Re: LibreSSL regressions

2021-02-15 Thread Joel Sing
On 21-02-15 14:49:46, Jan Klemkow wrote: > On Sat, Feb 13, 2021 at 03:53:48PM +0100, Theo Buehler wrote: > > On Sat, Feb 13, 2021 at 11:58:04AM +0100, Jan Klemkow wrote: > > > A coworker of mine has made tests with LibreSSL [1] and found some > > > regressions. I took his test descriptions and

Re: BIOCINSTALLBOOT/sparc64 installboot: EFBIG on too big boot loaders

2020-06-06 Thread Joel Sing
On 20-06-05 22:42:17, Klemens Nanni wrote: > On Mon, Jun 01, 2020 at 11:48:05PM +0200, Klemens Nanni wrote: > > Installing an unstripped boot loader on softraid on sparc64 fails > > without proper error message. > > > > Make BIOCINSTALLBOOT return a proper errno, make installboot(8) use it > > to

Re: Recent "elliptic curve" -> "supported groups" change in libssl

2018-11-05 Thread Joel Sing
On Tuesday 06 November 2018 00:39:11 Luigi30 wrote: > Hi, > > As someone with interests in kernel development and a lot of spare > time, I want to work on OS patches. I just installed OpenBSD 6.4 in a > clean development VM and started building the -current branch from CVS > to get up to date

Re: CID #183499: don't leak db in RSA_padding_check_PKCS1_OAEP()

2018-08-19 Thread Joel Sing
On Sunday 19 August 2018 08:44:24 Theo Buehler wrote: > Coverity complains about the case where EVP_Digest() fails, but there > are a couple more. One thing worth mentioning... previously it would return -1 without setting an error, whereas now it will always set RSA_R_OAEP_DECODING_ERROR (even

Re: [patch] httpd: add tls client certificate authentication

2018-05-19 Thread Joel Sing
On Wednesday 16 May 2018 17:32:56 Jack Burton wrote: > My attempts to get this accepted last year stalled. > > As best I recall, the main stumbling block was agreeing on how much / > exactly which client cert data to pass through to fastcgi (my view was > that passing the whole client cert chain

openssl(1): convert genpkey options handling

2018-02-07 Thread Joel Sing
The following diff converts the openssl(1) genpkey option handling to the options handling framework. ok? Index: genpkey.c === RCS file: /cvs/src/usr.bin/openssl/genpkey.c,v retrieving revision 1.11 diff -u -p -r1.11 genpkey.c ---

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

2017-12-04 Thread Joel Sing
On Monday 04 December 2017 13:19:41 Giovanni Bechis wrote: > On 11/10/17 17:46, Joel Sing wrote: > [...] > > > I suspect this is going to be difficult to track down without being able > > to see what is on the wire (tcpdump or 'smtpd_tls_loglevel = 3' in > > postfix)

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

2017-12-04 Thread Joel Sing
On Monday 04 December 2017 15:54:35 Giovanni Bechis wrote: > On 12/04/17 13:19, Giovanni Bechis wrote: > > On 11/10/17 17:46, Joel Sing wrote: > > [...] > > > >> I suspect this is going to be difficult to track down without being able > >&

Re: Reported problem: postfix, libressl 2.6.x, DHE-RSA-AES256-SHA

2017-11-10 Thread Joel Sing
On Friday 10 November 2017 11:58:04 Stuart Henderson wrote: > > From an irc contact using LibreSSL 2.6.3 on FreeBSD: > > 11:14 < matt> Nov 10 11:06:06 tao postfix/smtpd[77685]: Anonymous TLS > connection established from email.morrisons.com[192.86.55.223]: TLSv1 with > cipher DHE-RSA-AES256-SHA

Re: [diff] httpd: tls client cert & CRL checks

2017-08-07 Thread Joel Sing
On Saturday 29 July 2017 20:49:18 Jan Klemkow wrote: > Hi Jack, > > On Fri, Jul 28, 2017 at 02:05:34AM +0930, Jack Burton wrote: > > On Thu, 27 Jul 2017 13:10:14 +0200 > > > > > But, I found a bug in the part of the FastCGI variables. The > > > following condition is always false. > > > > > >

