openbsd
6 years agoAdd missing RETURN VALUES sections; from Paul Yang
schwarze [Fri, 16 Feb 2018 17:54:23 +0000 (17:54 +0000)]
Add missing RETURN VALUES sections; from Paul Yang
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.

6 years agoAdd missing RETURN VALUES sections; from Paul Yang
schwarze [Fri, 16 Feb 2018 17:24:33 +0000 (17:24 +0000)]
Add missing RETURN VALUES sections; from Paul Yang
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800, tweaked by me.

6 years agoAdd sizes for free() in the i386 version of the Enhanced SpeedStep driver.
fcambus [Fri, 16 Feb 2018 14:42:29 +0000 (14:42 +0000)]
Add sizes for free() in the i386 version of the Enhanced SpeedStep driver.

It was already done on amd64, but not on i386. Tested on an Atom N270.

OK mpi@

6 years agoReflowing the grid in-place involved way too much memmove() for a big
nicm [Fri, 16 Feb 2018 09:51:41 +0000 (09:51 +0000)]
Reflowing the grid in-place involved way too much memmove() for a big
performance cost with a large history. Instead change back to using a
second grid and copying modified lines over which is much faster (this
doesn't revert to the old code however which didn't support UTF-8
properly). GitHub issue 1249.

6 years agoFix function argument names, from Abel Abraham Camarillo Ojeda via jmc@.
nicm [Fri, 16 Feb 2018 07:42:07 +0000 (07:42 +0000)]
Fix function argument names, from Abel Abraham Camarillo Ojeda via jmc@.

6 years agoSupport card interrupts in imxesdhc(4). The code that was written
patrick [Fri, 16 Feb 2018 07:37:48 +0000 (07:37 +0000)]
Support card interrupts in imxesdhc(4).  The code that was written
initially was never tested with SDIO, as there had been no user.  With
bwfm(4) we now have the first SDIO card on that controller.  Align the
code with the standard sdhc(4), so that it doesn't hang after the first
interrupt fires.

ok kettenis@

6 years agosimplify synopsis and text;
jmc [Fri, 16 Feb 2018 07:27:07 +0000 (07:27 +0000)]
simplify synopsis and text;
ok millert

6 years agoremove or adapt sendmail specific parts;
jmc [Fri, 16 Feb 2018 07:24:26 +0000 (07:24 +0000)]
remove or adapt sendmail specific parts;
original diff from edgar pettijohn, tweaked with help from millert

ok millert

6 years agomake gre_encap prepend both the gre and tunnel ip headers.
dlg [Fri, 16 Feb 2018 06:26:10 +0000 (06:26 +0000)]
make gre_encap prepend both the gre and tunnel ip headers.

makes the code a bit more straightforward

6 years agoDon't send IUTF8 to servers that don't like them.
dtucker [Fri, 16 Feb 2018 04:43:11 +0000 (04:43 +0000)]
Don't send IUTF8 to servers that don't like them.

Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set.  Add a bug bit
for such servers and avoid sending IUTF8 to them.  ok djm@

6 years agoput egre back in a tree
dlg [Fri, 16 Feb 2018 02:41:07 +0000 (02:41 +0000)]
put egre back in a tree

it's new so there's no existing configs to be compat with.

6 years agoMention recent DH KEX methods:
djm [Fri, 16 Feb 2018 02:40:45 +0000 (02:40 +0000)]
Mention recent DH KEX methods:

diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512

From Jakub Jelen via bz#2826

6 years agostop loading DSA keys by default, remove sshd_config stanza and manpage
djm [Fri, 16 Feb 2018 02:32:40 +0000 (02:32 +0000)]
stop loading DSA keys by default, remove sshd_config stanza and manpage
bits; from Colin Watson via bz#2662, ok dtucker@

6 years agoallow wccp processing to be enabled per interface with the link0 flag.
dlg [Fri, 16 Feb 2018 01:28:07 +0000 (01:28 +0000)]
allow wccp processing to be enabled per interface with the link0 flag.

this also changes the wccp handling to peek into it's payload to
determine whether it is wccp 1 or 2. wccp1 says the gre header is
followed by ipv4, while wccp2 says there's a small header before
the ipv4 packet. the wccp2 header cannot have 4 in the first nibble,
while ipv4 must have 4 in the first nibble. the code now looks at
the nibble to determine whether it should strip the wccp2 header
or not.

