CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/17 00:16:33

Modified files:
usr.bin/ssh: readconf.c 

Log message:
missing match localnetwork negation check

CVS: cvs.openbsd.org: src

2023-07-16 Thread Jason McIntyre 
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/07/16 23:41:53

Modified files:
usr.bin/ssh: ssh.c 

Log message:
- add -P to usage()
- sync the arg name to -J in usage() with that in ssh.1
- reformat usage() to match what "man ssh" does on 80width

CVS: cvs.openbsd.org: src

2023-07-16 Thread Jason McIntyre 
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/07/16 23:38:10

Modified files:
usr.bin/ssh: ssh.1 

Log message:
-P before -p in SYNOPSIS;

CVS: cvs.openbsd.org: src

2023-07-16 Thread Jonathan Gray 
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/07/16 23:36:14

Modified files:
usr.bin/ssh: ssh_config.5 

Log message:
configuation -> configuration

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 23:26:38

Modified files:
usr.bin/ssh: servconf.c poly1305.c cipher-chachapoly.c 
 cipher-chachapoly-libcrypto.c chacha.c 

Log message:
move other RCSIDs to before their respective license blocks too
no code change

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 23:22:30

Modified files:
usr.bin/ssh: krl.c 

Log message:
Move RCSID to before license block and away from #includes, where
it caused merge conflict in -portable for each commit :(

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 23:20:15

Modified files:
usr.bin/ssh: krl.c 

Log message:
return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 22:08:31

Modified files:
usr.bin/ssh: readconf.c readconf.h ssh.1 ssh.c ssh_config.5 

Log message:
Add support for configuration tags to ssh(1).

This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.

ok markus

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 22:04:36

Modified files:
usr.bin/ssh: readconf.c ssh_config.5 

Log message:
add a "match localnetwork" predicate.

This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).

ok markus@

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 22:01:10

Modified files:
usr.bin/ssh: ssh-keygen.c krl.h krl.c PROTOCOL.krl 

Log message:
remove vestigal support for KRL signatures

When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.

Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.

ok markus@

CVS: cvs.openbsd.org: src

2023-07-16 Thread Damien Miller 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2023/07/16 21:57:21

Modified files:
usr.bin/ssh: krl.c krl.h PROTOCOL.krl 

Log message:
Support for KRL extensions.

This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.

ok markus

CVS: cvs.openbsd.org: src

2023-07-16 Thread Mark Kettenis 
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/07/16 10:13:46

Modified files:
sys/arch/arm64/arm64: cpu.c 

Log message:
Remove debug printfs that print the number of wakeups seen by the
individual CPUs.  Ever since we switched from WFE to WFE in the suspend
loops the information hasn't been very useful anymore.  And there is some
evidence that a printf here causes problems with syslog (e.g. running
xconsole under X).

ok deraadt@

CVS: cvs.openbsd.org: src

2023-07-16 Thread Mark Kettenis 
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/07/16 10:11:11

Modified files:
sys/arch/arm64/dev: aplsmc.c 

Log message:
Read out the system power consumption immediately after wakeup and print
it out in the DVACT_WAKEUP phase.  This is a debugging aid to help us
drive down the power consumption in suspend.

ok deraadt@

CVS: cvs.openbsd.org: src

2023-07-16 Thread Claudio Jeker 
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2023/07/16 09:21:46

Modified files:
sbin/iked  : iked.h ikev2.c imsg_util.c 

Log message:
Merge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata().
Also replace a ibuf_reserve() call with ibuf_add_zero() and
remove a buf->buf == NULL check in ibuf_length() since it is not necessary.
OK tobhe@ tb@

CVS: cvs.openbsd.org: src

2023-07-16 Thread Mark Kettenis 
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/07/16 03:33:18

Modified files:
sys/dev/usb: xhci.c 

Log message:
When detaching devices when we suspend, we need to continue processing
command completion events.  So only return early in xhci_softintr() if
the controller is dead instead of dying.  This fixes USB suspend/resume
in Apple M1/M2.

ok mlarkin@, deraadt@

CVS: cvs.openbsd.org: src

2023-07-16 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/07/16 03:23:33

Modified files:
usr.sbin/relayd: ca.c 

Log message:
relayd: remove ENGINE dependency

What is achieved here through ENGINE can be done in a much simpler way
by setting the default RSA implementation. Drop a number of indirections
that only add a bit of logging. This removes a lot of boiler plate and
shows where the actual magic happens more clearly.

ok op tobhe

CVS: cvs.openbsd.org: src

2023-07-16 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/07/16 02:25:41

Modified files:
regress/lib/libcrypto/ecdh: ecc_cdh.c 

Log message:
ecc_cdh: plug leak of peer public key

CVS: cvs.openbsd.org: src

2023-07-16 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/07/16 01:34:07

Modified files:
regress/lib/libcrypto/ecdh: ecdhtest.c 

Log message:
ecdhtest: Drop unnecessary constant and unneeded includes