Re: CVS: cvs.openbsd.org: src

2023-10-03 Thread Stuart Henderson
On 2023/10/03 04:22, Stuart Henderson wrote:
> CVSROOT:  /cvs
> Module name:  src
> Changes by:   st...@cvs.openbsd.org   2023/10/03 04:22:10
> 
> Modified files:
>   sys/net: if_pfsync.c 
> 
> Log message:
> Reinstate setting rtableid based on rdomain for pfsync,
> lost during the rewrite, reported by Mark Patruck.
> 
> ok phessler claudio sashan deraadt
> 

and dlg



CVS: cvs.openbsd.org: src

2023-10-03 Thread Stuart Henderson
CVSROOT:/cvs
Module name:src
Changes by: st...@cvs.openbsd.org   2023/10/03 04:22:10

Modified files:
sys/net: if_pfsync.c 

Log message:
Reinstate setting rtableid based on rdomain for pfsync,
lost during the rewrite, reported by Mark Patruck.

ok phessler claudio sashan deraadt



CVS: cvs.openbsd.org: src

2023-10-03 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/03 03:58:06

Modified files:
lib/libcrypto/man: IPAddressRange_new.3 

Log message:
Fix a typo and move a word



CVS: cvs.openbsd.org: src

2023-10-02 Thread Jason McIntyre
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/10/02 23:20:38

Modified files:
usr.bin/cu : cu.1 

Log message:
remove unused Pp macro;



CVS: cvs.openbsd.org: src

2023-10-02 Thread Kenneth R Westerback
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2023/10/02 17:38:11

Modified files:
lib/libc/sys   : sysctl.2 
sys/dev/usb: ucom.c usb_subr.c 
usr.bin/cu : cu.1 

Log message:
Add 'host root port' information to hw.ucomnames.

usbN.X.Y becomes usbN.Z.X.Y

Display the usb string in ucom attach messages so grepping
dmesg can be used to find the path to a ucom.

More USB cluebats from kettenis@. Deep hub depths testing from
drahn@.

ok deraadt@ drahn@ kettenis@



CVS: cvs.openbsd.org: src

2023-10-02 Thread Alexander Bluhm
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/10/02 10:11:09

Modified files:
regress/lib/libm/msun: Makefile 

Log message:
Now nearbyint_test-1 is passing on macppc, powerpc64, sparc64.  Some
recent fixes seem to help also there, not only on amd64.
OK deraadt@



CVS: cvs.openbsd.org: src

2023-10-02 Thread Kenneth R Westerback
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2023/10/02 08:48:11

Modified files:
usr.bin/cu : cu.1 cu.c 

Log message:
Enable cu(1) -l to accept the usb paths shown in hw.ucomnames.

Usual man page tweaks from jmc@ and schwarze@.

Testing various iterations by deraadt@, nicm@, kettenis@, drahn@.

ok deraadt@



CVS: cvs.openbsd.org: src

2023-10-02 Thread Claudio Jeker
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2023/10/02 07:31:32

Modified files:
usr.sbin/rpki-client: version.h 

Log message:
bump version



CVS: cvs.openbsd.org: src

2023-10-02 Thread Theo de Raadt
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2023/10/02 07:26:04

Modified files:
etc/root   : root.mail 

Log message:
maybe a bit earlier



CVS: cvs.openbsd.org: src

2023-10-02 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/02 05:14:15

Modified files:
regress/lib/libcrypto/asn1: asn1time.c 

Log message:
Add some coverage for ASN1_TIME_cmp_time_t() as well

ASN1_UTCTIME_cmp_tim_t() could be done similarly, but then I have to mess
with LIBRESSL_INTERNAL. Let's do this after unlock.



CVS: cvs.openbsd.org: src

2023-10-02 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/02 04:40:43

Modified files:
regress/lib/libcrypto/asn1: asn1time.c 

Log message:
Add regress coverage for ASN1_TIME_compare()



CVS: cvs.openbsd.org: src

2023-10-02 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/02 03:42:58

Modified files:
regress/lib/libcrypto/asn1: asn1time.c 

Log message:
Minor asn1time tweaks

Sprinkle some (static) const and garbage collect an unused struct.



