openbsd
2 years agoRemove function codes from errors, i.e., KDFerr(A, B) -> KDFerror(B)
tb [Thu, 5 May 2022 08:10:39 +0000 (08:10 +0000)]
Remove function codes from errors, i.e., KDFerr(A, B) -> KDFerror(B)

ok beck jsing

2 years agoFix typo in previous.
tb [Thu, 5 May 2022 08:07:24 +0000 (08:07 +0000)]
Fix typo in previous.

2 years agoInline OPENSSL_memdup() using malloc() + memcpy()
tb [Thu, 5 May 2022 08:05:58 +0000 (08:05 +0000)]
Inline OPENSSL_memdup() using malloc() + memcpy()

ok beck jsing

2 years agoTranslate OPENSSL_{cleanse,clear_free,free,zalloc}() to libc API.
tb [Thu, 5 May 2022 08:03:11 +0000 (08:03 +0000)]
Translate OPENSSL_{cleanse,clear_free,free,zalloc}() to libc API.

ok beck jsing

2 years agoAdjust includes for LibreSSL
tb [Thu, 5 May 2022 07:57:33 +0000 (07:57 +0000)]
Adjust includes for LibreSSL

ok beck jsing

2 years agoUse C99 initializres for hkdf_pkey_meth
tb [Thu, 5 May 2022 07:53:30 +0000 (07:53 +0000)]
Use C99 initializres for hkdf_pkey_meth

ok beck jsing

2 years agoRemove OpenSSL versions of HKDF*().
tb [Thu, 5 May 2022 07:50:06 +0000 (07:50 +0000)]
Remove OpenSSL versions of HKDF*().

ok beck jsing

2 years agoFix includes of the removed kdferr.h
tb [Thu, 5 May 2022 07:48:07 +0000 (07:48 +0000)]
Fix includes of the removed kdferr.h

2 years agoAdd NID for HKDF
tb [Thu, 5 May 2022 07:45:57 +0000 (07:45 +0000)]
Add NID for HKDF

ok beck jsing

2 years agosshkey_unshield_private() contains a exact duplicate of the code in
djm [Thu, 5 May 2022 01:04:14 +0000 (01:04 +0000)]
sshkey_unshield_private() contains a exact duplicate of the code in
private2_check_padding(). Pull private2_check_padding() up so the code
can be reused. From Martin Vahlensieck, ok deraadt@

2 years agochannel_new no longer frees remote_name. So update the comment
djm [Thu, 5 May 2022 00:56:58 +0000 (00:56 +0000)]
channel_new no longer frees remote_name.  So update the comment
accordingly.  As remote_name is not modified, it can be const
as well. From Martin Vahlensieck

2 years agomux.c: mark argument as const; from Martin Vahlensieck
djm [Thu, 5 May 2022 00:55:11 +0000 (00:55 +0000)]
mux.c: mark argument as const; from Martin Vahlensieck

2 years agovmctl(8)/vmd(8): convert disk sizes from MB to bytes
dv [Wed, 4 May 2022 23:17:25 +0000 (23:17 +0000)]
vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

2 years agoIntroduce mutex for ratecheck(9) and ppsratecheck(9). A global
bluhm [Wed, 4 May 2022 21:24:33 +0000 (21:24 +0000)]
Introduce mutex for ratecheck(9) and ppsratecheck(9).  A global
mutex with spl high for all function calls is used for now.  It
protects the lasttime and curpps parameter.  This solution is MP
safe for the usual use case, allows progress, and can be optimized
later.  Remove a useless #if 1 while there.
OK claudio@

2 years agoremove accidentally duplicated line
tb [Wed, 4 May 2022 19:34:26 +0000 (19:34 +0000)]
remove accidentally duplicated line

2 years agoWhitespace nit (knfmt(1) agrees after inserting an empty line after the
tb [Wed, 4 May 2022 19:15:52 +0000 (19:15 +0000)]
Whitespace nit (knfmt(1) agrees after inserting an empty line after the
variable declaration)

