musl 0.9.5 release and new website

musl 0.9.5 release and new website

[Rich Felker]

Hi all,

I've just released musl 0.9.5, along with the launch of the new
website, http://www.musl-libc.org, which is hopefully a lot more
informative and better at promoting musl. The new site is not
complete, but it's presentable; ideas for improving it are welcome.

Release announcement follows:

    Default-features mode now makes visible POSIX, X/Open, and BSD
    interfaces when no specific standards-conformance options are
    requested, making it possible to compile most packages without
    special CFLAGS. Major header compatibility improvements. Building
    musl with clang/LLVM is now supported. SHA password hash functions
    have been added. New dynamic linker features including dladdr and
    GNU hash support. Various other minor features and bug fixes.

    http://www.etalabs.net/musl/releases/musl-0.9.5.tar.gz
    or http://www.musl-libc.org/releases/musl-0.9.5.tar.gz

As of this release, hacking -D_GNU_SOURCE into the CFLAGS of every
single program you want to compile is no longer necessary or
recommended. This should greatly improve the "out of the box"
experience using musl. The new website is updated with this
information; the wiki still needs some changes, I think.

Post-release priorities are adding the last of the missing Linux
syscalls, md5 crypt, and the long-elusive scheduling priority
interfaces. And of course integrating ports. I'd really like to have
microblaze support with full dynamic linking (will musl be the first
to support it?) in the next release, as well as more basic things like
mips64 and ppc.

Rich

Re: musl 0.9.5 release and new website

[Szabolcs Nagy]

[-- Attachment #1: Type: text/plain, Size: 996 bytes --]

* Rich Felker <dalias@aerifal.cx> [2012-09-15 04:12:27 -0400]:
> website, http://www.musl-libc.org, which is hopefully a lot more

i would http redirect the non 'www.' prefixed host
to the 'www.' prefixed one

with thttpd you can do it by using a musl-libc.org
cgi script like

#!/bin/sh
U="http://www.musl-libc.org$PATH_INFO"
cat <<EOF
Location: $U
Status: 301 Moved Permanently
Content-Type: text/html

<html><head><title>Moved</title></head><body>
moved to <a href="$U">$U</a>
</body></html>
EOF

> Post-release priorities are adding the last of the missing Linux
> syscalls, md5 crypt, and the long-elusive scheduling priority

i attached an md5 crypt implementation

i set the key limit to 30000 but that
can be lowered

i'm not sure about the copyright notice in the middle
as the code was rewritten from scratch so nothing
was actually copied
but the old bsd code is the specification itself
and it is copyrighted:

http://svnweb.FreeBSD.org/base/head/lib/libcrypt/crypt-md5.c?view=markup

[-- Attachment #2: crypt_md5.c --]
[-- Type: text/x-csrc, Size: 8118 bytes --]

/*
 * md5 crypt implementation
 *
 * original md5 crypt design is from Poul-Henning Kamp
 * this implementation was created based on the code in freebsd
 * at least 32bit int is assumed, key is limited and $1$ prefix is mandatory,
 * on error "*" is returned
 */
#include <string.h>
#include <stdint.h>

/* public domain md5 implementation based on rfc1321 and libtomcrypt */

struct md5 {
	uint64_t len;    /* processed message length */
	uint32_t h[4];   /* hash state */
	uint8_t buf[64]; /* message block buffer */
};

static uint32_t rol(uint32_t n, int k) { return (n << k) | (n >> (32-k)); }
#define F(x,y,z) (z ^ (x & (y ^ z)))
#define G(x,y,z) (y ^ (z & (y ^ x)))
#define H(x,y,z) (x ^ y ^ z)
#define I(x,y,z) (y ^ (x | ~z))
#define FF(a,b,c,d,w,s,t) a += F(b,c,d) + w + t; a = rol(a,s) + b
#define GG(a,b,c,d,w,s,t) a += G(b,c,d) + w + t; a = rol(a,s) + b
#define HH(a,b,c,d,w,s,t) a += H(b,c,d) + w + t; a = rol(a,s) + b
#define II(a,b,c,d,w,s,t) a += I(b,c,d) + w + t; a = rol(a,s) + b

static const uint32_t tab[64] = {
0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
};

static void processblock(struct md5 *s, const uint8_t *buf)
{
	uint32_t i, W[16], a, b, c, d;

	for (i = 0; i < 16; i++) {
		W[i] = buf[4*i];
		W[i] |= (uint32_t)buf[4*i+1]<<8;
		W[i] |= (uint32_t)buf[4*i+2]<<16;
		W[i] |= (uint32_t)buf[4*i+3]<<24;
	}

	a = s->h[0];
	b = s->h[1];
	c = s->h[2];
	d = s->h[3];

