jsing [Thu, 1 Dec 2022 02:58:40 +0000 (02:58 +0000)]
BN_one() can fail, check its return value.
jsing [Thu, 1 Dec 2022 02:58:31 +0000 (02:58 +0000)]
BN_one() can fail, check its return value.
ok tb@
dtucker [Thu, 1 Dec 2022 02:22:13 +0000 (02:22 +0000)]
Clean up ssh-add and ssh-agent logs.
dtucker [Thu, 1 Dec 2022 02:19:29 +0000 (02:19 +0000)]
Log output of ssh-agent and ssh-add to make debugging easier.
guenther [Thu, 1 Dec 2022 00:26:15 +0000 (00:26 +0000)]
_C_LABEL() is no longer useful in the "everything is ELF" world.
Start eliminating it.
ok mpi@ mlarkin@ krw@
millert [Wed, 30 Nov 2022 17:59:46 +0000 (17:59 +0000)]
Update to 2022ggtz from https://github.com/JodaOrg/global-tz
Major changes:
* The northern edge of Chihuahua changes to US timekeeping.
* Much of Greenland stops changing clocks after March 2023.
* Fix some pre-1996 timestamps in northern Canada.
cheloha [Wed, 30 Nov 2022 14:56:45 +0000 (14:56 +0000)]
midicat.c: add missing CVS tag; ok millert@
kn [Wed, 30 Nov 2022 14:01:02 +0000 (14:01 +0000)]
Unlock nd6_ioctl(), push kernel lock into in6_ioctl_{get,change_ifaddr}()
Neighbour Discovery information is protected by the net lock, as
documented in nd6.h struct nd_ifinfo.
ndp(8) is the only SIOCGIFINFO_IN6 and SIOCGNBRINFO_IN6 user in base.
nd6_lookup(), also used in ICMP6 input and IPv6 forwarding, only needs
the net lock.
OK mvs
kn [Wed, 30 Nov 2022 13:58:39 +0000 (13:58 +0000)]
Use shared socket/net lock for IP sockets
so{,un}lock_shared() take the shared net lock for PF_INET and PF_INET6
while sticking to the exclusive rwlock elsewhere.
getsockopt(2), getsockname(2) and getpeername(2) (all UNLOCK) do not
write, so the exclusive net lock is overkill here.
OK mvs
tb [Wed, 30 Nov 2022 12:42:24 +0000 (12:42 +0000)]
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the
recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference
here, it's better practice.
suggested by & ok markus
tb [Wed, 30 Nov 2022 10:47:30 +0000 (10:47 +0000)]
Link libkeynote to regress.
tb [Wed, 30 Nov 2022 10:47:05 +0000 (10:47 +0000)]
Resurrect the libkeynote testsuite
This was part of the lib/libkeynote/Makefile.in r1.12 removed in 2004 by
msf. It would have caught the bug fixed by markus and bluhm in
lib/libkeynote/signature.c r1.30.
bluhm [Wed, 30 Nov 2022 10:40:23 +0000 (10:40 +0000)]
Passing preallocated keys to d2i_RSAPublicKey() does not work anymore
with LibreSSL. This caused a crash in isakmpd with libkeynote.
Better pass NULL and let libcrypto do the allocation.
from markus@; OK tb@
mvs [Wed, 30 Nov 2022 10:21:29 +0000 (10:21 +0000)]
regen
mvs [Wed, 30 Nov 2022 10:20:37 +0000 (10:20 +0000)]
Unlock getsockopt(2) and setsockopt(2). Unlock them both because at
protocol layer they follow the same (*pr_ctloutput)() handlers.
At sockets layer we touch only per-socket data, which is solock()
protected.
