openbsd
23 months agoInclude bytestring.h directly rather than pulling it in via asn1_locl.h
tb [Fri, 18 Nov 2022 15:10:51 +0000 (15:10 +0000)]
Include bytestring.h directly rather than pulling it in via asn1_locl.h

23 months agoWire up HMAC to raw private key methods
tb [Fri, 18 Nov 2022 15:01:04 +0000 (15:01 +0000)]
Wire up HMAC to raw private key methods

Obviously, the brilliant API design kitchen decided that an interface
carrying public and private key in its name (so that every sane person
thinks of asymmetric cryptography), is also perfectly suitable for MACs.
Wire up HMAC since Ruby's OpenSSL gem uses these bindings if the build
system detects that EVP_PKEY_new_raw_public_key() is available in evp.h.

While there, also add the missing pub_cmp() ameth, which obviously
treats two things as equal by returning 1.

Reported by jeremy and anton, fixes regress/lib/libssl/openssl-ruby tests

ok jsing

23 months agoWrite number of bytes read/written and "?" prompt to stdout, not stderr.
millert [Fri, 18 Nov 2022 14:52:03 +0000 (14:52 +0000)]
Write number of bytes read/written and "?" prompt to stdout, not stderr.
This matches both historical behavior and the POSIX specification.
From Soeren Tempel.

23 months agoChange the pkey.ptr from char * to void *
tb [Fri, 18 Nov 2022 14:45:10 +0000 (14:45 +0000)]
Change the pkey.ptr from char * to void *

Now that EVP_PKEY is opaque, there is no reason to keep the ptr member
of the pkey union as a weird char pointer, a void pointer will do. This
avoids a few stupid casts and simplifies an upcoming diff.

ok jsing

23 months agoMove skiplist to main and merge with shortlist.
tb [Fri, 18 Nov 2022 14:38:34 +0000 (14:38 +0000)]
Move skiplist to main and merge with shortlist.

With/ok job

23 months agozap errant space in usage();
jmc [Fri, 18 Nov 2022 11:07:10 +0000 (11:07 +0000)]
zap errant space in usage();

23 months agoAdd aspa-set config test.
claudio [Fri, 18 Nov 2022 10:26:04 +0000 (10:26 +0000)]
Add aspa-set config test.

23 months agoAdd plumbing for ASPA support. This implements the parser and part of the
claudio [Fri, 18 Nov 2022 10:17:23 +0000 (10:17 +0000)]
Add plumbing for ASPA support. This implements the parser and part of the
logic in the rtr process. It does not implement the new RTR messages yet
but it is possible to specify an aspa-set in the config. Also the validation
code in the RDE is missing so this does not do anything.
With this in it will be possible to extend rpki-client to publish an
aspa-set as part of the openbgpd config file.
OK tb@

23 months agogroup -> field
tb [Fri, 18 Nov 2022 07:28:34 +0000 (07:28 +0000)]
group -> field

discussed with schwarze

23 months agopolynominal -> polynomial
tb [Fri, 18 Nov 2022 07:27:31 +0000 (07:27 +0000)]
polynominal -> polynomial

ok schwarze

23 months agocope with new getaddrinfo() error message
anton [Fri, 18 Nov 2022 06:43:39 +0000 (06:43 +0000)]
cope with new getaddrinfo() error message

23 months agosync
deraadt [Fri, 18 Nov 2022 05:58:56 +0000 (05:58 +0000)]
sync

23 months agomips64 code calls uvm_map_protect() directly, so needs to adapt:
deraadt [Fri, 18 Nov 2022 03:47:21 +0000 (03:47 +0000)]
mips64 code calls uvm_map_protect() directly, so needs to adapt:
stack growth from setrlimit was never updated to set UVM_ET_STACK on
the entries, so the check-sp-at-system-call check failed.  Quite strange
it took this long to find this.
ok kettenis

23 months agonew manual page BN_GF2m_add(3)
schwarze [Fri, 18 Nov 2022 01:21:40 +0000 (01:21 +0000)]
new manual page BN_GF2m_add(3)
concerning arithmetic in Galois fields of power-of-2 order

23 months agoWith regret, place mutexes after struct vm_map fields which are inspected
deraadt [Thu, 17 Nov 2022 23:26:07 +0000 (23:26 +0000)]
With regret, place mutexes after struct vm_map fields which are inspected
by libkvm and procmap(8).  struct mutex can change based upon kernel
compile options, and the fields were dancing around
ok kettenis

