... plus the local changes from:
3b2604b Handle early gcc compilers that are missing __builtin_bswap64 or __builtin_ctz
e8236c5 Use AlignedBuffer stedda posix_memalign(). Should work on PPC OS X 10.5.
9827d12 Switch to OpenSSL AES
EL5 lacks htobe64 and friends. Using its byteswap.h requires an endianness
check in our headers, which is fragile and compiler-dependent. It's a fair
amount of code [1], and is only useful on EL5.
So instead, let's include a fallback implementation of these functions, and use
it whenever we can't find the (now-)standard Linux or OS X routines. The
fallback is endianness-independent and should work on any platform.
[1] https://github.com/rurban/mosh/commit/da1a5abd1e09f0c1e9295357bb480a643d9dc8e3
clang was spewing warnings about the unrecognized -fno-default-inline. (Oddly,
it warns only with -c, not when compiling directly to an executable.) For
completeness we also check -pipe, even though clang is OK with that one.
It should be fine to omit either flag. gcc -fno-default-inline drops the
implicit 'inline' annotation on functions defined inside a class scope, but
'inline' is only a hint anyway. -fno-default-inline does not change linkage.
-pipe is merely a compile speed optimization.
This tests cryptographic primitives implemented by others. It uses the same
interfaces and indeed the same compiled object code as the Mosh client and
server. It does not particularly test any code written for the Mosh project.
Instead of guessing the right function to use, we malloc() 15 bytes more than
we need, and compute the aligned offset within. The AlignedBuffer class takes
care of passing the original pointer to free().
This simplifies the core crypto routines, especially the error handling. In
fact there was already one error path where we were failing to call free().
"Both the privacy and the authenticity properties of OCB degrade as
per s^2 / 2^128, where s is the total number of blocks that the
adversary acquires.... In order to ensure that s^2 / 2^128 remains
small, a given key should be used to encrypt at most 2^48 blocks (2^55
bits or 4 petabytes)"
-- http://tools.ietf.org/html/draft-krovetz-ocb-03
We deem it unlikely that a legitimate user will send 4 PB through a Mosh
session. If it happens, we simply kill the session. The server and
client use the same key, so we actually need to die after 2^47 blocks.
Closes#77.
This is a precaution to avoid saving sensitive data to disk, e.g. session keys.
We expect that corefiles are not world readable, but they're still sitting on
the physical disk and it's safer just to disable creating them.
GitHub issue #71 deals with a similar concern.
This turns off -Werror by default except in the Debian package.
-Werror is inherently unportable and breaks things on OS X. While it
can cause problems in Debian too, this is at least a little better.
It also turns off -pedantic in src/protobufs, because apparently
protoc output doesn’t compile with -pedantic on all platforms.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Keegan McAllister