Re: [PATCH 1/2] nc: support -T tlscompat option

2017-05-18 Thread Joel Sing
On Thursday 18 May 2017 07:03:31 Kyle J. McKay wrote: > Some services are still provided using TLS 1.0 and older ciphers. > It is possible to use the nc command to connect to these services > using the "-T tlsall" option, but that also enables legacy and > insecure ciphers and is not desirable. >

Re: OpenBSD 6.0 relayd TLS Loadbalancer failing SSL Lab tests (Cipher Support)

2017-04-06 Thread Joel Sing
On Thursday 06 April 2017 16:38:26 Tom Smyth wrote: > Hello all, > > I was installing relayd as a loadbalancer (and ssl terminator) on > OpenBSD6.0 > amd64 base install, > > I used the following configuration for my /etc/relayd.conf file > > http protocol https { > match request header

Re: libressl-2.5.1 patches

2017-02-08 Thread Joel Sing
Thanks for providing some patches, however a few things to note: - Could you please resend the diffs inline - it makes them much easier to review and provide feedback/discussion on. - When generating diffs please create unified diffs (generally `diff -uNp'). - When sending a change, please

Re: specify curves via ecdhe statement in httpd.conf

2017-02-07 Thread Joel Sing
On Monday 06 February 2017 20:18:48 Andreas Bartelt wrote: > Yes, right - thanks. I wasn't aware that this is actually a MUST > requirement from RFC 4492. I'm quite surprised that the "Supported > Elliptic Curves Extension" is also used in order to specify any allowed > curves for use in the

Re: specify curves via ecdhe statement in httpd.conf

2017-02-06 Thread Joel Sing
On Sunday 05 February 2017 17:05:40 Andreas Bartelt wrote: > > - What type of public certificate are you using (RSA or ECDSA)? > > ECDSA with P-256. Certificate signed by letsencrypt (via RSA). > Must-staple is enabled - that's why I'm also using the ocsp line for > testing. Ah, this was the

Re: specify curves via ecdhe statement in httpd.conf

2017-02-05 Thread Joel Sing
On Sunday 05 February 2017 11:13:16 Andreas Bartelt wrote: > On 02/05/17 07:41, Joel Sing wrote: > > You can just specify X25519 as a group - it will not appear in `openssl > > ecparam -list_curves' since it is not a standard EC curve. > > thanks - I didn't notice that capita

Re: specify curves via ecdhe statement in httpd.conf

2017-02-04 Thread Joel Sing
On Saturday 04 February 2017 15:51:02 Andreas Bartelt wrote: > On 02/04/17 05:26, Joel Sing wrote: > > On Wednesday 01 February 2017 15:41:29 Andreas Bartelt wrote: > >> Hello, > >> > >> after reading the LibreSSL accouncement from today, I assumed that

Re: specify curves via ecdhe statement in httpd.conf

2017-02-03 Thread Joel Sing
On Wednesday 01 February 2017 15:41:29 Andreas Bartelt wrote: > Hello, > > after reading the LibreSSL accouncement from today, I assumed that > specifying ecdhe "auto" in /etc/httpd.conf would enable X25519, P-256 > and P-384 on current. This is correct. > I've noticed that "auto" enables only

Re: Fix memory leak in LibreSSL/tls_conninfo_free()

2017-01-09 Thread Joel Sing
On Sunday 08 January 2017 07:59:34 Shuo Chen wrote: > Valgrind finds out that conninfo->servername is not free()d by > tls_conninfo_free(). > > == HEAP SUMMARY: > == in use at exit: 83,069 bytes in 2,690 blocks > == total heap usage: 4,107 allocs, 1,417 frees, > ==

OpenSSL 1.1 API migration path (or the lack thereof...)