	i = 0;
	while (i < 16) {
		FF(a,b,c,d, W[i],  7, tab[i]); i++;
		FF(d,a,b,c, W[i], 12, tab[i]); i++;
		FF(c,d,a,b, W[i], 17, tab[i]); i++;
		FF(b,c,d,a, W[i], 22, tab[i]); i++;
	}
	while (i < 32) {
		GG(a,b,c,d, W[(5*i+1)%16],  5, tab[i]); i++;
		GG(d,a,b,c, W[(5*i+1)%16],  9, tab[i]); i++;
		GG(c,d,a,b, W[(5*i+1)%16], 14, tab[i]); i++;
		GG(b,c,d,a, W[(5*i+1)%16], 20, tab[i]); i++;
	}
	while (i < 48) {
		HH(a,b,c,d, W[(3*i+5)%16],  4, tab[i]); i++;
		HH(d,a,b,c, W[(3*i+5)%16], 11, tab[i]); i++;
		HH(c,d,a,b, W[(3*i+5)%16], 16, tab[i]); i++;
		HH(b,c,d,a, W[(3*i+5)%16], 23, tab[i]); i++;
	}
	while (i < 64) {
		II(a,b,c,d, W[7*i%16],  6, tab[i]); i++;
		II(d,a,b,c, W[7*i%16], 10, tab[i]); i++;
		II(c,d,a,b, W[7*i%16], 15, tab[i]); i++;
		II(b,c,d,a, W[7*i%16], 21, tab[i]); i++;
	}

	s->h[0] += a;
	s->h[1] += b;
	s->h[2] += c;
	s->h[3] += d;
}

static void pad(struct md5 *s)
{
	unsigned r = s->len % 64;

	s->buf[r++] = 0x80;
	if (r > 56) {
		memset(s->buf + r, 0, 64 - r);
		r = 0;
		processblock(s, s->buf);
	}
	memset(s->buf + r, 0, 56 - r);
	s->len *= 8;
	s->buf[56] = s->len;
	s->buf[57] = s->len >> 8;
	s->buf[58] = s->len >> 16;
	s->buf[59] = s->len >> 24;
	s->buf[60] = s->len >> 32;
	s->buf[61] = s->len >> 40;
	s->buf[62] = s->len >> 48;
	s->buf[63] = s->len >> 56;
	processblock(s, s->buf);
}

static void md5_init(struct md5 *s)
{
	s->len = 0;
	s->h[0] = 0x67452301;
	s->h[1] = 0xefcdab89;
	s->h[2] = 0x98badcfe;
	s->h[3] = 0x10325476;
}

static void md5_sum(struct md5 *s, uint8_t md[16])
{
	int i;

	pad(s);
	for (i = 0; i < 4; i++) {
		md[4*i] = s->h[i];
		md[4*i+1] = s->h[i] >> 8;
		md[4*i+2] = s->h[i] >> 16;
		md[4*i+3] = s->h[i] >> 24;
	}
}

static void md5_update(struct md5 *s, const void *m, unsigned long len)
{
	const uint8_t *p = m;
	unsigned r = s->len % 64;

	s->len += len;
	if (r) {
		if (len < 64 - r) {
			memcpy(s->buf + r, p, len);
			return;
		}
		memcpy(s->buf + r, p, 64 - r);
		len -= 64 - r;
		p += 64 - r;
		processblock(s, s->buf);
	}
	for (; len >= 64; len -= 64, p += 64)
		processblock(s, p);
	memcpy(s->buf, p, len);
}

/*-
 * Copyright (c) 2003 Poul-Henning Kamp
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/* key limit is not part of the original design, added for DoS protection */
#define KEY_MAX 30000
#define SALT_MAX 8

static unsigned char b64[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

static char *to64(char *s, unsigned int u, int n)
{
	while (--n >= 0) {
		*s++ = b64[u % 64];
		u /= 64;
	}
	return s;
}

static char *md5crypt(const char *key, const char *setting, char *output)
{
	struct md5 ctx;
	unsigned char md[16];
	unsigned int i, klen, slen;
	const char *salt;
	char *p;

	/* reject large keys */
	klen = strnlen(key, KEY_MAX+1);
	if (klen > KEY_MAX)
		return 0;

	/* setting: $1$salt$ (closing $ is optional) */
	if (strncmp(setting, "$1$", 3) != 0)
		return 0;
	salt = setting + 3;
	for (i = 0; i < SALT_MAX && salt[i] && salt[i] != '$'; i++);
	slen = i;

	/* md5(key salt key) */
	md5_init(&ctx);
	md5_update(&ctx, key, klen);
	md5_update(&ctx, salt, slen);
	md5_update(&ctx, key, klen);
	md5_sum(&ctx, md);

	/* md5(key $1$ salt repeated-md weird-key[0]-0) */
	md5_init(&ctx);
	md5_update(&ctx, key, klen);
	md5_update(&ctx, setting, 3 + slen);
	for (i = klen; i > sizeof md; i -= sizeof md)
		md5_update(&ctx, md, sizeof md);
	md5_update(&ctx, md, i);
	md[0] = 0;
	for (i = klen; i; i >>= 1)
		if (i & 1)
			md5_update(&ctx, md, 1);
		else
			md5_update(&ctx, key, 1);
	md5_sum(&ctx, md);

