On Mon, Feb 26, 2018 at 12:15:28PM +0000, Raf Czlonka wrote:
> Hi all,
> 
> Fix capitalisation of IPsec as per the RFC[0] - obviously, only
> where this makes sense.
> 
> The remaining one in cert.pem[1] will get fixed automatically once
> the file is regenerated, after the object identifiers' description
> changes.
> 
> If this gets in, I'd like to submit a patch for www - *not* individual
> presentations or papers, though.
> 
> [0] https://tools.ietf.org/html/rfc4301#page-4
> [1] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/cert.pem
> 
> Regards,
> 
> Raf
> 

i'm ok with this diff. i don;t want to commit it as-is though, because
of the code bits.

if no one shows any interest in taking it, i'll look at at least fixing the
man/calendar parts.

jmc

> Index: include/arpa/nameser.h
> ===================================================================
> RCS file: /cvs/src/include/arpa/nameser.h,v
> retrieving revision 1.13
> diff -u -p -r1.13 nameser.h
> --- include/arpa/nameser.h    16 Jan 2015 00:01:28 -0000      1.13
> +++ include/arpa/nameser.h    26 Feb 2018 11:03:07 -0000
> @@ -223,7 +223,7 @@
>  #define      KEYFLAG_USERACCOUNT     0x0400  /* key is assoc. with a user 
> acct */
>  #define      KEYFLAG_ENTITY          0x0200  /* key is assoc. with entity eg 
> host */
>  #define      KEYFLAG_ZONEKEY         0x0100  /* key is zone key for the zone 
> named */
> -#define      KEYFLAG_IPSEC           0x0080  /* key is for IPSEC use (host 
> or user)*/
> +#define      KEYFLAG_IPSEC           0x0080  /* key is for IPsec use (host 
> or user)*/
>  #define      KEYFLAG_EMAIL           0x0040  /* key is for email (MIME 
> security) */
>  #define      KEYFLAG_RESERVED10      0x0020  /* reserved - must be zero */
>  #define      KEYFLAG_RESERVED11      0x0010  /* reserved - must be zero */
> Index: lib/libcrypto/ec/ec_curve.c
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/ec/ec_curve.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 ec_curve.c
> --- lib/libcrypto/ec/ec_curve.c       29 Jan 2017 17:49:23 -0000      1.15
> +++ lib/libcrypto/ec/ec_curve.c       26 Feb 2018 11:03:09 -0000
> @@ -2135,7 +2135,7 @@ static const struct {
>       }
>  };
>  
> -/* IPSec curves */
> +/* IPsec curves */
>  /* NOTE: The of curves over a extension field of non prime degree
>   * is not recommended (Weil-descent).
>   * As the group order is not a prime this curve is not suitable
> @@ -3116,10 +3116,10 @@ static const ec_list_element curve_list[
>  #endif
>       {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curve over a 224 
> bit prime field"},
>  #ifndef OPENSSL_NO_EC2M
> -     /* IPSec curves */
> -     {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 
> over a 155 bit binary field.\n"
> +     /* IPsec curves */
> +     {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPsec/IKE/Oakley curve #3 
> over a 155 bit binary field.\n"
>       "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
> -     {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 
> over a 185 bit binary field.\n"
> +     {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPsec/IKE/Oakley curve #4 
> over a 185 bit binary field.\n"
>       "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
>  #endif
>       /* RFC 5639 curves */
> Index: lib/libcrypto/objects/objects.txt
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/objects/objects.txt,v
> retrieving revision 1.19
> diff -u -p -r1.19 objects.txt
> --- lib/libcrypto/objects/objects.txt 25 May 2017 17:00:24 -0000      1.19
