claudio [Mon, 4 Apr 2022 13:45:02 +0000 (13:45 +0000)]
Remove outdated XXX comment. This got fixed in January.
tb [Mon, 4 Apr 2022 13:15:11 +0000 (13:15 +0000)]
Remove two more FIXMEs: to get there, we rely on the OID already.
ok claudio
sashan [Mon, 4 Apr 2022 12:57:36 +0000 (12:57 +0000)]
pf_validate_range() must not assume rdr ports are in network order.
bug found and reported by Kurt (kmos@).
OK bluhm@
tb [Mon, 4 Apr 2022 12:11:54 +0000 (12:11 +0000)]
rpki-client: remove a stale FIXME
We fixed this back in January when we added rtype_from_mftfile().
ok claudio
tb [Mon, 4 Apr 2022 11:42:12 +0000 (11:42 +0000)]
Include license rather than referring to it. Text from
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/LICENSE
kettenis [Mon, 4 Apr 2022 09:27:05 +0000 (09:27 +0000)]
Replace KASSERT in uvm_fault_unwire_locked() with code that handles the
case where not all pages are wired. The KASSERT can be triggered in
multi-threaded applications when a thread calling munmap(2) races another
thread that invokes sysctl(2). Properly written code shouldn't do this,
but making the kernel crash in this case is a bit harsh.
ok gezdo@, deraadt@
Fixes:
Reported-by: syzbot+e8310909e2910c9cca08@syzkaller.appspotmail.com
claudio [Mon, 4 Apr 2022 08:37:35 +0000 (08:37 +0000)]
Prepare for next release.
claudio [Mon, 4 Apr 2022 08:36:51 +0000 (08:36 +0000)]
Prepare for new release.
patrick [Sun, 3 Apr 2022 20:23:45 +0000 (20:23 +0000)]
Add support for the CP115 block found on Marvell CN9K SoCs.
ok kettenis@
patrick [Sun, 3 Apr 2022 20:23:14 +0000 (20:23 +0000)]
Add support for the AP807 block found on Marvell CN9K SoCs. The fixed
clocks are the same as AP806, so we can use the same code.
ok kettenis@
anton [Sun, 3 Apr 2022 16:52:50 +0000 (16:52 +0000)]
Initialize the mutex before making us of it from many threads. Prevents
a race in which one thread is currently initializing the mutex which is
not an atomic operation whereas another thread tries to use it too
early.
With and ok schwarze@
mlarkin [Sat, 2 Apr 2022 22:45:18 +0000 (22:45 +0000)]
Update an old comment
The old comment only mentioned that tty_nmea was used for time, but
subsequently position data was added to this line discipline.
mlarkin [Sat, 2 Apr 2022 22:43:01 +0000 (22:43 +0000)]
whitespace fix
krw [Sat, 2 Apr 2022 17:25:10 +0000 (17:25 +0000)]
Add a paranoia/future proofing check for link->pool == NULL to
the SDEV_OWN_IOPL flag check.
Ambiguous/inconsistant code pointed out by Coverity #
1515557.
sthen [Sat, 2 Apr 2022 15:35:06 +0000 (15:35 +0000)]
Don't byte swap URE_TXPKT_VLAN_TAG when setting up the packet to transmit.
Fixes vlan transmission with hw tagging (problem seen on RTL8153B but there's
no reason this wouldn't apply to others) and matches what the Linux driver
is doing. looks correct kettenis@ ok kevlo@
krw [Sat, 2 Apr 2022 13:57:39 +0000 (13:57 +0000)]
Bring back r1.247, using scsi_detach_link() to release
a partially configured struct scsi_link.
Problematic code path found by jungle Boogie was plugged
by r1.249.
claudio [Sat, 2 Apr 2022 12:23:20 +0000 (12:23 +0000)]
Adjust test code after addition of cert_parse_pre and change to cert_parse
and ta_parse.