At protocol layer, udp(4), unix(4) and key management sockets have no
(*pr_ctloutput)() handlers. route_ctloutput() touches only per socket
data, which is solock() protected. inet{,6} globals are protected by
netlock, which is solock() backend for corresponding sockets.
ok bluhm@
claudio [Wed, 30 Nov 2022 10:15:01 +0000 (10:15 +0000)]
Pass a FILE pointer to ometric_output_all() and use fprintf() instead of
printing to stdout by default. Additionally check if fprintf() fails and
return -1 in that case. With this ometric code can be used in rpki-client.
OK tb@
patrick [Wed, 30 Nov 2022 09:52:13 +0000 (09:52 +0000)]
Provide default address for qcpwm(4), as Linux upstream removed it from
the device tree.
job [Wed, 30 Nov 2022 09:12:50 +0000 (09:12 +0000)]
Remove unused includes
OK claudio@
job [Wed, 30 Nov 2022 09:12:34 +0000 (09:12 +0000)]
Remove unused includes
OK claudio@
job [Wed, 30 Nov 2022 09:03:44 +0000 (09:03 +0000)]
Remove unused includes
OK claudio@
job [Wed, 30 Nov 2022 09:02:58 +0000 (09:02 +0000)]
Remove unused include
OK claudio@
job [Wed, 30 Nov 2022 08:17:21 +0000 (08:17 +0000)]
Remove unused sys/socket.h include
OK claudio@
job [Wed, 30 Nov 2022 08:16:10 +0000 (08:16 +0000)]
Remove unused ctype.h include
OK tb@
jsing [Wed, 30 Nov 2022 03:08:39 +0000 (03:08 +0000)]
Rewrite bn_correct_top().
bn_correct_top() is currently a macro and far more complex than it needs
to be - rewrite it as a function.
ok tb@
kn [Wed, 30 Nov 2022 02:54:15 +0000 (02:54 +0000)]
add configtest; OK martijn
jsing [Wed, 30 Nov 2022 02:52:25 +0000 (02:52 +0000)]
Fix return values bug in BN_ucmp().
BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however
it currently returns other negative and positive values when the top of
a and b differ. Correct this.
ok tb@
jsing [Wed, 30 Nov 2022 02:51:05 +0000 (02:51 +0000)]
Add regress coverage for BN_cmp()/BN_ucmp().
Some tests current fail due to a bug in BN_ucmp(), which will be fixed
soon.
jsing [Wed, 30 Nov 2022 01:56:18 +0000 (01:56 +0000)]
Mostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.
For various historical reasons, there are a number of cases where our
BIO_read() and BIO_write() return slightly different values to what
OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which
differs from OpenSSL 3.x). Mostly align these - some further work will be
needed.
Issue raised by tb@ who also wrote some test code.
jsing [Wed, 30 Nov 2022 01:47:19 +0000 (01:47 +0000)]
Mop up more BN_DEBUG related code.
dtucker [Tue, 29 Nov 2022 22:41:14 +0000 (22:41 +0000)]
Add void to client_repledge args to fix compiler warning. ok djm@
guenther [Tue, 29 Nov 2022 21:41:39 +0000 (21:41 +0000)]
Move the generic variable definitions from the ASM at the top of
locore.S to be in C in cpu.c, machdep.c, pmap.c, or bus_space.c for
better typing/debug info. Delete REALBASEMEM, REALEXTMEM, and
biosextmem as unused/ignored.
ok mpi@ krw@ mlarkin@
job [Tue, 29 Nov 2022 20:41:32 +0000 (20:41 +0000)]
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
job [Tue, 29 Nov 2022 20:26:22 +0000 (20:26 +0000)]
Only include assert.h if we call assert()
OK tb@
tb [Tue, 29 Nov 2022 19:52:48 +0000 (19:52 +0000)]
Add missing markup to comments and to RFC 3779 error
visa [Tue, 29 Nov 2022 15:38:00 +0000 (15:38 +0000)]
Use correct size for mips64 .rld_map section.