> +++ lib/libcrypto/objects/objects.txt 26 Feb 2018 11:03:09 -0000
> @@ -486,9 +486,9 @@ id-kp 2                   : clientAuth            : TLS 
> Web Client
>  id-kp 3                      : codeSigning           : Code Signing
>  !Cname email-protect
>  id-kp 4                      : emailProtection       : E-mail Protection
> -id-kp 5                      : ipsecEndSystem        : IPSec End System
> -id-kp 6                      : ipsecTunnel           : IPSec Tunnel
> -id-kp 7                      : ipsecUser             : IPSec User
> +id-kp 5                      : ipsecEndSystem        : IPsec End System
> +id-kp 6                      : ipsecTunnel           : IPsec Tunnel
> +id-kp 7                      : ipsecUser             : IPsec User
>  !Cname time-stamp
>  id-kp 8                      : timeStamping          : Time Stamping
>  # From OCSP spec RFC2560
> Index: sbin/iked/iked.h
> ===================================================================
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.117
> diff -u -p -r1.117 iked.h
> --- sbin/iked/iked.h  30 Nov 2017 12:18:44 -0000      1.117
> +++ sbin/iked/iked.h  26 Feb 2018 11:03:14 -0000
> @@ -165,7 +165,7 @@ RB_HEAD(iked_flows, iked_flow);
>  TAILQ_HEAD(iked_saflows, iked_flow);
>  
>  struct iked_childsa {
> -     uint8_t                          csa_saproto;   /* IPSec protocol */
> +     uint8_t                          csa_saproto;   /* IPsec protocol */
>       unsigned int                     csa_dir;       /* in/out */
>  
>       uint64_t                         csa_peerspi;   /* peer relation */
> @@ -432,8 +432,8 @@ struct iked_sa {
>       struct ibuf                     *sa_eapmsk;     /* EAK session key */
>  
>       struct iked_proposals            sa_proposals;  /* SA proposals */
> -     struct iked_childsas             sa_childsas;   /* IPSec Child SAs */
> -     struct iked_saflows              sa_flows;      /* IPSec flows */
> +     struct iked_childsas             sa_childsas;   /* IPsec Child SAs */
> +     struct iked_saflows              sa_flows;      /* IPsec flows */
>  
>       struct iked_sa                  *sa_nexti;      /* initiated IKE SA */
>       struct iked_sa                  *sa_nextr;      /* simultaneous rekey */
> Index: share/man/man4/ubsec.4
> ===================================================================
> RCS file: /cvs/src/share/man/man4/ubsec.4,v
> retrieving revision 1.36
> diff -u -p -r1.36 ubsec.4
> --- share/man/man4/ubsec.4    10 Dec 2015 21:00:51 -0000      1.36
> +++ share/man/man4/ubsec.4    26 Feb 2018 11:03:14 -0000
> @@ -62,7 +62,7 @@ Faster version of the BCM5822 that also 
>  .It Broadcom BCM5825
>  Faster PCI Express or PCI-X version of the chip.
>  .It Broadcom BCM5860
> -IPSec/SSL Security Processor that is faster and has more features.
> +IPsec/SSL Security Processor that is faster and has more features.
>  .It Broadcom BCM5861
>  Faster version of the BCM5860.
>  .It Broadcom BCM5862
> Index: sys/dev/pci/ixgbe_type.h
> ===================================================================
> RCS file: /cvs/src/sys/dev/pci/ixgbe_type.h,v
> retrieving revision 1.31
> diff -u -p -r1.31 ixgbe_type.h
> --- sys/dev/pci/ixgbe_type.h  18 Nov 2016 14:16:10 -0000      1.31
> +++ sys/dev/pci/ixgbe_type.h  26 Feb 2018 11:03:17 -0000
> @@ -650,7 +650,7 @@
>  #define IXGBE_LSECRXCTRL_RP          0x00000080
>  #define IXGBE_LSECRXCTRL_RSV_MASK    0xFFFFFF33
>  
> -/* IpSec Registers */
> +/* IPsec Registers */
>  #define IXGBE_IPSTXIDX               0x08900
>  #define IXGBE_IPSTXSALT              0x08904