2 years agoFound two multiple evaluation macros. One of them so long and scary it
deraadt [Wed, 4 May 2022 18:57:50 +0000 (18:57 +0000)]
Found two multiple evaluation macros. One of them so long and scary it
too many people to unravel correctly and place into a static function.
While here, move the flags bits into local variables, which reduces
the amount of () in the checks.
help from millert, miod, tedu

2 years agoKNF according to knfmt(1)
tb [Wed, 4 May 2022 18:56:34 +0000 (18:56 +0000)]
KNF according to knfmt(1)

2 years agoAdd RCS tags
tb [Wed, 4 May 2022 18:49:50 +0000 (18:49 +0000)]
Add RCS tags

2 years agoRestore copyright years to 2016-2018 as they were before the previous
tb [Wed, 4 May 2022 18:48:55 +0000 (18:48 +0000)]
Restore copyright years to 2016-2018 as they were before the previous
commit.

2 years agoReinstate the licenses that were replaced with license stubs in
tb [Wed, 4 May 2022 18:47:26 +0000 (18:47 +0000)]
Reinstate the licenses that were replaced with license stubs in
OpenSSL commits d2e9e320186f0917cc940f46bdf1a7e4120da9b0 and
b6cff313cbb1d0381b329fe4f6a8f009cdb270e4

2 years agoBump copyright years to 2016-2018 as it was before the previous commit.
tb [Wed, 4 May 2022 18:37:00 +0000 (18:37 +0000)]
Bump copyright years to 2016-2018 as it was before the previous commit.

2 years agoReinstate the license that was replaced with a stub in OpenSSL commit
tb [Wed, 4 May 2022 18:36:03 +0000 (18:36 +0000)]
Reinstate the license that was replaced with a stub in OpenSSL commit
21dcbebc6e35419f1842f39a125374ea1ba45693

2 years agoInline kdferr.h at the end of kdf.h
tb [Wed, 4 May 2022 18:27:39 +0000 (18:27 +0000)]
Inline kdferr.h at the end of kdf.h

2 years agoRename hkdf.c to hkdf_evp.c to avoid a name clash with hkdf/hkdf.c
tb [Wed, 4 May 2022 18:19:17 +0000 (18:19 +0000)]
Rename hkdf.c to hkdf_evp.c to avoid a name clash with hkdf/hkdf.c

2 years agoImport HKDF code from OpenSSL 1.1.1o
tb [Wed, 4 May 2022 18:02:07 +0000 (18:02 +0000)]
Import HKDF code from OpenSSL 1.1.1o

This imports verbatim copies as of the OpenSSL_1_1_1o tag of

  crypto/kdf/hkdf.c
  crypto/kdf/hkdf_err.c
  include/openssl/kdf.h
  include/openssl/kdferr.h

from https://www.github.com/openssl/openssl.git into lib/libcrypto/kdf.

We only want the EVP interface to HKDF since some ports need them.  Not
yet linked to the build since it will not compile. Follow-on commits will
add KNF, clean up and make this compile.

Tests of an early draft version by abieber and Caspar Schutijser

ok jsing

2 years agoMove rttimer callback function from the rttimer itself to rttimer_queue.
claudio [Wed, 4 May 2022 16:52:10 +0000 (16:52 +0000)]
Move rttimer callback function from the rttimer itself to rttimer_queue.
All users use the same callback per queue so that makes sense.
Also replace rt_timer_queue_destroy() with rt_timer_queue_flush().
OK bluhm@

2 years agoIn ipsp_spd_lookup() rename the parameter tdbp to tdbin as it is
bluhm [Wed, 4 May 2022 15:29:58 +0000 (15:29 +0000)]
In ipsp_spd_lookup() rename the parameter tdbp to tdbin as it is
always the incoming TDB that has to be checked.
from markus@

2 years agorpki-client: bypass timeout in file mode.
tb [Wed, 4 May 2022 15:21:25 +0000 (15:21 +0000)]
rpki-client: bypass timeout in file mode.

ok claudio

2 years agoMerge swap-backed and object-backed inactive page lists.
mpi [Wed, 4 May 2022 14:58:26 +0000 (14:58 +0000)]
Merge swap-backed and object-backed inactive page lists.

ok millert@, kettenis@

2 years agoVariable pri is uninitialized, use msg.m_pri instead. This affects
bluhm [Wed, 4 May 2022 14:47:46 +0000 (14:47 +0000)]
Variable pri is uninitialized, use msg.m_pri instead.  This affects
the priority of userland messages with kernel or unspecified facility.
broken in previous commit; fix from markus@

2 years agoTweak wording of a comment to reflect current reality better.
tb [Wed, 4 May 2022 13:07:35 +0000 (13:07 +0000)]
Tweak wording of a comment to reflect current reality better.

