jmc [Sun, 29 Dec 2013 21:19:11 +0000 (21:19 +0000)]
update sha256(1) to better reflect that it documents sha512 now too.
that led me to whack some unneccessary mark up and quoting (and phrasing),
and the changes to the other pages are really just to unify the newer
text layout;
tedu provided feedback and answers (thanks);
miod [Sun, 29 Dec 2013 21:06:37 +0000 (21:06 +0000)]
In tlbdsmiss, do not trash the tlb pointer by mistake. From NetBSD (PR #39257)
brad [Sun, 29 Dec 2013 19:09:21 +0000 (19:09 +0000)]
Remove excessive parentheses.
pmap.c:1061:13: error: equality comparison with extraneous parentheses [-Werror,-Wparentheses-equality]
ok mpi@
jmc [Sun, 29 Dec 2013 18:46:09 +0000 (18:46 +0000)]
grammar fix previous;
jmc [Sun, 29 Dec 2013 18:44:43 +0000 (18:44 +0000)]
puccini entry already appears in calendar.music;
From: frantisek holop
miod [Sun, 29 Dec 2013 18:31:50 +0000 (18:31 +0000)]
Force clock clamping after one byte received instead of three. There are still
circumstances where the pckbc code gets confused otherwise, on *some*
controllers.
krw [Sun, 29 Dec 2013 14:26:22 +0000 (14:26 +0000)]
Fix fd leaks when fd < 0 or flock() fails. Original diff from
NetBSD via Loganaden Velvindron out of cppcheck.
espie [Sun, 29 Dec 2013 13:40:54 +0000 (13:40 +0000)]
fix sign-while-creating mode
djm [Sun, 29 Dec 2013 05:57:02 +0000 (05:57 +0000)]
when showing other hostkeys, don't forget
Ed25519 keys
martynas [Sun, 29 Dec 2013 05:46:43 +0000 (05:46 +0000)]
- Verify that the FPU exception flags weren't clobbered as required by C99.
- Additionally, test _setjmp and sigsetjmp as implementations are different.
djm [Sun, 29 Dec 2013 05:42:16 +0000 (05:42 +0000)]
don't forget to load
Ed25519 certs too
djm [Sun, 29 Dec 2013 04:35:50 +0000 (04:35 +0000)]
don't refuse to load
Ed25519 certificates
djm [Sun, 29 Dec 2013 04:29:25 +0000 (04:29 +0000)]
allow deletion of
ed25519 keys from the agent
djm [Sun, 29 Dec 2013 04:20:04 +0000 (04:20 +0000)]
to make sure we don't omit any key types as valid CA keys again,
factor the valid key type check into a key_type_is_valid_ca()
function
guenther [Sun, 29 Dec 2013 03:16:42 +0000 (03:16 +0000)]
Add MLINK for db_vprintf(9)
guenther [Sun, 29 Dec 2013 03:15:03 +0000 (03:15 +0000)]
Add db_vprintf() and indicate that db_v?printf() are in <ddb/db_output.h>
djm [Sun, 29 Dec 2013 02:49:52 +0000 (02:49 +0000)]
correct comment for key_drop_cert()
djm [Sun, 29 Dec 2013 02:37:04 +0000 (02:37 +0000)]
correct comment for key_to_certified()
djm [Sun, 29 Dec 2013 02:28:10 +0000 (02:28 +0000)]
allow
ed25519 keys to appear as certificate authorities
martynas [Sun, 29 Dec 2013 01:39:44 +0000 (01:39 +0000)]
Add a regression test to verify that the FPU control word state is
preserved by setjmp. Currently under REGRESS_FULL as this fails
on certain archs.
miod [Sun, 29 Dec 2013 00:55:11 +0000 (00:55 +0000)]
regen
miod [Sun, 29 Dec 2013 00:55:06 +0000 (00:55 +0000)]
Intel NM70
miod [Sat, 28 Dec 2013 23:37:00 +0000 (23:37 +0000)]
The mips partition table in the volume header uses 512-byte logical units,
not sectors; don't multiply by the sector size to get the proper disk offsets.
