mpi [Mon, 19 Feb 2018 11:35:41 +0000 (11:35 +0000)]
Grab solock() inside soconnect2() instead of asserting for it to be held.
ok millert@
schwarze [Mon, 19 Feb 2018 10:40:00 +0000 (10:40 +0000)]
In dsa.h rev. 1.25 2018/02/18 12:50:58, tb@ provided DSA_set0_pqg(3)
and in dsa.h rev. 1.26 2018/02/18 14:58:12 DSA_set0_key(3).
Merge the documentation from OpenSSL.
schwarze [Mon, 19 Feb 2018 10:04:08 +0000 (10:04 +0000)]
In evp.h rev. 1.57 2018/02/17 16:54:08,
jsing@ provided EVP_CIPHER_CTX_reset(3).
Merge the documentation, most from Richard Levitte
via OpenSSL commit
05fdb8d3 Dec 18 17:09:45 2015 +0100.
Also merge improvements to the EXAMPLES section from OpenSSL,
fixing one additional bug that still remains in OpenSSL.
While here, improve information on the deprecated functions,
sort RETURN VALUES, and add a few missing functions to it,
though that section still remains incomplete.
otto [Mon, 19 Feb 2018 09:52:16 +0000 (09:52 +0000)]
(static) byte buffers are not aligned in any way, malloc the buffer to
solve that. Prevents bus error on armv7. ok naddy@ florian@
mpi [Mon, 19 Feb 2018 09:25:13 +0000 (09:25 +0000)]
Change some returns into gotos, will help keeping the unlocking path
simpler. No functional change.
Extracted from a larger diff from guenther@, ok kettenis@
jsg [Mon, 19 Feb 2018 09:20:45 +0000 (09:20 +0000)]
Add a default case to a usb_tap() switch statement which mpi@ says will
never be called to convince compilers and static analysis tools a path
that uses uninitialised memory does not exist.
ok krw@ mpi@
mpi [Mon, 19 Feb 2018 09:18:50 +0000 (09:18 +0000)]
Convert sparc64 to MI mutex.
ok dlg@
mpi [Mon, 19 Feb 2018 09:18:00 +0000 (09:18 +0000)]
Include <sys/mutex.h> directly instead of relying on other headers to
include it.
jsg [Mon, 19 Feb 2018 09:08:13 +0000 (09:08 +0000)]
Directly include sys/mplock.h when needed instead of depending on
indirect inclusion. Fixes non-MULTIPROCESSOR WITNESS build.
ok visa@ mpi@
mpi [Mon, 19 Feb 2018 08:59:52 +0000 (08:59 +0000)]
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
schwarze [Mon, 19 Feb 2018 08:20:26 +0000 (08:20 +0000)]
In x509.h rev. 1.29 2018/02/17 15:50:42, jsing@ provided
X509_get0_signature(3). Merge the documentation from OpenSSL.
Rename the file from X509_get_signature_nid.3 to X509_get0_signature.3
for consistency because we are not losing any history yet.
schwarze [Mon, 19 Feb 2018 07:59:23 +0000 (07:59 +0000)]
In x509.h rev. 1.29 2018/02/17 15:50:42, jsing@ provided
X509_get0_extensions(3). Merge the documentation from OpenSSL.
jmc [Mon, 19 Feb 2018 06:48:45 +0000 (06:48 +0000)]
tweak previous;
jsg [Mon, 19 Feb 2018 06:22:12 +0000 (06:22 +0000)]
sync
dlg [Mon, 19 Feb 2018 04:43:48 +0000 (04:43 +0000)]
tunneldf needs ifr_df
djm [Mon, 19 Feb 2018 00:55:02 +0000 (00:55 +0000)]
emphasise that the hostkey rotation may send key types that the client
may not support, and that the client should simply disregard such keys
(this is what ssh does already).