2 years agoRewrite asn1_collect() and asn1_find_end() with CBS.
jsing [Wed, 4 May 2022 10:57:48 +0000 (10:57 +0000)]
Rewrite asn1_collect() and asn1_find_end() with CBS.

Use more readable variable and arguments names in the process.

ok tb@

2 years agoAvoid special handling of definite length before calling asn1_find_end().
jsing [Wed, 4 May 2022 10:53:26 +0000 (10:53 +0000)]
Avoid special handling of definite length before calling asn1_find_end().

The asn1_find_end() function handles definite length ASN.1, which means
that there is no point in the only caller having code to explicitly handle
definite length - it can just call the function.

ok tb@

2 years agoChange asn1_check_tag_cbs() out_len from long to size_t.
jsing [Wed, 4 May 2022 10:47:36 +0000 (10:47 +0000)]
Change asn1_check_tag_cbs() out_len from long to size_t.

The long vs size_t checks can be handled in the asn1_check_tag() wrapper
and this will help to avoid propagating long vs size_t issues into new
code.

ok tb@

2 years agoRemove extra empty line
claudio [Wed, 4 May 2022 10:17:16 +0000 (10:17 +0000)]
Remove extra empty line

2 years agoregen
jsg [Wed, 4 May 2022 08:11:11 +0000 (08:11 +0000)]
regen

2 years agoupdate Intel ADL-S graphics ids, add ADL-N RPL-S RPL-P
jsg [Wed, 4 May 2022 08:10:43 +0000 (08:10 +0000)]
update Intel ADL-S graphics ids, add ADL-N RPL-S RPL-P

2 years agomake sure stdout is non-blocking; ok djm@
markus [Wed, 4 May 2022 07:31:22 +0000 (07:31 +0000)]
make sure stdout is non-blocking; ok djm@

2 years agoAs found by n18fuhtm AT tutanota.com there are dhcp servers that send a
florian [Wed, 4 May 2022 05:57:18 +0000 (05:57 +0000)]
As found by n18fuhtm AT tutanota.com there are dhcp servers that send a
domain name option with length 1 and a single \0.
We strip trailing \0 and then end up with length 0.
This is a protocol violation, the minimum length for domain name option
is 1, and we ignore the lease.

Since we are not going to get this fixed this server side, we might as
well just pretend that we didn't receive a domain name (or host name).
We only ever care about them in the installer anyway. Not getting a
lease because of this corner case is not helpful.

OK deraadt

2 years agodrm/i915/adl-n: Enable ADL-N platform
jsg [Wed, 4 May 2022 05:25:28 +0000 (05:25 +0000)]
drm/i915/adl-n: Enable ADL-N platform

From Tejas Upadhyay
7e28d0b26759846485978ada860ef4a427e06c8f in mainline linux

2 years agodrm/i915/rpl-s: Add PCI IDS for Raptor Lake S
jsg [Wed, 4 May 2022 05:20:33 +0000 (05:20 +0000)]
drm/i915/rpl-s: Add PCI IDS for Raptor Lake S

From Anusha Srivatsa
52407c220c44c8dcc6aa8aa35ffc8a2db3c849a9 in mainline linux

2 years agodrm/i915/dg1: Add new PCI id
jsg [Wed, 4 May 2022 05:17:14 +0000 (05:17 +0000)]
drm/i915/dg1: Add new PCI id

From Jose Roberto de Souza
5f0d4214938db66969a50d4b1262307e39f4f2b2 in mainline linux

2 years agodrm/i915/adl_s: Update ADL-S PCI IDs
jsg [Wed, 4 May 2022 05:14:35 +0000 (05:14 +0000)]
drm/i915/adl_s: Update ADL-S PCI IDs

From Tejas Upadhyay
c79b846f892d64f169d3dba18fd2500a83805e3a in mainline linux

2 years agoMissed removing some memory scaling in vmm, vmctl.
dv [Wed, 4 May 2022 02:24:26 +0000 (02:24 +0000)]
Missed removing some memory scaling in vmm, vmctl.

