mikeb [Tue, 20 Feb 2018 15:02:13 +0000 (15:02 +0000)]
Convert key length from bits to bytes
Reported by Renaud Allard, fix tested by Renaud (i386) and fcambus@ (amd64).
OK visa, fcambus
visa [Tue, 20 Feb 2018 14:46:22 +0000 (14:46 +0000)]
Make ddb's "show all locks" command show spinlocks in addition
to sleeplocks.
OK mpi@
mpi [Tue, 20 Feb 2018 12:44:28 +0000 (12:44 +0000)]
Test that removing a mpath RTF_CLONING route entry do not remove the
RTF_CACHED entry of a sibling RTF_CLONING entry.
mpi [Tue, 20 Feb 2018 12:43:03 +0000 (12:43 +0000)]
Removing an RTF_CLONING route entry should not invalidate an RTF_CACHED
entry that has been cloned from a different RTF_CLONING route.
Bug report & ok friehm@
mpi [Tue, 20 Feb 2018 12:38:58 +0000 (12:38 +0000)]
Introduce enternewpgrp() & enterthispgrp(), from FreeBSD via guenther@.
This code shuffling will ease the introduction of the proctree lock
in sys_setsid() and sys_setpgid().
Extracted from a larger diff from guenther@, ok visa@
nicm [Tue, 20 Feb 2018 10:43:46 +0000 (10:43 +0000)]
Do not leak memory when working out job name in formats.
sthen [Tue, 20 Feb 2018 10:12:14 +0000 (10:12 +0000)]
Call "vmctl stop" on each VM at shutdown, for OpenBSD guests this means they
are signalled to shutdown cleanly. Wait for each to finish to avoid too much
busy work at once; this may need revising if it turns out to be too slow with
a larger number of VMs (e.g. signal/delay/signal/delay/... then wait for
shutdowns), but let's avoid making it more complex unless we know it's needed.
Based on a diff from abieber@, discussed with mlarkin@ aja@ rpe@, ok rpe
sthen [Tue, 20 Feb 2018 09:43:59 +0000 (09:43 +0000)]
sync
sthen [Tue, 20 Feb 2018 09:20:47 +0000 (09:20 +0000)]
merge configure.ac from NSD 4.1.19, previously we had an updated
generated configure file, but old configure.ac.
jmc [Tue, 20 Feb 2018 07:34:28 +0000 (07:34 +0000)]
tweak previous, with some help from dlg;
jmatthew [Tue, 20 Feb 2018 05:40:52 +0000 (05:40 +0000)]
Set the chain_offset field (same as sgl_offset0, only in 16 byte units)
in passthrough IO requests, which makes AEN processing work on SAS2208
controllers, and since AEN processing works now, enable it again.
tested on SAS2208 (PERC H710P) and SAS3108 (PERC H730), SAS3.5 parts
should work too.
ok dlg@
dlg [Tue, 20 Feb 2018 04:03:15 +0000 (04:03 +0000)]
cisco set the tos on their keepalive packets to ip precedence
internet control, so we can too.
dlg [Tue, 20 Feb 2018 03:53:54 +0000 (03:53 +0000)]
add support for vnetflowid.
when enabled, the 32bit key on gre a packet is split into a 24bit
key and an 8 bit flow id. this allows better use of multipath links
if the intermediate routers feed the gre key into their hashing
algorithms. because gre can encapsulate pretty much anything, it
can be non-trivial for a router to reach into a payload to harvest
entropy for feeding into a hashing algorithm. having the endpoints
do it and feed it into the gre header is a lot simpler.
this allows interoperationg with cisco gre tunnels with key entropy
enabled. this was tested against a csr1000v.
also, this arrangement coincides with how nvgre works, so it paves
the way for supporting that protocol.
right now the driver relies on the flowid in mbufs to populate the
packet field. this generally means that pf should be enabled to
provide the flowid.
