openbsd
2 years agoFix OCSP_basic_verify() cert chain construction in case the
tb [Wed, 24 Nov 2021 19:33:24 +0000 (19:33 +0000)]
Fix OCSP_basic_verify() cert chain construction in case the
OCSP_BASICRESP bs contains no certificates.

From David von Oheimb (OpenSSL 121738d1)

ok beck

2 years agoSimplify slightly by using X509_get0_pubkey() thus eliminating the
tb [Wed, 24 Nov 2021 19:29:19 +0000 (19:29 +0000)]
Simplify slightly by using X509_get0_pubkey() thus eliminating the
need for EVP_PKEY_free().

ok beck

2 years agoFix a whitespace error that has annoyed me for way too long
tb [Wed, 24 Nov 2021 19:27:03 +0000 (19:27 +0000)]
Fix a whitespace error that has annoyed me for way too long

2 years agoFix timestamp printing in Signed Certificate Timestamps
tb [Wed, 24 Nov 2021 19:24:46 +0000 (19:24 +0000)]
Fix timestamp printing in Signed Certificate Timestamps

Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with
fractional seconds, so don't feed it milliseconds, but only seconds.
Ensures that openssl x509 -text prints timestamps instead of skipping
them.

ok beck jsing

2 years agoAdd certificate transparency methods to the standard extensions.
tb [Wed, 24 Nov 2021 19:22:14 +0000 (19:22 +0000)]
Add certificate transparency methods to the standard extensions.

This way, CT extensions in certs will be parsed by the new CT code
when they are encountered. This gets rid of a lot of gibberish when
looking at a cert with 'openssl x509 -text -noout -in server.pem'

ok beck jsing

2 years agoWhen sending ICMP packets for IPsec path MTU discovery, the first
bluhm [Wed, 24 Nov 2021 18:48:33 +0000 (18:48 +0000)]
When sending ICMP packets for IPsec path MTU discovery, the first
ICMP packet could be wrong.  The mtu was taken from the loopback
interface as the tdb mtu was copied to the route too late.  Without
crypto task, ipsp_process_packet() returns the EMSGSIZE error
earlier.  Immediately update tdb and route mtu.
IPv4 part from markus@; OK tobhe@

2 years agopreliminary work: have the compiled_stemlist be case independent.
espie [Wed, 24 Nov 2021 16:51:08 +0000 (16:51 +0000)]
preliminary work: have the compiled_stemlist be case independent.
This has not useful repercussions so far, as the actual package name
comparison is done with case dependent regexps, but this will allow
searching for "user specs" as case independent in the future,
allowing stuff like
pkg_add graphicsmagick
to work.

2 years agoMove some functions from rrdp.c to rrdp_util.c and hex_decode to encoding.c.
claudio [Wed, 24 Nov 2021 15:24:16 +0000 (15:24 +0000)]
Move some functions from rrdp.c to rrdp_util.c and hex_decode to encoding.c.
This will make it easier to write a RRDP regress test.
OK job@ deraadt@

2 years agosync
deraadt [Wed, 24 Nov 2021 15:20:23 +0000 (15:20 +0000)]
sync

2 years agoinstall /usr/bin/llvm-ar as /usr/bin/ar directly without adding another
robert [Wed, 24 Nov 2021 15:15:19 +0000 (15:15 +0000)]
install /usr/bin/llvm-ar as /usr/bin/ar directly without adding another
binary to /usr/bin and do the same with the manpage as well and make sure
that we only build llvm-ar on architectures where it is actually enabled

discussed with deraadt@

2 years agoadd the missing const qualifiers below EXAMPLES;
schwarze [Wed, 24 Nov 2021 13:30:56 +0000 (13:30 +0000)]
add the missing const qualifiers below EXAMPLES;
from <Malgorzata dot Olszowka at stunnel dot org>
via OpenSSL commit 256989ce in the OpenSSL 1.1.1 branch,
which is still under a free license

2 years agodocument ASN1_item_ndef_i2d(3)
schwarze [Wed, 24 Nov 2021 13:18:08 +0000 (13:18 +0000)]
document ASN1_item_ndef_i2d(3)

2 years agoFix type of count.
visa [Wed, 24 Nov 2021 13:17:37 +0000 (13:17 +0000)]
Fix type of count.