Reminder from tb@
kevlo [Sat, 2 Apr 2022 12:22:56 +0000 (12:22 +0000)]
Add preliminary support for RTL8156B and bug fixes for RTL8153/RTL8156.
ok stsp@
Tested:
RTL8152 (0x4c10): jmatthew, Marcus Merighi
RTL8153 (0x5c10): Yifei Zhan
RTL8153 (0x5c20): James Jerkins, Paul de Weerd, stsp
RTL8153 (0x5c30): gerhard, sthen
RTL8153B (0x6010): Paul de Weerd
claudio [Sat, 2 Apr 2022 12:17:53 +0000 (12:17 +0000)]
Split certificate parsing in two steps. cert_parse_pre() which does
the parse and some checks and cert_parse() or ta_parse() to do the
additional checks for regular certs or TAs.
With this adjust the cert parser in -f mode to identify TAs (by checking
if it is self signed) and adjust the validation in that case. Now -f
should be able to parse and show all object correctly.
With and OK tb@
jmatthew [Sat, 2 Apr 2022 09:00:45 +0000 (09:00 +0000)]
Add dmamap syncs for rings and mbufs, fixing occasional errors seen
on a rockpro64, where dma is less coherent than on typical amd64 systems.
with and ok dlg@
jsg [Fri, 1 Apr 2022 22:37:21 +0000 (22:37 +0000)]
match on Intel 300 Series audio (0xa348)
on a Dell G3 3590 the audio device is subclass audio not hd audio
so azalia does not match
should fix azalia not attaching reported by Adriano Barbosa
claudio [Fri, 1 Apr 2022 17:22:07 +0000 (17:22 +0000)]
Change x509_get_aki(), x509_get_ski(), x509_get_aia(), and x509_get_crl()
to work more like x509_get_expire(). They will return an error if the
extension extraction failed but not if it was not present. The callers
must now do that check but most did already.
With this cert_parse_inner() no longer cares about TA vs non-TA certs.
Feedback and OK tb@
claudio [Fri, 1 Apr 2022 13:27:38 +0000 (13:27 +0000)]
Move the TA specific checks from cert_parse_inner() to ta_parse() and
the regular cert checks from cert_parse_inner() to cert_parse().
OK tb@
sthen [Fri, 1 Apr 2022 10:14:17 +0000 (10:14 +0000)]
Don't print "You may wish to update your font path" at pkg_add time
for paths which are under /usr/local/share/fonts.
In most cases only fontconfig is relevant and this automatically
searches subdirectories, so user changes are not often needed any more.
The case where they might be needed is for server-side bit-map fonts
(managed via 'xset fp' or 'fontpath' in /etc/X11/xorg.conf) but this is
not common any more (most fonts in ports are not bit-map anyway) and
this gets rid of some cases of pkg_add messages which the user does
not need to act upon.
ok landry@ matthieu@ and I think there were some others
ajacoutot [Fri, 1 Apr 2022 10:13:35 +0000 (10:13 +0000)]
Add missing command in description.
from Matthew Martin
nicm [Fri, 1 Apr 2022 10:11:59 +0000 (10:11 +0000)]
Preserve CRLF flag when respawning.
tb [Fri, 1 Apr 2022 10:00:41 +0000 (10:00 +0000)]
Fix error message from d2i_X509_bio() to d2i_X509()
ok claudio
jmc [Thu, 31 Mar 2022 21:43:38 +0000 (21:43 +0000)]
missing full stop;
jmatthew [Thu, 31 Mar 2022 21:41:17 +0000 (21:41 +0000)]
If we've created multiple queues, set up an RSS key and indirection table
to distribute received packets across the queues.
ok dlg@
kettenis [Thu, 31 Mar 2022 18:47:04 +0000 (18:47 +0000)]
Implement support for multiple dies. This should make OpenBSD work on the
M1 Ultra.
