Commit graph

6305 commits

Author SHA1 Message Date
cinap_lenrek
7e4b669393 /sys/lib/dist: split 9boot into 9bootproto, make *.386.iso and *.amd64.iso targets 2018-01-05 08:41:46 +01:00
cinap_lenrek
c197fede61 inst: determine kernel for bootsetup from $bootfile and $cputype 2018-01-05 08:38:23 +01:00
cinap_lenrek
af06c6fa34 sysinfo: #c/swap -> #¶/swap 2018-01-05 02:43:28 +01:00
cinap_lenrek
b437065950 stats: show amount of reclaimable pages (add -r flag)
reclaimable pages are user pages that are used for
caches like the image cache, mount cache and swap cache.
2018-01-05 00:52:14 +01:00
cinap_lenrek
d3e54ff2d9 pc kernel: fix wrong simd exception mask (fixes go bootstrap) 2018-01-04 04:38:31 +01:00
cinap_lenrek
743f65c878 ape/libauth: remove auth_wep.$O from mkfile 2018-01-02 06:05:47 +01:00
cinap_lenrek
e8b46f6972 ape: update auth.h header for APE 2018-01-02 04:59:44 +01:00
cinap_lenrek
f70ebd8e62 factotum(4): document dp9ik, update protocol list 2018-01-02 04:50:13 +01:00
cinap_lenrek
77ad456b31 libauth: simplify _attrfmt() using fmtprint() avoiding stack buffer 2018-01-02 04:47:42 +01:00
cinap_lenrek
e1ca49d625 libauth: remove auth_wep() function, and non-existing httpauth() declaration 2018-01-02 04:31:21 +01:00
cinap_lenrek
1d7bb80793 factotum: remove legacy wep protocol 2018-01-02 04:27:23 +01:00
cinap_lenrek
4edc761024 libauth: fix out of bounds memory access in _parseattr()
empty token would read ""[-1] accidentally in the AttrQuery case.
2018-01-01 23:23:55 +01:00
cinap_lenrek
f7b0cc7a64 factotum: replace custom hex parsing code with dec16() avoding timing side channels 2018-01-01 21:14:39 +01:00
cinap_lenrek
5cf5f6e9ac libmp: use constant time encode(2) routines instead of lookup tables
the encode(2) routines are constant time now, so
use them instead of using lookup table that can
leak information through cache timing side channel.
2017-12-31 10:59:01 +01:00
cinap_lenrek
ea212266a1 ape: make encXchr()/decXchr() functions available 2017-12-31 10:53:50 +01:00
cinap_lenrek
c039b52fc3 libc: constant time implementation for encode(2) routines, fix base32
the string encoding functions touch secret key material
in a bunch of places (devtls, devcap), so make sure we do
not leak information by cache timing side channels, making
the encoding and decoding routines constant time.

we also expose the alphabets through encXchr()/decXchr()
functions so caller can find the end of a encoded string
before calling decode function (for libmp).

the base32 encoding was broken in several ways. inputs
lengths of len%5 == [2,3,4] had output truncated and
it was using non-standard alphabet. documenting the alphabet
change in the manpage.
2017-12-31 09:06:42 +01:00
cinap_lenrek
ee89c82dd3 wifi: get rid of custom hextob() routine, use dec16(), avoid copies in parsekey() 2017-12-31 01:49:58 +01:00
cinap_lenrek
8a64413eca aux/wpa: get rid of custom Hfmt() routine, just use encodefmt. use %E for mac addresses 2017-12-31 01:04:41 +01:00
cinap_lenrek
57f8b6ec75 libsec: implement SPKI fingerprinting for okCertificate()
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.

This allows certificates to be renewed independendtly of the
public key.

X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.

tlsclient will print the certificate when run with -D flag.

okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek
b42d441a23 libsec: fix mistake: strnchr -> strchr 2017-12-30 02:47:02 +01:00
cinap_lenrek
582d2e664f libsec: avoid unneccesary memory copies and redundant code in x509
getting rid of some functions that take Byte* and instead
pass uchar* and length.

keeping the signature and public key fields in CertX509
as Bits* allows ownership transfer by swapping pointers.