2 years agoSimplify arithmetics on the main path.
visa [Wed, 24 Nov 2021 13:16:00 +0000 (13:16 +0000)]
Simplify arithmetics on the main path.

2 years agoDisable poll_close test for now as it expects kqueue backend.
visa [Wed, 24 Nov 2021 12:58:01 +0000 (12:58 +0000)]
Disable poll_close test for now as it expects kqueue backend.

2 years agoRemove unneeded <sys/stdarg.h>.
visa [Wed, 24 Nov 2021 12:40:40 +0000 (12:40 +0000)]
Remove unneeded <sys/stdarg.h>.

OK guenther@

2 years agoRefactor postsig_done(). Pass the catchmask and signal reset flag to the
claudio [Wed, 24 Nov 2021 10:40:15 +0000 (10:40 +0000)]
Refactor postsig_done(). Pass the catchmask and signal reset flag to the
function. This will make unlocking cursig() & postsig() a bit easier.
OK mpi@

2 years agoMinor code cleanup. Move a comment to the right place, move a function
claudio [Wed, 24 Nov 2021 10:28:55 +0000 (10:28 +0000)]
Minor code cleanup. Move a comment to the right place, move a function
to get a better order of functions. Also reduce the size of sigprop
to NSIG from NSIG+1. NSIG is defined as 33 and so includes the extra
element for this array.
OK mpi@

2 years agoAdd a few dt(4) TRACEPOINTS to SMR. Should help to better understand what
claudio [Wed, 24 Nov 2021 09:47:49 +0000 (09:47 +0000)]
Add a few dt(4) TRACEPOINTS to SMR. Should help to better understand what
goes on in SMR.
OK mpi@

2 years agoIn some situations, the verifier would discard the error on an unvalidated
beck [Wed, 24 Nov 2021 05:38:12 +0000 (05:38 +0000)]
In some situations, the verifier would discard the error on an unvalidated
certificte chain. This would happen when the verification callback was
in use, instructing the verifier to continue unconditionally. This could
lead to incorrect decisions being made in software.

2 years agolibkeynote: stop reaching into EVP_PKEY internals.
tb [Wed, 24 Nov 2021 04:32:52 +0000 (04:32 +0000)]
libkeynote: stop reaching into EVP_PKEY internals.

Use EVP_PKEY_get0_RSA() instead of pPublicKey->pkey.rsa.

Fix a couple of leaks in the vicinity: we need a reference on the RSA,
which is what keynote_free_key() frees, not on the EVP_PKEY. Also, don't
leak the entire certificate on success.

ok beck

2 years agoMake the certificate transparency code build with the rest of the library
beck [Wed, 24 Nov 2021 01:12:43 +0000 (01:12 +0000)]
Make the certificate transparency code build with the rest of the library
Do not expose it yet, this will wait for an upcoming bump

ok tb@

2 years agoUse system uptime not UTC time to calculate PPPoE session duration
kn [Tue, 23 Nov 2021 19:13:45 +0000 (19:13 +0000)]
Use system uptime not UTC time to calculate PPPoE session duration

Systems without RTC are likely to boot with wrong time, but pppoe(4) used
microtime(9) anyway to remember when a new session began.

(In)adequately, ifconfig(8) used gettimeofday(2) and calculated the
difference between two absoloute dates to infer the PPPoE session duration.

This goes off the rails if the wall clock jumps in between, e.g. due to NTP
kicking in.