ok patrick@
naddy [Thu, 31 Mar 2022 17:58:44 +0000 (17:58 +0000)]
ssh: document sntrup761x25519-sha512@openssh.com as default KEX
naddy [Thu, 31 Mar 2022 17:30:05 +0000 (17:30 +0000)]
man pages: fix some typos found while looking for other issues
naddy [Thu, 31 Mar 2022 17:27:13 +0000 (17:27 +0000)]
man pages: add missing commas between subordinate and main clauses
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
deraadt [Thu, 31 Mar 2022 16:16:09 +0000 (16:16 +0000)]
on-ramdisk firmware extraction can overflow the install-media directory
because of the the tar+mv combination. Purge both path variations
better, so that an interrupted install can be restarted.
ok miod abieber kettenis
krw [Thu, 31 Mar 2022 14:44:49 +0000 (14:44 +0000)]
Remove duplicate scsi devices.
ok miod@ deraadt@
tb [Thu, 31 Mar 2022 13:04:47 +0000 (13:04 +0000)]
Fix leak in ASN1_TIME_adj_internal()
p is allocated by asprintf() in one of the *_from_tm() functions, so
it needs to be freed as in the other error path below.
CID 346194
ok jsing
tb [Thu, 31 Mar 2022 13:00:58 +0000 (13:00 +0000)]
Simplify priv_key handling in d2i_ECPrivateKey()
d2i_EC_PRIVATEKEY() can handle the allocation of priv_key internally,
no need to do this up front and reach it through the dangerous reuse
mechanism. There's also no point in freeing a variable we know to be
NULL.
ok jsing
job [Thu, 31 Mar 2022 12:00:00 +0000 (12:00 +0000)]
Sync & permit ASPA objects to appear on Manifests
OK tb@ claudio@
tb [Thu, 31 Mar 2022 09:36:09 +0000 (09:36 +0000)]
Check EVPDigest* return values.
CID 351293
martijn [Thu, 31 Mar 2022 09:06:55 +0000 (09:06 +0000)]
'e' is no longer an optional element for ober_scanf_elements.
This caused the last attribute to be dropped.
Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@
martijn [Thu, 31 Mar 2022 09:05:15 +0000 (09:05 +0000)]
'e' is no longer an optional element for ober_scanf_elements.
This caused the last attribute to be dropped.
Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@
martijn [Thu, 31 Mar 2022 09:03:48 +0000 (09:03 +0000)]
'e' is no longer an optional element for ober_scanf_elements.
This caused the last attribute to be dropped.
Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@
djm [Thu, 31 Mar 2022 03:07:33 +0000 (03:07 +0000)]
regression test for sftp cp command
djm [Thu, 31 Mar 2022 03:07:03 +0000 (03:07 +0000)]
add a sftp client "cp" command that supports server-side copying
of files. Useful for this task and for testing the copy-data
extension. Patch from Mike Frysinger; ok dtucker@
djm [Thu, 31 Mar 2022 03:05:49 +0000 (03:05 +0000)]
add support for the "corp-data" protocol extension to allow
server-side copies to be performed without having to go via
the client. Patch by Mike Frysinger, ok dtucker@
millert [Thu, 31 Mar 2022 01:41:22 +0000 (01:41 +0000)]
Move knote_processexit() call from exit1() to the reaper().
This fixes a problem where NOTE_EXIT could be received before
the process was officially a zombie and thus not immediately
waitable. OK deraadt@ visa@
djm [Wed, 30 Mar 2022 21:13:23 +0000 (21:13 +0000)]
select post-quantum KEX sntrup761x25519-sha512@openssh.com as the
default; ok markus@
djm [Wed, 30 Mar 2022 21:10:25 +0000 (21:10 +0000)]
fix poll() spin when a channel's output fd closes without data in the
channel buffer. Introduce more exact packing of channel fds into the
pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@
miod [Wed, 30 Mar 2022 19:03:20 +0000 (19:03 +0000)]
Mention constification of *_hw_if (files forgotten during constification
commit)
tb [Wed, 30 Mar 2022 16:06:32 +0000 (16:06 +0000)]
Simplify up_generate_updates()
Instead of using new == NULL or new != NULL in combination with an again
label to steer the control flow of this function, switch to using a while
loop and break/continue/return. Simplified version of a diff by claudio.
