spelling correction for libressl verify.pod
Hi All, From OpenSSL RT 3355: Index: doc/apps/verify.pod === RCS file: /cvs/src/lib/libssl/src/doc/apps/verify.pod,v retrieving revision 1.8 diff -u -p -u -p -r1.8 verify.pod --- doc/apps/verify.pod 4 May 2014 20:31:33 - 1.8 +++ doc/apps/verify.pod 25 May 2014 06:35:15 - @@ -385,7 +385,7 @@ an application specific error. Unused. =head1 BUGS -Although the issuer checks are a considerably improvement over the old technique they still +Although the issuer checks are a considerable improvement over the old technique they still suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that trusted certificates with matching subject name must either appear in a file (as specified by the B-CAfile option) or a directory (as specified by B-CApath. If they occur in both then only
[PATCH SET] malloc + memset = calloc
Hi tech@ I'm just geting into the OpenBSD source code, and what better way to learn than with real work... Some malloc/memset to calloc changes. More to come if this kind of work is appreciated. Index: answer.c === RCS file: /cvs/src/games/hunt/huntd/answer.c,v retrieving revision 1.12 diff -u -p -r1.12 answer.c --- answer.c23 Mar 2014 02:42:47 - 1.12 +++ answer.c24 May 2014 19:43:20 - @@ -77,13 +77,12 @@ answer_first() } /* Remember this spawning connection: */ - sp = (struct spawn *)malloc(sizeof *sp); + sp = (struct spawn *)calloc(1, sizeof *sp); if (sp == NULL) { logit(LOG_ERR, malloc); close(newsock); return; } - memset(sp, '\0', sizeof *sp); /* Keep the calling machine's source addr for ident purposes: */ memcpy(sp-source, sockstruct, sizeof sp-source); Index: bt_open.c === RCS file: /cvs/src/lib/libc/db/btree/bt_open.c,v retrieving revision 1.16 diff -u -p -r1.16 bt_open.c --- bt_open.c 30 Sep 2013 12:02:31 - 1.16 +++ bt_open.c 24 May 2014 20:05:02 - @@ -150,9 +150,8 @@ __bt_open(const char *fname, int flags, goto einval; /* Allocate and initialize DB and BTREE structures. */ - if ((t = (BTREE *)malloc(sizeof(BTREE))) == NULL) + if ((t = (BTREE *)calloc(1, sizeof(BTREE))) == NULL) goto err; - memset(t, 0, sizeof(BTREE)); t-bt_fd = -1; /* Don't close unopened fd on error. */ t-bt_lorder = b.lorder; t-bt_order = NOT; Index: auth_subr.c === RCS file: /cvs/src/lib/libc/gen/auth_subr.c,v retrieving revision 1.39 diff -u -p -r1.39 auth_subr.c --- auth_subr.c 24 Nov 2013 23:51:29 - 1.39 +++ auth_subr.c 24 May 2014 20:14:00 - @@ -167,8 +167,7 @@ auth_open(void) { auth_session_t *as; - if ((as = malloc(sizeof(auth_session_t))) != NULL) { - memset(as, 0, sizeof(*as)); + if ((as = calloc(1, sizeof(auth_session_t))) != NULL) { as-service = defservice; as-fd = -1; } Index: fts.c === RCS file: /cvs/src/lib/libc/gen/fts.c,v retrieving revision 1.45 diff -u -p -r1.45 fts.c --- fts.c 30 Sep 2013 12:02:33 - 1.45 +++ fts.c 24 May 2014 20:17:02 - @@ -906,10 +906,9 @@ fts_alloc(FTS *sp, char *name, size_t na len = sizeof(FTSENT) + namelen; if (!ISSET(FTS_NOSTAT)) len += sizeof(struct stat) + ALIGNBYTES; - if ((p = malloc(len)) == NULL) + if ((p = calloc(1, len)) == NULL) return (NULL); - memset(p, 0, len); p-fts_path = sp-fts_path; p-fts_namelen = namelen; p-fts_instr = FTS_NOINSTR; Index: rune.c === RCS file: /cvs/src/lib/libc/locale/rune.c,v retrieving revision 1.3 diff -u -p -r1.3 rune.c --- rune.c 5 Dec 2012 23:20:00 - 1.3 +++ rune.c 24 May 2014 20:22:49 - @@ -230,9 +230,8 @@ _Read_RuneMagi(FILE *fp) ntohl(frl.frl_maplower_ext.frr_nranges) * sizeof(_RuneEntry) + ntohl(frl.frl_mapupper_ext.frr_nranges) * sizeof(_RuneEntry); - if ((hostdata = malloc(hostdatalen)) == NULL) + if ((hostdata = calloc(1, hostdatalen)) == NULL) return NULL; - memset(hostdata, 0, hostdatalen); lastp = hostdata + hostdatalen; rl = (_RuneLocale *)hostdata; Index: yp_bind.c === RCS file: /cvs/src/lib/libc/yp/yp_bind.c,v retrieving revision 1.19 diff -u -p -r1.19 yp_bind.c --- yp_bind.c 30 Sep 2013 12:02:36 - 1.19 +++ yp_bind.c 24 May 2014 20:27:27 - @@ -97,9 +97,8 @@ _yp_dobind(const char *dom, struct dom_b if (strcmp(dom, ysd-dom_domain) == 0) break; if (ysd == NULL) { - if ((ysd = malloc(sizeof *ysd)) == NULL) + if ((ysd = calloc(1, sizeof *ysd)) == NULL) return YPERR_RESRC; - (void)memset(ysd, 0, sizeof *ysd); ysd-dom_socket = -1; ysd-dom_vers = 0; new = 1; Index: fts1.c === RCS file: /cvs/src/lib/libsqlite3/ext/fts1/fts1.c,v retrieving revision 1.1.1.2 diff -u -p -r1.1.1.2 fts1.c --- fts1.c 21 Sep 2013 17:29:18 - 1.1.1.2 +++ fts1.c 24 May 2014 20:56:05 - @@ -1945,9 +1945,8 @@ static int constructVtab( const sqlite3_tokenizer_module *m = NULL; char *schema; - v = (fulltext_vtab *) malloc(sizeof(fulltext_vtab)); + v =
-noout description in sess_id.c
