Commit graph

89 commits

Author SHA1 Message Date
cinap_lenrek
88060e7501 libsec: add X509reqtoRSApub() function and return subject alt names in X509to*pub() name buffer
We need a way to parse a rsa certificate request and return the public
key and subject names. The new function X509reqtoRSApub() works the
same way as X509toRSApub() but on a certificate request.

We also need to support certificates that are valid for multiple domain
names (as tlshand does not support certificate selection). For this
reason, a comma separated list is returned as the certificate subject,
making it symmetric to X509rsareq() handling.

A little helper is provided with this change (auth/x5092pub) that takes
a certificate (or a certificate request when -r flag is provided) and
outputs the RSA public key in plan 9 format appended with the subject
attribute.
2021-07-04 22:00:24 +00:00
cinap_lenrek
57d95c7325 libsec: move zero check to curve25519_dh_finish()
As checking for all zero has to be done in a timing-safe
way to avoid a side channel, it is best todo this here
instead of letting the caller deal with it.

This adds a return type of int to curve25519_dh_finish()
where returning 0 means we got a all zero shared key.

RFC7748 states:

The check for the all-zero value results from the fact
that the X25519 function produces that value if it
operates on an input corresponding to a point with small
order, where the order divides the cofactor of the curve.
2021-06-20 14:41:26 +00:00
Ori Bernstein
6445a14f63 ape/lib9: expose fd2path (thanks phil9)
Fd2path is a useful call for the netsurf plan9 frontend,
so we should expose it.
2021-02-20 21:02:07 -08:00
Ori Bernstein
bb250c4c3b ape/libm: implement log2 in libc 2021-01-30 09:19:57 -08:00
Michael Forney
988bdd05a3 [9front] ape: remove _SUSV2_SOURCE guard from inttypes.h
inttypes.h was added to C99, and this is the only header that used
_SUSV2_SOURCE.

Also, remove now unneeded _SUSV2_SOURCE from python mkfile.
2021-01-23 19:47:12 -08:00
Ori Bernstein
92d3abd818 ape: unify math.h copies
/$objtype/include/ape/math.h contained an almost
identical copy of math.h for each architecture.

The only difference between them architectures
was that some had an incorrect version of isinf
defined.

This change picks one of the versions of math.h
with a correct definition, moves it to /sys/include,
and removes the redundant versions.
2021-01-01 21:40:00 -08:00
cinap_lenrek
fc5070c600 libauth: add procsetuser() function to change user id of the calling process
Provide a central function to change the user id
of the calling process.

This is mostly used by programs to become the none
user, followed by a call to newns().
2020-12-19 17:46:55 +01:00
Ori Bernstein
658c1b9f68 libap: add strndup
strndup is part of POSIX.1, so APE should provide it.
This patch adds it, so need to patch it out of fewer
programs going forward.
2020-12-17 19:20:04 -08:00
Ori Bernstein
c1c904776c ape/limits.h: fix typo in (U)LLONG_MAX
Fix missing 'L' in the size suffix, so we were overflowing the
maximum size.
2020-09-21 11:43:31 -07:00
Ori Bernstein
ec533a1ad8 ape/ctype.h: add isblank, fix functions (thanks staalmannen)
Our ctype.h mistakenly ommitted isblank. Add it in.

While we're here, the make the 'isfoo()' functions
are broken: they're offsetting into the array, and
don't work with negative character values.

Sync the function bodies with the macros, and make
them produce correct results.
2020-08-29 11:09:20 -07:00
Ori Bernstein
46faca54ed stdio.h: correct return type of putc
The putc macro is specified as returning an int, but our
type conversion rules turned it into a uint. Put in the
appropriate cast to make the type what we want.
2020-08-10 19:36:09 -07:00
Ori Bernstein
2d59d75e3a stdio: fix warnings, make code more standard
Masking with _IO_CHMASK after the assignment causes a warning.
We're better off masking before, but casting the assignment to
prevent sign extension.
2020-07-19 14:14:14 -07:00
Ori Bernstein
1987cc69c8 stdio, ape/stdio: fix order of operations in putc
When calling putc, we need to return either EOF
or the character returned. To distinguish the
two, we need to avoid sign extending 0xff. The
code attempted to do this, but the order of
operations was wrong, so we ended up masking,
setting a character, and then sign extending
the character.

