openbsd
3 years agoPass `uobj' to uvmfault_unlockall() at the end of the fault handler.
mpi [Sun, 5 Sep 2021 07:59:47 +0000 (07:59 +0000)]
Pass `uobj' to uvmfault_unlockall() at the end of the fault handler.

This is currently a NOOP but will become necessary to unlock the UVM
object with the upcoing "vmobjlock" diff.

Tested by patrick@ and robert@

ok jsg@

3 years agonew sentence, new line, and tweak wording of previous;
jmc [Sun, 5 Sep 2021 06:16:30 +0000 (06:16 +0000)]
new sentence, new line, and tweak wording of previous;

3 years agoRemove unused variable tmptm in do_body of openssl(1) ca
inoguchi [Sun, 5 Sep 2021 04:05:14 +0000 (04:05 +0000)]
Remove unused variable tmptm in do_body of openssl(1) ca

3 years agoUsing serial number instead as subject if it is empty in openssl(1) ca
inoguchi [Sun, 5 Sep 2021 01:55:54 +0000 (01:55 +0000)]
Using serial number instead as subject if it is empty in openssl(1) ca

This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.

ok tb@

3 years agoCheck extensions before setting version to v3
inoguchi [Sun, 5 Sep 2021 01:49:42 +0000 (01:49 +0000)]
Check extensions before setting version to v3

Referred to OpenSSL commit 4881d849 and arranged for our codebase.

comment and ok from tb@

3 years agoUse accessor method rather than direct X509 structure access
inoguchi [Sun, 5 Sep 2021 01:33:18 +0000 (01:33 +0000)]
Use accessor method rather than direct X509 structure access

Referred to OpenSSL commit a8d8e06b and arranged for our codebase.

comment and ok from tb@

3 years agosync
deraadt [Sat, 4 Sep 2021 23:58:54 +0000 (23:58 +0000)]
sync

3 years agoduring prioritization for man(1), correctly extract the section name
schwarze [Sat, 4 Sep 2021 22:37:26 +0000 (22:37 +0000)]
during prioritization for man(1), correctly extract the section name
from the file name extension of gzipped manual page files; bug found
on Alpine Linux by Soeren Tempel <soeren at soeren hyphen tempel dot net>,
who also tested this patch

3 years agoTo mitigate against spectre attacks, AMD processors without the
bluhm [Sat, 4 Sep 2021 22:15:33 +0000 (22:15 +0000)]
To mitigate against spectre attacks, AMD processors without the
IBRS feature need an lfence instruction after every near ret.  Place
them after all functions in the kernel which are implemented in
assembler.  Change the retguard macro so that the end of the lfence
instruction is 16-byte aligned now.  This prevents that the ret
instruction is at the end of a 32-byte boundary.  The latter would
cause a performance impact on certain Intel processors which have
a microcode update to mitigate the jump conditional code erratum.
See software techniques for managing speculation on AMD processors
revision 9.17.20 mitigation G-5.
See Intel mitigations for jump conditional code erratum revision
1.0 november 2019 2.4 software guidance and optimization methods.
OK deraadt@ mortimer@

3 years agomdoc(7): improve output of .At 32v
schwarze [Sat, 4 Sep 2021 20:24:40 +0000 (20:24 +0000)]
mdoc(7): improve output of .At 32v

The official designation by AT&T was "UNIX/32V", so use that in the output.
That also makes sense because "system/architecture" is a widespread
convention to refer to the port of an operating system to a specific
architecture, in this case 32V (32bit DEC VAX).

The former wording "Version 32V AT&T UNIX" was misleading
because 32V is not a version number.

Even though UNIX/32V was not officially designated as Version 7 by AT&T,
prepend "Version 7" because it was in fact a straightforward port of
Version 7 AT&T UNIX.  That makes it easier to understand for 21st
century readers of manual pages.

Suggested by nabijaczleweli at nabijaczleweli dot xyz.
Same change as in GNU troff commit 21d30728.
OK  G dot Branden dot Robinson at gmail dot com  (gbranden@ in groff)

3 years agodelete a stray word reported by wilfried dot meindl at gmail dot com;
schwarze [Sat, 4 Sep 2021 19:21:39 +0000 (19:21 +0000)]
delete a stray word reported by wilfried dot meindl at gmail dot com;
while here, delete the redundant word "will" right in front of it, too

3 years agoFactor out the TLSv1.3 code that handles content from TLS records.
jsing [Sat, 4 Sep 2021 16:26:12 +0000 (16:26 +0000)]
Factor out the TLSv1.3 code that handles content from TLS records.

