MEDIUM: auth/threads: make use of crypt_r() on systems supporting it
On systems where crypt_r() is available, prefer it over a locked crypt().
This improves performance especially on very slow crypto algorithms.
diff --git a/Makefile b/Makefile
index 2d17984..a008df6 100644
--- a/Makefile
+++ b/Makefile
@@ -293,6 +293,7 @@
USE_NETFILTER = implicit
USE_POLL = implicit
USE_TPROXY = implicit
+ USE_CRYPT_H = implicit
USE_LIBCRYPT = implicit
USE_DL = implicit
USE_RT = implicit
@@ -304,6 +305,7 @@
USE_EPOLL = implicit
USE_MY_EPOLL = implicit
USE_TPROXY = implicit
+ USE_CRYPT_H = implicit
USE_LIBCRYPT = implicit
USE_DL = implicit
USE_RT = implicit
@@ -314,6 +316,7 @@
USE_POLL = implicit
USE_EPOLL = implicit
USE_TPROXY = implicit
+ USE_CRYPT_H = implicit
USE_LIBCRYPT = implicit
USE_FUTEX = implicit
USE_DL = implicit
@@ -325,6 +328,7 @@
USE_POLL = implicit
USE_EPOLL = implicit
USE_TPROXY = implicit
+ USE_CRYPT_H = implicit
USE_LIBCRYPT = implicit
USE_LINUX_SPLICE= implicit
USE_LINUX_TPROXY= implicit
diff --git a/src/auth.c b/src/auth.c
index 599a3ab..2f9cc4f 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -39,8 +39,14 @@
struct userlist *userlist = NULL; /* list of all existing userlists */
#ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+/* context for crypt_r() */
+static THREAD_LOCAL struct crypt_data crypt_data = { .initialized = 0 };
+#else
+/* lock for crypt() */
__decl_hathreads(static HA_SPINLOCK_T auth_lock);
#endif
+#endif
/* find targets for selected gropus. The function returns pointer to
* the userlist struct ot NULL if name is NULL/empty or unresolvable.
@@ -250,9 +256,13 @@
if (!(u->flags & AU_O_INSECURE)) {
#ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+ ep = crypt_r(pass, u->pass, &crypt_data);
+#else
HA_SPIN_LOCK(AUTH_LOCK, &auth_lock);
ep = crypt(pass, u->pass);
HA_SPIN_UNLOCK(AUTH_LOCK, &auth_lock);
+#endif
#else
return 0;
#endif