Use getmicrouptime(9) and clock_gettime(2)/CLOCK_BOOTTIME instead to rely
on the monotonically increasing system uptime instead to fix this.

Reported and tested by Peter J. Philipp <pjp AT delphinusdns DOT org> on
some octeon box without RTC.
I've seen this on a Edgerouter 4 as well (2m uptime, 19d session).

OK claudio

2 years agoTransform a mangled comment into something intelligible.
tb [Tue, 23 Nov 2021 18:26:23 +0000 (18:26 +0000)]
Transform a mangled comment into something intelligible.

from beck

2 years agodocument ASN1_TYPE_set_int_octetstring(3) and ASN1_TYPE_get_int_octetstring(3)
schwarze [Tue, 23 Nov 2021 17:53:59 +0000 (17:53 +0000)]
document ASN1_TYPE_set_int_octetstring(3) and ASN1_TYPE_get_int_octetstring(3)

2 years agoUse LIBRESSL_NEXT_API to document the commented-out functions that are
tb [Tue, 23 Nov 2021 17:06:05 +0000 (17:06 +0000)]
Use LIBRESSL_NEXT_API to document the commented-out functions that are
not yet available.

ok schwarze

2 years agodocument ASN1_TYPE_set_octetstring(3) and ASN1_TYPE_get_octetstring(3)
schwarze [Tue, 23 Nov 2021 14:58:08 +0000 (14:58 +0000)]
document ASN1_TYPE_set_octetstring(3) and ASN1_TYPE_get_octetstring(3)

2 years agoAdd logging for rekey failures.
tobhe [Tue, 23 Nov 2021 13:52:51 +0000 (13:52 +0000)]
Add logging for rekey failures.

ok patrick@

2 years agodocument a2i_ASN1_INTEGER(3),
schwarze [Tue, 23 Nov 2021 13:52:27 +0000 (13:52 +0000)]
document a2i_ASN1_INTEGER(3),
i2a_ASN1_ENUMERATED(3), and a2i_ASN1_ENUMERATED(3)

2 years agore-align these copies of the a2i_*(3) code with f_string.c rev. 1.19
schwarze [Tue, 23 Nov 2021 11:10:51 +0000 (11:10 +0000)]
re-align these copies of the a2i_*(3) code with f_string.c rev. 1.19
to fix the same double-counting of the backslash
and to make the parsing stricter in the same way;
OK tb@

2 years agoadd llvm-ar(1) to the build with its two dependencies libLLVMDlltoolDriver
robert [Tue, 23 Nov 2021 10:30:08 +0000 (10:30 +0000)]
add llvm-ar(1) to the build with its two dependencies libLLVMDlltoolDriver
and libLLVMLibDriver;

switch LLD_ARCHs to llvm-ar(1) by skipping the installation of binutils' ar(1)
and linking llvm-ar(1) to ar(1)

tested on amd64, i386, arm64 and mips64

ok patrick@, kettenis@

2 years agoIn DH_set0_pqg() also set dh->length if q is set to match what OpenSSL do.
tb [Tue, 23 Nov 2021 09:53:45 +0000 (09:53 +0000)]
In DH_set0_pqg() also set dh->length if q is set to match what OpenSSL do.

ok inoguchi jsing

2 years agotemporarily disable test unless this is fixed
espie [Tue, 23 Nov 2021 08:27:37 +0000 (08:27 +0000)]
temporarily disable test unless this is fixed

2 years agonameserver->name server, as the rest of the file does;
jmc [Tue, 23 Nov 2021 06:58:36 +0000 (06:58 +0000)]
nameserver->name server, as the rest of the file does;

2 years agosync
deraadt [Tue, 23 Nov 2021 04:11:06 +0000 (04:11 +0000)]
sync

2 years agoFix mbuf leaks after reception error in rge_rxeof().
kevlo [Tue, 23 Nov 2021 01:44:44 +0000 (01:44 +0000)]
Fix mbuf leaks after reception error in rge_rxeof().