CVS: cvs.openbsd.org: src

2023-10-01 Thread Jason McIntyre
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/10/01 23:29:59

Modified files:
lib/libc/sys   : sysctl.2 

Log message:
DV -> Dv;



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 16:46:21

Modified files:
lib/libcrypto/man: X509v3_addr_add_inherit.3 

Log message:
Example code tweak: do not hardcode the size of array



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 16:14:36

Modified files:
lib/libcrypto/asn1: a_time_tm.c 

Log message:
Fix a copy-paste bug in ASN1_TIME_compare()

ASN1_TIME_compare() compares two times t1 and t2. Due to a copy-paste
error, we would do ASN1_time_parse(t1->data, t2->length, , t2->type)

Now if t1 is a UTCTime (length 13) and t2 is a GeneralizedTime (length 15),
the worst that could happen is a 2-byte out-of-bounds read. Fortunately, t1
will already have parsed as a UTCTime, so it will have a Z where there
should be the first digit of the seconds for a GeneralizedTime and we will
error out.

Now if both t1 and t2 have the same type, we will parse t1's data twice
and we will return an incorrect comparison. This could have some security
impact if anything relied on this function for security purposes. It is
unused in our tree and unused in our ports tree ports and the only consumer
I could find was some MongoDB things doing OCSP, so this won't be too bad.

Then of course there's also the language bindings.

Issue reported by Duncan Thomson at esri dot com via libressl-security

ok beck deraadt



CVS: cvs.openbsd.org: src

2023-10-01 Thread Christian Weisgerber
CVSROOT:/cvs
Module name:src
Changes by: na...@cvs.openbsd.org   2023/10/01 14:15:23

Modified files:
etc: rc 

Log message:
show fingerprint of freshly generated ssh host key on first boot

Print to the console the fingerprint of a newly generated ssh host
key of the preferred type (currently ED25519), typically when booting
for the first time.  This simplifies a secure first ssh connection to
a freshly installed machine.

ok deraadt@ kn@, and various for earlier iterations



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 12:23:50

Modified files:
lib/libcrypto/man: EVP_CIPHER_CTX_ctrl.3 

Log message:
Document EVP_CIPHER_CTX_iv_length() return values

We aligned with upstream behavior. Let's document it properly.

Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().

OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.



CVS: cvs.openbsd.org: src

2023-10-01 Thread Kenneth R Westerback
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2023/10/01 09:58:12

Modified files:
lib/libc/sys   : sysctl.2 
sys/dev/usb: ucom.c ucomvar.h usb_subr.c usbdi.h 
sys/kern   : kern_sysctl.c 
sys/sys: sysctl.h 

Log message:
Add sysctl hw.ucomnames to list 'fixed' paths to USB serial
ports.

Suggested by deraadt@, USB route idea from kettenis@. Feedback
from anton@, man page improvements from deraadt@, jmc@,
schwarze@.

ok deraadt@ kettenis@



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 04:51:19

Modified files:
lib/libcrypto/man: s2i_ASN1_INTEGER.3 

Log message:
The colons separate the octets, not the digits; add missing link to
crypto(3)



CVS: cvs.openbsd.org: src

2023-10-01 Thread Mark Kettenis
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/10/01 03:03:14

Modified files:
sys/dev/pci: if_aq_pci.c 

Log message:
Atlantic 2 hardware has a different layout for the TPS_DATA_TCT registers
and uses different buffer sizes.  Fixes an issue where the card would
stop transmitting packets under load on the M2 Pro Mac mini.

ok jmatthew@



CVS: cvs.openbsd.org: src

2023-10-01 Thread Mark Kettenis
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/10/01 02:56:24

Modified files:
sys/dev/sdmmc  : sdhc.c sdhcreg.h 

Log message:
Print the correct SDHC spec version.

ok deraadt@



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 02:29:12

Modified files:
lib/libcrypto/man: X509v3_addr_add_inherit.3 

Log message:
Improve a code comment in the EXAMPLES section



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 02:23:58

Modified files:
lib/libcrypto/man: IPAddressRange_new.3 

Log message:
Refer to RFC 3779, 2.1.2 for encoding of ranges

Mention sections 2.1.1 and 2.1.2 in STANDARDS



CVS: cvs.openbsd.org: src

2023-10-01 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/10/01 02:17:52

Modified files:
lib/libcrypto/man: IPAddressRange_new.3 

Log message:
Point out that the result of IPAddressRange_new() is an invalid range
since it should be a prefix.