	/* md = f(md, key, salt) iteration */
	for (i = 0; i < 1000; i++) {
		md5_init(&ctx);
		if (i % 2)
			md5_update(&ctx, key, klen);
		else
			md5_update(&ctx, md, sizeof md);
		if (i % 3)
			md5_update(&ctx, salt, slen);
		if (i % 7)
			md5_update(&ctx, key, klen);
		if (i % 2)
			md5_update(&ctx, md, sizeof md);
		else
			md5_update(&ctx, key, klen);
		md5_sum(&ctx, md);
	}

	/* output is $1$salt$hash */
	memcpy(output, setting, 3 + slen);
	p = output + 3 + slen;
	*p++ = '$';
	static const unsigned char perm[][3] = {
		0,6,12,1,7,13,2,8,14,3,9,15,4,10,5 };
	for (i=0; i<5; i++) p = to64(p,
		(md[perm[i][0]]<<16)|(md[perm[i][1]]<<8)|md[perm[i][2]], 4);
	p = to64(p, md[11], 2);
	*p = 0;

	return output;
}

char *__crypt_md5(const char *key, const char *setting, char *output)
{
	static const char testkey[] = "Xy01@#\x01\x02\x80\x7f\xff\r\n\x81\t !";
	static const char testsetting[] = "$1$abcd0123$";
	static const char testhash[] = "$1$abcd0123$9Qcg8DyviekV3tDGMZynJ1";
	char testbuf[64];
	char *p, *q;

	p = md5crypt(key, setting, output);
	/* self test and stack cleanup */
	q = md5crypt(testkey, testsetting, testbuf);
	if (!p || q != testbuf || memcmp(testbuf, testhash, sizeof testhash))
		return "*";
	return p;
}

Re: musl 0.9.5 release and new website

[Luca Barbato]

On 09/15/2012 03:53 PM, Szabolcs Nagy wrote:
> i would http redirect the non 'www.' prefixed host
> to the 'www.' prefixed one

please do the opposite, cargo culting www is terrible.

musl-libc.org is good =P

lu

Re: musl 0.9.5 release and new website

[Isaac Dunham]

On Sat, 15 Sep 2012 04:12:27 -0400
Rich Felker <dalias@aerifal.cx> wrote:

> Hi all,
> 
> I've just released musl 0.9.5, along with the launch of the new
> website, http://www.musl-libc.org, which is hopefully a lot more
> informative and better at promoting musl. The new site is not
> complete, but it's presentable; ideas for improving it are welcome.
> 
> Release announcement follows:
> 
>     Default-features mode now makes visible POSIX, X/Open, and BSD
>     interfaces when no specific standards-conformance options are
>     requested, making it possible to compile most packages without
>     special CFLAGS. Major header compatibility improvements. Building
>     musl with clang/LLVM is now supported. SHA password hash functions

In that case, you might add "or Clang/LLVM <version number>" after "gcc 3.2 or later" on the FAQ page. It would be wise to note that older Clang versions handle calloc wrong, though.

>     have been added. New dynamic linker features including dladdr and
>     GNU hash support. Various other minor features and bug fixes.
> 

And what's the general speil these days?
Any other points that you'd want mentioned if someone sends an announcement to Phoronix?
-- 
Isaac Dunham <idunham@lavabit.com>

Re: musl 0.9.5 release and new website

[Rich Felker]

On Sat, Sep 15, 2012 at 03:53:41PM +0200, Szabolcs Nagy wrote:
> * Rich Felker <dalias@aerifal.cx> [2012-09-15 04:12:27 -0400]:
> > website, http://www.musl-libc.org, which is hopefully a lot more
> 
> i would http redirect the non 'www.' prefixed host
> to the 'www.' prefixed one
> 
> with thttpd you can do it by using a musl-libc.org
> cgi script like
> 
> #!/bin/sh
> U="http://www.musl-libc.org$PATH_INFO"

Wow, thanks! I had no idea how this $PATH_INFO thing worked, but it's
very nice. Is this thttpd-specific, or is it the generic way
webservers work when a non-final path element is not a directory but
instead a script? cgit is supposed to do something like this, but I
couldn't get it to work so I hacked it to use the ugly old
query-string style urls, but it would be a lot nicer if I could have
just:

http://git.musl-libc.org/musl/tree/README

etc..