23 months agoAvoid a few unnecessary contortions
tb [Thu, 17 Nov 2022 22:45:48 +0000 (22:45 +0000)]
Avoid a few unnecessary contortions

Turns out that after ~40 years of practice I still can't do addition
with carry correctly :S

23 months agoUse a fixed-size array for the message and simplify a few other curly
tb [Thu, 17 Nov 2022 21:19:43 +0000 (21:19 +0000)]
Use a fixed-size array for the message and simplify a few other curly
things.

23 months agoSchedule cleanup of '-r' now useless getopt option
job [Thu, 17 Nov 2022 20:51:39 +0000 (20:51 +0000)]
Schedule cleanup of '-r' now useless getopt option

OK tb@

23 months agoAdd shortlist functionality, a compagnion to the skiplist
job [Thu, 17 Nov 2022 20:49:38 +0000 (20:49 +0000)]
Add shortlist functionality, a compagnion to the skiplist

If the operator specifies the '-H' option once (or more) followed by a FQDN,
the utility will *only* connect to those hosts and skip all others.

OK claudio@ tb@

23 months agoAdd initial Wycheproof EdDSA test coverage
tb [Thu, 17 Nov 2022 19:07:52 +0000 (19:07 +0000)]
Add initial Wycheproof EdDSA test coverage

23 months agoAdd a regression test for curve25519.c r1.14
tb [Thu, 17 Nov 2022 19:06:35 +0000 (19:06 +0000)]
Add a regression test for curve25519.c r1.14

Generate random signatures of random messages and verify them. Then check
that the signature modified by adding the edwards25519 group order to the
upper half are rejected. This would not always be accepted without the
check in curve25519.c r1.14, but often enough that a few iterations suffice
to expose the missing check.

23 months agoPrevent Ed25519 signature malleability
tb [Thu, 17 Nov 2022 19:01:59 +0000 (19:01 +0000)]
Prevent Ed25519 signature malleability

Add a check that ensures that the upper half s of an Ed25519 signature is
bounded by the group order, i.e, 0 <= s < order. This is required by the
Verify procedure in RFC 8032, section 5.1.7, step 1, and prevents simple
modifications of signatures such as adding (a multiple of) the group order
to the upper half of the signature.

Found with EdDSA testcase 63 of project Wycheproof.

ok beck jsing

23 months agostack growth from setrlimit was never updated to set UVM_ET_STACK on
deraadt [Thu, 17 Nov 2022 18:53:05 +0000 (18:53 +0000)]
stack growth from setrlimit was never updated to set UVM_ET_STACK on
the entries, so the check-sp-at-system-call check failed.  Quite strange
it took this long to find this.
ok kettenis

23 months agostyle(9) fix. No functional change.
mvs [Thu, 17 Nov 2022 18:05:43 +0000 (18:05 +0000)]
style(9) fix. No functional change.

23 months agoRestrict what getaddrinfo(3) is willing to try to resolve.
florian [Thu, 17 Nov 2022 17:39:41 +0000 (17:39 +0000)]
Restrict what getaddrinfo(3) is willing to try to resolve.

Programs assume that a successful call to getaddrinfo(3) validates the
input as "safe", but that's not true. Characters like '$', '`', '\n'
or '*' can traverse the DNS without problems, but have special
meaning, for example a shell.

There is a function res_hnok() already in libc, but it validates if a
string is a host name, which is too strict in practice. For example
foo-.example.com is not a valid host name, but is used on the
Internet.

Posix has this to say:
"The getaddrinfo() function shall translate the name of a service
location (for example, a host name)"

It hints that the input should be a host name, but it does not
restrict it to it.

This introduces a function hnok_lenient() which restricts the input to
getaddrinfo(3) to the set [A-z0-9-_.]. Additionally two consecutive
dots ('.') are not allowed nor can the string start with - or '.'.

glibc introduced a similar restriction years ago, so this should not
cause problems.

It has been known in the DNS community for years, probably decades
that getaddrinfo(3) is too lenient what it accepts, but it has always
been kicked down the road as "not a DNS problem". Unfortunately this
information never made it out of the DNS community and no coordinated
effort happened to have this addressed in operating systems.

