Hi Henning,
On Tue, Jul 15, 2014 at 01:39:19PM +0200, Henning Brauer wrote:
> naddy's mpbios RAMDISK_CD mail reminded me that I have put trunk into
> RAMDISK_CD here for some time. Without, upgrading of machines with
> trunk is unecessarily hard, since, well, you won't get your trunk
> interface w
Hiding a lot of from userland breaks the build of the
extent test in regress/sys/kern/extent on amd64. Additionally, tedu's
added size variable in free(9) breaks the userland macros in
sys/kern/subr_extent.c. The following patch addresses these two issues.
Index: sys/sys/pool.h
===
The function
int
b64_pton(char const *src, u_char *target, size_t targsize);
in src/lib/libc/net/base64.c has a small bug with no consequences in
the rest of the tree.
By design, b64_pton() can be called with a NULL pointer as `target', in
which case it calculates the number of bytes encoded in
On Tue, Sep 23, 2014 at 01:58:59PM -0400, Brad Smith wrote:
> On 31/12/13 12:06 AM, Brad Smith wrote:
> >On 16/05/13 5:55 PM, Jérémie Courrèges-Anglas wrote:
> >>Hi,
> >>
> >>I've been using msk(4) with MSI on my laptop since a few days, with no
> >>apparent problem.
> >>
> >>mskc0 at pci2 dev 0 fu
The latest commit caused a repeated line:
Index: acpithinkpad.c
===
RCS file: /cvs/src/sys/dev/acpi/acpithinkpad.c,v
retrieving revision 1.39
diff -u -p -r1.39 acpithinkpad.c
--- acpithinkpad.c 5 Oct 2014 01:31:12 - 1.3
This confused me quite a bit when I first read it. After lint was
unhooked from the tree, there remain only seven targets in
:
all, clean, cleandir, depend, includes, install, and tags.
Same goes for and .
Index: bsd.README
===
RCS
Here's a shot at removing the binaries and manuals that are obsolete
after the lkm removal. I hope I caught them all.
There remains the user _lkm in /etc/groups. I am unsure how to remove that
one properly.
Index: faq/current.html
After lkm is gone, these should probably also be removed.
Index: bsd.own.mk
===
RCS file: /cvs/src/share/mk/bsd.own.mk,v
retrieving revision 1.150
diff -u -p -r1.150 bsd.own.mk
--- bsd.own.mk 22 Apr 2014 14:42:53 - 1.150
+++
The editing facilities in the search prompt in tmux's copy mode are kept
to a minimum. However, since deleting to the beginning of the prompt
with `C-u' and deleting the previous letter with `C-h' work as usual, I
would have expected that `C-w' would work as well and delete to the
beginning of the
Pausing a tetris game currently causes a segfault due to a a null
pointer dereference.
Fix this by checking that s is non-NULL before accessing its members.
A number of comments and an error message still refer to select()
instead of poll(). Correct this as well.
Index: input.c
The new `select line' key 'V' in copy mode is a vi key, not an emacs
key. Move the entry from the emacs column to the vi column in the
manual.
The table of copy mode keys is mostly sorted in alphabetical order with
a few exceptions that make some sense and a few that don't. I seems
most reasonab
The -d option in tmux was removed five years ago in revision 1.52 of
tmux.c. Also remove it from the optstring argument to getopt():
Index: tmux.c
===
RCS file: /cvs/src/usr.bin/tmux/tmux.c,v
retrieving revision 1.132
diff -u -p -r1.
There currently are a number of differences between tmux's jump commands
[fFtT,;] in copy mode and the behavior of the corresponding keys in vi:
1. The repeat count is not reset after a jump with [fFtT], but it is
reset after the `repeat movement' keys [;,]. For example, in tmux
`3fa;;' jum
In copy mode, when searching up from the top left corner or searching
down from the bottom right corner (the latter code path actually can't
be reached because of a check which is off by one), the functions
window_copy_search_{up,down}() return without freeing the members of `ss'.
This can be fixed
On Fri, Dec 05, 2014 at 06:44:03AM +0100, Jiri Navratil wrote:
[...]
