openbsd
3 years agoImport documentation for X509_get_extension_flags, X509_get_key_usage,
tb [Sat, 23 Oct 2021 15:41:10 +0000 (15:41 +0000)]
Import documentation for X509_get_extension_flags, X509_get_key_usage,
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.

input/lgtm schwarze

3 years agoImport documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
tb [Sat, 23 Oct 2021 15:39:06 +0000 (15:39 +0000)]
Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
to the build after the bump.

tweak & lgtm schwarze

3 years agooops, wrong dir.
tb [Sat, 23 Oct 2021 15:36:59 +0000 (15:36 +0000)]
oops, wrong dir.

pointed out by schwarze

3 years agoAdd new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex
beck [Sat, 23 Oct 2021 15:30:44 +0000 (15:30 +0000)]
Add new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex

As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.

Will also need Symbols.list additions by tb@ when he starts the rapture

ok tb@ jsing@

3 years agoannotate a 413 error with "request body too large" in the error log.
benno [Sat, 23 Oct 2021 15:30:28 +0000 (15:30 +0000)]
annotate a 413 error with "request body too large" in the error log.
ok claudio@

3 years agoImport documentation for X509_get_extension_flags, X509_get_key_usage,
tb [Sat, 23 Oct 2021 15:30:07 +0000 (15:30 +0000)]
Import documentation for X509_get_extension_flags, X509_get_key_usage,
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.

input/lgtm schwarze

3 years agoImport documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
tb [Sat, 23 Oct 2021 15:27:46 +0000 (15:27 +0000)]
Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
to the build after the bump.

tweak & lgtm schwarze

3 years agomissed in previous commit
mestre [Sat, 23 Oct 2021 15:08:26 +0000 (15:08 +0000)]
missed in previous commit

this was ok tb@

3 years agoMop up enc_read_ctx and read_hash.
jsing [Sat, 23 Oct 2021 15:02:27 +0000 (15:02 +0000)]
Mop up enc_read_ctx and read_hash.

These are no longer public, so we can mop them up along with the machinery
needed to set/clear them.

ok beck@ tb@

3 years agoFix double free after allocation failure in bpf(4).
visa [Sat, 23 Oct 2021 15:00:11 +0000 (15:00 +0000)]
Fix double free after allocation failure in bpf(4).

Reported by Peter J. Philipp.

OK mpi@

3 years agoBe consistend and add missing spaces around some of the NOTREACHED comments.
claudio [Sat, 23 Oct 2021 14:56:55 +0000 (14:56 +0000)]
Be consistend and add missing spaces around some of the NOTREACHED comments.

3 years agops_sigcode, ps_sigcoderet and ps_sigcookie are immutable after a process
claudio [Sat, 23 Oct 2021 14:53:02 +0000 (14:53 +0000)]
ps_sigcode, ps_sigcoderet and ps_sigcookie are immutable after a process
is created. Annotate them accordingly.
OK mpi@

3 years agoFix some whitespace issues, some pointed out by jsing, some found in
tb [Sat, 23 Oct 2021 14:52:51 +0000 (14:52 +0000)]
Fix some whitespace issues, some pointed out by jsing, some found in
the vicinity.

3 years agoPrepare s_server for opaque structs in libcrypto
tb [Sat, 23 Oct 2021 14:50:10 +0000 (14:50 +0000)]
Prepare s_server for opaque structs in libcrypto

ok beck jsing

3 years agoPrepare crl.c for opaque structs in libcrypto.
tb [Sat, 23 Oct 2021 14:49:39 +0000 (14:49 +0000)]
Prepare crl.c for opaque structs in libcrypto.

ok beck jsing

3 years agodhclient -> dhcp in comment
kn [Sat, 23 Oct 2021 14:49:06 +0000 (14:49 +0000)]
dhclient -> dhcp in comment

3 years agoPrepare pcks12 for opaque structs in libcrypto
tb [Sat, 23 Oct 2021 14:48:33 +0000 (14:48 +0000)]
Prepare pcks12 for opaque structs in libcrypto

get_cert_chain() needs some error checking. return X509_V_ errors
instead of trying to overload the NULL and then whine in a comment that
this won't really work.

Fix a bug that printed only the first attribute by factoring out the
thing that did the actual printing.

