OpenBSD src changes summary for 2016-11-04 ==========================================
distrib/sets etc/rc lib/libc lib/libcrypto lib/libssl lib/libtls regress/lib regress/usr.bin usr.bin/nc usr.bin/tmux usr.sbin/switchd usr.sbin/syspatch usr.sbin/vmd == distrib =========================================================== 01/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/base/md.alpha ~ lists/base/md.amd64 ~ lists/base/md.armv7 ~ lists/base/md.hppa ~ lists/base/md.i386 ~ lists/base/md.landisk ~ lists/base/md.loongson ~ lists/base/md.luna88k ~ lists/base/md.macppc ~ lists/base/md.octeon ~ lists/base/md.sgi ~ lists/base/md.socppc ~ lists/base/md.sparc64 ~ lists/base/mi ~ lists/comp/mi ~ lists/man/mi > sync (deraadt@) == etc =============================================================== 02/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc rc ~ rc > spacing (rpe@) == lib =============================================================== 03/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ stdlib/malloc.c > MALLOC_STATS tweaks, by default not compiled in (otto@) libcrypto - doc/RSA_blinding_on.pod - doc/RSA_check_key.pod - doc/RSA_generate_key.pod - doc/RSA_get_ex_new_index.pod - doc/RSA_new.pod - doc/RSA_padding_add_PKCS1_type_1.pod - doc/RSA_print.pod - doc/RSA_private_encrypt.pod - doc/RSA_public_encrypt.pod - doc/RSA_set_method.pod - doc/RSA_sign.pod - doc/RSA_sign_ASN1_OCTET_STRING.pod - doc/RSA_size.pod - doc/d2i_RSAPublicKey.pod - doc/rsa.pod ~ man/Makefile + man/RSA_blinding_on.3 + man/RSA_check_key.3 + man/RSA_generate_key.3 + man/RSA_get_ex_new_index.3 + man/RSA_new.3 + man/RSA_padding_add_PKCS1_type_1.3 + man/RSA_print.3 + man/RSA_private_encrypt.3 + man/RSA_public_encrypt.3 + man/RSA_set_method.3 + man/RSA_sign.3 + man/RSA_sign_ASN1_OCTET_STRING.3 + man/RSA_size.3 + man/d2i_RSAPublicKey.3 + man/rsa.3 > convert RSA manuals from pod to mdoc (schwarze@) ~ x509/x_all.c ~ x509/x509.h > Add X509_up_ref, from boring > ok jsing@ (beck@) ~ x86cpuid.pl > In OPENSSL_wipe_cpu() on i386, which noone uses anyway, check the proper > flag for the presence of a FPU before deciding to wipe the fpu registers. > ok jsing@ (miod@) ~ cryptlib.c ~ md32_common.h ~ arch/alpha/opensslconf.h ~ arch/amd64/opensslconf.h ~ arch/arm/opensslconf.h ~ arch/hppa/opensslconf.h ~ arch/i386/opensslconf.h ~ arch/m88k/opensslconf.h ~ arch/mips64/opensslconf.h ~ arch/powerpc/opensslconf.h ~ arch/sh/opensslconf.h ~ arch/sparc/opensslconf.h ~ arch/sparc64/opensslconf.h ~ engine/eng_padlock.c ~ evp/e_aes.c ~ modes/gcm128.c ~ modes/modes_lcl.h ~ sha/sha512.c > Remove I386_ONLY define. It was only used to prefer a > faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence > in > the SHA512 code, and had not been enabled in years, if at all. > ok tom@ bcook@ (miod@) ~ Makefile > No need to reach libssl private headers and to define TERMIOS anymore. > ok bcook@ (miod@) - doc/X509_NAME_ENTRY_get_object.pod - doc/X509_NAME_add_entry_by_txt.pod - doc/X509_NAME_get_index_by_NID.pod - doc/X509_NAME_print_ex.pod - doc/X509_STORE_CTX_get_error.pod - doc/X509_STORE_CTX_get_ex_new_index.pod - doc/X509_STORE_CTX_new.pod - doc/X509_STORE_CTX_set_verify_cb.pod - doc/X509_STORE_set_verify_cb_func.pod - doc/X509_VERIFY_PARAM_set_flags.pod - doc/X509_new.pod - doc/X509_verify_cert.pod - doc/d2i_X509.pod - doc/d2i_X509_ALGOR.pod - doc/d2i_X509_CRL.pod - doc/d2i_X509_NAME.pod - doc/d2i_X509_REQ.pod - doc/d2i_X509_SIG.pod - doc/x509.pod ~ man/Makefile + man/X509_NAME_ENTRY_get_object.3 + man/X509_NAME_add_entry_by_txt.3 + man/X509_NAME_get_index_by_NID.3 + man/X509_NAME_print_ex.3 + man/X509_STORE_CTX_get_error.3 + man/X509_STORE_CTX_get_ex_new_index.3 + man/X509_STORE_CTX_new.3 + man/X509_STORE_CTX_set_verify_cb.3 + man/X509_STORE_set_verify_cb_func.3 + man/X509_VERIFY_PARAM_set_flags.3 + man/X509_new.3 + man/X509_verify_cert.3 + man/d2i_X509.3 + man/d2i_X509_ALGOR.3 + man/d2i_X509_CRL.3 + man/d2i_X509_NAME.3 + man/d2i_X509_REQ.3 + man/d2i_X509_SIG.3 + man/x509.3 > convert X509 manuals from pod to mdoc (schwarze@) ~ cryptlib.c ~ cryptlib.h ~ x86_64cpuid.pl ~ x86cpuid.pl ~ aes/asm/aes-586.pl ~ aes/asm/aes-x86_64.pl ~ aes/asm/aesni-sha1-x86_64.pl ~ bn/asm/bn-586.pl ~ bn/asm/x86-gf2m.pl ~ bn/asm/x86-mont.pl ~ bn/asm/x86_64-gf2m.pl ~ engine/eng_aesni.c ~ evp/e_aes.c ~ evp/e_aes_cbc_hmac_sha1.c ~ evp/e_rc4_hmac_md5.c ~ modes/gcm128.c ~ perlasm/x86_64-xlate.pl ~ perlasm/x86asm.pl ~ perlasm/x86gas.pl ~ rc4/asm/rc4-586.pl ~ rc4/asm/rc4-x86_64.pl ~ sha/asm/sha1-586.pl ~ sha/asm/sha1-x86_64.pl ~ sha/asm/sha512-586.pl ~ whrlpool/wp_block.c + x86_arch.h > Replace all uses of magic numbers when operating on OPENSSL_ia32_P[] by > meaningful constants in a private header file, so that reviewers can > actually > get a chance to figure out what the code is attempting to do without > knowing > all cpuid bits. > While there, turn it from an array of two 32-bit ints into a properly > aligned > 64-bit int. > Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will > now always use OPENSSL_cpu_caps() and check for the proper bits in the > whole 64-bit word it returns. > i386 tests and ok jsing@ (miod@) ~ ec/ec.h ~ ec/ec_curve.c ~ ec/ec_lcl.h + ec/ecp_nistz256.c + ec/ecp_nistz256_table.h + ec/asm/ecp_nistz256-armv4.pl + ec/asm/ecp_nistz256-sparcv9.pl + ec/asm/ecp_nistz256-x86.pl + ec/asm/ecp_nistz256-x86_64.pl > Add assembler code for the nist 256-bit GFp curve, written initially by > Intel. Obtained from BoringSSL, with some integration work borrowed from > OpenSSL 1.0.2; assembler code for arm and sparc64 borrowed from OpenSSL > 1.1.0. > None of this code is enabled in libcrypto yet. > ok beck@ jsing@ (miod@) ~ shlib_version ~ asn1/a_time_tm.c ~ asn1/asn1.h ~ man/Makefile ~ ocsp/ocsp_cl.c ~ x509/x509_lcl.h ~ x509/x509_vfy.c + man/ASN1_time_parse.3 + x509/vpm_int.h > make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden > functions.. document with a man page. > bump majors on libtls, libssl, libcrypto > ok jsing@ guenther@ (beck@) ~ arch/amd64/Makefile.inc ~ arch/arm/Makefile.inc ~ arch/i386/Makefile.inc ~ arch/sparc64/Makefile.inc > Ride the current major bump and enable assembler code for nist 256p curve, > on amd64 only for now. Stanzas to enable it on arm, i386 and sparc64 are > provided but commented out for lack of testing due to the machine room > being currently in storage. > ok jsing@ (miod@) - krb5/krb5_asn.c - krb5/krb5_asn.h ~ Makefile > Nuke the KRB5 ASN.1 code from orbit. > ok beck@ (jsing@) ~ dh/dh.h ~ dh/dh_asn1.c ~ dsa/dsa.h ~ dsa/dsa_asn1.c ~ ocsp/ocsp.h ~ ocsp/ocsp_asn.c ~ ts/ts_asn1.c > Kill a bunch of OLD_ASN1 usage by replacing ASN1_{d2i,i2d}_* with > ASN1_item_{d2i,i2d}_* equivalents. > ok guenther@ miod@ (jsing@) ~ man/ASN1_time_parse.3 > tweak previous (schwarze@) libssl ~ s3_clnt.c > Convert ssl3_get_server_kex_dhe() to CBS. > ok beck@ (jsing@) ~ ssl_asn1.c > Completely rewrite the session handling ASN.1 code using CBB and CBS. This > addresses two 2038 related issues and also adds support for