CVS: cvs.openbsd.org: src

2023-09-30 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/30 23:20:41

Modified files:
lib/libcrypto/man: ASRange_new.3 

Log message:
encoding -> decoding for d2i



CVS: cvs.openbsd.org: src

2023-09-30 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/30 22:48:39

Modified files:
regress/lib/libcrypto/x509: constraints.c 

Log message:
Add an empty line



CVS: cvs.openbsd.org: src

2023-09-30 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/30 13:07:38

Modified files:
lib/libcrypto/man: X509v3_addr_validate_path.3 

Log message:
Reorder list of additional validation checks needed



CVS: cvs.openbsd.org: src

2023-09-30 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/30 12:16:44

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 
   X509v3_asid_add_id_or_range.3 

Log message:
Switch copyright year to 2023.

Apparently I should have used 2023 despite sharing versions of these
files with several people under this license (and thus permitting them
to redistribute and share with the public). It makes no sense to me,
but shrug.



CVS: cvs.openbsd.org: src

2023-09-30 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/30 10:01:18

Modified files:
lib/libcrypto/man: X509v3_addr_add_inherit.3 

Log message:
Use addrblocks for .Fa



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 08:29:41

Modified files:
lib/libcrypto/man: X509v3_asid_add_id_or_range.3 

Log message:
avoid using the string "a" without markup as a placeholder
where that feels potentially confusing,
and add one missing .Pp macro; no change of meaning



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 08:26:09

Modified files:
lib/libcrypto/man: X509v3_addr_validate_path.3 

Log message:
consistently use "allow_inherit" for the argument name
and fix whitespace on one text line; no change of meaning



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 08:24:00

Modified files:
lib/libcrypto/man: X509v3_addr_subset.3 

Log message:
drop one pair of needless parentheses
and polish one wording; no change of meaning



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 08:21:57

Modified files:
lib/libcrypto/man: X509v3_addr_inherits.3 

Log message:
remove a useless repetition of a function name
that was also followed by a bogus argument,
and fix one grammatical error; no change of meaning



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 08:12:40

Modified files:
lib/libcrypto/man: X509v3_addr_get_range.3 

Log message:
polish an awkward wording
and capitalize "AFI" where is does not refer to the function argument;
no change of meaning



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 08:10:56

Modified files:
lib/libcrypto/man: X509v3_addr_add_inherit.3 

Log message:
two instances of missing .Fa macros
and some missing escaping of HYPHEN-MINUS; no text change



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 07:58:29

Modified files:
lib/libcrypto/man: IPAddressRange_new.3 

Log message:
fix one copy and paste error: d2i_*() decode rather than encode;
plus some minor markup and punctuation fixes



CVS: cvs.openbsd.org: src

2023-09-30 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/30 07:51:00

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 

Log message:
garbage collect two stray words, no change of meaning



CVS: cvs.openbsd.org: src

2023-09-30 Thread Christian Weisgerber
CVSROOT:/cvs
Module name:src
Changes by: na...@cvs.openbsd.org   2023/09/30 07:03:40

Modified files:
usr.bin/kdump  : kdump.1 
usr.bin/ktrace : ktrace.1 ltrace.1 

Log message:
list tracepoints directly in kdump.1 instead of pointing to ktrace.1

Also add a note to the respective section in kdump.1, ktrace.1, and
ltrace.1 to keep in sync with each other; suggested by schwarze@.

ok deraadt@ schwarze@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Alexander Bluhm
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/09/29 13:44:47

Modified files:
sys/dev/pci: if_ixl.c 

Log message:
Replace kernel lock with mutex in ixl(4) media status.

Witness found that sc_atq_mtx mutex is held when kernel lock is
acquired.  This might cause a deadlock.  Protect sc_media_status
and sc_media_active with the link state mutex instead.  Global
fields ifm->ifm_status and ifm->ifm_active are still protected by
kernel lock.

