openbsd
3 years agoadd missing break
jsg [Fri, 23 Apr 2021 04:35:54 +0000 (04:35 +0000)]
add missing break
ok drahn@

3 years agocall klist_invalidate from bpfsdetach to tell kq listeners what happened.
dlg [Fri, 23 Apr 2021 03:43:19 +0000 (03:43 +0000)]
call klist_invalidate from bpfsdetach to tell kq listeners what happened.

without this, something using a kevent to monitor a bpf fd on an
idle interface never has the event fire, which means it never
realises the interface goes away. with this, the read event goes
off and the next read fails with EIO, like pretty much every other
driver when the underlying device is removed.

ok claudio@ visa@ jmatthew@

3 years agoonly skip pf once for packets that are injected by a divert-packet socket.
dlg [Fri, 23 Apr 2021 03:29:24 +0000 (03:29 +0000)]
only skip pf once for packets that are injected by a divert-packet socket.

when a divert socket gets a packet from userland to send back through
the kernel, it marks it as diverted so pf knows not to divert it
back to userland again. this marking stuck to the packet though,
so if it went through pf again (eg, on the way out of the network
stack) pf would skip it again. this is undesirable if you want pf
to do things to the packet on this outgoing hope, such as nat.

this has pf clear the mark once it's been used, which allows the
next run of a packet through pf to have stuff work on it.

found by some people at parta networks.
ok sashan@ lteo@ bluhm@
bluhm@ also suggested keeping my diff in the same style as the rest of pf.c

3 years agoWe're only going to use the first CoS queue, so only store the ID of that
jmatthew [Fri, 23 Apr 2021 03:23:44 +0000 (03:23 +0000)]
We're only going to use the first CoS queue, so only store the ID of that
one.  Some of this would have got in the way of setting up multiple tx/rx
rings.

ok dlg@

3 years agoInitial import of OpenBSD/riscv64
drahn [Fri, 23 Apr 2021 02:42:16 +0000 (02:42 +0000)]
Initial import of OpenBSD/riscv64

This work is based on the effort:
https://www.openbsd.org/papers/Porting_OpenBSD_to_RISCV_FinalReport.pdf
"Porting OpenBSD to RISC-V ISA"
by
Brian Bamsch <bbamsch@google.com>
Wenyan He <wenyan.he@sjsu.edu>
Mars Li <mengshi.li.mars@gmail.com>
Shivam Waghela <shivamwaghela@gmail.com>

With additional work by Dale Rahn <drahn@openbsd.org>

3 years agoUse the long version of the bwfm(4) firmware path, which includes the
patrick [Thu, 22 Apr 2021 22:14:30 +0000 (22:14 +0000)]
Use the long version of the bwfm(4) firmware path, which includes the
board's compatible string, when printing an error about not being able
to load the firmware.  Since most NVRAM files are board- or package-
specific, having the compatible makes it easier for us to find the
correct files, so that we can add them to the bwfm-firmware port.

ok kurt@

3 years agoAdd a non-interactive version of query-replace-regexp function called
lum [Thu, 22 Apr 2021 19:50:55 +0000 (19:50 +0000)]
Add a non-interactive version of query-replace-regexp function called
replace-regexp. Unfortunately query-replace-regexp can't be used in a
startup file.

3 years agovmd(8): guard against bad virtio drivers
dv [Thu, 22 Apr 2021 18:40:21 +0000 (18:40 +0000)]
vmd(8): guard against bad virtio drivers

Add protections against guests with bad virtio-{blk,net,scsi}
drivers, specifically avoiding invalid descriptor chains and
invalid vionet packet sizes. This helps prevent possible lockup
of the host vm process due to a spinning device event loop thread.

Also fix an unneeded cast in the vioblk handling in case of invalid
buffer lengths.