allocation in > the i2d function, which will allow for simplification in the callers. > ok beck@ miod@ (jsing@) ~ ssl.h > Fix some linewrapping glitches > ok jsing@ (guenther@) ~ ssl_locl.h ~ d1_pkt.c > Make do_dtls1_write() static to d1_pkt.c and delete declarations for > three functions that were removed a while ago > ok jsing@ (guenther@) ~ shlib_version > make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden > functions.. document with a man page. > bump majors on libtls, libssl, libcrypto > ok jsing@ guenther@ (beck@) ~ Makefile ~ bytestring.h ~ pqueue.h ~ ssl_locl.h + Symbols.list > Add an explict list of exported symbols with just the functions > declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS > in the internal headers to optimize internal functions > ok jsing@ (guenther@) ~ d1_clnt.c ~ d1_meth.c ~ d1_srvr.c ~ t1_clnt.c ~ t1_meth.c ~ t1_srvr.c > The *_method_data structures can be static > ok jsing@ (guenther@) ~ d1_lib.c ~ s23_srvr.c > Mark a couple local functions as static > ok jsing@ beck@ (guenther@) ~ s3_clnt.c > Tidy up the usage of peer_ecdh_tmp, following the fixed ECDH removal. > ok beck@ (jsing@) ~ d1_clnt.c ~ s3_clnt.c ~ ssl_locl.h > Rename ssl3_get_key_exchange() to ssl3_get_server_key_exchange(), since > that's what it really is. > ok miod@ (jsing@) libtls ~ tls.h ~ tls_config.c ~ tls_init.3 ~ tls_internal.h ~ tls_ocsp.c > Add ocsp_require_stapling config option for tls - allows a connection > to indicate that it requires the peer to provide a stapled OCSP response > with the handshake. Provide a "-T muststaple" for nc that uses it. > ok jsing@, guenther@ (beck@) ~ shlib_version > bump minor for ocsp_require_stapling addition (beck@) ~ tls_bio_cb.c > There's not much point in casting a void * to a specific type just before > calling free(). > ok beck@ ingo@ (jsing@) ~ tls_bio_cb.c > Rename the internal bio related functions so that they have a common > prefix. Makes the code more readable and removes shadowing. (jsing@) ~ tls_bio_cb.c > Do not mix declarations and code. (jsing@) ~ tls_bio_cb.c > There's not much point having three static functions that do a cast and > assign a pointer, when we can just inline the three and do one cast > followed by three pointer assignments. (jsing@) ~ tls_verify.c > Avoid signed vs unsigned comparisons. > ok miod@ (jsing@) ~ tls_bio_cb.c > Use a consistent name for a BIO *, rather than having four different names > in the same file. (jsing@) ~ tls_bio_cb.c > Do not cast a pointer to a struct, to a char * when assigning to a void *. > (jsing@) ~ tls_bio_cb.c > Rename struct bio_cb_st to struct bio_cb. (jsing@) ~ tls_bio_cb.c > Use a consistent name for struct bio_cb * variables. (jsing@) ~ tls_bio_cb.c > Assign and test, as is consistent with the rest of the libtls code. > (jsing@) ~ tls_util.c > Address some signed vs unsigned warnings and check that an integer value > is positive before passing it to several functions as a size_t. > Additionally, in tls_load_file() there is not much point using calloc(), > when we're immediately reading into the buffer (having an extra byte for > NUL termination seems pointless given the API). > ok beck@ miod@ (jsing@) ~ shlib_version ~ tls_conninfo.c ~ tls_internal.h ~ tls_ocsp.c > make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden > functions.. document with a man page. > bump majors on libtls, libssl, libcrypto > ok jsing@ guenther@ (beck@) ~ Makefile ~ tls_internal.h + Symbols.list > Add an explict list of exported symbols