Hi all, As per jmc's commit message[0], would anyone be so kind as to comment on this, please?
Thanks again to Jason for fixing the non-code bits. [0] https://marc.info/?m=151993729713231 Cheers, Raf On Wed, Feb 28, 2018 at 08:38:35PM GMT, Jason McIntyre wrote: > On Mon, Feb 26, 2018 at 12:15:28PM +0000, Raf Czlonka wrote: > > Hi all, > > > > Fix capitalisation of IPsec as per the RFC[0] - obviously, only > > where this makes sense. > > > > The remaining one in cert.pem[1] will get fixed automatically once > > the file is regenerated, after the object identifiers' description > > changes. > > > > If this gets in, I'd like to submit a patch for www - *not* individual > > presentations or papers, though. > > > > [0] https://tools.ietf.org/html/rfc4301#page-4 > > [1] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/cert.pem > > > > Regards, > > > > Raf > > > > i'm ok with this diff. i don;t want to commit it as-is though, because > of the code bits. > > if no one shows any interest in taking it, i'll look at at least fixing the > man/calendar parts. > > jmc > > > Index: include/arpa/nameser.h > > =================================================================== > > RCS file: /cvs/src/include/arpa/nameser.h,v > > retrieving revision 1.13 > > diff -u -p -r1.13 nameser.h > > --- include/arpa/nameser.h 16 Jan 2015 00:01:28 -0000 1.13 > > +++ include/arpa/nameser.h 26 Feb 2018 11:03:07 -0000 > > @@ -223,7 +223,7 @@ > > #define KEYFLAG_USERACCOUNT 0x0400 /* key is assoc. with a user > > acct */ > > #define KEYFLAG_ENTITY 0x0200 /* key is assoc. with entity eg > > host */ > > #define KEYFLAG_ZONEKEY 0x0100 /* key is zone key for the zone > > named */ > > -#define KEYFLAG_IPSEC 0x0080 /* key is for IPSEC use (host > > or user)*/ > > +#define KEYFLAG_IPSEC 0x0080 /* key is for IPsec use (host > > or user)*/ > > #define KEYFLAG_EMAIL 0x0040 /* key is for email (MIME > > security) */ > > #define KEYFLAG_RESERVED10 0x0020 /* reserved - must be zero */ > > #define KEYFLAG_RESERVED11 0x0010 /* reserved - must be zero */ > > Index: lib/libcrypto/ec/ec_curve.c > > =================================================================== > > RCS file: /cvs/src/lib/libcrypto/ec/ec_curve.c,v > > retrieving revision 1.15 > > diff -u -p -r1.15 ec_curve.c > > --- lib/libcrypto/ec/ec_curve.c 29 Jan 2017 17:49:23 -0000 1.15 > > +++ lib/libcrypto/ec/ec_curve.c 26 Feb 2018 11:03:09 -0000 > > @@ -2135,7 +2135,7 @@ static const struct { > > } > > }; > > > > -/* IPSec curves */ > > +/* IPsec curves */ > > /* NOTE: The of curves over a extension field of non prime degree > > * is not recommended (Weil-descent). > > * As the group order is not a prime this curve is not suitable > > @@ -3116,10 +3116,10 @@ static const ec_list_element curve_list[ > > #endif > > {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curve over a 224 > > bit prime field"}, > > #ifndef OPENSSL_NO_EC2M > > - /* IPSec curves */ > > - {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 > > over a 155 bit binary field.\n" > > + /* IPsec curves */ > > + {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPsec/IKE/Oakley curve #3 > > over a 155 bit binary field.\n" > > "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, > > - {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 > > over a 185 bit binary field.\n" > > + {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPsec/IKE/Oakley curve #4 > > over a 185 bit binary field.