Currently, the plaintext content from opened TLS records is handled via
the rbuf code in the TLSv1.3 record layer. Factor this out and provide a
separate struct tls_content, which knows how to track and manipulate the
content.

This makes the TLSv1.3 code cleaner, however it will also soon also be used
to untangle parts of the legacy record layer.

ok beck@ tb@

3 years agoRefactor ssl_update_cache. This now matches the logic used for TLS 1.3
beck [Sat, 4 Sep 2021 15:21:45 +0000 (15:21 +0000)]
Refactor ssl_update_cache. This now matches the logic used for TLS 1.3
in Openssl 1.1.1 for when to call the session callbacks. I believe it
to also generates a lot less eye bleed, confirmed by tb@

ok jsing@ tb@

3 years agoImprove DTLS hello request handling code.
jsing [Sat, 4 Sep 2021 14:31:54 +0000 (14:31 +0000)]
Improve DTLS hello request handling code.

Rather than manually checking multiple bytes, actually parse the DTLS
handshake message header, then check the values against what we parsed.

ok inoguchi@ tb@

3 years agoChange dtls1_get_message_header() to take a CBS.
jsing [Sat, 4 Sep 2021 14:24:28 +0000 (14:24 +0000)]
Change dtls1_get_message_header() to take a CBS.

The callers know the actual length and can initialise a CBS correctly.

ok inoguchi@ tb@

3 years agoImprove DTLS record header parsing.
jsing [Sat, 4 Sep 2021 14:15:52 +0000 (14:15 +0000)]
Improve DTLS record header parsing.

Rather than pulling out the epoch and then six bytes of sequence number,
pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch
off the start of the sequence number.

ok inoguchi@ tb@

3 years agoIn the fallback code to look for manual pages without using mandoc.db(5),
schwarze [Sat, 4 Sep 2021 12:47:04 +0000 (12:47 +0000)]
In the fallback code to look for manual pages without using mandoc.db(5),
accept files "man<one-digit-section>/<name>.<full-section>"
in addition the already supported "man<full-section>/name.[01-9]*".
Needed for example on Alpine Linux which puts its Perl manuals
into "man3/<name>.3pm" and the POSIX manuals into "man3/<name>.3p".

While here, allow the glob(3) at the end of fs_lookup() to add multiple
matches to the result set.  This improves man -w output and may also
help some cases of plain man(1), allowing main() to prioritize properly
rather than fs_lookup() picking a random match.

None of this really matters for standard manpaths on OpenBSD because
both base system and ports developers are highly disciplined about
putting manual pages into properly named files and directories, but
even on OpenBSD, it may help to access some raw, unported third-party
manual page trees.

Issue reported and patch tested
by Soeren Tempel <soeren at soeren hyphen tempel dot net>.

3 years agoAdd uaq(4), a driver for Aquantia AQC111U/AQC112U USB ethernet devices.
jmatthew [Sat, 4 Sep 2021 12:11:45 +0000 (12:11 +0000)]
Add uaq(4), a driver for Aquantia AQC111U/AQC112U USB ethernet devices.

hardware provided by Brad
tested with modest success by mlarkin@, kevlo@ and Brad
ok kevlo@

3 years ago* avoid the misleading wording "second kill signal"
schwarze [Sat, 4 Sep 2021 11:58:31 +0000 (11:58 +0000)]
* avoid the misleading wording "second kill signal"
* simplify and shorten EXIT STATUS, no change with respect to the meaning
* cut down HISTORY to the usual amount of information
feedback deraadt@ and jmc@; OK deraadt@; OK jmc@ on an earlier version

3 years ago* more specific error messages
schwarze [Sat, 4 Sep 2021 11:49:11 +0000 (11:49 +0000)]
* more specific error messages
* no need to check suffix != NULL twice in a row
* style:  *(suffix + 1)  ->  suffix[1]
feedback & OK deraadt@

3 years agoRevert list_move() to list_move_tail() change from last commit since it
mglocker [Sat, 4 Sep 2021 10:19:28 +0000 (10:19 +0000)]
Revert list_move() to list_move_tail() change from last commit since it
turned out that it has a negative impact to isoc transfers timing with our
driver implementation.