dlg [Tue, 20 Feb 2018 03:46:45 +0000 (03:46 +0000)]
only allow root to use SIOCSVNETFLOWID.
dlg [Tue, 20 Feb 2018 03:45:06 +0000 (03:45 +0000)]
add support for toggling partitioning a vnetid into a netid and flowid
"vnetflowid" enables it on an interface, and "-vnetflowid" disables it.
a vnetid will be suffixed with + on the encap line if it an interface
reports that it is enabled.
dlg [Tue, 20 Feb 2018 03:43:07 +0000 (03:43 +0000)]
add ioctls to toggle partitioning a vnetid into a netid and flowid
this maps to key entropy in cisco tunnel terminology, and will be
used in gre and egre to interoperate with their tunnels.
dlg [Tue, 20 Feb 2018 01:20:37 +0000 (01:20 +0000)]
add support for setting the tunnel df bit.
ok mpi@
rpe [Mon, 19 Feb 2018 23:42:29 +0000 (23:42 +0000)]
Write warning/error messages to stderr and end them with a fullstop.
OK tb
rpe [Mon, 19 Feb 2018 21:47:43 +0000 (21:47 +0000)]
- use specific patterns when looping over /etc/hostname.if files
to skip backup or temp files.
- test if the patterns matched actual files
- warn if ifcreate() fails on an interface and continue with the
subsequent interfaces in the list instead of return'ing
OK dlg sthen tb
nicm [Mon, 19 Feb 2018 21:20:10 +0000 (21:20 +0000)]
Support ISO colon-separated SGR.
schwarze [Mon, 19 Feb 2018 16:11:02 +0000 (16:11 +0000)]
Merge new RETURN VALUES section; from Paul Yang via
OpenSSL commit
1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.
schwarze [Mon, 19 Feb 2018 14:22:15 +0000 (14:22 +0000)]
In bio.h rev. 1.33 2018/02/18 12:59:06, tb@ provided BIO_meth_set_gets(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 14:08:52 +0000 (14:08 +0000)]
In bio.h rev. 1.32 2018/02/18 12:58:25, tb@ provided
BIO_get_data(3), BIO_set_data(3), and BIO_set_init(3).
Import the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 13:28:05 +0000 (13:28 +0000)]
In rsa.h rev. 1.34 2018/02/18 12:53:46, tb@ provided RSA_get0_factors(3)
and RSA_set0_factors(3) and in rev. 1.36 2018/02/18 12:57:14
RSA_get0_crt_params(3) and RSA_set0_crt_params(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 12:14:11 +0000 (12:14 +0000)]
In rsa.h rev. 1.33 2018/02/18 12:52:13, tb@ provided RSA_bits(3).
Merge the documentation; from Kurt Roeckx <kurt at roeckx dot be>
via OpenSSL commit
26c79d56 Apr 18 12:23:12 2015 +0200.
schwarze [Mon, 19 Feb 2018 11:55:49 +0000 (11:55 +0000)]
In dh.h rev. 1.20 2018/02/18 12:51:31, tb@ provided DH_set0_pqg(3)
and in dh.h rev. 1.21 2018/02/18 14:58:12 DH_set0_key(3).
Merge the documentation from OpenSSL.
mpi [Mon, 19 Feb 2018 11:37:38 +0000 (11:37 +0000)]
Correctly diff the output of test 32.
mpi [Mon, 19 Feb 2018 11:35:41 +0000 (11:35 +0000)]
Grab solock() inside soconnect2() instead of asserting for it to be held.
ok millert@
schwarze [Mon, 19 Feb 2018 10:40:00 +0000 (10:40 +0000)]
In dsa.h rev. 1.25 2018/02/18 12:50:58, tb@ provided DSA_set0_pqg(3)
and in dsa.h rev. 1.26 2018/02/18 14:58:12 DSA_set0_key(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 10:04:08 +0000 (10:04 +0000)]
In evp.h rev. 1.57 2018/02/17 16:54:08,
jsing@ provided EVP_CIPHER_CTX_reset(3).