>
> I got this error
>
> /usr/src/usr.bin/ssh/lib/../key.c: In function 'key_in_file':
> /usr/src/usr.bin/ssh/lib/../key.c:469: error: too few arguments to
> function 'sshkey_in_file'
> *** Error 1 in usr.bin/ssh/lib (:40 'key.o':
On Sun, Dec 14, 2014 at 02:00:08PM -0800, Philip Guenther wrote:
>
> Some time ago, I had added support for using the MWAIT instruction in the
> idle loop. Various people found that made their boxes run hot, to the
> point that several developers diked it out of their own builds; I've
> commit
A few default command key bindings are missing in the table of the tmux
manual:
Index: tmux.1
===
RCS file: /cvs/src/usr.bin/tmux/tmux.1,v
retrieving revision 1.411
diff -u -p -r1.411 tmux.1
--- tmux.1 9 Dec 2014 19:23:35 -
The adventure game is currently broken. When it's started without
any arguments, it spits a pile of garbage to stdout before eventually
dumping its core.
The game data of adventure(6) is obfuscated at compile time with a
scheme relying on deterministic random() and deobfuscated at runtime.
This i
On Fri, Nov 07, 2014 at 11:57:50AM -0800, patrick keshishian wrote:
[...]
> >
> > I propose getting rid of the s pointer all together as such:
>
> After replacing select() with poll(), not removing
> `struct timeval *s' seems an oversight; Its use was
> solely for select()'s benefit.
>
> Once m
POSIX says:
"If process number 0 is specified, all processes in the current process
group shall be signaled."
Add the corresponding line from kill.2 to document this case.
Index: kill.1
===
RCS file: /cvs/src/bin/kill/kill.1,v
retrie
I was trying to convince apropos(1) to give me information on the
scripts in /etc/apm and found myself unable to do so... The reason
turned out to be missing semantic markup in the relevant man page.
While there I was wondering about the weird ordering "suspend,
hibernate, resume, powerup, powerd
I am confused by the new documentation of HW_PERFPOLICY. Is this bound
to change? Looking at the function sysctl_hwperfpolicy() in
sys/kern/sched_bsd.c, I think the following is more accurate, although I
don't know what has to go wrong that the string is actually set to
`unknown'.
For consistenc
On Thu, Mar 12, 2015 at 08:20:30AM +, Jason McIntyre wrote:
> i think the "unknown" will be a catchall for errors, and we shouldn;t
> suggest to users that they can set it.
This makes sense. They actually can't set it to "unknown".
> so my suggestion is below. i'll commit later if no one has
This is related to the thread `Aq macro' on tech@ from before the
release lock (Feb 15):
https://marc.info/?t=14239912901&r=1&w=2
In the UTF-8 locale `.Aq', `\(la' and `\(ra' are rendered as
mathematical angle brackets, not as less-than and greater-than signs.
This is kind of confusing in the
Inspired by a recent commit of bentley@, I decided to clean up the
quoting characters in the csh man-page a bit:
Force ASCII versions of `, ', and ~ when appropriate, that is, escape
them as \(ga, \(aq, and \(ti in code snippets, commands, etc. For the
sake of consistency use \(dq instead of \&"
This set of three patches adds overflow checking to ksh in the spirit
of the malloc(A*B) -> reallocarray(NULL, A, B) conversions that were
ongoing since last summer. I've been running these patches on my main
laptop since January on amd64/CURRENT and didn't notice any issues.
ksh has its own memo
Conversion of explicit multiplications:
alloc(A*B, ...) becomes allocarray(A, B, ...), and
aresize(..., A*B, ...) becomes aresizearray(..., A, B, ...)
I ordered the arguments in such a way that A is nmemb and B is size as
in the prototypes of allocarray() and aresizearray().
Index: edit.c
=
Expand the macro
#define sizeofN(type, n) (sizeof(type) * n)
whenever it occurs as an argument to `alloc' or `aresize' and replace
`alloc' by `allocarray' and `aresize' by `aresizearray'.
There remains one single call to sizeofN(a,b) (see the patch for exec.c)
which could safely be repla
> Hi, Please don't forget to include Otto's license to the code, that
> you modified.
>
Thanks for this reminder. Please accept my apologies, I'm not very
familiar with the customs of licencing which doesn't exist in my
profession.
Would this be a satisfactory way of fulfilling your request?
On Sat, May 23, 2015 at 03:01:03PM +0200, Theo Buehler wrote:
> > Hi, Please don't forget to include Otto's license to the code, that
> > you modified.