Being that rge(4) is derived from re(4) it looks like it has the same
issues as fixed in re(4) rev 1.211.

From Brad
ok gnezdo@

2 years agoA weird little test which can expose buggy return value conditions in poll()
deraadt [Tue, 23 Nov 2021 01:14:26 +0000 (01:14 +0000)]
A weird little test which can expose buggy return value conditions in poll()

2 years agolimit a variable to the scope inside #ifdef where it is used
deraadt [Tue, 23 Nov 2021 01:03:35 +0000 (01:03 +0000)]
limit a variable to the scope inside #ifdef where it is used

2 years agoavoid clang -Wsometimes-uninitialized warnings in fms(4)
jsg [Tue, 23 Nov 2021 00:17:59 +0000 (00:17 +0000)]
avoid clang -Wsometimes-uninitialized warnings in fms(4)
feedback and ok millert@

2 years agouse ISC license for ubcmtp
jcs [Mon, 22 Nov 2021 22:12:37 +0000 (22:12 +0000)]
use ISC license for ubcmtp

2 years agoMOBIKE is RFC 4555.
tobhe [Mon, 22 Nov 2021 20:51:48 +0000 (20:51 +0000)]
MOBIKE is RFC 4555.

2 years agoEnable iicmux(4) and pcyrtc(4).
kettenis [Mon, 22 Nov 2021 20:25:50 +0000 (20:25 +0000)]
Enable iicmux(4) and pcyrtc(4).

2 years agopcyrtc(4)
kettenis [Mon, 22 Nov 2021 20:24:41 +0000 (20:24 +0000)]
pcyrtc(4)

2 years agoAdd pcyrtc(4), a driver for the NXP PCF85063A/TP RTC chips.
kettenis [Mon, 22 Nov 2021 20:20:20 +0000 (20:20 +0000)]
Add pcyrtc(4), a driver for the NXP PCF85063A/TP RTC chips.

ok patrick@

2 years agoRemove unused header files and make some cosmetic changes.
kettenis [Mon, 22 Nov 2021 20:19:23 +0000 (20:19 +0000)]
Remove unused header files and make some cosmetic changes.

ok patrick@

2 years agoImplement rfc6840 (AD flag processing) if using trusted name servers
jca [Mon, 22 Nov 2021 20:18:27 +0000 (20:18 +0000)]
Implement rfc6840 (AD flag processing) if using trusted name servers

libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so.  Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8).  For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".

AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE.  It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.

RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer.  Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.

ok florian@ phessler@

2 years agoFix typo
job [Mon, 22 Nov 2021 19:32:32 +0000 (19:32 +0000)]
Fix typo

thanks Matthias Schmidt

2 years agoHack alert! Apple M1 systems still don't work with an MP kernel.
kettenis [Mon, 22 Nov 2021 19:22:59 +0000 (19:22 +0000)]
Hack alert!  Apple M1 systems still don't work with an MP kernel.
In order to make progress (and protect myself from things dumping cores
left and right when I run sysupgrade) abuse the hw.smt mechanism to
only schedule processes on the primary CPU.

ok deraadt@, patrick@

2 years agoAdd regress test for futexes in shared anonymous memory.
kettenis [Mon, 22 Nov 2021 18:42:16 +0000 (18:42 +0000)]
Add regress test for futexes in shared anonymous memory.

ok mpi@

2 years agoRevert poll(2) back to the original implementation
visa [Mon, 22 Nov 2021 17:15:05 +0000 (17:15 +0000)]
Revert poll(2) back to the original implementation

The translation to and from kqueue still has major shortcomings.

