CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/12/29 23:25:56
Modified files:
lib/libssl : ssl_rsa.c
Log message:
Fix two more unchecked EVP_PKEY_assign() calls
In SSL{_CTX}_use_RSAPrivateKey() switch from EVP_PKEY_assign_RSA() to
EVP_PKEY_set1_RSA() and hold on to the reference of the the pkey for
the duration of ssl_set_pkey(). Use single exit and other minor style
cleanups.
ok joshua jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 15:37:47 Modified files: lib/libcrypto/man: DSA_get0_pqg.3 Log message: fix previous: key -> parameter
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: be...@cvs.openbsd.org 2023/12/29 14:06:54 Modified files: build : Makefile build/mirrors : rpki-client-portable.html.head rpki-client: index.html portable.html Log message: release rpki-client 8.8
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 12:19:48 Modified files: lib/libcrypto/man: DSA_get0_pqg.3 Log message: A .Xr to DSA_generate_parameters_ex() was lost accidentally
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 12:15:52 Modified files: distrib/sets/lists/comp: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 12:15:15 Modified files: lib/libcrypto/man: Makefile Added files: lib/libcrypto/man: DSA_generate_parameters_ex.3 Removed files: lib/libcrypto/man: DSA_generate_parameters.3 Log message: Move DSA_generate_parameters.3 to DSA_generate_parameters_ex.3
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 12:12:47 Modified files: lib/libcrypto/man: BN_generate_prime.3 DSA_generate_key.3 DSA_generate_parameters.3 DSA_get0_pqg.3 DSA_new.3 Log message: Adjust documentation for upcoming DSA_generate_parameters removal This removes any mention of DSA_generate_parameters in the manuals apart from a comment that it is intentionally undocumented and adapts cross references to DSA_generate_parameters_ex. The file itself will be moved in a second step.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 12:00:31 Modified files: lib/libcrypto/asn1: ameth_lib.c Log message: ameth_lib: zap trailing empty line
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 11:52:11 Modified files: usr.sbin/rpki-client: version.h Log message: bump version
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 11:49:06 Modified files: lib/libcrypto/ec: ec_ameth.c Log message: eckey: adjust some variable names and unwrap function definitions ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 11:48:25 Modified files: lib/libcrypto/ec: ec_ameth.c Log message: Clean up old_ec_priv_decode() As per usual. Stylistic adjustments and missing error check. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 11:47:47 Modified files: lib/libcrypto/ec: ec_ameth.c Log message: Clean up eckey_param_decode() This aligns eckey's parameter decoding routine with the one of other cipher abstractions: better variable names, single exit and add missing check for EVP_PKEY_assign_EC_KEY(). ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 11:46:24 Modified files: lib/libcrypto/ec: ec_ameth.c Log message: Rework eckey_priv_decode() Factor out the pubkey computation and bring it into more sensible form. This removes lots of pointless setting of errors (twice) and makes the code a bit easier on the eyes. Other than that perform some stylistic cleanup like single exit and add an error check for EVP_PKEY_assign(). ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 11:45:39 Modified files: lib/libcrypto/ec: ec_ameth.c Log message: Move a call to X509_ALGOR_get0() down a line
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: patr...@cvs.openbsd.org 2023/12/29 11:40:43 Modified files: . : arm64.html Log message: Add a few supported NXP i.MX 8M boards
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: patr...@cvs.openbsd.org 2023/12/29 11:31:44 Modified files: . : want.html Log message: A Firefly ITX-3588J Mini-ITX Mainboard would be useful for RK3588 development.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 10:15:10 Modified files: usr.sbin/rpki-client: parser.c Log message: Pass correct file to warnx() We end up here only if mft1 == NULL, which can happen because file1 == NULL. Use file2 instead because mft2 != NULL implies file2 != NULL. ok job
