yasuoka [Thu, 20 Jul 2023 02:26:24 +0000 (02:26 +0000)]
Assign wsdisplay0 to the glass console always. The same change is
done for GENERIC already.
ok kettenis kn
job [Wed, 19 Jul 2023 21:53:45 +0000 (21:53 +0000)]
Add extra ASPA regress object
kettenis [Wed, 19 Jul 2023 21:52:55 +0000 (21:52 +0000)]
Reset sc->sc_early to 0 to make sure the framebuffer attaches.
Fixes my previous commit.
ok drahn@
job [Wed, 19 Jul 2023 21:49:30 +0000 (21:49 +0000)]
Rename ASPA providers field in filemode
fine with me @tb
millert [Wed, 19 Jul 2023 21:26:02 +0000 (21:26 +0000)]
Fix skipping of white space after the username in /etc/crontab.
Only a single white space character was consumed, we should be
consuming all white space between fields. This change makes things
consistent with how lines without a username are parsed.
OK deraadt@ sthen@
tb [Wed, 19 Jul 2023 21:01:29 +0000 (21:01 +0000)]
Don't rely on the libssl headers pulling in stdio.h somehow
kettenis [Wed, 19 Jul 2023 20:27:20 +0000 (20:27 +0000)]
Use "early 2" to attach aplpngr(4) to make sure it attaches before other
core drivers that need to enable power domains.
ok drahn@, deraadt@
kettenis [Wed, 19 Jul 2023 20:26:11 +0000 (20:26 +0000)]
Implement "early 2" locator for mainbus(4) and simplebus(4) to make
drivers attach even earlier.
ok drahn@, deraadt@
jan [Wed, 19 Jul 2023 20:22:05 +0000 (20:22 +0000)]
Protect ixl(4) admin queue with mutex(9).
with tweaks from bluhm
tested by bluhm
ok bluhm@
joshua [Wed, 19 Jul 2023 15:11:42 +0000 (15:11 +0000)]
Add missing commas to test vectors
ok tb@
joshua [Wed, 19 Jul 2023 15:06:57 +0000 (15:06 +0000)]
Add test coverage for SHA3
ok tb@
djm [Wed, 19 Jul 2023 14:03:45 +0000 (14:03 +0000)]
Separate ssh-pkcs11-helpers for each p11 module
Make ssh-pkcs11-client start an independent helper for each provider,
providing better isolation between modules and reliability if a single
module misbehaves.
This also implements reference counting of PKCS#11-hosted keys,
allowing ssh-pkcs11-helper subprocesses to be automatically reaped
when no remaining keys reference them. This fixes some bugs we have
that make PKCS11 keys unusable after they have been deleted, e.g.
https://bugzilla.mindrot.org/show_bug.cgi?id=3125
ok markus@
djm [Wed, 19 Jul 2023 14:02:27 +0000 (14:02 +0000)]
Ensure FIDO/PKCS11 libraries contain expected symbols
This checks via nlist(3) that candidate provider libraries contain one
of the symbols that we will require prior to dlopen(), which can cause
a number of side effects, including execution of constructors.
Feedback deraadt; ok markus
djm [Wed, 19 Jul 2023 13:56:33 +0000 (13:56 +0000)]
Disallow remote addition of FIDO/PKCS11 provider libraries to
ssh-agent by default.
The old behaviour of allowing remote clients from loading providers
can be restored using `ssh-agent -O allow-remote-pkcs11`.
Detection of local/remote clients requires a ssh(1) that supports
the `session-bind@openssh.com` extension. Forwarding access to a
ssh-agent socket using non-OpenSSH tools may circumvent this control.
ok markus@
djm [Wed, 19 Jul 2023 13:55:53 +0000 (13:55 +0000)]
terminate process if requested to load a PKCS#11 provider that
isn't a PKCS#11 provider; from / ok markus@
tb [Wed, 19 Jul 2023 13:34:33 +0000 (13:34 +0000)]
Fix two aliases in libcrypto spotted by the new symbols test
ok jsing
tb [Wed, 19 Jul 2023 13:26:20 +0000 (13:26 +0000)]
Partially fix interactive mode in patch
If ask() can't open /dev/tty for reading, it assumes the default answer
and carries on. Add missing unveil, so that ask() waits for an answer.