David Leadbeater recently demonstrated how ssh(1) and ftp(1) are too
trusting with what getaddrinfo(3) accepts. Both have been fixed
independently of this.

Input deraadt, eric
OK millert, deraadt

23 months agoAdd apple-boot firmware for Apple arm64 machines in fw_update(8) patterns.
tobhe [Thu, 17 Nov 2022 13:30:21 +0000 (13:30 +0000)]
Add apple-boot firmware for Apple arm64 machines in fw_update(8) patterns.

The pattern matches the printed CPU_IMPL_APPLE name as in:
cpu0 at mainbus0 mpidr 0: Apple Icestorm Pro r2p0
cpu0 at mainbus0 mpidr 0: Apple Blizzard r1p0

ok deraadt@ afresh@ kettenis@

23 months agoadd .gnu.warning.SYMBOL support to ld.lld(1) to display the warnings in
robert [Thu, 17 Nov 2022 12:24:02 +0000 (12:24 +0000)]
add .gnu.warning.SYMBOL support to ld.lld(1) to display the warnings in
these sections like ld.bfd(1)

e.g:
add.c(add.o:(add)): warning: sprintf() is often misused, please use snprintf()
add.c(add.o:(add)): warning: strcpy() is almost always misused, please use strlcpy()
add.c(add.o:(add)): warning: strcat() is almost always misused, please use strlcat()

ok deraadt@

23 months agowhitespace fixes. no functional change.
dlg [Thu, 17 Nov 2022 01:30:57 +0000 (01:30 +0000)]
whitespace fixes. no functional change.

23 months agoRevert "Check certificate extensions in trusted certificates"
beck [Thu, 17 Nov 2022 00:42:12 +0000 (00:42 +0000)]
Revert "Check certificate extensions in trusted certificates"

There are some possible strange side effects noticed by the
openssl cms regress tests that I missed. Backing this out
until I untangle it

ok tb@

23 months agosync
deraadt [Wed, 16 Nov 2022 18:48:50 +0000 (18:48 +0000)]
sync

23 months agotolower(3) guarantees to return its argument unchanged if it's not
florian [Wed, 16 Nov 2022 18:30:12 +0000 (18:30 +0000)]
tolower(3) guarantees to return its argument unchanged if it's not
uppercase.
While here use the correct idiom of casting to unsigned char.

OK millert, farewell to ultrix deraadt

23 months agomark BN_X931_derive_prime_ex, BN_X931_generate_prime_ex,
schwarze [Wed, 16 Nov 2022 15:34:41 +0000 (15:34 +0000)]
mark BN_X931_derive_prime_ex, BN_X931_generate_prime_ex,
and BN_X931_generate_Xpq as intentionally undocumented because
they are unused outside OpenSSL/LibreSSL and deprecated in OpenSSL 3.0

23 months agoexpose the documentation of X509_STORE_CTX_verify_fn(3)
schwarze [Wed, 16 Nov 2022 14:55:40 +0000 (14:55 +0000)]
expose the documentation of X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and document X509_STORE_get_verify(3)
which tb@ all provided with x509_vfy.h revisions 1.48 and 1.49

23 months agodocument X509_STORE_CTX_verify_cb(3) and X509_STORE_get_verify_cb(3)
schwarze [Wed, 16 Nov 2022 14:51:08 +0000 (14:51 +0000)]
document X509_STORE_CTX_verify_cb(3) and X509_STORE_get_verify_cb(3)
which tb@ provided with x509_vfy.h revisions 1.48 and 1.49

23 months agoMark BN_mod_exp2_mont() as intentionally undocumented.
schwarze [Wed, 16 Nov 2022 14:19:22 +0000 (14:19 +0000)]
Mark BN_mod_exp2_mont() as intentionally undocumented.
It appears to be intended for internal use by DSA_do_verify(3) and using
codesearch.debian.net, i found nothing outside OpenSSL/LibreSSL using it.

In April 2018, jsing@ questioned whether the five related functions
BN_mod_exp_mont() and friends should even be exposed by <openssl/bn.h>,
so we decided to not document them.  Now tb@ agrees that there is no
reason to document BN_mod_exp2_mont() as long as we don't want to
document BN_mod_exp_mont().