OK tobhe@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Tobias Heider
CVSROOT:/cvs
Module name:src
Changes by: to...@cvs.openbsd.org   2023/09/29 12:45:42

Modified files:
sys/net: pfkeyv2_parsemessage.c 

Log message:
Make sure pfkeyv2_parsemessage() only returns 0 if the message was
successfully validated.  Decline all messages from userland that contain
errnos and remove unneeded special handling for type SADB_X_PROMISC.

ok bluhm@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Tobias Heider
CVSROOT:/cvs
Module name:src
Changes by: to...@cvs.openbsd.org   2023/09/29 12:40:08

Modified files:
sys/net: pfkeyv2.c 

Log message:
Only forward validated pfkey messages to promiscuous listeners.
Fixes a bunch of crashes with ipsecctl -m.

ok bluhm@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Omar Polo
CVSROOT:/cvs
Module name:src
Changes by: o...@cvs.openbsd.org2023/09/29 12:30:15

Modified files:
usr.sbin/smtpd : smtpd.h 

Log message:
bump version to 7.4.0



CVS: cvs.openbsd.org: src

2023-09-29 Thread Theo de Raadt
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2023/09/29 12:29:35

Modified files:
distrib/sets/lists/comp: md.armv7 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-29 Thread Mark Kettenis
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/09/29 11:30:35

Modified files:
sys/dev/fdt: rkusbphy.c 

Log message:
Revert previous commit; botched testing meant that I missed USB device no
longer attach to the USB 2.0 ports.



CVS: cvs.openbsd.org: src

2023-09-29 Thread Bob Beck
CVSROOT:/cvs
Module name:src
Changes by: b...@cvs.openbsd.org2023/09/29 09:53:59

Modified files:
lib/libcrypto/x509: x509_constraints.c x509_internal.h 
regress/lib/libcrypto/x509: constraints.c 

Log message:
Allow IP addresses to be specified in a URI.

Our checking here was a bit too aggressive, and did not permit an
IP address in a URI. IP's in a URI are allowed for things like CRLdp's
AIA, SAN URI's etc.). The check for this was also slightly flawed as
we would permit an IP if memory allocation failed while checking for
an IP.

Correct both issues.

ok tb@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Mark Kettenis
CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2023/09/29 09:51:48

Modified files:
sys/dev/fdt: rkclock.c rkclock_clocks.h rkusbphy.c 

Log message:
Newer versions of U-Boot may disable the USB PHYs and gate their clocks.
Add support for the rk3399 to rkusbphy(4) and implement support for the
required clocks.

ok kevlo@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/29 09:41:06

Modified files:
lib/libcrypto/man: X509v3_addr_validate_path.3 

Log message:
Some wording tweaks to make things a bit more precise.



CVS: cvs.openbsd.org: src

2023-09-29 Thread Claudio Jeker
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2023/09/29 06:47:34

Modified files:
sys/kern   : kern_exec.c kern_exit.c kern_pledge.c 
 kern_sig.c 
sys/sys: proc.h 

Log message:
Extend single_thread_set() mode with additional flag attributes.

The mode can now be or-ed with SINGLE_DEEP or SINGLE_NOWAIT to alter
the behaviour of single_thread_set(). This allows explicit control
of the SINGLE_DEEP behaviour.

If SINGLE_DEEP is set the deep flag is passed to the initial check call
and by that the check will error out instead of suspending (SINGLE_UNWIND)
or exiting (SINGLE_EXIT). The SINGLE_DEEP flag is required in calls to
single_thread_set() outside of userret. E.g. at the start of sys_execve
because the proc is not allowed to call exit1() in that location.

SINGLE_NOWAIT skips the wait at the end of single_thread_set() and therefor
returns BEFORE all threads have been parked. Currently this is only used by
the ptrace code and should not be used anywhere else. Not waiting for all
threads to settle is asking for trouble.

This solves an issue by using SINGLE_UNWIND in the coredump case where
the code should actually exit in case another thread crashed moments earlier.
Also the SINGLE_UNWIND in pledge_fail() is now marked SINGLE_DEEP since
the call to pledge_fail() is for sure not at the kernel boundary.