Rich

Re: musl 0.9.5 release and new website

[Rich Felker]

On Sat, Sep 15, 2012 at 03:53:41PM +0200, Szabolcs Nagy wrote:
> > Post-release priorities are adding the last of the missing Linux
> > syscalls, md5 crypt, and the long-elusive scheduling priority
> 
> i attached an md5 crypt implementation
> 
> i set the key limit to 30000 but that
> can be lowered
> 
> i'm not sure about the copyright notice in the middle
> as the code was rewritten from scratch so nothing
> was actually copied
> but the old bsd code is the specification itself
> and it is copyrighted:

The license is 2-clause BSD so it doesn't really matter.

> static uint32_t rol(uint32_t n, int k) { return (n << k) | (n >> (32-k)); }
> #define F(x,y,z) (z ^ (x & (y ^ z)))
> #define G(x,y,z) (y ^ (z & (y ^ x)))
> #define H(x,y,z) (x ^ y ^ z)
> #define I(x,y,z) (y ^ (x | ~z))
> #define FF(a,b,c,d,w,s,t) a += F(b,c,d) + w + t; a = rol(a,s) + b
> #define GG(a,b,c,d,w,s,t) a += G(b,c,d) + w + t; a = rol(a,s) + b
> #define HH(a,b,c,d,w,s,t) a += H(b,c,d) + w + t; a = rol(a,s) + b
> #define II(a,b,c,d,w,s,t) a += I(b,c,d) + w + t; a = rol(a,s) + b
> 
> [...]
> static void processblock(struct md5 *s, const uint8_t *buf)
> {
> 	uint32_t i, W[16], a, b, c, d;
> 
> 	for (i = 0; i < 16; i++) {
> 		W[i] = buf[4*i];
> 		W[i] |= (uint32_t)buf[4*i+1]<<8;
> 		W[i] |= (uint32_t)buf[4*i+2]<<16;
> 		W[i] |= (uint32_t)buf[4*i+3]<<24;
> 	}
> 
> 	a = s->h[0];
> 	b = s->h[1];
> 	c = s->h[2];
> 	d = s->h[3];
> 
> 	i = 0;
> 	while (i < 16) {
> 		FF(a,b,c,d, W[i],  7, tab[i]); i++;
> 		FF(d,a,b,c, W[i], 12, tab[i]); i++;
> 		FF(c,d,a,b, W[i], 17, tab[i]); i++;
> 		FF(b,c,d,a, W[i], 22, tab[i]); i++;
> 	}

This is more of the same old ugly manual unrolling. The file is small
as-is, but I think it could be a lot smaller with -Os (and same speed
as now with -O3) if the manual unrolling were removed.

I'm going to commit as-is though so I can include it in 0.9.6 (see the
other message I'm about to post).

Rich

Re: musl 0.9.5 release and new website

[Rich Felker]

On Sat, Sep 15, 2012 at 04:05:05PM +0200, Luca Barbato wrote:
> On 09/15/2012 03:53 PM, Szabolcs Nagy wrote:
> > i would http redirect the non 'www.' prefixed host
> > to the 'www.' prefixed one
> 
> please do the opposite, cargo culting www is terrible.

I disagree on this one. If the domain _IS_ a website (think
facebook.com, etc.) then I agree it's perfectly reasonable, and
probably aesthetically nicer, to have the base domain without www be
the primary name for the website. But if the domain corresponds to
some project, organization, brand, product, etc. that's not a website
itself, then www.[whatever].[tld] serves to identify it as "the
_webserver_ for [whatever]", alongside other possible servers like the
git server, the ftp server, etc. The idea of using different domain
names for each of them is that you can transparently move them to
different machines without breaking urls.

Using a redirecting webserver on the base domain name doesn't really
conflict with this principle since it's not something that would need
to be moved; it's a very low-load service that's only hit when someone
lazy types the url by hand...

Rich

Re: musl 0.9.5 release and new website

[Rich Felker]

On Sat, Sep 15, 2012 at 04:12:27AM -0400, Rich Felker wrote:
> Hi all,
> 
> I've just released musl 0.9.5, along with the launch of the new

Unfortunately, a nasty bug crept into 0.9.5 that could cause
widespread subtle breakage; O_ACCMODE was defined incorrectly when
O_SEARCH support was added. I'm going to release a new version with
this bug fixed and crypt_md5 added as soon as I finish confirming that
the fix works.

Rich

Re: musl 0.9.5 release and new website

[Conrad Pankoff]

There's also a few technical specifics that having www (or some other second level part) can help with.

If you have HTTP authentication (think basic auth) or you're using cookies, you should be using www or something. This is because both of these mechanisms apply to the domain where they were initiated and anything below. If you initiate basic auth on www.example.com, it'll be sent automatically when you go to www.example.com, 1.www.example.com, etc. It won't, however, be sent to example.com or something-else.example.com. Same deal with cookies.