>  #define IXGBE_IPSTXKEY(_i)   (0x08908 + (4 * (_i))) /* 4 of these (0-3) */
> @@ -2496,8 +2496,8 @@ enum {
>  #define IXGBE_RXDADV_PKTTYPE_NFS     0x00000800 /* NFS hdr present */
>  #define IXGBE_RXDADV_PKTTYPE_VXLAN   0x00000800 /* VXLAN hdr present */
>  #define IXGBE_RXDADV_PKTTYPE_TUNNEL  0x00010000 /* Tunnel type */
> -#define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP       0x00001000 /* IPSec ESP */
> -#define IXGBE_RXDADV_PKTTYPE_IPSEC_AH        0x00002000 /* IPSec AH */
> +#define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP       0x00001000 /* IPsec ESP */
> +#define IXGBE_RXDADV_PKTTYPE_IPSEC_AH        0x00002000 /* IPsec AH */
>  #define IXGBE_RXDADV_PKTTYPE_LINKSEC 0x00004000 /* LinkSec Encap */
>  #define IXGBE_RXDADV_PKTTYPE_ETQF    0x00008000 /* PKTTYPE is ETQF index */
>  #define IXGBE_RXDADV_PKTTYPE_ETQF_MASK       0x00000070 /* ETQF has 8 
> indices */
> @@ -2863,8 +2863,8 @@ struct ixgbe_adv_tx_context_desc {
>  #define IXGBE_ADVTXD_DTALEN_MASK     0x0000FFFF /* Data buf length(bytes) */
>  #define IXGBE_ADVTXD_MAC_LINKSEC     0x00040000 /* Insert LinkSec */
>  #define IXGBE_ADVTXD_MAC_TSTAMP              0x00080000 /* IEEE1588 time 
> stamp */
> -#define IXGBE_ADVTXD_IPSEC_SA_INDEX_MASK 0x000003FF /* IPSec SA index */
> -#define IXGBE_ADVTXD_IPSEC_ESP_LEN_MASK      0x000001FF /* IPSec ESP length 
> */
> +#define IXGBE_ADVTXD_IPSEC_SA_INDEX_MASK 0x000003FF /* IPsec SA index */
> +#define IXGBE_ADVTXD_IPSEC_ESP_LEN_MASK      0x000001FF /* IPsec ESP length 
> */
>  #define IXGBE_ADVTXD_DTYP_MASK               0x00F00000 /* DTYP mask */
>  #define IXGBE_ADVTXD_DTYP_CTXT               0x00200000 /* Adv Context Desc 
> */
>  #define IXGBE_ADVTXD_DTYP_DATA               0x00300000 /* Adv Data 
> Descriptor */
> @@ -2900,8 +2900,8 @@ struct ixgbe_adv_tx_context_desc {
>  #define IXGBE_ADVTXD_TUCMD_L4T_TCP   0x00000800 /* L4 Packet TYPE of TCP */
>  #define IXGBE_ADVTXD_TUCMD_L4T_SCTP  0x00001000 /* L4 Packet TYPE of SCTP */
>  #define IXGBE_ADVTXD_TUCMD_MKRREQ    0x00002000 /* req Markers and CRC */
> -#define IXGBE_ADVTXD_POPTS_IPSEC     0x00000400 /* IPSec offload request */
> -#define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPSec Type ESP */
> +#define IXGBE_ADVTXD_POPTS_IPSEC     0x00000400 /* IPsec offload request */
> +#define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPsec Type ESP */
>  #define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN 0x00004000/* ESP Encrypt Enable 
> */
>  #define IXGBE_ADVTXT_TUCMD_FCOE              0x00008000 /* FCoE Frame Type */
>  #define IXGBE_ADVTXD_FCOEF_EOF_MASK  (0x3 << 10) /* FC EOF index */
> Index: sys/netinet6/ip6_output.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/ip6_output.c,v
> retrieving revision 1.234
> diff -u -p -r1.234 ip6_output.c
> --- sys/netinet6/ip6_output.c 19 Feb 2018 08:59:53 -0000      1.234
> +++ sys/netinet6/ip6_output.c 26 Feb 2018 11:03:17 -0000
> @@ -1040,7 +1040,7 @@ ip6_ctloutput(int op, struct socket *so,
>       void *optdata;
>       struct inpcb *inp = sotoinpcb(so);
>       int error, optval;
> -     struct proc *p = curproc; /* For IPSec and rdomain */
> +     struct proc *p = curproc; /* For IPsec and rdomain */
>       u_int rtid = 0;
>  
>       error = optval = 0;
> Index: usr.bin/calendar/calendars/calendar.openbsd
> ===================================================================
> RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.openbsd,v
> retrieving revision 1.38
> diff -u -p -r1.38 calendar.openbsd
> --- usr.bin/calendar/calendars/calendar.openbsd       3 Sep 2016 13:37:45 