23 months agoAlign output to a more tabular view
job [Wed, 16 Nov 2022 08:57:38 +0000 (08:57 +0000)]
Align output to a more tabular view

OK claudio@

23 months agoRemove an outdated TODO
tb [Wed, 16 Nov 2022 08:34:07 +0000 (08:34 +0000)]
Remove an outdated TODO

23 months agostyle(9) fix. No functional change.
mvs [Tue, 15 Nov 2022 22:47:15 +0000 (22:47 +0000)]
style(9) fix. No functional change.

23 months agoNot assigning a link local address by default breaks various things.
claudio [Tue, 15 Nov 2022 18:42:46 +0000 (18:42 +0000)]
Not assigning a link local address by default breaks various things.
A lot of code depends on a eui64 address to be present. So revert this
bit of the last commit.
OK florian@

23 months agodocument BN_mod_sqrt(3)
schwarze [Tue, 15 Nov 2022 17:55:00 +0000 (17:55 +0000)]
document BN_mod_sqrt(3)

23 months agoTake `vmobjlock' around uao_grow() and uao_shrink() calls to fix tmpfs
mvs [Tue, 15 Nov 2022 17:16:44 +0000 (17:16 +0000)]
Take `vmobjlock' around uao_grow() and uao_shrink() calls to fix tmpfs
panics [1].

1. https://marc.info/?l=openbsd-bugs&m=165012301707403&w=2

from Leo Larnack <leo at pseven.xyz>

ok kn@ mpi@

23 months agosync
sthen [Tue, 15 Nov 2022 10:44:06 +0000 (10:44 +0000)]
sync

23 months agoUnlock SIOCGIFG{MEMB,ATTR,LIST}
kn [Mon, 14 Nov 2022 22:45:02 +0000 (22:45 +0000)]
Unlock SIOCGIFG{MEMB,ATTR,LIST}

The global interface group list is also protected by the net lock and all
access to it (all within if.c) take it accordingly.

Getting all
- members    of a group (SIOCGIFGMEMB),
- attributes of a group (SIOCGIFGATTR),
- groups                (SIOCGIFGLIST)
are each read-only operations on the global interface group `ifg_head'.

The global interface list `ifnetlist' or its per-interface group lists are
not used in these ioctls.

OK mvs

23 months agoUnlock SIOCGIFCONF
kn [Mon, 14 Nov 2022 22:07:30 +0000 (22:07 +0000)]
Unlock SIOCGIFCONF

As netintro(4) explains, this copies a bunch of data from the global
interface list as well as its per-interface address lists.

All of this is never written to by ifconf(), protected by the net lock
and documented as such in the struct comments already.

OK mvs

23 months agoDocument global interface group list locking
kn [Mon, 14 Nov 2022 22:06:25 +0000 (22:06 +0000)]
Document global interface group list locking

The per-interface group list is protected by the net lock and already
documented as such.

The global interface group list `ifg_head' is also protected by the net
lock and all access to it (all within if.c) take it accordingly.

Feedback OK mvs

23 months agomerge conflicts
sthen [Mon, 14 Nov 2022 21:09:32 +0000 (21:09 +0000)]
merge conflicts

23 months agoimport NSD 4.6.1, ok florian@, thanks aoyama@ for checking autoconf C99 bits
sthen [Mon, 14 Nov 2022 21:07:49 +0000 (21:07 +0000)]
import NSD 4.6.1, ok florian@, thanks aoyama@ for checking autoconf C99 bits

23 months agodocument BN_kronecker(3)
schwarze [Mon, 14 Nov 2022 19:51:35 +0000 (19:51 +0000)]
document BN_kronecker(3)

23 months agodocument BN_reciprocal(3)
schwarze [Mon, 14 Nov 2022 18:28:29 +0000 (18:28 +0000)]
document BN_reciprocal(3)

23 months agoHide public symbols in libcrypto/x509 .c files
beck [Mon, 14 Nov 2022 17:48:49 +0000 (17:48 +0000)]
Hide public symbols in libcrypto/x509 .c files

ok tb@

23 months agoFix tag type and buffer limit in DT_TEXTREL lookup.
visa [Mon, 14 Nov 2022 17:25:00 +0000 (17:25 +0000)]
Fix tag type and buffer limit in DT_TEXTREL lookup.