2016-12-30 Thread Joel Sing
As many of you will already be aware, the OpenSSL 1.1.0 release intentionally introduced significant API changes from the previous release[0][1]. In summary, a large number of data structures that were previously publically visible have been made opaque, with accessor functions being added in

Re: attach SR drive by force even if not all chunks provide native metadata

2016-09-27 Thread Joel Sing
On Saturday 24 September 2016 00:13:47 Karel Gardas wrote: > Hello, > > following patch fixes issue while attempting to attach SR RAID1 drive > where not all chunks provide native metadata. I.e. one chunk is dd > zeroed. The complain of SR is good one, but I'd think that force > parameter should

Re: httpd: be stricter with TLS configuration

2016-08-15 Thread Joel Sing
On Monday 15 August 2016 13:04:43 Reyk Floeter wrote: > On Sat, Aug 13, 2016 at 02:57:14AM +1000, Joel Sing wrote: > > The following diff makes httpd stricter with respect to TLS configuration: > > > > - Do not allow TLS and non-TLS to be configured on the same port. &

httpd: Add SNI support

2016-08-13 Thread Joel Sing
The following enables SNI support within httpd. It requires libtls to have server side support for SNI (diff previously posted). Index: server.c === RCS file: /cvs/src/usr.sbin/httpd/server.c,v retrieving revision 1.85 diff -u -p

httpd: be stricter with TLS configuration

2016-08-12 Thread Joel Sing
The following diff makes httpd stricter with respect to TLS configuration: - Do not allow TLS and non-TLS to be configured on the same port. - Do not allow TLS options to be specified without a TLS listener. - Ensure that TLS options are the same when a server is specified on the same

libtls: ALPN support

2016-07-27 Thread Joel Sing
The following diff adds ALPN support to libtls via: tls_config_set_alpn() - set the ALPN protocols supported by this client/server tls_conn_alpn_selected() - get the ALPN protocol selected for this connection ok? Index: tls.c ===

Re: ntpd && pledge

2016-07-07 Thread Joel Sing
On Thursday 07 July 2016 00:32:04 Ian Mcwilliam wrote: > Seems changes to pledge have made ntpd abort. > > ntpd(67855): syscall 5 "rpath" > ntpd(81479): syscall 5 "rpath" > > Jul 7 10:29:23 ianm-openbsd ntpd[76119]: constraint > 2404:6800:4006:800::2004; terminated with signal 6 (Abort trap)

Re: httpd: patch to close TLS sockets that,fail before TLS handshake

2015-08-27 Thread Joel Sing
On Tuesday 25 August 2015 19:19:58 Edgar Pettijohn wrote: I was curious if this issue is fixed in -current or if there is going to be a patch available on the errata page? Yes, this is fixed in -current (and will be in 5.8) - see r1.68 of server.c. There may be back ports/commits of various

Re: httpd: patch to close TLS sockets that fail before TLS handshake

2015-07-15 Thread Joel Sing
On Wednesday 15 July 2015 23:38:33 Jack Burton wrote: In 5.7-stable -current, httpd, when listening for TLS, does not close the client socket when tls_accept_socket() returns any non-recoverable error. The problem manifests most often when a client connects but does not attempt TLS handshake.

Re: [PATCH] fix write error handling on SR RAID1

2015-07-11 Thread Joel Sing
On Friday 10 July 2015 22:01:43 Karel Gardas wrote: On Fri, Jul 10, 2015 at 9:34 PM, Chris Cappuccio ch...@nmedia.net wrote: My first impression, offlining the drive after a single chunk failure may be too aggressive as some errors are a result of issues other than drive failures.

Re: softraid checksumming discipline.

2015-06-18 Thread Joel Sing
On Wednesday 17 June 2015, Karel Gardas wrote: Hello, I'm curious if anybody is working on implementing block-level checksumming on softraid? Not that I'm aware of. Backgroud: I'm comming from Solaris 11/ZFS world and I like ZFS's focus on data integrity from drive level up to the RAM.