Discussed with deraadt@

2 years agonew manual page ASN1_NULL_new(3), also documenting ASN1_NULL_free(3)
schwarze [Mon, 22 Nov 2021 16:19:54 +0000 (16:19 +0000)]
new manual page ASN1_NULL_new(3), also documenting ASN1_NULL_free(3)

2 years agoTranslate POLLNVAL in ppollcollect()
visa [Mon, 22 Nov 2021 14:59:03 +0000 (14:59 +0000)]
Translate POLLNVAL in ppollcollect()

This makes the kqueue-based poll(2) behave more similarly to the old
code when a monitored file descriptor is closed by another thread.

OK mpi@

2 years agoLet futex_wait() run without kernel lock
visa [Mon, 22 Nov 2021 14:57:17 +0000 (14:57 +0000)]
Let futex_wait() run without kernel lock

The KERNEL_LOCK() is no longer necessary with rwsleep() and PCATCH
because the sleep machinery now does the locking internally.

OK mpi@

2 years agoavoid uninitialised variable use in igc(4)
jsg [Mon, 22 Nov 2021 14:00:52 +0000 (14:00 +0000)]
avoid uninitialised variable use in igc(4)

read icr reg before testing bit in result
add missing block in rxeof from ix

ok kevlo@ patrick@

2 years agonew manual page a2d_ASN1_OBJECT(3);
schwarze [Mon, 22 Nov 2021 14:00:27 +0000 (14:00 +0000)]
new manual page a2d_ASN1_OBJECT(3);
while here, add a few STANDARDS references

2 years agoCopy code from ip_forward() to ip6_forward() to fix Path MTU discovery
bluhm [Mon, 22 Nov 2021 13:47:10 +0000 (13:47 +0000)]
Copy code from ip_forward() to ip6_forward() to fix Path MTU discovery
in IPsec IPv6 tunnel.  Implement sending ICMP6 packet too big
messages.  Also implement the pf error case in ip6_forward().  While
there, do some cleanup and make the IPv4 and IPv6 code look similar.
OK tobhe@

2 years agomove PFR_TFLAG_CONST test, missed in rev 1.138
jsg [Mon, 22 Nov 2021 12:56:04 +0000 (12:56 +0000)]
move PFR_TFLAG_CONST test, missed in rev 1.138
prompted by uninitialised var found by bluhm@ running regress on sparc64
ok sashan@

2 years agovmm(4): copyout guest state on VM_EXIT_NONE
dv [Mon, 22 Nov 2021 12:55:40 +0000 (12:55 +0000)]
vmm(4): copyout guest state on VM_EXIT_NONE

Partly related to a bug reported by kn@. We should be copying out
the guest exit state (including registers) when we succesfully
return from the vcpu run loop even if we don't require an emulation
assist from userland/vmd(8). This condition was introduced when I
removed the use of yield() and instead exit the kernel if the
scheduler says we've hogged the cpu.

ok mlarkin@

2 years agodocument ASN1_OBJECT_create(3)
schwarze [Mon, 22 Nov 2021 12:06:51 +0000 (12:06 +0000)]
document ASN1_OBJECT_create(3)

2 years agoM_USB -> M_USBHC
mglocker [Mon, 22 Nov 2021 11:46:11 +0000 (11:46 +0000)]
M_USB -> M_USBHC

2 years agoDrop the old problematic claim multiple report ids logic now that all
anton [Mon, 22 Nov 2021 11:30:16 +0000 (11:30 +0000)]
Drop the old problematic claim multiple report ids logic now that all
uhidev drivers have been fixed.

2 years agoAdd missing claim multiple report ids conditionals to uhidev drivers.
anton [Mon, 22 Nov 2021 11:29:17 +0000 (11:29 +0000)]
Add missing claim multiple report ids conditionals to uhidev drivers.

2 years agoexplain about the new defaults for PKGNAME-sub
espie [Mon, 22 Nov 2021 11:17:39 +0000 (11:17 +0000)]
explain about the new defaults for PKGNAME-sub

2 years agogc parts that reference "describe"
espie [Mon, 22 Nov 2021 11:07:50 +0000 (11:07 +0000)]
gc parts that reference "describe"

2 years agoMake iwx(4) update an Rx BA session's last_rx timestamp when a frame
stsp [Mon, 22 Nov 2021 11:01:12 +0000 (11:01 +0000)]
Make iwx(4) update an Rx BA session's last_rx timestamp when a frame
is received which matches the session.