OK deraadt@ kettenis@

23 months agoWith the commit to in6_ifattach mpe(4) now also works with IPv6
claudio [Mon, 14 Nov 2022 17:23:43 +0000 (17:23 +0000)]
With the commit to in6_ifattach mpe(4) now also works with IPv6

23 months agoAdd missing clock trigger to loongson_isa_splx().
visa [Mon, 14 Nov 2022 17:15:41 +0000 (17:15 +0000)]
Add missing clock trigger to loongson_isa_splx().

Fixes unexpected delays that have occurred with mips64 clock(4).

23 months agoRelax the list of interfaces which support IPv6 a bit.
claudio [Mon, 14 Nov 2022 17:12:55 +0000 (17:12 +0000)]
Relax the list of interfaces which support IPv6 a bit.

No longer require IFF_MULTICAST for all interfaces. It is save to skip
this for interfaces that don't require a ND cache. Also do not assign a
link-local address in such cases. This affects point-to-point interfaces
and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4).
The NBMA interfaces need some alternative way to figure out the address
mapping. In the end this allows non-multicast interfaces to work with IPv6.
OK dlg@ kn@

23 months agofix swapped user/group introduced in sync-with-mount_tmpfs commit;
sthen [Mon, 14 Nov 2022 14:35:39 +0000 (14:35 +0000)]
fix swapped user/group introduced in sync-with-mount_tmpfs commit;
from Josiah Frentsos

23 months agomake the EFI partition quite large, like on arm64 x13s, because newer x86
deraadt [Mon, 14 Nov 2022 14:04:25 +0000 (14:04 +0000)]
make the EFI partition quite large, like on arm64 x13s, because newer x86
((Lenovo in particular) firmware updating methods do the same -- placing
a payload in there, so a small space won't do.
ok kettenis

23 months agoPreserve original order of nameservers
kn [Mon, 14 Nov 2022 13:57:46 +0000 (13:57 +0000)]
Preserve original order of nameservers

RFC 2132 "DHCP Options and BOOTP Vendor Extensions"
3.8. Domain Name Server Option says
Servers SHOULD be listed in order of preference.

tcpdump(8), route(8) monitor and dhcpleasectl(8) -l athn0 show servers from
the DHCP OFFER in their original order, as expected.

resolvd(8) however sorts proposals by priority and IP address before writing
them to resolv.conf(5).

But as the system resolver tries this file's `nameserver' options in the
order appearance, sorting by IP breaks DHCP's intended order and thus may
result in the wrong nameserver being queried.

Sorting by IP is done to later remove duplicates from the file.

Sort by priority alone and ensure uniqueness by iterating over the list of
of proposals and zeroeing duplicates instead to preserve any proposal's
original order.

Spotted on a public wifi OFFERing two local IPs plus 8.8.8.8 in this order
which ended up with 8.8.8.8 being the first entry in my /etc/resolv.conf.

In other words, `route nameserver lo0 2.2.2.2 1.1.1.1 1.1.1.1' now yields
nameserver 2.2.2.2 # resolvd: lo0
nameserver 1.1.1.1 # resolvd: lo0
rather than
nameserver 1.1.1.1 # resolvd: lo0
nameserver 2.2.2.2 # resolvd: lo0

Feedback OK deraadt

23 months agoRecognize PT_OPENBSD_MUTABLE with LLVM's readobj / objdump.
deraadt [Mon, 14 Nov 2022 13:42:19 +0000 (13:42 +0000)]
Recognize PT_OPENBSD_MUTABLE with LLVM's readobj / objdump.
from brad

23 months agoCheck for offline chunks first, then check for keydisks
kn [Mon, 14 Nov 2022 13:39:37 +0000 (13:39 +0000)]
Check for offline chunks first, then check for keydisks

Like keydisks, offline data chunks also report a size of zero, so skipping
zero sized chunks before doing the offline check means not printing the
"softraid chunk N not online - skipping..." warning.

Restore order to make this warning appear on degraded volumes again.