3 years agoin backtraces, print as many arguments as the function actually has
jasper [Sat, 4 Sep 2021 07:13:14 +0000 (07:13 +0000)]
in backtraces, print as many arguments as the function actually has

since amd64 is compiled with -msave-args we have all arguments available to print and
there's no reason to limit this to six.

discussed with kettenis@

3 years agoDisable tests that don't work in bluhms regress framework.
mbuhl [Sat, 4 Sep 2021 07:06:58 +0000 (07:06 +0000)]
Disable tests that don't work in bluhms regress framework.

3 years agoMake sure that strings passed to printline() are always NUL terminated.
bluhm [Fri, 3 Sep 2021 23:57:30 +0000 (23:57 +0000)]
Make sure that strings passed to printline() are always NUL terminated.
There was a corner case with a very long message received over TCP
or TLS where this was not clear.  Force a '\0' where this line is
truncated.
OK martijn@ deraadt@

3 years agoAdd X509 Extensions for IP Addresses and AS Identifiers
job [Fri, 3 Sep 2021 23:30:42 +0000 (23:30 +0000)]
Add X509 Extensions for IP Addresses and AS Identifiers

(subordinate code paths are include guarded)

OK tb@

3 years ago* add the missing STANDARDS section as noticed by tb@
schwarze [Fri, 3 Sep 2021 16:51:47 +0000 (16:51 +0000)]
* add the missing STANDARDS section as noticed by tb@
* mention that the *optionp input string will be modified
* clarify that the array of tokens is expected to be NULL-terminated
OK millert@ tb@, and the first half of STANDARDS also OK jmc@

3 years agoadd kprobes provider for dt
jasper [Fri, 3 Sep 2021 16:45:44 +0000 (16:45 +0000)]
add kprobes provider for dt

this allows us to dynamically trace function boundaries with btrace by patching
prologues and epilogues with a breakpoint upon which the handler records the data,
sends it back to userland for btrace to consume.
currently it's hidden behind DDBPROF, and there is still a lot to cleanup and
improve, but basic scripts that observe return codes from a probed function
work.

from Tom Rollet, with various changes by me
feedback and ok mpi@

3 years agoUse a define for the iov array size in syslogd. This is better
bluhm [Fri, 3 Sep 2021 16:28:33 +0000 (16:28 +0000)]
Use a define for the iov array size in syslogd.  This is better
than passing the magic number 6 around and checking at runtime
whether its fits.
OK deraadt@ martijn@ mvs@

3 years agoAllow the compiler driver to link the libclang_rt.profile library.
fcambus [Fri, 3 Sep 2021 16:11:45 +0000 (16:11 +0000)]
Allow the compiler driver to link the libclang_rt.profile library.

With this change, passing -fprofile-instr-generate -fcoverage-mapping
when building programs will attempt linking against libclang_rt.profile.a.

Please note that we do not ship the library yet.

OK jca@

3 years agoZap a chatty printf
jca [Fri, 3 Sep 2021 14:58:25 +0000 (14:58 +0000)]
Zap a chatty printf

ok mlarkin@ kettenis@

3 years agoIt's time to enable smmu(4).
patrick [Fri, 3 Sep 2021 14:53:09 +0000 (14:53 +0000)]
It's time to enable smmu(4).

ok kettenis@ some time ago

3 years agoImplement a -h option that allows specifying a target host that
tb [Fri, 3 Sep 2021 14:50:36 +0000 (14:50 +0000)]
Implement a -h option that allows specifying a target host that
will be passed to the test scripts.

3 years agoDon't pretend we support PT_STEP on this architecture.
jca [Fri, 3 Sep 2021 14:13:06 +0000 (14:13 +0000)]
Don't pretend we support PT_STEP on this architecture.