OK mpi@



CVS: cvs.openbsd.org: src

2023-09-29 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/29 03:28:21

Modified files:
lib/libcrypto/man: X509v3_addr_validate_path.3 

Log message:
Fix a wrong tag and work around an ugly linebreak



CVS: cvs.openbsd.org: src

2023-09-29 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/29 02:59:05

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-29 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/29 02:57:49

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 Makefile X509_new.3 
   X509v3_addr_add_inherit.3 
   X509v3_asid_add_id_or_range.3 
Added files:
lib/libcrypto/man: X509v3_addr_validate_path.3 

Log message:
Document X509v3_{addr,asid}_validate_{path,resource_set}(3)

These were the last four RFC 3779 things that check_complete.pl x509v3
complained about. I will surely tweak and try to improve a few things
in the coming days, but the pages should now be stable enough that
review efforts will likely not be wasted. Any feedback appreciated.



CVS: cvs.openbsd.org: src

2023-09-29 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/29 00:53:05

Modified files:
regress/lib/libcrypto/evp: evp_test.c 

Log message:
Appease coverity

This is a static pointer, so it ain't ever NULL, but shrug



CVS: cvs.openbsd.org: src

2023-09-28 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/28 11:00:21

Modified files:
lib/libutil: imsg_init.3 

Log message:
add a missing .Fa macro



CVS: cvs.openbsd.org: src

2023-09-28 Thread Ingo Schwarze
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2023/09/28 10:41:36

Modified files:
lib/libutil: imsg_init.3 

Log message:
fix two wrong function names in the description;
from 



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 08:55:48

Modified files:
regress/lib/libcrypto/aead: aeadtest.c 

Log message:
Fix error message



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 08:54:39

Modified files:
regress/lib/libcrypto/evp: evp_test.c 

Log message:
Don't leak ctx on failure



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 06:37:21

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 06:36:36

Added files:
lib/libcrypto/man: X509v3_addr_subset.3 

Log message:
Document X509v3_{addr,asid}_subset.3 take two (missed cvs add)

First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 06:35:31

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 ASRange_new.3 
   IPAddressRange_new.3 Makefile X509_new.3 
   X509v3_addr_add_inherit.3 
   X509v3_asid_add_id_or_range.3 

Log message:
Document X509v3_{addr,asid}_subset.3

First RFC 3779 page without a BUG section. It could have one, but I'm
in a lenient mood right now. Maybe it's just that this is bad but not
quite as bad as EVP.



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 05:39:35

Modified files:
regress/lib/libcrypto/evp: evp_test.c 

Log message:
Add more regress coverage for EVP_CIPHER_CTX_iv_length()

Awesome: the IV length for GCM is only bounded by INT_MAX or malloc limits.

In the absence of an overflowing issue tracker, I'm labeling this
"good first issue", "help wanted" here.



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 05:35:10

Modified files:
regress/lib/libcrypto/aead: aeadtest.c 

Log message:
Check that EVP_CIPHER_CTX_iv_length() matches what was set

This really only covers AES-GCM.

>From beck



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 05:29:11

Modified files:
lib/libcrypto/evp: e_aes.c e_chacha20poly1305.c evp_lib.c 
   evp_local.h 

Log message:
Fix EVP_CIPHER_CTX_iv_length()

In today's episode of "curly nonsense from EVP land" we deal with a quite
harmless oversight and a not too bad suboptimal fix, relatively speaking.

At some point EVP_CIPHER_{CCM,GCM}_SET_IVLEN was added. It modified some
object hanging off of EVP_CIPHER. However, EVP_CIPHER_CTX_iv_length() wasn't
taught about this and kept returning the hardcoded default value on the
EVP_CIPHER. Once it transpired that a doc fix isn't going to cut it, this
was fixed. And of course it's easy to fix: you only have to dive through
about three layers of EVP, test and set a flag and handle a control in a
couple methods.

The upstream fix was done poorly and we begrudgingly have to match the API:
the caller is expected to pass a raw pointer next to a 0 length along with
EVP_CIPHER_GET_IV_LENGTH and the control handler goes *(int *)ptr = length
in full YOLO mode. That's never going to be an issue because of course the
caller will always pass a properly aligned pointer backing a sufficient
amount of memory. Yes, unlikely to be a real issue, but it could have been
done with proper semantics and checks without complicating the code. But
why do I even bother to complain? We're used to this.