OK mlarkin@

3 years agoOnly hash known CH extensions
tb [Thu, 22 Apr 2021 18:27:53 +0000 (18:27 +0000)]
Only hash known CH extensions

RFC 4.1.2 specifies the ways in which the extensions in the first and
the second ClientHello may differ.  It basically says that extensions
not known to a server must not change.  This in turn makes it impossible
to introduce new extensions that do change.  It makes little sense to
enforce that extensions we don't know and care about aren't modified,
so make the hashing more lenient and restrict it to the extensions we
do care about.  Arguably, enforcing no change in an unknown extension
is incompatible with the requirement that it be ignored.

ok bcook jsing

3 years agokqueue: Make timer re-addition reset existing timer
visa [Thu, 22 Apr 2021 15:30:12 +0000 (15:30 +0000)]
kqueue: Make timer re-addition reset existing timer

When an existing EVFILT_TIMER filter is re-added, cancel the existing
timer and any pending event, and restart the timer using the new timeout
period. This makes the new timeout period take effect immediately and
matches the behaviour of FreeBSD. Previously, the new setting was
applied only after the existing timer expired.

The timer rescheduling is done by using an f_modify callback. The
reading of timer events is moved from f_event to f_process. f_event of
timer_filtops becomes redundant. Unlike most other event sources, timers
activate knotes directly without using a klist and knote(9).

OK mpi@

3 years agoMark umb(4) as network device instead of a generic one. This also makes
patrick [Thu, 22 Apr 2021 14:06:59 +0000 (14:06 +0000)]
Mark umb(4) as network device instead of a generic one.  This also makes
it show up with the proper category in hotplug scripts.

From Tilo Stritzky
ok groth@ sthen@

3 years agoKeep under #ifdef TMPFS functions to grow/shrink uaobj.
mpi [Thu, 22 Apr 2021 11:54:32 +0000 (11:54 +0000)]
Keep under #ifdef TMPFS functions to grow/shrink uaobj.

ok patrick@

3 years agoIndent and simplify the grammar.
mpi [Thu, 22 Apr 2021 11:53:13 +0000 (11:53 +0000)]
Indent and simplify the grammar.

3 years agoEliminate S/R conflicts and simplify filter grammar.
mpi [Thu, 22 Apr 2021 11:36:11 +0000 (11:36 +0000)]
Eliminate S/R conflicts and simplify filter grammar.

3 years agoRemove trailing whitespace in comment blocks.
dv [Thu, 22 Apr 2021 10:45:21 +0000 (10:45 +0000)]
Remove trailing whitespace in comment blocks.

3 years agoreenable POOL_DEBUG
naddy [Thu, 22 Apr 2021 10:23:07 +0000 (10:23 +0000)]
reenable POOL_DEBUG

3 years agoSimplify token declaration.
mpi [Thu, 22 Apr 2021 10:06:52 +0000 (10:06 +0000)]
Simplify token declaration.

3 years agoSimplify now that TID and PID are now only being parsed as builtin.
mpi [Thu, 22 Apr 2021 09:44:38 +0000 (09:44 +0000)]
Simplify now that TID and PID are now only being parsed as builtin.

3 years agoRemove support for in-kernel filters.
mpi [Thu, 22 Apr 2021 09:36:39 +0000 (09:36 +0000)]
Remove support for in-kernel filters.

This might be added back in a future if copying events to userland becomes
a performance issue.  However note that it is not always possible to filter
in-kernel if, for example. a variable has to be evaluated when a rule fires.

3 years agoAdd a test that roundtrips a bunch of points on all builtin curves
tb [Wed, 21 Apr 2021 20:15:08 +0000 (20:15 +0000)]
Add a test that roundtrips a bunch of points on all builtin curves
via point2oct and oct2point and that checks the corner case in hybrid
encoding that was fixed in ec2_oct.c r1.13.

3 years agoClean up TLSv1.2 certificate request handshake data.
jsing [Wed, 21 Apr 2021 19:27:56 +0000 (19:27 +0000)]
Clean up TLSv1.2 certificate request handshake data.

Currently cert_req is used by clients and cert_request is used by servers.
Replace this by a single cert_request used by either client or server.
Remove the certificate types as they are currently unused. This also fixes
a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER
the number of bytes read in is insufficient, which will break decoding.

ok inoguchi@ tb@

3 years agoFix packet size checks and remove bad casts.
dv [Wed, 21 Apr 2021 18:27:36 +0000 (18:27 +0000)]
Fix packet size checks and remove bad casts.

