Commit graph

5514 commits

Author SHA1 Message Date
aiju
07284c41f6 pc(1): add nsa() command 2016-09-15 08:51:59 +00:00
cinap_lenrek
7bcbef11eb ape: fix format clash, %z is for size_t (which is a long currently), not pointer sized 2016-09-14 00:18:45 +02:00
cinap_lenrek
a0150376df ape: bring strtod() in line with plan9's libc version 2016-09-11 23:20:55 +02:00
cinap_lenrek
5b66b52623 libc: dont use floating point for portable umuldiv(), use 64 bit uvlong 2016-09-11 23:19:18 +02:00
cinap_lenrek
c0a9c3b551 kernel: rekey chacha state on each randomread() invocation
we can encrypt the 256 bit chacha key on each invocation
making it hard to reconstruct previous outputs of the
generator given the current state (backtracking resiatance).
2016-09-11 19:07:17 +02:00
cinap_lenrek
36c9a2489d devcons: remove /dev/reboot "halt" command...
the "halt" command written to /dev/reboot just causes the
machine to crash... its also undocumented... removing it.

--
cinap
2016-09-11 14:12:39 +02:00
cinap_lenrek
95c9f5bf37 kernel: better nonce partitioning for chacha random number generator
leave the block counter to chacha_encrypt() and increment the 96 bit
iv instead.
2016-09-11 03:18:48 +02:00
cinap_lenrek
10275ad6dd kernel: xoroshiro128+ generator for rand()/nrand()
the kernels custom rand() and nrand() functions where not working
as specified in rand(2). now we just use libc's rand() and nrand()
functions but provide a custom lrand() impelmenting the xoroshiro128+
algorithm as proposed by aiju.
2016-09-11 02:10:25 +02:00
cinap_lenrek
7713145638 kernel: make randomread() fault reentrant
we now access the user buffer in randomread() outside of the lock,
only copying and advancing the chacha state under the lock. this
means we can use randomread() within the fault handling path now
without fearing deadlock. this also allows multiple readers to
generate random numbers in parallel.
2016-09-11 02:09:07 +02:00
cinap_lenrek
a121806126 kernel: replace various custom random iv buffer filling functions with calls to prng() 2016-09-11 01:54:06 +02:00
stanley lieber
b137763fe7 fortunes: Nein -- General Chuck Yeager 2016-09-09 16:59:00 -04:00
cinap_lenrek
efe5c58c01 authsrv(2): update Nvrsafe structure to include aesmachkey 2016-09-08 10:40:19 +02:00
cinap_lenrek
ed38b5e9cb kernel: fix type for utime/stime in pexit(), fix debug format strings 2016-09-08 01:49:25 +02:00
cinap_lenrek
5d9deb77e9 kernel: make sure procalarm() remaining time doesnt become negative 2016-09-08 01:28:34 +02:00
cinap_lenrek
01b4c2a63d kernel: always do unsigned subtractions for m->ticks delta for updatecpu() and rebalance(), handle ticks wrap arround in hzsched() 2016-09-08 00:44:38 +02:00
cinap_lenrek
bd3429304c kernel: use tk2ms() instead of TK2MS macro for process time conversion
this code isnt time critical and process TReal delta can become
very long, so use tk2ms() which is less prone to overflow.
2016-09-07 23:39:10 +02:00
cinap_lenrek
1848f4e946 kernel: tsemacquire() use MACHP(0)->ticks for time delta
we might wake up on a different cpu after the sleep so
delta from machX->ticks - machY->ticks can become negative
giving spurious timeouts. to avoid this always use the
same mach 0 tick counter for the delta.
2016-09-07 23:36:04 +02:00
cinap_lenrek
bfd8098b8d devcap: timeout capabilities after a minute, fix memory leak, paranoia
the manpage states that capabilities time out after a minute,
so we add ticks field into the Caphash struct and record the
time when the capability was inserted. freeing old capabilities
is handled in trimcaps(), which makes room for one extra cap
and frees timed out ones.

we also limit the capuse write size to less than 1024 bytes to
prevent denial of service as we have to copy the user buffer.
(memory exhaustion).

we have to check the from user *before* attempting to remove
the capability! the wrong user shouldnt be able to change any
state. this fixes the memory leak of the caphash.

do the hash comparsion with tsmemcmp(), avoiding timing
side channels.