Of note here is that there was some pushback painting other corners of a
bikeshed until the reviewer gave up with a resigned

That kind of changes the semantics and is one extra complexity level,
but [shrug] ok...

Anyway, the reason this matters now after so many years is that rust-openssl
has an assert, notably added in a +758 -84 commit with the awesome message
"Docs" that gets triggered by recent tests added to py-cryptography.

Thanks to Alex Gaynor for reporting this. Let me take the opportunity to
point out that pyca contributed to improve rust-openssl, in particular its
libressl support, quite a bit. That's much appreciated and very noticeable.

Regress coverage to follow in subsequent commits.

Based on OpenSSL PR #9499 and issue #8330.

ok beck jsing

PS: A few macros were kept internal for now to avoid impact on the release
cycle that is about to finish. They will be exposed after release.



CVS: cvs.openbsd.org: src

2023-09-28 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/28 02:21:43

Modified files:
regress/lib/libcrypto/aes: aes_test.c 

Log message:
whitespace



CVS: cvs.openbsd.org: src

2023-09-28 Thread Claudio Jeker
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2023/09/28 01:02:50

Modified files:
usr.sbin/bgpd  : version.h 

Log message:
Prep for OpenBGPD 8.2



CVS: cvs.openbsd.org: src

2023-09-28 Thread Claudio Jeker
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2023/09/28 01:01:26

Modified files:
usr.sbin/bgpd  : control.c 

Log message:
Enforce NUL termination of the neighbor shutdown reason sent from
bgpctl before calling strlcpy() with that string.
OK tb@ some long time ago



CVS: cvs.openbsd.org: src

2023-09-27 Thread Jonathan Gray
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/09/27 21:34:32

Modified files:
share/man/man5 : ruby-module.5 

Log message:
plaform -> platform



CVS: cvs.openbsd.org: src

2023-09-27 Thread Jonathan Gray
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/09/27 19:51:00

Modified files:
lib/libc/stdio : fopen.3 getc.3 
lib/libc/sys   : access.2 

Log message:
don't mention what language functions are implemented in
remove a line relating to the 2BSD libNS
ok schwarze@



CVS: cvs.openbsd.org: src

2023-09-27 Thread Andrew Fresh
CVSROOT:/cvs
Module name:src
Changes by: afre...@cvs.openbsd.org 2023/09/27 19:18:52

Modified files:
usr.sbin/fw_update: fw_update.sh 

Log message:
Don't register firmware already in /var/db/pkg

If installing firmware with `make install` from a port, it doesn't register
properly by adding "@option firmware" to the packing list, this means we ignore
that it is installed and reinstall it over and over with the registration
ending up in a tmpdir named directory inside the existing directory in
/var/db/pkg.

Unfortunately I don't know of a good way to automatically clean up from that,
so we just print a message after installing the actual firmware.

Reported by job@
No complaints about the patch on tech@ for several weeks.



CVS: cvs.openbsd.org: src

2023-09-27 Thread Andrew Fresh
CVSROOT:/cvs
Module name:src
Changes by: afre...@cvs.openbsd.org 2023/09/27 18:52:16

Modified files:
usr.sbin/fw_update: fw_update.sh 

Log message:
Exit successfully at the end of fw_update

Otherwise the exit status depends on whether we kept any firmware.

Reported by Brian Conway 
The clean solution suggested by guenther@



CVS: cvs.openbsd.org: src

2023-09-27 Thread Andrew Fresh
CVSROOT:/cvs
Module name:src
Changes by: afre...@cvs.openbsd.org 2023/09/27 18:45:22

Modified files:
usr.sbin/fw_update: fw_update.sh 

Log message:
Download firmware to LOCALSRC when using filenames

Previously if you did: fw_update otus-firmware-1.0p1.tgz
and that firmware didn't exist in the current directory,
we would download that firmware into the current directory.
Which is not the expected outcome.



CVS: cvs.openbsd.org: src

2023-09-27 Thread Jeremy Evans
CVSROOT:/cvs
Module name:src
Changes by: jer...@cvs.openbsd.org  2023/09/27 15:46:17

Modified files:
share/man/man5 : ruby-module.5 

Log message:
Full rewrite of lang/ruby port module documentation

Restructure so that the most important information is first.
Describe how it modifies bsd.port.mk variables.
Document all public variables set by the module.