Because dhcpsz was an uninitialized ssize_t, it was possible that a
garbage "packet" would be queued on the receiving end of the virtio
network device.

Change the type to size_t and add proper checks based on it being
greater than zero. Remove the cast of ssize_t to uint64_t that also
caused garbage sizes when dhcpsz was unintialized and set at runtime
to something < 0.

3 years agoTurn panic for unknown event type into a printf and return.
kettenis [Wed, 21 Apr 2021 18:11:17 +0000 (18:11 +0000)]
Turn panic for unknown event type into a printf and return.

ok patrick@

3 years agoUse the plenteous BUFSIZE found in mg in lieu of 128.
lum [Wed, 21 Apr 2021 14:45:28 +0000 (14:45 +0000)]
Use the plenteous BUFSIZE found in mg in lieu of 128.

3 years agoremove -p from usage;
jmc [Wed, 21 Apr 2021 13:23:56 +0000 (13:23 +0000)]
remove -p from usage;

3 years agoExtend filters to support any conditionnal test including global variables.
mpi [Wed, 21 Apr 2021 10:53:17 +0000 (10:53 +0000)]
Extend filters to support any conditionnal test including global variables.

Stop using in-kernel filtering for the moment except for not tracing the
tracer.

Keep track of the number of filtered events.

3 years agoAlways initialized min value for an histogram.
mpi [Wed, 21 Apr 2021 10:34:36 +0000 (10:34 +0000)]
Always initialized min value for an histogram.

3 years agoTest local variables, boolean and print() of variables other than maps.
mpi [Wed, 21 Apr 2021 10:30:46 +0000 (10:30 +0000)]
Test local variables, boolean and print() of variables other than maps.

3 years agotypo
mpi [Wed, 21 Apr 2021 10:29:49 +0000 (10:29 +0000)]
typo

3 years agoSupport for local (scratch) variables: "$var_name".
mpi [Wed, 21 Apr 2021 10:28:54 +0000 (10:28 +0000)]
Support for local (scratch) variables: "$var_name".

Every rule gets its own list of (local) variables.

3 years agoExtend print() to support any kind of variable.
mpi [Wed, 21 Apr 2021 10:26:18 +0000 (10:26 +0000)]
Extend print() to support any kind of variable.

3 years agoSupport first shell argument as $1 in order to use it in filters.
mpi [Wed, 21 Apr 2021 10:22:36 +0000 (10:22 +0000)]
Support first shell argument as $1 in order to use it in filters.

Remove '-p' option now that scripts can filter by pid/tid.

3 years agoCheck that path MTU discovery across routing domains inserts a
bluhm [Wed, 21 Apr 2021 10:18:35 +0000 (10:18 +0000)]
Check that path MTU discovery across routing domains inserts a
dynamic IPv4 route.  Add IPv6 test that runs tcpbench over pair
interfaces in different routing domains.  For that setup, PMTU
currently does not work.  IPv6 TCP packets get fragmented.

3 years agoConvert remaining uvm_km_zalloc(9) to km_alloc(9).
mpi [Wed, 21 Apr 2021 10:02:05 +0000 (10:02 +0000)]
Convert remaining uvm_km_zalloc(9) to km_alloc(9).

Tested by bluhm@, jj@, kettenis@ and Scott Bennett.

ok kettenis@

3 years agoImprove ntpd offset handling. Call the index of the offset loops
bluhm [Wed, 21 Apr 2021 09:38:11 +0000 (09:38 +0000)]
Improve ntpd offset handling.  Call the index of the offset loops
"shift" consistently.  Merge the two offset loops in client_update()
into one.  Use a simple assignment for the best value instead of
memcpy().  Use the same mechanism to loop over the offset array
everywhere to avoid an invalid best value.
tested by weerd@; OK claudio@

3 years agoHTTP errors are logged by the http module. No need to repeat them.
claudio [Wed, 21 Apr 2021 09:36:06 +0000 (09:36 +0000)]
HTTP errors are logged by the http module. No need to repeat them.
Instead add a logx when a fallback from delta sync to a snapshot happens.

