Fix bugs and make improvements to redbean

- Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2025-07-08 04:08:32 +00:00 · 2021-08-06 14:12:11 -07:00 · 2021-08-06 14:12:11 -07:00 · aeeb851422
commit aeeb851422
parent 55a15c204e
26 changed files with 703 additions and 513 deletions
--- a/third_party/mbedtls/config.h
+++ b/third_party/mbedtls/config.h
@ -2,6 +2,7 @@
 #define MBEDTLS_CONFIG_H_
 #include "libc/dce.h"

+/* /\* uncomment for testing old cpu code paths *\/ */
 /* #include "libc/nexgen32e/x86feature.h" */
 /* #undef X86_HAVE */
 /* #define X86_HAVE(x) 0 */
--- a/third_party/mbedtls/ecp384.c
+++ b/third_party/mbedtls/ecp384.c
@ -35,21 +35,22 @@ mbedtls_p384_isz( uint64_t p[6] )
    return( !p[0] & !p[1] & !p[2] & !p[3] & !p[4] & !p[5] );
 }

-bool mbedtls_p384_gte( uint64_t p[7] )
+static bool
+mbedtls_p384_gte( uint64_t p[7] )
 {
    return( (((int64_t)p[6] > 0) |
             (!p[6] &
-              (p[5] > 0xffffffffffffffff |
-               (p[5] == 0xffffffffffffffff &
-                (p[4] > 0xffffffffffffffff |
-                 (p[4] == 0xffffffffffffffff &
-                  (p[3] > 0xffffffffffffffff |
-                   (p[3] == 0xffffffffffffffff &
-                    (p[2] > 0xfffffffffffffffe |
-                     (p[2] == 0xfffffffffffffffe &
-                      (p[1] > 0xffffffff00000000 |
-                       (p[1] == 0xffffffff00000000 &
-                        (p[0] > 0x00000000ffffffff |
+              ((p[5] > 0xffffffffffffffff) |
+               ((p[5] == 0xffffffffffffffff) &
+                ((p[4] > 0xffffffffffffffff) |
+                 ((p[4] == 0xffffffffffffffff) &
+                  ((p[3] > 0xffffffffffffffff) |
+                   ((p[3] == 0xffffffffffffffff) &
+                    ((p[2] > 0xfffffffffffffffe) |
+                     ((p[2] == 0xfffffffffffffffe) &
+                      ((p[1] > 0xffffffff00000000) |
+                       ((p[1] == 0xffffffff00000000) &
+                        ((p[0] > 0x00000000ffffffff) |
                         (p[0] == 0x00000000ffffffff)))))))))))))) );
 }

@ -128,7 +129,8 @@ mbedtls_p384_gro( uint64_t p[7] )
 #endif
 }

-void mbedtls_p384_rum( uint64_t p[7] )
+static inline void
+mbedtls_p384_rum( uint64_t p[7] )
 {
    while( mbedtls_p384_gte( p ) )
        mbedtls_p384_red( p );
@ -142,9 +144,7 @@ void mbedtls_p384_mod( uint64_t X[12] )
            mbedtls_p384_gro(X);
        } while( (int64_t)X[6] < 0 );
    } else {
-        while( mbedtls_p384_gte(X) ){
-            mbedtls_p384_red(X);
-        }
+        mbedtls_p384_rum(X);
    }
 }

--- a/third_party/mbedtls/ecp_internal.h
+++ b/third_party/mbedtls/ecp_internal.h
@ -261,7 +261,6 @@ int mbedtls_p384_normalize_jac( const mbedtls_ecp_group *,
 int mbedtls_p384_normalize_jac_many( const mbedtls_ecp_group *,
                                     mbedtls_ecp_point *[], size_t );

-void mbedtls_p384_rum( uint64_t p[7] );
 void mbedtls_p384_mod( uint64_t X[12] );

 #endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_INTERNAL_H_ */
--- a/third_party/mbedtls/test/secp384r1_test.c
+++ b/third_party/mbedtls/test/secp384r1_test.c
@ -27,6 +27,8 @@
 #include "third_party/mbedtls/math.h"
 #ifdef MBEDTLS_ECP_C

+/*P=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff*/
+
 int ecp_mod_p384_old(mbedtls_mpi *);

 int GetEntropy(void *c, unsigned char *p, size_t n) {
@ -97,14 +99,6 @@ TEST(secp384r1, needsDownwardCorrection) {

 TEST(secp384r1, needsUpwardCorrection) {
  int i;
-  uint64_t P[6] = {
-      0x00000000ffffffff,  //
-      0xffffffff00000000,  //
-      0xfffffffffffffffe,  //
-      0xffffffffffffffff,  //
-      0xffffffffffffffff,  //
-      0xffffffffffffffff,  //
-  };
  uint64_t X[12] = {
      0x0000000000000000,  //
      0x0000000000000000,  //
@ -136,6 +130,35 @@ TEST(secp384r1, needsUpwardCorrection) {
  }
 }

+TEST(secp384r1, largestInput_quasiModNeedsTwoDownwardCorrections) {
+  int i;
+  uint64_t X[12] = {
+      // X = (P-1)*(P-1)
+      0xfffffffc00000004,  //
+      0x0000000400000000,  //
+      0xfffffffe00000002,  //
+      0x0000000200000000,  //
+      0x0000000000000001,  //
+      0x0000000000000000,  //
+      0x00000001fffffffc,  //
+      0xfffffffe00000000,  //
+      0xfffffffffffffffd,  //
+      0xffffffffffffffff,  //
+      0xffffffffffffffff,  //
+      0xffffffffffffffff,  //
+  };
+  uint64_t W[12] /* W = X mod P */ = {
+      0x0000000000000001,  //
+  };
+  mbedtls_p384_mod(X);
+  if (memcmp(W, X, 12 * 8)) {
+    for (i = 0; i < 12; ++i) {
+      printf("0x%016lx vs. 0x%016lx %d\n", W[i], X[i], W[i] == X[i]);
+    }
+    ASSERT_TRUE(false);
+  }
+}
+
 BENCH(secp384r1, bench) {
  mbedtls_mpi A;
  mbedtls_mpi_init(&A);