\n" > > "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, > > #endif > > /* RFC 5639 curves */ > > Index: lib/libcrypto/objects/objects.txt > > =================================================================== > > RCS file: /cvs/src/lib/libcrypto/objects/objects.txt,v > > retrieving revision 1.19 > > diff -u -p -r1.19 objects.txt > > --- lib/libcrypto/objects/objects.txt 25 May 2017 17:00:24 -0000 > > 1.19 > > +++ lib/libcrypto/objects/objects.txt 26 Feb 2018 11:03:09 -0000 > > @@ -486,9 +486,9 @@ id-kp 2 : clientAuth : TLS > > Web Client > > id-kp 3 : codeSigning : Code Signing > > !Cname email-protect > > id-kp 4 : emailProtection : E-mail Protection > > -id-kp 5 : ipsecEndSystem : IPSec End System > > -id-kp 6 : ipsecTunnel : IPSec Tunnel > > -id-kp 7 : ipsecUser : IPSec User > > +id-kp 5 : ipsecEndSystem : IPsec End System > > +id-kp 6 : ipsecTunnel : IPsec Tunnel > > +id-kp 7 : ipsecUser : IPsec User > > !Cname time-stamp > > id-kp 8 : timeStamping : Time Stamping > > # From OCSP spec RFC2560 > > Index: sbin/iked/iked.h > > =================================================================== > > RCS file: /cvs/src/sbin/iked/iked.h,v > > retrieving revision 1.117 > > diff -u -p -r1.117 iked.h > > --- sbin/iked/iked.h 30 Nov 2017 12:18:44 -0000 1.117 > > +++ sbin/iked/iked.h 26 Feb 2018 11:03:14 -0000 > > @@ -165,7 +165,7 @@ RB_HEAD(iked_flows, iked_flow); > > TAILQ_HEAD(iked_saflows, iked_flow); > > > > struct iked_childsa { > > - uint8_t csa_saproto; /* IPSec protocol */ > > + uint8_t csa_saproto; /* IPsec protocol */ > > unsigned int csa_dir; /* in/out */ > > > > uint64_t csa_peerspi; /* peer relation */ > > @@ -432,8 +432,8 @@ struct iked_sa { > > struct ibuf *sa_eapmsk; /* EAK session key */ > > > > struct iked_proposals sa_proposals; /* SA proposals */ > > - struct iked_childsas sa_childsas; /* IPSec Child SAs */ > > - struct iked_saflows sa_flows; /* IPSec flows */ > > + struct iked_childsas sa_childsas; /* IPsec Child SAs */ > > + struct iked_saflows sa_flows; /* IPsec flows */ > > > > struct iked_sa *sa_nexti; /* initiated IKE SA */ > > struct iked_sa *sa_nextr; /* simultaneous rekey */ > > Index: share/man/man4/ubsec.4 > > =================================================================== > > RCS file: /cvs/src/share/man/man4/ubsec.4,v > > retrieving revision 1.36 > > diff -u -p -r1.36 ubsec.4 > > --- share/man/man4/ubsec.4 10 Dec 2015 21:00:51 -0000 1.36 > > +++ share/man/man4/ubsec.4 26 Feb 2018 11:03:14 -0000 > > @@ -62,7 +62,7 @@ Faster version of the BCM5822 that also > > .It Broadcom BCM5825 > > Faster PCI Express or PCI-X version of the chip. > > .It Broadcom BCM5860 > > -IPSec/SSL Security Processor that is faster and has more features. > > +IPsec/SSL Security Processor that is faster and has more features. > > .It Broadcom BCM5861 > > Faster version of the BCM5860. > > .It Broadcom BCM5862 > > Index: sys/dev/pci/ixgbe_type.h > > =================================================================== > > RCS file: /cvs/src/sys/dev/pci/ixgbe_type.h,v > > retrieving revision 1.31 > > diff -u -p -r1.31 ixgbe_type.h > > --- sys/dev/pci/ixgbe_type.h 18 Nov 2016 14:16:10 -0000 1.31 > > +++ sys/dev/pci/ixgbe_type.h 26 Feb 2018 11:03:17 -0000 > > @@ -650,7 +650,7 @@ > > #define IXGBE_LSECRXCTRL_RP 0x00000080 > > #define IXGBE_LSECRXCTRL_RSV_MASK 0xFFFFFF33 > > > > -/* IpSec Registers */ > > +/* IPsec Registers */ > > #define IXGBE_IPSTXIDX 0x08900 > > #define IXGBE_IPSTXSALT 0x08904 > > #define IXGBE_IPSTXKEY(_i) (0x08908 + (4 * (_i))) /* 4 of