> >
>
> Thanks for this reminder. Please accept my apologies, I'm not very
> familiar with the cust
On Sat, May 23, 2015 at 03:01:03PM +0200, Theo Buehler wrote:
> > Hi, Please don't forget to include Otto's license to the code, that
> > you modified.
> >
>
> Thanks for this reminder. Please accept my apologies, I'm not very
> familiar with th
On Sun, May 24, 2015 at 09:10:08PM +0200, Martin Natano wrote:
> I highly doubt any part of those three diffs is authored by yourself.
> (Merely renaming functions doesn't count as original work.) As pointed
> out before, the efficient overflow checking code is copied from Otto's
> code and the r
Index: usr.bin/openssl/openssl.1
===
RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.13
diff -u -p -r1.13 openssl.1
--- usr.bin/openssl/openssl.1 28 Feb 2015 21:51:56 - 1.13
+++ usr.bin/openssl/openssl.1
Here's a silly ed(1) session:
$ ed -p ":> "
:> P
P
*q
$
Notice how the prompt string changed from the custom prompt ":> " to
the default prompt "*".
This behavior seems to contradict both the man page and POSIX:
>From ed(1):
-p string Specifies a command prompt. This may be toggled on an
On Thu, Jun 18, 2015 at 02:16:08PM +0100, Jason McIntyre wrote:
> On Thu, Jun 18, 2015 at 12:33:58PM +0200, Theo Buehler wrote:
> > Here's a silly ed(1) session:
> >
> > $ ed -p ":> "
> > :> P
> > P
> > *q
> > $
> >
> >
My laptop has the built-in camera
$ dmesg | grep uvideo
uvideo0 at uhub0 port 4 configuration 1 interface 0 "Micron Built-in iSight"
rev 2.00/1.84 addr 2
video0 at uvideo0
$
and video(1) usually fails to grab frames in the default resolution of
640x480. No problems so far with 320x240 and 252x2
On Fri, Jun 19, 2015 at 10:20:59AM +0100, Stuart Henderson wrote:
> On 2015/06/19 11:11, Theo Buehler wrote:
> > In video(1)'s verbose mode, this results in a bogus `run time' being
> > printed due to the use of the uninitialized variable `tp_start', which
> >
>From http://www.lua.org/manual/5.3/manual.html#6.4:
When indexing a string in Lua, the first character is at position 1 (not
at 0, as in C).
The example of applying the pattern "()aa()" to the string "flaaap" in
the manpage shows that the empty captures "()" capture the positions
between the
Three minor nits following up on differences between the versions in
reyk@'s mails and the initial commit:
- isn't used anymore, so it can be removed.
- Sort the remaining headers alphabetically according to style(9).
- There's one remaining '%%' in an error string that shouldn't
be doubled,
On Sat, Jul 04, 2015 at 03:36:58PM +0530, Hrishikesh Muruk wrote:
> Why is sudo being removed from base?
Because millert@ and deraadt@ decided to do so. You can read some
explanations in this thread:
https://marc.info/?l=openbsd-ports&m=143465998814989&w=2
and tedu@'s blog post
http://www.tedunan
While dabbling with J. Friedl's script for detecting doubled words in his
"Mastering Regular Expressions" book, I found these four instances of
doubled words.
Three of these are completely straightforward:
EC_GROUP_copy.pod: the the
EC_KEY_new.pod: have have
d2i_X509_NAME.pod: the the
However, t
A further success story on an amd64 Core2 laptop. I built an entire
release with no complications. Suspend/Hibernate/Resume work fine as well.
OpenBSD 5.8-beta (GENERIC.MP) #451: Wed Jul 8 16:33:38 CEST 2015
t...@miraculix.home:/sys/arch/amd64/compile/GENERIC.MP
real mem = 2634596352 (2512
Since doas.conf is a `dangerous file', it seems to make sense to monitor
it daily(8). I don't know the policy on permissions in the /etc/mtree/*
files. Anything between 0400 and 0644 would seem to make sense.
/etc/sudoers used to have 0440. I suggest 0640 so that root can edit
the file (since th
A small oversight. The man page is already up to date.