This isn't a full fix since it won't allow giving paths outside the tree
rooted at the current directory, but that's expected by the recent change.
Questions are only asked outside of force or batch mode.
fix suggested by op and semarie
ok deraadt florian
nicm [Wed, 19 Jul 2023 13:03:36 +0000 (13:03 +0000)]
Correct visited flag when the last window list is rebuilt by renumbering
windows, appears to fix hang reported by Mark Kelly.
anton [Wed, 19 Jul 2023 05:56:42 +0000 (05:56 +0000)]
Cope with LRO for TCP being enabled per default by now.
bluhm [Tue, 18 Jul 2023 16:01:20 +0000 (16:01 +0000)]
Enable LRO for TCP per default in the network drivers.
Large Receive Offload allows to receive aggregated packets larger
than the MTU. Receiving TCP streams becomes much faster. As the
network hardware is not aware whether a packet is received locally
or to be forwarded, everything is aggregated. In case of forwarding
it is split on output to packets not larger than the original
packets. So path MTU discovery should still work. If the outgoing
interface supports TSO, the packet is chopped in hardware by TCP
Segmentation Offload.
Currently only ix(4) and lo(4) devices support LRO, and ix(4) is
limited to IPv4 and hardware newer than the old 82598 model. If
the interface is added to a tpmr(4), bridge(4) or veb(4), LRO is
automatically disabled. All ix(4) devices support outgoing TSO for
IPv4 and IPv6. Enabling LRO on lo(4) automatically enables TSO and
TCP packets larger than the MTU pass the loopback interface.
LRO can be turned off per interface with ifconfig -tcplro.
OK jan@
claudio [Tue, 18 Jul 2023 15:07:41 +0000 (15:07 +0000)]
Kill ibuf_cat() since there is now ibuf_add_buf() in the official API.
OK tb@ tobhe@
claudio [Tue, 18 Jul 2023 13:06:33 +0000 (13:06 +0000)]
Do not duplicate prototypes of log.h in ypldap.h (without the extra
__format__ attribute on top).
Also properly ignore SIGHUP in the child processes.
OK jmatthew@
claudio [Tue, 18 Jul 2023 06:58:59 +0000 (06:58 +0000)]
With the update of the sleep API the linux emulation of their wait API,
schedule() and set_current_state() can be implemented in a much less
hacky way. This should remove some possible race conditions in the wait API.
Tested by many (kettenis, jsg, phessler, thfr)
OK kettenis@
asou [Tue, 18 Jul 2023 04:17:17 +0000 (04:17 +0000)]
Remove extra parentheses.
ok guenther@
kettenis [Mon, 17 Jul 2023 17:50:22 +0000 (17:50 +0000)]
Put the USB Type-C power delivery controller into the "S5" state during
suspend. This removes VBUS, avoiding USB devices that are plugged in
from consuming power during suspend.
ok mlarkin@, tobhe@, deraadt@
semarie [Mon, 17 Jul 2023 09:41:20 +0000 (09:41 +0000)]
vfs: drop several macros hidding eopnotsupp
make it obvious in the vfsops assignment that an op isnt supported.
from thib4711 at mailbox dot org
ok claudio@
djm [Mon, 17 Jul 2023 06:16:33 +0000 (06:16 +0000)]
missing match localnetwork negation check
jmc [Mon, 17 Jul 2023 05:41:53 +0000 (05:41 +0000)]
- add -P to usage()
- sync the arg name to -J in usage() with that in ssh.1
- reformat usage() to match what "man ssh" does on 80width
jmc [Mon, 17 Jul 2023 05:38:10 +0000 (05:38 +0000)]
-P before -p in SYNOPSIS;
jsg [Mon, 17 Jul 2023 05:36:14 +0000 (05:36 +0000)]
configuation -> configuration
djm [Mon, 17 Jul 2023 05:26:38 +0000 (05:26 +0000)]
move other RCSIDs to before their respective license blocks too
no code change
djm [Mon, 17 Jul 2023 05:22:30 +0000 (05:22 +0000)]
Move RCSID to before license block and away from #includes, where
it caused merge conflict in -portable for each commit :(
djm [Mon, 17 Jul 2023 05:20:15 +0000 (05:20 +0000)]
return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.