Hi All, From Martin Kaiser (OpenSSL RT #3364): -noout mentions a CRL, which is incorrect. Index: lib/libssl/src/apps/sess_id.c === RCS file: /cvs/src/lib/libssl/src/apps/sess_id.c,v retrieving revision 1.16 diff -u -p -u -p -r1.16 sess_id.c --- lib/libssl/src/apps/sess_id.c 23 May 2014 16:10:02 - 1.16 +++ lib/libssl/src/apps/sess_id.c 25 May 2014 06:48:05 - @@ -77,7 +77,7 @@ static const char *sess_id_usage[] = { -out arg- output file - default stdout\n, -text - print ssl session id details\n, -cert - output certificate \n, --noout - no CRL output\n, +-noout - no output of encoded session info\n, -context arg- set the session ID context\n, NULL };
Re: spelling correction for libressl verify.pod
On Sat, May 24, 2014 at 11:37:34PM -0700, Loganaden Velvindron wrote: Hi All, From OpenSSL RT 3355: Index: doc/apps/verify.pod === RCS file: /cvs/src/lib/libssl/src/doc/apps/verify.pod,v retrieving revision 1.8 diff -u -p -u -p -r1.8 verify.pod --- doc/apps/verify.pod 4 May 2014 20:31:33 - 1.8 +++ doc/apps/verify.pod 25 May 2014 06:35:15 - @@ -385,7 +385,7 @@ an application specific error. Unused. =head1 BUGS -Although the issuer checks are a considerably improvement over the old technique they still +Although the issuer checks are a considerable improvement over the old technique they still suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that trusted certificates with matching subject name must either appear in a file (as specified by the B-CAfile option) or a directory (as specified by B-CApath. If they occur in both then only once again i'd ask folks to concentrate on openssl.1. jmc
Re: [PATCH SET] malloc + memset = calloc
Now with correct tabs... sorry. Hi tech@ I'm just geting into the OpenBSD source code, and what better way to learn than with real work... Some malloc/memset to calloc changes. More to come if this kind of work is appreciated. Index: answer.c === RCS file: /cvs/src/games/hunt/huntd/answer.c,v retrieving revision 1.12 diff -u -p -r1.12 answer.c --- answer.c23 Mar 2014 02:42:47 - 1.12 +++ answer.c24 May 2014 19:43:20 - @@ -77,13 +77,12 @@ answer_first() } /* Remember this spawning connection: */ - sp = (struct spawn *)malloc(sizeof *sp); + sp = (struct spawn *)calloc(1, sizeof *sp); if (sp == NULL) { logit(LOG_ERR, malloc); close(newsock); return; } - memset(sp, '\0', sizeof *sp); /* Keep the calling machine's source addr for ident purposes: */ memcpy(sp-source, sockstruct, sizeof sp-source); Index: bt_open.c === RCS file: /cvs/src/lib/libc/db/btree/bt_open.c,v retrieving revision 1.16 diff -u -p -r1.16 bt_open.c --- bt_open.c 30 Sep 2013 12:02:31 - 1.16 +++ bt_open.c 24 May 2014 20:05:02 - @@ -150,9 +150,8 @@ __bt_open(const char *fname, int flags, goto einval; /* Allocate and initialize DB and BTREE structures. */ - if ((t = (BTREE *)malloc(sizeof(BTREE))) == NULL) + if ((t = (BTREE *)calloc(1, sizeof(BTREE))) == NULL) goto err; - memset(t, 0, sizeof(BTREE)); t-bt_fd = -1; /* Don't close unopened fd on error. */ t-bt_lorder = b.lorder; t-bt_order = NOT; Index: auth_subr.c === RCS file: /cvs/src/lib/libc/gen/auth_subr.c,v retrieving revision 1.39 diff -u -p -r1.39 auth_subr.c --- auth_subr.c 24 Nov 2013 23:51:29 - 1.39 +++ auth_subr.c 24 May 2014 20:14:00 - @@ -167,8 +167,7 @@ auth_open(void) { auth_session_t *as; - if ((as = malloc(sizeof(auth_session_t))) != NULL) { - memset(as, 0, sizeof(*as)); + if ((as = calloc(1, sizeof(auth_session_t))) != NULL) { as-service = defservice; as-fd = -1; } Index: fts.c === RCS file: /cvs/src/lib/libc/gen/fts.c,v retrieving revision 1.45 diff -u -p -r1.45 fts.c --- fts.c 30 Sep 2013 12:02:33 - 1.45 +++ fts.c 24 May 2014 20:17:02 - @@ -906,10 +906,9 @@ fts_alloc(FTS *sp, char *name, size_t na len = sizeof(FTSENT) + namelen; if (!ISSET(FTS_NOSTAT)) len += sizeof(struct stat) + ALIGNBYTES; - if ((p = malloc(len)) == NULL) + if ((p = calloc(1, len)) == NULL) return (NULL); - memset(p, 0, len); p-fts_path = sp-fts_path; p-fts_namelen = namelen; p-fts_instr = FTS_NOINSTR; Index: rune.c === RCS file: /cvs/src/lib/libc/locale/rune.c,v retrieving revision 1.3 diff -u -p -r1.3 rune.c --- rune.c 5 Dec 2012 23:20:00 - 1.3 +++ rune.c 24 May 2014 20:22:49 - @@ -230,9 +230,8 @@ _Read_RuneMagi(FILE *fp) ntohl(frl.frl_maplower_ext.frr_nranges) * sizeof(_RuneEntry) + ntohl(frl.frl_mapupper_ext.frr_nranges) * sizeof(_RuneEntry); - if ((hostdata = malloc(hostdatalen)) == NULL) + if ((hostdata = calloc(1, hostdatalen)) == NULL) return NULL; - memset(hostdata, 0, hostdatalen); lastp = hostdata + hostdatalen; rl = (_RuneLocale *)hostdata; Index: yp_bind.c === RCS file: /cvs/src/lib/libc/yp/yp_bind.c,v retrieving revision 1.19 diff -u -p -r1.19 yp_bind.c --- yp_bind.c 30 Sep 2013 12:02:36 - 1.19 +++ yp_bind.c 24 May 2014 20:27:27 - @@ -97,9 +97,8 @@ _yp_dobind(const char *dom, struct dom_b if (strcmp(dom, ysd-dom_domain) == 0) break; if (ysd == NULL) { - if ((ysd = malloc(sizeof *ysd)) == NULL) + if ((ysd = calloc(1, sizeof *ysd)) == NULL) return YPERR_RESRC; - (void)memset(ysd, 0, sizeof *ysd); ysd-dom_socket = -1; ysd-dom_vers = 0; new = 1; Index: fts1.c === RCS file: /cvs/src/lib/libsqlite3/ext/fts1/fts1.c,v retrieving revision 1.1.1.2 diff -u -p -r1.1.1.2 fts1.c --- fts1.c 21 Sep 2013 17:29:18 - 1.1.1.2 +++ fts1.c 24 May 2014 20:56:05 - @@ -1945,9 +1945,8 @@ static int constructVtab( const sqlite3_tokenizer_module *m = NULL; char *schema; - v = (fulltext_vtab *)
