CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/08 00:15:42 Modified files: lib/libcrypto/ec: ec_cvt.c Log message: Fix a EC_GROUP_clear_free() that snuck through. Thanks to Mark Patruck for reporting.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/03/08 00:02:09 Modified files: games/fortune/datfiles: fortunes Log message: this morning's fortune was missing an apostrophe;
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 23:47:30 Modified files: lib/libcrypto/ec: ec_lib.c Log message: Fix previous.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/03/07 23:44:45 Modified files: regress/lib/libcrypto/bn: bn_rand_interval.c Log message: reduce number of tests in bn_rand_interval. This is only testing basic functionality anyway, so 1 tests are more than enough.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/03/07 23:28:08 Modified files: regress/lib/libcrypto/bn: bn_isqrt.c Log message: bn_isqrt: reduce number of tests to 100. The runtime is roughly quadratic in N_TESTS. While it only takes 1-2s on modern machines, this test takes a long time on slow machines. A reduction of runtime by a factor of ~16 is significant.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dtuc...@cvs.openbsd.org 2023/03/07 23:21:32 Modified files: usr.bin/ssh: sftp.c Log message: Plug mem leak. Coverity CID 405196, ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 23:12:52 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: Process up to four test vector files concurrently. This avoids having a slow down when processing test vector files that only have a single group. Note that the processing of test vector files is in turn going to be rate limited by the number of concurrent test groups, which means we do not need variable limits for vectors. Reduces a Wycheproof regress run down to ~8 seconds on an Apple M1.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 22:45:31 Modified files: lib/libcrypto/ec: ec.h ec2_smpl.c ec_asn1.c ec_lib.c ec_local.h ec_mult.c ec_print.c ecp_mont.c ecp_nist.c ecp_smpl.c Log message: Always clear EC groups and points on free. Rather than sometimes clearing, turn the free functions into ones that always clear (as we've done elsewhere). Turn the EC_GROUP_clear_free() and EC_POINT_clear_free() functions into wrappers that call the *_free() version. Do similar for the EC_METHOD implementations, removing the group_clear_finish() and point_clear_finish() hooks in the process. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 22:41:08 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: Run test groups concurrently. Add a basic test coordinator, that allows for Wycheproof test groups to be run concurrently. This can be further improved (especially for vectors that have limited test groups), however it already reduces the regress duration by about half on an Apple M1.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/03/07 22:36:45 Modified files: regress/lib/libcrypto/wycheproof: Makefile Log message: zap more audit remnants
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 22:35:51 Modified files: lib/libcrypto/ec: ec_cvt.c Log message: Stop trying to use EC_GFp_nist_method(). Currently, if compiled without OPENSSL_BN_ASM_MONT, EC_GROUP_new_curve_GFp() tries to use EC_GFp_nist_method(), falling back to EC_GFp_mont_method() if it is not a NIST curve (if OPENSSL_BN_ASM_MONT is defined we use EC_GFp_mont_method() unconditionally). Now that we have a reasonable non-assembly Montgomery implementation, the performance of EC_GFp_nist_method() is either similar or slower than EC_GFp_mont_method() (the exception being P-521, however if you're using that you're not doing it for performance reasons anyway). The EC_GFp_nist_method() uses rather scary BN NIST code (which would probably already be removed, if not for the BN and EC public APIs), it uses code paths that are currently less constant time, and there is additional overhead in checking to see if the curve is actually supported. Stop trying to use EC_GFp_nist_method() and unconditionally use EC_GFp_mont_method() in all cases. While here, factor out the common setup code and call it from both EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m(). ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/03/07 22:33:53 Modified files: usr.bin/ssh: ssh-pkcs11.c Log message: ssh-pkcs11: synchronize error messages with errors A handful of error messages contained incorrect function names or otherwise inaccurate descriptions. Fix them to match reality. input/ok djm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 22:17:33 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: Remove acceptable audit. This code would need changes to be safe to use concurrently - remove it since it is somewhat incomplete and needs reworking. Requested by tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 21:50:27 Modified files: lib/libcrypto/ec: ec2_smpl.c ec_local.h ec_oct.c ecp_mont.c ecp_nist.c ecp_smpl.c Log message: Remove EC_FLAGS_DEFAULT_OCT. The EC code has an amazing array of function pointer hooks, such that a method can hook into almost any operation... and then there is the EC_FLAGS_DEFAULT_OCT flag, which adds a bunch of complex code and #ifdef so you can avoid setting three of those function pointers! Remove EC_FLAGS_DEFAULT_OCT, the now unused flags field from EC_METHOD, along with the various code that was wrapped in EC_FLAGS_DEFAULT_OCT, setting the three function pointers that need to be set in each of the EC_METHODs. ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2023/03/07 21:43:15 Modified files: bin/csh: csh.c dir.c dol.c exec.c func.c hist.c proc.c set.c time.c bin/echo : echo.c bin/mt : mtrmt.c distrib/special/libstubs: mbrtowc_sb.c lib/libedit: common.c el.c emacs.c filecomplete.c hist.c history.c prompt.c readline.c refresh.c search.c terminal.c tty.c vi.c lib/libkvm : kvm_amd64.c kvm_powerpc.c lib/libpcap: pcap-bpf.c lib/libskey: skeysubr.c lib/libutil: imsg.c libexec/comsat : comsat.c libexec/ftpd : ftpcmd.y ftpd.c monitor.c libexec/lockspool: lockspool.c libexec/login_skey: login_skey.c libexec/rpc.rquotad: rquotad.c libexec/rpc.rstatd: rstat_proc.c rstatd.c libexec/rpc.rusersd: rusersd.c libexec/snmpd/snmpd_metrics: kroute.c libexec/spamd : grey.c regress/sbin/ifconfig: ifaddr.c regress/sys/kern/pledge/ioctl: unfdpass.c regress/sys/kern/unfdpass: unfdpass.c regress/sys/kern/unfdpass: unfdpass.c sbin/dump : dumprmt.c optr.c tape.c sbin/fsck_ext2fs: main.c utilities.c sbin/fsck_ffs : main.c utilities.c sbin/ifconfig : ifconfig.c sbin/iked : control.c sbin/isakmpd : isakmpd.c sbin/ldattach : ldattach.c sbin/nfsd : nfsd.c sbin/nologin : nologin.c sbin/restore : restore.c tape.c sys/arch/alpha/alpha: machdep.c trap.c sys/arch/alpha/tc: tc_bus_mem.c sys/arch/hppa/spmath: dfsqrt.c fcnvff.c fcnvfx.c fcnvfxt.c frnd.c sfsqrt.c sys/arch/hppa/stand/libsa: ct.c sys/arch/i386/i386: mem.c trap.c sys/arch/luna88k/dev: lunaws.c sys/arch/macppc/macppc: mainbus.c sys/arch/macppc/pci: pchb.c sys/arch/mips64/mips64: sendsig.c sys/arch/sh/include: pmap.h sys/arch/sparc64/sparc64: autoconf.c machdep.c sys/ddb: db_break.c db_command.c db_examine.c db_run.c db_variables.c db_watch.c sys/dev/i2c: i2c_bitbang.c sys/dev/pci: cmpci.c eso.c if_ipw.c if_iwi.c sys/dev/pckbc : pckbd.c sys/dev: rnd.c vnd.c sys/dev/usb: if_mtw.c if_otus.c if_rsu.c if_run.c if_urtwn.c sys/isofs/cd9660: cd9660_rrip.c cd9660_vfsops.c cd9660_vnops.c sys/lib/libsa : dev.c sys/miscfs/deadfs: dead_vnops.c sys/miscfs/fifofs: fifo_vnops.c sys/msdosfs: msdosfs_denode.c sys/netinet: if_ether.c ip_carp.c sys/nfs: nfs_kq.c nfs_serv.c nfs_vfsops.c nfs_vnops.c sys/sys: tree.h sys/ufs/ext2fs : ext2fs_readwrite.c ext2fs_vfsops.c ext2fs_vnops.c sys/ufs/ufs: ufs_vfsops.c ufs_vnops.c sys/uvm: uvm_mmap.c usr.bin/at : at.c usr.bin/bc : bc.y scan.l tty.c usr.bin/cdio : cdio.c usr.bin/chpass : chpass.c field.c usr.bin/csplit : csplit.c usr.bin/cut: cut.c usr.bin/cvs: date.y usr.bin/dc : bcode.c inout.c usr.bin/deroff : deroff.c usr.bin/find : function.c misc.c usr.bin/ftp: cmds.c fetch.c ftp.c small.c util.c usr.bin/ipcrm : ipcrm.c usr.bin/ktrace : ktrace.c usr.bin/login : login.c usr.bin/mail : cmd3.c head.c lex.c popen.c send.c tty.c usr.bin/make : job.c usr.bin/mg : autoexec.c basic.c bell.c buffer.c cscope.c dir.c dired.c display.c extend.c file.c fileio.c grep.c help.c kbd.c macro.c main.c paragraph.c re_search.c region.c search.c spawn.c tags.c tty.c undo.c util.c version.c window.c word.c yank.c usr.bin/netstat: if.c usr.bin/newsyslog: newsyslog.c usr.bin/nfsstat: nfsstat.c usr.bin/pr : pr.c usr.bin/rcs: date.y rcsprog.c usr.bin/rpcgen : rpc_cout.c usr.bin/rpcinfo: rpcinfo.c usr.bin/ssh: auth2.c clientloop.c kex.c mux.c progressmeter.c serverloop.c sftp-client.c sftp.c ssh-agent.c ssh-ecdsa-sk.c ssh-ecdsa.c sshconnect2.c sshd.c usr.bin/tftp : main.c usr.bin/top: top.c usr.bin/usbhidaction: usbhidaction.c usr.bin/wall : wall.c usr.bin/what : what.c usr.sbin/apmd : apmd.c usr.sbin/dvmrpd: control.c usr.sbin/eeprom: ophandlers.c usr.sbin/eigrpd: control.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/03/07 17:05:58 Modified files: usr.bin/ssh: ssh-add.c Log message: use RSA/SHA256 when testing usability of private key in agent; with/ok dtucker