Merge the documentation, most from Richard Levitte
via OpenSSL commit
05fdb8d3 Dec 18 17:09:45 2015 +0100.
Also merge improvements to the EXAMPLES section from OpenSSL,
fixing one additional bug that still remains in OpenSSL.
While here, improve information on the deprecated functions,
sort RETURN VALUES, and add a few missing functions to it,
though that section still remains incomplete.
otto [Mon, 19 Feb 2018 09:52:16 +0000 (09:52 +0000)]
(static) byte buffers are not aligned in any way, malloc the buffer to
solve that. Prevents bus error on armv7. ok naddy@ florian@
mpi [Mon, 19 Feb 2018 09:25:13 +0000 (09:25 +0000)]
Change some returns into gotos, will help keeping the unlocking path
simpler. No functional change.
Extracted from a larger diff from guenther@, ok kettenis@
jsg [Mon, 19 Feb 2018 09:20:45 +0000 (09:20 +0000)]
Add a default case to a usb_tap() switch statement which mpi@ says will
never be called to convince compilers and static analysis tools a path
that uses uninitialised memory does not exist.
ok krw@ mpi@
mpi [Mon, 19 Feb 2018 09:18:50 +0000 (09:18 +0000)]
Convert sparc64 to MI mutex.
ok dlg@
mpi [Mon, 19 Feb 2018 09:18:00 +0000 (09:18 +0000)]
Include <sys/mutex.h> directly instead of relying on other headers to
include it.
jsg [Mon, 19 Feb 2018 09:08:13 +0000 (09:08 +0000)]
Directly include sys/mplock.h when needed instead of depending on
indirect inclusion. Fixes non-MULTIPROCESSOR WITNESS build.
ok visa@ mpi@
mpi [Mon, 19 Feb 2018 08:59:52 +0000 (08:59 +0000)]
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
schwarze [Mon, 19 Feb 2018 08:20:26 +0000 (08:20 +0000)]
In x509.h rev. 1.29 2018/02/17 15:50:42, jsing@ provided
X509_get0_signature(3). Merge the documentation from OpenSSL.
Rename the file from X509_get_signature_nid.3 to X509_get0_signature.3
for consistency because we are not losing any history yet.
schwarze [Mon, 19 Feb 2018 07:59:23 +0000 (07:59 +0000)]
In x509.h rev. 1.29 2018/02/17 15:50:42, jsing@ provided
X509_get0_extensions(3). Merge the documentation from OpenSSL.
jmc [Mon, 19 Feb 2018 06:48:45 +0000 (06:48 +0000)]
tweak previous;
jsg [Mon, 19 Feb 2018 06:22:12 +0000 (06:22 +0000)]
sync
dlg [Mon, 19 Feb 2018 04:43:48 +0000 (04:43 +0000)]
tunneldf needs ifr_df
djm [Mon, 19 Feb 2018 00:55:02 +0000 (00:55 +0000)]
emphasise that the hostkey rotation may send key types that the client
may not support, and that the client should simply disregard such keys
(this is what ssh does already).
dlg [Mon, 19 Feb 2018 00:46:27 +0000 (00:46 +0000)]
support configuration of fragmentation of the tunnel traffic
dlg [Mon, 19 Feb 2018 00:34:32 +0000 (00:34 +0000)]
enable configuration of tunnel fragmentation.
dlg [Mon, 19 Feb 2018 00:29:29 +0000 (00:29 +0000)]
initialise sc_df to 0 in clone create rather than setting sc_ttl badly
dlg [Mon, 19 Feb 2018 00:26:26 +0000 (00:26 +0000)]
add code to support configuration of tunnel traffic fragmentation
dlg [Mon, 19 Feb 2018 00:24:48 +0000 (00:24 +0000)]
make sure only root can configure an interface with SIOCSLIFPHYDF.