Sprinkle a few changes to accessors here and there.
This is loosely based on what OpenSSL did with some simplifications by
jsing.

ok beck jsing

3 years agoSprinkle uvm_obj_destroy() over UVM object recycling code.
mpi [Sat, 23 Oct 2021 14:42:07 +0000 (14:42 +0000)]
Sprinkle uvm_obj_destroy() over UVM object recycling code.

For now, only assert that the tree of pages is empty in uvm_obj_destroy().
This will soon be used to free the per-UVM object lock.

While here call uvm_obj_init() when new vnodes are allocated instead of
in uvn_attach().  Because vnodes and there associated UVM object are
currently never freed, it isn't easy to know where/when to garbage
collect the associated lock.  So simply check that the reference of a
given object is 0 when uvn_attach().

Tested by many as part of a bigger diff.

ok kettenis@

3 years agoProvide a way to determine our maximum legacy version.
jsing [Sat, 23 Oct 2021 14:40:54 +0000 (14:40 +0000)]
Provide a way to determine our maximum legacy version.

With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.

This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).

ok tb@

3 years agoMove libagentx to a new freeing strategy, where we check all objects when
martijn [Sat, 23 Oct 2021 14:39:35 +0000 (14:39 +0000)]
Move libagentx to a new freeing strategy, where we check all objects when
a close packet has been received.

This should have little to no performance impact in practice, since under
normal operations we shouldn't free any objects.

OK bluhm@

3 years agoAdd a regress test for TLS client/server.
jsing [Sat, 23 Oct 2021 14:34:10 +0000 (14:34 +0000)]
Add a regress test for TLS client/server.

This currently exercises various combinations of TLS versions and their
associated key exchange mechanisms. Note that this currently fails for
TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly).

Over time all of the ssl regress should be moved into the dtls and tls
regress tests.

3 years agoUnbreak test-http after the last io.c changes
claudio [Sat, 23 Oct 2021 14:29:59 +0000 (14:29 +0000)]
Unbreak test-http after the last io.c changes
Report from anton@

3 years agoAssert that the KERNEL_LOCK() is held in vref(9).
mpi [Sat, 23 Oct 2021 14:08:46 +0000 (14:08 +0000)]
Assert that the KERNEL_LOCK() is held in vref(9).

This is a guard against pushing the lock too far in UVM's vnode land.

ok beck@

3 years agotweak previous: add missing OpenBSD CVS tag
schwarze [Sat, 23 Oct 2021 13:57:00 +0000 (13:57 +0000)]
tweak previous: add missing OpenBSD CVS tag
and fix some weird typos in comments (duplicate '@' signs)

3 years agoRemove unused fields from struct dtls1_retransmit_state.
jsing [Sat, 23 Oct 2021 13:45:44 +0000 (13:45 +0000)]
Remove unused fields from struct dtls1_retransmit_state.

3 years agoFold DTLS1_STATE_INTERNAL into DTLS1_STATE.
jsing [Sat, 23 Oct 2021 13:36:03 +0000 (13:36 +0000)]
Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.

Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.

ok tb@

3 years agotweak previous: properly mark up function pointer typedef
schwarze [Sat, 23 Oct 2021 13:17:03 +0000 (13:17 +0000)]
tweak previous: properly mark up function pointer typedef
plus .Dv NULL, SEE ALSO, HISTORY

3 years agoPrepare to make many of the structs in x509.h opaque.
tb [Sat, 23 Oct 2021 13:16:52 +0000 (13:16 +0000)]
Prepare to make many of the structs in x509.h opaque.

ok beck jsing

3 years agoChange ssl_verify_cert_chain() for compatibility with opaque
tb [Sat, 23 Oct 2021 13:14:38 +0000 (13:14 +0000)]
Change ssl_verify_cert_chain() for compatibility with opaque
X509_STORE_CTX and use accessors instead of reaching directly
into the struct.

ok jsing

3 years agoUse X509_STORE_CTX_get0_chain() instead of grabbing the chain directly
tb [Sat, 23 Oct 2021 13:12:55 +0000 (13:12 +0000)]
Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directly
out of the X509_STORE_CTX.

ok jsing

3 years agoRevise regress test for tls13_buffer rename.
jsing [Sat, 23 Oct 2021 13:12:45 +0000 (13:12 +0000)]
Revise regress test for tls13_buffer rename.