Continuation of commitid RbITgDkOsW8SMssz removing use of megabytes
instead of bytes in vmm(4) and vmctl(8). Missed this spot that only
manifests after a vm is started and has its runtime details
inspected.

2 years agovmm/vmd/vmctl: standardize memory units to bytes
dv [Tue, 3 May 2022 21:39:18 +0000 (21:39 +0000)]
vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

2 years agoRate limit uvn_flush error during pageout messages. They occur
bluhm [Tue, 3 May 2022 21:20:35 +0000 (21:20 +0000)]
Rate limit uvn_flush error during pageout messages.  They occur
when a memory mapped file cannot be written to disk, e.g. if the
file system is full.  Too much printf() during kernel relinking
slows down the system boot.
OK deraadt@

2 years agoMake pf(4) more paranoid about IGMP/MLP messages. MLD/IGMP messages
sashan [Tue, 3 May 2022 13:32:47 +0000 (13:32 +0000)]
Make pf(4) more paranoid about IGMP/MLP messages. MLD/IGMP messages
with ttl other than 1 will be discarded. Also MLD messages with
other than link-local source address will be discarded. IGMP
messages with destination address other than multicast class
will be discarded.

feedback and OK bluhm@, cluadio@

2 years agosioctl_onval(3) returns int not void
ratchov [Tue, 3 May 2022 13:03:30 +0000 (13:03 +0000)]
sioctl_onval(3) returns int not void

Fix from Carlin Bingham <cb at viennan.net>, thanks!

2 years agoRework display of partition types, removing unnecessary trailing
krw [Tue, 3 May 2022 11:48:47 +0000 (11:48 +0000)]
Rework display of partition types, removing unnecessary trailing
blanks in the arrays of type names, simplifying the code and
making better use of printf().

Along the way discover that "APFS Recovery" fits, so nuke the
annoying "AFPS Recovry" contraction.

No intentional functional change.

Some "APFS Recovery" nits pointed out by jsg@

2 years agoActivate parallel IP forwarding. Start 4 softnet tasks. Limit the
bluhm [Tue, 3 May 2022 11:47:03 +0000 (11:47 +0000)]
Activate parallel IP forwarding.  Start 4 softnet tasks.  Limit the
usage to the number of CPUs.
lots of testing Hrvoje Popovski; OK sashan@ sthen@

2 years agoRetire CRYPTO_F_MPSAFE it is no longer of any use. The crypto framework
claudio [Tue, 3 May 2022 09:18:11 +0000 (09:18 +0000)]
Retire CRYPTO_F_MPSAFE it is no longer of any use. The crypto framework
no longer uses a callback and so there is no need to define the
callback as MPSAFE.
OK bluhm@

2 years agoAdd FIDO AUTHENTICATOR section and explain a bit how FIDO works. The
florian [Tue, 3 May 2022 07:42:27 +0000 (07:42 +0000)]
Add FIDO AUTHENTICATOR section and explain a bit how FIDO works. The
wording came mostly from the 8.2 OpenSSH release notes, addapted to
fit the man page.
Then move the -O bits into the new section as is already done for
CERTIFICATES and MODULI GENERATION.
Finally we can explain the trade-offs of resident keys.
While here, consistently refer to the FIDO thingies as "FIDO
authenticators", not "FIDO tokens".

input & OK jmc, naddy

2 years agoDisable DMA as part of the hardware reset, preventing the device from
anton [Mon, 2 May 2022 06:30:45 +0000 (06:30 +0000)]
Disable DMA as part of the hardware reset, preventing the device from
ending up in an odd state during netboot in which u-boot (in my case)
hands of the device in a somewhat initialized state.

ok kettenis@

2 years agoUse the given queue id argument which happen to already be equal to
anton [Mon, 2 May 2022 06:30:05 +0000 (06:30 +0000)]
Use the given queue id argument which happen to already be equal to
GENET_DMA_DEFAULT_QUEUE.