This will let install.iso be built with the OpenBSD label at the expected
location, instead of within the ffs filesystem; we had been lucky enough the
area being overwritten was not in use so far.
krw [Sat, 28 Dec 2013 21:48:04 +0000 (21:48 +0000)]
Remove unused variable 'token'. Spotted by deraadt@
kettenis [Sat, 28 Dec 2013 21:00:21 +0000 (21:00 +0000)]
Try to load entropy data from disk:/etc/random.seed. Then, insert this into
the ELF openbsd.randomdata of the kernel, so that it has entropy right from
the start.
deraadt [Sat, 28 Dec 2013 20:52:48 +0000 (20:52 +0000)]
oops, the fallback stack protector code must handle 64-bit guards
spotted by kettenis
brad [Sat, 28 Dec 2013 20:32:16 +0000 (20:32 +0000)]
Always call PHY_RESET upon attaching eephy(4) so as to do PHY initialization,
to match behavior before rev 1.52.
ok deraadt@
kettenis [Sat, 28 Dec 2013 19:27:35 +0000 (19:27 +0000)]
Make sure the PT_OPENBSD_RANDOMIZE program header actually covers the data
we want to initialize with randomness. It covered exactly nothing before!
deraadt [Sat, 28 Dec 2013 19:04:35 +0000 (19:04 +0000)]
sync
deraadt [Sat, 28 Dec 2013 18:42:42 +0000 (18:42 +0000)]
Do not need __guard[] anymore since we are now relying on __guard_local
for a while already
ok miod kettenis
deraadt [Sat, 28 Dec 2013 18:41:48 +0000 (18:41 +0000)]
Do not need __guard anymore
Discussion with miod
ok kettenis
kettenis [Sat, 28 Dec 2013 18:38:42 +0000 (18:38 +0000)]
Move atexit(3) into crtbegin.c and certbeginS.c such that we can pass the
right __dso_handle and have dlopen'ed shared objects run their atexit handlers
when they get unloaded. This is what Linux does, and several ports depend on
this behaviour (and will crash upon exit without this chang).
Based on an earlier diff from matthew@
Tested by ajacoutot@
ok deraadt@
kettenis [Sat, 28 Dec 2013 18:20:51 +0000 (18:20 +0000)]
Back out the previous commit; rodata gets merged with text by the linker.
Having a seperate rodata segment won't work anyway without significant pmap
changes.
deraadt [Sat, 28 Dec 2013 17:57:51 +0000 (17:57 +0000)]
create rodata PHDR; ok kettenis
miod [Sat, 28 Dec 2013 17:57:14 +0000 (17:57 +0000)]
Require an explicit PT_OPENBSD_RANDOMIZE program header in the kernel linker
script (note that the amd64 linker script is currently not used).
Discussed with deraadt@
deraadt [Sat, 28 Dec 2013 17:08:48 +0000 (17:08 +0000)]
i386 changes to PIE. See faq/current.html or use the snapshots to cross
this.
jsing [Sat, 28 Dec 2013 15:16:28 +0000 (15:16 +0000)]
Further clean up and unification of the amd64 and i386 boot(8) makefiles.
jsing [Sat, 28 Dec 2013 15:05:34 +0000 (15:05 +0000)]
Actually load the second-stage boot loader so that softraid can store it in
the softraid boot area.
jsing [Sat, 28 Dec 2013 15:03:47 +0000 (15:03 +0000)]
sparc64 uses /ofwboot as the second stage, not /boot.
jsing [Sat, 28 Dec 2013 14:45:57 +0000 (14:45 +0000)]
Add installboot support for sparc64.
jsing [Sat, 28 Dec 2013 13:58:15 +0000 (13:58 +0000)]
Add installboot support for the remaining `disklabel -B' architectures
(hp300, hppa64 and landisk). hp300 and landisk are untested, however they
should "just work" - hopefully someone with access to this hardware can
confirm.
jsing [Sat, 28 Dec 2013 12:03:57 +0000 (12:03 +0000)]
Add installboot support for vax.
jsing [Sat, 28 Dec 2013 12:01:33 +0000 (12:01 +0000)]
Round the size of the bootstrap up to a multiple of the disk sector size.
Some bootstraps are already built this way, however others are not.
jsing [Sat, 28 Dec 2013 11:26:57 +0000 (11:26 +0000)]
Various code clean ups - add a missing header, add a missing prototype,
add some casts, tweak some types and variable names.
jsing [Sat, 28 Dec 2013 11:00:33 +0000 (11:00 +0000)]
Tweak makefiles so that we pull in source files based on defines.
deraadt [Sat, 28 Dec 2013 03:39:16 +0000 (03:39 +0000)]
Attempt to approximate what should happen on a suspend/resume cycle.