The RISC-V doesn't seem to provide hardware support for generic purpose
single stepping, and we're not emulating single stepping for riscv64
like we do for alpha or mips64.  Hiding PT_STEP makes it possible to run
inferior processes with a wip ports/devel/gdb update.

ok kettenis@

3 years agoEnable ptrace(2) support for PT_GETFPREGS/PT_SETFPREGS
jca [Fri, 3 Sep 2021 14:09:26 +0000 (14:09 +0000)]
Enable ptrace(2) support for PT_GETFPREGS/PT_SETFPREGS

The code is already there, it was unreachable because of this #if 0.
ok kettenis@

3 years agoMake virtio(4) less restrictive on the type of BAR it supports for
patrick [Fri, 3 Sep 2021 14:04:35 +0000 (14:04 +0000)]
Make virtio(4) less restrictive on the type of BAR it supports for
legacy versions.  The current version of Parallels on M1 seems to
not provide the I/O BAR that we expect, and reducing our expectations
seems to be help.

ok kettenis@

3 years agoNow that the issue is fixed, enable test-extensions.py
tb [Fri, 3 Sep 2021 13:26:20 +0000 (13:26 +0000)]
Now that the issue is fixed, enable test-extensions.py

3 years agoUse SSL3_HM_HEADER_LENGTH instead of the magic number 4.
jsing [Fri, 3 Sep 2021 13:19:12 +0000 (13:19 +0000)]
Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.

ok beck@

3 years agoEnsure that a server hello does not have trailing data.
jsing [Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)]
Ensure that a server hello does not have trailing data.

Found by tlsfuzzer.

ok beck@

3 years agoEnsure that a client hello does not have trailing data.
jsing [Fri, 3 Sep 2021 13:18:01 +0000 (13:18 +0000)]
Ensure that a client hello does not have trailing data.

Found by tlsfuzzer.

ok beck@

3 years agoSet message_size correctly when switching to the legacy stack.
jsing [Fri, 3 Sep 2021 13:16:54 +0000 (13:16 +0000)]
Set message_size correctly when switching to the legacy stack.

The message_size variable is not actually the handshake message size,
rather the number of bytes contained within the handshake message, hence
we have to subtract the length of the handshake message header.

ok beck@

3 years agoReset a net80211 node's QoS Tx sequence counter to the start of the
stsp [Fri, 3 Sep 2021 12:39:43 +0000 (12:39 +0000)]
Reset a net80211 node's QoS Tx sequence counter to the start of the
block ack window when a new Tx block ack agreement is established.

In the future this change will allow the iwx(4) driver to initialize this
sequence number such that it corresponds to what the firmware expects.

Note that ba->ba_winstart is set to ni->ni_qos_txseqs[tid] when a new Tx agg
agreement is initiated in ieee80211_node_addba_request(). Unless the driver
resets ba->ba_winstart before ieee80211_addba_resp_accept() runs, which is
what iwx(4) will do, the assignment added with this patch is a no-op.

3 years agoDocument sleep button, lid status and lidaction/pwraction support
kn [Fri, 3 Sep 2021 12:11:15 +0000 (12:11 +0000)]
Document sleep button, lid status and lidaction/pwraction support

landry added the sensor back in 2013 and suspend via sleep button also works
(at least on ThinkPads).

`machdep.{lid,pwr}action' are super useful but only mentioned in
/etc/examples/wsconsctl.conf providing poor discovery.

acpibtn(4) is the most prominent driver supporting them, so document their
behaviour here as a reference point (`man -k .=lidaction' now shows it).

suspend/hibernate wording is taken from apm(8).
sysctl value list style is taken from sysctl(2)'s KERN_POOL_DEBUG.

Feedback jmc

3 years agoMake Bob happy.
bluhm [Fri, 3 Sep 2021 11:58:24 +0000 (11:58 +0000)]
Make Bob happy.

3 years agoMake iwm(4) and iwx(4) resume code path more similar to the attach code path.
stsp [Fri, 3 Sep 2021 11:55:31 +0000 (11:55 +0000)]
Make iwm(4) and iwx(4) resume code path more similar to the attach code path.

In particular, this makes suspend/resume work on systems using msix.
Resume is not 100% reliable yet, though, failing about 1 in 20 times
to bring the interface back up.
Recovery with ifconfig down/up should be possible when things go wrong.

With help from gnezdo@ in diagnosing the issue and testing changes.

Tests:
8265: stsp
9260: florian
9560: kevlo, Uwe Werler
ax200: kevlo, Mark Patruck, beck
ax201: gnezdo

3 years agovmm(4): grab kernel lock before vmspace init
dv [Fri, 3 Sep 2021 11:47:05 +0000 (11:47 +0000)]
vmm(4): grab kernel lock before vmspace init

We need the kernel lock before calling some uvm functions. Fixes a
panic reported by syzbot.

