Commit graph

5274 commits

Author SHA1 Message Date
ben
3bf6ef0196 better memory management of threads (thanks knuth) 2016-04-27 17:36:43 -05:00
ben
86e0099835 merge in master 2016-04-27 08:20:54 -05:00
ben
b8986a889d use Beof for awk port 2016-04-27 08:09:16 -05:00
ben
85824350b5 remove ape regexp library, add utility for awk native port 2016-04-27 07:52:41 -05:00
cinap_lenrek
d8d47f14b5 libjson: add slack space to literal string buffer to handle bad runes (thanks mischief)
if the input string contains invalid utf-8, runetochar() produces
unicode replacement characters that can overflow the literal buffer.
as the overflow check is done after runetochar(), add UTFmax bytes
of slack space avoiding the issue.
2016-04-27 12:59:06 +02:00
ben
0f8168038a remove old libregexp files; add headers for upas/bayes 2016-04-26 22:26:03 -05:00
ben
0a460e1722 New libregexp and APE ported to native 2016-04-26 22:23:44 -05:00
cinap_lenrek
651d6c2bc6 abaco(1): remove readweb 2016-04-26 00:10:47 +02:00
Matthew Veety
6d2635d5ba made abaco's gui respect $font and made readweb respect most installations 2016-04-25 17:49:31 -04:00
cinap_lenrek
1cf3c46669 rsa: rename getkey() to getrsakey(), document rsa2csr in rsa(8) 2016-04-22 03:41:06 +02:00
cinap_lenrek
17a67eeb65 libsec: implement server side SCSV preventing silly client fallbacks
silly clients (web*) reconnect when the handshake failed with a lower
protocol version, which allows downgrade attacks (POODLE). but instead
of stopping this madness, they invented a new magic TLSID to indicate
to the server that this connection attempt is a retry, and rely on the
server to notice and stop them from sabotaging themselfs.
2016-04-22 02:33:29 +02:00
cinap_lenrek
7b3334775e libsec: order tlshand cipher suits by: keyexchange>=cipher>=hash, ignore client preference
client preference is usualy crazy, so just ignore it.
we always want the diffie hellman suits before static
rsa and prefer chacha over aes-gcm.
2016-04-21 23:29:59 +02:00
cinap_lenrek
0d6a188dde rsagen: increase default key size to 2048 bits 2016-04-21 21:25:33 +02:00
cinap_lenrek
42c4cc75a6 libsec: remove affine coordinate point operations from ecc
we now just do point addtion in jacobian coordinate system, and
convert the result to affine when s->z == nil.
2016-04-21 20:41:19 +02:00
cinap_lenrek
2fa4c8ef66 libsec: implement elliptic curve group operations in jacobian coordinate system 2016-04-20 20:09:59 +02:00
cinap_lenrek
2763229c00 rcpu: make sure not to leak /env/fn#server and /env/fn#aanserver for drawterm (thanks mischief) 2016-04-20 00:41:03 +02:00
cinap_lenrek
ff47cbd464 libsec: implement server side ECDHE key exchange with secp256r1, move DH state in TlsSec structure, simplify
implement ECDHE key exchange with secp256r1 on the server side, providing
perfect forward secrecy (tho slowly).

it is easier to just keep the ECDH/DH state in the TlsSec structure,
which fits better with the grouping of the functions. we do the cleanup
in tlsConnectionFree() now, so a lot of error handling logic could go
away.

reinvestigated some error paths and removed the ones that cannot error.

move functions to fit the logical grouping.

combine the code for signing handshake hashes (for client certs) and
DH parameters. provide digestDHparams() function to be shared between
server and client code.
2016-04-18 19:24:57 +02:00
cinap_lenrek
9ba04fd030 webfs: fix memory leak of serverName in tlswrap() 2016-04-18 19:07:02 +02:00
cinap_lenrek
93a86cea66 rsa(8): provide example for converting OpenSSL generated PEM file to factotum 2016-04-17 07:33:35 +02:00
cinap_lenrek
ad6b99359d libsec: massive cleanup of tlshand.c
don't pass or generate sessionID's. this was never used nor
actually implemented and leaks the process pid.

get rid of version and random field duplications, move TlsSec
structure into TlsConnection.

make msgRecv() clear the message first, get rid of unneccesary
msgClear() calls.
2016-04-17 07:20:54 +02:00
cinap_lenrek
54c49284e0 libsec: fix memory leak of RSApub, avoid parsing certificate twice to extract rsa public key
instead of letting factotum_rsa_open() parse the certificate,
we pass in the rsa public key which is then matched against the
factotum keyring. this avoids parsing the x509 certificate
twice.

the sec->rsapub was not freed, so free it in tlsSecClose()
2016-04-16 23:36:55 +02:00
cinap_lenrek
294e08fa1e libsec: recognize and decode PKCS#8 wrapped RSA private keys for auth/asn12rsa
example usage:

auth/pemdecode 'PRIVATE KEY' test.pem | auth/asn12rsa
2016-04-16 04:16:10 +02:00
cinap_lenrek
1628c97d1e webfs: change %H (hostname) format to %N to not collide with encodefmt's %H (hex) 2016-04-15 23:54:00 +02:00
cinap_lenrek
9e08127ba6 libsec: x509: convert to UTF8 from BMPString and UNIString, reject \0 bytes 2016-04-15 23:51:52 +02:00
cinap_lenrek
8fd1aa2626 libc: fix out of bounds access in dirpackage(), simplify
- dirpackage() was not checking if the stat entry lies within
the buffer. fixed.