Regards,
Conrad

On 16/09/2012, at 1:35 PM, Rich Felker wrote:

> On Sat, Sep 15, 2012 at 04:05:05PM +0200, Luca Barbato wrote:
>> On 09/15/2012 03:53 PM, Szabolcs Nagy wrote:
>>> i would http redirect the non 'www.' prefixed host
>>> to the 'www.' prefixed one
>> 
>> please do the opposite, cargo culting www is terrible.
> 
> I disagree on this one. If the domain _IS_ a website (think
> facebook.com, etc.) then I agree it's perfectly reasonable, and
> probably aesthetically nicer, to have the base domain without www be
> the primary name for the website. But if the domain corresponds to
> some project, organization, brand, product, etc. that's not a website
> itself, then www.[whatever].[tld] serves to identify it as "the
> _webserver_ for [whatever]", alongside other possible servers like the
> git server, the ftp server, etc. The idea of using different domain
> names for each of them is that you can transparently move them to
> different machines without breaking urls.
> 
> Using a redirecting webserver on the base domain name doesn't really
> conflict with this principle since it's not something that would need
> to be moved; it's a very low-load service that's only hit when someone
> lazy types the url by hand...
> 
> Rich

Re: musl 0.9.5 release and new website

[Gregor Richards]

On 09/15/2012 08:48 PM, Conrad Pankoff wrote:
> On 16/09/2012, at 1:35 PM, Rich Felker wrote:
>
>> On Sat, Sep 15, 2012 at 04:05:05PM +0200, Luca Barbato wrote:
>>> On 09/15/2012 03:53 PM, Szabolcs Nagy wrote:
>>>> i would http redirect the non 'www.' prefixed host
>>>> to the 'www.' prefixed one
>>> please do the opposite, cargo culting www is terrible.
>> I disagree on this one. If the domain _IS_ a website (think
>> facebook.com, etc.) then I agree it's perfectly reasonable, and
>> probably aesthetically nicer, to have the base domain without www be
>> the primary name for the website. But if the domain corresponds to
>> some project, organization, brand, product, etc. that's not a website
>> itself, then www.[whatever].[tld] serves to identify it as "the
>> _webserver_ for [whatever]", alongside other possible servers like the
>> git server, the ftp server, etc. The idea of using different domain
>> names for each of them is that you can transparently move them to
>> different machines without breaking urls.
>>
>> Using a redirecting webserver on the base domain name doesn't really
>> conflict with this principle since it's not something that would need
>> to be moved; it's a very low-load service that's only hit when someone
>> lazy types the url by hand...
>>
>> Rich
> There's also a few technical specifics that having www (or some other second level part) can help with.
>
> If you have HTTP authentication (think basic auth) or you're using cookies, you should be using www or something. This is because both of these mechanisms apply to the domain where they were initiated and anything below. If you initiate basic auth on www.example.com, it'll be sent automatically when you go to www.example.com, 1.www.example.com, etc. It won't, however, be sent to example.com or something-else.example.com. Same deal with cookies.
>
> Regards,
> Conrad
>
>
>
May I redirect our friends who would like to argue forever over the 
presence or lack of www. to one of my older projects, 
http://www.www.extra-www.org/ .

With valediction,
  - Gregor Richards

Re: musl 0.9.5 release and new website

[Szabolcs Nagy]

* Rich Felker <dalias@aerifal.cx> [2012-09-15 23:26:58 -0400]:
> Wow, thanks! I had no idea how this $PATH_INFO thing worked, but it's
> very nice. Is this thttpd-specific, or is it the generic way
> webservers work when a non-final path element is not a directory but
> instead a script? cgit is supposed to do something like this, but I
> couldn't get it to work so I hacked it to use the ugly old
> query-string style urls, but it would be a lot nicer if I could have
> just:
> 
> http://git.musl-libc.org/musl/tree/README
> 

the PATH_INFO is part of the cgi 1.1 rfc
http://www.ietf.org/rfc/rfc3875

most web servers can serve a vhost with a given
cgi script, i think in thttpd it's enough to
symlink the vhost name to the cgi script

it seems thttpd cgi handling has minor issues:
- it ignors the 301 status code
(and uses 302 redirects, so search engines don't
know that they should only index the target url)
(this seems to be patched on my system)
- the PATH_INFO for the root is '/.' instead of '/'
(but this is just a minor detail, and can be solved
with [ "$PATH_INFO" != /. ] || PATH_INFO=/)

so the redirect is not perfect now..

Re: musl 0.9.5 release and new website

[Luca Barbato]

On 9/16/12 5:35 AM, Rich Felker wrote:
> On Sat, Sep 15, 2012 at 04:05:05PM +0200, Luca Barbato wrote:
>> On 09/15/2012 03:53 PM, Szabolcs Nagy wrote:
>>> i would http redirect the non 'www.' prefixed host
>>> to the 'www.' prefixed one
>>
>> please do the opposite, cargo culting www is terrible.
>
> I disagree on this one. If the domain _IS_ a website (think
> facebook.com, etc.) then I agree it's perfectly reasonable, and
> probably aesthetically nicer, to have the base domain without www be
> the primary name for the website. But if the domain corresponds to
> some project, organization, brand, product, etc. that's not a website
> itself, then www.[whatever].[tld] serves to identify it as "the
> _webserver_ for [whatever]", alongside other possible servers like the
> git server, the ftp server, etc. The idea of using different domain
> names for each of them is that you can transparently move them to
> different machines without breaking urls.
>
> Using a redirecting webserver on the base domain name doesn't really
> conflict with this principle since it's not something that would need
> to be moved; it's a very low-load service that's only hit when someone
> lazy types the url by hand...