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/03/07 17:05:37 Modified files: usr.bin/ssh: ssh-keygen.c Log message: use RSA/SHA256 when testing usability of private key; based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/03/07 14:47:42 Modified files: usr.bin/ssh: channels.c Log message: refactor to be more readable top to bottom. Prompted by Coverity CID 405048 which was a false-positive fd leak; ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/03/07 13:09:48 Modified files: sbin/ifconfig : ifconfig.8 sys/net: if.c if.h Log message: Avoid enabling TSO on interfaces which are already attached to a bridge. with tweaks from claudio and deraadt ok claudio, bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2023/03/07 10:43:59 Modified files: sbin/ipsecctl : ipsecctl.c pfkdump.c usr.bin/find : function.c usr.bin/usbhidctl: usbhid.c Log message: Delete obsolete /* ARGSUSED1 */ lint comments. ok claudio@ cheloha@ krw@ deraadt@ miod@ millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/03/07 10:37:26 Modified files: distrib/loongson/ramdisk: install.md Log message: Use "installboot -p"; tested by/OK miod
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/03/07 10:29:42 Modified files: distrib/amd64/common: install.md distrib/i386/common: install.md distrib/miniroot: install.sub distrib/riscv64/ramdisk: install.md distrib/sparc64/common: install.md Log message: Initial support for guided disk encryption One new question to cover the most common use case, such that manual setup in (S)hell or '!' prior to install is no longer required: Encrypt the root disk? (disk, 'no' or '?' for details) [no] ? Create a passphrase protected CRYPTO softraid volume to be used as root disk. Available disks are: sd0. Encrypt the root disk? (disk, 'no' or '?' for details) [no] Use of keydisk or different disciplines are not covered. Only asked in interactive installations; no autoinstall(8) or upgrades. Only reachable on i386, amd64, sparc64 and riscv64 for now (arm64 WIP). Tested by cheloha naddy and a few users Feedback from cheloha deraadt claudio OK cheloha "get it in now" deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/03/07 09:41:08 Modified files: etc/etc.alpha : disktab etc/etc.amd64 : disktab etc/etc.i386 : disktab etc/etc.macppc : disktab etc/etc.sparc64: disktab Log message: Nuke pointless 'pb#N:ob#0:' lines from floppy types. ok miod@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/03/07 07:49:32 Modified files: usr.sbin/rpki-client: filemode.c print.c Log message: Improve decoded content printing in filemode Looks reasonable claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/03/07 03:58:39 Modified files: sbin/route : route.8 Log message: restore tags for commands lost in r1.112 restructuring; OK jmc
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/03/07 03:30:38 Modified files: usr.sbin/bgpd : kroute.c Log message: Remove pre-c99 gcc workaround which is no longer needed.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2023/03/07 03:24:11 Modified files: sys/dev/fdt: dwpcie.c Log message: Add some minimal initialization code for rk356x such that the kernel doesn't hang. ok millert@, dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 02:42:09 Modified files: lib/libcrypto/bn: bn_mont.c Log message: Improve bn_montgomery_multiply_words(). Rather than calling bn_mul_add_words() twice - once to multiply and once to reduce - perform the multiplication and reduction in a single pass using bn_mulw_addw_addw() directly. Also simplify the addition of the resulting carries, which in turn allows us to avoid zeroing the top half of the temporary words. This provides a ~20-25% performance improvement for RSA operations on aarch64. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 02:35:55 Modified files: lib/libcrypto/bn: bn_internal.h Log message: Slightly rework bn_mulw_addtw(). Call bn_mulw_addw() rather than doing bn_mulw() follow by bn_addw(). This simplifies the code slightly, plus on some platforms bn_mulw_addw() can be optimised (and bn_mulw_addtw() will then benefit from such an optimisation). ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: js...@cvs.openbsd.org 2023/03/07 02:27:11 Modified files: lib/libcrypto/bn: bn_blind.c bn_sqrt.c lib/libcrypto/dh: dh_lib.c lib/libcrypto/dsa: dsa_asn1.c dsa_lib.c lib/libcrypto/ec: ec2_smpl.c ec_key.c ec_lib.c ec_print.c ecp_smpl.c lib/libcrypto/ecdsa: ecs_asn1.c ecs_lib.c ecs_ossl.c lib/libcrypto/gost: gostr341001_key.c lib/libcrypto/rsa: rsa_lib.c Log message: Call BN_free() instead of BN_clear_free(). BN_clear_free() is a wrapper that calls BN_free() - call BN_free() directly instead. ok tb@