socket descriptor leak in s_socket.c
Hi All, From OpenSSL RT #3342: CID: 966576 96677 Index: lib/libssl/src/apps/s_socket.c === RCS file: /cvs/src/lib/libssl/src/apps/s_socket.c,v retrieving revision 1.38 diff -u -p -u -p -r1.38 s_socket.c --- lib/libssl/src/apps/s_socket.c 23 May 2014 16:16:55 - 1.38 +++ lib/libssl/src/apps/s_socket.c 25 May 2014 07:25:03 - @@ -122,6 +122,7 @@ init_client(int *sock, char *host, char (char *) i, sizeof(i)); if (i 0) { perror(keepalive); + close(s); return (0); } } @@ -281,16 +282,19 @@ redoit: } else { if ((*host = strdup(h1-h_name)) == NULL) { perror(strdup); + close(ret); return (0); } h2 = gethostbyname(*host); if (h2 == NULL) { BIO_printf(bio_err, gethostbyname failure\n); + close(ret); return (0); } if (h2-h_addrtype != AF_INET) { BIO_printf(bio_err, gethostbyname addr is not AF_INET\n); + close(ret); return (0); } }
Re: [PATCH SET] malloc + memset = calloc
On 2014/05/25 09:08, Benjamin Baier wrote: There are a couple like this: - pre_comp = malloc(num_points * 17 * 3 * sizeof(felem)); + pre_comp = calloc(num_points * 17 * 3, sizeof(felem)); Wouldn't they be better like this? pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
Re: [PATCH SET] malloc + memset = calloc
On Sun, 25 May 2014 10:08:06 +0100 Stuart Henderson st...@openbsd.org wrote: There are a couple like this: - pre_comp = malloc(num_points * 17 * 3 * sizeof(felem)); + pre_comp = calloc(num_points * 17 * 3, sizeof(felem)); Wouldn't they be better like this? pre_comp = calloc(num_points, 17 * 3 * sizeof(felem)); Yes indeed. But once you(I) start worrying about overflow, it's opening pandoras box, and I'm not quite there yet. i.e. what do you make of this? tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem)); Nevertheless... Index: ecp_nistp224.c === RCS file: /cvs/src/lib/libssl/src/crypto/ec/ecp_nistp224.c,v retrieving revision 1.7 diff -u -p -r1.7 ecp_nistp224.c --- ecp_nistp224.c 15 May 2014 11:25:59 - 1.7 +++ ecp_nistp224.c 25 May 2014 09:41:35 - @@ -1435,8 +1435,8 @@ ec_GFp_nistp224_points_mul(const EC_GROU */ mixed = 1; } - secrets = malloc(num_points * sizeof(felem_bytearray)); - pre_comp = malloc(num_points * 17 * 3 * sizeof(felem)); + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(felem)); if (mixed) tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed (tmp_felems == NULL))) { @@ -1448,8 +1448,6 @@ ec_GFp_nistp224_points_mul(const EC_GROU * infinity, i.e., they contribute nothing to the linear * combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); for (i = 0; i num_points; ++i) { if (i == num) /* the generator */ Index: ecp_nistp256.c === RCS file: /cvs/src/lib/libssl/src/crypto/ec/ecp_nistp256.c,v retrieving revision 1.7 diff -u -p -r1.7 ecp_nistp256.c --- ecp_nistp256.c 15 May 2014 11:25:59 - 1.7 +++ ecp_nistp256.c 25 May 2014 09:43:43 - @@ -1985,8 +1985,8 @@ ec_GFp_nistp256_points_mul(const EC_GROU */ mixed = 1; } - secrets = malloc(num_points * sizeof(felem_bytearray)); - pre_comp = malloc(num_points * 17 * 3 * sizeof(smallfelem)); + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(smallfelem)); if (mixed) tmp_smallfelems = malloc((num_points * 17 + 1) * sizeof(smallfelem)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed (tmp_smallfelems == NULL))) { @@ -1998,8 +1998,6 @@ ec_GFp_nistp256_points_mul(const EC_GROU * infinity, i.e., they contribute nothing to the linear * combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem)); for (i = 0; i num_points; ++i) { if (i == num) /* Index: ecp_nistp521.c === RCS file: /cvs/src/lib/libssl/src/crypto/ec/ecp_nistp521.c,v retrieving revision 1.8 diff -u -p -r1.8 ecp_nistp521.c --- ecp_nistp521.c 15 May 2014 11:25:59 - 1.8 +++ ecp_nistp521.c 25 May 2014 09:45:06 - @@ -1872,8 +1872,8 @@ ec_GFp_nistp521_points_mul(const EC_GROU */ mixed = 1; } - secrets = malloc(num_points * sizeof(felem_bytearray)); - pre_comp = malloc(num_points * 17 * 3 * sizeof(felem)); + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(felem)); if (mixed) tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed (tmp_felems == NULL))) { @@ -1885,8 +1885,6 @@ ec_GFp_nistp521_points_mul(const EC_GROU * infinity, i.e., they contribute nothing to the linear * combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); for (i = 0; i num_points; ++i) { if (i == num) /*
typo in ssl_err.c