Reported-by: syzbot+dd7a70eaf794705db27e@syzkaller.appspotmail.com
ok mlarkin@

3 years agoEnsure that iwm(4) and iwx(4) will reload firmware from disk on down/up,
stsp [Fri, 3 Sep 2021 11:41:41 +0000 (11:41 +0000)]
Ensure that iwm(4) and iwx(4) will reload firmware from disk on down/up,
and will not do so during resume.

Tested by kevlo@ on iwx(4) and by myself on iwm(4).

3 years agoMake traceroute(8) faster by sending probes and doing DNS async.
florian [Fri, 3 Sep 2021 09:13:00 +0000 (09:13 +0000)]
Make traceroute(8) faster by sending probes and doing DNS async.

Traditional traceroute would send one probe and then wait for up to 5
seconds for a reply and then send the next probe. On a lossy link that
eventually ends in a black hole this would take about 15 minutes and
people would hit control-c in anger.

This rewrites the traceroute engine to use libevent and asr's async
DNS interface. Probes are now send every 30ms or as soon as we get an
answer back. With that we got the 15 minute worse case down to about
10 seconds.

A minor adjustment that is possible with this is to delay printing a
line until we get to a line with answers. This has two effects:

1) If there are intermediate hops that don't answer, output pauses for
a bit so we keep the visual cue of "something might be wrong here".
2) If there is a black hole at the end, we don't print out many "* * *"
lines and thus scrolling the interesting bits out of the terminal.
We collapse those lines and just print
    64 * * *
at the end.

Unfortunately the -c option to send udp probes to a fixed port had to
go for now. But we should be able to add it back.

"Once you have seen the new one you can't go back to the old one" &
enthusiastic OK deraadt@
OK sthen@
"I am very distressed that florian went to bed without committing it"
beck@

3 years agoCall the callback on success in new verifier in a compatible way
beck [Fri, 3 Sep 2021 08:58:53 +0000 (08:58 +0000)]
Call the callback on success in new verifier in a compatible way
when we succeed with a chain, and ensure we do not call the callback
twice when the caller doesn't expect it.  A refactor of the end of
the legacy verify code in x509_vfy is probably overdue, but this
should be done based on a piece that works. the important bit here
is this allows the perl regression tests in tree to pass.

Changes the previously committed regress tests to test the success
case callbacks to be known to pass.

ok bluhm@ tb@

3 years agoUpdate Albuquerque, NM zip codes.
bentley [Fri, 3 Sep 2021 08:22:25 +0000 (08:22 +0000)]
Update Albuquerque, NM zip codes.

3 years agosigh -- review one one pointless sys/param.h, and discover all the includes
deraadt [Fri, 3 Sep 2021 08:18:31 +0000 (08:18 +0000)]
sigh -- review one one pointless sys/param.h, and discover all the includes
are a mess.

3 years agoMention RFC8050 in bgpd.8
claudio [Fri, 3 Sep 2021 07:58:07 +0000 (07:58 +0000)]
Mention RFC8050 in bgpd.8

3 years agoAdd add-path support in MRT dumps (RFC8050).
claudio [Fri, 3 Sep 2021 07:48:24 +0000 (07:48 +0000)]
Add add-path support in MRT dumps (RFC8050).

This works for table-v2 formats and also for the all and update dumps.
For the latter the code needs to inspect the UPDATE message to guess if
add-path is used in that message or not.  Add-path can be enabled per
AFI and alters the NLRI encoding without any way to detect.
For table dumps we decided to dump RIB_GENERIC entires the same way as
gobgp and not use the encoding from the RFC. The RFC specifies that
RIB_GENERIC (non-IPv4/v6) entries in a way that is not only different
but also against the normal codeflow. Only gobgp seems to implement
RIB_GENERIC encoding (neither bird nor frr/quagga do) and so it makes
sense to follow their way.

