Re: polling SSL kerberos and srp support

2014-04-29 Thread Damien Miller
On Mon, 28 Apr 2014, Ted Unangst wrote: Hi there. I'm trying to find somebody who is actually using either Kerberos or SRP support in libssl. I'm inclined to remove support for them. While the bulk of the code sits off to the side, the integration requires adding several additional cases to

Re: malloc freelists

2014-05-01 Thread Damien Miller
On Thu, 1 May 2014, Ted Unangst wrote: What's better than a freelist? Four freelists! Apart from moar = better, what's the motivation? Do you have a particular attack in mind? The only thing I can think of where this change might help is an attack that speculatively spams small offsets from the

Re: compare memcmp with 0

2014-06-19 Thread Damien Miller
On Thu, 19 Jun 2014, Ted Unangst wrote: Always explicitly compare memcmp with 0. I find this adds clarity. If you don't care which way a different comparison points, then why not use bcmp?

Re: slightly stricter check for genentropy_urandom

2014-06-25 Thread Damien Miller
On Wed, 25 Jun 2014, Martijn van Duren wrote: Hello tech@, Here is a minor diff to do a little more strict checking on the device id for urandom. It would be a shame if someone replaced a genuine urandom with a /dev/null or some other predictable device. that's what the ioctl is for

Re: reduce the number of missed PCB cache with tcpbench -su

2014-08-29 Thread Damien Miller
On Fri, 29 Aug 2014, Daniel Jakots wrote: Hi, When running tcpbench -su, a lot of them are counted as missed PCB cache. ... + n = recvfrom(fd, ptb-dummybuf, ptb-dummybuf_len, 0, + (struct sockaddr *)ss, slen); + if (n 0 connect(fd, (const struct

Re: improving OpenBSD's gmac.c...

2014-10-09 Thread Damien Miller
On Thu, 9 Oct 2014, Christian Weisgerber wrote: John-Mark Gurney: I also have an implementation of ghash that does a 4 bit lookup table version with the table split between cache lines in p4 at:

Re: base apache and HonorCipherOrder

2013-07-07 Thread Damien Miller
On Sun, 7 Jul 2013, Aaron Stellman wrote: On Tue, Apr 23, 2013 at 09:08:19AM +0200, Otto Moerbeek wrote: If there is any interest, I might add the manual stuff, get ok's and commit it. I find it useful to have SSLHonorCipherOrder in OpenBSD's apache. More than that, AFAIK it is

Re: more /dev/ugen*

2013-09-13 Thread Damien Miller
On Fri, 13 Sep 2013, Martin Pieuchot wrote: 16097 pcscdNAMI /dev/ugen2.00 Out of curiosity, can I see the dmesg for this machine? I'd like to know which devices attach at ugen(4).s It's a Lenovo x61t. Two devices attach to ugen before I plug anything in, the built-in fingerprint

Re: Weird loop in ftp client

2013-11-22 Thread Damien Miller
On Fri, 22 Nov 2013, Stuart Henderson wrote: do { wr = write(fileno(fout), buf + d, rd); - if (wr == -1 errno == EPIPE) - break; - d += wr; -

Re: Boot network for remote unlock of fde

2014-03-05 Thread Damien Miller
On Wed, 5 Mar 2014, Stuart Henderson wrote: What are you trying to protect against? If somebody has physical access, they can presumably replace the kernel/initramfs with a trojanned version ... It protects against stolen machines, but not active attacks. Our cryptoraid doesn't protect

Re: Switch OpenBSD manuals to DocBook

2014-04-01 Thread Damien Miller
On Tue, 1 Apr 2014, Christian Weisgerber wrote: On 2014-04-01, Theo de Raadt dera...@cvs.openbsd.org wrote: Another approach is to extend the usage() in every program so that it provides more information. Just embed the whole man page, as in curl -M. Putting stuff in usage() is pretty

Re: ssh -V double print

2011-01-30 Thread Damien Miller
On Sun, 30 Jan 2011, Laurent Ghigonis wrote: Hello, When you do ssh -V on -current it outputs OpenSSH_5.7, OpenSSL 1.0.0a 1 Jun 2010 OpenSSH_5.7, OpenSSL 1.0.0a 1 Jun 2010 That fixes it, but maybe i miss some cases before or after again: I can't replicate this. Do you have a

Re: Adding support for AI_FQDN to getaddrinfo(3)?