3 years agoRename tls13_buffer to tls_buffer.
jsing [Sat, 23 Oct 2021 13:12:14 +0000 (13:12 +0000)]
Rename tls13_buffer to tls_buffer.

This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.

ok beck@ tb@

3 years agoMake sure we have enough space to add padding and final token to the nvram
kettenis [Sat, 23 Oct 2021 12:48:17 +0000 (12:48 +0000)]
Make sure we have enough space to add padding and final token to the nvram
data.  Also add the MAC address to the nvram data when there is a
"local-mac-address" property in the device tree.  This makes bwfm(4) work
with the firmware/nvram/clm_blob files provided with MacOS on the Apple
M1 Macs.

ok patrick@

3 years agoStop reaching into structs that will become opaque in ca.c
tb [Sat, 23 Oct 2021 12:00:18 +0000 (12:00 +0000)]
Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

3 years agoPrepare to provide X509_re_X509*_tbs()
tb [Sat, 23 Oct 2021 11:56:10 +0000 (11:56 +0000)]
Prepare to provide X509_re_X509*_tbs()

ok beck jsing

3 years agoPrepare to provide X509_get_extension_flags()
tb [Sat, 23 Oct 2021 11:53:24 +0000 (11:53 +0000)]
Prepare to provide X509_get_extension_flags()

ok beck jsing

3 years agoAdd SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback
beck [Sat, 23 Oct 2021 11:41:51 +0000 (11:41 +0000)]
Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback

Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.

ok tb@

3 years agoPrepare to provide X509_SIG_get{0,m}.
tb [Sat, 23 Oct 2021 11:41:50 +0000 (11:41 +0000)]
Prepare to provide X509_SIG_get{0,m}.

ok beck jsing

3 years agoNuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10
tb [Sat, 23 Oct 2021 11:36:44 +0000 (11:36 +0000)]
Nuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10
encoders many moons ago. OpenSSL removed it in 2015.

ok beck jsing

3 years agoif both stdout and stderr are redirected to a non-tty, pledge(2) will kill
mestre [Sat, 23 Oct 2021 11:22:48 +0000 (11:22 +0000)]
if both stdout and stderr are redirected to a non-tty, pledge(2) will kill
ncurses applications, e.g.:

/usr/games/worms 2>&1 | cat

solve this by only calling pledge(2) after initscr(3) is set and done, or
whatever function that calls it. since pledge(2) is called later now the
promises might be reduced, but this a diff for another day.

found by naddy@ almost a year ago, discussed with him deraadt@ and tb@
ok tb@

3 years agoCorrectly print varbind not found contexts.
martijn [Sat, 23 Oct 2021 10:47:50 +0000 (10:47 +0000)]
Correctly print varbind not found contexts.

OK benno@

3 years agoAlways print the community.
martijn [Sat, 23 Oct 2021 10:45:20 +0000 (10:45 +0000)]
Always print the community.

There's no such thing as a default community.

OK benno@

3 years agoWe define Unsigned32 as [Application 7], which was part of RFC1442 (1993),
martijn [Sat, 23 Oct 2021 09:42:14 +0000 (09:42 +0000)]
We define Unsigned32 as [Application 7], which was part of RFC1442 (1993),
but was removed in RFC1902 (1996), where it was made equal to Gauge32.

There's no real harm in keeping it, since nothing else uses
[APPLICATION 7], but add a comment to help out any future lost soul that
might wander into this.

OK benno@

3 years agoYIELD() in pf_table.c should preempt for ioctl() callers only
sashan [Sat, 23 Oct 2021 09:36:58 +0000 (09:36 +0000)]
YIELD() in pf_table.c should preempt for ioctl() callers only

OK @mpi

3 years agoMove "-T" and "exec" support out of SMALL
kn [Sat, 23 Oct 2021 09:28:48 +0000 (09:28 +0000)]
Move "-T" and "exec" support out of SMALL

Ramdisk kernels lack support for alternate routing tables,
so "-T N" for N > 0 always fails.
"route -T0 exec" is just a useless "exec", so zap it completely.

OK benno

3 years agoAdd back the fips mode test functions, new stuff requires this.
beck [Sat, 23 Oct 2021 09:13:51 +0000 (09:13 +0000)]
Add back the fips mode test functions, new stuff requires this.
Symbols.list changes to follow with tb's upcoming bump
ok jsing@

3 years agoUntangle ssl3_get_message() return values.
jsing [Sat, 23 Oct 2021 08:34:36 +0000 (08:34 +0000)]
Untangle ssl3_get_message() return values.