6 years agosync
naddy [Thu, 15 Feb 2018 21:50:33 +0000 (21:50 +0000)]
sync

6 years agoMerge the new RETURN VALUES section from Paul Yang,
schwarze [Thu, 15 Feb 2018 19:55:59 +0000 (19:55 +0000)]
Merge the new RETURN VALUES section from Paul Yang,
OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800,
with a number of fixes by me.
Also include three earlier, minor improvements from OpenSSL.

6 years agoAdd missing RETURN VALUES section; from Paul Yang
schwarze [Thu, 15 Feb 2018 19:39:56 +0000 (19:39 +0000)]
Add missing RETURN VALUES section; from Paul Yang
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.

6 years agoZap a stray sentence that I should have removed in my previous commit.
tb [Thu, 15 Feb 2018 19:01:39 +0000 (19:01 +0000)]
Zap a stray sentence that I should have removed in my previous commit.

6 years agoFix the STANDARDS section, but in a different way than in OpenSSL
schwarze [Thu, 15 Feb 2018 18:28:42 +0000 (18:28 +0000)]
Fix the STANDARDS section, but in a different way than in OpenSSL
because i see no indication that a 2016 revision of this standard
might exist.  Instead, use information from:
https://www.iso.org/standard/39876.html   and
https://www.iso.org/standard/60475.html

6 years agoQuite absurdly, the OpenSSL folks have been actively mucking around
schwarze [Thu, 15 Feb 2018 16:47:26 +0000 (16:47 +0000)]
Quite absurdly, the OpenSSL folks have been actively mucking around
with their random subsystem in 2017 rather than relying on the
operating system, which made me check the changes to their manual
pages, which caused me to notice that they document another public
function as non-deprecated that we neutered: RAND_poll(3).
Mention it briefly.

6 years agoAdd missing RETURN VALUES section;
schwarze [Thu, 15 Feb 2018 16:22:53 +0000 (16:22 +0000)]
Add missing RETURN VALUES section;
from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.

6 years agoDocument the additional public function OCSP_basic_sign(3);
schwarze [Thu, 15 Feb 2018 15:36:04 +0000 (15:36 +0000)]
Document the additional public function OCSP_basic_sign(3);
from David Cooper <david.cooper@nist.gov>
via OpenSSL commit cace14b8 Jan 24 11:47:23 2018 -0500.

6 years agoImport the new manual page EVP_PKEY_meth_new(3) from OpenSSL,
schwarze [Thu, 15 Feb 2018 14:52:16 +0000 (14:52 +0000)]
Import the new manual page EVP_PKEY_meth_new(3) from OpenSSL,
removing parts that don't apply to OpenBSD.

6 years agoIn some EXAMPLES, correct calls to EVP_PKEY_CTX_new(3) that
schwarze [Thu, 15 Feb 2018 12:52:37 +0000 (12:52 +0000)]
In some EXAMPLES, correct calls to EVP_PKEY_CTX_new(3) that
lacked an argument; from Jakub Jelen <jjelen at redhat dot com>
via OpenSSL commit 9db6673a Jan 17 19:23:37 2018 -0500.

6 years agoImport the new manual page EVP_PKEY_asn1_get_count(3) from OpenSSL,
schwarze [Thu, 15 Feb 2018 12:09:55 +0000 (12:09 +0000)]
Import the new manual page EVP_PKEY_asn1_get_count(3) from OpenSSL,
fixing half a dozen bugs and typos and also tweaking the wording a bit.