dlg [Mon, 19 Feb 2018 00:46:27 +0000 (00:46 +0000)]
support configuration of fragmentation of the tunnel traffic
dlg [Mon, 19 Feb 2018 00:34:32 +0000 (00:34 +0000)]
enable configuration of tunnel fragmentation.
dlg [Mon, 19 Feb 2018 00:29:29 +0000 (00:29 +0000)]
initialise sc_df to 0 in clone create rather than setting sc_ttl badly
dlg [Mon, 19 Feb 2018 00:26:26 +0000 (00:26 +0000)]
add code to support configuration of tunnel traffic fragmentation
dlg [Mon, 19 Feb 2018 00:24:48 +0000 (00:24 +0000)]
make sure only root can configure an interface with SIOCSLIFPHYDF.
dlg [Mon, 19 Feb 2018 00:23:57 +0000 (00:23 +0000)]
add support for setting and displaying whether a tunnel allows fragmentation
ifconfig will output "nodf" or "df" on tunnel interfaces that support
the ioctl., and accepts "tunneldf" and "-tunneldf" as options to
try and configure it.
dlg [Mon, 19 Feb 2018 00:21:31 +0000 (00:21 +0000)]
add ioctls for tunnels to configure whether they allow fragmentation or not.
discussed with cladio@ at a2k18
dlg [Mon, 19 Feb 2018 00:18:31 +0000 (00:18 +0000)]
gif carries mpls too
dlg [Sun, 18 Feb 2018 23:53:17 +0000 (23:53 +0000)]
don't allow configuration of non-ipv4 addresses.
i found out how to do this while reading the freebsd stf(4) driver.
schwarze [Sun, 18 Feb 2018 23:34:01 +0000 (23:34 +0000)]
In ssl.h rev. 1.139 2018/02/17 15:19:43 and rev. 1.140 2018/02/17 15:32:20,
jsing@ provided SSL_get_client_random(3), SSL_get_server_random(3), and
SSL_SESSION_get_master_key(3). Import the documentation from OpenSSL,
with some tweaks.
schwarze [Sun, 18 Feb 2018 22:18:59 +0000 (22:18 +0000)]
In ssl.h rev. 1.138 2018/02/17 15:13:12, jsing@ provided
SSL_CTX_get0_certificate(3). It is public in OpenSSL, too,
but OpenSSL has no documentation, so write some from scratch.
kn [Sun, 18 Feb 2018 21:48:00 +0000 (21:48 +0000)]
zap *_path() functions
These PATH helpers failed to quote their input properly leading to shell
code execution. Noone noticed since import (over 21 years ago), so wipe it.
OK tb rpe
sashan [Sun, 18 Feb 2018 21:45:30 +0000 (21:45 +0000)]
- regression in pflog output
pf_match_rule() must remember current anchor before descents
towards leaf. it must restore anchor as it ascents towards root.
Bug pointed out and fix also tested by Matthias Pitzl from genua.
OK bluhm@
schwarze [Sun, 18 Feb 2018 21:04:31 +0000 (21:04 +0000)]
In tls1.h rev. 1.32 2018/02/17 15:08:21, jsing@ provided
SSL_CTX_get_tlsext_status_cb(3) and SSL_CTX_get_tlsext_status_arg(3).
Merge the documentation,
mostly from Remi Gacogne <rgacogne-github at coredump dot fr>
via OpenSSL commit
fddfc0af Aug 6 12:54:29 2016 +0200
plus the RETURN VALUES part by me.
schwarze [Sun, 18 Feb 2018 20:11:16 +0000 (20:11 +0000)]
In evp.h rev. 1.56 2018/02/17 14:55:31, jsing@ provided
EVP_MD_CTX_new(3), EVP_MD_CTX_reset(3), and EVP_MD_CTX_free(3).
Merge the documentation from OpenSSL, tweaked by me.
Also merge a few other minor improvements from OpenSSL.