2011-04-01 Thread Damien Miller
On Fri, 1 Apr 2011, Matthew Dempsky wrote: Anyway, I'm interested in knowing what people think of adding this feature. I don't know of any other getaddrinfo(3) implementations that support it, but djm@ mentioned that it would be nice to have in OpenSSH for host key validation. To expand on

Re: pool_debug is good, but also bad

2011-04-03 Thread Damien Miller
On Sun, 3 Apr 2011, Theo de Raadt wrote: based on a conversation at the bar. POOL_DEBUG is expensive. But we really want it because it finds bugs before they hurt us. The solution to this is to make it simpler to turn off. Is it expensive because it tests every pool entry? Could it be

support port ranges for sysctl net.inet.(tcp|udp).baddynamic

2011-05-10 Thread Damien Miller
Hi, This allows the use of port ranges in sysctl. E.g net.inet.tcp.baddynamic=+6-61000,-5-51000 # or net.inet.tcp.baddynamic=1-48000 It also simplifies the parsing a little. Ok? Index: sysctl.c === RCS file:

Re: Bus Pirate: bus hacking tool for hardware developers

2011-05-14 Thread Damien Miller
On Thu, 12 May 2011, Jona Joachim wrote: Hi, I just wanted to share this board that I discovered today: http://dangerousprototypes.com/bus-pirate-manual/ It's an uftdi(4) board that gives you access to the following bus protocols: 1-Wire, I2C, SPI, JTAG, RS-232, MIDI, ...

Re: ssh, consistent use of fcntl(2) with F_SETFD

2011-05-15 Thread Damien Miller
applied - thanks On Sat, 14 May 2011, Aaron Stellman wrote: Please review the diff. Thanks Index: usr.bin/ssh/authfd.c === RCS file: /cvs/src/usr.bin/ssh/authfd.c,v retrieving revision 1.84 diff -p -u -r1.84 authfd.c ---

Re: malloc: rework MALLOC_MAXSHIFT

2011-05-17 Thread Damien Miller
On Sun, 15 May 2011, Otto Moerbeek wrote: Hi, define MALLOC_MAXSHIFT and related stuff more consistently. Also, zap region_bits, it is not used. looks ok. some questions: - struct chunk_head chunk_dir[MALLOC_MAXSHIFT]; + struct chunk_head chunk_dir[MALLOC_MAXSHIFT + 1]; Why does

Re: sysctl.conf example for tcp.always_keepalive

2011-07-11 Thread Damien Miller
On Mon, 11 Jul 2011, Ted Unangst wrote: On Mon, Jul 11, 2011, Stuart Henderson wrote: Trying to work out a good way to describe always_keepalive in a short enough space for a sysctl.conf comment, this is the best I've come up with. Can anyone do better? OK? I think it'd be a big help to

Re: Shouldn't call munmap(2) if mmap(2) failed in catopen(3)

2011-07-12 Thread Damien Miller
ok djm@ On Tue, 12 Jul 2011, Matthew Dempsky wrote: ok? Index: catopen.c === RCS file: /home/mdempsky/anoncvs/cvs/src/lib/libc/nls/catopen.c,v retrieving revision 1.13 diff -U5 -p -r1.13 catopen.c --- catopen.c 26 Jun 2008

Re: TOS option to tcpbench ala pf.conf

2011-08-19 Thread Damien Miller
On Thu, 18 Aug 2011, Christiano F. Haesbaert wrote: Hi, I'm tinkering with ToS-CoS (802.1p) translation in vlan(4) so I needed something to test, tcpbench seems to deserve a tos option. It uses the same map_option() from pfctl with some minor tweeks. So it accepts decimal, hexadecimal,

ksh wish

2011-09-01 Thread Damien Miller
Hi, While people are excited about hacking on ksh(1) - let me add my wish: unrestricted multibyte character binding so I can have ctrl-left_arrow (^[[1;5D on my terminal) bound to backward-word and so forth. Last time I checked the code for bind could only handle a couple of characters after ^[

use OpenSSL EVP for SSH umac and CTR cipher modes

2011-09-08 Thread Damien Miller
Hi, This diff needs testing, particularly on systems that support hardware acceleration of AES via the OpenSSL EVP layer (e.g. Intel Core i7). It uses OpenSSL's EVP AES API rather than the lower-level one and should give an opportunity for the acceleration to work. A useful benchmark would be

Re: sftp diff to allow uploading from command line

2011-09-21 Thread Damien Miller
On Wed, 21 Sep 2011, Loganaden Velvindron wrote: s/similar/A little bit like The diff has issues with stuff like sftp 127.0.0.1. I've fixed it. The way I'd like to see the sftp commandline go is to become mostly compatible with scp(1). So: sftp local [local...] remote:/path # do an

Re: sftp diff to allow uploading from command line

2011-09-23 Thread Damien Miller
On Wed, 21 Sep 2011, Loganaden Velvindron wrote: s/similar/A little bit like The diff has issues with stuff like sftp 127.0.0.1. I've fixed it. I think this might get confused by something like: sftp blah user@host: foo user2@host: IMO it would be better to walk all the arguments and then