From FreeBSD commit
36afc9ab6c1c7fdb2e40bdcfde169501d962dd84
OK kettenis@
tb [Tue, 29 Nov 2022 12:31:43 +0000 (12:31 +0000)]
First pass at updating verifier error docs
X509_verify_cert_error_string() is now thread safe as it no longer returns
a static buffer. Document X509_V_ERR_UNSPECIFIED. Stop asserting that the
X509_V_ERR_CERT_CHAIN_TOO_LONG code is unused, the new verifier can set it.
Add commented versions of various missing error codes in the proper spots
and move X509_V_ERR_UNNESTED_RESOURCE where it belongs.
prompted by claudio
tb [Tue, 29 Nov 2022 12:23:43 +0000 (12:23 +0000)]
Remove a few doubled spaces and wrap an overlong line
florian [Tue, 29 Nov 2022 11:56:32 +0000 (11:56 +0000)]
Ignore late check results for resolvers we no longer use.
Since we no longer use that specific resolver there is also no need
to re-check it.
tb pointed out that prev_state might be used uninitialized in this
case.
OK tb
claudio [Tue, 29 Nov 2022 11:45:03 +0000 (11:45 +0000)]
Update valid_x509 comment to reality. crl is no longer optional.
OK tb@
claudio [Tue, 29 Nov 2022 10:33:09 +0000 (10:33 +0000)]
Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@
tb [Tue, 29 Nov 2022 07:23:03 +0000 (07:23 +0000)]
Sort a few outliers by increasing error number to match x509_vfy.h
tb [Tue, 29 Nov 2022 07:12:17 +0000 (07:12 +0000)]
Fix includes
No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509
for a switch containing string constants. We do need x509_vfy instead.
tb [Tue, 29 Nov 2022 07:08:41 +0000 (07:08 +0000)]
Add missing X509_V_ERR_UNSPECIFIED case
tb [Tue, 29 Nov 2022 07:06:12 +0000 (07:06 +0000)]
Fix some KNF issues
Requested by claudio
tb [Tue, 29 Nov 2022 07:03:40 +0000 (07:03 +0000)]
Make X509_verify_cert_error_string() thread safe
Stop returning a pointer to a static buffer containing the error code on
unknown error. While this might be helpful, it's not going to end well.
ok beck claudio jsing
anton [Tue, 29 Nov 2022 06:30:34 +0000 (06:30 +0000)]
Add support for the Unified Battery feature found in many more recent Logitech
HID++ hardware which should cause battery sensors to be exposed for more
devices. Positive test reports from the following:
* Lift mouse (anton@)
* MX Anywhere 3 mouse (Paul de Weerd)
* MX Ergo trackball (kn@)
anton [Tue, 29 Nov 2022 06:29:45 +0000 (06:29 +0000)]
Add support for Bolt receivers. They use different registers for the
device name and type.
guenther [Tue, 29 Nov 2022 02:19:29 +0000 (02:19 +0000)]
Put the original image of the MP-startup and ACPI-suspend/hibernate
trampolines into .rodata instead of .text. While here, give types
and sizes to all the global symbols and delete some superfluous
directives and unrelocated symbols in the ACPI trampoline image.
ok mlarkin@
cheloha [Tue, 29 Nov 2022 01:04:44 +0000 (01:04 +0000)]
powerpc64: switch to clockintr
- Remove powerpc64-specific clock interrupt scheduling bits from
cpu_info.
- Remove powerpc64-specific randomized statclock() bits from
powerpc64/clock.c.
- Remove the 'stat_count' evcount. All clock interrupts are now counted
via the 'clock_count' evcount.
- Wire up dec_intrclock.
Bringup help from gkoehler@. Tested by gkoehler@: this patch has
survived four kernel-release-upgrade cycles on a Raptor Talos II
T2P9S01 sporting a quad-core POWER9 CPU.
