This uses NZAAT Init and Update, and AES MixColumns for Finish.
For hashtables this will need XOR with uint32_t then rotation
with uint5_t (so a total of 37 bit of entropy) for mitigation.
For entropy avalanche this needs mixing, and better handling
of the IV and/or the first four bytes, see BAFHHost* macros.
Thanks to Bob Jenkins for the one-at-a-time hash, Bret Mulvey for
the Hash.cs AvalancheTest, Jonathan “ciruZ” Schleifer and Dominik
“Natureshadow” George for discussion, Theodore “Ted” Ts'o for valuable
input on arc4random_roundhash, “poncho” for suggesting and Orson
“nightcracker” Peters for implementing MixColumns, tarent GmbH for
letting me test this empirically on a 64 GiB RAM machine.
‣ not like oksh did, but using mksh’s built-in features
• handle suggested __pure additions
• revert cid 1004F7F096867C83CF0
‣ always use our wcwidth code
‣ only use our strlcpy code if none found
• fix a couple of gcc-snapshot and clang/scan-build warnings
• mksh R49~rc1
suggested in http://crypto.stackexchange.com/questions/12145
• add pure mksh™ implementation, too, while here (since it can
replace NZAATFinish even though NZATMix is slower, both are
bijective)
one set of CTRL, UNCTRL, and new ISCTRL macros) C0 and DEL handling; the
optimisation only works for 7-bit ASCII, so those places 8-bit must pass
intact have an added check
also, while here, remove an editor oops (‘;’), oksh rcsid sync (they did
accept I was right wrt. set -e), int → bool, and code merge/cleanup
Add a proper suspend builtin that saves/restores the tty and pgrp
as needed instead of an alias that just sends SIGSTOP. Login shells
may be suspended if they are not running in an orphan process group.
TODO: I am seriously considering following Chet and changing
the way this works, by explicitly dropping privs unless the
shell is run with -p. Every other shell does it like mksh,
except Heirloom sh, which on the other hand doesn’t know any
explicit set -p or set +p (though it doesn’t know set +foo
for any foo either).
┌──┤ QUESTION: Do we need the ability to do this:
│ tg@blau:~ $ ./suidmksh -p -c 'whoami; set +p; whoami'
│ root
│ tg
If not, I’m seriously considering to drop set ±p as well,
only parse -p on the command line, with +p being the default,
and dropping FPRIVILEGED.
Thanks to RT for noticing and jilles for initial follow-up
discussion, as well as Chet Ramey for doing the sane/secure
thing instead of following Debian.
Steffen Daode Nurpmeso stumbled upon it and gave very detailed
instructions on how to reproduce it (thanks!); fix that
also only call x_bs0 if xcp < xep because *xep is undefined
prompt display routines; make Emacs and Vi share
code, permitting reducing of duplication and code
removal as well as more consistent behaviour; put
some common code into shared helper functions, too
• New x_adjust() logic (Emacs mode): when determining
what portion of a line to render use a much more
sophisticated algorithm and try to fill up ⅔ of the
total screen width (with line and prompt both) also
as wished from Steffen Daode Nurpmeso
Whenever the SIGEXIT trap was set (to anything, really)
syntax errors and interruptions were not ignored any more
in an interactive shell (where they should be, unless
set -e is used); fix that.
tbd: traps should probably only be marked as pending
and run for LLEAVE/E_NONE
tg