ok claudio
tb [Wed, 30 Mar 2022 08:57:26 +0000 (08:57 +0000)]
Add a simple test to ensure that pmeth->cleanup() can cope with NULL
pkey_ctx->data.
tb [Wed, 30 Mar 2022 07:17:48 +0000 (07:17 +0000)]
Avoid segfaults in EVP_PKEY_CTX_free()
It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data
is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is
called with such a context. This in turn calls pmeth->cleanup(), and thus
these cleanup functions must be careful not to use NULL data. Most of
them are, but one of GOST's functions and HMAC's aren't.
Reported for HMAC by Masaru Masada
https://github.com/libressl-portable/openbsd/issues/129
ok bcook jsing
tb [Wed, 30 Mar 2022 07:12:30 +0000 (07:12 +0000)]
pkey_hmac_init(): use calloc()
Instead of using malloc() and setting most struct members to 0,
simply use calloc().
ok bcook jsing
nicm [Wed, 30 Mar 2022 07:05:26 +0000 (07:05 +0000)]
Capture up to used size not available size for each line.
anton [Wed, 30 Mar 2022 05:22:31 +0000 (05:22 +0000)]
Remove double slash in path to test program.
anton [Wed, 30 Mar 2022 05:11:52 +0000 (05:11 +0000)]
Flag the kq-tun regress test as skipped as opposed of only mentioning it
in a comment. Allows my own regress runner (and bluhm's) to highlight
kqueue as having skipped tests.
While here, get rid of redundant usage of phony.
djm [Wed, 30 Mar 2022 04:33:09 +0000 (04:33 +0000)]
ssh is almost out of getopt() characters; note the remaining
remaining available ones in a comment
djm [Wed, 30 Mar 2022 04:27:51 +0000 (04:27 +0000)]
avoid NULL deref via ssh-keygen -Y find-principals. bz3409, reported
by Mateusz Adamowski
jmatthew [Wed, 30 Mar 2022 00:25:27 +0000 (00:25 +0000)]
If enough MSI-X vectors are available, set up multiple tx and rx queues.
In multi-vector mode, the MSI-X vector number is the same as the irq number
on the nic, so use vector/irq 0 for link interrupts, then assign one to
each pair of rx and tx queues. We don't configure RSS yet, so packets
will only be received on the first queue, but they can be transmitted on
any queue.
ok dlg@
tb [Tue, 29 Mar 2022 23:12:30 +0000 (23:12 +0000)]
Add Eric Biggers's reproducer for the memory corruption with
the Z_DEFAULT_STRATEGY.
tb [Tue, 29 Mar 2022 19:34:37 +0000 (19:34 +0000)]
Of the enabled tests only kq-pty-1 needs root, so reduce
REGRESS_ROOT_TARGTES and remove ${SUDO} from kq-pty-2.
kq-tun also needs root, but it isn't run.
discussed with and ok millert
millert [Tue, 29 Mar 2022 19:04:19 +0000 (19:04 +0000)]
Regression test for NOTE_EXIT being delivered before child is waitable.
jca [Tue, 29 Mar 2022 18:44:12 +0000 (18:44 +0000)]
Update list ofarchitectures
Retire sparc (32 bits) and vax, add riscv64.
From Raf Czlonka
naddy [Tue, 29 Mar 2022 18:15:52 +0000 (18:15 +0000)]
man pages: add missing word, The foo() ... -> The foo() function ...
ok jmc@ schwarze@
schwarze [Tue, 29 Mar 2022 17:41:20 +0000 (17:41 +0000)]
Given asn1/a_object.c rev. 1.45 by jsing@, stop talking about BUGS
we no longer have, focus on what our implementation now does, but
keep short warnings in how far other implementations might be more
fragile. Some improvements to wordings and clarity while here.
