CVS: cvs.openbsd.org: www

2022-03-26 Thread T . J . Townsend 
CVSROOT:/cvs
Module name:www
Changes by: t...@cvs.openbsd.org2022/03/26 19:55:16

Modified files:
.  : ftp.html 
build  : mirrors.dat 
openbgpd   : ftp.html 
openntpd   : portable.html 
openssh: ftp.html portable.html 
rpki-client: portable.html 

Log message:
update sandyriver mirror's rsync path; requested by the maintainer

CVS: cvs.openbsd.org: src

2022-03-26 Thread Inoguchi Kinichiro 
CVSROOT:/cvs
Module name:src
Changes by: inogu...@cvs.openbsd.org2022/03/26 18:37:10

Modified files:
usr.bin/openssl: ts.c 

Log message:
Check EVP_Digest* functions return value in openssl(1) ts

Move up md_ctx and add EVP_MD_CTX_free under the 'err:' label.
CID 149810

comment and ok jsing@

CVS: cvs.openbsd.org: src

2022-03-26 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/03/26 10:34:21

Modified files:
lib/libcrypto/x509: x509_alt.c x509_constraints.c 

Log message:
name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

CVS: cvs.openbsd.org: src

2022-03-26 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2022/03/26 09:05:54

Modified files:
lib/libssl : d1_pkt.c ssl_pkt.c 

Log message:
Clean up {dtls1,ssl3}_read_bytes()

Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up
pass - this cleans up various parts of the code and reduces differences
between these two functions.

ok = 1; *(&(ok)) tb@

ok inoguchi@

CVS: cvs.openbsd.org: src

2022-03-26 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2022/03/26 09:00:51

Modified files:
lib/libssl : d1_pkt.c 

Log message:
Remove the minimum record length checks from dtls1_read_bytes()

The code that handles each record type already has appropriate length
checks. Furthermore, the handling of application data here is likely
incorrect and bypasses the normal state checks at the end of this function.

ok inoguchi@ tb@

CVS: cvs.openbsd.org: src

2022-03-26 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2022/03/26 08:54:58

Modified files:
lib/libcrypto/asn1: a_object.c 

Log message:
Convert c2i_ASN1_OBJECT() and d2i_ASN1_OBJECT to CBS.

Along the way, rather than having yet another piece of code that parses
OID arcs, reuse oid_parse_arc(). Always allocate a new ASN1_OBJECT rather
than doing a crazy dance with ASN1_OBJECT_FLAG_DYNAMIC and trying to free
parts of an ASN1_OBJECT if one is passed in.

ok inoguchi@ tb@

CVS: cvs.openbsd.org: src

2022-03-26 Thread Joel Sing 
CVSROOT:/cvs
Module name:src
Changes by: js...@cvs.openbsd.org   2022/03/26 08:47:59

Modified files:
lib/libcrypto/asn1: asn1_lib.c asn1_locl.h 

Log message:
Provide asn1_get_primitive()

This takes a CBS, gets the ASN.1 identifier and length, ensures the
resulting identifier is a valid primitive, then returns the tag number and
the content as a CBS.

ok inoguchi@ tb@

CVS: cvs.openbsd.org: src

2022-03-26 Thread Theo de Raadt 
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2022/03/26 08:26:44

Modified files:
etc/etc.i386   : disktab 
sys/arch/i386/conf: RAMDISK_CD 
distrib/i386/ramdisk_cd: Makefile 

Log message:
grow i386 media

CVS: cvs.openbsd.org: src

2022-03-26 Thread Stefan Sperling 
CVSROOT:/cvs
Module name:src
Changes by: s...@cvs.openbsd.org2022/03/26 08:25:15

Modified files:
sys/arch/i386/conf: GENERIC RAMDISK_CD 
sys/arch/macppc/conf: GENERIC RAMDISK 
sys/arch/arm64/conf: GENERIC RAMDISK 

Log message:
Enable mtw(4) on i386, macppc, and arm64.

Testing by hastings@ and myself.
i386 has a media size issue, deraadt@ will sort it out.

CVS: cvs.openbsd.org: src

2022-03-26 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/03/26 06:43:12

Modified files:
share/man/man1 : dpb.1 

Log message:
typo: currents -> current

CVS: cvs.openbsd.org: src

2022-03-26 Thread Jonathan Matthew 
CVSROOT:/cvs
Module name:src
Changes by: jmatt...@cvs.openbsd.org2022/03/26 00:04:20

Modified files:
sys/dev/pci: if_aq_pci.c 

Log message:
Expand tx dma maps to allow packets up to the MTU limit to be transmitted.
Don't clear TPB_TX_BUF_EN when taking the interface down, as somehow that
causes transmission to fail when the interface comes up again if any large
packets had been sent.

Handle packets received into multiple rx buffers using the same approach as
ixl(4), with the addition that a receive error can be signaled on any of
the buffers rather than just the last one.  Set the low water mark on the
rx ring so there are always enough buffers to receive the largest packet
supported by the interface, and fix the calculation of the data pointer
in rx buffers so there's actually MCLBYTES space available.

ok dlg@