Re: LibreSSL 2.2 fails to connect to webdav.yandex.com

2015-06-13 Thread Joel Sing
On Tuesday 09 June 2015, Alexey Ivanov wrote: On Jun 6, 2015, at 5:31 AM, Joel Sing j...@sing.id.au wrote: On Saturday 06 June 2015, 1edhaz+9sj4olxjt6...@guerrillamail.com wrote: Hello, LibreSSL 2.2 (openbsd-current) fails to connect to https://webdav.yandex.com. OpenSSL 1.0.1m

Re: LibreSSL 2.2 fails to connect to webdav.yandex.com

2015-06-06 Thread Joel Sing
On Saturday 06 June 2015, 1edhaz+9sj4olxjt6...@guerrillamail.com wrote: Hello, LibreSSL 2.2 (openbsd-current) fails to connect to https://webdav.yandex.com. OpenSSL 1.0.1m from OpenBSD packages does succeed. Yandex is the largest search engine in Russia. The webdav.yandex.com site is for

Re: [PATCH] libcrypto: initialize pointer

2015-05-29 Thread Joel Sing
On Friday 29 May 2015, Benjamin Baier wrote: Hello tech@ buf.data is not initialized up front, which may lead to free(3)'ing a garbage pointer. Found by llvm/scan-build. Also free(3) handles NULL. No need to check. At first glance this is not actually a real problem - free_cont is

Re: [patch] Turn on Server Cipher Preference

2015-05-15 Thread Joel Sing
On Friday 15 May 2015, Kyle Thompson wrote: Very basic patch to turn on server cipher preference in libtls. This will allow us to always use our cipher preference over what the client thinks is best. Tested with httpd as the server and openssl as the client with two ciphers selected. Should

Re: crypto softraid and keydisk on same harddrive

2015-04-25 Thread Joel Sing
On Saturday 25 April 2015, Patrik Lundin wrote: On Wed, Oct 29, 2014 at 01:24:30AM +1100, Joel Sing wrote: On Wed, 29 Oct 2014, Joel Sing wrote: A CRYPTO key disk is slightly special in that it has softraid metadata but is not technically part of the same volume (well, it is in some

softraid(4) RAID 5 - call for testing

2015-04-11 Thread Joel Sing
For those not following source-changes@, I have just re-enabled the RAID 5 discipline for softraid(4). During the last two hackathons in Dunedin, the RAID 5 implementation was largely rewritten. As far as I am aware, the last missing part was the lack of ability to resume a partial rebuild,

Re: Do you need/prefer the non-DUID option in the installer?

2015-04-11 Thread Joel Sing
On Wednesday 01 April 2015, frantisek holop wrote: Theo de Raadt, 30 Mar 2015 18:09: IIRC 'bioctl -d' cannot deal with DUID's. not a showstopper, just sayin' Sounds like you might use this. Want to trial a diff that adds support? If it is wrong, don't worry, someone will hate your bad

Re: libtls manpage diff

2015-04-01 Thread Joel Sing
On Tuesday 31 March 2015, Tim van der Molen wrote: - Correct title. - tls_accept_socket() also may return TLS_{READ,WRITE}_AGAIN. I've committed a slightly different version of this and fixed the title - thanks for the diff. Index: tls_init.3

Re: tls_accept_socket() error message

2015-03-31 Thread Joel Sing
On Tuesday 31 March 2015, Tim van der Molen wrote: httpd/server.c contains the following: ret = tls_accept_socket(srv-srv_tls_ctx, clt-clt_tls_ctx, clt-clt_s); [...] } else if (ret != 0) { log_warnx(%s: TLS accept failed - %s, __func__,

Re: the libressl wikipedia article is awful.

2015-03-26 Thread Joel Sing
On Sunday 22 March 2015, Jiří Navrátil wrote: Good morning Bob, I did a quick fix OpenBSD, FreeBSD[2] and many others Where I can get list of supported operating systems, please? I will add them. The current list of platforms supported by LibreSSL portable is available at:

Re: Too much SUID/SGID files!