djm [Mon, 17 Jul 2023 04:08:31 +0000 (04:08 +0000)]
Add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.
ok markus
djm [Mon, 17 Jul 2023 04:04:36 +0000 (04:04 +0000)]
add a "match localnetwork" predicate.
This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).
ok markus@
djm [Mon, 17 Jul 2023 04:01:10 +0000 (04:01 +0000)]
remove vestigal support for KRL signatures
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
ok markus@
djm [Mon, 17 Jul 2023 03:57:21 +0000 (03:57 +0000)]
Support for KRL extensions.
This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.
ok markus
kettenis [Sun, 16 Jul 2023 16:13:46 +0000 (16:13 +0000)]
Remove debug printfs that print the number of wakeups seen by the
individual CPUs. Ever since we switched from WFE to WFE in the suspend
loops the information hasn't been very useful anymore. And there is some
evidence that a printf here causes problems with syslog (e.g. running
xconsole under X).
ok deraadt@
kettenis [Sun, 16 Jul 2023 16:11:11 +0000 (16:11 +0000)]
Read out the system power consumption immediately after wakeup and print
it out in the DVACT_WAKEUP phase. This is a debugging aid to help us
drive down the power consumption in suspend.
ok deraadt@
claudio [Sun, 16 Jul 2023 15:21:46 +0000 (15:21 +0000)]
Merge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata().
Also replace a ibuf_reserve() call with ibuf_add_zero() and
remove a buf->buf == NULL check in ibuf_length() since it is not necessary.
OK tobhe@ tb@
kettenis [Sun, 16 Jul 2023 09:33:18 +0000 (09:33 +0000)]
When detaching devices when we suspend, we need to continue processing
command completion events. So only return early in xhci_softintr() if
the controller is dead instead of dying. This fixes USB suspend/resume
in Apple M1/M2.
ok mlarkin@, deraadt@
tb [Sun, 16 Jul 2023 09:23:33 +0000 (09:23 +0000)]
relayd: remove ENGINE dependency
What is achieved here through ENGINE can be done in a much simpler way
by setting the default RSA implementation. Drop a number of indirections
that only add a bit of logging. This removes a lot of boiler plate and
shows where the actual magic happens more clearly.
ok op tobhe
tb [Sun, 16 Jul 2023 08:25:41 +0000 (08:25 +0000)]
ecc_cdh: plug leak of peer public key
tb [Sun, 16 Jul 2023 07:34:07 +0000 (07:34 +0000)]
ecdhtest: Drop unnecessary constant and unneeded includes
anton [Sun, 16 Jul 2023 06:36:18 +0000 (06:36 +0000)]
Make remaining unstable tests fail consistently by adjusting the
modification time of the problematic file(s), causing the check_file()
routine to always hit the "file exists and is possible match" case.
While here, sync expected failures with reality.
yasuoka [Sun, 16 Jul 2023 03:01:31 +0000 (03:01 +0000)]
Make the mbstat preserve the same size which is actually used. Also
revert the previous that the mbstat is located on the stack.
ok claudio
tb [Sun, 16 Jul 2023 00:16:42 +0000 (00:16 +0000)]
ecdhtest: fix a couple bugs plus some cosmetic tweaks
tb [Sat, 15 Jul 2023 23:40:46 +0000 (23:40 +0000)]
fix include directive - this is make, not C
tb [Sat, 15 Jul 2023 23:35:02 +0000 (23:35 +0000)]
Rework the ecdhtest
Test keyshare for all built-in curves and simplify, especially printing
on failure. Incorporate known answer tests from RFC 5114 and RFC 5903.