Link: https://marc.info/?l=openbsd-tech&m=166776404803622&w=2
ok gkoehler@ mlarkin@
cheloha [Tue, 29 Nov 2022 00:58:05 +0000 (00:58 +0000)]
powerpc, macppc: switch to clockintr
- Remove powerpc-specific clock interrupt scheduling bits from cpu_info.
- Remove macppc-specific randomized statclock() bits from macppc/clock.c.
- Remove the 'stat_count' evcount. All clock interrupts are now counted
via the 'clock_count' evcount.
- Wire up dec_intrclock.
Bringup help from gkoehler@. The patch has survived five or six
kernel-release-upgrade cycles on my dual-core PowerMac3,6.
Link: https://marc.info/?l=openbsd-tech&m=166776385003520&w=2
ok gkoehler@ mlarkin@
mvs [Mon, 28 Nov 2022 21:39:28 +0000 (21:39 +0000)]
Simplify return path of (*pr_ctloutput)() return value in sogetopt().
ok guenther@ kn@
kn [Mon, 28 Nov 2022 19:13:36 +0000 (19:13 +0000)]
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one
write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock.
---
nd6_ifattach() allocates and unconditionally initialises struct ifnet's
*if_nd member, so early in if_attachsetup() that there is no way to query
unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member:
Added/set since 2002 sys/netinet6/nd6.c r1.42
attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16
use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
tb [Mon, 28 Nov 2022 18:33:56 +0000 (18:33 +0000)]
Fix indent
dv [Mon, 28 Nov 2022 18:24:52 +0000 (18:24 +0000)]
vmd(8): zero consdev in bootargs to fix booting ramdisks
Mischa Peters reported that booting a bsd.rd from 7.2 or newer
stopped working with vmd(8) in 7.2.
Direct booting kernels requires vmd to build boot args in guest
memory. Recently, the bios_consdev_t struct changed in amd64
machdep.c, adding additional struct members. vmd wasn't zeroing out
the struct, causing the booted kernel to read garbage.
While here, cleanup some of push_bootargs to use descriptive names
for boot args and standardize on explicit usage of uint32_t.
ok claudio, mlarkin
claudio [Mon, 28 Nov 2022 17:47:01 +0000 (17:47 +0000)]
Reshuffle case a little bit. No functional change.
tb [Mon, 28 Nov 2022 15:22:13 +0000 (15:22 +0000)]
Use ssize_t instead of int as requested on review
discussed with job
cheloha [Mon, 28 Nov 2022 14:56:31 +0000 (14:56 +0000)]
rc(8): reorder_libs: print names of relinked libraries
When booting from slow media, the boot can appear to stall at the
"reordering libs" line for quite some time. For my example, my G4
PowerMac booting from USB 1.1 takes a full minute to reorder the
libraries.
Let's print the name of each library before it is relinked. This
gives the operator a better sense of what the machine is doing. In
particular, it signals to the operator that the machine did not hang.
With input from kn@, deraadt@. Positive feedback from sthen@.
Link: https://marc.info/?l=openbsd-tech&m=165914104421476&w=2
ok kn@
kn [Mon, 28 Nov 2022 13:10:58 +0000 (13:10 +0000)]
Remove useless nd6_init_done
Only ip6_init() calls nd6_init(), exactly once, just like it calls
frag6_init() which on the other hand does not have some fra6_init_done to
guard against itself.
Like all other domains, ip6_init() is called in domaininit(), early in the
kernel's main().
This variable was probably never useful and stems from nd6.c r1.1:
bring in KAME IPv6 code, dated
19991208.
OK mvs
kn [Mon, 28 Nov 2022 13:08:53 +0000 (13:08 +0000)]
Statically initialise DAD list, remove obsolete dad_init
The list of IPv6 addresses to perfom Duplicate Address Detection on is
local to nd6_nbr.c; statically initialise it so `dad_init' can go.
nd6_dad_find() keeps returning NULL on an initialised but empty list,
so nd6_dad_stop() keeps returning early.