2015-01-06 Thread Joel Sing
On Tuesday 06 January 2015, whoami toask wrote: Hello, isn't there too much SUID/SGID files on a default OpenBSD install? Can this number be reduced? Of course it can! $ find / -perm -4000 -o -perm -2000 -exec chmod 0 {} \; Example: why does wall, write, modstat need an SGID? # uname -a

Re: LibreSSL 2.1.2 linking issues

2014-12-10 Thread Joel Sing
On Wed, 10 Dec 2014, Lukas Tribus wrote: On 2014/12/09 07:37, Brent Cook wrote: If an app calls a function, it should probably check if that function exists during configuration time, rather than inferring if define A exists, function B and C must exist. Especially things that are just

Re: libtls: Secure default cipher list and dtls support

2014-11-27 Thread Joel Sing
On Thu, 27 Nov 2014, Manuel Schoelling wrote: Hi, I hope this is the right mailing list for discussing this issue. I could not find any information about a mailing list on libressl.org. Here is fine. It currently looks like the libtls version does not set a list of secure ciphers by

Re: LibreSSL-portable 2.1.1 s_client supports connecting to SSLv3 servers

2014-11-25 Thread Joel Sing
On Tue, 25 Nov 2014, Bernard Spil wrote: Hi, Running LibreSSL portable 2.1.1 from FreeBSD ports on FreeBSD 10.1 $ /usr/local/bin/openssl version LibreSSL 2.1 $ uname -a FreeBSD meterkast3.example.org 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r264324M: Tue Nov 11 13:46:58 CET 2014

Re: libtls future

2014-11-05 Thread Joel Sing
On Thu, 6 Nov 2014, Daniel wrote: Looking over libtls it struck me that this is the best-designed TLS API I've ever seen, so it was a bit disheartening to look at the code and find that it was mainly just wrapping libssl and abstracting away its fragile, haphazard design choices. Though even

Re: ressl: two way fds extention

2014-11-02 Thread Joel Sing
On Sat, 1 Nov 2014, Jan Klemkow wrote: On Fri, Oct 31, 2014 at 09:18:26PM -0700, Doug Hogan wrote: On Sat, Nov 01, 2014 at 03:07:24AM +0100, Jan Klemkow wrote: Index: tls_client.c === RCS file:

Re: libcrypto: use libc string fns

2014-10-31 Thread Joel Sing
On Fri, 31 Oct 2014, Ted Unangst wrote: Don't need BUF_ and its NULL arg handling here. Looks like you need to cvs up... beck@ nuked these and put BUF_strdup() under LIBRESSL_INTERNAL about two weeks ago. He missed the comment (second chunk) though. Index: x509/x509_trs.c

Re: ressl: two way fds extention

2014-10-31 Thread Joel Sing
On Thu, 30 Oct 2014, Jan Klemkow wrote: Hello, This diff enables libressl to use two file descriptors for read and write. This is feature is necessary for communication over two pipes like in the UCSPI protocol [1]. resslc[3] is a general ssl-client. +---+ ++

Re: openssl.cnf req defaults - default_md sha256

2014-10-01 Thread Joel Sing
On Wed, 1 Oct 2014, Stuart Henderson wrote: Over the coming months, web browsers will progressively start to first warn for certificate chains including SHA-1 hashes, then treat them as insecure (including disabling certain content - scripts etc). Chrome are initially doing this for certs

Re: openssl.cnf req defaults - default_md sha256

2014-10-01 Thread Joel Sing
On Wed, 1 Oct 2014, Joel Sing wrote: On Wed, 1 Oct 2014, Stuart Henderson wrote: Over the coming months, web browsers will progressively start to first warn for certificate chains including SHA-1 hashes, then treat them as insecure (including disabling certain content - scripts etc

Re: openssl.cnf req defaults - default_md sha256

2014-10-01 Thread Joel Sing
I should also add that the other obvious/easy fix is to initialise digest in openssl/req.c to the SHA-256 EVP. That only changes 'openssl req' though. (and yes, clearly I've spent too much time in this code base recently... :) Index: openssl.cnf

Re: improve ressl config setting

2014-09-12 Thread Joel Sing
On Fri, 12 Sep 2014, Ted Unangst wrote: On Wed, Sep 10, 2014 at 16:38, Ted Unangst wrote: On Fri, Aug 15, 2014 at 13:06, Ted Unangst wrote: Instead, ressl should copy all parameters as necessary and free them. This does introduce an error case into formerly void functions, but I think

Re: Is there a repo for the latest LibreSSL portable?