Hi All, From Marcos Marado: heartbearts-heartbeats. Index: src/ssl/ssl_err.c === RCS file: /cvs/src/lib/libssl/src/ssl/ssl_err.c,v retrieving revision 1.19 diff -u -p -u -p -r1.19 ssl_err.c --- src/ssl/ssl_err.c 14 Apr 2014 13:10:35 - 1.19 +++ src/ssl/ssl_err.c 25 May 2014 10:08:32 - @@ -539,7 +539,7 @@ static ERR_STRING_DATA SSL_str_reasons[] {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), tlsv1 unrecognized name}, {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), tlsv1 unsupported extension}, {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), tls client cert req with anon cipher}, - {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), peer does not accept heartbearts}, + {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), peer does not accept heartbeats}, {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , heartbeat request already pending}, {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), tls illegal exporter label}, {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), tls invalid ecpointformat list},
Re: sparc64: problem after trap table takeover under QEMU
On 08/05/14 20:28, Mark Kettenis wrote: Hi Mark, Interesting to see sparc64 support in QEMU. Yeah, it's been a work in progress for quite a while now. There seems to be two main areas of interest: firstly for people who are now migrating away from SPARC but need to keep a legacy application(s), and secondly for open source projects interested in testing across multiple architectures. As soon as I step into address 0x1001804 then this is where things start to go wrong; the TLB (TTE) entry for 0x180 which is accessed by %sp is marked as privileged, but ASI 0x11 is user access only. QEMU's current behaviour for this is to generate a datafault for the page at 0x180 which seems to get all the way through to the retry at the end of winfixsave, but then hits the breakpoint trap above when executing the retry. I've finally located the source of this bug thanks to more testing, which showed that OpenBSD 4.9 was surprisingly also able to boot (something I missed this in my original bisection). This allowed me to track down what was happening fairly easily. The problem is caused by the fact that 0x180 has *two* mappings in the TLB and the way in which QEMU resolves them. Compare the state of the TLB when the fill_0_normal trap occurs on OpenBSD 5.5 (faults, incorrect) and OpenBSD 4.9 (no fault, correct): OpenBSD 5.5: (qemu) info tlb MMU contexts: Primary: 0, Secondary: 0 DMMU dump ... [14] VA: 180, PA: f40, 4M, priv, RW, locked, ctx 0 local ... [42] VA: 180, PA: f40, 8k, user, RW, unlocked, ctx 0 local ... OpenBSD 4.9: (qemu) info tlb MMU contexts: Primary: 0, Secondary: 0 DMMU dump ... [08] VA: 180, PA: f40, 8k, user, RW, unlocked, ctx 0 local ... [14] VA: 180, PA: f40, 4M, priv, RW, locked, ctx 0 local ... The bug occurs because the QEMU TLB algorithm currently searches the TLB *in order* starting from entry 0 until it finds a VA match. In the OpenBSD 5.5 case, the first mapping it finds is the 4M privileged mapping, and so the fill_0_normal trap which uses user ASI 0x11 faults due to not being privileged. This is in contrast to the OpenBSD 4.9 case where the first mapping it finds is the 8K unprivileged mapping, hence the fill_0_normal trap succeeds and we proceed to boot. Does anyone know how real hardware resolves conflicts between multiple TLB entries with the same VA? My guess would be that the smaller 8K mapping should take priority, but the documentation in relation to address aliasing is fairly non-existent so I wondering if there are any other rules relating to whether privileged mappings should take priority or not? Once the behaviour is known, it will be fairly easy to fix up QEMU to match. It seems that this first hypothesis was incorrect; after some help from the NetBSD guys we found out that all PROM mappings should default to privileged. So the issue is no longer to do with the difference between privileged/unprivileged mappings, but why does the fault occur in the first place? I don;t know how the real hardware behaves. But it certainly is the intention that the 4M locked mapping gets used as soon as we've taken over the trap table. Not sure where the 8K mapping is coming from. Finally it does raise an eyebrow that the first window trap taken when the kernel takes over the trap table is a fill_0_normal *user* trap, particularly when it's against an *unlocked* TLB entry which could potentially could have been evicted beforehand. It might be worth double-checking as to whether this is the intended behaviour or not. Right. It certainly isn't the intention that we end up a fill_0_normal at this point. Perhaps %wstate is initialized differently in QEMU than on real hardware? The OpenBSD bootstrap code does set %wstate appropriately immediately after taking over the trap table. We can't really do this earlier since we don't know the conventions used by the spill and fill handlers provided by the firmware. But it looks like a Sun Fire T2000 actually initializes %wstate to 0. So