Index: doas.c
===
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.27
diff -u -p -r1.27 doas.c
--- doas.c 26 Jul 2015 22:44:33 - 1.27
+++ doas.c
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
> Hi,
>
> sudo was having a nice feature of not overwhelming the user with password
> prompts (cookies :-) ).
>
> This diff is adding this back to doas(1).
>
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
> Hi,
This is a follow-up to a recent discussion on misc@:
https://marc.info/?t=14380009452&r=1&w=2
I suggest two small changes to the example in doas.conf(5):
a. make it explicit that the rule allows the users in group wheel to
run commands as any user (not just root).
b. modify the rule
If the `rcctl ls' command is given an argument that requires root,
the error message has a awkward space in front of the colon since
no argument is passed to the needs_root() function:
$ rcctl ls started
rcctl : need root privileges
Since this is the only place where `needs_root()' is called with
On Sat, Jun 26, 2021 at 07:20:52PM +0200, Ingo Schwarze wrote:
> Hi Jason and Theo,
>
> Jason McIntyre wrote on Tue, Jun 22, 2021 at 06:37:27AM +0100:
> > On Tue, Jun 22, 2021 at 04:48:39AM +0200, Theo Buehler wrote:
>
> >> You have two overlong lines as indicated
mpi reminded me of this diff.
On Tue, May 14, 2019 at 01:51:05PM +, Miod Vallat wrote:
> This tries to keep diffability against upstream, hence a questionable
> choice of the size type for zcfree() - but all sizes should fit in 32
> bits anyway.
>
> Since all zcfree routines used in the tree
> hmac-md5 might not be vulnerable, but snmp doesn't use pure hmac-*; in
> the case of md5 and sha1 it strips the result back to 12 bytes (for
> sha256 it's 24 bytes). I'm not saying that is insecure because of it; I
> haven't seen any research on the truncation of HMAC, but when combined
> with kn
> Any developer willing to provide an OK?
ok tb
There doesn't seem to be a good reason for omitting the newlines here.
If those are ever hit, it will look odd. Am I missing something?
Index: est.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/est.c,v
retrieving revision 1.40
diff -u
On Thu, Aug 12, 2021 at 03:01:37PM +1000, Jonathan Gray wrote:
> On Thu, Aug 12, 2021 at 06:44:51AM +0200, Theo Buehler wrote:
> > There doesn't seem to be a good reason for omitting the newlines here.
> > If those are ever hit, it will look odd. Am I missing somethin
It would be nice if someone running i386 could apply this diff, run
without apmd and check that setting sysctl hw.setperf to different
values between 0 and 100 works and changes hw.cpuspeed as expected.
hw.cpuspeed should take on the all the values reported in dmesg, e.g.,
cpu0: Enhanced SpeedStep
If jot is run without arguments, prec will never be changed from -1.
This results in the nonsensical format string "%.-1f" being produced in
getformat(). __vfprintf() will misinterpret the - as a left adjustment
flag and the precision used will be 0. The result is the samw as "%.0f",
which is what
On Fri, Aug 13, 2021 at 08:58:42AM +0200, Martijn van Duren wrote:
> Historically 's' presumably stood both for step and seed, but since we
> don't support seed anymore I think it's wise to make things a little
> more readable and just rename 's' to 'step'.
>
> tb@ already agrees with the concept.
On Fri, Aug 13, 2021 at 09:10:57AM +0200, Martijn van Duren wrote:
> Similar to tb's de Morgan's rule send last night.
>
> Shaves of 4 LoC of putdata and reads easier to me.
Agreed.
> regress passes
>
> OK?
ok tb
>
> martijn@
>
> Index: jot.c
> ==
Terminate the s_server after n clients connected to it. This is
occasionally useful, matches OpenSSL's behavior and should help
simplifying regress/usr.bin/openssl/x509.
Index: openssl.1
===
RCS file: /cvs/src/usr.bin/openssl/openssl.
Found this in my tree. Our version of getsubopt matches NetBSD's up to
some DIAGASSERTs and they do mention POSIX in their manual, so I suspect
we inherited the specified behavior. I copied the phrasing used for
other functions, but haven't checked in detail.
Index: stdlib/getsubopt.3
On Fri, Sep 03, 2021 at 04:51:06PM +0200, Ingo Schwarze wrote:
> Hi Theo,
>
> as you sent it, your patch is misleading since our manual page describes
> two features that are not required by POSIX.
