[9fans] aescbc patch

[9fans] aescbc patch

[Eric Grosse]

/sys/src/cmd/auth/secstore/aescbc.c contains a blunder.
A bug wipes out the encryption key, so the "encrypted" file is
trivially crackable.  This command had not been used anywhere yet,
as far as we know, and was only supplied as emergency backup for
decrypting a file saved on secstore (if you know its passphrase.)
Secstore itself has been properly encrypting files and is not at risk.

Many thanks to Charles Forsyth for reporting the bug.
To my embarassment, I'd long ago fixed the bug in libc and
not noticed that the broken code had been copied into aescbc.c.

I have taken this opportunity to upgrade the authentication algorithm
and padding inside aescbc.  This doesn't matter much in secstore but
might be worthwhile if you dare use aescbc for general purpose file
encryption.  Perhaps NIST will soon settle on new modes of operation
for AES and we can switch to a standardized solution. Thanks to
Daniel Bleichenbacher for advice on this.

Pick up the fixed code from   /n/sources/sys/src/cmd/auth/secstore/
or from     http://netlib.bell-labs.com/plan9dist/ureg.html
and mk aescbc.installall.

An unrelated item:  Kenji Arisawa also gets our thanks for a bug
report on the secstore client;  there was a duplicate free in the
password changing code which caused a panic as the program was ending,
but causes no harm.  This fix (and the ones above) went into sources
and the distribution last weekend, so if you've done an update
recently you're covered.

Eric