Feedback OK mvs
tb [Mon, 28 Nov 2022 07:50:47 +0000 (07:50 +0000)]
Garbage collect the unused asn1_add_error()
ok jsing
tb [Mon, 28 Nov 2022 07:50:00 +0000 (07:50 +0000)]
Retire prev_bio
While BIO chains are doubly linked lists, nothing has ever made use of this
fact internally. Even libssl has failed to maintain prev_bio properly in
two places for a long time. When BIO was made opaque, the opportunity to
fix that was missed. Instead, BIO_set_next() now allows breaking the lists
from outside the library, which freerdp has long done.
Problem found by schwarze while trying to document BIO_set_next().
schwarze likes the idea
ok jsing
matthieu [Mon, 28 Nov 2022 07:38:40 +0000 (07:38 +0000)]
sync
matthieu [Mon, 28 Nov 2022 07:37:48 +0000 (07:37 +0000)]
Remove rex.x, obsolete remote execution protocol
that still used sgttyb struct. ok gnezdo@ miod@
tb [Mon, 28 Nov 2022 07:24:03 +0000 (07:24 +0000)]
Tweak x509_constraints_uri_host() regress to test for NULL deref in
fixed in x509_constraints.c r1.29.
tb [Mon, 28 Nov 2022 07:22:15 +0000 (07:22 +0000)]
Fix NULL dereference in x509_constraints_uri_host()
When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so
add a NULL check before storing the strdup result in it.
From Anton Borowka
ok jsing miod
djm [Mon, 28 Nov 2022 01:38:22 +0000 (01:38 +0000)]
tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@
djm [Mon, 28 Nov 2022 01:37:36 +0000 (01:37 +0000)]
New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.
feedback deraadt@ dtucker@; tested in snaps for a while
kn [Sun, 27 Nov 2022 23:18:54 +0000 (23:18 +0000)]
Move UVM "swpgonly" from Daemon Counters to Swap Counters
Put it below "swpginuse" as systat(1) and uvm_init(9) already have it.
(uvm.c struct uvmline uvmline[] makes it easy to misplace counters without
double-checking against actual systat output.)
kn [Sun, 27 Nov 2022 22:55:31 +0000 (22:55 +0000)]
Remove last queue(3) *_END() usage from tree
queue(3) NOTES says they're deprecated and expand to NULL; indeed.
No object change.
OK kettenis mvs
kn [Sun, 27 Nov 2022 22:52:21 +0000 (22:52 +0000)]
Zap nonexistent "vnodepages" and "vtextpages" UVM Page Counters
Those members exists with an XXX comment in struct uvmexp/uvm_init(9),
but the kernel does not use them at all and systat(1) does not print them.
kettenis [Sun, 27 Nov 2022 22:04:59 +0000 (22:04 +0000)]
Implement support for the (optional) MSI controller of Synopsys Designware
PCIe host bridge. This MSI controller is quite retarded since it maps all
MSIs to a single hardware interrupt. So it doesn't really offer any
benefit over using classic INTx interrupts. Unfortunately we need to use
it on Amlogic SoCs since the PCIe device interrupt doesn't seem to work
correctly when configured as a level triggered interrupt and the workaround
of configuring it as an edge triggered interrupt causes problems when using
multiple disks connected to ahci(4) on the ODROID-HC4.
ok patrick@
job [Sun, 27 Nov 2022 20:50:09 +0000 (20:50 +0000)]
BIO_puts return values can be ambiguous, improve the check
OK tb@
schwarze [Sun, 27 Nov 2022 19:11:11 +0000 (19:11 +0000)]
In bio.h rev. 1.50 and rev. 1.51, tb@ provided BIO_set_retry_reason(3).
Merge the documentation from the OpenSSL 1.1.1 branch, which is still
under a free license, tweaked by me.
kn [Sun, 27 Nov 2022 15:31:36 +0000 (15:31 +0000)]
Remove useless casts
All *dp variables are of type 'struct dadq *'; no object change.