Same change as just made in iwm(4).

2 years agoMake iwm(4) update an Rx BA session's last_rx timestamp when a frame
stsp [Mon, 22 Nov 2021 11:00:50 +0000 (11:00 +0000)]
Make iwm(4) update an Rx BA session's last_rx timestamp when a frame
is received which matches the session.

Tested by myself and bket@

2 years agoLet iwx(4) use per-Tx-queue interface timers to ensure that the interface
stsp [Mon, 22 Nov 2021 10:54:36 +0000 (10:54 +0000)]
Let iwx(4) use per-Tx-queue interface timers to ensure that the interface
watchdog will trigger a device timeout if a particular Tx queue gets stuck
while other Tx queues keep working.

The Linux driver is using a similar workaround for "stuck queues".

Tested by myself and jmc@

2 years agoIn iwx(4), fix off-by-one errors during TID value bounds checks.
stsp [Mon, 22 Nov 2021 10:47:55 +0000 (10:47 +0000)]
In iwx(4), fix off-by-one errors during TID value bounds checks.

The TID is used as an array index and, according to the Linux driver,
must be smaller than IWX_MAX_TID_COUNT (8). The AP might request an Rx
aggregation session using TID 8. Our driver uses the TID as an index into
an array of IEEE80211_NUM_TID (16) elements, and hence would not crash.
However, the index is exposed to firmware which could potentially crash
or raise an assertion failure for values >= 8.

ok kettenis@

2 years agoFix iwx(4) Tx ring array size which was one entry too short.
stsp [Mon, 22 Nov 2021 10:31:58 +0000 (10:31 +0000)]
Fix iwx(4) Tx ring array size which was one entry too short.

Fortunately, this bug was harmless. The last Tx agg queue is never used
because ieee80211_classify() only returns TID values in the range 0 - 3.
And iterations over the txq array use nitems() to find the upper bound.

The possiblity of shrinking the txq array by 4 elements to get rid of
unused Tx agg queues could be investigated later.
For now, just fix the off-by-one error.

ok kettenis@

2 years agoLet iwm(4) resume directly in DVACT_WAKEUP instead of running the init task.
stsp [Mon, 22 Nov 2021 10:23:42 +0000 (10:23 +0000)]
Let iwm(4) resume directly in DVACT_WAKEUP instead of running the init task.

Same change as made for iwx(4) some time ago.

tested by myself and bket@

2 years agoAlign memory allocation for USB device drivers and USB HC drivers:
mglocker [Mon, 22 Nov 2021 10:17:14 +0000 (10:17 +0000)]
Align memory allocation for USB device drivers and USB HC drivers:

* USB device drivers use M_USBDEV instead of M_DEVBUF.
* USB HC drivers use M_USBHC instead of M_DEVBUF.

In a vanilla setup, this enlarges the USB memory pool.

ok anton@

2 years agoacme-client: use BIO_number_written(bio) instead of bio->num_write.
tb [Mon, 22 Nov 2021 08:26:08 +0000 (08:26 +0000)]
acme-client: use BIO_number_written(bio) instead of bio->num_write.
Avoid awkward line wrapping by removing awkward else if chaining.

ok claudio florian

2 years agoavoid clang -Wsometimes-uninitialized warning with SMALL_KERNEL
jsg [Mon, 22 Nov 2021 03:30:20 +0000 (03:30 +0000)]
avoid clang -Wsometimes-uninitialized warning with SMALL_KERNEL

2 years agoimprove legibility of structs in several manpages
jan [Sun, 21 Nov 2021 23:44:55 +0000 (23:44 +0000)]
improve legibility of structs in several manpages