Re: rc.d/sshd reload test

2012-11-28 Thread Damien Miller
I like this - it's what -t is intended for. On Wed, 28 Nov 2012, Alexander Hall wrote: Make sure new config is valid before SIGHUP'ing sshd, which would otherwise just kill it. Invalid configuration now gives: # pgrep sshd 18998 # /etc/rc.d/sshd reload sshd(failed) # pgrep sshd 18998

Re: [PATCH] Support for virtio random device

2013-01-27 Thread Damien Miller
On Fri, 25 Jan 2013, Stefan Fritsch wrote: Hi, qemu 1.3 has added a virtio entropy device. Here is a driver for it. Comments? OKs? As the entropy reserve of the host may not be unlimited, the OpenBSD guest should only ask for entropy when it actually needs it. Would it make sense to

Re: IKEd support for ECDSA key authentication?

2013-03-12 Thread Damien Miller
On Sun, 10 Mar 2013, Jason Hall wrote: Are there plans to support ECDSA keys? All other recommended protocols (AES GCM, ECDH) are currently supported. When attempting to start IKEd (iked -dvv) with ECDSA keys, the error message is: ca_key_serialize: unsupported key type 408 fatal: ca:

Re: DPI for pf(4)

2013-05-02 Thread Damien Miller
On Wed, 1 May 2013, Franco Fichtner wrote: Not sure if that's a fitting comparison; and I know too little OSPF to answer. Let me try another route. The logic consists of an array of application detection functions, which can be invoked via their respective IP types. I don't like this

Re: DPI for pf(4)

2013-05-02 Thread Damien Miller
On Thu, 2 May 2013, Franco Fichtner wrote: as stated before, breaking down complexity to the bare minimum is my requirement for this to be happening at all. You all get to be the judges. I'm just trying to work on something worth doing. Well, bare minimum complexity per-protocol *

Re: DPI for pf(4)

2013-05-02 Thread Damien Miller
On Thu, 2 May 2013, Franco Fichtner wrote: Well, bare minimum complexity per-protocol * large_number_of_protocols = a lot of complexity. The incentive is always going to be to add more protocols and never retire them. I guess that's true for most software projects. We try not to

Re: DPI for pf(4)

2013-05-02 Thread Damien Miller
On Thu, 2 May 2013, Franco Fichtner wrote: Moving implementations to user space does not necessarily make them better or less of a problem. The big difference is that its possible to sandbox a userspace implementation so that small integer overflow bugs or length checking failures don't become

Re: DPI for pf(4)

2013-05-02 Thread Damien Miller
On Thu, 2 May 2013, Franco Fichtner wrote: OK, the implementation only pulls a couple of bytes from the packet's payload. It will never pull bytes that are not verified. It will never allocate anything. It will never test against something that's neither hard-coded nor available in the range

Re: DPI for pf(4)

2013-05-02 Thread Damien Miller
On Thu, 2 May 2013, Damien Miller wrote: You've just described bpf, right down to no endless loops and the amount of data it returns. For a little more code that it takes to write one packet parser (basically: loading bpf rules from pf and making the bpf_filter()'s return value available

Re: add nl(1)

2013-05-09 Thread Damien Miller
On Wed, 8 May 2013, Ted Unangst wrote: On Tue, Apr 30, 2013 at 18:57, Arto Jonsson wrote: Taken from netbsd with minor modifications. Comments? I don't think you've received much feedback. I don't know how other developers feel, but the question I have is can't this be done with a rather

Re: bzip2

2013-06-06 Thread Damien Miller
On Thu, 6 Jun 2013, David Coppa wrote: But even more so than with nl(1), why would we want to use something that's different from what everybody else uses? If we want bzip2 in base (and I think there are good reasons for having it) we should simply use the standard bzip2 code.

Re: Adding support for Camellia on OpenSSH.

2010-07-19 Thread Damien Miller
On Mon, 19 Jul 2010, Yoshisato YANAGISAWA wrote: OpenBSD has already included Camellia source code as a part of OpenSSL. It is disabled by default, though. At the time OpenSSL included Camellia, NTT had shown following news release: http://www.ntt.co.jp/news/news01e/0104/010417.html NTT

Re: generating new host key...

2010-09-07 Thread Damien Miller
On Tue, 7 Sep 2010, Todd T. Fries wrote: I am not sure of a better way than what you've proposed, but the logic does make perfect sense to me. As a shortened version of what you proposed: [snip] my, that is complicated. Is there anything we could do in ssh-keygen to make this simpler?