>
> So i propose the larger patch shown below instead.
>
> While here, clarify what "null-terminat
On Wed, Sep 08, 2021 at 03:05:41PM +0200, Claudio Jeker wrote:
> Looking at profiling information and the code made me realize that these
> recallocarray calls growing the array by one every time are unnecessary.
> The size of the array is known in advance so use that information and
> build it up
On Wed, Sep 08, 2021 at 06:08:53PM +0200, Claudio Jeker wrote:
> On Wed, Sep 08, 2021 at 05:40:31PM +0200, Theo Buehler wrote:
> > On Wed, Sep 08, 2021 at 03:05:41PM +0200, Claudio Jeker wrote:
> > > Looking at profiling information and the code made me realize that these
> &g
On Thu, Sep 09, 2021 at 02:51:24PM +0200, Claudio Jeker wrote:
> Trying to remove work that is done over and over again.
> One of those checks are the various OID compares.
> Instead of converting the ASN1_OBJECT into a string and comparing the
> strings, convert the string into an ASN1_OBJECT once
On Fri, Sep 10, 2021 at 10:32:54AM -0600, Todd C. Miller wrote:
> The man page for OpenSSL_add_all_digests() says it is deprecated
> and should not be called by user code. However, EVP_DigestInit.3
> says it must be used.
>
> One of those is wrong...
Calling OpenSSL_add_all_digests() is no longe
The declarations in http.h have the void, so the compiler is happy.
Still, this looks wrong.
Index: usr.sbin/acme-client/http.c
===
RCS file: /cvs/src/usr.sbin/acme-client/http.c,v
retrieving revision 1.30
diff -u -p -r1.30 http.c
---
> I suggest that entering a NUL character will abort the search-history
> mode, much like ^[ does. This leaves the handling of said character to
> the "ordinary" command editing.
Makes sense. In vi mode, this problem doesn't occur, as the ^@ is
displayed in the search string.
ok tb for after re
On Sun, Oct 10, 2021 at 09:11:50PM +0100, Stuart Henderson wrote:
> On 2021/10/10 14:26, Scott Cheloha wrote:
> > On Sun, Oct 10, 2021 at 12:31:22PM -0600, Theo de Raadt wrote:
> > > Bryan Steele wrote:
> > >
> > > > On Sun, Oct 10, 2021 at 12:18:55PM -0500, Scott Cheloha wrote:
> > > > > On Sun,
I don't think anyone will want to compile this against OpenSSL 0.9.7 or
earlier. Calling OpenSSL_add_all_algorithms() has not been necessary
for a few years, so let's remove libcrypto.c.
Index: Makefile
===
RCS file: /cvs/src/sbin/is
In an upcoming libcrypto bump, we will make a few structs in libcrypto
opaque. This needs a small change in acme-client. Fetch the extension
stack using X509_get0_extensions() and iterate using the stack API.
Note that sk_*_num() returns -1 on NULL, so we won't enter the for loop
and the extsz dan
This is the first of two diffs to prepare isakmpd for upcoming libcrypto
changes. X509_EXTENSION will become opaque so we need to use an accessor.
I decided to leave accesses into ASN1_OCTET_STRING as they are for
readability (asn1_string_st is still exposed in OpenSSL's asn1.h).
Index: x509.c
==
On Thu, Oct 21, 2021 at 01:05:18PM +0200, Theo Buehler wrote:
> This is the first of two diffs to prepare isakmpd for upcoming libcrypto
> changes. X509_EXTENSION will become opaque so we need to use an accessor.
> I decided to leave accesses into ASN1_OCTET_STRING as they are for
>
On Thu, Oct 21, 2021 at 02:29:17PM +0200, Sebastian Benoit wrote:
> see the "if (csc == NULL)" error case below.
>
ugh, thanks. fixed in my tree
LibreSSL portable uses base64.c. Not everyone has u_char, so this is a
mild portability annoyance. This means that we can get rid of
sys/types.h. I also removed stdio.h since that seems unused.
As far as I can see, base64.c directly needs
ctype.h for isspace()
resolv.h for the function prototypes
This removes the last uses of u_int and u_char from the LibreSSL tree.