General uses tabs for general indentation and 4 spaces
on tight spots.  Also uses extra space to align pointers
and non-pointers as we do this on certain places in our
source.

with improvements from schwarze@

OK schwarze@

2 years agocorrect the vnd-on-vnd dev_t test, and avoid leaking a cred in an
deraadt [Sun, 21 Nov 2021 23:07:11 +0000 (23:07 +0000)]
correct the vnd-on-vnd dev_t test, and avoid leaking a cred in an
obscure condition
ok tb

2 years agosync
deraadt [Sun, 21 Nov 2021 23:06:24 +0000 (23:06 +0000)]
sync

2 years agosort SEE ALSO;
jmc [Sun, 21 Nov 2021 23:02:50 +0000 (23:02 +0000)]
sort SEE ALSO;

2 years agoAdd 'ikectl show certinfo' to show trusted CAs and certificates.
tobhe [Sun, 21 Nov 2021 22:44:08 +0000 (22:44 +0000)]
Add 'ikectl show certinfo' to show trusted CAs and certificates.
This helps debug authentication issues with x509 certificates.

ok markus@

2 years agoTweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.
tb [Sun, 21 Nov 2021 22:34:30 +0000 (22:34 +0000)]
Tweak for opaque EVP_MD: use EVP_MD_type(dgst) instead of dgst->type.

2 years agoMention iicmux(4).
kettenis [Sun, 21 Nov 2021 22:27:16 +0000 (22:27 +0000)]
Mention iicmux(4).

requested by & ok jmc@

2 years agoPrepare ssltest for opaque DH
tb [Sun, 21 Nov 2021 21:40:45 +0000 (21:40 +0000)]
Prepare ssltest for opaque DH

2 years agoIn asn1.h rev. 1.55 and asn1/a_time.c rev. 1.28, beck@
schwarze [Sun, 21 Nov 2021 17:35:53 +0000 (17:35 +0000)]
In asn1.h rev. 1.55 and asn1/a_time.c rev. 1.28, beck@
provided ASN1_TIME_diff(3).  Merge the documentation from
the OpenSSL 1.1.1 branch, which is still under a free license.

2 years agoAdd the new `ipsec_exctdb' ipsec(4) counter to count and expose to the
mvs [Sun, 21 Nov 2021 16:17:48 +0000 (16:17 +0000)]
Add the new `ipsec_exctdb' ipsec(4) counter to count and expose to the
userland the TDBs which exceeded hard limit.

Also the `ipsec_notdb' counter description in header doesn't math to
netstat(1) description. We never count `ipsec_notdb' and the netstat(1)
description looks more appropriate so it's used to avoid confusion with
the new counter.

ok bluhm@

2 years agotee(1): use idiomatic write loop
cheloha [Sun, 21 Nov 2021 16:15:43 +0000 (16:15 +0000)]
tee(1): use idiomatic write loop

tee(1) handles partial writes correctly, but the more idiomatic write
loop is shorter and easier to audit than this heterodox approach.

ok millert@

2 years agooops, i forgot the STANDARDS section
schwarze [Sun, 21 Nov 2021 15:16:45 +0000 (15:16 +0000)]
oops, i forgot the STANDARDS section

2 years agonew manual page d2i_ASN1_BOOLEAN(3) also documenting i2d_ASN1_BOOLEAN(3)
schwarze [Sun, 21 Nov 2021 15:11:01 +0000 (15:11 +0000)]
new manual page d2i_ASN1_BOOLEAN(3) also documenting i2d_ASN1_BOOLEAN(3)

2 years agogetaddrinfo doesn't resolve numeric hostname in the !AI_NUMERICHOST case
martijn [Sun, 21 Nov 2021 13:33:53 +0000 (13:33 +0000)]
getaddrinfo doesn't resolve numeric hostname in the !AI_NUMERICHOST case
if family in resolv.conf is not set to its specific family.