Re: merging wpa-psk info ifconfig

2010-09-12 Thread Damien Miller
On Sun, 12 Sep 2010, Alexander Hall wrote: For upcoming changes to the installer. PRE: # ifconfig wpi0 nwid mynet wpa wpapsk `wpa-psk mynet my secret passphrase` POST: # ifconfig wpi0 nwid mynet wpa wpapsk my secret passphrase A few conflicts arises; 1. You cannot have a

glob(3) extension to retain stat(2) data

2010-09-22 Thread Damien Miller
Hi, In sftp we use a few of the BSD extensions to glob(3), most notably the alternate open/readdir and stat functions so we can replace local fs access with remote operations tunnelled over sftp. In sftp these remote operations are slow, so we would like to do as few of them as possible.

Re: glob(3) extension to retain stat(2) data

2010-09-22 Thread Damien Miller
... and here is a patch to sftp(1) to make use of it. Index: sftp.c === RCS file: /cvs/src/usr.bin/ssh/sftp.c,v retrieving revision 1.126 diff -u -p -r1.126 sftp.c --- sftp.c 22 Sep 2010 22:58:51 - 1.126 +++ sftp.c

Re: regress/lib/libssl: don't use non-standard CFLAGS

2010-10-03 Thread Damien Miller
ok djm This was probably originally done to avoid an ICE on some other platform, but we should make any overrides as specific as possible. On Sun, 3 Oct 2010, Christian Weisgerber wrote: I don't think there is a good reason to use non-standard CFLAGS in regress/lib/libssl. As a side effect,

Re: requests for perl XS code

2010-10-17 Thread Damien Miller
On Sun, 17 Oct 2010, Marc Espie wrote: Mostly some XS wrapper around the recvmsg/CMSG_DATA part. Then some perl glue that would allow one to grab those data, and gets the fds from it. It should probably only extract the msgs, let normal stuff grab non out-of-band data IO, and create an

Re: yield in pf_table

2010-10-28 Thread Damien Miller
On Fri, 29 Oct 2010, Ted Unangst wrote: On Fri, 29 Oct 2010, Ted Unangst wrote: now that the atomic flag is gone, the yield diff is simpler. once again, the idea is that unbounded (or of unknown bounds) loops in the kernel are bad because you hog the cpu. so be polite and yield from

Re: no printing cache info

2010-11-27 Thread Damien Miller
On Sat, 27 Nov 2010, Ted Unangst wrote: if you really really need to know that your cpu cache has 48 fully associative entries, go consult the spec sheet. otherwise, save some electrons. or, how about only print this (and flags) for the first attached CPU? Unless there are plans to support

Re: Allegations regarding OpenBSD IPSEC

2010-12-14 Thread Damien Miller
On Tue, 14 Dec 2010, Bob Beck wrote: I wonder a lot about the motives of the original sender sending that message. Ignoring motive, and looking at opportunity: We have never allowed US citizens or foreign citizens working in the US to hack on crypto code (Niels Provos used to make trips to

Re: MD5 Folding in kernel RNG

2010-12-28 Thread Damien Miller
On Tue, 28 Dec 2010, Kjell Wooding wrote: How would a preimage attack matter in this case? It gives you knowledge of the collection pool, which is what the very thing the design is supposed to avoid. Even if I could pull one off, (i.e. guess the contents of the entropy pool based on the

Re: tcpbench udp support + libevent.

2011-01-26 Thread Damien Miller
On Wed, 26 Jan 2011, Christiano F. Haesbaert wrote: Hi there, This diff adds udp support with PPS (packet per second) accounting and changes tcpbench to use libevent instead of poll(2). The sender/client is pretty stupid, it sends as much as possible until a ENOBUFS is reached, then it

Re: [PATCH] RFC: Changes to tcpbench.

2009-08-05 Thread Damien Miller
On Wed, 5 Aug 2009, Henning Brauer wrote: * Claudio Jeker cje...@diehard.n-r-g.com [2009-08-05 19:04]: This needs a bit more work and maybe it would make sense to switch away from poll to kqueue or libevent. poll() gets inefficient when handling large ammount of fds. But that's maybe for

Re: Multiple certs for relayd

2009-08-11 Thread Damien Miller
On Tue, 11 Aug 2009, Philip Guenther wrote: Yes, there's an extension to TLS that lets the client send the server the server name identifier as part of the first handshake message, but it's still relatively unsupported. In particular, it's unsupported by the version of OpenSSL in OpenBSD

Re: UBC?

2010-01-29 Thread Damien Miller
On Fri, 29 Jan 2010, Bret S. Lambert wrote: On Fri, Jan 29, 2010 at 01:47:09PM -0700, Bob Beck wrote: Well, to be fair, he was asking for $buzzword. So we could load him up with some Customer-Facing Enterprise Extranet Bundles, served over XML in a proactive win-win paradigm. Then

Re: UBC?