ok kettenis@

2 years agoremove an obsolete rsa1 format example from an example;
jmc [Mon, 2 May 2022 05:40:37 +0000 (05:40 +0000)]
remove an obsolete rsa1 format example from an example;

from megan batty
ok djm

2 years agosync
deraadt [Sun, 1 May 2022 23:50:48 +0000 (23:50 +0000)]
sync

2 years agofix some integer overflows in sieve_large() that show up when trying
djm [Sun, 1 May 2022 23:20:30 +0000 (23:20 +0000)]
fix some integer overflows in sieve_large() that show up when trying
to generate modp groups > 16k bits. Reported via GHPR#306 by
Bertram Felgenhauer, but fixed in a different way. feedback/ok tb@

2 years agoregen
tedu [Sun, 1 May 2022 23:00:04 +0000 (23:00 +0000)]
regen

2 years agono need to test for toupper function in awk
tedu [Sun, 1 May 2022 22:59:49 +0000 (22:59 +0000)]
no need to test for toupper function in awk
ok cheloha millert miod

2 years agoInstall useful btrace scripts into /usr/share/btrace directory.
bluhm [Sun, 1 May 2022 20:23:11 +0000 (20:23 +0000)]
Install useful btrace scripts into /usr/share/btrace directory.
OK tedu@

2 years agoSplit a new function roff_parse_comment() out of roff_expand() because this
schwarze [Sun, 1 May 2022 16:18:59 +0000 (16:18 +0000)]
Split a new function roff_parse_comment() out of roff_expand() because this
functionality is not needed when called from roff_getarg().  This makes the
long and complicated function roff_expand() significantly shorter, and also
simpler in so far as it no longer needs to return ROFF_APPEND.
No functional change intended.

2 years agoPrevent out-of-bounds array access with binaries that use unsupported
kettenis [Sun, 1 May 2022 11:03:48 +0000 (11:03 +0000)]
Prevent out-of-bounds array access with binaries that use unsupported
relocations.

ok guenther@

2 years agoCheck for the correct length field when checking the control transfer data
mglocker [Sun, 1 May 2022 10:28:54 +0000 (10:28 +0000)]
Check for the correct length field when checking the control transfer data
length.  Remove obsolete comment while here.

ok kettenis@

2 years agoRun IP input and forwarding with shared netlock. Also distribute
bluhm [Sat, 30 Apr 2022 21:13:57 +0000 (21:13 +0000)]
Run IP input and forwarding with shared netlock.  Also distribute
packets from the interface receive rings into multiple net task
queues.
Note that we still have only one softnet task.  So there will be
no concurrency yet, but we can notice wrong exclusive lock assertions.
Soon the final step will be to increase the NET_TASKQ define.
lots of testing Hrvoje Popovski; OK sashan@

2 years agoProvide a new function roff_req_or_macro() to parse and handle a request
schwarze [Sat, 30 Apr 2022 18:46:16 +0000 (18:46 +0000)]
Provide a new function roff_req_or_macro() to parse and handle a request
or macro, including context-dependent error handling inside tbl(7) code
and inside .ce/.rj blocks.  Use it both in the top level roff(7) parser
and inside conditional blocks.

This fixes an assertion failure triggered by ".if 1 .ce" inside tbl(7)
code, found by tb@ using afl(1).

As a side benefit for readability, only one place remains in the
code that calls the main handler functions for the various roff(7)
requests.  This patch also improves column numbers in some error
messages and various comments.

2 years agoRecheck PG_BUSY after locking the page.
mpi [Sat, 30 Apr 2022 17:58:43 +0000 (17:58 +0000)]
Recheck PG_BUSY after locking the page.

Another thread can set the bit if we sleep during rw_enter(9) in which case
the page shouldn't be touched.

ok semarie@

2 years agoAdd comments to some of the enum roff_tok values;
schwarze [Sat, 30 Apr 2022 15:08:56 +0000 (15:08 +0000)]
Add comments to some of the enum roff_tok values;
particularly useful for values that have non-obvious semantics
like ROFF_MAX, ROFF_cblock, ROFF_RENAMED, and TOKEN_NONE;
no code change.