with just the functions declared > in <tls.h>, and use __{BEGIN,END}_HIDDEN_DECLS in tls_internal.h to > optimize internal functions > ok jsing@ (guenther@) ~ tls_config.c > Avoid another signed vs unsigned comparison. > ok miod@ (jsing@) ~ tls_config.c > Make the tls_keypair_new() function a valid prototype. (jsing@) ~ tls_server.c > Avoid shadowing the socket global. > ok miod@ (jsing@) ~ Makefile > Build with WARNINGS=Yes. (jsing@) == regress =========================================================== 04/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libssl/bytestring/Makefile ~ libssl/unit/Makefile ~ libtls/verify/Makefile + libssl/Makefile.inc > Some tests require internal symbols; have them link with the static > libssl or libtls so they can continue to see them after the shared > library namespace is cleaned up > ok jsing@ (guenther@) - libcrypto/pqueue/Makefile - libcrypto/pqueue/expected.txt - libcrypto/pqueue/pq_test.c ~ libcrypto/Makefile ~ libssl/Makefile + libssl/pqueue/Makefile + libssl/pqueue/expected.txt + libssl/pqueue/pq_test.c > Move pqueue regress from libcrypto to libssl, since that's where the pqueue > code now lives. Also unbreak the regress following the symbol hiding > changes in libssl. (jsing@) usr.bin + mandoc/db/mlinks/Makefile + mandoc/db/mlinks/mlinks.1 + mandoc/db/mlinks/mlinks.c > a new utility for bcook@: find mlinks for portable LibreSSL (schwarze@) == usr.bin =========================================================== 05/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin nc ~ nc.1 ~ netcat.c > Add ocsp_require_stapling config option for tls - allows a connection > to indicate that it requires the peer to provide a stapled OCSP response > with the handshake. Provide a "-T muststaple" for nc that uses it. > ok jsing@, guenther@ (beck@) ~ nc.1 > new sentence, new line, and zap trailing whitespace; (jmc@) tmux ~ tmux.h > enum values need to fit in 32 bits; we only use enum for numbering and > Unicode characters fit in 24 bits, so we can leave key_code as 64 bits > and change KEYC_BASE down to 0x10000000. (nicm@) ~ cmd-set-option.c > Do not try to set the CHANGED flag on windows with no active pane, fixes > problem reported by Nelo-T Wallus. (nicm@) == usr.sbin ========================================================== 06/06 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin switchd ~ ofp.c ~ ofp13.c ~ ofp_common.c ~ switchd.h > Move ofp_output() into ofp_common.c and few function prototypes into > switchd.h. No functional change. (reyk@) ~ ofp13.c > Empty -> empty in log messages (reyk@) syspatch ~ syspatch.sh > Use 'rm -f' to remove the rollback tarball if we have an errir; it may > be because we have a read-only /var. (ajacoutot@) ~ syspatch.sh > Make sure our filesystems are local and not read-only. (ajacoutot@) ~ syspatch.sh > Zap extra space. (ajacoutot@) ~ syspatch.sh > One more XXX. (ajacoutot@) ~ syspatch.sh > Be verbose when PATCH_PATH is not set (that is temporary until we agree on > a way to point to a syspatch mirror). (ajacoutot@) vmd ~ config.c ~ parse.y ~ vmd.c ~ vmd.h ~ vmm.c > Update the config/register/get VM methods to match the config_set/get > style that is used in other places. Also keep the vmid from the parent. > OK edd@ (reyk@) ~ config.c ~ parse.y ~ vmd.c ~ vmd.h > Pass the internal vmid or 0 to vm_register() instead of changing it > once again after setting the next available id. > Suggested by edd@ (reyk@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