2010-01-30 Thread Damien Miller
On Sat, 30 Jan 2010, Bob Beck wrote: http://professionalsuperhero.com/ That link isn't in iCal format; I can't open it in my scheduler. You need a pluggable scheduler system, like what has been proposed for Linux. Now you're just taunting me to try to make me explode. Probably

Re: remove a libcrypto dependancy in mount_vnd(8)

2010-02-05 Thread Damien Miller
On Thu, 4 Feb 2010, Mike Belopuhov wrote: hey, while looking thru bioctl stuff, i've accidentaly stumbled upon pbkdf2 thing and found out that mount_vnd still uses local pkcs5_pbkdf2.c from NetBSD and links against libcrypto (although it's a static binary). reduction in size is about 2.5

Re: [patch] ssh: null pointer dereference

2010-04-10 Thread Damien Miller
On Sat, 27 Mar 2010, Matthew Haub wrote: Hello, If channel_by_id() in mux_master_control_cleanup_cb() fails to find the session channel then pointer sc will be NULL when dereferenced. Applied - thanks. This case shouldn't happen, if you are able to hit this code then please tell me how you

Re: [patch] Re: hacking pfkey: a few questions

2010-04-12 Thread Damien Miller
On Mon, 12 Apr 2010, Toni Mueller wrote: Hi, with your comments, I have produceds a second version of the patch, which includes the following changes: IPsec isn't really my area, but some questions: 1) Why are these flows illegal? 0/0 - 0/0 seems like it might have a use as a shorthand for

Re: sshd_config RevokedKeys ?

2010-05-10 Thread Damien Miller
no thanks. Or do you propose changing HostKey too? On Mon, 10 May 2010, Lars Nooden wrote: The sshd_config directive 'RevokeKeys' is like 'AuthorizedKeysFile' in that both point to files. Index: servconf.c === RCS file:

Re: improving OpenBSD's gmac.c...

2014-11-12 Thread Damien Miller
On Wed, 12 Nov 2014, Mike Belopuhov wrote: isn't this likely to make it more likely to be subject to timing attacks? then how is this different to our table based aes implementation? and it's the same C code as in openssl which also uses table based gcm implementation. Yeah, that's

Re: permuate lines in random

2014-12-22 Thread Damien Miller
On Mon, 22 Dec 2014, Ted Unangst wrote: I would like to generate a permutation of some lines. We have random, which is vageuly similar. This adds a -p option to instead permute instead of randomly select. + for (j = numlines; j 1; j--) { + size_t s = arc4random_uniform(j);

Re: ksh version lies

2015-02-15 Thread Damien Miller
On Sun, 15 Feb 2015, Ted Unangst wrote: ksh (and sh) have a version string embedded in them: @(#)PD KSH v5.2.14 99/07/13.2 This is clearly a lie. We've added, removed, and fixed bugs and features since then. I first noticed the lie in the man page, then saw that it's also exported via the

OpenSSH: ssh protocol 1 now disabled at compile time

2015-03-23 Thread Damien Miller
Hi, I just committed a change to src/usr.bin/ssh/Makefile.inc to compile- time disable SSH protocol 1. This protocol is old, unsafe and really, really shouldn't be used at all any more. If you have need of it, then you can re-enable it for yourself using the knob in Makefile.inc. If you run

Re: seccomp system call

2015-05-03 Thread Damien Miller
On Sun, 3 May 2015, Nicolas Bedos wrote: I am wondering if the seccomp system call [1] would be welcomed in the OpenBSD tree. I remember it was among the subjects of last year's Google Summer of Code. If there is still interest in having it implemented, I am willing to work on it: I have a

Re: seccomp system call

2015-05-05 Thread Damien Miller
On Mon, 4 May 2015, Todd C. Miller wrote: On Sun, 03 May 2015 20:44:25 -, Loganaden Velvindron wrote: OpenBSD already has systrace. Last I checked, systrace doesn't work well with multi-threaded programs and was trivial to bypass. The basic design where you have a userland monitor

Re: seccomp system call

2015-05-05 Thread Damien Miller
On Mon, 4 May 2015, Theo de Raadt wrote: Personally, I think seccomp-bpf could be a superior alternative to systrace and I'd love to see an implementation. Other developers (inc. Theo) are skeptical though, but this is probably a case where the argument won't be settled without a concrete