Fine for me then =)

lu

Re: musl 0.9.5 release and new website

[Rich Felker]

On Sun, Sep 16, 2012 at 12:31:48PM +0200, Szabolcs Nagy wrote:
> * Rich Felker <dalias@aerifal.cx> [2012-09-15 23:26:58 -0400]:
> > Wow, thanks! I had no idea how this $PATH_INFO thing worked, but it's
> > very nice. Is this thttpd-specific, or is it the generic way
> > webservers work when a non-final path element is not a directory but
> > instead a script? cgit is supposed to do something like this, but I
> > couldn't get it to work so I hacked it to use the ugly old
> > query-string style urls, but it would be a lot nicer if I could have
> > just:
> > 
> > http://git.musl-libc.org/musl/tree/README
> > 
> 
> the PATH_INFO is part of the cgi 1.1 rfc
> http://www.ietf.org/rfc/rfc3875
> 
> most web servers can serve a vhost with a given
> cgi script, i think in thttpd it's enough to
> symlink the vhost name to the cgi script
> 
> it seems thttpd cgi handling has minor issues:
> - it ignors the 301 status code
> (and uses 302 redirects, so search engines don't
> know that they should only index the target url)
> (this seems to be patched on my system)
> - the PATH_INFO for the root is '/.' instead of '/'
> (but this is just a minor detail, and can be solved
> with [ "$PATH_INFO" != /. ] || PATH_INFO=/)
> 
> so the redirect is not perfect now..

I'll look at it later and try to improve it. If you have ideas for how
to do so, let me know. Thanks again!

Rich

Re: musl 0.9.5 release and new website

[Szabolcs Nagy]

[-- Attachment #1: Type: text/plain, Size: 630 bytes --]

* Rich Felker <dalias@aerifal.cx> [2012-09-15 23:29:31 -0400]:
> On Sat, Sep 15, 2012 at 03:53:41PM +0200, Szabolcs Nagy wrote:
> > 	while (i < 16) {
> > 		FF(a,b,c,d, W[i],  7, tab[i]); i++;
> > 		FF(d,a,b,c, W[i], 12, tab[i]); i++;
> > 		FF(c,d,a,b, W[i], 17, tab[i]); i++;
> > 		FF(b,c,d,a, W[i], 22, tab[i]); i++;
> > 	}
> 
> This is more of the same old ugly manual unrolling. The file is small
> as-is, but I think it could be a lot smaller with -Os (and same speed
> as now with -O3) if the manual unrolling were removed.
> 

ok i removed the unrolling, the difference is about 200 bytes

is the 30K key limit reasonable?


[-- Attachment #2: md5.diff --]
[-- Type: text/x-diff, Size: 3121 bytes --]

diff --git a/src/crypt/crypt_md5.c b/src/crypt/crypt_md5.c
index 02f2244..684a9fe 100644
--- a/src/crypt/crypt_md5.c
+++ b/src/crypt/crypt_md5.c
@@ -22,11 +22,23 @@ static uint32_t rol(uint32_t n, int k) { return (n << k) | (n >> (32-k)); }
 #define G(x,y,z) (y ^ (z & (y ^ x)))
 #define H(x,y,z) (x ^ y ^ z)
 #define I(x,y,z) (y ^ (x | ~z))
-#define FF(a,b,c,d,w,s,t) a += F(b,c,d) + w + t; a = rol(a,s) + b
-#define GG(a,b,c,d,w,s,t) a += G(b,c,d) + w + t; a = rol(a,s) + b
-#define HH(a,b,c,d,w,s,t) a += H(b,c,d) + w + t; a = rol(a,s) + b
-#define II(a,b,c,d,w,s,t) a += I(b,c,d) + w + t; a = rol(a,s) + b
+#define FF(a,b,c,d,w,r,t) a += F(b,c,d) + w + t; a = rol(a,r) + b
+#define GG(a,b,c,d,w,r,t) a += G(b,c,d) + w + t; a = rol(a,r) + b
+#define HH(a,b,c,d,w,r,t) a += H(b,c,d) + w + t; a = rol(a,r) + b
+#define II(a,b,c,d,w,r,t) a += I(b,c,d) + w + t; a = rol(a,r) + b
 