3 years agoWhen setting RRDP_STATE_PARSE_ERROR a warning is issued so there is no need
claudio [Wed, 21 Apr 2021 09:03:42 +0000 (09:03 +0000)]
When setting RRDP_STATE_PARSE_ERROR a warning is issued so there is no need
to warn a 2nd time here, it adds no additional information.

3 years agounplug unused certificate verification code, now that this is done by libtls.
eric [Wed, 21 Apr 2021 07:54:10 +0000 (07:54 +0000)]
unplug unused certificate verification code, now that this is done by libtls.

ok tb@ millert@

3 years agoFix const in previous. Pointed out by asou
tb [Wed, 21 Apr 2021 00:31:59 +0000 (00:31 +0000)]
Fix const in previous. Pointed out by asou

3 years agoFix __builtin_bitreverse32 on 32-bit PowerPC
gkoehler [Wed, 21 Apr 2021 00:22:16 +0000 (00:22 +0000)]
Fix __builtin_bitreverse32 on 32-bit PowerPC

This is a backport from LLVM 11.  Before this fix, code using
__builtin_bitreverse32 was crashing SIGILL because clang-10 emitted a
64-bit rldicl/clrldi instruction.  The SIGILL only happened on 32-bit
cpus, not on the G5.  The code for LLVM 11 uses __builtin_bitreverse,
so clang-10 needs this fix to build clang-11.

https://github.com/llvm/llvm-project/commit/a5d161c119d5a
https://reviews.llvm.org/D77946

ok kettenis@

3 years agoMove TAILQ initialization to files where they are used.
dv [Tue, 20 Apr 2021 21:11:56 +0000 (21:11 +0000)]
Move TAILQ initialization to files where they are used.

These priv-sep daemons all follow a similar design and use TAILQs
for tracking control process connections. In most cases, the TAILQs
are initialized separate from where they are used. Since the scope
of use is generally confined to a specific control process file,
this commit also removes any extern definitions and exposing the
TAILQ structures to other compilation units.

ok bluhm@, tb@

3 years agoMatch on "amlogic,meson-sm1-mmc" compatible.
kettenis [Tue, 20 Apr 2021 19:33:03 +0000 (19:33 +0000)]
Match on "amlogic,meson-sm1-mmc" compatible.

3 years agoFix indent of EC_METHODs as requested by jsing.
tb [Tue, 20 Apr 2021 17:38:02 +0000 (17:38 +0000)]
Fix indent of EC_METHODs as requested by jsing.

While there zap trailing whitespace from a KNF approximation gone wrong.

3 years agoAdjust ectest.c for set_compressed_coordinates
tb [Tue, 20 Apr 2021 17:35:21 +0000 (17:35 +0000)]
Adjust ectest.c for set_compressed_coordinates

3 years agoCompare pointer against NULL and fix a KNF issue.
tb [Tue, 20 Apr 2021 17:34:33 +0000 (17:34 +0000)]
Compare pointer against NULL and fix a KNF issue.

ok jsing

3 years agoPrepare to provide EC_POINT_set_compressed_coordinates
tb [Tue, 20 Apr 2021 17:32:57 +0000 (17:32 +0000)]
Prepare to provide EC_POINT_set_compressed_coordinates

ok jsing

3 years agoAdjust ectest.c for get_Jprojective coordinate change
tb [Tue, 20 Apr 2021 17:30:32 +0000 (17:30 +0000)]
Adjust ectest.c for get_Jprojective coordinate change

3 years agoCompare function pointers against NULL, not 0.
tb [Tue, 20 Apr 2021 17:29:21 +0000 (17:29 +0000)]
Compare function pointers against NULL, not 0.

ok jsing

3 years agoProvide EC_POINT_{g,s}et_Jprojective_coordinates for internal use
tb [Tue, 20 Apr 2021 17:28:18 +0000 (17:28 +0000)]
Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal use

ok jsing

3 years agoSimplify code after adding EC_POINT_{s,g}et_affine_coordinates()
tb [Tue, 20 Apr 2021 17:23:37 +0000 (17:23 +0000)]
Simplify code after adding EC_POINT_{s,g}et_affine_coordinates()

ok jsing

3 years agoAdjust ecdhtest.c for affine_coordinates change
tb [Tue, 20 Apr 2021 17:21:27 +0000 (17:21 +0000)]
Adjust ecdhtest.c for affine_coordinates change