> -0000       1.38
> +++ usr.bin/calendar/calendars/calendar.openbsd       26 Feb 2018 11:03:18 
> -0000
> @@ -53,7 +53,7 @@ May 29      t2k13: General hackathon, Toronto
>  May 30       c2k9: General hackathon, Edmonton, Alberta, 46 developers, 2009
>  May 31       Initial cut at OpenNTP, 2004
>  Jun 01       OpenBSD 2.1 released, first time on CD (double set), 1997
> -Jun 04       c99: First hackathon (IPSec), Calgary, Alberta, 10 developers, 
> 1999
> +Jun 04       c99: First hackathon (IPsec), Calgary, Alberta, 10 developers, 
> 1999
>  Jun 04       c2k2: General hackathon, Calgary, Alberta, 42 developers, 2002
>  Jun 06       c2k8: General hackathon, Edmonton, Alberta, 55 developers, 2008
>  Jun 14       r2k6: First network hackathon, Hamburg, Germany, 6 developers, 
> 2006
> @@ -79,7 +79,7 @@ Aug 12      OpenBSD/sparc is switched to wsco
>  Aug 16       IPX network stack added to OpenBSD, from FreeBSD, 1996
>  Aug 17       c2k1-2: Sparc64 hackathon, Washington D.C., 12 developers, 2001
>  Aug 17       OpenBSD/sparc64 port is added, from NetBSD, 2001
> -Aug 28       k2k6: IPSec hackathon, Schloss Kransberg, Germany, 14 
> developers, 2006
> +Aug 28       k2k6: IPsec hackathon, Schloss Kransberg, Germany, 14 
> developers, 2006
>  Sep 01       Support for the sparc (32bit) architecture removed, 2016
>  Sep 03       Support for the zaurus architecture removed, 2016
>  Sep 16       s2k11: General hackathon, Ljubljana, Slovenia, 25 developers, 
> 2011
> Index: usr.sbin/dhcpd/dhcpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/dhcpd/dhcpd.conf.5,v
> retrieving revision 1.22
> diff -u -p -r1.22 dhcpd.conf.5
> --- usr.sbin/dhcpd/dhcpd.conf.5       28 Jun 2017 14:07:11 -0000      1.22
> +++ usr.sbin/dhcpd/dhcpd.conf.5       26 Feb 2018 11:03:19 -0000
> @@ -566,7 +566,7 @@ Currently, the
>  and
>  .Cm fddi
>  physical interface types are recognized,
> -although support for DHCP-over-IPSec virtual interface type
> +although support for DHCP-over-IPsec virtual interface type
>  .Cm ipsec-tunnel
>  is provided.
>  The
> Index: usr.sbin/dhcrelay/dhcrelay.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/dhcrelay/dhcrelay.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 dhcrelay.c
> --- usr.sbin/dhcrelay/dhcrelay.c      5 Jul 2017 11:11:56 -0000       1.63
> +++ usr.sbin/dhcrelay/dhcrelay.c      26 Feb 2018 11:03:19 -0000
> @@ -174,7 +174,7 @@ main(int argc, char *argv[])
>                               fatalx("don't mix interfaces with hosts");
>  
>                       if (sp->intf->hw_address.htype == HTYPE_IPSEC_TUNNEL)
> -                             fatalx("can't use IPSec with layer 2");
> +                             fatalx("can't use IPsec with layer 2");
>  
>                       sp->next = servers;
>                       servers = sp;
> Index: usr.sbin/npppd/l2tp/l2tp_ctrl.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/npppd/l2tp/l2tp_ctrl.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 l2tp_ctrl.c
> --- usr.sbin/npppd/l2tp/l2tp_ctrl.c   5 Dec 2015 18:43:36 -0000       1.21
> +++ usr.sbin/npppd/l2tp/l2tp_ctrl.c   26 Feb 2018 11:03:20 -0000
> @@ -442,7 +442,7 @@ l2tp_ctrl_purge_ipsec_sa(l2tp_ctrl *_thi
>  #endif
>       if (ipsec_util_purge_transport_sa((struct sockaddr *)&peer,
>           (struct sockaddr *)&sock, proto, IPSEC_UTIL_DIRECTION_BOTH) != 0)
> -             l2tp_ctrl_log(_this, LOG_NOTICE, "failed to purge IPSec SA");
> +             l2tp_ctrl_log(_this, LOG_NOTICE, "failed to purge IPsec SA");
>  }
>  #endif
>  
> 

Reply via email to