23 months agoSince the introduction of automatic immutable from the kernel, the munmap()
deraadt [Mon, 14 Nov 2022 13:21:50 +0000 (13:21 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable.  So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there.  This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the alpha version

23 months agoSince the introduction of automatic immutable from the kernel, the munmap()
deraadt [Mon, 14 Nov 2022 13:20:23 +0000 (13:20 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable.  So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there.  This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the i386 version

23 months agoSince the introduction of automatic immutable from the kernel, the munmap()
deraadt [Mon, 14 Nov 2022 13:13:19 +0000 (13:13 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable.  So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there.  This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the version for sparc64, tested by pascal also

23 months agoSince the introduction of automatic immutable from the kernel, the munmap()
deraadt [Mon, 14 Nov 2022 13:12:59 +0000 (13:12 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable.  So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there.  This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the version for powerpc, tested by pascal

23 months agoTurns out the power button on the Mac mini and the touchid button on the
kettenis [Mon, 14 Nov 2022 11:11:17 +0000 (11:11 +0000)]
Turns out the power button on the Mac mini and the touchid button on the
various Macbook models generate different events.  So rename the existing
constant for a "short press" of the touchid button and add support for the
power button on the Mac mini such that is can be resumed.

ok tobhe@, patrick@

23 months ago- show -R with -s in options list
jmc [Mon, 14 Nov 2022 09:56:09 +0000 (09:56 +0000)]
- show -R with -s in options list
- show -t with -T in options list
- sort the -T commands
- small text/formatting tweaks

ok sthen
ok kn on an earlier version

23 months agoDocument arm64 as supporting RAID 1C boot
kn [Mon, 14 Nov 2022 09:34:51 +0000 (09:34 +0000)]
Document arm64 as supporting RAID 1C boot

Now that installboot(8) -p is softraid(4) aware, fresh arm64 installations
actually boot out of the box without manual intervention, as expected.

23 months agoWhen the fdt does not provide a list of brightness states, pwmbl(4)
miod [Mon, 14 Nov 2022 07:22:44 +0000 (07:22 +0000)]
When the fdt does not provide a list of brightness states, pwmbl(4)
builds a 256 state ramp (i.e. state[i] = i with 0 <= i < 256).

Change the logic to not need to malloc an array of values in this case,
since they are trivially known.

test&ok patrick@

23 months agoinclude sys/device.h, on some architectures this gets pulled in, but others
deraadt [Mon, 14 Nov 2022 00:16:44 +0000 (00:16 +0000)]
include sys/device.h, on some architectures this gets pulled in, but others
(like sparc64) require it explicitly

23 months agoFix comment style
tb [Sun, 13 Nov 2022 23:38:42 +0000 (23:38 +0000)]
Fix comment style

23 months agoVarious improvements; joint work with beck@:
schwarze [Sun, 13 Nov 2022 22:11:44 +0000 (22:11 +0000)]
Various improvements; joint work with beck@:
1. Explain up front what "ASN1_TIME" is (suggested by beck@, wording by me).
2. For opaque structs, use the generic term "object",
like we already do it in many other LibreSSL manual pages.
3. Drop some redundant phrases.
4. Improve the EXAMPLES section (by beck@, with fixes by me).
6. Add a STANDARDS section.
...and some other minor polishing.
OK beck@

23 months agoMake sure csa->csa_bundled is NULL after freeing to prevent a
mbuhl [Sun, 13 Nov 2022 21:19:40 +0000 (21:19 +0000)]
Make sure csa->csa_bundled is NULL after freeing to prevent a
possible use after free.
ok tobhe@

23 months agoSync config.h, we have ed25519 support now.
florian [Sun, 13 Nov 2022 18:40:45 +0000 (18:40 +0000)]
Sync config.h, we have ed25519 support now.

23 months agoCheck certificate extensions in trusted certificates.
beck [Sun, 13 Nov 2022 18:37:32 +0000 (18:37 +0000)]
Check certificate extensions in trusted certificates.

Historically the standards let the implementation decide to
either check or ignore the certificate properties of trust anchors.
You could either use them simply as a source of a public key which
was trusted for everything, or you were also permitted to check the
certificate properties and fully enforce them. Hooray for freedumb.