3 years agoAdjust ectest.c for affine_coordinates change
tb [Tue, 20 Apr 2021 17:19:39 +0000 (17:19 +0000)]
Adjust ectest.c for affine_coordinates change

3 years agoCompare function pointers against NULL, not 0.
tb [Tue, 20 Apr 2021 17:17:47 +0000 (17:17 +0000)]
Compare function pointers against NULL, not 0.

ok jsing

3 years agoPrepare to provide EC_POINT_{g,s}et_affine_coordinates
tb [Tue, 20 Apr 2021 17:16:37 +0000 (17:16 +0000)]
Prepare to provide EC_POINT_{g,s}et_affine_coordinates

Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b

ok jsing

3 years agoSimplify after EC_POINT_get_curve() addition
tb [Tue, 20 Apr 2021 17:12:43 +0000 (17:12 +0000)]
Simplify after EC_POINT_get_curve() addition

ok jsing

3 years agoAdjust ectest.c for EC_GROUP_{g,s}et_curve change
tb [Tue, 20 Apr 2021 17:09:45 +0000 (17:09 +0000)]
Adjust ectest.c for EC_GROUP_{g,s}et_curve change

3 years agoAdd prototypes for EC_GROUP_get_curve_{GF2m,GFp}().
tb [Tue, 20 Apr 2021 17:08:08 +0000 (17:08 +0000)]
Add prototypes for EC_GROUP_get_curve_{GF2m,GFp}().

These will be removed once EC_GROUP_get_curve() is public.

3 years agoCompare function pointers against NULL, not 0.
tb [Tue, 20 Apr 2021 17:06:17 +0000 (17:06 +0000)]
Compare function pointers against NULL, not 0.

ok jsing

3 years agoPrepare to provide EC_GROUP_{get,set}_curve(3)
tb [Tue, 20 Apr 2021 17:04:13 +0000 (17:04 +0000)]
Prepare to provide EC_GROUP_{get,set}_curve(3)

There are numerous functions in ec/ that exist with _GF2m and _GFp
variants for no good reason.  The code of both variants is the same.
The EC_METHODs contain a pointer to the appropriate version.  This
commit hides the _GF2m and _GFp variants from internal use and
provides versions that work for both curve types. These will be made
public in an upcoming library bump.

Similar to part of OpenSSL commit 8e3cced75fb5fee5da59ebef9605d403a999391b

ok jsing

3 years agoIndicate if an mg function is unsuitable for a startup file (requires
lum [Tue, 20 Apr 2021 16:34:20 +0000 (16:34 +0000)]
Indicate if an mg function is unsuitable for a startup file (requires
user interaction).

3 years agoAdd keep-alive support to the HTTP module.
claudio [Tue, 20 Apr 2021 14:32:49 +0000 (14:32 +0000)]
Add keep-alive support to the HTTP module.
Requests are split away from connections. When a request is received try
to reuse an IDLE connection. If none is around start a new one (unless
there are too many connections inflight).

Idle connections are kept for 10sec and closed after that time. For
rpki-client this is plenty of time since RRDP exchanges will be a burst
of requests. So the connection used to fetch the notification XML file
will be reused to fetch all delta XML files.

This reduces the CPU load since far less TLS handshakes need to happen.

OK job@ deraadt@

3 years agoAllow more than one block of code to exist on a single line. Also,
lum [Tue, 20 Apr 2021 14:26:19 +0000 (14:26 +0000)]
Allow more than one block of code to exist on a single line. Also,
move the code which expands variables to be ran when variables are
discovered instead of in multiarg() just before execution. This means
a variable who's value is included in anothers', won't change the
others value if its own is changed.

I have also included code, which is commented out at the moment, which
implements a function map specific to interpreter. Not sure if I can
ultimately avoid using it though.