This function currently has a long return type that may be <= 0 on
error/retry (which is then cast to an int in order to return it up the
stack), or it returns the length of the handshake message (on success).
This obviously means that 0 can be returned for both success and failure,
which is the reason why a separate 'ok' argument has to exist.

Untangle this mess by changing the return value to an int that indicates
success (1) or error/retry (<= 0). The length never needs to actually be
returned as it is already stored in s->internal->init_num (which is where
the return value is read from anyway).

ok tb@

3 years agoadd "rcctl ls rogue", to show daemons which are running but not set as
sthen [Sat, 23 Oct 2021 08:19:27 +0000 (08:19 +0000)]
add "rcctl ls rogue", to show daemons which are running but not set as
"enabled" in rc.conf.local.

naming suggesting from schwarze@, ok kn@ ajacoutot@

3 years agoRevise regress for tlsext_tick_lifetime_hint changing type.
jsing [Sat, 23 Oct 2021 08:13:52 +0000 (08:13 +0000)]
Revise regress for tlsext_tick_lifetime_hint changing type.

3 years agoAdd a length check before NUL-terminating target. From Jonas Termansen.
tb [Sat, 23 Oct 2021 08:13:48 +0000 (08:13 +0000)]
Add a length check before NUL-terminating target.  From Jonas Termansen.

ok jsing

3 years agoChange tlsext_tick_lifetime_hint to uint32_t.
jsing [Sat, 23 Oct 2021 08:13:02 +0000 (08:13 +0000)]
Change tlsext_tick_lifetime_hint to uint32_t.

Now that SSL_SESSION is opaque, change tlsext_tick_lifetime_hint from long
to uint32_t (matching RFC4507), rather than continuing to work around an
inappropriate type choice.

ok tb@

3 years agounwind(8) gives the most preferred resolver strategy a bit more time
florian [Sat, 23 Oct 2021 07:25:20 +0000 (07:25 +0000)]
unwind(8) gives the most preferred resolver strategy a bit more time
(200ms) to answer before trying the next strategy. However, we need to
skip strategies that are not available. In the default configuration,
without a config file unwind(8) would give DoT 200ms more time, but no
DoT forwarders are known, so this is useless.
OK kn

3 years agoPrepare to provide X509_get_{extended_,}key_usage()
tb [Fri, 22 Oct 2021 18:37:15 +0000 (18:37 +0000)]
Prepare to provide X509_get_{extended_,}key_usage()

ok beck jsing

3 years agoDocument existent "descr" alias for "description"
kn [Fri, 22 Oct 2021 18:35:27 +0000 (18:35 +0000)]
Document existent "descr" alias for "description"

3 years agoMake ":tdelete" work
kn [Fri, 22 Oct 2021 18:31:12 +0000 (18:31 +0000)]
Make ":tdelete" work

r1.91 added tags for all commands, but "del[ete]" is special in that
mandoc(1) will generate a tag for "del" only.

Add an explicit for the full command to fix this.

3 years agooops.
mbuhl [Fri, 22 Oct 2021 18:07:01 +0000 (18:07 +0000)]
oops.

3 years agoadd missing FreeBSD libm tests, update the others
mbuhl [Fri, 22 Oct 2021 18:00:22 +0000 (18:00 +0000)]
add missing FreeBSD libm tests, update the others

3 years agoSwitch from u_int and u_char to u32 and u8 to avoid portability issues.
tb [Fri, 22 Oct 2021 17:43:00 +0000 (17:43 +0000)]
Switch from u_int and u_char to u32 and u8 to avoid portability issues.
Prompted by a diff by Jonas Termansen.

ok jsing

3 years agoRemove key and trim text if menu cannot fit in available space, based on
nicm [Fri, 22 Oct 2021 17:12:50 +0000 (17:12 +0000)]
Remove key and trim text if menu cannot fit in available space, based on
a change from Alexis Hildebrandt.