Rewrite prompted by feedback from schwarze@
Multiple rounds of review and many fixes from schwarze@
OK schwarze@



CVS: cvs.openbsd.org: src

2023-09-27 Thread Todd C . Miller
CVSROOT:/cvs
Module name:src
Changes by: mill...@cvs.openbsd.org 2023/09/27 15:06:33

Modified files:
usr.bin/deroff : deroff.c 

Log message:
Use a dynamically-allocated line buffer and resize as needed.
Fixes a buffer overflow for lines over 2048 bytes.
Problem reported by Crystal Kolipe.  OK deraadt@



CVS: cvs.openbsd.org: src

2023-09-27 Thread Jason McIntyre
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2023/09/27 14:30:19

Modified files:
share/man/man4 : qcrng.4 

Log message:
fix punctuation and formatting in AUTHORS;



CVS: cvs.openbsd.org: src

2023-09-27 Thread Otto Moerbeek
CVSROOT:/cvs
Module name:src
Changes by: o...@cvs.openbsd.org2023/09/27 11:06:42

Modified files:
regress/lib/libc/malloc/malloc_threaderr: malloc_threaderr.c 

Log message:
We're not interested in the core dump, so prevent it.  Also catch
SIGABRT, to avoid the "Abort trap" message, which confuses me sometimes
until I realize it's the purpose of this test to abort.



CVS: cvs.openbsd.org: src

2023-09-27 Thread Theo de Raadt
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2023/09/27 09:18:31

Modified files:
sys/conf   : GENERIC 

Log message:
disable POOL_DEBUG for release



CVS: cvs.openbsd.org: src

2023-09-27 Thread Marc Espie
CVSROOT:/cvs
Module name:src
Changes by: es...@cvs.openbsd.org   2023/09/27 06:24:22

Modified files:
share/man/man5 : bsd.port.mk.5 

Log message:
document the obvious



CVS: cvs.openbsd.org: src

2023-09-27 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/27 05:29:22

Modified files:
lib/libcrypto/x509: x509_addr.c 

Log message:
RFC 3779: stop pretending we support AFIs other than IPv4 and IPv6

This code is a complete bug fest and using it with any other AFI is
downright dangerous. Such don't arise in this context in practice.

ok claudio jsing



CVS: cvs.openbsd.org: src

2023-09-27 Thread Claudio Jeker
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2023/09/27 04:49:21

Modified files:
etc/examples   : bgpd.conf 

Log message:
Match GRACEFUL_SHUTDOWN only from ebgp sessions as specified by
RFC8326 Section 4.1.
OK sthen@ phessler@ job@



CVS: cvs.openbsd.org: src

2023-09-27 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/27 02:46:46

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 ASRange_new.3 
   IPAddressRange_new.3 
   X509v3_addr_add_inherit.3 
   X509v3_addr_inherits.3 
   X509v3_asid_add_id_or_range.3 

Log message:
Various small tweaks in the RFC 3779 docs

Mention a few more bugs and unify manpage descriptions



CVS: cvs.openbsd.org: src

2023-09-27 Thread Sebastien Marie
CVSROOT:/cvs
Module name:src
Changes by: sema...@cvs.openbsd.org 2023/09/27 02:20:50

Modified files:
share/man/man5 : bsd.port.mk.5 

Log message:
extent USE_LLD to Yes/No/ports values.

'ports' permits to force the use of ld.lld from lang/clang module.

ok landry@



CVS: cvs.openbsd.org: src

2023-09-27 Thread Peter Hessler
CVSROOT:/cvs
Module name:src
Changes by: phess...@cvs.openbsd.org2023/09/27 01:52:48

Modified files:
distrib/sets/lists/man: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-27 Thread Peter Hessler
CVSROOT:/cvs
Module name:src
Changes by: phess...@cvs.openbsd.org2023/09/27 01:50:46

Modified files:
share/man/man4 : Makefile 
Added files:
share/man/man4 : qcrng.4 

Log message:
add a manpage for the qcrng(4) driver

reminded by pamela@



CVS: cvs.openbsd.org: src

2023-09-26 Thread Anton Lindqvist
CVSROOT:/cvs
Module name:src
Changes by: an...@cvs.openbsd.org   2023/09/26 23:18:40

Modified files:
regress/usr.sbin/vmd/config: Makefile 

Log message:
Cope with progname now being present in vmd errors messages.