6 years agoIn x509_vfy.h rev. 1.20 2018/02/14 17:06:34, jsing@ provided
schwarze [Thu, 15 Feb 2018 11:09:34 +0000 (11:09 +0000)]
In x509_vfy.h rev. 1.20 2018/02/14 17:06:34, jsing@ provided
X509_STORE_CTX_set0_untrusted(3), X509_STORE_CTX_set0_trusted_stack(3),
X509_STORE_CTX_get0_untrusted(3), and X509_STORE_CTX_get0_cert(3).
Merge the related documentation from OpenSSL.

6 years agoIn x509.h rev. 1.28 2018/02/14 16:57:25, jsing@
schwarze [Thu, 15 Feb 2018 10:01:33 +0000 (10:01 +0000)]
In x509.h rev. 1.28 2018/02/14 16:57:25, jsing@
provided X509_get0_notBefore(3) and its three friends.
Write a manual page from scratch because what OpenSSL has
is confusing and incomplete.

By the way, providing two identical functions differing only
in the constness of the returned structure is crazy.
Are application programmers expected to be too stupid to write
const ASN1_TIME *notBefore = X509_getm_notBefore(x)
if that's what they want?

6 years agoFix typo: s/Vt strict tm/Vt struct tm/
schwarze [Thu, 15 Feb 2018 09:28:59 +0000 (09:28 +0000)]
Fix typo: s/Vt strict tm/Vt struct tm/

6 years agotweak previous; ok dlg
jmc [Thu, 15 Feb 2018 09:17:13 +0000 (09:17 +0000)]
tweak previous; ok dlg

6 years agovmd(8): Properly return the correct byte when doing byte-aligned PCI
mlarkin [Thu, 15 Feb 2018 05:35:36 +0000 (05:35 +0000)]
vmd(8): Properly return the correct byte when doing byte-aligned PCI
config space reads.

ok kettenis@, ccardenas@

6 years agoupdate tunnelttl to talk about the "copy" argument
dlg [Thu, 15 Feb 2018 04:21:46 +0000 (04:21 +0000)]
update tunnelttl to talk about the "copy" argument

6 years agosay that the only optional header we support is the Key.
dlg [Thu, 15 Feb 2018 02:09:21 +0000 (02:09 +0000)]
say that the only optional header we support is the Key.

6 years agothere are more GRE rfcs
dlg [Thu, 15 Feb 2018 02:03:03 +0000 (02:03 +0000)]
there are more GRE rfcs

6 years agomake a start at documenting egre(4)
dlg [Thu, 15 Feb 2018 01:58:46 +0000 (01:58 +0000)]
make a start at documenting egre(4)

6 years agotake egre(4) packets out early in gre input
dlg [Thu, 15 Feb 2018 01:03:17 +0000 (01:03 +0000)]
take egre(4) packets out early in gre input

this lets us look up the gre(4) interface before looking at the
protocols it might be carrying.

6 years agoIn asn1.h rev. 1.44 2018/02/14 16:46:04, jsing@
schwarze [Thu, 15 Feb 2018 00:15:29 +0000 (00:15 +0000)]
In asn1.h rev. 1.44 2018/02/14 16:46:04, jsing@
provided ASN1_STRING_get0_data(3).
Merge the corresponding documentation from OpenSSL.

6 years agouse the arm64 openprom.c on arm64
jsg [Thu, 15 Feb 2018 00:03:06 +0000 (00:03 +0000)]
use the arm64 openprom.c on arm64
ok patrick@

6 years agoprune files.* entries that refer to files not in tree
jsg [Wed, 14 Feb 2018 23:51:49 +0000 (23:51 +0000)]
prune files.* entries that refer to files not in tree
ok krw@ mpi@

6 years agoIn evp.h rev. 1.54 2018/02/14 16:40:42, jsing@ provided EVP_PKEY_up_ref(3).
schwarze [Wed, 14 Feb 2018 23:49:52 +0000 (23:49 +0000)]
In evp.h rev. 1.54 2018/02/14 16:40:42, jsing@ provided EVP_PKEY_up_ref(3).
Merge the documentation from OpenSSL commits 0c497e96 Dec 14 18:10:16
2015 +0000 and c5ebfcab Mar 7 22:45:58 2016 +0100 with tweaks by me.