Re: OpenBSD on Kosagi Novena open-source ARM board/desktop/laptop

2015-05-11 Thread Damien Miller
On Mon, 11 May 2015, Jonathan Gray wrote: If you can get an installation completed (the imxenet is pretty flaky, possibly because of an all-0 MAC address), then you'll also need to copy bsd*.IMX.umg to the /boot partition of the sdcard under Linux (OpenBSD can't access the sdcard yet) and

OpenBSD on Kosagi Novena open-source ARM board/desktop/laptop

2015-05-10 Thread Damien Miller
Hi, Thanks to jsg@, the latest snapshot releases of OpenBSD will boot on the Novenai open-source laptop (http://www.kosagi.com/w/index.php?title=Novena_Main_Page). It's still very rough: no SMP, flaky USB and support for the eeprom (so no MAC addr on the IMX ethernet), but it gets to multi-user

Re: GSoC project: KMS driver for Cirrus Logic graphics

2015-05-10 Thread Damien Miller
On Mon, 11 May 2015, L?o Grange wrote: The goal of the project is to port the current Cirrus userland driver from X.Org to an OpenBSD KMS driver, and to document the process in order to make easier the addition of new KMS drivers for various graphics adapter. As QEMU emulates a Cirrus CLGD

Re: NTRU Open Source Project / Post-quantum era

2015-05-25 Thread Damien Miller
On Sat, 23 May 2015, ertetlen barmok wrote: Hello, https://github.com/NTRUOpenSourceProject When will LibreSSL have ciphers for the Post-quantum era? http://tech.slashdot.org/story/15/05/15/007248/are-we-entering-a-golden-age-of-quantum-computing-research From wikipedia: NTRU is a

Re: OpenBSD/NTRU policy mismatch [Was: NTRU Open Source Project / Post-quantum era]

2015-05-25 Thread Damien Miller
No clarification needed: NTRU is patented, with no free for all patent grant. It is a complete non-starter for OpenBSD or OpenSSH. On Tue, 26 May 2015, Douglas Ray wrote: Thanks William and Ertetlen for clarifying: On 25/05/15 10:09 PM, William Whyte wrote: Hi Ertetlen, The base

Re: utf8 hack for ls

2015-10-26 Thread Damien Miller
rather than scattering hacks in each program that needs to output utf8 to the console, how about making something for libutil that they all can use? On Sun, 25 Oct 2015, Ted Unangst wrote: > it only gets deeper and thicker... > > this decodes chars and prints ? for bytes it doesn't like, as

Re: ChachaPoly-03: Chacha20-Poly1305 AEAD construction as per RFC7634

2015-10-26 Thread Damien Miller
On Mon, 26 Oct 2015, Mike Belopuhov wrote: > OK? Will this get the nonce right on BE systems? > + /* initial counter is 1 */ > + ctx->nonce[0] = 1; > + memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE, > + CHACHA20_SALT);

Re: [PATCH] SSH tunnels without root permissions

2015-10-06 Thread Damien Miller
On Tue, 6 Oct 2015, Ossi Herrala wrote: > ping? > > On Fri, Sep 18, 2015 at 06:46:20PM +0300, Ossi Herrala wrote: > > Hi everyone, > > > > The following patch makes it possible to build SSH layer 2 (and layer > > 3) tunnels without using root permissions when connecting. > > > > This is

UTF-8 string filtering

2015-09-03 Thread Damien Miller
0x206D, 0x206D }, + { 0x206E, 0x206E }, + { 0x206F, 0x206F }, + /* C.9 Tagging characters */ + { 0xE0001, 0xE0001 }, + { 0xE0020, 0xE007F }, +}; diff --git a/utf8_stringprep.c b/utf8_stringprep.c new file mode 100644 index 000..dcbd304 --- /dev/null +++

Re: UTF-8 string filtering

2015-09-20 Thread Damien Miller
On Sat, 12 Sep 2015, Stefan Sperling wrote: > > On Fri, Sep 04, 2015 at 03:17:31PM +1000, Damien Miller wrote: > > Hi, > > > > For a long time OpenBSD has been careful about filtering potentially- > > hostile strings that were destined for logs or TTYs u

OpenSSH Security Advisory: xauth command injection

2016-03-10 Thread Damien Miller
OpenSSH Security Advisory: x11fwd.adv This document may be found at: http://www.openssh.com/txt/x11fwd.adv 1. Affected configurations All versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled. 2. Vulnerability Missing sanitisation of untrusted input allows an

Re: spamd - blacklists

2016-03-15 Thread Damien Miller
On Tue, 15 Mar 2016, li...@wrant.com wrote: > What's going on with the BGP as a transport then, is it available to > the general public? Must be much better than the fubar DNS. Nackts > thing and we'd be attempting carping on tunnelled over DNS syndrome. Years ago I added the pftable keyword