dlg [Mon, 19 Feb 2018 00:23:57 +0000 (00:23 +0000)]
add support for setting and displaying whether a tunnel allows fragmentation
ifconfig will output "nodf" or "df" on tunnel interfaces that support
the ioctl., and accepts "tunneldf" and "-tunneldf" as options to
try and configure it.
dlg [Mon, 19 Feb 2018 00:21:31 +0000 (00:21 +0000)]
add ioctls for tunnels to configure whether they allow fragmentation or not.
discussed with cladio@ at a2k18
dlg [Mon, 19 Feb 2018 00:18:31 +0000 (00:18 +0000)]
gif carries mpls too
dlg [Sun, 18 Feb 2018 23:53:17 +0000 (23:53 +0000)]
don't allow configuration of non-ipv4 addresses.
i found out how to do this while reading the freebsd stf(4) driver.
schwarze [Sun, 18 Feb 2018 23:34:01 +0000 (23:34 +0000)]
In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,
jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and
SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL,
with some tweaks.
schwarze [Sun, 18 Feb 2018 22:18:59 +0000 (22:18 +0000)]
In ssl.h rev. 1.138 2018/02/17 15:13:12, jsing@ provided
SSL_CTX_get0_certificate(3). It is public in OpenSSL, too,
but OpenSSL has no documentation, so write some from scratch.
kn [Sun, 18 Feb 2018 21:48:00 +0000 (21:48 +0000)]
zap *_path() functions
These PATH helpers failed to quote their input properly leading to shell
code execution. Noone noticed since import (over 21 years ago), so wipe it.
OK tb rpe
sashan [Sun, 18 Feb 2018 21:45:30 +0000 (21:45 +0000)]
- regression in pflog output
pf_match_rule() must remember current anchor before descents
towards leaf. it must restore anchor as it ascents towards root.
Bug pointed out and fix also tested by Matthias Pitzl from genua.
OK bluhm@
schwarze [Sun, 18 Feb 2018 21:04:31 +0000 (21:04 +0000)]
In tls1.h rev. 1.32 2018/02/17 15:08:21, jsing@ provided
SSL_CTX_get_tlsext_status_cb(3) and SSL_CTX_get_tlsext_status_arg(3).
Merge the documentation,
mostly from Remi Gacogne <rgacogne-github at coredump dot fr>
via OpenSSL commit
fddfc0af Aug 6 12:54:29 2016 +0200
plus the RETURN VALUES part by me.
schwarze [Sun, 18 Feb 2018 20:11:16 +0000 (20:11 +0000)]
In evp.h rev. 1.56 2018/02/17 14:55:31, jsing@ provided
EVP_MD_CTX_new(3), EVP_MD_CTX_reset(3), and EVP_MD_CTX_free(3).
Merge the documentation from OpenSSL, tweaked by me.
Also merge a few other minor improvements from OpenSSL.
While here, improve the order of functions, improve the description
of deprecated functions, fix a few other minor bugs, and remove an
irrelevant warning about binary incompatibility.
kettenis [Sun, 18 Feb 2018 19:11:27 +0000 (19:11 +0000)]
Revert previous. It triggers mbuf pool exhaustion on arm64.
Requested by claudio@
rpe [Sun, 18 Feb 2018 18:52:02 +0000 (18:52 +0000)]
Remove unecessary line continuation markers after || and &&
naddy [Sun, 18 Feb 2018 17:47:47 +0000 (17:47 +0000)]
add include to silence compiler warning about a missing prototype for
tolower()
ok cheloha@ rob@ florian@
schwarze [Sun, 18 Feb 2018 17:32:13 +0000 (17:32 +0000)]
In hmac.c rev. 1.13 2018/02/17 14:53:59, jsing@ provided HMAC_CTX_new(3),
HMAC_CTX_free(3), HMAC_CTX_reset(3), and HMAC_CTX_get_md(3).