This fixes things so we mask after assignment.
2020-07-11 13:28:58 -07:00
Ori Bernstein
f08e95cd93 ape: make libplumb available under ape.
This adds the mkfiles and plumb.h to ape,
similar to how libdraw is made available.
This is used for ports such as netsurf.
2020-06-05 11:28:47 -07:00
Ori Bernstein
f860f25f05 Add stdbool.h to ape
in accordance with c99:7.16. Used by perl, trivial enough
that I feel ok with adding it before the port is fully done.
2020-05-17 08:18:49 -07:00
Ori Bernstein
73f38fc546 [ape] add missing conversion flags for scanf
We're missing type flags for:

	hh: char
	ll: vlong
	z:  size_t
	t:  ptrdiff_t
	j:  intmax_t

The lack of '%lld' was causing us to fail when parsing
timezone files. This brings us in line with the specifiers
in the C99 standard, section 7.19.6.2p11
2020-05-12 10:48:33 -07:00
Ori Bernstein
5749900573 bring stdint.h closer to spec
C99 requires that if intXX_t types are defined, int_fastxx_t and
int_leastxx_t types are defined as well. We define all three to
be identical (intXX_t == int_fastXX_t == int_leastXX_t).
2020-05-06 15:39:12 -07:00
Ori Bernstein
d935bb25d2 use #error when missing define
This makes it easier to figure out what's going wrong when
we forget to define _POSIX_SOURCE.
2020-05-01 13:29:08 -07:00
Ori Bernstein
2f67e21393 turn ptrdiff_t into a 64 bit type
while technically a 32 bit ptrdiff_t is in spec on
systems with 64 bit ponters as long as we guarantee
that individual objects are small enough, this can
confuse legitimate code, so lets fix this.
2020-03-24 14:45:15 -07:00
Ori Bernstein
0e1fec841e add intmax_t/uintmax_t as required by c99 7.18.1.5 2020-03-24 14:41:31 -07:00
cinap_lenrek
2f976d8b56 libsec: move AES XTS function prototypes to AES definition section in the header file 2020-03-01 16:02:56 +01:00
cinap_lenrek
64640083de libsec: remove hash pickle functions, document ripemd160, cleanup sechash(2) manpage 2020-03-01 15:07:44 +01:00
Ori Bernstein
98374d6eea remove C99_SPRINTF_EXTENSION define.
It's been 20 years since c99 came out. By now, if code
hasn't been fixed, it's not going to be. Requiring this
define just confuses porters.
2020-02-10 19:26:39 -08:00
Roberto E. Vargas Caballero
5e9d8a7b18 Add toascii() to ape 2019-09-09 16:00:06 +01:00
Roberto E. Vargas Caballero
e0720a48b0 Add mkstemp to stdlib.h
q
2019-09-09 15:58:39 +01:00
Ori Bernstein
ff9ce8210a Include integer limits from generic stdint.h in system-specific stdint.h 2019-09-06 18:01:52 -07:00
Ori Bernstein
c09546ccea Add missing UINTsz_MIN defines to ape stdint.h 2019-09-06 16:33:11 -07:00
cinap_lenrek
85216d3d95 auth/rsa2asn1: implement private key export with -a flag (thanks kvik)
kvik writes:

I needed to convert the RSA private key that was laying around in
secstore into a format understood by UNIX® tools like SSH.

With asn12rsa(8) we can go from the ASN.1/DER to Plan 9 format, but not
back - so I wrote the libsec function asn1encodeRSApriv(2) and used it in
rsa2asn1(8) by adding the -a flag which causes the full private key to be
encoded and output.
2019-08-30 07:34:35 +02:00
cinap_lenrek
ef1bcc7338 ape: fix stdio putc() macro, avoiding "result of operation not used" warning
moving _IO_CHMASK masking on the right hand side fixes it.
2019-06-19 23:59:25 +02:00
mischief
cb7375dcbc ape: declare gethostname 2018-12-02 03:30:22 -08:00
spew
91d0343627 ape: an implemenation of getitimer setitimer 2018-07-01 18:48:12 -04:00
spew
55c122d59f ape: add strnlen 2018-06-21 11:56:37 -04:00
spew
3b376b43af ape: provide bogus chroot implementation 2018-06-20 22:19:37 -04:00
spew
583c6d269b ape: add some common fields for stat, grp and pwd 2018-06-17 17:38:00 -04:00
cinap_lenrek
930efe67e8 ape: fix auth.h 2018-05-20 23:22:41 +02:00
qwx
19d6a98038 ape: add signed fixed size integer typedefs to u.h 2018-05-13 07:13:00 +02:00
mischief
034d0b08e9 ape: improve assert macro
in a statement such as:

if(expr)
	assert(a);
else
	assert(b);

the previous definition of assert would fail to compile, as the else
would be dangling.  with a ternary expression, this construct works
fine.
2018-04-02 21:44:21 -07:00
aiju
b7d31909f6 mptod/dtomp: add to mp.h 2018-03-09 21:30:06 +00:00
cinap_lenrek
3004f058f6 libauth: add auth_respondAI() function to get AuthInfo for mschap/mschapv2 2018-01-21 22:37:45 +01:00
cinap_lenrek
8ff72ce20d libsec: remove asn1toDSApriv() 2018-01-06 08:34:25 +01:00
cinap_lenrek
e8b46f6972 ape: update auth.h header for APE 2018-01-02 04:59:44 +01:00
cinap_lenrek
57f8b6ec75 libsec: implement SPKI fingerprinting for okCertificate()
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.

This allows certificates to be renewed independendtly of the
public key.

X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.

tlsclient will print the certificate when run with -D flag.

okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek
3356e0e731 libsec: AES-NI support for amd64
Add assembler versions for aes_encrypt/aes_decrypt and the key
setup using AES-NI instruction set. This makes aes_encrypt and
aes_decrypt into function pointers which get initialized by
the first call to setupAESstate().

Note that the expanded round key words are *NOT* stored in big
endian order as with the portable implementation. For that reason
the AESstate.ekey and AESstate.dkey fields have been changed to
void* forcing an error when someone is accessing the roundkey
words. One offender was aesXCBmac, which doesnt appear to be
used and the code looks horrible so it has been deleted.

The AES-NI implementation is for amd64 only as it requires the
kernel to save/restore the FPU state across syscalls and
pagefaults.
2017-11-12 23:15:15 +01:00
cinap_lenrek
c021390e21 libsec: rewrite aex_xts_encrypt()/aes_xts_decrypt()
the previous implementation was not portable at all, assuming
little endian in gf_mulx() and that one can cast unaligned
pointers to ulong in xor128(). also the error code is likely
to be ignored, so better abort() when the length is not a
multiple of the AES block size.

we also pass in full AESstate structures now instead of
the expanded key longs, so that we do not need to hardcode
the number of rounds. this allows each indiviaul keys to
be bigger than 128 bit.
2017-10-29 21:49:24 +01:00
cinap_lenrek
3794b1c14f libc: improve alignment of QLp structure on amd64, cosmetics
the QLp structure used to occupy 24 bytes on amd64.
with some rearranging the fields we can get it to 16 bytes,
saving 8K in the data section for the 1024 preallocated
structs in the ql arena.

the rest of the changes are of cosmetic nature:

- getqlp() zeros the next pointer, so there is no need to set
  it when queueing the entry.

- always explicitely compare pointers to nil.

- delete unused code from ape's qlock.c
2017-10-28 18:53:27 +02:00
cinap_lenrek
29411f58cf libsec: make sectorNumber argument for aes_xts routines uvlong 2017-10-17 21:36:45 +02:00
cinap_lenrek
45b7d60bf3 libsec: add AES CFB and AES OFB stream ciphers 2017-10-17 21:34:01 +02:00
cinap_lenrek
1d34a855fe ape/libsec: fix the build, bring ape libsec.h in sync with plan9 version 2017-10-16 04:06:17 +02:00
aiju
37567f07d1 update ape/bio.h (thanks jpm) 2017-05-06 14:33:52 +00:00
cinap_lenrek
d4a6dc8910 libdraw: get rid of _drawdebug variable 2017-04-29 21:03:52 +02:00