Re: Xorg stipple

2016-03-09 Thread Damien Miller
On Wed, 9 Mar 2016, joshua stein wrote: > Is anyone seriously finding video/Xorg bugs through the default X > stipple pattern anymore? Xorg changed the default to draw a black > background a while ago (with stipple enabled using the -retro flag), > but we have this local change that reverted it

Re: [ntpd] Simultaneously listen on IPv4 and IPv6

2016-05-17 Thread Damien Miller
On Tue, 17 May 2016, Henning Brauer wrote: > > What about systems with net.inet6.ip6.v6only=0? > > Those haven't been taken into consideration by yours truly and might be > the compelling argument to have this code :) That sysctl isn't hooked up to anything, it should be removed. (compare

Announce: OpenSSH 7.3 released

2016-08-01 Thread Damien Miller
h.com/report.html Security bugs should be reported directly to open...@openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom.

Re: [armv7] introducing tipru(4)

2016-07-05 Thread Damien Miller
On Tue, 5 Jul 2016, Jonathan Gray wrote: > On Tue, Jul 05, 2016 at 01:39:18AM -0400, Ian Sutton wrote: > > On Mon, Jul 4, 2016 at 10:30 PM, Jonathan Gray wrote: > > > Lack of fdt use aside, we don't want to enable something that > > > allows userspace access to system memory like

Re: [armv7] introducing tipru(4)

2016-07-06 Thread Damien Miller
On Wed, 6 Jul 2016, Ian Sutton wrote: > * tipru comes disabled by default. Attempts to enable tipru, and > following modification of the instruction/data/shared memory > spaces, are only allowed when the system's securelevel(7) is equal > or lesser than zero. When the system's

Re: Default softraid crypto PBKDF2 rounds

2016-09-07 Thread Damien Miller
On Wed, 7 Sep 2016, Andreas Bartelt wrote: > yes, due to the larger internal state of the blowfish algorithm which is > harder to efficiently realize in dedicated hardware. However, since bcrypt's > internal state effectively is of fixed size, scrypt would be an even better > option since it

Re: rebound quantum entanglement

2016-09-15 Thread Damien Miller
On Thu, 15 Sep 2016, Chris Cappuccio wrote: > That rebound acts like a nameserver is what prompted the idea to > hijack the resolver. But it's really a tool that takes over certain > duties from the libc resolver, so the libc resolver should be properly > configurable to hand over duties, or not.

Re: Default softraid crypto PBKDF2 rounds

2016-09-07 Thread Damien Miller
On Tue, 6 Sep 2016, David Coppa wrote: > Il 6 settembre 2016 14:56:32 CEST, Filippo Valsorda ha > scritto: > >Hello, > > > >I recently had the occasion to dive into the softraid crypto code [1] > >and was quite pleased with the cleanliness of it all. However, I found >

Re: tcpdump: decode BGP Administrative Shutdown Communication

2017-04-19 Thread Damien Miller
On Wed, 19 Apr 2017, Job Snijders wrote: > The realisation that a shutdown communication may contain \0 (since NUL is a > valid UTF-8 char) \0 isn't a valid UTF-8 character. UTF-8 sets the MSB on code points > 127: https://en.wikipedia.org/wiki/UTF-8#Description

Re: systemd compat for doas

2017-07-03 Thread Damien Miller
On Mon, 3 Jul 2017, Franco Fichtner wrote: > > > On 2. Jul 2017, at 8:59 PM, Ted Unangst wrote: > > > > If the username starts with a digit, but isn't a number, treat it like root. > > I question the simplicity of this patch due to the fact that it leaves > no head room

Re: [PATCH 02/04] Adjust AES testcase to the new implementation

2017-04-24 Thread Damien Miller
ok On Mon, 24 Apr 2017, Mike Belopuhov wrote: > Adjusts the regress test. > > --- > regress/sys/crypto/aes/Makefile | 2 +- > regress/sys/crypto/aes/aestest.c | 10 +- > 2 files changed, 6 insertions(+), 6 deletions(-) > > diff --git regress/sys/crypto/aes/Makefile

freezero(NULL, 0)

2017-08-23 Thread Damien Miller
Hi, memset(NULL, 0, 0) is (strictly speaking) undefined behaviour, but there's no reason that freezero(3) needs to follow suit. This mentions that freezero(NULL, 0) is valid in the manpage, so that anyone who copies this API should get it right too. ok? Index: malloc.3

Re: sshd(8) logging of client disconnect from ClientAliveInterval

2017-10-17 Thread Damien Miller
ok by me On Wed, 18 Oct 2017, Darren Tucker wrote: > On Tue, Oct 17, 2017 at 09:10:38PM +0300, Lars Noodén wrote: > > Here is a replacement patch. > > I meant reusing the existing function rather than cloning it. It's > currently static so it needs to be exported but IMO that's better than >