OK tb@
bluhm [Tue, 29 Mar 2022 17:13:11 +0000 (17:13 +0000)]
Add Google Chromium tests for libz bugs. Write a minimal wrapper
to avoid importing GoogleTest, Google's C++ test framework.
anton [Tue, 29 Mar 2022 16:04:36 +0000 (16:04 +0000)]
Disable the recently introduced logic used to associate ucc and audio
devices. Caspar Schutijser reported on bugs@ that pressing the volume
keys on his headset causes a usb host controller interrupt storm. I'm
trying to figure out what's going on but since we're approaching release
keep it disabled.
naddy [Tue, 29 Mar 2022 14:27:59 +0000 (14:27 +0000)]
man pages: add missing commas in enumerations
tb [Tue, 29 Mar 2022 14:03:12 +0000 (14:03 +0000)]
Bound cofactor in EC_GROUP_set_generator()
Instead of bounding only bounding the group order, also bound the
cofactor using Hasse's theorem. This could probably be made a lot
tighter since all curves of cryptographic interest have small
cofactors, but for now this is good enough.
A timeout found by oss-fuzz creates a "group" with insane parameters
over a 40-bit field: the order is 14464, and the cofactor has
4196223
bits (which is obviously impossible by Hasse's theorem). These led to
running an expensive loop in ec_GFp_simple_mul_ct() millions of times.
Fixes oss-fuzz #46056
Diagnosed and fix joint with jsing
ok inoguchi jsing (previous version)
deraadt [Tue, 29 Mar 2022 13:57:52 +0000 (13:57 +0000)]
off-by-one check didn't recognize partition 'a' section on specified
disk, and would fall through to the active partition selection
from crystal kolipe, ok miod krw
tb [Tue, 29 Mar 2022 13:48:40 +0000 (13:48 +0000)]
Do not zero cofactor on ec_guess_cofactor() success
The cofactor we tried to calculate should only be zeroed if we failed
to compute it.
ok inoguchi jsing
tb [Tue, 29 Mar 2022 13:44:06 +0000 (13:44 +0000)]
Zap trailing whitespace
deraadt [Tue, 29 Mar 2022 03:11:18 +0000 (03:11 +0000)]
close enough to release, we drop -beta
jsg [Tue, 29 Mar 2022 02:15:51 +0000 (02:15 +0000)]
bring back getting framebuffer size from efifb (rev 1.3)
avoids the following on BESSTAR TECH HM90 with Ryzen 9 4900H (renoir)
reported by Fredrik Engberg
drm:pid0:gmc_v9_0_process_interrupt *ERROR* [mmhub0] no-retry page fault (src_id:0 ring:158 vmid:0 pasid:0, for process pid 0 thread pid 0)
drm:pid0:gmc_v9_0_process_interrupt *ERROR* in page starting at address 0x0000000000561000 from IH client 0x12 (VMC)
drm:pid0:gmc_v9_0_process_interrupt *ERROR* VM_L2_PROTECTION_FAULT_STATUS:0x00003B3C
drm:pid0:gmc_v9_0_process_interrupt *ERROR* Faulty UTCL2 client ID: VCNU (0x1d)
drm:pid0:gmc_v9_0_process_interrupt *ERROR* MORE_FAULTS: 0x0
drm:pid0:gmc_v9_0_process_interrupt *ERROR* WALKER_ERROR: 0x6
drm:pid0:gmc_v9_0_process_interrupt *ERROR* PERMISSION_FAULTS: 0x3
drm:pid0:gmc_v9_0_process_interrupt *ERROR* MAPPING_ERROR: 0x1
drm:pid0:gmc_v9_0_process_interrupt *ERROR* RW: 0x0
[drm] *ERROR* ring vcn_dec test failed (-60)
[drm] *ERROR* hw_init of IP block <vcn_v2_0> failed -60
drm:pid0:amdgpu_device_init *ERROR* amdgpu_device_ip_init failed
drm:pid0:amdgpu_attachhook *ERROR* Fatal error during GPU init
schwarze [Tue, 29 Mar 2022 01:26:08 +0000 (01:26 +0000)]
Basic copy editing:
Eliminate weasel words and needless parentheses, reduce "will" and
"shall" and "may", add more precision, some grammar fixes, shorten
and improve wordings, add some missing macros.