6 years agosync
sthen [Wed, 14 Feb 2018 22:12:59 +0000 (22:12 +0000)]
sync

6 years agocreate virtual interfaces before starting all interface config.
dlg [Wed, 14 Feb 2018 22:08:45 +0000 (22:08 +0000)]
create virtual interfaces before starting all interface config.

this resolves an ordering problem when adding pseudo interfaces to bridges

tweaks from kn@
ok mpi@ sthen@

6 years agoIn x509.h rev. 1.27 2018/02/14 16:18:10, jsing@ provided
schwarze [Wed, 14 Feb 2018 18:50:47 +0000 (18:50 +0000)]
In x509.h rev. 1.27 2018/02/14 16:18:10, jsing@ provided
X509_get_signature_nid(3).  Add a new manual page for it
based on the relevant parts of OpenSSL X509_get0_signature.pod.

6 years agoIn ssl.h rev. 1.136 2018/02/14 17:08:44, jsing@ provided
schwarze [Wed, 14 Feb 2018 18:09:13 +0000 (18:09 +0000)]
In ssl.h rev. 1.136 2018/02/14 17:08:44, jsing@ provided
SSL_CTX_up_ref(3).  Merge the related documentation from OpenSSL,
but tweak the wording to be less confusing and simplify the RETURN
VALUES section.

6 years agoZero as (un)mount flag is valid; ok millert@
otto [Wed, 14 Feb 2018 17:26:56 +0000 (17:26 +0000)]
Zero as (un)mount flag is valid; ok millert@

6 years agoIn ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ provided
schwarze [Wed, 14 Feb 2018 17:20:29 +0000 (17:20 +0000)]
In ssl.h rev. 1.135 2018/02/14 16:16:10, jsing@ provided
SSL_CTX_get0_param(3) and SSL_get0_param(3).
Merge the related documentation from OpenSSL, with small tweaks.

6 years agoSync.
jsing [Wed, 14 Feb 2018 17:17:43 +0000 (17:17 +0000)]
Sync.

6 years agoBump lib{crypto,ssl,tls} minors due to symbol additions.
jsing [Wed, 14 Feb 2018 17:16:21 +0000 (17:16 +0000)]
Bump lib{crypto,ssl,tls} minors due to symbol additions.

6 years agoProvide SSL_CTX_up_ref().
jsing [Wed, 14 Feb 2018 17:08:44 +0000 (17:08 +0000)]
Provide SSL_CTX_up_ref().

6 years agoProvide X509_STORE_CTX_get0_{cert,untrusted}() and
jsing [Wed, 14 Feb 2018 17:06:34 +0000 (17:06 +0000)]
Provide X509_STORE_CTX_get0_{cert,untrusted}() and
X509_STORE_CTX_set0_{trusted_stack,untrusted}().

6 years agoProvide X509_get{0,m}_not{Before,After}().
jsing [Wed, 14 Feb 2018 16:57:25 +0000 (16:57 +0000)]
Provide X509_get{0,m}_not{Before,After}().

6 years agoProvide ASN1_STRING_get0_data().
jsing [Wed, 14 Feb 2018 16:46:04 +0000 (16:46 +0000)]
Provide ASN1_STRING_get0_data().

6 years agoProvide EVP_PKEY_up_ref().
jsing [Wed, 14 Feb 2018 16:40:42 +0000 (16:40 +0000)]
Provide EVP_PKEY_up_ref().

6 years agoStart providing parts of the OpenSSL 1.1 API.
jsing [Wed, 14 Feb 2018 16:32:06 +0000 (16:32 +0000)]
Start providing parts of the OpenSSL 1.1 API.

This will ease the burden on ports and others trying to make software
work with LibreSSL, while avoiding #ifdef mazes. Note that we are not
removing 1.0.1 API or making things opaque, hence software written to
use the older APIs will continue to work, as will software written to
use the 1.1 API (as more functionality become available).