3 years agoadd some punctuation;
jmc [Fri, 22 Oct 2021 16:42:28 +0000 (16:42 +0000)]
add some punctuation;

3 years agoPrepare to provide X509_REQ_pubkey_get0()
tb [Fri, 22 Oct 2021 16:42:13 +0000 (16:42 +0000)]
Prepare to provide X509_REQ_pubkey_get0()

ok jsing

3 years agoremove some bad punctuation;
jmc [Fri, 22 Oct 2021 16:41:47 +0000 (16:41 +0000)]
remove some bad punctuation;

3 years agonew manual page EVP_PKEY_add1_attr(3) documenting nine functions
schwarze [Fri, 22 Oct 2021 15:50:19 +0000 (15:50 +0000)]
new manual page EVP_PKEY_add1_attr(3) documenting nine functions
for associating X.501 Attributes with private keys

3 years agoMake error handling in IPsec consistent. Pass errors to the callers.
bluhm [Fri, 22 Oct 2021 15:44:20 +0000 (15:44 +0000)]
Make error handling in IPsec consistent.  Pass errors to the callers.
OK tobhe@

3 years agoRevert "Preserve select(2) semantics when the other end of the pipe is gone".
mpi [Fri, 22 Oct 2021 15:16:50 +0000 (15:16 +0000)]
Revert "Preserve select(2) semantics when the other end of the pipe is gone".

The logic to emulate the current poll/select behavior is better implemented
at the syscall layer and not in the kqueue backend.

Discussed with deraadt@, ok anton@

3 years agooops, missed unused variable in previous
florian [Fri, 22 Oct 2021 15:11:51 +0000 (15:11 +0000)]
oops, missed unused variable in previous

3 years agoMake EVFILT_EXCEPT handling separate from the read filter.
mpi [Fri, 22 Oct 2021 15:11:32 +0000 (15:11 +0000)]
Make EVFILT_EXCEPT handling separate from the read filter.

This is a change of behavior and events wont be generated if there
is something to read on the fd.  Only EV_EOF or NOTE_OOB will now
be reported.

While here a new filter for FIFOs supporting EV_EOF and __EV_HUP.

ok visa@

3 years agoconfig_new_empty() should give us a completely empty config, let
florian [Fri, 22 Oct 2021 15:03:28 +0000 (15:03 +0000)]
config_new_empty() should give us a completely empty config, let
parse_config() handle the case of defaults. This prevents the resolver
process from spinning up resolver strategies before the config has
been parsed and tearing them down immediately after if they are not
listed in the config files preferences section.

OK kn

3 years agoUpdate to tzdata2021e from www.iana.org. Major changes:
millert [Fri, 22 Oct 2021 14:40:49 +0000 (14:40 +0000)]
Update to tzdata2021e from iana.org.  Major changes:
 o Palestine will fall back 10-29 (not 10-30) at 01:00.
 o Fiji suspends DST for the 2021/2022 season.
 o Move some backward-compatibility links to 'backward'.
 o Rename Pacific/Enderbury to Pacific/Kanton.

3 years agoMask LPI interrupts. This fixes an interrupt storm on dwge(4) variants
kettenis [Fri, 22 Oct 2021 14:28:54 +0000 (14:28 +0000)]
Mask LPI interrupts.  This fixes an interrupt storm on dwge(4) variants
that support Energy Efficient Ethernet when connected to a switch that
also supports Energy Effient Ethernet.  For example on the odroid-hc4.

ok patrick@

3 years agoHonour enabled resolvers to keep unused forwarders actually disabled
kn [Fri, 22 Oct 2021 13:38:07 +0000 (13:38 +0000)]
Honour enabled resolvers to keep unused forwarders actually disabled

An unwind.conf like the following would still query forwarders,
both "." periodically and any explicit "example.com." queries:

preference { recursor autoconf stub }
forwarder { 2001:db8::1 }
force accept bogus forwarder { example.com. }

That's because the forwarder and resolver children processes start with
the default configuration and main later sends them the effective user
configuration;  merging them, however, would ignore the list of enabled
resolvers, i.e. those listed in the `preference {}' block and thusly
cause children to always have all forwarders enabled (as is by default).

Copy the resolvers list during merge to fix this and restore expected
behaviour.

(Noticed during tests with "forwarder" temporarily removed from
`preference {}' while leaving the rest as is:  my VPN interface serving
that forwarder showed DNS traffic while it was supposed to be silent.)