2 years agoEnforce proper memory ordering in refcnt_rele() and refcnt_finalize()
visa [Sat, 30 Apr 2022 14:44:04 +0000 (14:44 +0000)]
Enforce proper memory ordering in refcnt_rele() and refcnt_finalize()

Make refcnt_rele() and refcnt_finalize() order memory operations so that
preceding loads and stores happen before 1->0 transition. Also ensure
that loads and stores that depend on the transition really begin only
after the transition has occurred. Otherwise the object destructor might
not see the object's latest state.

OK bluhm@

2 years agoWhen performing ipsp_ids_free(), grab `ipsec_flows_mtx' mutex(9) before do
mvs [Sat, 30 Apr 2022 13:28:53 +0000 (13:28 +0000)]
When performing ipsp_ids_free(), grab `ipsec_flows_mtx' mutex(9) before do
`id_refcount' decrement. This should be consistent with `ipsp_ids_gc_list'
list modifications, otherwise concurrent ipsp_ids_insert() could remove
this dying `ids' from the list before if was placed there by
ipsp_ids_free(). This makes atomic operations with `id_refcount' useless.
Also prevent ipsp_ids_lookup() to return dying `ids'.

ok bluhm@

2 years agoRefactor the handler function roff_block_sub() for clarity and simplicity.
schwarze [Sat, 30 Apr 2022 11:32:39 +0000 (11:32 +0000)]
Refactor the handler function roff_block_sub() for clarity and simplicity.

1. Do not needlessly access the function pointer table roffs[].
Instead, simply call the block closing function directly.

2. Sort code: handle both cases of block closing at the beginning
of the function rather than one at the beginning and one at the end.

3. Trim excessive, partially repetitive and obvious comments, also
making the comments considerably more precise.

No functional change.

2 years agoTweak to clarify sio_stop(3) and sio_flush() description, from jmc@
ratchov [Sat, 30 Apr 2022 08:47:18 +0000 (08:47 +0000)]
Tweak to clarify sio_stop(3) and sio_flush() description, from jmc@

2 years agoConvert the 2nd rttimer callback from struct rttimer to u_int rtableid.
claudio [Sat, 30 Apr 2022 07:20:35 +0000 (07:20 +0000)]
Convert the 2nd rttimer callback from struct rttimer to u_int rtableid.
The callback only needs to know the rtableid all the other info from
struct rtableid is not needed.
Also change the default rttimer callback to only delete routes that are
RTF_HOST and RTF_DYNAMIC. This way 2 of the ICMP handlers can use NULL
as the callback.
OK bluhm@

2 years agoadd support for printing some extra large numbers to histograms
tedu [Sat, 30 Apr 2022 01:29:05 +0000 (01:29 +0000)]
add support for printing some extra large numbers to histograms
ok mpi

2 years agoSend IP options with maximum length to check for overflow.
bluhm [Fri, 29 Apr 2022 18:58:33 +0000 (18:58 +0000)]
Send IP options with maximum length to check for overflow.

2 years agoCleanup makefile so that tests are similar. Link pair to build.
bluhm [Fri, 29 Apr 2022 17:27:37 +0000 (17:27 +0000)]
Cleanup makefile so that tests are similar.  Link pair to build.

2 years agoLink pf_opts to the tree.
bluhm [Fri, 29 Apr 2022 11:59:10 +0000 (11:59 +0000)]
Link pf_opts to the tree.

2 years agosync
jsg [Fri, 29 Apr 2022 11:29:47 +0000 (11:29 +0000)]
sync

2 years agofinally, turn on caching by default
espie [Fri, 29 Apr 2022 10:44:05 +0000 (10:44 +0000)]
finally, turn on caching by default

change the defines:
TEST_CACHING -> !NO_CACHING
TEST_CACHING_VERBOSE -> CACHING_VERBOSE
TEST_CACHING_RECHECK -> CACHING_RECHECK

okay with sthen@

2 years agoRelease PF und NET lock before calling copyout for DIOCIGETIFACES.
mbuhl [Fri, 29 Apr 2022 09:55:43 +0000 (09:55 +0000)]
Release PF und NET lock before calling copyout for DIOCIGETIFACES.
OK sashan@
Reported-by: syzbot+b6afd166e314799e3809@syzkaller.appspotmail.com
2 years agoCheck that IGMP and ICMP6 MLD packets with router alert option pass.
bluhm [Fri, 29 Apr 2022 09:45:05 +0000 (09:45 +0000)]
Check that IGMP and ICMP6 MLD packets with router alert option pass.
Other combinations with IP options are still blocked.