perhaps we're just getting lucky on real hardware that the prom code doesn't spill our trap frame and therefore we don't have to fill it again. After more work, I believe that your theory here is correct. Take a look at cpu_initialize() in locore.S: /* * Initialize a CPU. This is used both for bootstrapping the first CPU * and spinning up each subsequent CPU. Basically: * * Install trap table. * Switch to the initial stack. * Call the routine passed in in cpu_info-ci_spinup. */ _C_LABEL(cpu_initialize): wrpr%g0, 0, %tl ! Make sure we're not in NUCLEUS mode flushw /* Change the trap base register */ set _C_LABEL(trapbase), %l1 #ifdef SUN4V sethi %hi(_C_LABEL(cputyp)), %l0 ld [%l0 + %lo(_C_LABEL(cputyp))], %l0 cmp %l0, CPU_SUN4V bne,pt %icc, 1f nop set _C_LABEL(trapbase_sun4v), %l1
libssl cleanup
This diff boils down to: removing unused shit. src/ssl/ssl_locl.h: - FP_ICC isn't used anylonger. - The fips function was removed. - Those defines aren't used anylonger. src/ssl/ssl_lib.c: - That bit of code has been disabled since 1998 (and perhaps before, there is no archive). And the data structure has changed. asn_mime.c: - That appears superfluous to me. asn1_par.c - It took me a while to figure out why this was written in the first place. Perhaps at some point in time j was unused? Obviously it is superfluous now. Index: src/ssl/ssl_locl.h === RCS file: /backup/mirrors/cvsync/src/lib/libssl/src/ssl/ssl_locl.h,v retrieving revision 1.37 diff -u -p -u -r1.37 ssl_locl.h --- src/ssl/ssl_locl.h 24 May 2014 12:44:48 - 1.37 +++ src/ssl/ssl_locl.h 25 May 2014 10:49:11 - @@ -515,18 +515,9 @@ typedef struct sess_cert_st { } SESS_CERT; -/*#define MAC_DEBUG*/ - -/*#define ERR_DEBUG*/ -/*#define ABORT_DEBUG */ -/*#define PKT_DEBUG 1 */ -/*#define DES_DEBUG*/ -/*#define DES_OFB_DEBUG*/ /*#define SSL_DEBUG*/ /*#define RSA_DEBUG*/ -/*#define IDEA_DEBUG */ -#define FP_ICC (int (*)(const void *,const void *)) #define ssl_put_cipher_by_char(ssl,ciph,ptr) \ ((ssl)-method-put_cipher_by_char((ciph),(ptr))) #define ssl_get_cipher_by_char(ssl,ptr) \ @@ -895,9 +886,5 @@ void ssl3_cbc_digest_record(const EVP_MD const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, unsigned mac_secret_length, char is_sslv3); - -void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx, -EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len, -size_t orig_len); #endif Index: src/ssl/ssl_lib.c === RCS file: /backup/mirrors/cvsync/src/lib/libssl/src/ssl/ssl_lib.c,v retrieving revision 1.46 diff -u -p -u -r1.46 ssl_lib.c --- src/ssl/ssl_lib.c 24 May 2014 18:34:03 - 1.46 +++ src/ssl/ssl_lib.c 25 May 2014 10:49:11 - @@ -1771,10 +1771,6 @@ SSL_CTX_new(const SSL_METHOD *meth) ret-references = 1; ret-quiet_shutdown = 0; -/* ret-cipher=NULL; - ret-master_key=NULL; -*/ - ret-info_callback = NULL; ret-app_verify_callback = 0; Index: src/crypto/asn1/asn_mime.c === RCS file: /backup/mirrors/cvsync/src/lib/libssl/src/crypto/asn1/asn_mime.c,v retrieving revision 1.14 diff -u -p -u -r1.14 asn_mime.c --- src/crypto/asn1/asn_mime.c 15 May 2014 21:07:10 - 1.14 +++ src/crypto/asn1/asn_mime.c 25 May 2014 10:49:11 - @@ -999,7 +999,7 @@ strip_eol(char *linebuf, int *plen) int len = *plen; char *p, c; int is_eol = 0; - p = linebuf + len - 1; + for (p = linebuf + len - 1; len 0; len--, p--) { c = *p; if (c == '\n') Index: src/crypto/asn1/asn1_par.c === RCS file: /backup/mirrors/cvsync/src/lib/libssl/src/crypto/asn1/asn1_par.c,v retrieving revision 1.16 diff -u -p -u -r1.16 asn1_par.c --- src/crypto/asn1/asn1_par.c 19 Apr 2014 11:43:07 - 1.16 +++ src/crypto/asn1/asn1_par.c 25 May 2014 10:49:11 - @@ -138,9 +138,7 @@ asn1_parse2(BIO *bp, const unsigned char while ((p tot) (op p)) { op = p; j = ASN1_get_object(p, len, tag, xclass, length); -#ifdef LINT - j = j; -#endif + if (j 0x80) { if (BIO_write(bp, Error in encoding\n, 18) = 0) goto end;
Use strdup
Use strdup instead of hand-rolling one. Index: src/crypto/objects/obj_lib.c === RCS file: /backup/mirrors/cvsync/src/lib/libssl/src/crypto/objects/obj_lib.c,v retrieving revision 1.8 diff -u -p -u -r1.8 obj_lib.c --- src/crypto/objects/obj_lib.c19 Apr 2014 16:42:26 - 1.8 +++ src/crypto/objects/obj_lib.c25 May 2014 11:56:46 - @@ -67,7 +67,6 @@ OBJ_dup(const ASN1_OBJECT *o) { ASN1_OBJECT *r; int i; - char *ln = NULL, *sn = NULL; unsigned char *data = NULL; if (o == NULL) @@ -92,21 +91,15 @@ OBJ_dup(const ASN1_OBJECT *o) r-nid = o-nid; r-ln = r-sn = NULL; if (o-ln != NULL) { - i = strlen(o-ln) + 1; - ln = malloc(i); - if (ln == NULL) + r-ln = strdup(o-ln); + if (r-ln == NULL) goto err; - memcpy(ln, o-ln, i); - r-ln = ln; } if (o-sn != NULL) { - i = strlen(o-sn) + 1; - sn = malloc(i); - if (sn == NULL) + r-sn = strdup(o-sn); + if (r-sn == NULL) goto err; - memcpy(sn, o-sn, i); - r-sn = sn; } r-flags = o-flags | (ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA);
c_rehash doesn't exist.