All in all, this is a lot less code and a lot more test coverage and
hopefully a little less eyebleed.
Very loosely based on OpenSSL
b438f0ed by Billy Brumley
kn [Sat, 15 Jul 2023 23:01:25 +0000 (23:01 +0000)]
sync with <sys/namei.h>; 'looks good' deraadt
Document missing struct nameidata members and fix one member's const-ness.
Add REALPATH flag from 2019.
tb [Sat, 15 Jul 2023 20:11:37 +0000 (20:11 +0000)]
Fix return value check for ECDH_compute_key()
ECDH_compute_key() usually returns -1 on error (but sometimes 0). This
was also the case in OpenSSL when these tests were written. This will
soon change. The check for <= 0 will still be correct.
tb [Sat, 15 Jul 2023 19:51:13 +0000 (19:51 +0000)]
Add test coverage for cofactor ECDH using NIST test vectors
Since all non-binary NIST curves have cofactor 1, this is in effect plain
ECDH. Current regress coverage of ECDH is quite lacking on architectures
where Go isn't available. This fixes that.
Actual cofactor ECDH support may be added soon to libcrypto, at which
point I will also add testcases with cofactor > 1.
kettenis [Sat, 15 Jul 2023 19:35:53 +0000 (19:35 +0000)]
Implement PAC support.
ok patrick@
tb [Sat, 15 Jul 2023 19:32:54 +0000 (19:32 +0000)]
Link symbols test to build
tb [Sat, 15 Jul 2023 19:31:02 +0000 (19:31 +0000)]
remove accidentally imported files again
tb [Sat, 15 Jul 2023 19:29:44 +0000 (19:29 +0000)]
Import a version of libcrypto's symbols test for libssl
kettenis [Sat, 15 Jul 2023 19:21:47 +0000 (19:21 +0000)]
Remove stray argument name in function prototype.
dv [Sat, 15 Jul 2023 18:32:21 +0000 (18:32 +0000)]
vmd(8): fix use of qcow base images.
The vm process was prematurely setting device fds to not close-on-exec
and then trying to close(2) them after the fork(2) of the device
process.
This caused a reuse of an fd for one of the socketpair(2)'s for
communication between vm and device. Having device processes close(2)
other device fds after fork would break the socketpair, causing the
device to fail during startup post-exec when trying to receive its
device state from the parent vm process.
Instead, mark the fds to not close on exec post-fork(2) call allowing
other device fds to be closed automatically and avoid closing by
the tracked fd.
Reported by solene@. OK tb@.
jsing [Sat, 15 Jul 2023 15:37:05 +0000 (15:37 +0000)]
Mop up MD32_XARRAY from md5.
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
jsing [Sat, 15 Jul 2023 15:30:43 +0000 (15:30 +0000)]
Mop up MD32_XARRAY from md4.
MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.
No change in generated assembly.
kettenis [Sat, 15 Jul 2023 13:35:17 +0000 (13:35 +0000)]
Add mute control. This makes the mute button on laptops that use
tascodec(4) work.
ok tobhe@
florian [Sat, 15 Jul 2023 10:42:54 +0000 (10:42 +0000)]
Prevent patch(1) from scribbling all over the place.
Arguably the only sensible use of patch(1) is changing files in the
current working directory and subdirectories.
However, patch(1) has this anti-feature, or dare I say bug, where it
will happily follow "../" upwards and outside of the current working
directory to find files to change. All it takes is a line like
+++ ../../../../home/florian/.ssh/authorized_keys
in the patchfile.
patch(1) operates on untrusted input and it already pledge(2)'ed to
not execute arbitrary programs, but of course it needs to write
files.
A simple unveil(".", "rwc") restricts patch(1) to its current working
directory.