- simplify dirpackage(), as we process all the bytes from
the buffer, we do not need to track "ss" here as its the same
as "ts".

- zero Dir* array pointer early in dirread() and dirreadall()
and avoid calling dirpackage on <= buffer length.
2016-04-13 22:19:37 +02:00
cinap_lenrek
4ed396d438 kbdfs: add shift+altgr table 7 for polish keymaps 2016-04-13 17:00:20 +02:00
cinap_lenrek
8ff802d07e Subject: typo: ee corrected (thanks Eric Lindblad)
sorry there were entries as

3	27	'§
3	27	'½

should have been

3	27	'§
3	43	'½

attached is a corrected version
2016-04-13 15:54:31 +02:00
cinap_lenrek
221b8696a5 fix estonian keymap (thanks Eric Lindblad)
The /sys/lib/kbmap/ee file seemed to have CRs in it. If a first column in the table
(for modifier key) as 4 is for Alt Gr + Shift then the attached (UTF-8 without BOM)
should work as a replacement ee file.

Best Regards,
Eric Lindblad
2016-04-13 15:31:04 +02:00
cinap_lenrek
c4782818f4 python: make hashlib.py fallback to openssl in case of old python binary 2016-04-13 02:21:03 +02:00
cinap_lenrek
a5268a5413 remove unused liboventi 2016-04-13 01:09:45 +02:00
cinap_lenrek
ffb0199247 ktrace: sign extend stack dump pc for amd64 2016-04-13 01:08:13 +02:00
cinap_lenrek
68411b98a0 libc: remove unneeded #include <auth.h> for crypt() and netcrypt() 2016-04-13 01:06:34 +02:00
cinap_lenrek
1787584ad8 libdraw: avoid BPSHORT()/BPLONG() expansion, cleanup loadchar(),cachechars()
assigning the expression value to a temporary variable in
BPSHORT() and BPLONG() saves arround 2K of text in rio on
arm and arround 1K on amd64.

loadchar(): use the passed in "h" as the char index instead
of recomputing it from c-f->cache. dont recompute wid.

cachechars(): do cache lookup and find oldest entry in a
single loop pass.
2016-04-13 00:34:48 +02:00
cinap_lenrek
6b989beb2f add danish keymap (thanks Eric Lindblad) 2016-04-12 13:37:21 +02:00
cinap_lenrek
94e39c482e ape: explicitely list the ape libs to build in mkfile 2016-04-11 20:43:48 +02:00
cinap_lenrek
45f3c56a53 ape: removing openssl 2016-04-11 20:39:12 +02:00
cinap_lenrek
4e04698ab6 python: remove openssl support, use ape/libsec for cryptographics hash functions 2016-04-11 20:31:14 +02:00
cinap_lenrek
8f4db30e78 gs: replace openssl aes implementation with ape/libsec 2016-04-11 20:27:50 +02:00
cinap_lenrek
464763202b ape: add libauth, libbio, libmp and libsec as replacements for openssl 2016-04-11 20:23:34 +02:00
cinap_lenrek
21aee5d8cb hg: create system wide /sys/lib/hgrc to enabled hgwebfs extension
the openssl we currently use is outdated and will be removed
soon. webfs will handle the https for us with native tls code.
keys have to be stored in factotum for everyone who also wants
to commit directly.
2016-04-10 20:39:10 +02:00
cinap_lenrek
d71cf7ff1b libauth: remove unneeded includes for authsrv.h, avoid pulling in dependency for rerrstr() 2016-04-10 20:24:20 +02:00
cinap_lenrek
44cbb29308 libsec: make #include headers consistent 2016-04-10 20:23:18 +02:00
cinap_lenrek
c3c726a5d0 libsec: dont use mips assembly routines for spim, wrong endianess 2016-04-10 20:22:00 +02:00
cinap_lenrek
1069d018c9 libmp: fix build for spim, reduce by the mips assembly files 2016-04-10 20:20:53 +02:00
cinap_lenrek
0ac4a447b0 hg: set mercurial.url.has_https when hgwebfs extension is in use
this allows the use of SSL/HTTPS even when python is not build
with openssl support.
2016-04-10 20:18:21 +02:00
cinap_lenrek
3238f124b8 ape: move compatibility libc.h to lib9 directory and incooperate needed functions for ape/mp (wip) 2016-04-10 03:01:37 +02:00
cinap_lenrek
ea6910b706 ape: remove broken 9errstr.c 2016-04-10 02:54:29 +02:00
cinap_lenrek
5e37087451 ape: add internal _NSEC() function and make gettimeofday() use it 2016-04-10 02:52:31 +02:00
cinap_lenrek
3ba1197aeb libmp: make includes consistent, make test program compile under ape (work in progress) 2016-04-10 02:35:01 +02:00
cinap_lenrek
b47c096c8c libdraw: dont postnote to pid==0 in ekill() 2016-04-10 00:00:37 +02:00