OpenCVS bug on ssh 'broken pipe' error
When ssh 'broken pipe' error occurred, cvs quit exit error 0. Here is my test script: # cat opencvs.sh #!/bin/ksh cd /usr/src echo "[`/bin/date "+%Y-%m-%dT%H:%M:%S%z"`] start cvs update /usr/src/" while true; do cvs -q -d anon...@anoncvs.comstyle.com:/cvs up -Pd rc=$? echo $rc if [ "$rc" -eq "0" ]; then break; fi echo "[`/bin/date "+%Y-%m-%dT%H:%M:%S%z"`] retry cvs update" done echo "[`/bin/date "+%Y-%m-%dT%H:%M:%S%z"`] done cvs update" # ksh opencvs.sh [2016-05-21T01:16:47+0800] start cvs update /usr/src/ P bin/pax/ar_io.c P bin/pax/ftree.c P bin/rmdir/rmdir.c P distrib/armv7/ramdisk/install.md P distrib/sets/lists/man/mi P etc/examples/bgpd.conf P share/man/man4/Makefile U share/man/man4/utvfu.4 P sys/dev/pci/if_iwm.c P sys/dev/pci/if_iwn.c P sys/kern/kern_sched.c P sys/ufs/ext2fs/ext2fs_alloc.c P sys/ufs/ext2fs/ext2fs_balloc.c P usr.sbin/bgpctl/bgpctl.c P usr.sbin/bgpd/bgpd.conf.5 P usr.sbin/bgpd/bgpd.h P usr.sbin/bgpd/parse.y P usr.sbin/bgpd/rde.c P usr.sbin/bgpd/rde_filter.c P usr.sbin/bgpd/util.c P usr.sbin/pstat/pstat.8 P usr.sbin/pstat/pstat.c packet_write_wait: Connection to 206.51.28.2 port 22: Broken pipe 0 [2016-05-21T01:26:28+0800] done cvs update
Re: syslog over TLS
On Fri, Jan 16, 2015 at 8:46 AM, Alexander Bluhm alexander.bl...@gmx.net wrote: - Wrong format. The TLS RFC requires length-message encoding, I use message-newline inherited from TCP. Transmission of Syslog Messages over TCP (RFC 6587) prefer use 'octet-counting', not 'non-transparent-framing method'. http://tools.ietf.org/html/rfc6587#section-3.4 The older method of non-transparent-framing has problems. The newer method of octet-counting is reliable and has not been seen to cause problems noted with the non-transparent-framing method. I'd like plain TCP transmission implement 'octet-counting' too.
Re: LibreSSL Windows port status update
On Mon, Dec 1, 2014 at 2:25 PM, Brad Smith b...@comstyle.com wrote: There is a URL posted at the bottom of that page that points out how it is broken and should not be used. I don't think we must distinguish the timeout errors and connection errors in the OpenSSL(1) tool, report ‘connection failed (or timeout)' is enough in such environment.
Re: LibreSSL Windows port status update
Cool ! I can see you do lot's of update on select-poll conversions. The code become more and more complex since you want it works more general. Can we use simply WSAPoll[1] instead ? -- #ifdef _WIN32 #define poll WSAPoll #endif -- [1] http://msdn.microsoft.com/en-us/library/windows/desktop/ms741669%28v=vs.85%29.aspx On Mon, Dec 1, 2014 at 11:58 AM, Brent Cook bust...@gmail.com wrote: I got a Windows 8.1 box running this weekend and spent some quality time making poll(2) emulation more robust, so that it can deal with more of the select-poll conversions in openssl(1) coming in the future. I also got the upstream poll conversion patches themselves in better working order. This Windows port is now achieved without any #ifdefs or odd workarounds. So, it should be possible to maintain support without having too many new warts in the LibreSSL tree. So, what can it do now? Well, you can run this command in a powershell window: .\apps\openssl.exe s_server -cert tests\server.pem and this in another: .\apps\openssl.exe s_client and type on the console back and forth interactively. You can also run this from powershell and still get the expected result: cat .\README | apps\openssl.exe s_client -connect 127.0.0.1:4433 No big deal for those fancy 'everything works like a file' operating systems, but Windows very special in its handling of sockets vs. console IO vs pipes. Performance-wise, it's currently about 50x slower than Cygwin's native openssl.exe, but I have not begun to optimize anything yet. https://github.com/busterb/portable/commits/win32-minimal https://github.com/busterb/openbsd/commits/win32-minimal - Brent
Re: [PATCH] CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
On Tue, Nov 11, 2014 at 9:56 PM, Brent Cook bust...@gmail.com wrote: Mystery solved! This patch fixed the exited immediately issue. When getentropy failed, LibReSSL will call _getentropy_fail, it call TerminateProcess(GetCurrentProcess(), 0) to exit.