OpenSSL changed to checking these with :
commit 0daccd4dc1f1ac62181738a91714f35472e50f3c
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date:   Thu Jan 28 03:01:45 2016 -0500

BoringSSL currently does not check them, as it also inherited
the previous OpenSSL behaviour. It will change to check them in
the future.
(https://bugs.chromium.org/p/boringssl/issues/detail?id=533)

23 months agoSync data and instruction cache before entering an executable page
jca [Sun, 13 Nov 2022 16:14:06 +0000 (16:14 +0000)]
Sync data and instruction cache before entering an executable page

Adapted from kettenis' fix for arm64/pmap.c.  Since we haven't been able
to reliably reproduce the clang crashes that affect base and ports, it
not yet known whether riscv64 was badly affected by this misordering.
Time will tell.  ok kettenis@

23 months agoSplit out handlers for SOCK_DGRAM unix(4) sockets from SOCK_STREAM and
mvs [Sun, 13 Nov 2022 16:01:32 +0000 (16:01 +0000)]
Split out handlers for SOCK_DGRAM unix(4) sockets from SOCK_STREAM and
SOCK_SEQPACKET. Introduce `uipc_dgram_usrreqs' to store pointers for
dgram specific handlers.

The dgram pru_shutdown and pru_send handlers were splitted to
uipc_dgram_shutdown() and uipc_dgram_send(). The pru_accept, pru_rcvd
and pru_abort handlers are not required for dgram sockets.

The unp_disconnect() remains shared between all unix(4) sockets because
it called from common paths too.

Proposed by and ok guenther@

23 months agosync
tb [Sun, 13 Nov 2022 14:09:44 +0000 (14:09 +0000)]
sync

23 months agoAvoid symbol collision with libcrypto
tb [Sun, 13 Nov 2022 14:09:17 +0000 (14:09 +0000)]
Avoid symbol collision with libcrypto

libcrypto now provides Ed25519 and the raw public key API, so neuter the
compat implementations. Also link libfido against libcrypto.

The #ifdefs were upstreamed in https://github.com/Yubico/libfido2/pull/645

no objection djm
ok jsing

23 months agoBump libtls minor to match libcrypto and libssl
tb [Sun, 13 Nov 2022 14:07:15 +0000 (14:07 +0000)]
Bump libtls minor to match libcrypto and libssl

23 months agoBump libssl minor to match libcrypto
tb [Sun, 13 Nov 2022 14:06:58 +0000 (14:06 +0000)]
Bump libssl minor to match libcrypto

23 months agoBump minor after symbol addition
tb [Sun, 13 Nov 2022 14:06:35 +0000 (14:06 +0000)]
Bump minor after symbol addition

23 months agoUpdate Symbols.list
tb [Sun, 13 Nov 2022 14:06:15 +0000 (14:06 +0000)]
Update Symbols.list

23 months agoExpose direct access API for Ed25519.
tb [Sun, 13 Nov 2022 14:05:04 +0000 (14:05 +0000)]
Expose direct access API for Ed25519.

23 months agoExpose various EVP hooks for Ed25519 and X25519
tb [Sun, 13 Nov 2022 14:04:13 +0000 (14:04 +0000)]
Expose various EVP hooks for Ed25519 and X25519

This adds the EVP_PKEY_ED25519 and EVP_PKEY_X25519 aliases for the NIDs
and exposes the raw public key API.

The ED25519_KEYLEN and X25519_KEYLEN defines are still kept internal for
now to match what OpenSSL have. We may want to expose those later.

23 months agoAdd ED25519 aliases for NID, SN and OBJ
tb [Sun, 13 Nov 2022 14:03:13 +0000 (14:03 +0000)]
Add ED25519 aliases for NID, SN and OBJ

The Ed25519 versions already existed, but OpenSSL chose to uppercase the D.

23 months agoExpose ASN1_buf_print() in asn1.h
tb [Sun, 13 Nov 2022 13:59:46 +0000 (13:59 +0000)]
Expose ASN1_buf_print() in asn1.h

This is needed to print the 32-byte Ed25519 keys which aren't handled
as BNs.

23 months agoRemove unused fields from struct in6_ifextra
kn [Sat, 12 Nov 2022 16:36:07 +0000 (16:36 +0000)]
Remove unused fields from struct in6_ifextra

This is all under _KERNEL:
- rs_lhcookie was added in 2014 110585f259f4974284e531f0a1e121b001a580dc
  "Move sending of router solicitations to the kernel; [...]"
  but never used
- nprefixes and ndefrouters became obsolete with 2017
  4a2f474d14c160dc7829cce0149ead09d473ece9
  "Remove sending of router solicitations and processing of router
   advertisements from the kernel. [...]"