OK benno@

3 years agoUse .Cm instead of .Dq in StrictHostKeyChecking list for consistency.
dtucker [Fri, 3 Sep 2021 07:43:23 +0000 (07:43 +0000)]
Use .Cm instead of .Dq in StrictHostKeyChecking list for consistency.
Patch from scop via github PR#257, ok jmc@

3 years agoMention using ssh -i for specifying the public key file in the case
dtucker [Fri, 3 Sep 2021 07:27:03 +0000 (07:27 +0000)]
Mention using ssh -i for specifying the public key file in the case
where the private key is loaded into ssh-agent but is not present
locally.  Based on patch from rafork via github PR#215, ok jmc@

3 years agoRefer to KEX "algorithms" instead of "methods" to match other references
dtucker [Fri, 3 Sep 2021 05:25:50 +0000 (05:25 +0000)]
Refer to KEX "algorithms" instead of "methods" to match other references
and improve consistency.  Patch from scop via github PR#241, ok djm@

3 years agoRemove redundant attrib_clear in upload_dir_internal. The subsequent
dtucker [Fri, 3 Sep 2021 05:12:25 +0000 (05:12 +0000)]
Remove redundant attrib_clear in upload_dir_internal.  The subsequent
call to stat_to_attrib clears the struct as its first step anyway.
From pmeinhardt via github PR#220, ok djm@

3 years agoAdd test for client termination status on signal.
dtucker [Fri, 3 Sep 2021 04:11:13 +0000 (04:11 +0000)]
Add test for client termination status on signal.

Based on patch from Alexxz via github PR#235 with some tweaks, to
match patch in bz#3281.

3 years agovarious improvements to the text/usage, chiefly removing alternative long
jmc [Thu, 2 Sep 2021 21:50:24 +0000 (21:50 +0000)]
various improvements to the text/usage, chiefly removing alternative long
options from SYNOPSIS/usage;

diff from leon fischer

the opening sentence is mine - i say that not to take credit, just to
distinguish that leon did not agree with wording

3 years agoUnroll ASN1_ITEM_ref()
job [Thu, 2 Sep 2021 21:47:50 +0000 (21:47 +0000)]
Unroll ASN1_ITEM_ref()

OK @tb

3 years agoChange OPENSSL_strdup() to strdup()
job [Thu, 2 Sep 2021 21:40:32 +0000 (21:40 +0000)]
Change OPENSSL_strdup() to strdup()

OK tb@

3 years agoChange OPENSSL_malloc to calloc()
job [Thu, 2 Sep 2021 21:37:40 +0000 (21:37 +0000)]
Change OPENSSL_malloc to calloc()

OK tb@

3 years agoRepair unrolling of static ASN1_ITEM IPAddrBlocks_it
job [Thu, 2 Sep 2021 21:29:35 +0000 (21:29 +0000)]
Repair unrolling of static ASN1_ITEM IPAddrBlocks_it

The conversion tool didn't handle 'static_ASN1_ITEM_TEMPLATE_END'

OK tb@

3 years agoMake v3_addr and v3_asid extern const
job [Thu, 2 Sep 2021 21:27:26 +0000 (21:27 +0000)]
Make v3_addr and v3_asid extern const

OK tb@

3 years agoAdd err.h for X509error() and friends
job [Thu, 2 Sep 2021 21:15:41 +0000 (21:15 +0000)]
Add err.h for X509error() and friends

OK tb@

3 years agoFix OPENSSL_assert() and assert()
job [Thu, 2 Sep 2021 21:12:28 +0000 (21:12 +0000)]
Fix OPENSSL_assert() and assert()

OK tb@

3 years agoremove sys/param.h that are not needed
deraadt [Thu, 2 Sep 2021 21:12:25 +0000 (21:12 +0000)]
remove sys/param.h that are not needed

3 years agoannotate that sys/param.h is needed for roundup and roundup2
deraadt [Thu, 2 Sep 2021 21:12:09 +0000 (21:12 +0000)]
annotate that sys/param.h is needed for roundup and roundup2

3 years agorather than using sys/param.h, define a local replacement MINIMUM() instead
deraadt [Thu, 2 Sep 2021 21:09:29 +0000 (21:09 +0000)]
rather than using sys/param.h, define a local replacement MINIMUM() instead
of MIN(), as done elsewhere

3 years agoremove sys/param.h that snuck in, by replacing MAXPATHLEN with PATH_MAX
deraadt [Thu, 2 Sep 2021 21:06:06 +0000 (21:06 +0000)]
remove sys/param.h that snuck in, by replacing MAXPATHLEN with PATH_MAX