Discussed at length with deraadt@ and others.

6 years agoEnsure that D mod (P-1) and D mod (Q-1) are calculated in constant time.
jsing [Wed, 14 Feb 2018 16:27:24 +0000 (16:27 +0000)]
Ensure that D mod (P-1) and D mod (Q-1) are calculated in constant time.

This avoids a potential side channel timing leak.

ok djm@ markus@

6 years agoProvide X509_get_signature_nid().
jsing [Wed, 14 Feb 2018 16:18:10 +0000 (16:18 +0000)]
Provide X509_get_signature_nid().

6 years agoProvide SSL_CTX_get0_param() and SSL_get0_param().
jsing [Wed, 14 Feb 2018 16:16:10 +0000 (16:16 +0000)]
Provide SSL_CTX_get0_param() and SSL_get0_param().

Some applications that use X509_VERIFY_PARAM expect these to exist, since
they're also part of the OpenSSL 1.0.2 API.

6 years agoSome obvious freezero() conversions.
jsing [Wed, 14 Feb 2018 16:03:32 +0000 (16:03 +0000)]
Some obvious freezero() conversions.

This also zeros an ed25519_pk when it was not being zeroed previously.

ok djm@ dtucker@

6 years agoUpdate keypair regress to match revised keypair hash handling.
jsing [Wed, 14 Feb 2018 15:59:50 +0000 (15:59 +0000)]
Update keypair regress to match revised keypair hash handling.

Apparently I failed to commit this when I committed the libtls change...

6 years agowhitespace
rob [Wed, 14 Feb 2018 12:43:07 +0000 (12:43 +0000)]
whitespace

6 years agoLocalize _f in do_upgrade().
tb [Wed, 14 Feb 2018 11:43:05 +0000 (11:43 +0000)]
Localize _f in do_upgrade().

ok rpe

6 years agokern_mutex.c is gone.
mpi [Wed, 14 Feb 2018 08:55:35 +0000 (08:55 +0000)]
kern_mutex.c is gone.

6 years agoPut WITNESS only functions with the rest of the locking primitives.
mpi [Wed, 14 Feb 2018 08:55:12 +0000 (08:55 +0000)]
Put WITNESS only functions with the rest of the locking primitives.

6 years agoMake sure lo5 is tied to rdomain 5.
mpi [Wed, 14 Feb 2018 08:42:22 +0000 (08:42 +0000)]
Make sure lo5 is tied to rdomain 5.

6 years agoNew manual page EVP_PKEY_asn1_new(3) from Richard Levitte
schwarze [Wed, 14 Feb 2018 02:15:46 +0000 (02:15 +0000)]
New manual page EVP_PKEY_asn1_new(3) from Richard Levitte
via OpenSSL commit 751148e2 Oct 27 00:11:11 2017 +0200,
including only the parts related to functions that exist
in OpenBSD.

The design of these interfaces is not particularly pretty,
they are not particularly easy to document, and the manual
page does not look particularly good when formatted,
but what can we do, things are as they are...

6 years agoI recently documented X509_VERIFY_PARAM_lookup(3), so change .Fn to .Xr.
schwarze [Wed, 14 Feb 2018 02:05:55 +0000 (02:05 +0000)]
I recently documented X509_VERIFY_PARAM_lookup(3), so change .Fn to .Xr.

6 years agoMention two more block cipher modes that actually exist in our tree;
schwarze [Wed, 14 Feb 2018 00:19:03 +0000 (00:19 +0000)]
Mention two more block cipher modes that actually exist in our tree;
from Patrick dot Steuer at de dot ibm dot com
via OpenSSL commit 338ead0f Oct 9 12:16:34 2017 +0200.

Correct the EVP_EncryptUpdate(3) and EVP_DecryptUpdate(3) prototypes;
from FdaSilvaYY at gmail dot com
via OpenSSL commit 7bbb0050 Nov 22 22:00:29 2017 +0100.