If the driver was doing some IO, we remove the timeouts, and force the
fdc state machine into IOTIMEDOUT state with the final timeout count
before a clean retry. In theory upon resume it should freak out quietly,
and try the operation again.
Noone has stepped forward to test this yet.
deraadt [Sat, 28 Dec 2013 03:36:25 +0000 (03:36 +0000)]
Sync activate code sequnces to if_msk.c as much as possible, in case
one of these is ever found in a suspend/hibernate system.
deraadt [Sat, 28 Dec 2013 03:35:42 +0000 (03:35 +0000)]
The few network drivers that called their children's (ie. mii PHY
drivers) activate functions at DVACT_RESUME time do not need to do
so, since their PHYs are repaired by IFF_UP.
NOTE: if_msk is the one that previously relied on mii/eephy.c doing
a crazy dance.
deraadt [Sat, 28 Dec 2013 03:34:53 +0000 (03:34 +0000)]
The few network drivers that called their children's (ie. mii PHY
drivers) activate functions at DVACT_RESUME time do not need to do
so, since their PHYs are repaired by IFF_UP.
deraadt [Sat, 28 Dec 2013 03:30:40 +0000 (03:30 +0000)]
mii drivers no longer need activate functions. Repair of the PHY
configuration setting is done at resume time because all networks
drivers which were previously up, do an IFF_UP operation which
hits PHY_RESET.
This was in snapshots for about 2 weeks.
deraadt [Sat, 28 Dec 2013 03:28:45 +0000 (03:28 +0000)]
Move the fairly heavy eephy_init sequence [which was only done at
attach() and activate() time] into the eephy_reset() routine. This
means that a bit more work gets done at PHY_RESET time, but it means
also means it gets done in all scenarios. Why? For the next commit...
This was in snapshots for about 2 weeks.
deraadt [Sat, 28 Dec 2013 03:22:52 +0000 (03:22 +0000)]
change the stack protector guard into a long word (removing the old legacy
compat pointed out by miod), and place it inside the ELF .openbsd.randomdata
segment. Inside main(), only re-initialize the guard if the bootblocks
failed to initialize it for us.
martynas [Sat, 28 Dec 2013 03:19:02 +0000 (03:19 +0000)]
- adjust getcwd-1.c.exp.gcc{3,4} after the getwd linker warning got added
- adjust gcc-builtins to use the same approach as gcc-bounds
- enable gcc-bounds and gcc-builtins in the default regression suite
now that everything passes
deraadt [Sat, 28 Dec 2013 03:12:56 +0000 (03:12 +0000)]
We can initialize the srandom/random system earlier from arc4random,
and do not need microtime.
deraadt [Sat, 28 Dec 2013 03:04:20 +0000 (03:04 +0000)]
We can random_start() earlier (not that it does too much) and call
arc4random() much earlier. Leading to random pids for anything
besides 0 and 1.
deraadt [Sat, 28 Dec 2013 02:58:17 +0000 (02:58 +0000)]
Put the entropy_pool[] into the ELF .openbsd.randomdata segment.
Also allow random_init() to be called later, by moving a few
entropy control initializions into the lower-level _rs_seed() layer.
tested by jsing, phessler and a few others
deraadt [Sat, 28 Dec 2013 02:53:03 +0000 (02:53 +0000)]
crank the version
deraadt [Sat, 28 Dec 2013 02:51:06 +0000 (02:51 +0000)]
Try to load entropy data from disk:/etc/random.seed, and additionally
use a MD-supplied random function. Then, insert this into the ELF
openbsd.randomdata of the kernel, so that it has entropy right from
the start. Some help from jsing for the softraid aspects.
Also tested by phessler
jsing [Sat, 28 Dec 2013 02:40:41 +0000 (02:40 +0000)]
If we fail to decrypt the softraid keys, return EPERM rather than falling
through and failing when we attempt to read and validate the disklabel.