Re: [PATCH] CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
On Tue, Nov 11, 2014 at 10:17 PM, Brent Cook bust...@gmail.com wrote: Yes, this is an intentional design feature: fail fast if there is no entropy. I'm looking at your other patches and testing with mingw 3.1.0, but am having to fix a number of minor build failures. Out of curiosity, what version are you testing against? I use mingw-w64, because it support both 32 bit and 64 bit, and accept patches very fast. git clone git://git.code.sf.net/p/mingw-w64/mingw-w64 http://sourceforge.net/p/mingw-w64/mingw-w64/commit_browser
[PATCH] CryptAcquireContext and CryptGenRandom returns zero (FALSE) if fails.
From: Dongsheng Song dongsheng.s...@gmail.com Please see http://msdn.microsoft.com/en-us/library/windows/desktop/aa379886(v=vs.85).aspx and http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx for more details. --- src/lib/libcrypto/crypto/getentropy_win.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/libcrypto/crypto/getentropy_win.c b/src/lib/libcrypto/crypto/getentropy_win.c index f65e2b3..91e99c1 100644 --- a/src/lib/libcrypto/crypto/getentropy_win.c +++ b/src/lib/libcrypto/crypto/getentropy_win.c @@ -1,7 +1,7 @@ /* $OpenBSD: getentropy_win.c,v 1.1 2014/07/12 20:54:49 wouter Exp $ */ /* - * Copyright (c) 2014, Theo de Raadt dera...@openbsd.org + * Copyright (c) 2014, Theo de Raadt dera...@openbsd.org * Copyright (c) 2014, Bob Beck b...@obtuse.com * * Permission to use, copy, modify, and distribute this software for any @@ -44,9 +44,9 @@ getentropy(void *buf, size_t len) } if (CryptAcquireContext(provider, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT) != 0) + CRYPT_VERIFYCONTEXT) == 0) goto fail; - if (CryptGenRandom(provider, len, buf) != 0) { + if (CryptGenRandom(provider, len, buf) == 0) { CryptReleaseContext(provider, 0); goto fail; } -- 2.1.2
Re: LibreSSL: GOWindows support
On Fri, Nov 7, 2014 at 11:07 PM, Brent Cook bust...@gmail.com wrote: On Nov 7, 2014, at 8:21 AM, Dongsheng Song dongsheng.s...@gmail.com wrote: I need some code changes for Windows support. e.g. --- a/src/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c @@ -57,13 +57,17 @@ * */ +#ifdef _WIN32 +#include ws2tcpip.h +#else #include sys/socket.h -#include sys/time.h - #include netinet/in.h +#include netdb.h +#endif + +#include sys/time.h #include errno.h -#include netdb.h #include stdio.h #include string.h #include unistd.h Thanks for the first set of patches on the portable tree! I would think the #ifdef _WIN32 is probably the lesser of two evils. Hopefully this will be largely confined to bio and the openssl app? yes, I can generate openssl.exe with my local patches. I use #ifdef _WIN32 to guard headres, socket functions, signal functions, tty functions. fork is more painful, so I defined OPENSSL_NO_SPEED. maybe I'll write a Windows version speed_main. You'll also need to audit file descriptor usage carefully, so they are closed properly: Thanks.
Re: LibreSSL 2.0.3 released
On Tue, Jul 22, 2014 at 10:01 AM, Bob Beck b...@openbsd.org wrote: We have released an update, LibreSSL 2.0.3 - which should be arriving in the LibreSSL directory of an OpenBSD mirror near you very soon. This release includes a number of portability fixes based on the the feedback we have received from the community. It also includes some improvements to the fork detection support. As noted before, we welcome feedback from the broader community. Enjoy, -Bob Thanks, all tests passed on Debian 6, 7 and 8 (testing): $ ./configure --prefix=/opt/libressl $ make -j4 $ make check Testsuite summary for libressl 2.0.3 # TOTAL: 42 # PASS: 42 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 Regards, Dongsheng