Document the additional public function EVP_CIPHER_CTX_rand_key(3);
from Patrick dot Steuer at de dot ibm dot com
via OpenSSL commit 5c5eb286 Dec 5 00:36:43 2017 +0100.

6 years agoAdd the missing RETURN VALUES section.
schwarze [Tue, 13 Feb 2018 22:51:23 +0000 (22:51 +0000)]
Add the missing RETURN VALUES section.
Mostly from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800,
tweaked by me for conciseness and accuracy.

6 years agoAdd the missing RETURN VALUES section, mostly from Paul Yang
schwarze [Tue, 13 Feb 2018 20:54:10 +0000 (20:54 +0000)]
Add the missing RETURN VALUES section, mostly from Paul Yang
via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800,
but fixing two bugs in his description.

This commit also includes a few minor improvements to the description
of DES_fcrypt(3), also from OpenSSL, tweaked by me.

6 years agoNormalize handle limit timeval in microsecond (usec) case.
cheloha [Tue, 13 Feb 2018 17:35:32 +0000 (17:35 +0000)]
Normalize handle limit timeval in microsecond (usec) case.

Makes stuff like

limit 1500000 usec

work correctly.

ok millert@ tb@

6 years agoatoll -> strtonum
cheloha [Tue, 13 Feb 2018 17:28:11 +0000 (17:28 +0000)]
atoll -> strtonum

ok millert@ tb@

6 years agogive up a bit on the infamous cups update issue.
espie [Tue, 13 Feb 2018 15:04:54 +0000 (15:04 +0000)]
give up a bit on the infamous cups update issue.
sort dependencies so that at least this is 100% reproducible...

6 years agoremove space before tab
djm [Tue, 13 Feb 2018 03:36:56 +0000 (03:36 +0000)]
remove space before tab

6 years agoCorrectly describe BN_get_word(3) and BN_set_word(3).
schwarze [Tue, 13 Feb 2018 02:39:29 +0000 (02:39 +0000)]
Correctly describe BN_get_word(3) and BN_set_word(3).
These functions constitute an obvious portability nightmare,
but that's no excuse for incorrect documentation.

Pointed out by Nicolas Schodet
via OpenSSL commit b713c4ff Jan 22 14:41:09 2018 -0500.

6 years agoMention that BN_new(3) sets the value to zero;
schwarze [Tue, 13 Feb 2018 01:59:16 +0000 (01:59 +0000)]
Mention that BN_new(3) sets the value to zero;
from Hubert Kario <hkario at redhat dot com>
via OpenSSL commit 681acb31 Sep 29 13:10:34 2017 +0200.

6 years agoDelete duplicate .Nm entry in the NAME section,
schwarze [Tue, 13 Feb 2018 01:34:34 +0000 (01:34 +0000)]
Delete duplicate .Nm entry in the NAME section,
from Rich Salz via OpenSSL commit 8162f6f5 Jun 9 17:02:59 2016 -0400.

Merging the RETURN VALUES section really wouldn't make much sense
here, it contains no additional information and i don't see any way
to reorganize the content and make it better.

6 years agoAdd the missing RETURN VALUES section.
schwarze [Tue, 13 Feb 2018 01:15:24 +0000 (01:15 +0000)]
Add the missing RETURN VALUES section.
Triggered by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800
by Paul Yang, but reworded for intelligibility and precision.

While here, also expand the description of the "ret" argument of
BIO_callback_fn().  That's a fairly complicated and alarmingly
powerful concept, but the description was so brief that is was
barely comprehensible.

6 years agosome mode of session resumptions are not currently supported by ftp(1)
espie [Mon, 12 Feb 2018 20:25:18 +0000 (20:25 +0000)]
some mode of session resumptions are not currently supported by ftp(1)
be fair to those servers, display a more accurate message of what we know

6 years agoAdd the missing RETURN VALUES section;
schwarze [Mon, 12 Feb 2018 16:57:32 +0000 (16:57 +0000)]
Add the missing RETURN VALUES section;
from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800
with tweaks by me.