these (0-3) */ > > @@ -2496,8 +2496,8 @@ enum { > > #define IXGBE_RXDADV_PKTTYPE_NFS 0x00000800 /* NFS hdr present */ > > #define IXGBE_RXDADV_PKTTYPE_VXLAN 0x00000800 /* VXLAN hdr present */ > > #define IXGBE_RXDADV_PKTTYPE_TUNNEL 0x00010000 /* Tunnel type */ > > -#define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP 0x00001000 /* IPSec ESP */ > > -#define IXGBE_RXDADV_PKTTYPE_IPSEC_AH 0x00002000 /* IPSec AH */ > > +#define IXGBE_RXDADV_PKTTYPE_IPSEC_ESP 0x00001000 /* IPsec ESP */ > > +#define IXGBE_RXDADV_PKTTYPE_IPSEC_AH 0x00002000 /* IPsec AH */ > > #define IXGBE_RXDADV_PKTTYPE_LINKSEC 0x00004000 /* LinkSec Encap */ > > #define IXGBE_RXDADV_PKTTYPE_ETQF 0x00008000 /* PKTTYPE is ETQF index */ > > #define IXGBE_RXDADV_PKTTYPE_ETQF_MASK 0x00000070 /* ETQF has 8 > > indices */ > > @@ -2863,8 +2863,8 @@ struct ixgbe_adv_tx_context_desc { > > #define IXGBE_ADVTXD_DTALEN_MASK 0x0000FFFF /* Data buf length(bytes) */ > > #define IXGBE_ADVTXD_MAC_LINKSEC 0x00040000 /* Insert LinkSec */ > > #define IXGBE_ADVTXD_MAC_TSTAMP 0x00080000 /* IEEE1588 time > > stamp */ > > -#define IXGBE_ADVTXD_IPSEC_SA_INDEX_MASK 0x000003FF /* IPSec SA index */ > > -#define IXGBE_ADVTXD_IPSEC_ESP_LEN_MASK 0x000001FF /* IPSec ESP length > > */ > > +#define IXGBE_ADVTXD_IPSEC_SA_INDEX_MASK 0x000003FF /* IPsec SA index */ > > +#define IXGBE_ADVTXD_IPSEC_ESP_LEN_MASK 0x000001FF /* IPsec ESP length > > */ > > #define IXGBE_ADVTXD_DTYP_MASK 0x00F00000 /* DTYP mask */ > > #define IXGBE_ADVTXD_DTYP_CTXT 0x00200000 /* Adv Context Desc > > */ > > #define IXGBE_ADVTXD_DTYP_DATA 0x00300000 /* Adv Data > > Descriptor */ > > @@ -2900,8 +2900,8 @@ struct ixgbe_adv_tx_context_desc { > > #define IXGBE_ADVTXD_TUCMD_L4T_TCP 0x00000800 /* L4 Packet TYPE of TCP */ > > #define IXGBE_ADVTXD_TUCMD_L4T_SCTP 0x00001000 /* L4 Packet TYPE of > > SCTP */ > > #define IXGBE_ADVTXD_TUCMD_MKRREQ 0x00002000 /* req Markers and CRC */ > > -#define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400 /* IPSec offload request */ > > -#define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPSec Type ESP */ > > +#define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400 /* IPsec offload request */ > > +#define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000 /* IPsec Type ESP */ > > #define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN 0x00004000/* ESP Encrypt > > Enable */ > > #define IXGBE_ADVTXT_TUCMD_FCOE 0x00008000 /* FCoE Frame Type */ > > #define IXGBE_ADVTXD_FCOEF_EOF_MASK (0x3 << 10) /* FC EOF index */ > > Index: sys/netinet6/ip6_output.c > > =================================================================== > > RCS file: /cvs/src/sys/netinet6/ip6_output.c,v > > retrieving revision 1.234 > > diff -u -p -r1.234 ip6_output.c > > --- sys/netinet6/ip6_output.c 19 Feb 2018 08:59:53 -0000 1.234 > > +++ sys/netinet6/ip6_output.c 26 Feb 2018 11:03:17 -0000 > > @@ -1040,7 +1040,7 @@ ip6_ctloutput(int op, struct socket *so, > > void *optdata; > > struct inpcb *inp = sotoinpcb(so); > > int error, optval; > > - struct proc *p = curproc; /* For IPSec and rdomain */ > > + struct proc *p = curproc; /* For IPsec and rdomain */ > > u_int rtid = 0; > > > > error = optval = 0; > > Index: usr.bin/calendar/calendars/calendar.openbsd > > =================================================================== > > RCS file: /cvs/src/usr.bin/calendar/calendars/calendar.openbsd,v > > retrieving revision 1.38 > > diff -u -p -r1.38 calendar.openbsd > > --- usr.bin/calendar/calendars/calendar.openbsd 