OK florian

3 years agonew manual page X509at_add1_attr(3)
schwarze [Fri, 22 Oct 2021 13:29:41 +0000 (13:29 +0000)]
new manual page X509at_add1_attr(3)
describing five functions to change arrays of X.501 Attribute objects

3 years agofix a gratuitiously different argument name
schwarze [Fri, 22 Oct 2021 13:21:06 +0000 (13:21 +0000)]
fix a gratuitiously different argument name

3 years agoAfter deleting hifn(4) the only provider for the LZS compression
bluhm [Fri, 22 Oct 2021 12:30:53 +0000 (12:30 +0000)]
After deleting hifn(4) the only provider for the LZS compression
algorithm is gone.  Reomve all LZS references from the tree.  The
v42bis in isakmpd also looks unsupported.
OK mvs@ patrick@ sthen@

3 years agonew manual page X509at_get_attr(3)
schwarze [Fri, 22 Oct 2021 11:24:45 +0000 (11:24 +0000)]
new manual page X509at_get_attr(3)
documenting five X.501 Attribute read accessors

3 years agoFirst step of cleanup in the io land. Introduce io_buf_new() and
claudio [Fri, 22 Oct 2021 11:13:06 +0000 (11:13 +0000)]
First step of cleanup in the io land. Introduce io_buf_new() and
io_buf_close(). These function will inject a size of the the buffer
at the beginning of the buffer and will allow the read size to be
switched to proper async IO.
OK benno@

3 years agoImplement --compare-dest in openrsync. compare-dest allows you to add
claudio [Fri, 22 Oct 2021 11:10:34 +0000 (11:10 +0000)]
Implement --compare-dest in open compare-dest allows you to add
additional directories to check for files to be available.
OK benno@

3 years agoPrevent mem leaks in the (unlikely) event that getaddrinfo returns
dtucker [Fri, 22 Oct 2021 10:51:57 +0000 (10:51 +0000)]
Prevent mem leaks in the (unlikely) event that getaddrinfo returns
no addresses.  ALso, remove an unneeded NULL check in addr_ntop.
From khaleesicodes via github PR#281, ok deraadt@

3 years agoPut back sys/types.h and sys/socket.h. The latter was unintentionally
tb [Fri, 22 Oct 2021 10:22:15 +0000 (10:22 +0000)]
Put back sys/types.h and sys/socket.h. The latter was unintentionally
removed and the former is still needed, as pointed out by kettenis

3 years agoWhen reading the symlink value during the fts travers use ent->fts_accpath
claudio [Fri, 22 Oct 2021 09:59:35 +0000 (09:59 +0000)]
When reading the symlink value during the fts travers use ent->fts_accpath
since the fts traverse does chdirs for performance reasons.
OK deraadt@

3 years agoFix some ghastly whitespace. From Martin Vahlensieck
tb [Fri, 22 Oct 2021 09:51:54 +0000 (09:51 +0000)]
Fix some ghastly whitespace. From Martin Vahlensieck

3 years agoUse unsigned char instead of u_char in base64.c. This is a mild
tb [Fri, 22 Oct 2021 09:49:26 +0000 (09:49 +0000)]
Use unsigned char instead of u_char in base64.c. This is a mild
portability annoyance since not all systems have u_char. Remove
the now unused includes sys/types.h and stdio.h.

u_char diff from Jonas Termansen

ok deraadt

3 years agoGarbage collect an unused variable.
tb [Fri, 22 Oct 2021 09:44:58 +0000 (09:44 +0000)]
Garbage collect an unused variable.

3 years agoStop setting enc.modified manually. It's no longer needed.
tb [Fri, 22 Oct 2021 09:44:30 +0000 (09:44 +0000)]
Stop setting enc.modified manually. It's no longer needed.

3 years agoRemove unnecessary semicolons in case statements. From khaleesicodes
dtucker [Fri, 22 Oct 2021 09:22:04 +0000 (09:22 +0000)]
Remove unnecessary semicolons in case statements. From khaleesicodes
via github PR#280.

3 years agoFix typos in comments. From khaleesicodes via github PR#280.
dtucker [Fri, 22 Oct 2021 09:19:34 +0000 (09:19 +0000)]
Fix typos in comments.  From khaleesicodes via github PR#280.

3 years agoreturn unsupported version for version less than HTTP/0.9 and higher
benno [Fri, 22 Oct 2021 08:51:50 +0000 (08:51 +0000)]
return unsupported version for version less than HTTP/0.9 and higher
than HTTP/1.9. Downgrade version >= HTTP/1.2++ to 1.1.