Merge the documentation from OpenSSL, with many tweaks by me.
Also include a few earlier improvements from OpenSSL.
While here, improve the order of the functions, the description of
deprecated functions, and remove a confusing warning about the
behaviour of HMAC_Init(3) in historical versions of OpenSSL.
sthen [Sun, 18 Feb 2018 17:25:04 +0000 (17:25 +0000)]
sync
tb [Sun, 18 Feb 2018 15:01:54 +0000 (15:01 +0000)]
sync
tb [Sun, 18 Feb 2018 15:00:36 +0000 (15:00 +0000)]
Bump minor due to symbol addition.
tb [Sun, 18 Feb 2018 14:58:12 +0000 (14:58 +0000)]
Provide {DH,DSA}_set0_key(). Requested by sthen.
ok jsing
visa [Sun, 18 Feb 2018 14:50:08 +0000 (14:50 +0000)]
Inline hw_{get,set}curcpu() to streamline the machine code.
visa [Sun, 18 Feb 2018 14:42:32 +0000 (14:42 +0000)]
Replace a full memory barrier with a write-write barrier. The full
barrier is overkill when forcing parameter visibility before IPIs.
tb [Sun, 18 Feb 2018 13:10:36 +0000 (13:10 +0000)]
sync
tb [Sun, 18 Feb 2018 13:07:34 +0000 (13:07 +0000)]
Bump libcrypto/libssl/libtls minors due to symbol additions.
tb [Sun, 18 Feb 2018 12:59:06 +0000 (12:59 +0000)]
Provide BIO_meth_set_gets().
ok jsing
tb [Sun, 18 Feb 2018 12:58:25 +0000 (12:58 +0000)]
Provide BIO_{g,s}et_data() and BIO_set_init().
ok jsing
tb [Sun, 18 Feb 2018 12:57:14 +0000 (12:57 +0000)]
Provide RSA_{g,s}et0_crt_params()
ok jsing
tb [Sun, 18 Feb 2018 12:55:32 +0000 (12:55 +0000)]
Use usual order of RSA_{g,s}et0_key().
ok jsing
tb [Sun, 18 Feb 2018 12:53:46 +0000 (12:53 +0000)]
Provide RSA_{g,s}et0_factors()
ok jsing
tb [Sun, 18 Feb 2018 12:52:13 +0000 (12:52 +0000)]
Provide RSA_bits()
ok jsing
tb [Sun, 18 Feb 2018 12:51:31 +0000 (12:51 +0000)]
Provide DH_set0_pqg.
ok jsing
tb [Sun, 18 Feb 2018 12:50:58 +0000 (12:50 +0000)]
Provide DSA_set0_pqg.
ok jsing
jmc [Sun, 18 Feb 2018 07:45:39 +0000 (07:45 +0000)]
document "machine video"; requested by tinker
while here, put "directory" in the right place
jmc [Sun, 18 Feb 2018 07:43:55 +0000 (07:43 +0000)]
document s_client -groups;
kn [Sun, 18 Feb 2018 01:50:04 +0000 (01:50 +0000)]
Simplify interface listing.
Discussed with tb, rpe, feedback from and OK halex.
pd [Sun, 18 Feb 2018 01:00:25 +0000 (01:00 +0000)]
vmd: fix vmctl pause for non existing vm ids (never returns)
check if vm id is valid before sending to vmm for pausing. The 'lock' is caused
by vmm sending back ENOENT for a non existent vm but vmd drops the message
because it doesn't recogize the vmid vmm is talking about. This is an artifact
of the 'policy' don't trust any imsg from a sibling priv sep process and do
your own checking.
reported by Abel Abraham Camarillo Ojeda
ok mlarkin@ and ccardenas@
rpe [Sun, 18 Feb 2018 00:43:16 +0000 (00:43 +0000)]
Create interfaces before processing the hostname.if file in ifstart().
