Mercurial > hg

view mercurial/cext/base85.c @ 52292:085cc409847d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: bump the default minimum TLS version of the client to 1.2 (BC) TLS v1.0 and v1.1 are deprecated by RFC8996[1]: These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3 in 2018)... Various browsers have disabled or removed it[2][3][4], as have various internet services, and Windows 11 has it disabled by default[5]. We should move on too. (We should also bump it on the server side, as this config only affects clients not allowing a server to negotiate down. But the only server-side config is a `devel` option to pick exactly one protocol version and is commented as a footgun, so I'm hesitant to touch that. See 7dec5e441bf7 for details, which states that using `hg serve` directly isn't expected for a web service.) I'm not knowledgeable enough in this area to know if we should follow up with disabling certain ciphers too. But this should provide better security on its own. [1] https://datatracker.ietf.org/doc/rfc8996/ [2] https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#sslversionmin [3] https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/ [4] https://security.googleblog.com/2018/10/modernizing-transport-security.html [5] https://techcommunity.microsoft.com/blog/windows-itpro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/3887947
author Matt Harbison <matt_harbison@yahoo.com>
date Mon, 11 Nov 2024 21:25:03 -0500
parents 9367571fea21
children
line wrap: on
line source

/*
 base85 codec

 Copyright 2006 Brendan Cully <brendan@kublai.com>

 This software may be used and distributed according to the terms of
 the GNU General Public License, incorporated herein by reference.

 Largely based on git's implementation
*/

#define PY_SSIZE_T_CLEAN
#include <Python.h>

#include "util.h"

static const char b85chars[] =
    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    "abcdefghijklmnopqrstuvwxyz!#$%&()*+-;<=>?@^_`{|}~";
static char b85dec[256];

static void b85prep(void)
{
	unsigned i;

	memset(b85dec, 0, sizeof(b85dec));
	for (i = 0; i < sizeof(b85chars); i++) {
		b85dec[(int)(b85chars[i])] = i + 1;
	}
}

static PyObject *b85encode(PyObject *self, PyObject *args)
{
	const unsigned char *text;
	PyObject *out;
	char *dst;
	Py_ssize_t len, olen, i;
	unsigned int acc, val, ch;
	int pad = 0;

	if (!PyArg_ParseTuple(args, "y#|p", &text, &len, &pad)) {
		return NULL;
	}

	if (pad) {
		olen = ((len + 3) / 4 * 5) - 3;
	} else {
		olen = len % 4;
		if (olen) {
			olen++;
		}
		olen += len / 4 * 5;
	}
	if (!(out = PyBytes_FromStringAndSize(NULL, olen + 3))) {
		return NULL;
	}

	dst = PyBytes_AsString(out);

	while (len) {
		acc = 0;
		for (i = 24; i >= 0; i -= 8) {
			ch = *text++;
			acc |= ch << i;
			if (--len == 0) {
				break;
			}
		}
		for (i = 4; i >= 0; i--) {
			val = acc % 85;
			acc /= 85;
			dst[i] = b85chars[val];
		}
		dst += 5;
	}

	if (!pad) {
		_PyBytes_Resize(&out, olen);
	}

	return out;
}

static PyObject *b85decode(PyObject *self, PyObject *args)
{
	PyObject *out = NULL;
	const char *text;
	char *dst;
	Py_ssize_t len, i, j, olen, cap;
	int c;
	unsigned int acc;

	if (!PyArg_ParseTuple(args, "y#", &text, &len)) {
		return NULL;
	}

	olen = len / 5 * 4;
	i = len % 5;
	if (i) {
		olen += i - 1;
	}
	if (!(out = PyBytes_FromStringAndSize(NULL, olen))) {
		return NULL;
	}

	dst = PyBytes_AsString(out);

	i = 0;
	while (i < len) {
		acc = 0;
		cap = len - i - 1;
		if (cap > 4) {
			cap = 4;
		}
		for (j = 0; j < cap; i++, j++) {
			c = b85dec[(int)*text++] - 1;
			if (c < 0) {
				PyErr_Format(
				    PyExc_ValueError,
				    "bad base85 character at position %d",
				    (int)i);
				goto bail;
			}
			acc = acc * 85 + c;
		}
		if (i++ < len) {
			c = b85dec[(int)*text++] - 1;
			if (c < 0) {
				PyErr_Format(
				    PyExc_ValueError,
				    "bad base85 character at position %d",
				    (int)i);
				goto bail;
			}
			/* overflow detection: 0xffffffff == "|NsC0",
			 * "|NsC" == 0x03030303 */
			if (acc > 0x03030303 || (acc *= 85) > 0xffffffff - c) {
				PyErr_Format(
				    PyExc_ValueError,
				    "bad base85 sequence at position %d",
				    (int)i);
				goto bail;
			}
			acc += c;
		}

		cap = olen < 4 ? olen : 4;
		olen -= cap;
		for (j = 0; j < 4 - cap; j++) {
			acc *= 85;
		}
		if (cap && cap < 4) {
			acc += 0xffffff >> (cap - 1) * 8;
		}
		for (j = 0; j < cap; j++) {
			acc = (acc << 8) | (acc >> 24);
			*dst++ = acc;
		}
	}

	return out;
bail:
	Py_XDECREF(out);
	return NULL;
}

static char base85_doc[] = "Base85 Data Encoding";

static PyMethodDef methods[] = {
    {"b85encode", b85encode, METH_VARARGS,
     "Encode text in base85.\n\n"
     "If the second parameter is true, pad the result to a multiple of "
     "five characters.\n"},
    {"b85decode", b85decode, METH_VARARGS, "Decode base85 text.\n"},
    {NULL, NULL},
};

static const int version = 1;

static struct PyModuleDef base85_module = {
    PyModuleDef_HEAD_INIT, "base85", base85_doc, -1, methods,
};

PyMODINIT_FUNC PyInit_base85(void)
{
	PyObject *m;
	b85prep();

	m = PyModule_Create(&base85_module);
	PyModule_AddIntConstant(m, "version", version);
	return m;
}