6 years agoAdd the missing RETURN VALUES section;
schwarze [Mon, 12 Feb 2018 16:33:07 +0000 (16:33 +0000)]
Add the missing RETURN VALUES section;
from Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800.

6 years agoAdd missing RETURN VALUES section.
schwarze [Mon, 12 Feb 2018 16:04:50 +0000 (16:04 +0000)]
Add missing RETURN VALUES section.
From Paul Yang via OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800
with one tweak.

6 years agoUse IP6_SOIIKEY_LEN instead of hardcoded value.
mpi [Mon, 12 Feb 2018 15:53:05 +0000 (15:53 +0000)]
Use IP6_SOIIKEY_LEN instead of hardcoded value.

from semarie@, ok benno@

6 years agoAlways destroy all interfaces before starting a new test.
mpi [Mon, 12 Feb 2018 15:48:58 +0000 (15:48 +0000)]
Always destroy all interfaces before starting a new test.

This should make tests following a failing test pass.

6 years agoAdd the missing RETURN VALUES section and reorder the content
schwarze [Mon, 12 Feb 2018 15:45:12 +0000 (15:45 +0000)]
Add the missing RETURN VALUES section and reorder the content
accordingly.  Make some statements more precise, and point out
some dangerous traps in these ill-designed interfaces.
Also do some minor polishing while here.

Triggered by OpenSSL commit 1f13ad31 Dec 25 17:50:39 2017 +0800
by Paul Yang, but not using most of his wording because that is in
part redundant, in part incomplete, and in part outright wrong.

6 years agoPass '-inet6' to the default loopback before each test.
mpi [Mon, 12 Feb 2018 15:36:40 +0000 (15:36 +0000)]
Pass '-inet6' to the default loopback before each test.

In order to have reproducible tests route entries must not stay.  Otherwise
the 'Use' counter keeps growing.

6 years agoNow that the default loopback interface is brough UP when rdomain 5
mpi [Mon, 12 Feb 2018 15:29:28 +0000 (15:29 +0000)]
Now that the default loopback interface is brough UP when rdomain 5
is created, it gets default IPv6 addresses.  So reflect that change
in netinet6 outputs.

6 years agoRevert previous, the changed has been backed out and I wasn't running
mpi [Mon, 12 Feb 2018 15:22:52 +0000 (15:22 +0000)]
Revert previous, the changed has been backed out and I wasn't running
the last snaphot.

6 years agoFix most outputs now that lo5 is getting 127.0.0.1 automagically.
mpi [Mon, 12 Feb 2018 14:25:17 +0000 (14:25 +0000)]
Fix most outputs now that lo5 is getting 127.0.0.1 automagically.

6 years agorestore the previous semantics wrt if up, tunnel, and address config.
dlg [Mon, 12 Feb 2018 03:30:24 +0000 (03:30 +0000)]
restore the previous semantics wrt if up, tunnel, and address config.

this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.

6 years agorestore the previous semantics wrt if up, tunnel, and address config.
dlg [Mon, 12 Feb 2018 03:15:32 +0000 (03:15 +0000)]
restore the previous semantics wrt if up, tunnel, and address config.

this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.

this rollback is particularly annoying on gre with keepalives.
keepalives rely on the interface rdomain and tunnel rdomain to be
the same, which the rolled back semantics checked. now it is possible
to create an invalid configuration and not get any feedback about
it.

6 years agorestore the previous semantics wrt if up, tunnel, and address config.
dlg [Mon, 12 Feb 2018 02:55:40 +0000 (02:55 +0000)]
restore the previous semantics wrt if up, tunnel, and address config.

this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.

6 years agouse a mobileip_tunnel struct to represent the interfaces tunnel info.
dlg [Mon, 12 Feb 2018 02:33:50 +0000 (02:33 +0000)]
use a mobileip_tunnel struct to represent the interfaces tunnel info.

this avoids allocating a mobileip_softc on the stack to build a key
for looking up interfaces with on packet input. struct ifnet inside
mobileip_softc is "quite large", and may blow the 2k limit one day.