3 Sep 2016 13:37:45 > > -0000 1.38 > > +++ usr.bin/calendar/calendars/calendar.openbsd 26 Feb 2018 11:03:18 > > -0000 > > @@ -53,7 +53,7 @@ May 29 t2k13: General hackathon, Toronto > > May 30 c2k9: General hackathon, Edmonton, Alberta, 46 developers, 2009 > > May 31 Initial cut at OpenNTP, 2004 > > Jun 01 OpenBSD 2.1 released, first time on CD (double set), 1997 > > -Jun 04 c99: First hackathon (IPSec), Calgary, Alberta, 10 developers, > > 1999 > > +Jun 04 c99: First hackathon (IPsec), Calgary, Alberta, 10 developers, > > 1999 > > Jun 04 c2k2: General hackathon, Calgary, Alberta, 42 developers, 2002 > > Jun 06 c2k8: General hackathon, Edmonton, Alberta, 55 developers, 2008 > > Jun 14 r2k6: First network hackathon, Hamburg, Germany, 6 developers, > > 2006 > > @@ -79,7 +79,7 @@ Aug 12 OpenBSD/sparc is switched to wsco > > Aug 16 IPX network stack added to OpenBSD, from FreeBSD, 1996 > > Aug 17 c2k1-2: Sparc64 hackathon, Washington D.C., 12 developers, 2001 > > Aug 17 OpenBSD/sparc64 port is added, from NetBSD, 2001 > > -Aug 28 k2k6: IPSec hackathon, Schloss Kransberg, Germany, 14 > > developers, 2006 > > +Aug 28 k2k6: IPsec hackathon, Schloss Kransberg, Germany, 14 > > developers, 2006 > > Sep 01 Support for the sparc (32bit) architecture removed, 2016 > > Sep 03 Support for the zaurus architecture removed, 2016 > > Sep 16 s2k11: General hackathon, Ljubljana, Slovenia, 25 developers, > > 2011 > > Index: usr.sbin/dhcpd/dhcpd.conf.5 > > =================================================================== > > RCS file: /cvs/src/usr.sbin/dhcpd/dhcpd.conf.5,v > > retrieving revision 1.22 > > diff -u -p -r1.22 dhcpd.conf.5 > > --- usr.sbin/dhcpd/dhcpd.conf.5 28 Jun 2017 14:07:11 -0000 1.22 > > +++ usr.sbin/dhcpd/dhcpd.conf.5 26 Feb 2018 11:03:19 -0000 > > @@ -566,7 +566,7 @@ Currently, the > > and > > .Cm fddi > > physical interface types are recognized, > > -although support for DHCP-over-IPSec virtual interface type > > +although support for DHCP-over-IPsec virtual interface type > > .Cm ipsec-tunnel > > is provided. > > The > > Index: usr.sbin/dhcrelay/dhcrelay.c > > =================================================================== > > RCS file: /cvs/src/usr.sbin/dhcrelay/dhcrelay.c,v > > retrieving revision 1.63 > > diff -u -p -r1.63 dhcrelay.c > > --- usr.sbin/dhcrelay/dhcrelay.c 5 Jul 2017 11:11:56 -0000 1.63 > > +++ usr.sbin/dhcrelay/dhcrelay.c 26 Feb 2018 11:03:19 -0000 > > @@ -174,7 +174,7 @@ main(int argc, char *argv[]) > > fatalx("don't mix interfaces with hosts"); > > > > if (sp->intf->hw_address.htype == HTYPE_IPSEC_TUNNEL) > > - fatalx("can't use IPSec with layer 2"); > > + fatalx("can't use IPsec with layer 2"); > > > > sp->next = servers; > > servers = sp; > > Index: usr.sbin/npppd/l2tp/l2tp_ctrl.c > > =================================================================== > > RCS file: /cvs/src/usr.sbin/npppd/l2tp/l2tp_ctrl.c,v > > retrieving revision 1.21 > > diff -u -p -r1.21 l2tp_ctrl.c > > --- usr.sbin/npppd/l2tp/l2tp_ctrl.c 5 Dec 2015 18:43:36 -0000 1.21 > > +++ usr.sbin/npppd/l2tp/l2tp_ctrl.c 26 Feb 2018 11:03:20 -0000 > > @@ -442,7 +442,7 @@ l2tp_ctrl_purge_ipsec_sa(l2tp_ctrl *_thi > > #endif > > if (ipsec_util_purge_transport_sa((struct sockaddr *)&peer, > > (struct sockaddr *)&sock, proto, IPSEC_UTIL_DIRECTION_BOTH) != 0) > > - l2tp_ctrl_log(_this, LOG_NOTICE, "failed to purge IPSec SA"); > > + l2tp_ctrl_log(_this, LOG_NOTICE, "failed to purge IPsec SA"); > > } > > #endif > > > > >
