the string encoding functions touch secret key material
in a bunch of places (devtls, devcap), so make sure we do
not leak information by cache timing side channels, making
the encoding and decoding routines constant time.
we also expose the alphabets through encXchr()/decXchr()
functions so caller can find the end of a encoded string
before calling decode function (for libmp).
the base32 encoding was broken in several ways. inputs
lengths of len%5 == [2,3,4] had output truncated and
it was using non-standard alphabet. documenting the alphabet
change in the manpage.
Add assembler versions for aes_encrypt/aes_decrypt and the key
setup using AES-NI instruction set. This makes aes_encrypt and
aes_decrypt into function pointers which get initialized by
the first call to setupAESstate().
Note that the expanded round key words are *NOT* stored in big
endian order as with the portable implementation. For that reason
the AESstate.ekey and AESstate.dkey fields have been changed to
void* forcing an error when someone is accessing the roundkey
words. One offender was aesXCBmac, which doesnt appear to be
used and the code looks horrible so it has been deleted.
The AES-NI implementation is for amd64 only as it requires the
kernel to save/restore the FPU state across syscalls and
pagefaults.
raiz → the reason that the manpage example works not because
it's a correct timezone file format, but because readtimezone()
(in libc) fails and defaults to GMT.
initThumbprints() now takes an application tag argument
so x509 and ssh can coexist.
the thumbprint entries can now hold both sha1 and sha256
hashes. okThumbprint() now takes a len argument for the
hash length used.
the new function okCertificate() hashes the certificate
with both and checks for any matches.
on failure, okCertificate() returns 0 and sets error string.
we also check for include loops now in thumbfiles, limiting
the number of includes to 8.
chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter
and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so
setupChachastate() now takes a ivlen argument which sets the mode.
add ccpoly_encrypt()/ccpoly_decrypt() routines.
to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so
adding tsmemcmp() to libsec.
this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.
the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.
the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.
introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.
interpreting octal breaks parsing of decimal numbers with
leading zeros. the manpage listed this in the BUGS section,
so we'r going to fix it as this just causes confusion as
most callers of atoi() do not expect it.
tlsClient() now can optionally send the server_name in the ClientHello
message by setting the TLSconn.serverName. This is required for some
https sites.
chaninit() does not initialize Chan.qentry and Chan.nentry
and there is no way to get rid of such a channel. nobody is
using it, so removing the function to avoid confusion.
the namespace might be shared by other processes. instead, we
create a anonymous pipe with pipe() and use devdup to open one
end close-on-exec. this is shorter and avoids the race condition.
do not touch Execargs after writing the error message as the
process might be gone after the write. this was to manually
close the fd which isnt neccesary as the kernel will do it
for us on the following exit.
instead of naming devices by ther dynamically assigned device address,
we hash device uniqueue fields from the device descriptor and produce
a 5 digit hex string that will identify the device across machines.
when there is a collision (less than 1% chance with 100 devices),
usbd will append the device address to the name to make it uniqueue
for this machine.
the hname is passed to drivers in the devid argument, which now has
the form addr:hname, where the colon and hname can be omited (for backwards
compatibility).
when the new behaviour isnt desired, nousbhname= environment variable
can be defined giving the old behaviour.
when a replicated source image with a clipr with clipr.min > Pt(0, 0),
drawclip() would properly translate the src->clipr on the dstr
but then clamp the source rectangle back on src->r.
while traversing down multiple layers, this would cause the translation to
be applied multiple times to the dst rectangle giving the wrong image result.
this change adds a new drawclipnorepl() function that avoids the clamping
of source and mask rectangles to src->r and mask->r. this is then used in
libmemlayer.
the final memimagedraw() call will call drawclip() which will do the final
claming.
a testcase is provided:
#include <u.h>
#include <libc.h>
#include <draw.h>
Image *blue;
Image *red;
void
main(int, char *argv[])
{
Image *i;
if(initdraw(nil, nil, argv[0]) < 0)
sysfatal("initdraw: %r");
i = allocimage(display, screen->r, screen->chan, 1, DWhite);
red = allocimage(display, Rect(0,0,1,1), screen->chan, 1, DRed);
blue = allocimage(display, Rect(0,0,1,1), screen->chan, 1, DPaleblue);
replclipr(red, 1, Rect(10, 10, 110, 110));
replclipr(blue, 1, Rect(11, 11, 111, 111));
/* draw on non-layer, works correctly */
draw(i, i->r, red, nil, ZP);
draw(i, i->r, blue, nil, ZP);
draw(screen, screen->r, i, nil, i->r.min);
flushimage(display, 1);
/* draw on (screen) layer is too far to the right */
draw(screen, screen->r, red, nil, ZP);
draw(screen, screen->r, blue, nil, ZP);
flushimage(display, 1);
for(;;){
sleep(1000);
}
}
the process is *NOT* allowed to exit after a srvrelease() as
it still holds a reference (srv->rref) preventing the srv
from beging freed/ended (listensrv) before srvacquire().
Bread() always reads exactly nbytes of data if it can. only
when it reaches end of file or an error it will return less.
so the Breadn() function that was introduced has been removed.
sorry for the confusion.