Triggered by a question from naddy@.
kettenis [Mon, 28 Mar 2022 18:53:40 +0000 (18:53 +0000)]
Running getty(8) on /dev/console when using a glass console interferes with
running Xorg in a way that isn't fully understood. So change the arm64
install.md to munge /etc/ttys to enable the ttyC0 entry if we detect that
wsdisplay0 is the console and make sure the code in install.sub that
does the actual munging disables the console entry before enabling another
entry to prevent running two getty(8) processes on (effectively) the same
device.
ok deraadt@
bluhm [Mon, 28 Mar 2022 16:31:26 +0000 (16:31 +0000)]
if_detach() does if_remove(ifp); NET_LOCK(); rti_delete(). New
igmp groups may join while sleeping in interface destruction. In
this case if_get() in igmp_joingroup() fails and rti_fill() is not
called. Then inm->inm_rti may be NULL. This is the condition when
syzkaller crashes in igmp_leavegroup().
Pass the ifp the current CPU is already holding down to igmp_joingroup()
and igmp_leavegroup() to avoid half constructed igmp groups. Calling
if_get() in caller and callee makes no sense anyway.
Reported-by: syzbot+146823a676b7bea83649@syzkaller.appspotmail.com
OK denis@
krw [Mon, 28 Mar 2022 15:47:11 +0000 (15:47 +0000)]
Only SLIST_REMOVE() a link when the link is on the list.
Avoids a potential panic.
claudio [Mon, 28 Mar 2022 13:04:01 +0000 (13:04 +0000)]
Compare the SKI of the embedded EE certificate of the CMS message with the
SID of the Signer Info structure. RFC6488 mandates this.
OK job@ tb@
inoguchi [Mon, 28 Mar 2022 11:02:49 +0000 (11:02 +0000)]
Change internal functions to static in openssl(1) pkcs12
ok tb@
inoguchi [Mon, 28 Mar 2022 10:56:26 +0000 (10:56 +0000)]
Remove unused function cert_load in openssl(1) pkcs12
ok tb@
bentley [Mon, 28 Mar 2022 10:29:44 +0000 (10:29 +0000)]
Fix misspelled NM town names, from personal knowledge, checked against USPS.
tb [Mon, 28 Mar 2022 08:19:15 +0000 (08:19 +0000)]
Fix error check of CMS_unsigned_get_addr_count()
According to RFC 5652, unsignedAttrs are a SET OF at least one member,
however the CMS code doesn't actually check for this. Since SET OF may
contain zero members in general, an empty set of unsignedAttrs would
be accepted. Catch this by explicitly checking for a -1 return value.
ok claudio
claudio [Mon, 28 Mar 2022 08:18:13 +0000 (08:18 +0000)]
Remove extra 'or'
OK tb@
claudio [Mon, 28 Mar 2022 08:11:36 +0000 (08:11 +0000)]
Print OK after all of the RRDP related tests. To make it clear that
the regress test was successful.
nicm [Mon, 28 Mar 2022 07:40:57 +0000 (07:40 +0000)]
Report error if creating socket fails with -D.
tb [Mon, 28 Mar 2022 06:28:47 +0000 (06:28 +0000)]
Put call to vmx_remote_vmclear() under #ifdef MULTIPROCESSOR
to unbreak build of amd64 GENERIC
makes sense to jsing
dlg [Mon, 28 Mar 2022 02:58:06 +0000 (02:58 +0000)]
tweak the pflog ifname filter to include the terminating nul.
without this the code effectively just compares the start of the
string, which means you can get a prefix match unexpectedly. including
the nul in the comparison means it only works for whole interface
names, as it was originally intended.
reported by Aner Perez on misc@
ok deraadt@ (who also dug through the history behind this)
dlg [Mon, 28 Mar 2022 02:54:33 +0000 (02:54 +0000)]
jason tubnor points out that vxlan talking multicast needs a parent iface.
dv [Mon, 28 Mar 2022 00:22:20 +0000 (00:22 +0000)]
vmm(4): add quiesce/wakeup hooks to sync vcpu state.