+static const uint8_t idx[64] = {
+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
+1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12,
+5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2,
+0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9
+};
+static const uint8_t rot[64] = {
+7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22,
+5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20,
+4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23,
+6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21
+};
 static const uint32_t tab[64] = {
 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
@@ -40,7 +52,7 @@ static const uint32_t tab[64] = {
 
 static void processblock(struct md5 *s, const uint8_t *buf)
 {
-	uint32_t i, W[16], a, b, c, d;
+	uint32_t i, W[16], a, b, c, d, x;
 
 	for (i = 0; i < 16; i++) {
 		W[i] = buf[4*i];
@@ -54,30 +66,21 @@ static void processblock(struct md5 *s, const uint8_t *buf)
 	c = s->h[2];
 	d = s->h[3];
 
-	i = 0;
-	while (i < 16) {
-		FF(a,b,c,d, W[i],  7, tab[i]); i++;
-		FF(d,a,b,c, W[i], 12, tab[i]); i++;
-		FF(c,d,a,b, W[i], 17, tab[i]); i++;
-		FF(b,c,d,a, W[i], 22, tab[i]); i++;
+	for (i = 0; i < 16; i++) {
+		FF(a,b,c,d,W[idx[i]],rot[i],tab[i]);
+		x = d; d = c; c = b; b = a; a = x;
 	}
-	while (i < 32) {
-		GG(a,b,c,d, W[(5*i+1)%16],  5, tab[i]); i++;
-		GG(d,a,b,c, W[(5*i+1)%16],  9, tab[i]); i++;
-		GG(c,d,a,b, W[(5*i+1)%16], 14, tab[i]); i++;
-		GG(b,c,d,a, W[(5*i+1)%16], 20, tab[i]); i++;
+	for (; i < 32; i++) {
+		GG(a,b,c,d,W[idx[i]],rot[i],tab[i]);
+		x = d; d = c; c = b; b = a; a = x;
 	}
-	while (i < 48) {
-		HH(a,b,c,d, W[(3*i+5)%16],  4, tab[i]); i++;
-		HH(d,a,b,c, W[(3*i+5)%16], 11, tab[i]); i++;
-		HH(c,d,a,b, W[(3*i+5)%16], 16, tab[i]); i++;
-		HH(b,c,d,a, W[(3*i+5)%16], 23, tab[i]); i++;
+	for (; i < 48; i++) {
+		HH(a,b,c,d,W[idx[i]],rot[i],tab[i]);
+		x = d; d = c; c = b; b = a; a = x;
 	}
-	while (i < 64) {
-		II(a,b,c,d, W[7*i%16],  6, tab[i]); i++;
-		II(d,a,b,c, W[7*i%16], 10, tab[i]); i++;
-		II(c,d,a,b, W[7*i%16], 15, tab[i]); i++;
-		II(b,c,d,a, W[7*i%16], 21, tab[i]); i++;
+	for (; i < 64; i++) {
+		II(a,b,c,d,W[idx[i]],rot[i],tab[i]);
+		x = d; d = c; c = b; b = a; a = x;
 	}
 
 	s->h[0] += a;

Re: musl 0.9.5 release and new website

[Rich Felker]

On Sun, Sep 16, 2012 at 11:42:08PM +0200, Szabolcs Nagy wrote:
> * Rich Felker <dalias@aerifal.cx> [2012-09-15 23:29:31 -0400]:
> > On Sat, Sep 15, 2012 at 03:53:41PM +0200, Szabolcs Nagy wrote:
> > > 	while (i < 16) {
> > > 		FF(a,b,c,d, W[i],  7, tab[i]); i++;
> > > 		FF(d,a,b,c, W[i], 12, tab[i]); i++;
> > > 		FF(c,d,a,b, W[i], 17, tab[i]); i++;
> > > 		FF(b,c,d,a, W[i], 22, tab[i]); i++;
> > > 	}
> > 
> > This is more of the same old ugly manual unrolling. The file is small
> > as-is, but I think it could be a lot smaller with -Os (and same speed
> > as now with -O3) if the manual unrolling were removed.
> > 
> 
> ok i removed the unrolling, the difference is about 200 bytes

Thanks. Unfortunately it's 10% slower at -O3 (and about 20% slower at
-Os), but as since there doesn't seem to be any way to configure
rounds, crypt_md5 performance is probably mostly irrelevant.

> is the 30K key limit reasonable?

I don't know; can you explain the motivation?

> -#define FF(a,b,c,d,w,s,t) a += F(b,c,d) + w + t; a = rol(a,s) + b
> -#define GG(a,b,c,d,w,s,t) a += G(b,c,d) + w + t; a = rol(a,s) + b
> -#define HH(a,b,c,d,w,s,t) a += H(b,c,d) + w + t; a = rol(a,s) + b
> -#define II(a,b,c,d,w,s,t) a += I(b,c,d) + w + t; a = rol(a,s) + b
> +#define FF(a,b,c,d,w,r,t) a += F(b,c,d) + w + t; a = rol(a,r) + b
> +#define GG(a,b,c,d,w,r,t) a += G(b,c,d) + w + t; a = rol(a,r) + b
> +#define HH(a,b,c,d,w,r,t) a += H(b,c,d) + w + t; a = rol(a,r) + b
> +#define II(a,b,c,d,w,r,t) a += I(b,c,d) + w + t; a = rol(a,r) + b

Is this changing anything but the argument name? Why the change?