2 years agoWait until the buffer is drained before closing the device
ratchov [Fri, 29 Apr 2022 09:12:57 +0000 (09:12 +0000)]
Wait until the buffer is drained before closing the device

Fixes last few samples not being played when very large buffers
are used.

2 years agoIGMP and ICMP6 MLD packets always have the router alert option set.
bluhm [Fri, 29 Apr 2022 08:58:49 +0000 (08:58 +0000)]
IGMP and ICMP6 MLD packets always have the router alert option set.
pf blocked IPv4 options and IPv6 option header by default.  This
forced users to set allow-opts in pf rules.
Better let multicast work by default.  Detect router alerts by
parsing IP options and hop by hop headers.  If the packet has only
this option and is a multicast control packet, do not block it due
to bad options.
tested by otto@; OK sashan@

2 years agoAdd sio_flush(3) function to stop playback immediately
ratchov [Fri, 29 Apr 2022 08:30:48 +0000 (08:30 +0000)]
Add sio_flush(3) function to stop playback immediately

The new sio_flush(3) functions works the same way as sio_stop(3),
except that it doesn't wait for play buffer to be drained. Instead,
it discards its contents and returns immediately.

2 years agobe stricter in which characters will be accepted in specifying a mask
djm [Fri, 29 Apr 2022 04:55:07 +0000 (04:55 +0000)]
be stricter in which characters will be accepted in specifying a mask
length; allow only 0-9. From khaleesicodes via GHPR#278; ok dtucker@

2 years agomention that the helpers are used by ssh(1), ssh-agent(1) and
djm [Fri, 29 Apr 2022 03:24:30 +0000 (03:24 +0000)]
mention that the helpers are used by ssh(1), ssh-agent(1) and
ssh-keygen(1). Previously only ssh(1) was mentioned.
From Pedro Martelletto

2 years agoDon't leak SK device. Patch from Pedro Martelletto via github PR#316.
dtucker [Fri, 29 Apr 2022 03:16:48 +0000 (03:16 +0000)]
Don't leak SK device.  Patch from Pedro Martelletto via github PR#316.
ok djm@

2 years agofix memleak on session-bind path; from Pedro Martelletto, ok dtucker@
djm [Fri, 29 Apr 2022 03:13:32 +0000 (03:13 +0000)]
fix memleak on session-bind path; from Pedro Martelletto, ok dtucker@

2 years agoUse $(( )) arithmetic expansion instead of `expr something`
jca [Thu, 28 Apr 2022 22:11:59 +0000 (22:11 +0000)]
Use $(( )) arithmetic expansion instead of `expr something`

No need to use an external tool when the shell can handle this basic task.

2 years agobtrace(8): fix lexer to allow whitespace after filters.
dv [Thu, 28 Apr 2022 21:04:24 +0000 (21:04 +0000)]
btrace(8): fix lexer to allow whitespace after filters.

Whitespace is allowed after the closing slash of a filter and before
the opening brace of an action. This makes the lexer scan ahead and
collect any whitespace and newlines into the end of filter token.

ok mpi@

2 years agoAdd tests that decode sequences into ASN.1 strings.
jsing [Thu, 28 Apr 2022 18:36:38 +0000 (18:36 +0000)]
Add tests that decode sequences into ASN.1 strings.

Test decoding of sequences with length and indefinite length into an ASN.1
string - in this case the ASN.1 is not decoded, rather the octets are
stored directly as the content of the string.

This exercises a specific path through the ASN.1 decoder.

(you know asn1complex is living up to its name when you have to import
openssl/asn1t.h directly...)