2014-08-10 Thread Joel Sing
On Mon, 11 Aug 2014, Nicholas Wilson wrote: Hi Ingo, On 10 August 2014 15:54, Ingo Schwarze schwa...@usta.de wrote: Portability goo clutters code and reduces readability, and hence endangers correctness and security ... Making a portable version is *impossible* without some clutter

Re: LibreSSL: base64 decoding error

2014-07-30 Thread Joel Sing
On Thu, 31 Jul 2014, Joel Sing wrote: On Thu, 31 Jul 2014, Dmitry Eremin-Solenikov wrote: Hello, I have spotted a problem with the patch of crypto/evp/encode.c done by jsing on May 3. Sometimes decoding of base64 will fail. For example the attached file will fail decodiding

Re: openssl smime -sign broken

2014-06-29 Thread Joel Sing
On Sun, 29 Jun 2014, Stuart Henderson wrote: Does anyone have ideas about this before I start digging to find when it got broken? Still digging, but it looks like it will be caused by crypto/pkcs7/pk7_doit.c. r1.20... On -current: | $ echo test message | openssl smime -sign -signer

Re: openssl smime -sign broken

2014-06-29 Thread Joel Sing
On Mon, 30 Jun 2014, Joel Sing wrote: On Sun, 29 Jun 2014, Stuart Henderson wrote: Does anyone have ideas about this before I start digging to find when it got broken? Still digging, but it looks like it will be caused by crypto/pkcs7/pk7_doit.c. r1.20... The following diff resolves

Re: [PATCH 9] installboot: malloc/memset = calloc

2014-06-09 Thread Joel Sing
Commited. Thanks. On Sun, 1 Jun 2014, Benjamin Baier wrote: On Sun, 1 Jun 2014 00:57:43 +1000 Joel Sing j...@sing.id.au wrote: In this case I think readability wins. I do not believe that there is a lot to gain from overflow protection given the numbers used in these calculations

Re: clean/portable crypto code...

2014-06-07 Thread Joel Sing
On Sat, 7 Jun 2014, John-Mark Gurney wrote: Hello, I've been doing some work recently on crypto code, and noticed that there aren't many/any good clean implementations of performant crypto code out there (or maybe I just don't know of them). Both OpenSSL's and NSS's code has issues w/

Re: [PATCH 6/7] remove parsing of -rand options in openssl apps

2014-06-02 Thread Joel Sing
On Sun, 1 Jun 2014, Brent Cook wrote: Since the random number generator no longer allows being seeded, remove support for parsing the unused -rand option and the unused random buffer variables. Better to fail than to be surprised when the RNG seed does not function as expected. This fixes

Re: [PATCH 9] installboot: malloc/memset = calloc

2014-05-31 Thread Joel Sing
On Sat, 31 May 2014, Benjamin Baier wrote: This one splits up the malloc parameter, taking full potential from calloc, hurting readability a bit. which one is preferred? more readable/maintainable or using the calloc overflow protection? In this case I think readability wins. I do not believe

Re: [PATCH 1/7] If EVP_DecryptInit_ex() returns NULL, j is incremented by a random amount in PEM_do_header()

2014-05-31 Thread Joel Sing
On Sun, 1 Jun 2014, Brent Cook wrote: clang warning: pem/pem_lib.c:472:6: error: variable 'i' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] if (o) ^ pem/pem_lib.c:479:7: note: uninitialized use occurs here j += i;

