OpenCVS bug on ssh 'broken pipe' error

2016-06-04 Thread Dongsheng Song
When ssh 'broken pipe' error occurred, cvs quit exit error 0.

Here is my test script:

# cat

cd /usr/src
echo "[`/bin/date "+%Y-%m-%dT%H:%M:%S%z"`] start cvs update /usr/src/"
while true; do
cvs -q -d up -Pd
echo $rc
if [ "$rc" -eq "0" ]; then
echo "[`/bin/date "+%Y-%m-%dT%H:%M:%S%z"`] retry cvs update"
echo "[`/bin/date "+%Y-%m-%dT%H:%M:%S%z"`] done cvs update"

# ksh
[2016-05-21T01:16:47+0800] start cvs update /usr/src/
P bin/pax/ar_io.c
P bin/pax/ftree.c
P bin/rmdir/rmdir.c
P distrib/armv7/ramdisk/
P distrib/sets/lists/man/mi
P etc/examples/bgpd.conf
P share/man/man4/Makefile
U share/man/man4/utvfu.4
P sys/dev/pci/if_iwm.c
P sys/dev/pci/if_iwn.c
P sys/kern/kern_sched.c
P sys/ufs/ext2fs/ext2fs_alloc.c
P sys/ufs/ext2fs/ext2fs_balloc.c
P usr.sbin/bgpctl/bgpctl.c
P usr.sbin/bgpd/bgpd.conf.5
P usr.sbin/bgpd/bgpd.h
P usr.sbin/bgpd/parse.y
P usr.sbin/bgpd/rde.c
P usr.sbin/bgpd/rde_filter.c
P usr.sbin/bgpd/util.c
P usr.sbin/pstat/pstat.8
P usr.sbin/pstat/pstat.c
packet_write_wait: Connection to port 22: Broken pipe
[2016-05-21T01:26:28+0800] done cvs update

Re: syslog over TLS

2015-01-16 Thread Dongsheng Song
On Fri, Jan 16, 2015 at 8:46 AM, Alexander Bluhm wrote:

 - Wrong format.  The TLS RFC requires length-message encoding, I
   use message-newline inherited from TCP.

Transmission of Syslog Messages over TCP (RFC 6587) prefer use
'octet-counting', not 'non-transparent-framing method'.
The older method of non-transparent-framing has problems.  The newer
method of octet-counting is reliable and has not been seen to cause
problems noted with the non-transparent-framing method.

I'd like plain TCP transmission implement 'octet-counting' too.

Re: LibreSSL Windows port status update

2014-12-01 Thread Dongsheng Song
On Mon, Dec 1, 2014 at 2:25 PM, Brad Smith wrote:
 There is a URL posted at the bottom of that page that points out how it
 is broken and should not be used.

I don't think we must distinguish the timeout errors and connection
errors in the OpenSSL(1) tool, report ‘connection failed (or timeout)'
is enough in such environment.

Re: LibreSSL Windows port status update

2014-11-30 Thread Dongsheng Song
Cool !

I can see you do lot's of update on select-poll conversions.
The code become more and more complex since you want it works more general.

Can we use simply WSAPoll[1] instead ?

#ifdef _WIN32
#define poll WSAPoll


On Mon, Dec 1, 2014 at 11:58 AM, Brent Cook wrote:
 I got a Windows 8.1 box running this weekend and spent some quality
 time making poll(2) emulation more robust, so that it can deal with
 more of the select-poll conversions in openssl(1) coming in the
 future. I also got the upstream poll conversion patches themselves in
 better working order. This Windows port is now achieved without any
 #ifdefs or odd workarounds. So, it should be possible to maintain
 support without having too many new warts in the LibreSSL tree.

 So, what can it do now? Well, you can run this command in a powershell window:

 .\apps\openssl.exe s_server -cert tests\server.pem

 and this in another:

 .\apps\openssl.exe s_client

 and type on the console back and forth interactively. You can also run
 this from powershell and still get the expected result:

 cat .\README | apps\openssl.exe s_client -connect

 No big deal for those fancy 'everything works like a file' operating
 systems, but Windows very special in its handling of sockets vs.
 console IO vs pipes. Performance-wise, it's currently about 50x slower
 than Cygwin's native openssl.exe, but I have not begun to optimize
 anything yet.