allocate the capabilities in secret memory pool to prevent
debugger access.
2016-09-07 21:14:23 +02:00
cinap_lenrek
76daf9f863 merge 2016-09-06 22:29:40 +02:00
cinap_lenrek
cf78fd37cb devproc: do unsigned subtraction to get MACHP(0)->ticks - up->times[TReal] delta 2016-09-06 22:27:26 +02:00
aiju
6d96b35fad pc(1): bugfix: allow setting output base to 0 (thanks, deuteron) 2016-09-05 15:48:46 +00:00
cinap_lenrek
9e926eeb4e 5c: do shift propagation for rotate right (ROR) 2016-09-03 19:05:28 +02:00
cinap_lenrek
a5d8cd30bb 5c: format assembly constant right shift encoding 0 as >>32 2016-09-03 18:18:28 +02:00
cinap_lenrek
b46a0e97ea 5a: assemble constant >>0 right shifts as <<0 (no shift), allow >>32
previously, right shift >>0 resulted in >>32 being emited. this
is especially problematic when the shift count comes from a macro
expansion.

we now handle constant shift >>0 as <<0 (no shift) and allow
shift by 32 be specified.

this applies to logical right shift (>>) arithmetic right shift (->)
and right rotate (@>).
2016-09-03 17:11:38 +02:00
cinap_lenrek
607f3bc55c 5l: format assembly constant right shift encoding 0 as >>32 2016-09-03 17:01:56 +02:00
cinap_lenrek
2e120a29db libmach: fix RORREG, right shift with shift count 0 means >>32 2016-09-03 16:47:51 +02:00
aiju
1b4f432eae pc(1): manpage: restore previous size rather than set to 10 2016-09-01 11:46:44 +00:00
aiju
183f700a20 pc(1): manpage formatting 2016-09-01 11:38:33 +00:00
aiju
30c9e34c0d pc: add cat() function 2016-09-01 10:55:12 +00:00
aiju
d552fed385 mptrunc: don't write to r->p[r->top] 2016-09-01 10:46:37 +00:00
aiju
560ea5474c pc: add rev function 2016-08-31 13:00:50 +00:00
aiju
e95082f66c pc: add gcd, rand and minv; set base of logical operation results to 0 2016-08-29 09:57:15 +02:00
cinap_lenrek
a08bf6831f libmp: remove unused mpeuclid.c 2016-08-29 02:09:34 +02:00
cinap_lenrek
5852f8a144 libmp: allow passing nil to v,x,y results of mpextendedgcd(), simplify mpinvert() 2016-08-29 02:07:52 +02:00
cinap_lenrek
33862ff793 libmp: mpnrand(), what was i *THINKING*
the prior implementation was unneccesarily complicated for
no good reason due to me misunderstanding how libc's nrand()
works. in contrast to libc, we already generate the *closest*
power-of-2 random number with mprand() in the sampling loop.
2016-08-29 00:45:16 +02:00
cinap_lenrek
b80684a1d2 python: remove automatic compiled module loading (.pyc files) 2016-08-28 17:39:18 +02:00
cinap_lenrek
1f9bdb6f5d libmp: mpdiv(): fix divisor==quotient case (again) 2016-08-28 16:46:32 +02:00
cinap_lenrek
bdc87e17bd libmp: timingsafe sign flip for small power-of-two negative divisor for mpdiv() 2016-08-28 16:33:52 +02:00
aiju
b65f409d54 mp.h: add mpasr 2016-08-28 16:05:22 +02:00
aiju
c3da573eb7 pc(1): SYNOPSIS... 2016-08-28 13:59:16 +02:00
aiju
d9d2925fa0 pc(1): document -n option in manpage 2016-08-28 13:49:26 +02:00
aiju
a931ad737a add pc(1) 2016-08-28 13:40:01 +02:00
aiju
43bb71c8cc mpdiv: negative divisor has to flip sign of quotient 2016-08-28 12:00:25 +02:00
aiju
344ff48512 mp: fix mptov and mptouv 2016-08-28 11:38:29 +02:00
aiju
cf2f2a8841 mp: fix mpnot and add mpasr 2016-08-28 10:49:41 +02:00
cinap_lenrek
193daffafb mercurial: use new d_stat from dirent structure in osutil.listdir 2016-08-28 03:41:25 +02:00
cinap_lenrek
5debddf8af ape: add d_stat struct in dirent struct allowing the avoidance of stats 2016-08-28 03:39:49 +02:00
aiju
a8ffbcabea timmy: manpage 2016-08-28 01:23:51 +02:00
aiju
913ce62cfc strtomp: update the returned char* even if there were no characters parsed 2016-08-28 01:08:26 +02:00
aiju
261ec9fe0e strtomp: fix mpbits() call in octal code 2016-08-28 01:07:34 +02:00