3 years agoSwitch some warnings to logx() to reduce log noise on runs without -v.
claudio [Tue, 20 Apr 2021 13:26:46 +0000 (13:26 +0000)]
Switch some warnings to logx() to reduce log noise on runs without -v.
OK job@

3 years agoUpdate comment to be less confusing (I hope)
claudio [Tue, 20 Apr 2021 11:19:56 +0000 (11:19 +0000)]
Update comment to be less confusing (I hope)

3 years agoProperly shutdown on connection loss instead of crashing.
martijn [Tue, 20 Apr 2021 11:19:54 +0000 (11:19 +0000)]
Properly shutdown on connection loss instead of crashing.
Found by bluhm@ while playing with setting noclose to 1 for daemon(3):
Also included in this commit

OK bluhm@

3 years agoDon't overwrite environment CFLAGS.
martijn [Tue, 20 Apr 2021 11:17:52 +0000 (11:17 +0000)]
Don't overwrite environment CFLAGS.

OK bluhm@

3 years agoAdd 'dired-jump' from Philip K. <philip@warpmail.net> sent to tech@
lum [Tue, 20 Apr 2021 10:02:50 +0000 (10:02 +0000)]
Add 'dired-jump' from Philip K. <philip@warpmail.net> sent to tech@
over a year ago. Comments and testing from gkoehler@. Thanks to both.
Also, some modifications from me.

3 years agoprefix_insert() and prefix_remove() emulate a tail queue by keeping the
claudio [Tue, 20 Apr 2021 08:03:12 +0000 (08:03 +0000)]
prefix_insert() and prefix_remove() emulate a tail queue by keeping the
tail pointer (pointer to last element) around and depending on the state
of the list insert at head or insert after tailp. Now gcc has a hard time
to realize that the tail pointer is not used uninitalized. So rewrite the
code to be more explicit about tailp handling (also rename the pointer
to be more explicit). All in all this should be more readable and silences
the gcc warning as well.

3 years agoUse LIST instead of SLIST for requests. The way SLIST_REMOVE was used did
claudio [Tue, 20 Apr 2021 07:35:42 +0000 (07:35 +0000)]
Use LIST instead of SLIST for requests. The way SLIST_REMOVE was used did
a double traverse of the list which now is replaced with no traversal at all.
Also stop double wrapping requests just for the list.
OK millert@

3 years agoIgnore SIGPIPE by default and restore default behaviour before executing
claudio [Tue, 20 Apr 2021 07:32:19 +0000 (07:32 +0000)]
Ignore SIGPIPE by default and restore default behaviour before executing
the CGI.
OK bluhm@ florian@

3 years agoAdd quirk to enable all Thinkpad X1 Extreme 1 speakers & atmos dolby
ratchov [Tue, 20 Apr 2021 04:31:54 +0000 (04:31 +0000)]
Add quirk to enable all Thinkpad X1 Extreme 1 speakers & atmos dolby

From Ivo Sbalzarini <ivo.sbalzarini@gmail.com>, thanks!

3 years agoAllow INTEL 400SERIES cAVS to attach the azalia(4) driver
ratchov [Tue, 20 Apr 2021 04:30:05 +0000 (04:30 +0000)]
Allow INTEL 400SERIES cAVS to attach the azalia(4) driver

From Ivo Sbalzarini <ivo.sbalzarini at gmail.com>

3 years agomore KNF
deraadt [Tue, 20 Apr 2021 03:37:25 +0000 (03:37 +0000)]
more KNF

3 years agoRemove new_sym_enc and new_aead.
jsing [Mon, 19 Apr 2021 17:26:39 +0000 (17:26 +0000)]
Remove new_sym_enc and new_aead.

These can be replaced with accessors that allow this information to be
retrieved from the new record layer.

ok inoguchi@ tb@

3 years agoAvoid division by zero in hybrid point encoding
tb [Mon, 19 Apr 2021 17:06:37 +0000 (17:06 +0000)]
Avoid division by zero in hybrid point encoding

In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x.  For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus fail with a division by
zero error as found by Guido Vranken's cryptofuzz.