We also need to allow /tmp and potentially the output file and reject
file if given on the command line. But those paths are safe.
input op, deraadt
OK millert, sthen
nicm [Fri, 14 Jul 2023 19:32:59 +0000 (19:32 +0000)]
Set extended keys flag again after reset, from Eric T Johnson.
kevlo [Fri, 14 Jul 2023 14:28:47 +0000 (14:28 +0000)]
Check if the OWN bit of Tx descriptor instead of Rx descriptor is set
in rtwn_tx().
Because definitions of R92C_TXDW0_OWN and R92C_RXDW0_OWN are the same,
no functional change.
ok stsp@
claudio [Fri, 14 Jul 2023 10:30:53 +0000 (10:30 +0000)]
Cleanup mrt message handling. Remove the DUMP_XYZ() macros and replace
them with direct calls to for example ibuf_add_n16(). Further cleanup
the error handling and use goto fail in most places. Remove many of the
error messages and combine all the possible ibuf errors in one place.
For this remove most warnings from internal functions (also mark all
internal helper functions with static to make that more obvious).
There are still some cases where an error will result in to warnings but
those errors are unreachable in normal operations.
OK tb@
dtucker [Fri, 14 Jul 2023 07:44:21 +0000 (07:44 +0000)]
Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
gerhard [Fri, 14 Jul 2023 07:09:00 +0000 (07:09 +0000)]
Do not ignore the AF_LINK entries of carp(4) interfaces.
OK kn@
claudio [Fri, 14 Jul 2023 07:07:08 +0000 (07:07 +0000)]
struct sleep_state is no longer used, remove it.
Also remove the priority argument to sleep_finish() the code can use
the p_flag P_SINTR flag to know if the signal check is needed or not.
OK cheloha@ kettenis@ mpi@
djm [Fri, 14 Jul 2023 05:31:44 +0000 (05:31 +0000)]
add defence-in-depth checks for some unreachable integer overflows
reported by Yair Mizrahi @ JFrog; feedback/ok millert@
tb [Thu, 13 Jul 2023 20:59:10 +0000 (20:59 +0000)]
Refactor ASN1_item_sign_ctx()
Oh, joy! The muppets had a feast: they could combine the horrors of EVP
with X.509... Return values between -1 and 3 indicating how much work
needs to be done, depending on whether methods are present or absent.
Needless to say that RSA and EdDSA had inconsistent return values until
recently.
Instead of interleaving if/else branches, split out two helper functions
that do essentially independent things, which results in something that
isn't entirely bad. Well, at least not compared to the surrounding code.
asn1_item_set_algorithm_identifiers() extracts the signature algorithm
from the digest and pkey if known, and sets it on the two X509_ALGOR that
may or may not have been passed in.
asn1_item_sign() converts data into der and signs.
Of course there were also a few leaks and missing error checks.
ok jsing
millert [Thu, 13 Jul 2023 20:33:30 +0000 (20:33 +0000)]
bcmp(3) tries to return length, which is a size_t, as an int.
Instead, just return 1 if there is a difference, else 0.
Fixed by ray@ in 2008 but the libkern version was not synced.
OK deraadt@
jasper [Thu, 13 Jul 2023 19:04:50 +0000 (19:04 +0000)]
- use IS_ELF() to check the ELF magic bytes
- reject non-sensical program header values which would result in a crash
when accessing the 0 bytes sized buffer allocated due to it
ok deraadt@ kettenis@
dv [Thu, 13 Jul 2023 18:31:59 +0000 (18:31 +0000)]
vmd(8): pull validation into local prefix parser.
Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logic from prior network daemons. vmd doesn't need to parse
addresses other than when parsing the local prefix settings in
vm.conf and no runtime parsing is needed.
This change merges parsing and validation based on vmd's specific
needs for local prefixes (e.g. reserving enough bits for vm id and
network interface id encoding in an ipv4 address). In addition, it
simplifies the struct from a generic address struct to one focused
on just storing the v4 and v6 prefixes and masks. This cleans up an
unused TAILQ struct member that isn't used by vmd and was leftover
copy-pasta from those prior daemons.