3 years agoUnroll ASN1_EX_TEMPLATE_TYPE IPAddrBlocks
job [Thu, 2 Sep 2021 21:04:01 +0000 (21:04 +0000)]
Unroll ASN1_EX_TEMPLATE_TYPE IPAddrBlocks

OK tb@

3 years agosys/param.h is not needed for any visible reason
deraadt [Thu, 2 Sep 2021 21:03:54 +0000 (21:03 +0000)]
sys/param.h is not needed for any visible reason

3 years agoChange the OPENSSL_strdup() to strdup()
job [Thu, 2 Sep 2021 21:00:07 +0000 (21:00 +0000)]
Change the OPENSSL_strdup() to strdup()

OK beck@ tb@

3 years agoremove sys/param.h use, by replacing MAXLOGNAME -> LOGIN_NAME_MAX
deraadt [Thu, 2 Sep 2021 20:57:58 +0000 (20:57 +0000)]
remove sys/param.h use, by replacing MAXLOGNAME -> LOGIN_NAME_MAX
and MAXHOSTNAMELEN -> HOST_NAME_MAX+1

3 years agoFix header file includes
job [Thu, 2 Sep 2021 20:53:48 +0000 (20:53 +0000)]
Fix header file includes

OK tb@

3 years agosync
deraadt [Thu, 2 Sep 2021 20:33:03 +0000 (20:33 +0000)]
sync

3 years agoMove the error put functions from X509V3err() to X509V3error()
job [Thu, 2 Sep 2021 20:25:40 +0000 (20:25 +0000)]
Move the error put functions from X509V3err() to X509V3error()

OK tb@

3 years agoUnroll ASN1_SEQUENCE() ASN1_CHOICE() ASN1_ITEM_TEMPLATE()
job [Thu, 2 Sep 2021 20:11:07 +0000 (20:11 +0000)]
Unroll ASN1_SEQUENCE() ASN1_CHOICE() ASN1_ITEM_TEMPLATE()

OK jsing@

3 years agoAdd -f to usage
tb [Thu, 2 Sep 2021 19:46:44 +0000 (19:46 +0000)]
Add -f to usage

3 years agofollow-up on previous commit and rename the _sys union to _args
jasper [Thu, 2 Sep 2021 19:41:48 +0000 (19:41 +0000)]
follow-up on previous commit and rename the _sys union to _args

3 years agoDo not create loopback interfaces lo1, lo2, ... upfront. They are
bluhm [Thu, 2 Sep 2021 19:38:20 +0000 (19:38 +0000)]
Do not create loopback interfaces lo1, lo2, ...  upfront.  They are
automatically set up by the kernel when a routing domain is created.
An existing lo1 in rdomain 0 would prevent to add any interfaces
in rdomain 1.
OK kn@

3 years agostyle
tobhe [Thu, 2 Sep 2021 19:28:35 +0000 (19:28 +0000)]
style

3 years agoInitialize the uvm object when we actually need it such that we can
kettenis [Thu, 2 Sep 2021 19:12:29 +0000 (19:12 +0000)]
Initialize the uvm object when we actually need it such that we can
use uvm_obj_init() to initialize the pager ops and initial reference count.
This will help future uvm unlocking diffs.

ok mpi@, jsg@

3 years agoSplit part_type into separate types 'mbr_type' and 'gpt_type',
krw [Thu, 2 Sep 2021 18:07:45 +0000 (18:07 +0000)]
Split part_type into separate types 'mbr_type' and 'gpt_type',
shrinking static data demands. Split PRT_printall() into
PRT_print_mbrtypes() and PRT_print_gpttypes() to eliminate
pointless 'pseudo' MBR partition types and pointless display of
MBR partition types with no associated GPT GUIDs.