  - Brent

Re: [PATCH] CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.

2014-11-11 Thread Dongsheng Song
On Tue, Nov 11, 2014 at 9:56 PM, Brent Cook wrote:
 Mystery solved!

This patch fixed the exited immediately issue.
When getentropy failed, LibReSSL will call _getentropy_fail, it call
TerminateProcess(GetCurrentProcess(), 0) to exit.

Re: [PATCH] CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.

2014-11-11 Thread Dongsheng Song
On Tue, Nov 11, 2014 at 10:17 PM, Brent Cook wrote:
 Yes, this is an intentional design feature: fail fast if there is no entropy.

 I'm looking at your other patches and testing with mingw 3.1.0, but am
 having to fix a number of minor build failures.

 Out of curiosity, what version are you testing against?

I use mingw-w64, because it support both 32 bit and 64 bit, and accept
patches very fast.

git clone git://

[PATCH] CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.

2014-11-10 Thread dongsheng . song
From: Dongsheng Song

Please see
for more details.
 src/lib/libcrypto/crypto/getentropy_win.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/crypto/getentropy_win.c 
index f65e2b3..91e99c1 100644
--- a/src/lib/libcrypto/crypto/getentropy_win.c
+++ b/src/lib/libcrypto/crypto/getentropy_win.c
@@ -1,7 +1,7 @@
 /* $OpenBSD: getentropy_win.c,v 1.1 2014/07/12 20:54:49 wouter Exp $   
- * Copyright (c) 2014, Theo de Raadt 
+ * Copyright (c) 2014, Theo de Raadt
  * Copyright (c) 2014, Bob Beck
  * Permission to use, copy, modify, and distribute this software for any
@@ -44,9 +44,9 @@ getentropy(void *buf, size_t len)
if (CryptAcquireContext(provider, NULL, NULL, PROV_RSA_FULL,
goto fail;
-   if (CryptGenRandom(provider, len, buf) != 0) {
+   if (CryptGenRandom(provider, len, buf) == 0) {
CryptReleaseContext(provider, 0);
goto fail;

Re: LibreSSL: GOWindows support

2014-11-07 Thread Dongsheng Song
On Fri, Nov 7, 2014 at 11:07 PM, Brent Cook wrote:

 On Nov 7, 2014, at 8:21 AM, Dongsheng Song wrote:

 I need some code changes for Windows support.

 --- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
 +++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
 @@ -57,13 +57,17 @@

 +#ifdef _WIN32
 +#include ws2tcpip.h
 #include sys/socket.h
 -#include sys/time.h
 #include netinet/in.h
 +#include netdb.h
 +#include sys/time.h

 #include errno.h
 -#include netdb.h
 #include stdio.h
 #include string.h
 #include unistd.h

 Thanks for the first set of patches on the portable tree!

 I would think the #ifdef _WIN32 is probably the lesser of two evils.

 Hopefully this will be largely confined to bio and the openssl app?

yes, I can generate openssl.exe with my local patches.
I use #ifdef _WIN32 to guard headres, socket functions, signal
functions, tty functions.
fork is more painful, so I defined OPENSSL_NO_SPEED. maybe I'll write
a Windows version speed_main.

 You'll also need to audit file descriptor usage carefully, so they
 are closed properly:


Re: LibreSSL 2.0.3 released

2014-07-23 Thread Dongsheng Song
On Tue, Jul 22, 2014 at 10:01 AM, Bob Beck wrote:

 We have released an update, LibreSSL 2.0.3 - which should
 be arriving in the LibreSSL directory of an OpenBSD mirror near
 you very soon.

 This release includes a number of portability fixes based on the
 the feedback we have received from the community. It also includes
 some improvements to the fork detection support.

 As noted before, we welcome feedback from the broader community.



Thanks, all tests passed on Debian 6, 7 and 8 (testing):

$ ./configure --prefix=/opt/libressl
$ make -j4
$ make check

Testsuite summary for libressl 2.0.3

# TOTAL: 42
# PASS:  42
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0