Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Joel Sing
On Thu, 6 Nov 2014, Артур Истомин wrote: > On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote: > > > Two weeks has passed. Is there anything that I can do to > > > push GOST ciphers towards LibreSSL? > > > > Sorry about that. Joel and/or I need to review the diff again and push > > it. I'l

Re: libtls future

2014-11-05 Thread Joel Sing
On Thu, 6 Nov 2014, Daniel wrote: > Looking over libtls it struck me that this is the best-designed TLS > API I've ever seen, so it was a bit disheartening to look at the code > and find that it was mainly just wrapping libssl and abstracting away > its fragile, haphazard design choices. Though eve

Re: need help setting an encrypted root FS on dual boot system

2014-11-05 Thread Chris Cappuccio
Matthieu Herrb [matth...@herrb.eu] wrote: > Hi, > > I've a laptop with Ubuntu 14.04/OpenBSD-current dual boot. > I'm trying to convert the OpenBSD FS to softraid(4) encryption with > passphrase. > > I'm booting from an USB drive to access the disk to shuffle data on > it. > > After backing up

Re: rtentry leak

2014-11-05 Thread Chris Cappuccio
Martin Pieuchot [mpieuc...@nolizard.org] wrote: > > @@ -653,12 +653,12 @@ ifa_ifwithroute(int flags, struct sockad > struct rtentry *rt = rtalloc(gateway, 0, rtableid); > if (rt == NULL) > return (NULL); > - rt->rt_refcnt--; >

go back to sleep if lid closed when resuming

2014-11-05 Thread Mike Larkin
Formerly "Prevent Hot Backpack" diff. This puts the machine back to sleep (or hibernate, if that's where you came from) if the lid is still closed on resume. Stops the machine from staying awake if the lid flexes or slightly opens while in your bag, triggering an unwanted wake event. Note - the ma

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Theo de Raadt
> I perfectly see the folly of my proposal. But it was a proposal, attempt > to begin discussion of the problem. But based on your answer, you do not > see the problem. You can not see the forest for the trees. You think, > that all security problems are technical problems, that can be solved > wi

Re: libtls future

2014-11-05 Thread Theo de Raadt
>Looking over libtls it struck me that this is the best-designed TLS >API I've ever seen, so it was a bit disheartening to look at the code >and find that it was mainly just wrapping libssl and abstracting away >its fragile, haphazard design choices. Though even just this is >obviously already an u

libtls future

2014-11-05 Thread Daniel ​​
Looking over libtls it struck me that this is the best-designed TLS API I've ever seen, so it was a bit disheartening to look at the code and find that it was mainly just wrapping libssl and abstracting away its fragile, haphazard design choices. Though even just this is obviously already an uncond

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Chris Cappuccio
?? ?? [art.is...@yandex.ru] wrote: > On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote: > > > Two weeks has passed. Is there anything that I can do to > > > push GOST ciphers towards LibreSSL? > > > > Sorry about that. Joel and/or I need to review the diff again and p

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Lars
On 05.11.2014 23:03, Артур Истомин wrote: It was not accusation to Dmitry, like you said in another e-mail. I'm just trying to point out the problem, which seems to me important. what problem?? I don't get what your problem is. There is a guy asking for a code review and Miod said that he d

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Артур Истомин
On Wed, Nov 05, 2014 at 01:25:32PM -0700, Theo de Raadt wrote: > > On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote: > > > > This is suspicious person for me (group of people?). There are lots of > > > > commits since about 2011 in many low-level and/or critical components > > > > from t

Re: tetris(6): fix select() -> poll() conversion

2014-11-05 Thread patrick keshishian
On Wed, Nov 05, 2014 at 08:45:07PM +0100, Theo Buehler wrote: > Pausing a tetris game currently causes a segfault due to a a null > pointer dereference. > > Fix this by checking that s is non-NULL before accessing its members. > > A number of comments and an error message still refer to select()

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Theo de Raadt
>On 5 Nov 2014, at 20:25, Theo de Raadt wrote: >> >> How do we find people on the internet who care, and knit them into a >> community, and then somewhere down the road meet them and have them >> become this so-called 'core developer' group? >> >> We start reading code from them. > >The code, yes,

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Devin Ceartas
On 5 Nov 2014, at 20:25, Theo de Raadt wrote: How do we find people on the internet who care, and knit them into a community, and then somewhere down the road meet them and have them become this so-called 'core developer' group? We start reading code from them. The code, yes, the code. Nothi

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Theo de Raadt
> On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote: > > > This is suspicious person for me (group of people?). There are lots of > > > commits since about 2011 in many low-level and/or critical components > > > from this person: linux kernel, android, gnupg, tcpdump, alsa, tor, > > > ope