Also return ENOTSUP rather than EPERM if an attempt is made to write to a
softraid volume.
deraadt [Sat, 28 Dec 2013 02:33:15 +0000 (02:33 +0000)]
Use preprocessor symbols where possible.
martynas [Sat, 28 Dec 2013 02:27:08 +0000 (02:27 +0000)]
Prevent GCC from inlining these unsafe builtins: sprintf, vsprintf,
stpcpy, strcat, strcpy. Also don't simplify some safe builtins
into unsafe ones, otherwise we'll hit the linker with the bogus
warning. OK miod@, millert@.
jsing [Sat, 28 Dec 2013 02:25:26 +0000 (02:25 +0000)]
Add initial implementations of early MD random, for use in the boot code.
This makes use of rdrand if the CPU supports it, otherwise we fall back to
using rdtsc. Further development will happen in the tree.
Tested by phessler@
ok deraadt@
martynas [Sat, 28 Dec 2013 02:14:32 +0000 (02:14 +0000)]
Add regression tests to check whether GCC folds unsafe builtins and
actually shows the security warning. Also add some other cases
where GCC used to yield the warning but shouldn't (e.g. strncat
simplified into strcat).
martynas [Sat, 28 Dec 2013 01:51:53 +0000 (01:51 +0000)]
Annotate a few more bounded functions: realpath(3) needs a buffer
of size at least PATH_MAX. pread(2), pwrite(2) and readlinkat(2)
also take the buffer and the bound. OK theo.
deraadt [Sat, 28 Dec 2013 01:00:18 +0000 (01:00 +0000)]
document a hack we want fixed later
rpe [Fri, 27 Dec 2013 23:43:39 +0000 (23:43 +0000)]
- add chmod of seedfile in /etc
- use its return code for single/multiuser detection
ok deraadt
rpe [Fri, 27 Dec 2013 23:40:29 +0000 (23:40 +0000)]
re-use random_seed in shutdown section
ok deraadt
djm [Fri, 27 Dec 2013 22:37:18 +0000 (22:37 +0000)]
correct comment
deraadt [Fri, 27 Dec 2013 22:34:40 +0000 (22:34 +0000)]
create a seed file for the bootloader in /etc/random.seed
deraadt [Fri, 27 Dec 2013 22:33:27 +0000 (22:33 +0000)]
nest random_seed() contents into a single redirection
idea from rpe
djm [Fri, 27 Dec 2013 22:30:17 +0000 (22:30 +0000)]
make the original RSA and DSA signing/verification code look more like
the ECDSA/
Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
deraadt [Fri, 27 Dec 2013 22:15:40 +0000 (22:15 +0000)]
re-do shutdown operations. Run the scripts if we may; take down carp
unconditionally, and then do the optional powerdown
discussed at length with rpe
deraadt [Fri, 27 Dec 2013 22:08:37 +0000 (22:08 +0000)]
remove lots from the Makefile, since this never depended on libsa.
deraadt [Fri, 27 Dec 2013 21:43:47 +0000 (21:43 +0000)]
sync
deraadt [Fri, 27 Dec 2013 21:40:57 +0000 (21:40 +0000)]
oops, correct wording
deraadt [Fri, 27 Dec 2013 21:40:16 +0000 (21:40 +0000)]
correct comment about why first 16 pages are skipped: SMI corruption
is the real cause
discussed with mlarkin
deraadt [Fri, 27 Dec 2013 19:17:28 +0000 (19:17 +0000)]
from netbsd, free(bbp) in error paths. Coverity CID 274748.
via Loganaden Velvindron
deraadt [Fri, 27 Dec 2013 18:32:19 +0000 (18:32 +0000)]
do not need to create the stack cookie using a constructor anymore,
since the kernel supplies a .openbsd.randomdata segment.
ok matthew miod guenther
deraadt [Fri, 27 Dec 2013 18:08:36 +0000 (18:08 +0000)]
/stand went away
prompted by jmc
deraadt [Fri, 27 Dec 2013 17:41:30 +0000 (17:41 +0000)]
/stand has not been used in decades
ok miod
jsing [Fri, 27 Dec 2013 15:02:49 +0000 (15:02 +0000)]
Instead of playing #include games to get a 32-bit ELF implementation on
amd64, simply compile in our own nlist_elf32. Remove ECOFF and AOUT from
the nlist implementation since we do not need it.