e.g. 0.0.0.0 will not resolve if family is set to "family inet6"

Fix this by first trying to resolve with AI_NUMERIC set and if EAI_NONAME
is returned (it's an actual hostname) retry with an empty ai_flags.

bug reported by and OK sthen@

2 years agowycheproof: modify RSA tests to work with opaque RSA struct
tb [Sun, 21 Nov 2021 11:55:00 +0000 (11:55 +0000)]
wycheproof: modify RSA tests to work with opaque RSA struct

2 years agowycheproof.go: modify some DSA and ECDSA code to work with opaque structs
tb [Sun, 21 Nov 2021 11:41:18 +0000 (11:41 +0000)]
wycheproof.go: modify some DSA and ECDSA code to work with opaque structs

2 years agoiicmux(4)
kettenis [Sun, 21 Nov 2021 11:10:35 +0000 (11:10 +0000)]
iicmux(4)

2 years agoAdd iicmux(4), a driver that switches between I2C busses connected to
kettenis [Sun, 21 Nov 2021 11:02:21 +0000 (11:02 +0000)]
Add iicmux(4), a driver that switches between I2C busses connected to
a single I2C controller by using the pin muxing facilities of an SoC.

ok visa@

2 years agoRegister i2c bus.
kettenis [Sun, 21 Nov 2021 11:00:40 +0000 (11:00 +0000)]
Register i2c bus.

ok jsg@

2 years agotemporarily reallow "empty" flavor parts so that rsync-- works again
espie [Sun, 21 Nov 2021 10:15:52 +0000 (10:15 +0000)]
temporarily reallow "empty" flavor parts so that rsync-- works again
(I really need to split that code off)

2 years agosmtpd-filters.7 referred to itself internally as just filters(7): fix that,
jmc [Sun, 21 Nov 2021 06:48:15 +0000 (06:48 +0000)]
smtpd-filters.7 referred to itself internally as just filters(7): fix that,
and put some Xr in smtpd.conf.5 so people can find it;

from leon fischer

2 years agoAdd tests for concurrent closing of a poll/select monitored fd.
visa [Sun, 21 Nov 2021 06:21:01 +0000 (06:21 +0000)]
Add tests for concurrent closing of a poll/select monitored fd.

2 years agoFix whitespace and long lines.
bluhm [Sun, 21 Nov 2021 02:54:56 +0000 (02:54 +0000)]
Fix whitespace and long lines.

2 years agoGather the setup of the initial OpenBSD MBR partition into one
krw [Sat, 20 Nov 2021 21:35:52 +0000 (21:35 +0000)]
Gather the setup of the initial OpenBSD MBR partition into one
location within MBR_init(), ensuring that MBR_init() creates an
OpenBSD MBR partition only when there is space for it.

No functional change.

2 years agoFix some strdup() leaks in ocsp config option.
tobhe [Sat, 20 Nov 2021 20:44:33 +0000 (20:44 +0000)]
Fix some strdup() leaks in ocsp config option.

ok markus@

2 years agosince it's unlikely that i'll get away with changing fortune's real usage to
jmc [Sat, 20 Nov 2021 19:15:55 +0000 (19:15 +0000)]
since it's unlikely that i'll get away with changing fortune's real usage to
the string below (unfortunately), settle for making it more realistic: Usage->usage

  -Usage: fortune -P [] -a [xsz] [Q: [file]] [rKe9] -v6[+] dataspec ... inputdir
  +usage: fortune -P [] -a [xsz] [Q: [file]] [rKe9] -v6[+] dataspec ... inputdir

2 years agoinstall smtpd-filters.7;
jmc [Sat, 20 Nov 2021 19:11:33 +0000 (19:11 +0000)]
install smtpd-filters.7;

cleanup/push from larry hynes;
gilles agreed the page is suitable for installation;