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Dmitrij D. Czarkoff
Артур Истомин said: > I said that 99.9% I'm wrong. But if I'm right, you guys will have a > problem far worse than ever with ipsec. I believe that the code review > of such diffs should be tightened when it comes to such important things > as the kernel and/or the crypto. Tightened up to accepting

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Артур Истомин
On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote: > > This is suspicious person for me (group of people?). There are lots of > > commits since about 2011 in many low-level and/or critical components > > from this person: linux kernel, android, gnupg, tcpdump, alsa, tor, > > openssl etc,

tetris(6): fix select() -> poll() conversion

2014-11-05 Thread Theo Buehler
Pausing a tetris game currently causes a segfault due to a a null pointer dereference. Fix this by checking that s is non-NULL before accessing its members. A number of comments and an error message still refer to select() instead of poll(). Correct this as well. Index: input.c

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Dmitry Eremin-Solenikov
Hello, 2014-11-05 20:05 GMT+03:00 Артур Истомин : > On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote: >> > Two weeks has passed. Is there anything that I can do to >> > push GOST ciphers towards LibreSSL? >> >> Sorry about that. Joel and/or I need to review the diff again and push >> it

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Miod Vallat
> This is suspicious person for me (group of people?). There are lots of > commits since about 2011 in many low-level and/or critical components > from this person: linux kernel, android, gnupg, tcpdump, alsa, tor, > openssl etc, etc.. > > I'm almost certainly wrong, but not too much there compete

Re: LibreSSL: GOST ciphers implementation

2014-11-05 Thread Артур Истомин
On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote: > > Two weeks has passed. Is there anything that I can do to > > push GOST ciphers towards LibreSSL? > > Sorry about that. Joel and/or I need to review the diff again and push > it. I'll try to find time for this next week-end (famous la

.ERROR target in makefile > failed

2014-11-05 Thread sven falempin
Dear almighty tech, For releasing taken resources like vnd device, for example : # $OpenBSD: Makefile,v 1.2 2012/10/12 14:07:46 jsing Exp $ .PATH: ${.CURDIR}/../ramdiskB BOOT=${DESTDIR}/usr/mdec/fdboot RAMDISK=RAMDISK NOBSDRD=1 .include "${.CURDIR}/../common/Makefile.inc" .ERROR:

rtentry leak

2014-11-05 Thread Martin Pieuchot
Diff below fixes a rtentry leak in rt_ifa_delloop() and do two other conversions to rtfree(9). While here rename the pool in "rtentry" which makes it easier to understand where to look for leaks. I can commit these chunks separately if needed. ok? Index: net/route.c ===

Re: EDNS0 and getrrsetbyname(3)

2014-11-05 Thread Jason McIntyre
On Fri, Oct 31, 2014 at 03:03:11AM +0100, Mike Burns wrote: > It is my understanding of the code that ssh(1) no longer supports > DNSSEC. I say this because it calls getrrsetbyname(3) to check the > secure flag, which calls into the ASR machine. In asr.c, the `pass0' > function only parses two opti

Re: Multipath for HOST p2p routes

2014-11-05 Thread Martin Pieuchot
On 04/11/14(Tue) 13:10, Mike Belopuhov wrote: On 4 November 2014 12:51, Martin Pieuchot wrote: > How are we suppose to support configuration with multiple p2p interfaces > pointing to the same destination address? Right now only one route to > host is added. > > Diff below replaces a hack that

Re: iked responds with esp over external ips.

2014-11-05 Thread Mike Belopuhov
On 5 November 2014 13:28, Mike Belopuhov wrote: > On 4 November 2014 17:06, Martin Larsson wrote: >> Hello! >> >> I've setup a tunnel between OpenBSD 5.6 using iked and an openwrt router >> running strongswan. >> The tunnel works great with ping and other traffic but traffic between the >> two ex

Re: iked responds with esp over external ips.

2014-11-05 Thread Mike Belopuhov
On 4 November 2014 17:06, Martin Larsson wrote: > Hello! > > I've setup a tunnel between OpenBSD 5.6 using iked and an openwrt router > running strongswan. > The tunnel works great with ping and other traffic but traffic between the > two external ip's dies. > > This is a site-to-site connection a

Re: new: libowfat

2014-11-05 Thread Jan Klemkow
On Sun, Nov 02, 2014 at 09:40:20AM +, Stuart Henderson wrote: > On 2014/11/01 21:22, Jan Klemkow wrote: > > Hi, > > > > this is a new port of Fefe's reimplementation of libdjb. This library > > is a reimplementation of libdjb. It contains several wrappers for > > socket functions, mkfifo, op

Convert hand-rolled lists to TAILQ_* in ac(8)

2014-11-05 Thread Dimitris Papastamos
Hi, I've attempted to convert the hand-rolled linked lists over to TAILQ. I've tested this briefly and it seems to work okay. Does it look good? Let me know if I need to rework anything. === RCS file: /cvs/src/usr.sbin/ac/ac.c,v r