This makes the code identical for the i386 and amd64 versions of
installboot(8).
jsing [Fri, 27 Dec 2013 14:23:49 +0000 (14:23 +0000)]
Add installboot support for hppa.
jsing [Fri, 27 Dec 2013 14:17:55 +0000 (14:17 +0000)]
Provide a bootstrap implementation (effectively a `disklabel -B'
equivalent) for use with architectures like hppa, landisk and vax.
jsing [Fri, 27 Dec 2013 14:12:56 +0000 (14:12 +0000)]
Add installboot support for amd64.
jsing [Fri, 27 Dec 2013 14:03:00 +0000 (14:03 +0000)]
Rename some confusing variables.
jsing [Fri, 27 Dec 2013 13:52:40 +0000 (13:52 +0000)]
Initial version of a unified installboot(8) that lives outside of
sys/arch/${MACHINE}/stand. For now this only supports i386, however
additional architectures will be added and further development can happen
in tree.
Requested by deraadt@ quite some time ago.
deraadt [Fri, 27 Dec 2013 04:21:48 +0000 (04:21 +0000)]
when forcing a re-key, might as well toss in dmesg as additional seed
material
deraadt [Fri, 27 Dec 2013 04:21:03 +0000 (04:21 +0000)]
all the random devices have been the same for a while; so let us avoid
being obtuse and use /dev/random
deraadt [Fri, 27 Dec 2013 03:22:27 +0000 (03:22 +0000)]
remove non-openbsd.randomdata parts
ok miod matthew
schwarze [Fri, 27 Dec 2013 00:48:18 +0000 (00:48 +0000)]
Add HISTORY and AUTHORS; triggered by a shorter patch from bcallah@.
OK bcallah@ on a previous version, plus feedback from guenther@.
guenther [Fri, 27 Dec 2013 00:00:49 +0000 (00:00 +0000)]
Document the P_SUSPSINGLE flag bit
miod [Thu, 26 Dec 2013 21:02:37 +0000 (21:02 +0000)]
When running the ll/sc version of the mutex code (for MULTIPROCESSOR kernels),
correctly handle sc failures. All other ll/sc constructs were doing this
correctly but apparently noone had noticed mutex did not.
mlarkin [Thu, 26 Dec 2013 18:52:09 +0000 (18:52 +0000)]
Back at t2k13, I wrote code to park APs in real mode before resuming a
hibernated image. We backed out the code because it was causing reboots on
resume. Turns out the parking code had a bug that caused the CPU to jump
to some bogus address (calculating a bad offset for the jump target), which
was likely the source of the problem. This diff fixes the bad offset
calculation (verified by looking at the resulting asm output). This will be
the first step in attempting to resurrect the original idea (and eventually
add i386 if/when it works).
discussed with deraadt@
espie [Thu, 26 Dec 2013 18:05:31 +0000 (18:05 +0000)]
make absence of pkg_scripts non silent, after nits from theo and halex.
okay rpe@, kirby@
eric [Thu, 26 Dec 2013 17:32:33 +0000 (17:32 +0000)]
constify data parameter in imsg_add() and imsg_compose()
ok deraadt@
eric [Thu, 26 Dec 2013 17:25:32 +0000 (17:25 +0000)]
bcopy -> memmove
bzero -> memset
schwarze [Thu, 26 Dec 2013 17:23:31 +0000 (17:23 +0000)]
Rework the documentation of Spaces, using the Ossanna/Kernighan/Ritter
Heirloom Nroff/Troff User's Manual at the authoritative reference.
Part of our text was outright wrong.
Also, refrain from advertising the paddable non-breaking space `\~'
in the DESCRIPTION, for three reasons: For nroff mode, -Tascii, and
fixed width fonts in general, it makes no difference, so keep the
discussion simple. Compared to `\ ', '\~' is of questionable portability.
And if you want to keep words together, it is also more usual that you
don't want padding to intervene either.
Finally, drop the `\c' escape sequence (interrupt text processing)
which is not a special character but an input processing instruction
akin to the \<newline> escape sequence.
kettenis [Thu, 26 Dec 2013 16:22:55 +0000 (16:22 +0000)]
spacing
espie [Thu, 26 Dec 2013 10:25:07 +0000 (10:25 +0000)]
to be dealt with
espie [Thu, 26 Dec 2013 07:17:15 +0000 (07:17 +0000)]
either dvp == vp or dvp != vp: zap extra test.
okay guenther@