This commit adds a few explanatory comments to oct2point and fixes some
KNF issues. The only actual code change is in the last hunk which adds a
BN_is_zero(x) check to avoid the division by zero.

ok jsing

3 years agocode review results in KNF, and moving local variables into lowest scope
deraadt [Mon, 19 Apr 2021 17:04:35 +0000 (17:04 +0000)]
code review results in KNF, and moving local variables into lowest scope
ok claudio

3 years agoRecognize BCM57762 A0 and A1. My diff for this only added the A0 revision,
kettenis [Mon, 19 Apr 2021 17:03:49 +0000 (17:03 +0000)]
Recognize BCM57762 A0 and A1.  My diff for this only added the A0 revision,
but the A1 revision has been seen in the wild and Brad Smith provided
a diff that adds both.

ok jsg@

3 years agoMove new_mac_secret_size into the TLSv1.2 handshake struct.
jsing [Mon, 19 Apr 2021 17:03:39 +0000 (17:03 +0000)]
Move new_mac_secret_size into the TLSv1.2 handshake struct.

Drop the 'new_' prefix in the process.

ok inoguchi@ tb@

3 years agoMove reuse_message, message_type, message_size and cert_verify into the
jsing [Mon, 19 Apr 2021 16:51:56 +0000 (16:51 +0000)]
Move reuse_message, message_type, message_size and cert_verify into the
TLSv1.2 handshake struct.

ok inoguchi@ tb@

3 years agoSet alpn_selected_len to zero when freeing alpn_selected.
jsing [Mon, 19 Apr 2021 16:47:25 +0000 (16:47 +0000)]
Set alpn_selected_len to zero when freeing alpn_selected.

This is not strictly necessary since we proceed to zero the entire struct,
however it keeps the code consistent and easily auditable.

ok tb@

3 years agoThe powerpc64 ELFv2 ABI explicitly states that exception enable bits
kettenis [Mon, 19 Apr 2021 15:56:37 +0000 (15:56 +0000)]
The powerpc64 ELFv2 ABI explicitly states that exception enable bits
and rounding control bits are not restored by longjmp(3).  So expect
the some failures on that platform.

ok bluhm@

3 years agoMulticast decryption fixes for iwx(4).
stsp [Mon, 19 Apr 2021 14:27:25 +0000 (14:27 +0000)]
Multicast decryption fixes for iwx(4).

Pick the correct key for multicast frames in iwx_ccmp_decap().
Comparing the PN of a multicast frame against the last-seen PN of
the pairwise key is obviously wrong. We need to check the multicast
frame's PN against the last-seen PN of the group key.

Update crypto-offloading checks in iwx_rx_frame() to match recent
WPA1/TKIP groupcipher fixes made in athn(4).
The code inherited from iwm(4) only looked at the pairwise key, and
unlike iwx(4) and athn(4), iwm(4) only offloads pairwise crypto.

Found while investigating a question from zxystd at OpenIntelWireless.

3 years agoRS ^-anchoring needs to know if it's reading the first record of a file.
millert [Mon, 19 Apr 2021 14:08:55 +0000 (14:08 +0000)]
RS ^-anchoring needs to know if it's reading the first record of a file.
Without this fix, when reading the first record of an input file named
on the command line, the regular expression engine will be
misconfigured, precluding a successful match.  From Miguel Pineiro Jr

3 years agoFix TLS error message race. Due to less handshakes in TLS 1.3 an
bluhm [Mon, 19 Apr 2021 10:58:31 +0000 (10:58 +0000)]
Fix TLS error message race.  Due to less handshakes in TLS 1.3 an
EPIPE error may be reported instead of a TLS alert.

3 years agoSame internal consistency check as libc malloc: size in hash table
otto [Mon, 19 Apr 2021 06:43:15 +0000 (06:43 +0000)]
Same internal consistency check as libc malloc: size in hash table
should correspond to size of chunk meta data

3 years agoSimpler error handling for suspend()/hibernate()
jca [Sun, 18 Apr 2021 23:51:47 +0000 (23:51 +0000)]
Simpler error handling for suspend()/hibernate()

Save errno when we get an error so we can pass it to the apm(8) client.
ok kn@

3 years agopost 6.9 development continues...
deraadt [Sun, 18 Apr 2021 23:40:52 +0000 (23:40 +0000)]
post 6.9 development continues...