Re: base system multi-booting in MBR

2018-02-01 Thread Damien Miller
On Wed, 31 Jan 2018, Alexei Malinin wrote: > Hello. > > If the base system supported multi-booting in MBR would the community be > interested in it? Doesn't it already? "machine boot sd0X"

Re: ssh: don't close fds multiple times and don't close(-1)

2018-02-04 Thread Damien Miller
ok djm On Mon, 5 Feb 2018, Theo Buehler wrote: > In channel_close_fd(), the file descriptors for the socket, stdin, > stdout and stderr aren't necessarily distinct, so closing them results > in EBADF. In addition, the diff adds a couple of positivity checks to > avoid calling close(-1). > >

Re: use inline functions instead of __statement

2018-01-03 Thread Damien Miller
On Thu, 4 Jan 2018, David Gwynne wrote: > my theory is that __statement (a gcc extension) was used to allow > macros to evaluate their argument(s) once by assigning it to a local > variable, and then returning a value. this is difficult with normal > macros. Not understanding - doesn't this: >

Re: close filedescriptors of children

2018-03-07 Thread Damien Miller
On Wed, 7 Mar 2018, Gerhard Roth wrote: > Below is an updated patch that includes proc.c of switchd and vmd. > It also passes the 'debug' flag to proc_init() so that it won't touch > std* in that case. FWIW sshd unconditionally clobbers stdin and stdout and will also clobber stderr if the debug

Re: www/64.html - OpenSSH version 7.8 or 7.9?

2018-10-19 Thread Damien Miller
On Thu, 18 Oct 2018, jungle boogie wrote: > I see the release notes are alive: > https://www.openssh.com/txt/release-7.9 > > Might want to change the link on https://www.openssh.com leading to the > release, still showing 7.8. not everything updates at once, some things need to be committed

Re: qsort comparision function bug

2019-01-21 Thread Damien Miller
On Mon, 21 Jan 2019, Dariusz Sendkowski wrote: > Wouldn't it lead to undefined behavior? > According to the standard: "... The value of the result of an integer > arithmetic or conversion function cannot be represented (7.8.2.1, 7.8.2.2, > 7.8.2.3, 7.8.2.4, 7.22.6.1, 7.22.6.2, 7.22.1) ..." > This

Re: register DoT in /etc/services?

2019-01-27 Thread Damien Miller
On Sun, 27 Jan 2019, Theo de Raadt wrote: > I need to add I worry for the future, the 512-1023 reserved space is > being gobbled at a rapid pace by new services, which not only decreases > the port# entropy but reduces the total number of reserved ports which > can be allocated. Fewer software

Re: Potential null pointer dereference in sshkey shielding

2019-06-26 Thread Damien Miller
On Wed, 26 Jun 2019, Reynir Björnsson wrote: > Hello, > > I have noticed a potential NULL pointer dereference in the recent code > for ssh key shielding. Essentially, during error handling > explicit_bzero(enc, enclen) is called. This should be fine when enc is > NULL as long as enclen is zero.

Re: ssh-askpass(1): fix indicator size with multiple screens

2019-06-16 Thread Damien Miller
On Sun, 16 Jun 2019, Matthieu Herrb wrote: > On Sun, Jun 09, 2019 at 04:47:53PM +0200, Matthieu Herrb wrote: > > Hi, > > > > ssh-askpass(1) is trying to be clever and computes the size of its > > indicator relatively to the screen resolution. > > > > Unfortunatly, when multiple screens are

OpenSSH U2F/FIDO support in base

2019-11-14 Thread Damien Miller
Hi, I just committed all the dependencies for OpenSSH security key (U2F) support to base and tweaked OpenSSH to use them directly. This means there will be no additional configuration hoops to jump through to use U2F/FIDO2 security keys. Hardware backed keys can be generated using "ssh-keygen -t

Re: tcpdump(8) mention USB interfaces in -i

2019-11-07 Thread Damien Miller
goddamn it, I could have used this last week :/ (ok djm) On Wed, 6 Nov 2019, Stuart Henderson wrote: > Found this diff when updating an old tree, ok? > > > Index: usr.sbin/tcpdump/tcpdump.8 > === > RCS file:

Re: HID devices without numbered reports

2019-10-27 Thread Damien Miller
On Mon, 28 Oct 2019, Damien Miller wrote: > BTW, the token still becomes unresponsive after the first transaction, > but looking at a sniff (using an OpenViszla), it seems we're getting the > DATA0/DATA1 flipping incorrect on the wire. > > On OpenBSD, this is the last rx of

  1   2   >