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/12/29 09:02:29 Modified files: regress/lib/libutil/imsg: ibuf_test.c Log message: There is no need to include sys/uio.h here.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/12/29 07:35:43 Modified files: usr.sbin/rpki-client: parser.c Log message: Fix a NULL access or use-after-free bug This is a bandaid, the proc_parser_mft() is too complex and needs reworking OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/12/29 06:23:28 Modified files: sys/arch/amd64/amd64: pmap.c sys/arch/amd64/include: pmap.h Log message: Use a per cpu pool cache for pmap_pv_pool Improves performance on my 8 cores box. ok cheloha@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 05:24:33 Modified files: lib/libssl : ssl_clnt.c ssl_lib.c ssl_local.h ssl_srvr.c Log message: Neuter the SSL_set_debug(3) API The TLSv1.3 stack didn't support this in the first place, and in the legacy stack it only added some dubious BIO_flush(3) calls. The sleep call between SSL_read(3) and SSL_write(3) advertised in the comment next to the flag has been a sleep call in the s_server since time immemorial, nota bene between calls to BIO_gets(3). Anyway. This can all go and what remains will go with the next major bump. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 05:15:49 Modified files: usr.bin/openssl: s_client.c s_server.c Log message: Garbage collect the last users of SSL_set_debug(3) This undocumented, incomplete public function has never done anything useful. It will be removed from libssl. Removing it from openssl(1) clears the way for this. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 05:06:48 Modified files: usr.bin/openssl: openssl.1 s_client.c Log message: s_client: pause hasn't worked in ages. Just ignore it ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/12/29 04:57:38 Modified files: share/man/man5 : login.conf.5 Log message: There is no default for the rtable login.conf capability. If it is not set it will use the current rtable. It will not force every login to the default (0) rtable. For that rtable should be set to 0. OK schwarze@ a long time ago
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/12/29 04:48:47 Modified files: lib/libutil: imsg_init.3 Log message: Cleanup required headers form imsg.h. Right now only sys/queue.h is required to be included for imsg.h. The only exception is if imsg_composev() is used, then sys/uio.h is needed to access struct iovec. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/12/29 04:43:04 Modified files: sys/net: if.c if_loop.c Log message: Make loopback interface counters MP safe. Create and use the MP safe version of the interface counters for lo(4). Input packets were counted twice. As interface input queue is already counting, remove input count in if_input_local(). Multicast and siplex packets are counted at the ethernet interface. Add a comment that this not MP safe. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 03:59:00 Modified files: lib/libcrypto/asn1: ameth_lib.c asn1_local.h t_x509.c lib/libcrypto/evp: evp_local.h p_lib.c Log message: Move the EVP_PKEY_asn1_* API that will stay to evp/p_lib.c Most of these functions are only called from this file internally apart from the pem_str lookups from pem/. In the next major bump we can then remove asn/ameth_lib.c. Also move EVP_PKEY_ASN1_METHOD to evp_local.h. While this is used to dispatch to various ASN.1 decoding routines, it doesn't fit into asn1/ at all.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 03:31:50 Modified files: lib/libcrypto/evp: evp_encode.c Log message: Zap some whitespace
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 03:17:26 Modified files: lib/libcrypto/asn1: ameth_lib.c Log message: Replace outdated comment on EVP_PKEY_asn1_find() with a todo item
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/12/29 03:08:44 Modified files: lib/libcrypto/asn1: ameth_lib.c Log message: Move EVP_PKEY_asn1_add* to the end of the file Also add a reminder to remove most of the public API in this file.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2023/12/29 03:00:18 Modified files: sys/dev/pci/drm: drm_drv.c Log message: Support for "control" nodes was removed from the drm subsystem some time ago, but some code in drmopen() remained which means that opening a drm device node with a minor that matches the range for the "control" nodes will hit a kernel assertion. A similar issue exists for "render" nodes corresponding to a driver that only supports KMS (such as rkdrm(4)). Add checks to see if the minor is valid and return ENXIO if that isn't the case to prevent a kernel crash. ok jsg@, miod@