Re: [PATCH 1/2] use correct size_t formatter, include string.h for memcmp

2014-05-16 Thread Joel Sing
Thanks for the diff - I've committed a more comprehensive diff that makes it clean with WARNINGS=Yes. On Mon, 12 May 2014, bust...@gmail.com wrote: From: Brent Cook bust...@gmail.com --- base64/base64test.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git

Re: [PATCH 2/2] include openssl/evp.h for OPENSSL_add_all_algorithms_noconf()

2014-05-16 Thread Joel Sing
On Mon, 12 May 2014, bust...@gmail.com wrote: From: Brent Cook bust...@gmail.com --- rc4/rc4test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rc4/rc4test.c b/rc4/rc4test.c index a0b08a6..c4d34b1 100644 --- a/rc4/rc4test.c +++ b/rc4/rc4test.c @@ -60,6 +60,7 @@ #include

Re: malloc in libssl/src/apps

2014-05-05 Thread Joel Sing
On Mon, 5 May 2014, Jean-Philippe Ouellet wrote: On Mon, May 05, 2014 at 11:12:00AM +1000, Joel Sing wrote: - i = 0; if (arg-count == 0) { arg-count = 20; - arg-data = (char **)malloc(sizeof(char *) * arg-count); + arg-data = calloc(arg-count

Re: 5.5 and dual-boot

2014-03-08 Thread Joel Sing
On Sat, 8 Mar 2014, Theo de Raadt wrote: I follow -current for several years but recently a thing puzzles me. My x200 is a dual-boot system (Seven/OpenBSD -current) and since (I think) the amd64/i386 installboot change, each time I upgrade via bsd.rd, I have to generate a new openbsd.pbr

Re: duid support to dump

2013-11-27 Thread Joel Sing
On Wed, 27 Nov 2013, Cody Cutler wrote: hello, the following is my attempt to add duid support to dump. thanks! From a quick glance, you should be able to use opendev(3) to open the disk device (rather than using open), in which case you'll get DUID handling for free. This also avoids the

Re: threaded prof signals

2013-10-05 Thread Joel Sing
On Fri, 4 Oct 2013, Philip Guenther wrote: On Fri, 16 Aug 2013, Ted Unangst wrote: As per http://research.swtch.com/macpprof We deliver all prof signals to the main thread, which is unlikely to result in accurate profiling info. I think the diff below fixes things. How about we take an

usr.sbin/httpd and ECDHE

2013-07-15 Thread Joel Sing
On Fri, 12 Jul 2013, Joel Sing wrote: On Mon, 8 Jul 2013, Damien Miller wrote: On Sun, 7 Jul 2013, Aaron Stellman wrote: On Tue, Apr 23, 2013 at 09:08:19AM +0200, Otto Moerbeek wrote: If there is any interest, I might add the manual stuff, get ok's and commit it. I find

Re: base apache and HonorCipherOrder

2013-07-11 Thread Joel Sing
On Mon, 8 Jul 2013, Damien Miller wrote: On Sun, 7 Jul 2013, Aaron Stellman wrote: On Tue, Apr 23, 2013 at 09:08:19AM +0200, Otto Moerbeek wrote: If there is any interest, I might add the manual stuff, get ok's and commit it. I find it useful to have SSLHonorCipherOrder in OpenBSD's

Re: softraid(4) about boot support

2013-03-11 Thread Joel Sing
On Tue, 12 Mar 2013, Alexander Polakov wrote: It seems like this is not true any more. Right? Thanks, however I think we need to keep it but make it more explicit (only some disciplines are supported and only on some architectures). I'll work with jmc@ to get it fixed this week. Index:

Re: bioctl patch testing

2013-02-10 Thread Joel Sing
On Sun, 10 Feb 2013, Scott McEachern wrote: Moving this to tech. I tested the patch found at http://marc.info/?l=openbsd-techm=133513662106783w=2 and can give you some results. As you've already discovered, that diff is broken. BIOCVOL does not behave how the diff assumes - it will return