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 22:54:49

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo de Raadt
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2023/09/26 20:13:18

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 15:18:01

Modified files:
regress/lib/libcrypto/CA: root.cnf 

Log message:
Fix reference to x509v3.cnf(5) bis



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 15:17:03

Modified files:
regress/lib/libcrypto/CA: intermediate.cnf 

Log message:
Fix reference to x509v3.cnf(5)



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 14:44:16

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 14:42:45

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 IPAddressRange_new.3 
   Makefile X509_new.3 
   X509v3_asid_add_id_or_range.3 
Added files:
lib/libcrypto/man: X509v3_addr_inherits.3 

Log message:
Document X509v3_{addr,asid}_inherits(3)

Also note another bug in X509v3_asid_{canonize,is_canonical}(3).



CVS: cvs.openbsd.org: src

2023-09-26 Thread Vitaliy Makkoveev
CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2023/09/26 13:55:24

Modified files:
sys/dev: midi.c midivar.h 

Log message:
Use existing `audio_lock' mutex(9) to make `midi{read,write}_filtops' MP
safe. knote_locked(9) will not grab kernel lock, so call it directly from
interrupt handlers instead of scheduling software interrupts.

feedback and ok ratchov



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 12:36:34

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 12:35:34

Modified files:
lib/libcrypto/man: IPAddressRange_new.3 Makefile 
   X509v3_addr_add_inherit.3 
Added files:
lib/libcrypto/man: X509v3_addr_get_range.3 

Log message:
Document X509v3_addr_get_{afi,range}(3)



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 09:39:06

Modified files:
distrib/sets/lists/comp: mi 

Log message:
sync



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 09:34:23

Modified files:
lib/libcrypto/man: Makefile ASIdentifiers_new.3 ASRange_new.3 
   X509_new.3 X509v3_addr_add_inherit.3 
Added files:
lib/libcrypto/man: IPAddressRange_new.3 

Log message:
Document the guts of RFC 3779 IPAddrBlocks

Let's just say there's room for improvement...



CVS: cvs.openbsd.org: src

2023-09-26 Thread Stuart Henderson
CVSROOT:/cvs
Module name:src
Changes by: st...@cvs.openbsd.org   2023/09/26 09:16:45

Modified files:
sys/net: if_wg.c 

Log message:
Have wg(4) copy the priority from the inner packet to the outer encrypted
packet, so that higher priority packets are picked from hfsc queues for
earlier transmission.

(Does not copy ToS bits from inner to outer packet headers sent on the
wire, which some may regard as secret).

tested by Andrew Lemin, ok dlg@



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo de Raadt
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2023/09/26 07:27:32

Modified files:
sys/conf   : newvers.sh 

Log message:
we are heading out of -beta



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 07:02:47

Modified files:
lib/libcrypto/man: ASRange_new.3 

Log message:
Missing variable name in prototype



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 03:36:22

Modified files:
lib/libcrypto/man: d2i_ASN1_NULL.3 

Log message:
Fix section title of X.690 reference (missing article)



CVS: cvs.openbsd.org: src

2023-09-26 Thread Theo Buehler
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/09/26 02:56:18

Modified files:
lib/libcrypto/man: ASIdentifiers_new.3 ASRange_new.3 
   X509v3_asid_add_id_or_range.3 

Log message:
Document some barely usable parts of the ASIdentifiers API.

Someone clearly didn't actually use much of the code they wrote and exposed
and therefore didn't think it through properly.



CVS: cvs.openbsd.org: src

2023-09-26 Thread Vitaliy Makkoveev
CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2023/09/26 02:30:13

Modified files:
sys/dev/pv : vmt.c 

Log message:
Use shared netlock to protect ifnet data within vmt_tclo_broadcastip().
Execute vmt_tclo_tick() timeout handler in process context to allow
context switch within vmt_tclo_broadcastip().

ok yasuoka



  1   2   3   4   5   6   7   8   9   10   >