OK mpi

23 months agoAdd support for string comparison in filters.
mpi [Sat, 12 Nov 2022 14:19:08 +0000 (14:19 +0000)]
Add support for string comparison in filters.

It is now possible to filter by process name, like:

syscall:mmap:entry
/comm == "ld"/
{
...
}

Currently the parser treats C-string like any other expression member even
if arithmetic operations do no apply to strings.

23 months agoHide symbols in libcrypto/ui
beck [Sat, 12 Nov 2022 13:16:10 +0000 (13:16 +0000)]
Hide symbols in libcrypto/ui

ok jsing@

23 months agoHide symbols in libcrypto/pkcs12
beck [Sat, 12 Nov 2022 13:03:28 +0000 (13:03 +0000)]
Hide symbols in libcrypto/pkcs12

ok jsing@

23 months agoFix a long-standing pmap bug, where we would enter an executable mapping
kettenis [Sat, 12 Nov 2022 12:58:34 +0000 (12:58 +0000)]
Fix a long-standing pmap bug, where we would enter an executable mapping
for a page before synchronizing the data and instruction cache.  This means
that another thread that is executing code on this page may not fault, but
see stale contennts until the data cache flushes and/or instruction cache
invalidation propagates.  The bug surfaced when testing a change that would
recycle code pages quickly instead of keeping them around.

Fix the issue by synchronizing the caches before entering an executable
mapping for a page.  Also make sure we mark the page as "clean" after
synchronization instead of before.

ok patrick@, jca@ (and mpi@ and dlg@ for an earlier version of this diff)

23 months agoHide symbols in libcrypto/pkcs7
beck [Sat, 12 Nov 2022 12:11:14 +0000 (12:11 +0000)]
Hide symbols in libcrypto/pkcs7

This applies the guentherizer 9000(tm) to pkcs7, after moving
several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c
for reasons known only to the miasma.

ok jsing@

23 months agoRemove unused RS_LHCOOKIE macro
kn [Sat, 12 Nov 2022 02:53:17 +0000 (02:53 +0000)]
Remove unused RS_LHCOOKIE macro

Added in 2014 110585f259f4974284e531f0a1e121b001a580dc
    Move sending of router solicitations to the kernel; [...]
but never used.

23 months agoZap comment about dead linkmtu
kn [Sat, 12 Nov 2022 02:50:59 +0000 (02:50 +0000)]
Zap comment about dead linkmtu

Removed in 2015 a923c8476c6771493ee2bc4f277a429c9ae3eaff
    Remove linkmtu and maxmtu from struct nd_ifinfo.

23 months agoZap dead ip6_auto_linklocal
kn [Sat, 12 Nov 2022 02:49:34 +0000 (02:49 +0000)]
Zap dead ip6_auto_linklocal

Removed in 2015 15f0a5b39a2bb226b44457ed81a5d989cfee0393
    Ensure that link-local addresses are correctly configured on loopback
    interfaces.

23 months agoPut pf_state_import() under NPFSYNC>0 to fix build without pfsync
kn [Sat, 12 Nov 2022 02:48:14 +0000 (02:48 +0000)]
Put pf_state_import() under NPFSYNC>0 to fix build without pfsync

23 months agoAdd support for storing builtins arguments into local variables.
mpi [Fri, 11 Nov 2022 22:43:09 +0000 (22:43 +0000)]
Add support for storing builtins arguments into local variables.

23 months agoAdd support for multiple statements in if () blocks.
mpi [Fri, 11 Nov 2022 22:40:41 +0000 (22:40 +0000)]
Add support for multiple statements in if () blocks.

23 months agofix ounctuation and SEE ALSO;
jmc [Fri, 11 Nov 2022 21:41:45 +0000 (21:41 +0000)]
fix ounctuation and SEE ALSO;

23 months agoHide symbols in libcrypto/stack
beck [Fri, 11 Nov 2022 19:18:55 +0000 (19:18 +0000)]
Hide symbols in libcrypto/stack

Automated change from the first attempts at the semi automated
Guentherizer 2000.

ok jsing@ tb@ joshua@

23 months agoRevert last until we can guarantee gh_guid can't escape to the
krw [Fri, 11 Nov 2022 18:53:29 +0000 (18:53 +0000)]
Revert last until we can guarantee gh_guid can't escape to the
d_uid written to disk.