3 years agosync
deraadt [Sun, 18 Apr 2021 00:21:58 +0000 (00:21 +0000)]
sync

3 years agoeven more shrink
deraadt [Sun, 18 Apr 2021 00:21:53 +0000 (00:21 +0000)]
even more shrink

3 years agosync
deraadt [Sun, 18 Apr 2021 00:17:28 +0000 (00:17 +0000)]
sync

3 years agomore shrink
deraadt [Sun, 18 Apr 2021 00:17:22 +0000 (00:17 +0000)]
more shrink

3 years agoAdjust Raspberry Pi installation instructions, direct users towards the
sthen [Sat, 17 Apr 2021 21:21:41 +0000 (21:21 +0000)]
Adjust Raspberry Pi installation instructions, direct users towards the
U-Boot based method primarily, though keep a quick mention of the UEFI
firmware (U-Boot method not working on Pi400 currently whereas UEFI
sort-of works). Add some notes about framebuffer consoles, they do
work on RPi these days but there are still some rough edges.

3 years agoEmbiggen arm64 ramdisk kernel and miniroot/install img files. Provide
sthen [Sat, 17 Apr 2021 21:19:40 +0000 (21:19 +0000)]
Embiggen arm64 ramdisk kernel and miniroot/install img files. Provide
U-Boot binaries that work on Raspberry Pi 3 and 4 (and possibly others)
and firmware for Raspberry Pi 4. This allows the same installation
method as used on Raspberry Pi 3 without separate UEFI firmware
(although UEFI can still be used). Help from kettenis@ jsg@ deraadt@

3 years agosync
deraadt [Sat, 17 Apr 2021 14:29:02 +0000 (14:29 +0000)]
sync

3 years agosome name shortening
deraadt [Sat, 17 Apr 2021 14:28:58 +0000 (14:28 +0000)]
some name shortening

3 years agorewrite the text describing the "address" parameter into something
jmc [Sat, 17 Apr 2021 06:01:49 +0000 (06:01 +0000)]
rewrite the text describing the "address" parameter into something
easier to read;

3 years agoWhen loading a config poll iscsid for up to 10 seconds and check if the
claudio [Fri, 16 Apr 2021 14:39:33 +0000 (14:39 +0000)]
When loading a config poll iscsid for up to 10 seconds and check if the
sessions all managed to connect to the targets.
With this slow session establishment should not cause mount errors
during startup.
Initial version from Dr Ashton Fagg ashton (at) fagg id au
OK dlg@ deraadt@

3 years agoImplement a control message to get the state of iscsid. This is used
claudio [Fri, 16 Apr 2021 14:37:06 +0000 (14:37 +0000)]
Implement a control message to get the state of iscsid. This is used
by iscsictl to poll for completion after reload commands.
With this slow session establishment should not cause mount errors
during startup.
Initial version from Dr Ashton Fagg ashton (at) fagg id au
OK dlg@ deraadt@

3 years agoTurn on the direct ACK on every other segment.
bluhm [Fri, 16 Apr 2021 12:08:25 +0000 (12:08 +0000)]
Turn on the direct ACK on every other segment.

This is a backout of rev 1.366 which turned this feature off.
Although sending less ACKs makes TCP faster if the CPU is busy with
processing packets, there are corner cases where TCP gets slower.

Especially OpenBSD 6.8 and older has a maxbust limitiation that
scales badly if the other side sends too few ACKs.  Also regress
test relayd run-args-http-slow-consumer.pl uses strange socket
buffer sizes that triggers slow performance with the new algorithm.

For OpenBSD 6.9 release switch back to 6.8 delayed ACK behavior.

discussed with deraadt@ benno@ claudio@ jan@

3 years agoAdd a workaround to avoid wrong code generated by m88k gcc.
aoyama [Fri, 16 Apr 2021 12:05:32 +0000 (12:05 +0000)]
Add a workaround to avoid wrong code generated by m88k gcc.

NATIVE_TO_UNI is defined as follows in utf8.h:
--
#define NATIVE_TO_UNI(ch)       ((UV) ((ch) | 0))
--
and UV is 'unsigned long' on m88k.

Details are at:
https://github.com/Perl/perl5/issues/18655

help and ok afresh1@