This ensures, that IPv6 is configured for dynamically created network
interfaces like 'vlan' which would otherwise not yet exist at the time
parse_hn_line() checks for IPv6 capability of an interface before
applying the inet6 configuration from the hostname.if.
Found out, tested and OK naddy
schwarze [Sat, 17 Feb 2018 23:24:38 +0000 (23:24 +0000)]
In bio.h rev. 1.31 2018/02/17 13:57:14, tb@ provided new functions
BIO_meth_*(). Import the documentation from OpenSSL, with extensive
tweaks by me.
kettenis [Sat, 17 Feb 2018 22:33:00 +0000 (22:33 +0000)]
Rename memhook to vmmap to match other archs.
ok millert@
schwarze [Sat, 17 Feb 2018 19:14:16 +0000 (19:14 +0000)]
Remove a warning about the dangers of X509_VERIFY_PARAM_set1_name(3)
because jsing@ points out that this follows a (dangerous) general
pattern in the library, and mentioning that everywhere would become
repetitive.
rpe [Sat, 17 Feb 2018 19:05:41 +0000 (19:05 +0000)]
Since rev 1.543 of dhclient it sends the 'host-name' by default.
- remove the leftover _hn variable from dhcp_request()
- remove the "$_name" parameter when using dhcp_request() in v4_config()
- change comments of v{4,6}_config() to reflect the purpose of _name
OK krw tb
schwarze [Sat, 17 Feb 2018 18:44:36 +0000 (18:44 +0000)]
document LIBRESSL_VERSION_NUMBER and LIBRESSL_VERSION_TEXT
schwarze [Sat, 17 Feb 2018 18:00:59 +0000 (18:00 +0000)]
Document OpenSSL_version_num(3) and OpenSSL_version(3) that jsing@
recently provided. Many minor improvements while here, and delete
ridiculous text about MS Windows.
tb [Sat, 17 Feb 2018 17:55:32 +0000 (17:55 +0000)]
sync
schwarze [Sat, 17 Feb 2018 16:59:48 +0000 (16:59 +0000)]
Merge documentation for {DH,DSA}_get0_{key,pqg}(3),
EVP_PKEY_get0_{DH,DSA,RSA}(3), and RSA_{g,s}et0_key(3)
that tb@ just provided.
jsing [Sat, 17 Feb 2018 16:54:08 +0000 (16:54 +0000)]
Provide EVP_CIPHER_CTX_reset().
Rides previous minor bump.
jsing [Sat, 17 Feb 2018 15:52:48 +0000 (15:52 +0000)]
sync
jsing [Sat, 17 Feb 2018 15:51:29 +0000 (15:51 +0000)]
Bump libcrypto/libssl/libtls minors due to symbol additions.
jsing [Sat, 17 Feb 2018 15:50:42 +0000 (15:50 +0000)]
Provide X509_get0_extensions() and X509_get0_signature()
jsing [Sat, 17 Feb 2018 15:32:20 +0000 (15:32 +0000)]
Provide SSL_SESSION_get_master_key()
jsing [Sat, 17 Feb 2018 15:19:43 +0000 (15:19 +0000)]
Provide SSL_get_client_random() and SSL_get_server_random()
jsing [Sat, 17 Feb 2018 15:13:12 +0000 (15:13 +0000)]
Provide SSL_CTX_get0_certificate()
jsing [Sat, 17 Feb 2018 15:08:21 +0000 (15:08 +0000)]
Provide SSL_CTX_get_tlsext_status_cb() and SSL_CTX_get_tlsext_status_arg().
jsing [Sat, 17 Feb 2018 14:55:31 +0000 (14:55 +0000)]
Provide EVP_MD_CTX_new(), EVP_MD_CTX_free() and EVP_MD_CTX_reset().
projects / openbsd / log