The address parsing that vmd uses is also updated to using the
latest logic in bgpd(8).
ok mlarkin@
ajacoutot [Thu, 13 Jul 2023 13:54:27 +0000 (13:54 +0000)]
Check input before trying to disable a non-existing daemon to prevent parsing
bogus characters and outputing hell on the console.
based on an initial submission from Anthony Coulter, thanks!
kettenis [Thu, 13 Jul 2023 08:33:36 +0000 (08:33 +0000)]
Use the deep idle state available on Apple M1/M2 cores in the idle loop and
for suspend. This state makes the CPU lose some of its register state so
we need to save these registers before putting the core to sleep and
restore them when we wake up. This deep idle state has a higher wakeup
latency than the normal WFI idle state. Use similar logic as acpucpu(4) to
decide which idle state to pick.
If some cores of a cluster are in this deep idle state, turbo states become
available to the cores that remain active. So stop skipping these states.
This improves single-core performance a little bit.
The main win is in power savings when running in a state with a high clock
frequency. My M2 Pro mini goes from 14W to 6.5W when idle at the maximum
clock frequency. But event at the lowest clock frequency there are small
but significant power savings.
ok deraadt@, tobhe@
jsg [Thu, 13 Jul 2023 07:31:12 +0000 (07:31 +0000)]
Change function definitions using the identifier-list form used in the
1st edition of Kernighan and Ritchie's The C Programming Language, to
that of the parameter-type-list form described in the ANSI X3.159-1989
standard.
In ISO/IEC 9899:2023 drafts, there is only one form of function definition.
"N2432 Remove support for function definitions with identifier lists".
nicm [Thu, 13 Jul 2023 06:03:48 +0000 (06:03 +0000)]
Use 8 for underscore colour defaults instead of 0 which is less
confusing, and fix writing tge default colour. GitHub issue 3627.
jasper [Wed, 12 Jul 2023 19:49:06 +0000 (19:49 +0000)]
validate alignment of ELF program headers
jasper [Wed, 12 Jul 2023 19:34:14 +0000 (19:34 +0000)]
address incomplete validation of ELF program headers in execve(2) which could lead
to a panic in vmcmd_map_readvn() with a malformed binary/interpreter.
original crash found with Melkor, additional validation provided by
guenther@.
ok kettenis@ guenther@ deraadt@
cheloha [Wed, 12 Jul 2023 18:40:06 +0000 (18:40 +0000)]
GPROF: sleep_state: disable _mcount() across suspend/resume
Something in the amd64 resume path doesn't agree with _mcount(), so
suspend/resume always fails if gmoninit is non-zero. It would be nice
if GPROF kernels didn't crash during resume.
In sleep_state(), (1) clear gmoninit after sched_stop_secondary_cpus()
so the primary CPU isn't racing sysctl(2) on another CPU, and (2)
restore gmoninit just after resume_mp() so the secondary CPUs are out
of cpu_hatch() and away from whatever is causing the crash before
_mcount() is reenabled.
Lots of input from claudio@, deraadt@, and kettenis@.
Thread 1: https://marc.info/?l=openbsd-tech&m=
168721453821801&w=2
Thread 2: https://marc.info/?l=openbsd-tech&m=
168892518722935&w=2
ok kettenis@ deraadt@
anton [Wed, 12 Jul 2023 18:36:06 +0000 (18:36 +0000)]
Add test which consistently triggers the problem with test6_perms,
omitting all other irrelevant files.
anton [Wed, 12 Jul 2023 18:21:39 +0000 (18:21 +0000)]
Report fork errors as this test is likely to hit the default
kern.maxproc limit.
jmc [Wed, 12 Jul 2023 18:14:13 +0000 (18:14 +0000)]
missing word; from thib4711
mvs [Wed, 12 Jul 2023 16:10:45 +0000 (16:10 +0000)]
Fix solock()/sounlock() usage.
This time solock() doesn't return value and sounlock() hasn't second
parameter. Bi-directional Forwarding Detection is disabled by default,
so it was forgotten when solock()/sounlock() were changed.