Eases future MBR and GPT partition type editing improvements.

ok kettenis@

3 years agorename struct dt_evt fields to make it clear this isn't only used for tracing syscalls
jasper [Thu, 2 Sep 2021 17:21:39 +0000 (17:21 +0000)]
rename struct dt_evt fields to make it clear this isn't only used for tracing syscalls
and adjust btrace(8) accordingly.
extracted from a larger diff by Tom Rollet.

ok mpi@

3 years agoOPENSSL_assert() is not appropriate in this context
job [Thu, 2 Sep 2021 15:59:05 +0000 (15:59 +0000)]
OPENSSL_assert() is not appropriate in this context

Feedback from tb@

OK tb@

3 years agoReplace ossl_assert()/assert() with OPENSSL_assert()
job [Thu, 2 Sep 2021 15:54:40 +0000 (15:54 +0000)]
Replace ossl_assert()/assert() with OPENSSL_assert()

OK tb@

3 years agoEnable vfork syscall test. Disable SIGSTOP test as it is masked until
mbuhl [Thu, 2 Sep 2021 15:28:41 +0000 (15:28 +0000)]
Enable vfork syscall test. Disable SIGSTOP test as it is masked until
exec/exit with vfork.
OK bluhm@

3 years agoExplain in a comment why two wscons_keydesc structures are needed.
anton [Thu, 2 Sep 2021 15:15:12 +0000 (15:15 +0000)]
Explain in a comment why two wscons_keydesc structures are needed.

3 years agoUpdate for change of default Ruby version to 3.0.
jeremy [Thu, 2 Sep 2021 15:00:55 +0000 (15:00 +0000)]
Update for change of default Ruby version to 3.0.

3 years agoWe need to allow for either a CERTIFICATE or CERTIFICATE_STATUS message
beck [Thu, 2 Sep 2021 14:41:03 +0000 (14:41 +0000)]
We need to allow for either a CERTIFICATE or CERTIFICATE_STATUS message
here or we break the handshake with BAD_MESSAGE

ok tb@

3 years agoReplace OPENSSL_free() with free()
job [Thu, 2 Sep 2021 14:14:44 +0000 (14:14 +0000)]
Replace OPENSSL_free() with free()

OK tb@

3 years agolist -v with -d in SYNOPSIS, instead of seperately,
jmc [Thu, 2 Sep 2021 14:14:44 +0000 (14:14 +0000)]
list -v with -d in SYNOPSIS, instead of seperately,
and add -v to usage();

3 years agoUnroll IMPLEMENT_ASN1_FUNCTIONS()
job [Thu, 2 Sep 2021 14:11:20 +0000 (14:11 +0000)]
Unroll IMPLEMENT_ASN1_FUNCTIONS()

OK jsing@

3 years agoUnroll DECLARE_ASN1_FUNCTIONS()
job [Thu, 2 Sep 2021 13:48:39 +0000 (13:48 +0000)]
Unroll DECLARE_ASN1_FUNCTIONS()

OK jsing@

3 years agoFix our iwx(4) xtal latency values to match the values used by Linux iwlwifi.
stsp [Thu, 2 Sep 2021 13:44:10 +0000 (13:44 +0000)]
Fix our iwx(4) xtal latency values to match the values used by Linux iwlwifi.
with a fix from + ok kevlo@

3 years agoThe PCI_PRODUCT_INTEL_WL_22500_1 device is part of the 22000
kevlo [Thu, 2 Sep 2021 13:39:34 +0000 (13:39 +0000)]
The PCI_PRODUCT_INTEL_WL_22500_1 device is part of the 22000
family (discrete) not integrated.

ok stsp@

3 years agoRename DEFINE_STACK_OF() to DECLARE_STACK_OF()
job [Thu, 2 Sep 2021 13:26:51 +0000 (13:26 +0000)]
Rename DEFINE_STACK_OF() to DECLARE_STACK_OF()

OK tb@ jsing@

3 years agoStop sending debug logging to syslog (which would then drop it on the
florian [Thu, 2 Sep 2021 13:18:04 +0000 (13:18 +0000)]
Stop sending debug logging to syslog (which would then drop it on the
floor) all the time. Instead debug logging must be requested with the
new -v flag.
Problem reported and fix provided by weerd@

3 years agoLay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers
job [Thu, 2 Sep 2021 12:41:44 +0000 (12:41 +0000)]
Lay groundwork to support X.509 v3 extensions for IP Addresses and AS Identifiers

These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360).
Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf)
This changeset is a no-op, as there are 10+ issues and at least 2 security issues.
Work will continue in-tree.

OK tb@, discussed with beck@

3 years agoImport more NetBSD system call regression tests.
mbuhl [Thu, 2 Sep 2021 12:40:44 +0000 (12:40 +0000)]
Import more NetBSD system call regression tests.
OK bluhm@