Make amd64/i386 boot(8) work when 64KB

2012-09-30 Thread Joel Sing
The amd64/i386 boot(8) code runs in protected mode, however switches back to real mode for BIOS calls. The real mode code uses a scratch area located in the BSS section to load/store registers across BIOS calls. However, once the BSS moves beyond an offset of 0x (a logical address of 0x5

sysctl__string fails to return old length

2011-08-17 Thread Joel Sing
According to the sysctl(3) man page, calling sysctl with a NULL value for oldp should result in the current size being returned. This works correctly for sysctl_rdstring(), but not for sysctl__string(). ok? Index: kern_sysctl.c ===

dkcsum: do not sleep whilst walking alldevs

2011-07-08 Thread Joel Sing
Currently dkcsumattach() walks the alldevs list whilst performing operations that will sleep. This is rather bad if the list happens to be modified (i.e. a device detachs) whilst it is sleeping. The following diff resolves this issue. The process is very similar to that used for softraid - we

Re: Future of ccd(4) and raid(4)?

2011-06-24 Thread Joel Sing
On Friday 24 June 2011, Matthew Dempsky wrote: On Thu, Jun 23, 2011 at 7:29 PM, Kenneth R Westerback kwesterb...@rogers.com wrote: I use neither but know people claim to be using one or the other, but mostly raid(4), a.k.a. raidframe. Then it sounds like the solution is to subtly break

Re: Future of ccd(4) and raid(4)?

2011-06-24 Thread Joel Sing
On Saturday 25 June 2011, Christian Weisgerber wrote: Matthew Dempsky matt...@dempsky.org wrote: What should be done about ccd(4) and raid(4)? They both seem superseded in functionality by softraid(4), which also has much more developer interest and active development. Is softraid ready

Re: Future of ccd(4) and raid(4)?

2011-06-24 Thread Joel Sing
On Friday 24 June 2011, Benny Lofgren wrote: On 2011-06-24 01.39, Matthew Dempsky wrote: What should be done about ccd(4) and raid(4)? They both seem superseded in functionality by softraid(4), which also has much more developer interest and active development. Never used ccd(4) so can't

Re: OpenBSD 4.8 RAID 0+1 or 1+0 or 5

2011-02-16 Thread Joel Sing
On Wednesday 16 February 2011, Steven R. Gerber wrote: Sorry for cross posting? I am trying to setup a decent RAID (0+1 or 1+0 or 5) and there SEEMS to be no approved method. (4 disks -- I usually like stripe on top of mirrors.) I believe that I have done my homework. What are my options?

Re: /bsd: splassert: assertwaitok: want -1 have 1

2011-01-20 Thread Joel Sing
On Thursday 20 January 2011, Gregory Edigarov wrote: On Wed, 19 Jan 2011 20:14:01 +1100 Joel Sing j...@sing.id.au wrote: On Wednesday 19 January 2011, Gregory Edigarov wrote: Hello, I have my home system connected via pppoe(4) to a provider and connection disapears very frequently

Re: /bsd: splassert: assertwaitok: want -1 have 1

2011-01-20 Thread Joel Sing
On Thursday 20 January 2011, Mike Belopuhov wrote: On Thu, Jan 20, 2011 at 10:31 +0200, Gregory Edigarov wrote: --- interrupt --- end trace frame: 0x0, count: 245 0x8: End of stack trace. pppoe0: received unexpected PADO pppoe0: chap failure pppoe: GENERIC ERROR: RP-PPPoE: Child

softraid: factor out block I/O code

2011-01-14 Thread Joel Sing
The following diff factors out the block I/O code that is used within softraid(4) and also allows it to handle I/Os that exceeds MAXPHYS in size. This is necessary for some upcoming work. This diff needs extensive testing since the main purpose is to read and write the softraid metadata. Bugs in

Re: bioctl should retry passphrase

2011-01-13 Thread Joel Sing
On Friday 14 January 2011, Ted Unangst wrote: If I type the wrong password into bioctl at boot, disks don't exist, filesystems don't get mounted, and generally lots of things go wrong. All I need is a second chance to remind me to type the right password. Huh? Both you and Marco rejected this