6 years agorestore the previous semantics wrt if up, tunnel, and address config.
dlg [Mon, 12 Feb 2018 01:43:42 +0000 (01:43 +0000)]
restore the previous semantics wrt if up, tunnel, and address config.

our network drivers have a feature where if you configure an address
on the interface, it implicitly brings the interface up. i changed
etherip so you could only change the tunnel configuration while it
down, but maintained the implicit up behaviour. bringing the tunnel
up also relied on having valid configuration, ie, tunnel addreses
must be configured otherwise up will fail.

this means people who have address config in their hostname.etherip
files before config for the tunnel addresses will have problems.
firstly, the address wont be configured because falling through to
the interface up fails because the tunnel isnt configured correctly,
and that error makes the address config roll back. secondly, config
that relies on configuring the address to bring the interface up
will fail because there's no explicit up after the tunnel config.

this diff rolls the tunnel config back to keeping the interface on
a list, and allowing config at any time. the caveat to this is that
it makes mpsafety hard because inconsistent intermediate states are
visible when packets are being processed.

6 years agoSimplify documentation of split-screen mode, avoiding abuse of []
schwarze [Mon, 12 Feb 2018 01:10:46 +0000 (01:10 +0000)]
Simplify documentation of split-screen mode, avoiding abuse of []
to sometimes mean "character set", which conflicts with the normal
meaning of "optional element" in manual pages.  While here, add a
few related clarifications and tweak a few details.
Triggered by a minor bug report from <trondd at kagu-tsuchi dot com>,
and by bentley@ subsequently pointing out the abuse of [].
Patch using input from jmc@, who also agreed with some previous versions.

6 years agoTypo in a comment (CR$_VMXE instead of CR4_VMXE). No functional change.
mlarkin [Mon, 12 Feb 2018 00:59:28 +0000 (00:59 +0000)]
Typo in a comment (CR$_VMXE instead of CR4_VMXE). No functional change.

6 years ago; ends c statements, not ;;
dlg [Mon, 12 Feb 2018 00:09:39 +0000 (00:09 +0000)]
; ends c statements, not ;;

6 years agodont handle SIOCSIFRDOMAIN twice, egre isn't supposed to filter it.
dlg [Mon, 12 Feb 2018 00:07:53 +0000 (00:07 +0000)]
dont handle SIOCSIFRDOMAIN twice, egre isn't supposed to filter it.

6 years agoOoops. After getting a NAK in response to a renewal REQUEST, we delete
krw [Sun, 11 Feb 2018 22:00:19 +0000 (22:00 +0000)]
Ooops. After getting a NAK in response to a renewal REQUEST, we delete
the interface's address and thus the cached configuration data becomes
invalid and must be discarded.

Issue found & fix tested by Christer Solskogen. Thanks!

6 years agoRevert rev 1.163. Causes network issues in Firefox.
matthieu [Sun, 11 Feb 2018 21:53:57 +0000 (21:53 +0000)]
Revert rev 1.163. Causes network issues in Firefox.

ok mpi@ who will investigate.

6 years agoDon't reset signal handlers inside handlers.
dtucker [Sun, 11 Feb 2018 21:16:56 +0000 (21:16 +0000)]
Don't reset signal handlers inside handlers.

The signal handlers from the original ssh1 code on which OpenSSH
is based assume unreliable signals and reinstall their handlers.
Since OpenBSD (and pretty much every current system) has reliable
signals this is not needed.  In the unlikely even that -portable
is still being used on such systems we will deal with it in the
compat layer.  ok deraadt@

6 years agoUse the new APIs for setting block lengths and reading from/writing to
patrick [Sun, 11 Feb 2018 21:10:03 +0000 (21:10 +0000)]
Use the new APIs for setting block lengths and reading from/writing to
memory regions.