Found by "J. K." (openbsd DOT list AT krottmayer DOT com)
ok claudio@

3 years agoregen
jsg [Fri, 22 Oct 2021 08:48:46 +0000 (08:48 +0000)]
regen

3 years agoadd Intel ADL-S and ADL-P graphics ids Mesa matches
jsg [Fri, 22 Oct 2021 08:48:08 +0000 (08:48 +0000)]
add Intel ADL-S and ADL-P graphics ids Mesa matches

fix a GMA600 id while here

3 years agoRemove last dangling usage of CRYPTO_F_NOQUEUE.
anton [Fri, 22 Oct 2021 05:06:37 +0000 (05:06 +0000)]
Remove last dangling usage of CRYPTO_F_NOQUEUE.

ok tb@

3 years agosync
anton [Fri, 22 Oct 2021 05:04:27 +0000 (05:04 +0000)]
sync

3 years agoknf nits
anton [Fri, 22 Oct 2021 05:03:57 +0000 (05:03 +0000)]
knf nits

3 years agoadd pipe select hangup test case; ok mpi@
anton [Fri, 22 Oct 2021 05:03:04 +0000 (05:03 +0000)]
add pipe select hangup test case; ok mpi@

3 years agoPreserve pipe select(2) semantics when the other end of the pipe is gone.
anton [Fri, 22 Oct 2021 05:00:26 +0000 (05:00 +0000)]
Preserve pipe select(2) semantics when the other end of the pipe is gone.
In preparation for implementing select(2) on top of kqueue.

ok mpi@

3 years agoOne could end up with the wrong encoding in xenocara while having a ucc
anton [Fri, 22 Oct 2021 04:59:31 +0000 (04:59 +0000)]
One could end up with the wrong encoding in xenocara while having a ucc
keyboard attached and /etc/kbdtype being present. The advertised
encoding of a wsmux is a bit fragile as the last attached device will
dictate it. If this happens to be a ucc keyboard, KB_US will always be
the advertised encoding as its encoding is immutable and /etc/kbdtype is
ignored.

Instead, do not advertise the encoding for ucc devices when the parent
mux queries its attached devices. However, asking the device directly
(i.e. bypassing the mux) still returns the encoding as wsconsctl(8)
would otherwise report an error.

Thanks to landry@ for the report and testing.

3 years agoRemove more dead code related to crypto task queues.
tobhe [Thu, 21 Oct 2021 23:03:48 +0000 (23:03 +0000)]
Remove more dead code related to crypto task queues.

3 years agoRemove code to run crypto operations in a task queue. The code was
tobhe [Thu, 21 Oct 2021 22:59:07 +0000 (22:59 +0000)]
Remove code to run crypto operations in a task queue. The code was
not reachable because all callers had set the CRYPTO_F_NOQUEUE flag.

ok patrick@ mvs@ bluhm@

3 years agoSimplify the description of RETURN VALUES.
schwarze [Thu, 21 Oct 2021 22:36:16 +0000 (22:36 +0000)]
Simplify the description of RETURN VALUES.
After tb@'s commit x509/x509_lu.c rev. 1.33, it is no longer necessary
to talk about X509_LU_* constants as return values from these functions.
Feedback and OK from tb@.

3 years agoInitialize interrupts to G1NS by configuring IGROUPR and IGRPMODR. This
patrick [Thu, 21 Oct 2021 22:25:03 +0000 (22:25 +0000)]
Initialize interrupts to G1NS by configuring IGROUPR and IGRPMODR.  This
makes interrupts work with Parallels on the Apple M1.

Tested by patrick@ on Ampere eMAG and MacchiatoBin
Tested by fkr@ on Pinebook Pro
ok kettenis@

3 years agoRelease solock() before call unp_internalize() and take it within when
mvs [Thu, 21 Oct 2021 22:11:07 +0000 (22:11 +0000)]
Release solock() before call unp_internalize() and take it within when
access garbage collector data.

This is the next step to make UNIX domain sockets locking fine grained.
This also moves M_WAIT/M_WAITOK allocations out from `unp_lock' rwlock(9).
The lock order between fdplock() and `unp_lock' changed and now fdplock()
should be taken first. This was not required, but helps to mpi@'s knote(9)
related work.

ok bluhm@