8 characters from KEY using salt to perturb DES. */
- extern char *crypt (const char *__key, const char *__salt)
- __THROW __nonnull ((1, 2));
--#endif
-
--#ifdef __USE_XOPEN
-+/* Encrypt data in BLOCK in place if EDFLAG is zero; otherwise decrypt
-+ block in place. */
-+extern void encrypt (char *__glibc_block, int __edflag)
-+ __THROW __nonnull ((1));
-+
-+
- /* Swab pairs bytes in the first N bytes of the area pointed to by
- FROM and copy the result to TO. The value of TO must not be in the
- range [FROM - N + 1, FROM - 1]. If N is odd the first byte in FROM
---- a/stdlib/stdlib.h
-+++ b/stdlib/stdlib.h
-@@ -1103,6 +1103,12 @@ extern int getsubopt (char **__restrict
- #endif
-
-
-+#ifdef __USE_XOPEN
-+/* Setup DES tables according KEY. */
-+extern void setkey (const char *__key) __THROW __nonnull ((1));
-+#endif
-+
-+
- /* X/Open pseudo terminal handling. */
-
- #ifdef __USE_XOPEN2KXSI
---- a/sunrpc/des_crypt.c
-+++ b/sunrpc/des_crypt.c
-@@ -86,9 +86,6 @@ common_crypt (char *key, char *buf, regi
- return desdev == DES_SW ? DESERR_NONE : DESERR_NOHWDEVICE;
- }
-
--/* Note: these cannot be excluded from the build yet, because they are
-- still used internally. */
--
- /*
- * CBC mode encryption
- */
-@@ -105,7 +102,7 @@ cbc_crypt (char *key, char *buf, unsigne
- COPY8 (dp.des_ivec, ivec);
- return err;
- }
--hidden_nolink (cbc_crypt, libc, GLIBC_2_1)
-+libc_hidden_nolink_sunrpc (cbc_crypt, GLIBC_2_1)
-
- /*
- * ECB mode encryption
-@@ -118,4 +115,4 @@ ecb_crypt (char *key, char *buf, unsigne
- dp.des_mode = ECB;
- return common_crypt (key, buf, len, mode, &dp);
- }
--hidden_nolink (ecb_crypt, libc, GLIBC_2_1)
-+libc_hidden_nolink_sunrpc (ecb_crypt, GLIBC_2_1)
---- a/sunrpc/des_soft.c
-+++ b/sunrpc/des_soft.c
-@@ -71,4 +71,4 @@ des_setparity (char *p)
- p++;
- }
- }
--hidden_nolink (des_setparity, libc, GLIBC_2_1)
-+libc_hidden_nolink_sunrpc (des_setparity, GLIBC_2_1)
More information about the lede-commits
mailing list