c_rehash doesn't exist in OpenBSD and remove a history lesson which is either not aplicable anymore or was never true. Index: openssl.1 === RCS file: /backup/mirrors/cvsync/src/usr.sbin/openssl/openssl.1,v retrieving revision 1.93 diff -u -r1.93 openssl.1 --- openssl.1 13 Mar 2014 10:12:11 - 1.93 +++ openssl.1 25 May 2014 12:48:53 - @@ -9072,11 +9072,6 @@ option of the .Nm x509 utility). -Under -.Ux , -the -.Nm c_rehash -script will automatically create symbolic links to a directory of certificates. .It Fl crl_check Checks end entity certificate validity by attempting to look up a valid CRL. If a valid CRL cannot be found an error occurs. @@ -10403,27 +10398,6 @@ It is hoped that it will represent reality in .Nm OpenSSL 0.9.5 and later. -.Sh X509 HISTORY -Before -.Nm OpenSSL -0.9.8, -the default digest for RSA keys was MD5. -.Pp -The hash algorithm used in the -.Fl subject_hash -and -.Fl issuer_hash -options before -.Nm OpenSSL -1.0.0 was based on the deprecated MD5 algorithm and the encoding -of the distinguished name. -In -.Nm OpenSSL -1.0.0 and later it is based on a canonical version of the DN using SHA1. -This means that any directories using the old form -must have their links rebuilt using -.Ar c_rehash -or similar. .\ .\ FILES .\
Re: [PATCH SET] malloc + memset = calloc
On Sun, May 25, 2014 at 08:34, Benjamin Baier wrote: Hi tech@ I'm just geting into the OpenBSD source code, and what better way to learn than with real work... Some malloc/memset to calloc changes. More to come if this kind of work is appreciated. Yes, but can you split future changes out by program or library in the future? It's much easier for us to review and commit changes in small pieces. cvs ci from the top level src directory usually results in collateral damage. :) libsqlite changes should be pushed upstream. Other small notes: feel free to delete stupid casts like in hunt while making these changes. Usually blending changes is bad, but very small harmless changes like that can be rolled up. (also check to update error messages if you change the function being called.)
[PATCH SET] libssl: malloc/memset = calloc
Hi tech@ patch set for libssl Index: bn_blind.c === RCS file: /cvs/src/lib/libssl/src/crypto/bn/bn_blind.c,v retrieving revision 1.9 diff -u -p -r1.9 bn_blind.c --- bn_blind.c 8 May 2014 13:20:49 - 1.9 +++ bn_blind.c 24 May 2014 21:09:40 - @@ -139,11 +139,10 @@ BN_BLINDING_new(const BIGNUM *A, const B bn_check_top(mod); - if ((ret = (BN_BLINDING *)malloc(sizeof(BN_BLINDING))) == NULL) { + if ((ret = calloc(1, sizeof(BN_BLINDING))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(BN_BLINDING)); if (A != NULL) { if ((ret-A = BN_dup(A)) == NULL) goto err; Index: comp_lib.c === RCS file: /cvs/src/lib/libssl/src/crypto/comp/comp_lib.c,v retrieving revision 1.5 diff -u -p -r1.5 comp_lib.c --- comp_lib.c 26 Apr 2014 13:04:24 - 1.5 +++ comp_lib.c 24 May 2014 21:12:44 - @@ -9,11 +9,10 @@ COMP_CTX_new(COMP_METHOD *meth) { COMP_CTX *ret; - if ((ret = (COMP_CTX *)malloc(sizeof(COMP_CTX))) == NULL) { + if ((ret = calloc(1, sizeof(COMP_CTX))) == NULL) { /* */ return (NULL); } - memset(ret, 0, sizeof(COMP_CTX)); ret-meth = meth; if ((ret-meth-init != NULL) !ret-meth-init(ret)) { free(ret); Index: pmeth_lib.c === RCS file: /cvs/src/lib/libssl/src/crypto/evp/pmeth_lib.c,v retrieving revision 1.3 diff -u -p -r1.3 pmeth_lib.c --- pmeth_lib.c 7 May 2014 17:42:51 - 1.3 +++ pmeth_lib.c 24 May 2014 21:30:17 - @@ -196,11 +196,9 @@ EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; - pmeth = malloc(sizeof(EVP_PKEY_METHOD)); + pmeth = calloc(1, sizeof(EVP_PKEY_METHOD)); if (!pmeth) return NULL; - - memset(pmeth, 0, sizeof(EVP_PKEY_METHOD)); pmeth-pkey_id = id; pmeth-flags = flags | EVP_PKEY_FLAG_DYNAMIC; Index: bio_ber.c === RCS file: /cvs/src/lib/libssl/src/crypto/pkcs7/bio_ber.c,v retrieving revision 1.9 diff -u -p -r1.9 bio_ber.c --- bio_ber.c 27 Apr 2014 20:26:49 - 1.9 +++ bio_ber.c 24 May 2014 21:32:22 - @@ -126,10 +126,8 @@ static int ber_new(BIO *bi) { BIO_BER_CTX *ctx; - ctx=(BIO_BER_CTX *)malloc(sizeof(BIO_BER_CTX)); + ctx=calloc(1, sizeof(BIO_BER_CTX)); if (ctx == NULL) return(0); - - memset((char *)ctx,0,sizeof(BIO_BER_CTX)); bi-init=0; bi-ptr=(char *)ctx; Index: ecp_nistp224.c === RCS file: /cvs/src/lib/libssl/src/crypto/ec/ecp_nistp224.c,v retrieving revision 1.7 diff -u -p -r1.7 ecp_nistp224.c --- ecp_nistp224.c 15 May 2014 11:25:59 - 1.7 +++ ecp_nistp224.c 25 May 2014 09:41:35 - @@ -1435,8 +1435,8 @@ ec_GFp_nistp224_points_mul(const EC_GROU */ mixed = 1; } - secrets = malloc(num_points * sizeof(felem_bytearray)); - pre_comp = malloc(num_points * 17 * 3 * sizeof(felem)); + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(felem)); if (mixed) tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed (tmp_felems == NULL))) { @@ -1448,8 +1448,6 @@ ec_GFp_nistp224_points_mul(const EC_GROU * infinity, i.e., they contribute nothing to the linear * combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); for (i = 0; i num_points; ++i) { if (i == num) /* the generator */ Index: ecp_nistp256.c === RCS file: /cvs/src/lib/libssl/src/crypto/ec/ecp_nistp256.c,v retrieving revision 1.7 diff -u -p -r1.7 ecp_nistp256.c --- ecp_nistp256.c 15 May 2014 11:25:59 - 1.7 +++ ecp_nistp256.c 25 May 2014 09:43:43 - @@ -1985,8 +1985,8 @@ ec_GFp_nistp256_points_mul(const EC_GROU */ mixed = 1; } - secrets = malloc(num_points * sizeof(felem_bytearray)); - pre_comp = malloc(num_points * 17 * 3 * sizeof(smallfelem)); + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp =
Re: c_rehash doesn't exist.