> +static const uint8_t idx[64] = {
> +0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
> +1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12,
> +5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2,
> +0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9
> +};
> +static const uint8_t rot[64] = {
> +7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22,
> +5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20,
> +4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23,
> +6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21

It would be nice if these could be done without tables. As-is, I'm not
really sure the the de-unrolled code is all that much cleaner than the
original, but at least it's slightly smaller...

Rich

Re: musl 0.9.5 release and new website

[Szabolcs Nagy]

* Rich Felker <dalias@aerifal.cx> [2012-09-16 23:02:41 -0400]:
> On Sun, Sep 16, 2012 at 11:42:08PM +0200, Szabolcs Nagy wrote:
> > is the 30K key limit reasonable?
> 
> I don't know; can you explain the motivation?
> 

allowing 1G long key is clearly wrong because of dos
disallowing 20 byte key is wrong as well

so i picked a random number in between

we can use 256 to be consistent with sha crypt
but md5 crypt is less attackable this way

> > -#define FF(a,b,c,d,w,s,t) a += F(b,c,d) + w + t; a = rol(a,s) + b
> > -#define GG(a,b,c,d,w,s,t) a += G(b,c,d) + w + t; a = rol(a,s) + b
> > -#define HH(a,b,c,d,w,s,t) a += H(b,c,d) + w + t; a = rol(a,s) + b
> > -#define II(a,b,c,d,w,s,t) a += I(b,c,d) + w + t; a = rol(a,s) + b
> > +#define FF(a,b,c,d,w,r,t) a += F(b,c,d) + w + t; a = rol(a,r) + b
> > +#define GG(a,b,c,d,w,r,t) a += G(b,c,d) + w + t; a = rol(a,r) + b
> > +#define HH(a,b,c,d,w,r,t) a += H(b,c,d) + w + t; a = rol(a,r) + b
> > +#define II(a,b,c,d,w,r,t) a += I(b,c,d) + w + t; a = rol(a,r) + b
> 
> Is this changing anything but the argument name? Why the change?
> 

yes
(r is for rot, t is for tab, i think it helps when
there are so many arguments)

> > +static const uint8_t idx[64] = {
> > +0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
> > +1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12,
> > +5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2,
> > +0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9
> > +};
> > +static const uint8_t rot[64] = {
> > +7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22,
> > +5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20,
> > +4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23,
> > +6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21
> 
> It would be nice if these could be done without tables. As-is, I'm not
> really sure the the de-unrolled code is all that much cleaner than the
> original, but at least it's slightly smaller...
> 

if they are calculated inline then the code is even more slow
but not really smaller (the two tables are 128 bytes)
and not really cleaner:

...
for (; i < 48; i++) {
	static const uint8_t rot[] = {4,11,16,23};

	HH(a,b,c,d,W[(3*i+5)%16],rot[i%4],tab[i]);
	x = d; d = c; c = b; b = a; a = x;
}
...

Re: musl 0.9.5 release and new website

[Rich Felker]

On Mon, Sep 17, 2012 at 09:35:32AM +0200, Szabolcs Nagy wrote:
> * Rich Felker <dalias@aerifal.cx> [2012-09-16 23:02:41 -0400]:
> > On Sun, Sep 16, 2012 at 11:42:08PM +0200, Szabolcs Nagy wrote:
> > > is the 30K key limit reasonable?
> > 
> > I don't know; can you explain the motivation?
> > 
> 
> allowing 1G long key is clearly wrong because of dos

If time only grows linearly with key length and 30k is no problem, I
suspect the runtime for a 1G key is annoying but not the biggest
problem. You already have a DoS error if your server let an
unauthenticated client allocate 1G of memory.. :-)

If it grows superlinearly, then yes, a limit is needed at whatever
point the growth becomes problematic, or just at some sane limit (like
what you did, 30k) that prevents getting to the problematic range.

Either way, I agree it can't hurt to place some reasonable limits in
place; I was just wondering if you have some comments on the growth
rate.

> > It would be nice if these could be done without tables. As-is, I'm not
> > really sure the the de-unrolled code is all that much cleaner than the
> > original, but at least it's slightly smaller...
> > 
> 
> if they are calculated inline then the code is even more slow
> but not really smaller (the two tables are 128 bytes)
> and not really cleaner:

Indeed, I was not thinking of generating tables, just wondering if
there's a simple arithmetic expression for them in terms of i...
However I don't see any obvious answer for most of them.

Rich