OK mvs
kn [Sun, 27 Nov 2022 15:27:17 +0000 (15:27 +0000)]
Zap qt3/4 remnants, MODQMAKE_RECURSIVE always defaults to yes
Like that since ports devel/qmake/qmake.port.mk r1.11
Zap qt3 remnants
kn [Sun, 27 Nov 2022 15:19:38 +0000 (15:19 +0000)]
Provide more accurate lock error message
When started manuall from single-user mode (/ still read-only), the current
error is misleading:
# slaacd -dv
slaacd: already running
The lock was specifically added to prevent multiple instances in the
installer, which discards the error message entirely anyway.
Retain the useful EAGAIN/"already running" message, but otherwise print the
real error reason:
# slaacd -dv
slaacd: /dev/slaacd.lock: Read-only file system
Feedback OK deraadt millert
anton [Sun, 27 Nov 2022 15:13:15 +0000 (15:13 +0000)]
reformat REGRESS_TARGETS
anton [Sun, 27 Nov 2022 15:12:57 +0000 (15:12 +0000)]
Applying mimmutable(2) to bss, data and text made the sys/kern/noexec tests fail
since they try to mutate the permissions of the aforementioned sections which is
no longer possible. Instead, "mimic" the sections by allocating and operating on
memory with the same initial permissions.
With help from deraadt@
kn [Sun, 27 Nov 2022 15:08:16 +0000 (15:08 +0000)]
x11/qt3 and qt4 are no more, say x11/qt* like the module's error message
schwarze [Sun, 27 Nov 2022 14:35:27 +0000 (14:35 +0000)]
delete duplicate OpenBSD CVS keyword line
tb [Sun, 27 Nov 2022 14:31:22 +0000 (14:31 +0000)]
Plug leak of tmp in case allocation of pq->abuf fails
ok florian
tb [Sun, 27 Nov 2022 14:29:06 +0000 (14:29 +0000)]
KNF nit: place brace correctly
ok florian
otto [Sun, 27 Nov 2022 13:19:00 +0000 (13:19 +0000)]
Once we are synced, we can validate the certificate in the standard way.
ok tb@
tb [Sat, 26 Nov 2022 23:05:22 +0000 (23:05 +0000)]
Missing return value check for BIO_new()
kettenis [Sat, 26 Nov 2022 21:35:22 +0000 (21:35 +0000)]
Adjust for changes in the device tree bindings. Since it is relatively
easy to support both the "official" and "preliminary" bindings, we support
both. Support for the "preliminary" bindings will be removed at some point
in the future.
ok tobhe@
mvs [Sat, 26 Nov 2022 17:52:35 +0000 (17:52 +0000)]
Turn sowriteable(), sballoc() and sbfree() macro to inline functions.
soreadable() is already presented as inline function, but corresponding
sowriteable() is still macro. Also it's no reason to keep sballoc() and
sbfree() as macro.
The first argument of sballoc() and sbfree() is not used, but keep it for
a while.
ok kn@ bluhm@
mvs [Sat, 26 Nov 2022 17:51:18 +0000 (17:51 +0000)]
Merge uipc_bind() with unp_bind(). Unlike other unp_*() functions,
unp_bind() has the only uipc_bind() caller. In the uipc_usrreq() times,
it made sense to have dedicated unp_bind() for prevent tne code mess
within giant switch(), but now it doesn't.
ok bluhm@
mvs [Sat, 26 Nov 2022 17:50:26 +0000 (17:50 +0000)]
Next step of netlock pressure decreasing in pppx(4).
The kernel lock is still taken when we access pppx(4) layer through
device node. Since pipex(4) layer doesn't rely on netlock anymore, and we
don't acquire it when we access pipex(4) from pppx(4) layer, kernel lock
is enough to protect pppx(4) data. Such data doesn't accessed from packet
processing path, so there is no reason to block it by netlock acquiring.