Index: chacha/chacha-merged.c
===
RCS file: /cvs/src/lib/libcrypto/chacha/chacha-merged.c,v
retrieving revision 1.9
diff -u -p -r1.9 chacha-merged.c
--- chacha/cha
On Fri, Oct 22, 2021 at 12:11:54PM +0200, Mark Kettenis wrote:
> > Date: Fri, 22 Oct 2021 05:09:25 +0100
> > From: Theo Buehler
> >
> > LibreSSL portable uses base64.c. Not everyone has u_char, so this is a
> > mild portability annoyance. This means that we can get
On Sun, Oct 24, 2021 at 07:43:44PM +0200, Claudio Jeker wrote:
> This diff adds the print functions from the regress test to rpki-client.
> Currently not hooked up in rpki-client itself but that will follow soon.
ok tb
> index 664a5200037..e33763e7420 100644
> --- a/usr.bin/openssl/Makefile
> +++ b/usr.bin/openssl/Makefile
> @@ -17,6 +17,7 @@ CFLAGS+= -Wuninitialized
> CFLAGS+= -Wunused
> .if ${COMPILER_VERSION:L} == "clang"
> CFLAGS+= -Werror
> +CFLAGS+= -Wno-unused-but-set-variable
This will break the build
On Mon, Oct 25, 2021 at 01:46:51PM +0200, Sebastien Marie wrote:
> I have a working llvm13 here for building zig 0.9.0-dev.
>
> /usr/src/usr.bin/openssl/s_client.c:897:16: error: variable 'pbuf_off' set
> but not used [-Werror,-Wunused-but-set-variable]
> int pbuf_len, pbuf_off;
>
On Mon, Oct 25, 2021 at 07:50:46PM +0200, Claudio Jeker wrote:
> Refactor this code and instead of passing various things around just use
> globals.
ok with two small nits:
> @@ -560,14 +622,6 @@ proc_parser(int fd)
> if ((pfd.revents & POLLHUP))
> break;
>
>
On Thu, Oct 28, 2021 at 08:21:12PM +0200, Claudio Jeker wrote:
> As in $SUBJECT said, sync the output at the end of a rpki-client run with
> outputheader() -- the function used to dump this info into the openbgpd
> output file.
>
> OK?
> --
> :wq Claudio
>
> Index: main.c
> =
On Wed, Nov 03, 2021 at 06:34:05PM +0100, Claudio Jeker wrote:
> Fix CRLF handling by properly setting nl to the right NUL byte.
> In the CRLF case both \r\n are replaced by \0 and so the code
> needs to adjust the nl pointer else valid_url() and the check for .cer
> endings fail.
It feels odd to
On Wed, Nov 03, 2021 at 08:01:38PM +0100, Claudio Jeker wrote:
> On Wed, Nov 03, 2021 at 12:41:52PM -0600, Theo de Raadt wrote:
> > + size_t talid; /* covered by which TAL */
> >
> > You shouldn't use size_t
> >
> > It is 32bit on ILP32 systems, and 64bit on I32LP64 machines, beca
On Thu, Nov 04, 2021 at 06:18:59PM +0100, Claudio Jeker wrote:
> This diff replaces the errx() call in the poll fd check with warnings plus
> an exit of the main event loop. It also prints an error in case not all
> files have been processed.
>
> An example after kill -9 of the rsync process is:
>
On Thu, Nov 04, 2021 at 06:31:54PM +0100, Claudio Jeker wrote:
> There is this bit in parser.c
> X509_free(x509); // needed? XXX
>
> As tb@ properly noted this X509_free() is needed because the cert_parse()
> returns an up referenced x509 pointer back.
>
> I moved the X509_free() so the erro
On Sun, Nov 07, 2021 at 10:13:44PM +, Klemens Nanni wrote:
> Spotted in `make obj' from /usr/src:
>
> ===> regress/usr.sbin/rpki-client/libressl
> /usr/src/regress/usr.sbin/rpki-client/libressl/obj ->
> /usr/obj/regress/usr.sbin/rpki-client/libressl
> Run "pkg_add openssl--%
On Sun, Nov 07, 2021 at 10:28:22PM +, Klemens Nanni wrote:
> On Sun, Nov 07, 2021 at 11:16:57PM +0100, Theo Buehler wrote:
> > On Sun, Nov 07, 2021 at 10:13:44PM +, Klemens Nanni wrote:
> > > Spotted in `make obj' from /usr/src:
> > >
> > > =
> rpki-client seems to be the one-off under regress/ in this regard.