2 years agoRewrite asn1_check_tlen() using CBS.
jsing [Thu, 28 Apr 2022 18:30:57 +0000 (18:30 +0000)]
Rewrite asn1_check_tlen() using CBS.

Rather than calling asn1_get_object_cbs(), call asn1_get_identifier_cbs(),
then immediately proceed with the tag number and tag class check. Only if
that succeeds (or it is not required) do we call asn1_get_length_cbs().
This avoids incurring the overhead of decoding the length in the case where
the tag number and tag class do not match.

While here rename asn1_check_tlen() to asn1_check_tag() - while we decode
the length, what we are normally checking is the tag number and tag class.
Also rename the arguments for readability. For now the argument types
and encoding remain unchanged.

ok inoguchi@ tb@

2 years agoAlways acquire the `vmobjlock' before incrementing an object's reference.
mpi [Thu, 28 Apr 2022 18:12:33 +0000 (18:12 +0000)]
Always acquire the `vmobjlock' before incrementing an object's reference.

2 years agoRoute timers were not MP safe. Protect the global lists with a
bluhm [Thu, 28 Apr 2022 17:47:41 +0000 (17:47 +0000)]
Route timers were not MP safe.  Protect the global lists with a
mutex and move the rttimer entries into a temporary list.  Then the
callback and pool put can be called later without holding the mutex.
tested by Hrvoje Popovski; OK claudio@

2 years agoRefactor ASN1_TIME_adj_internal()
tb [Thu, 28 Apr 2022 17:31:29 +0000 (17:31 +0000)]
Refactor ASN1_TIME_adj_internal()

ASN1_TIME_adj_internal() does some strange dances with remembering
allocations in a boolean and using strlen(p) to deduce what happened
inside *_string_from_tm(). It also (mis)translates a NULL p to an
illegal time value error.

This can be streamlined by converting directly from a struct tm into an
ASN1_TIME and setting the errors when they occur instead of trying to
deduce them from a NULL return. This is made a bit uglier than necessary
due to the reuse-or-allocate semantics of the public API.

At the cost of a little code duplication, ASN1_TIME_adj_internal()
becomes very easy and ASN1_TIME_to_generalizedtime() is also simplified
somewhat.

ok inoguchi jsing

2 years agoIn the multicast router code don't allocate a rt timer queue for each
claudio [Thu, 28 Apr 2022 17:27:14 +0000 (17:27 +0000)]
In the multicast router code don't allocate a rt timer queue for each
rdomain. The rttimer API is rtable/rdomain aware and so there is no need
to have so many queues.
Also init the two queues (one for IPv4 and one for IPv6) early on. This
will allow the rttable code to become simpler.
OK bluhm@

2 years agoDecouple IP input and forwarding from protocol input. This allows
bluhm [Thu, 28 Apr 2022 16:56:39 +0000 (16:56 +0000)]
Decouple IP input and forwarding from protocol input.  This allows
to have parallel IP processing while the upper layers are still not
MP safe.  Introduce ip_ours() that enqueues the packets and ipintr()
that dequeues and processes them with an exclusive netlock.
Note that we still have only one softnet task.  Running IP processing
on multiple CPU will be the next step.
lots of testing Hrvoje Popovski; OK sashan@

2 years agoThe syntax of the roff(7) .mc request is quite special
schwarze [Thu, 28 Apr 2022 16:16:46 +0000 (16:16 +0000)]
The syntax of the roff(7) .mc request is quite special
and the roff_onearg() parsing function is too generic,
so provide a dedicated parsing function instead.

This fixes an assertion failure when an \o escape sequence is
passed as the argument; the bug was found by tb@ using afl(1).
It also makes mandoc output more similar to groff in various cases.

2 years agoFix comparison in openssl(1) pkcs12
inoguchi [Thu, 28 Apr 2022 15:42:10 +0000 (15:42 +0000)]
Fix comparison in openssl(1) pkcs12

comment from tb@

2 years agoEnvironment variables must be passed through env(1) while using sudo.
anton [Thu, 28 Apr 2022 15:37:01 +0000 (15:37 +0000)]
Environment variables must be passed through env(1) while using sudo.

ok bluhm@