Assume kernel lock as protection for `pxd_pxis' lists and `pppx_ifs' tree.
The search in `pppx_ifs' tree has no context switch. There is no context
switch between the `pxi' free unit search and tree insertion.
Use reference counters to make `pxi' dereference safe, instead of holding
netlock. Now pppx_if_find() returns `pxi' with reference counter bumped,
and newly introduced pppx_if_rele() used for release this `pxi'.
Introduce pppx_if_find_locked() which returns `pxi' but doesn't bump
reference counter. pppx_if_find_locked() and pppx_if_find() both called
with kernel lock held, but keep existing notation where _locked()
function returned data with non bumped counter.
Mark dying `pxi' by setting `pxi_ready' to null, so concurrent thread
can't receive it by pppx_if_find().
The netlock is left around modification of associated ifnet's
`if_description'. This is unwanted because `if_description' never accessed
within packet processing path, but this require ifnet locking
modification, so keep this to the following diffs.
ok bluhm@
tb [Sat, 26 Nov 2022 17:23:17 +0000 (17:23 +0000)]
Make header guards of internal headers consistent
Not all of them, only those that didn't leak into a public header...
Yes.
tobhe [Sat, 26 Nov 2022 17:23:15 +0000 (17:23 +0000)]
Add arm64 lid_action sysctl for Apple Silicon laptops.
ok kettenis@
job [Sat, 26 Nov 2022 17:15:44 +0000 (17:15 +0000)]
Remove RFC 9092 example file because it contains inherit elements
job [Sat, 26 Nov 2022 17:14:40 +0000 (17:14 +0000)]
Make error messages about 'inherit' elements in End-Entity certs consistent
OK tb@
tobhe [Sat, 26 Nov 2022 17:12:11 +0000 (17:12 +0000)]
Bump to 7.2
job [Sat, 26 Nov 2022 17:06:43 +0000 (17:06 +0000)]
Disallow 'inherit' elements in geofeed authenticators
RFC 9092 is underspecified in this regard, but other signed
objects relating to Internet number resources (ROA, BGPsec,
ASPA, RSC) all disallow inherit.
See https://mailarchive.ietf.org/arch/msg/opsawg/JXjxCA14BkW4DWyVoUMwqDvB17I/
OK tb@
job [Sat, 26 Nov 2022 16:42:04 +0000 (16:42 +0000)]
Fix warning message
(Geofeed authenticators don't have a SIA)
tb [Sat, 26 Nov 2022 16:11:36 +0000 (16:11 +0000)]
bn_lcl.h wanted special treatment.
tb [Sat, 26 Nov 2022 16:08:50 +0000 (16:08 +0000)]
Make internal header file names consistent
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
tb [Sat, 26 Nov 2022 15:45:47 +0000 (15:45 +0000)]
Two small tweaks to the geofeed code
Only allocate b64 when it is needed. This way we can avoid allocating extra
memory for the signed data itself. Also, only check for the end signature
marker when it is actually expected. It's not forbidden - if stupid - to
have a comment '# End Signature:' in the signed data.
ok job
jsing [Sat, 26 Nov 2022 13:56:33 +0000 (13:56 +0000)]
Remove BIGNUM consistency macros.
Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND)
supposedly adds consistency checks to the BN code. These are rarely if ever
used and introduce a bunch of clutter in the code. Furthermore, there are
hacks in place to undo things that the debugging code does.
Remove all of this mess and instead rely on always enabled checks, more
readable code and proper regress coverage to ensure correct behaviour.
"Good riddance." tb@
tb [Sat, 26 Nov 2022 12:36:19 +0000 (12:36 +0000)]
Split eContent extration into a small helper
job didn't like jumping over a bunch of code, so handle this via a small
helper. It's not as if cms_parse_validate_internal() could not do with a
bit of splitting in general.
ok job