use common code to copy CN from subject field.
2017-12-30 02:36:47 +01:00
cinap_lenrek
e3cad82680 libsec: get rid of dummy data[1] in Bytes and Ints types (thanks pr) 2017-12-29 20:04:42 +01:00
cinap_lenrek
ce2211b08c usbxhci: add missing pexit() in xhcirecover proc (thanks sam-d) 2017-12-29 06:10:25 +01:00
cinap_lenrek
a021f054b0 wifi: revert rate adoption divider, breaks arpunks wifi 2017-12-29 03:41:32 +01:00
cinap_lenrek
e313265eef /lib/bullshit: +converged 2017-12-29 01:58:47 +01:00
cinap_lenrek
8040a878de devtls, devssl: avoid ~0UL comparsion (from drawterm) 2017-12-28 19:13:53 +01:00
cinap_lenrek
80185daba9 devmnt: use u32int for tagmask, simplify alloctag() 2017-12-28 18:25:15 +01:00
cinap_lenrek
b9d2a9efd5 wifi: don't implicitely update lastseen timestamp on nodelookup()
in case we continue to send traffic (like ping) with the ap gone,
the sending would keep updating bss->lastseen which prevents the
timeout to happen to switch bss.
2017-12-28 04:34:03 +01:00
cinap_lenrek
d13142b3da etheriwl, etherwpi: limit transmit queue buffer bloat to 48k (at 22Mbit ≅ 20ms) 2017-12-28 01:24:38 +01:00
cinap_lenrek
ce9cc8a358 wifi: don't assume Wifi.rates[] is sorted, return net data rate for mbps (50% theoretical) 2017-12-28 01:19:14 +01:00
cinap_lenrek
9c6897e848 arch(3): document #P/realmodemem file 2017-12-23 04:45:22 +01:00
cinap_lenrek
96eb90fba1 devvga: removing #v/vgabios, use /dev/realmodemem instead 2017-12-23 04:26:50 +01:00
cinap_lenrek
50bea0348c kernel: convert textmode cga screen contents to kmesg only once
screeninit() might be called again by devvga when switching
to textmode, so only convert the text framebuffer to kmesg
the first time.
2017-12-23 03:56:12 +01:00
cinap_lenrek
19419329b2 auth(8): auth/debug tests both dp9ik and p9sk1 2017-12-23 03:21:01 +01:00
cinap_lenrek
02b6831fa5 kernel: remove Ipifc.mbps, unused. 2017-12-23 02:58:47 +01:00
cinap_lenrek
47f40d8e26 /lib/bullshit: blockchain 2017-12-22 18:26:54 +01:00
cinap_lenrek
3b7f73ccff ip/tinc: handle and set ethertype for ipv6 2017-12-21 04:11:02 +01:00
cinap_lenrek
21b5656d89 upas/fs: more bugs 2017-12-19 20:57:24 +01:00
cinap_lenrek
a84a5c21ce upas/fs: fix precedence bugs, compare digest pointer to nil 2017-12-19 20:44:15 +01:00
cinap_lenrek
417bdbb869 ether8169: add Macv45 for RTL8111HN, rename Macv45 -> Macv42 (thanks qeed, sam-d) 2017-12-19 00:03:54 +01:00
cinap_lenrek
3e22f7ef1d nusb/ether: dont forward loopback packets on bridges, remove read nonblocking hack 2017-12-18 20:50:25 +01:00
cinap_lenrek
c1eb4b8d68 devether: dont forward loopback packets on bridges 2017-12-18 20:47:55 +01:00
cinap_lenrek
1f80d31f41 devbridge: disable write blocking on ethernets 2017-12-18 20:44:53 +01:00
cinap_lenrek
e31934f9f3 bridge(3): clarify manpage, this is a layer2 bridge
yes, it peeks into IP packets to handle fragmentation when sending
onto tunnel ports and does mss clamping. but it can carry arbitrary
ethernet packets just fine (between ethernets).
2017-12-17 20:51:41 +01:00
cinap_lenrek
3e48a66665 pc, pc64: add devbridge to kernel configuration 2017-12-17 20:33:39 +01:00
cinap_lenrek
520c938f0b devbridge: fix mss clamping
- use protocol constants from ip/ip.h and ip/ipv6.h
- support mss clamping for ipv6
- fix padding bug on 64 bit machines (can't use sizeof(Tcphdr))
2017-12-17 20:30:24 +01:00
cinap_lenrek
0affe02b61 ip/tinc: handle single byte noop and end-of-option-list tcp options in clampmss() 2017-12-17 20:20:17 +01:00
cinap_lenrek
15ff38e818 wifi: use protocol constants from ip/ip.h and ip/ipv6.h for dmatproxy() 2017-12-17 17:17:26 +01:00
cinap_lenrek
070a9ef753 wifi: matt damon wifi bridging support 2017-12-16 21:43:47 +01:00
cinap_lenrek
9fd8894fec ether: allow spoofing of source mac address for bridges; used by vmx
to implement layer 2 bridges in userspace, we disable to auto filling
of the source mac address when bridge mode is enabled on the
connection.
2017-12-15 22:22:29 +01:00