Build test done with BFD option.
ok phessler claudio
florian [Wed, 12 Jul 2023 15:45:34 +0000 (15:45 +0000)]
Don't run off the end of path if it ends in /.
OK op, sthen
florian [Wed, 12 Jul 2023 15:44:47 +0000 (15:44 +0000)]
basename(3) can fail, prevent segfault in strlen(3).
OK tb, sthen
claudio [Wed, 12 Jul 2023 15:34:59 +0000 (15:34 +0000)]
Add regress test to check for bad attribute lenght for optional transitive
attributes.
claudio [Wed, 12 Jul 2023 15:27:11 +0000 (15:27 +0000)]
Update rde_community_test after the major change in how attributes and
communities are written.
claudio [Wed, 12 Jul 2023 14:45:42 +0000 (14:45 +0000)]
Update OpenBGPD to use new ibuf API.
This replaces the old way of using a static buffer and a len to build
UPDATEs with a pure ibuf solution. The result is much cleaner and a lot
of almost duplicate code can be removed because often a version for ibufs
and one for this static buffer was implemented (e.g. for mrt or bgpctl).
With and OK tb@
tb [Wed, 12 Jul 2023 12:37:27 +0000 (12:37 +0000)]
Work around use after free in httpd(8)
A malformed HTTP request can cause httpd in fastcgi mode to crash due to a
use-after-free. This is an awful hack, but it's good enough until someone
figures out the correct way of dealing with server_close() here.
"this will do the trick for now" claudio
ok beck deraadt
claudio [Wed, 12 Jul 2023 12:31:28 +0000 (12:31 +0000)]
In rde_attr_parse() if an attribute causes a parse error which results in
a treat-as-withdraw consume the full attribute by updating plen else the
parser will fail parsing a possible next element which results in a
session reset.
Initial report by Ben Cox (ben at benjojo.co.uk)
OK tb@
tb [Wed, 12 Jul 2023 11:26:13 +0000 (11:26 +0000)]
Use ssize_t instead of short for line lengths
sthen hit a binary patch containing a 'line' of length > 32kB. This made
the short used for storing the line length wrap and resulted in a buffer
underflow and segfault. This uses a larger type, which doesn't actually
fix the problem, but makes it much less likely to be hit.
ok florian otto sthen
tb [Wed, 12 Jul 2023 08:54:18 +0000 (08:54 +0000)]
Revert accidental addition of cofactor ECDH support
This snuck in with ech_key.c r1.33 because I committed from a dirty tree.
tb [Wed, 12 Jul 2023 07:03:24 +0000 (07:03 +0000)]
Reenable clienttest and servertest
tb [Tue, 11 Jul 2023 17:03:44 +0000 (17:03 +0000)]
Fix last bit of the clienttest, needs ssl_pkt.c r1.66
tb [Tue, 11 Jul 2023 17:02:47 +0000 (17:02 +0000)]
Remove old workaround for F5
F5 is well-known for needing workaround (go read RFC 8446). In this
particular case, it required implementation sending CHs larger than
255 bytes to 0x0300 otherwise their server would hang. This is the
same hang that required the CH padding extension which broke other
implementations. The CH padding extension was removed ~6 years ago,
so hopefully this kludge will no longer needed either.
ok jsing
op [Tue, 11 Jul 2023 16:40:22 +0000 (16:40 +0000)]
drop engine support
diff originally by tb@, tweaked to apply after the useless logging
methods removal.
ok tb
op [Tue, 11 Jul 2023 16:39:41 +0000 (16:39 +0000)]
remove the useless logging methods
Instead of wrapping all the methods of the RSA and ECDSA ENGINE,
duplicate the default and override only the ones that are actually
needed for the privsep crypto engine.
part of a larger diff that's ok tb@
nicm [Tue, 11 Jul 2023 16:09:09 +0000 (16:09 +0000)]
Remove Ns and Li and change Nm to Ic, suggested by jmc.
claudio [Tue, 11 Jul 2023 15:18:31 +0000 (15:18 +0000)]
Bump version for -portable release