Maybe. I wish I had a better idea than this
Index: Makefile
===
RCS file: /cvs/src/regress/usr.sbin/rpki-client/Makefile,v
retrieving revision 1.10
diff -u -p -r1.1
On Mon, Nov 08, 2021 at 10:47:04PM +, Klemens Nanni wrote:
> On Mon, Nov 08, 2021 at 12:59:51AM +0100, Theo Buehler wrote:
> > > rpki-client seems to be the one-off under regress/ in this regard.
> >
> > Maybe. I wish I had a better idea than this
>
> There is:
On Tue, Nov 09, 2021 at 11:03:14AM +, Job Snijders wrote:
> Hi all,
>
> Ties de Kock reported that the RIPE NCC Production CA's manifest is
> likely to double in size during RFC 6489 key rollover events. Both old
> and new entries will be listed. KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
> currently is
On Tue, Nov 09, 2021 at 07:54:51AM -0600, Brent Cook wrote:
> This switches libcrypto and libssl to use endian.h over
> machine/endian.h, easing some portability contortions. The Austin group
> works in mysterious ways, but endian.h also might be a POSIX
> standard in the wings, whatever 'Applied'
I'd like to commit a few easy diffs to reduce differences to NetBSD in
UVM. This makes code comparison easier and also reduces the amount of
noise in WIP diffs I have for ongoing work on locking in UVM.
Here's a first one that converts a for loop to LIST_FOREACH:
Index: uvm/uvm_swap.c
===
EVP_PKEY will become opaque, so we must stop reaching inside it. As
should be completely evident from the name, EVP_PKEY_type(pkey->type)
is the same as EVP_KEY_base_id(pkey).
>From lib/libcrypto/evp/p_lib.c:
int
EVP_PKEY_base_id(const EVP_PKEY *pkey)
{
return EVP_PKEY_type(pkey->type);
}
Straightforward conversion. Note that EVP_PKEY_get0_RSA() can't fail
after checking that we have an RSA key.
Index: x509.c
===
RCS file: /cvs/src/sbin/isakmpd/x509.c,v
retrieving revision 1.123
diff -u -p -r1.123 x509.c
--- x509.c
This is three times the same thing since the code is copy-paste + tweak.
In genrsa there is a slight twist that involves not reaching into BIGNUM
and we can take the opportunity to get rid of some Windows 3.1 things by
calling the conversion routines instead of handrolling them.
The callbacks them
The fix I need introduces the use of EVP_PKEY_get0_RSA().
Ownership handling in this scope is a bit wonky: X509_get_pubkey()
increments the refcount of pPublicKey. What we actually want is a
reference of its pkey.rsa. So use X509_get0_pubkey() instead and up the
refcount of the RSA. Finally, let's
bio->num_write aka BIO_number_written(bio). Straightforward. The main
reason I'm asking is that keeping the two else results in overlong lines
and awkward line wrapping. So I decided to drop them hoping that's
acceptable. Otherwise please tell me the preferred way to wrap the
lines in this part of
Two small diffs now that beck has linked the certificate transparency
code to the build.
The diff for ext_dat.h links the CT methods to the standard extensions.
This replaces the gibberish from the CT extensions which are now present
in most certs with something readable. Try
$ openssl s_client -
BIO_printf() is a wrapper around vfprintf, so we can remove this comment
and the cast.
Index: passwd.c
===
RCS file: /cvs/src/usr.bin/openssl/passwd.c,v
retrieving revision 1.10
diff -u -p -r1.10 passwd.c
--- passwd.c14 Jul 2019 0
Store prime and generator in intermediate BIGNUMs, then set them on the
DH. DH_set0_pqg() can't actually fail in this situation, but I prefer
to do error checking mechanically.
There is one more access to dh->pub_key which I will take care of once
we have DH_get0_pub_key() (using DH_get0_key() is
Rich Salz removed netscape support from OpenSSL in 2015 (commit 0bc2f365).
This is the openssl(1) part of that removal. SGC was removed a bit
earlier as part of 7e1b7485. The removal of the API in libcrypto will be
part of the bump (only devel/kf5/kdelibs4support uses it thanks to a
LIBRESSL_VERSI
1 - 100 of 1306 matches
Mail list logo