On Sun, May 25, 2014 at 03:02:18PM +0200, Alexander Schrijver wrote: c_rehash doesn't exist in OpenBSD and remove a history lesson which is either not aplicable anymore or was never true. hmm, two things for the price of one. since we don;t have c_rehash, it seems silly to reference it. but there's another ref in ftp(1) added only a few months ago by jca...any comments, jca? the change to HISTORY is less convincing for me. there may well be room to cut verbosity from this file (it's difficult to imagine adding to it), but zapping one section so inconsistently feels wrong. when i eventually get my extra life, i pledge to spend it checking this page. until then, i've opted to zap the c_rehash reference only. unless they protest, i will commit this: Index: usr.bin/ftp/ftp.1 === RCS file: /cvs/src/usr.bin/ftp/ftp.1,v retrieving revision 1.91 diff -u -r1.91 ftp.1 --- usr.bin/ftp/ftp.1 23 Jan 2014 08:09:08 - 1.91 +++ usr.bin/ftp/ftp.1 25 May 2014 18:58:31 - @@ -232,7 +232,6 @@ .It Cm capath Ns = Ns Ar /path/to/certs/ Directory containing PEM encoded CA certificates used for certificate validation. -Such a directory can be prepared using the c_rehash OpenSSL utility. .It Cm ciphers Ns = Ns Ar cipher_list Specify the list of ciphers that will be used by .Nm . Index: usr.sbin/openssl/openssl.1 === RCS file: /cvs/src/usr.sbin/openssl/openssl.1,v retrieving revision 1.94 diff -u -r1.94 openssl.1 --- usr.sbin/openssl/openssl.1 18 May 2014 08:23:27 - 1.94 +++ usr.sbin/openssl/openssl.1 25 May 2014 18:58:34 - @@ -9072,11 +9072,6 @@ option of the .Nm x509 utility). -Under -.Ux , -the -.Nm c_rehash -script will automatically create symbolic links to a directory of certificates. .It Fl crl_check Checks end entity certificate validity by attempting to look up a valid CRL. If a valid CRL cannot be found an error occurs. @@ -10420,10 +10415,6 @@ In .Nm OpenSSL 1.0.0 and later it is based on a canonical version of the DN using SHA1. -This means that any directories using the old form -must have their links rebuilt using -.Ar c_rehash -or similar. .\ .\ FILES .\
[PATCH 2] libssl: malloc/memset = calloc
This shortens the function quite a bit. Index: str_lib.c === RCS file: /cvs/src/lib/libssl/src/crypto/store/str_lib.c,v retrieving revision 1.4 diff -u -p -r1.4 str_lib.c --- str_lib.c 17 Apr 2014 21:32:37 - 1.4 +++ str_lib.c 25 May 2014 07:49:06 - @@ -1185,10 +1185,9 @@ int STORE_delete_arbitrary(STORE *s, OPE STORE_OBJECT *STORE_OBJECT_new(void) { - STORE_OBJECT *object = malloc(sizeof(STORE_OBJECT)); - if (object) memset(object, 0, sizeof(STORE_OBJECT)); - return object; + return (STORE_OBJECT *) calloc(1, sizeof(STORE_OBJECT)); } + void STORE_OBJECT_free(STORE_OBJECT *data) { if (!data) return;
Re: [PATCH 2] libssl: malloc/memset = calloc
On Sun, May 25, 2014 at 12:03 PM, Benjamin Baier program...@netzbasis.dewrote: This shortens the function quite a bit. ... - STORE_OBJECT *object = malloc(sizeof(STORE_OBJECT)); - if (object) memset(object, 0, sizeof(STORE_OBJECT)); - return object; + return (STORE_OBJECT *) calloc(1, sizeof(STORE_OBJECT)); } Just say no to casting the return value of malloc/calloc/realloc! Philip Guenther
Re: c_rehash doesn't exist.