If a host suspends or hibernates, a task in the middle of using
vcpu state may be rescheduled to another cpu. This is primarily a
problem for Intel hosts as vcpu state is kept local to the physical
cpu and must be flushed back to physical memory before another cpu
can issue certain vmx instructions.
This change ensures no tasks are actively using the vmm device,
flushes all vcpu state (if Intel hardware), and turns off virtualization
mode on the host cpus. Upon wakeup, we reverse the process.
Reported on bugs@ by mpi@. OK mlarkin@
naddy [Sun, 27 Mar 2022 20:09:12 +0000 (20:09 +0000)]
ftp.1: remove a sentence fragment left over from a previous edit
ok deraadt@ jmc@ miod@
semarie [Sun, 27 Mar 2022 16:19:39 +0000 (16:19 +0000)]
sys/vnode.h cleanup for vnode_hold_list, vnode_free_list, struct freelst
vnode_hold_list and vnode_free_list aren't used outside kern/vfs_subr.c
move `struct freelst` where used in kern/vfs_subr.c
no intented behaviour changes. survived a release(8) build.
ok millert@
bluhm [Sun, 27 Mar 2022 10:01:51 +0000 (10:01 +0000)]
Fix memory corruption bug in zlib
zlib has a crashing bug. The bug fix has been sitting in the
unreleased develop branch for nearly four years. Pull in this fix
and a small followup.
same fix as in base lib/libz
bluhm [Sun, 27 Mar 2022 09:53:04 +0000 (09:53 +0000)]
Revert previous. Use private copy of zlib in Compress::Raw::Zlib
again. The header zlib.h in our base uses z_off_t for fields
total_in and total_out in struct z_stream_s. The rest of the world
uses uLong there. This leads to an incompatibility when comiled
with Perl. The pkg tools fail on i386.
debugged by semarie@; discussed with tb@
inoguchi [Sun, 27 Mar 2022 00:37:10 +0000 (00:37 +0000)]
Check EVP_Digest* functions return value in openssl(1) ts
Move up md_ctx and add EVP_MD_CTX_free under the 'err:' label.
CID 149810
comment and ok jsing@
tb [Sat, 26 Mar 2022 16:34:21 +0000 (16:34 +0000)]
name constraints: be more careful with NULs
An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).
Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.
In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.
ok beck inoguchi jsing
jsing [Sat, 26 Mar 2022 15:05:53 +0000 (15:05 +0000)]
Clean up {dtls1,ssl3}_read_bytes()
Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up
pass - this cleans up various parts of the code and reduces differences
between these two functions.
ok = 1; *(&(ok)) tb@
ok inoguchi@
jsing [Sat, 26 Mar 2022 15:00:51 +0000 (15:00 +0000)]
Remove the minimum record length checks from dtls1_read_bytes()
The code that handles each record type already has appropriate length
checks. Furthermore, the handling of application data here is likely
incorrect and bypasses the normal state checks at the end of this function.
ok inoguchi@ tb@
jsing [Sat, 26 Mar 2022 14:54:58 +0000 (14:54 +0000)]
Convert c2i_ASN1_OBJECT() and d2i_ASN1_OBJECT to CBS.
Along the way, rather than having yet another piece of code that parses
OID arcs, reuse oid_parse_arc(). Always allocate a new ASN1_OBJECT rather
than doing a crazy dance with ASN1_OBJECT_FLAG_DYNAMIC and trying to free
parts of an ASN1_OBJECT if one is passed in.
ok inoguchi@ tb@
jsing [Sat, 26 Mar 2022 14:47:58 +0000 (14:47 +0000)]
Provide asn1_get_primitive()
This takes a CBS, gets the ASN.1 identifier and length, ensures the
resulting identifier is a valid primitive, then returns the tag number and
the content as a CBS.
ok inoguchi@ tb@
projects / openbsd / log