Jason McIntyre j...@kerhand.co.uk writes: On Sun, May 25, 2014 at 03:02:18PM +0200, Alexander Schrijver wrote: c_rehash doesn't exist in OpenBSD and remove a history lesson which is either not aplicable anymore or was never true. hmm, two things for the price of one. since we don;t have c_rehash, it seems silly to reference it. but there's another ref in ftp(1) added only a few months ago by jca...any comments, jca? No particular comment. Adding ftp(1) support for c_rehash'd directories was cheap, and I was thinking about proposing the addition of said utility to the base system. I've only needed it once or twice, yet it bugged me not to have it at hand next to other openssl programs. Before removing the references to c_rehash I'd like to know if other people are interested in getting a trimmed down c_rehash utility in. Else there is not much point in supporting ftp -S capath=... at all. the change to HISTORY is less convincing for me. there may well be room to cut verbosity from this file (it's difficult to imagine adding to it), but zapping one section so inconsistently feels wrong. when i eventually get my extra life, i pledge to spend it checking this page. until then, i've opted to zap the c_rehash reference only. I think you're right about the HISTORY removal. unless they protest, i will commit this: Index: usr.bin/ftp/ftp.1 === RCS file: /cvs/src/usr.bin/ftp/ftp.1,v retrieving revision 1.91 diff -u -r1.91 ftp.1 --- usr.bin/ftp/ftp.1 23 Jan 2014 08:09:08 - 1.91 +++ usr.bin/ftp/ftp.1 25 May 2014 18:58:31 - @@ -232,7 +232,6 @@ .It Cm capath Ns = Ns Ar /path/to/certs/ Directory containing PEM encoded CA certificates used for certificate validation. -Such a directory can be prepared using the c_rehash OpenSSL utility. .It Cm ciphers Ns = Ns Ar cipher_list Specify the list of ciphers that will be used by .Nm . Index: usr.sbin/openssl/openssl.1 === RCS file: /cvs/src/usr.sbin/openssl/openssl.1,v retrieving revision 1.94 diff -u -r1.94 openssl.1 --- usr.sbin/openssl/openssl.118 May 2014 08:23:27 - 1.94 +++ usr.sbin/openssl/openssl.125 May 2014 18:58:34 - @@ -9072,11 +9072,6 @@ option of the .Nm x509 utility). -Under -.Ux , -the -.Nm c_rehash -script will automatically create symbolic links to a directory of certificates. .It Fl crl_check Checks end entity certificate validity by attempting to look up a valid CRL. If a valid CRL cannot be found an error occurs. @@ -10420,10 +10415,6 @@ In .Nm OpenSSL 1.0.0 and later it is based on a canonical version of the DN using SHA1. -This means that any directories using the old form -must have their links rebuilt using -.Ar c_rehash -or similar. .\ .\ FILES .\ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: c_rehash doesn't exist.
On 2014/05/25 21:33, Jérémie Courrèges-Anglas wrote: Jason McIntyre j...@kerhand.co.uk writes: On Sun, May 25, 2014 at 03:02:18PM +0200, Alexander Schrijver wrote: c_rehash doesn't exist in OpenBSD and remove a history lesson which is either not aplicable anymore or was never true. hmm, two things for the price of one. since we don;t have c_rehash, it seems silly to reference it. but there's another ref in ftp(1) added only a few months ago by jca...any comments, jca? No particular comment. Adding ftp(1) support for c_rehash'd directories was cheap, and I was thinking about proposing the addition of said utility to the base system. I've only needed it once or twice, yet it bugged me not to have it at hand next to other openssl programs. Before removing the references to c_rehash I'd like to know if other people are interested in getting a trimmed down c_rehash utility in. Else there is not much point in supporting ftp -S capath=... at all. It would be nice to have a way to add local certificates without them getting overwritten at upgrade time - c_rehash is one way to do that, though moving cert.pem from base*.tgz to etc*.tgz would also accomplish the same with less bloat..
Re: [PATCH SET] libssl: malloc/memset = calloc
On Sun, May 25, 2014 at 20:58, Benjamin Baier wrote: Index: bn_blind.c === RCS file: /cvs/src/lib/libssl/src/crypto/bn/bn_blind.c,v retrieving revision 1.9 diff -u -p -r1.9 bn_blind.c --- bn_blind.c8 May 2014 13:20:49 - 1.9 +++ bn_blind.c24 May 2014 21:09:40 - Index: comp_lib.c === RCS file: /cvs/src/lib/libssl/src/crypto/comp/comp_lib.c,v retrieving revision 1.5 diff -u -p -r1.5 comp_lib.c --- comp_lib.c26 Apr 2014 13:04:24 - 1.5 +++ comp_lib.c24 May 2014 21:12:44 - I didn't notice this before because everything was in different directories so I pulled it apart by hand, but how are you generating these diffs? Concatting a dozen diffs together? These index lines should have some more path information, otherwise the diff can't be applied. Try running cvs diff from the libssl directory. Thanks for the diffs though, applied.
Re: [PATCH SET] libssl: malloc/memset = calloc
I ran cvs diff on the individual files right in the subdirectory and piping the results to one file. Yes I now see how that can be a hurdle. I'll step it up. 05/25/14 22:32, Ted Unangst wrote: I didn't notice this before because everything was in different directories so I pulled it apart by hand, but how are you generating these diffs? Concatting a dozen diffs together? These index lines should have some more path information, otherwise the diff can't be applied. Try running cvs diff from the libssl directory.
Re: [PATCH 2] libssl: malloc/memset = calloc
On Sun, 25 May 2014 12:24:17 -0700 Philip Guenther guent...@gmail.com wrote: Just say no to casting the return value of malloc/calloc/realloc! I understand. fixed. Index: src/crypto/store/str_lib.c === RCS file: /cvs/src/lib/libssl/src/crypto/store/str_lib.c,v retrieving revision 1.4 diff -u -p -r1.4 str_lib.c --- src/crypto/store/str_lib.c 17 Apr 2014 21:32:37 - 1.4 +++ src/crypto/store/str_lib.c 25 May 2014 21:38:47 - @@ -1185,10 +1185,9 @@ int STORE_delete_arbitrary(STORE *s, OPE STORE_OBJECT *STORE_OBJECT_new(void) { - STORE_OBJECT *object = malloc(sizeof(STORE_OBJECT)); - if (object) memset(object, 0, sizeof(STORE_OBJECT)); - return object; + return calloc(1, sizeof(STORE_OBJECT)); } + void STORE_OBJECT_free(STORE_OBJECT *data) { if (!data) return;