While here, improve the order of functions, improve the description
of deprecated functions, fix a few other minor bugs, and remove an
irrelevant warning about binary incompatibility.
kettenis [Sun, 18 Feb 2018 19:11:27 +0000 (19:11 +0000)]
Revert previous. It triggers mbuf pool exhaustion on arm64.
Requested by claudio@
rpe [Sun, 18 Feb 2018 18:52:02 +0000 (18:52 +0000)]
Remove unecessary line continuation markers after || and &&
naddy [Sun, 18 Feb 2018 17:47:47 +0000 (17:47 +0000)]
add include to silence compiler warning about a missing prototype for
tolower()
ok cheloha@ rob@ florian@
schwarze [Sun, 18 Feb 2018 17:32:13 +0000 (17:32 +0000)]
In hmac.c rev. 1.13 2018/02/17 14:53:59, jsing@ provided HMAC_CTX_new(3),
HMAC_CTX_free(3), HMAC_CTX_reset(3), and HMAC_CTX_get_md(3).
Merge the documentation from OpenSSL, with many tweaks by me.
Also include a few earlier improvements from OpenSSL.
While here, improve the order of the functions, the description of
deprecated functions, and remove a confusing warning about the
behaviour of HMAC_Init(3) in historical versions of OpenSSL.
sthen [Sun, 18 Feb 2018 17:25:04 +0000 (17:25 +0000)]
sync
tb [Sun, 18 Feb 2018 15:01:54 +0000 (15:01 +0000)]
sync
tb [Sun, 18 Feb 2018 15:00:36 +0000 (15:00 +0000)]
Bump minor due to symbol addition.
tb [Sun, 18 Feb 2018 14:58:12 +0000 (14:58 +0000)]
Provide {DH,DSA}_set0_key(). Requested by sthen.
ok jsing
visa [Sun, 18 Feb 2018 14:50:08 +0000 (14:50 +0000)]
Inline hw_{get,set}curcpu() to streamline the machine code.
visa [Sun, 18 Feb 2018 14:42:32 +0000 (14:42 +0000)]
Replace a full memory barrier with a write-write barrier. The full
barrier is overkill when forcing parameter visibility before IPIs.
tb [Sun, 18 Feb 2018 13:10:36 +0000 (13:10 +0000)]
sync
tb [Sun, 18 Feb 2018 13:07:34 +0000 (13:07 +0000)]
Bump libcrypto/libssl/libtls minors due to symbol additions.
tb [Sun, 18 Feb 2018 12:59:06 +0000 (12:59 +0000)]
Provide BIO_meth_set_gets().
ok jsing
tb [Sun, 18 Feb 2018 12:58:25 +0000 (12:58 +0000)]
Provide BIO_{g,s}et_data() and BIO_set_init().
ok jsing
tb [Sun, 18 Feb 2018 12:57:14 +0000 (12:57 +0000)]
Provide RSA_{g,s}et0_crt_params()
ok jsing
tb [Sun, 18 Feb 2018 12:55:32 +0000 (12:55 +0000)]
Use usual order of RSA_{g,s}et0_key().
ok jsing
tb [Sun, 18 Feb 2018 12:53:46 +0000 (12:53 +0000)]
Provide RSA_{g,s}et0_factors()
ok jsing
tb [Sun, 18 Feb 2018 12:52:13 +0000 (12:52 +0000)]
Provide RSA_bits()
ok jsing
tb [Sun, 18 Feb 2018 12:51:31 +0000 (12:51 +0000)]
Provide DH_set0_pqg.
ok jsing
tb [Sun, 18 Feb 2018 12:50:58 +0000 (12:50 +0000)]
Provide DSA_set0_pqg.
ok jsing
jmc [Sun, 18 Feb 2018 07:45:39 +0000 (07:45 +0000)]
document "machine video"; requested by tinker
while here, put "directory" in the right place
jmc [Sun, 18 Feb 2018 07:43:55 +0000 (07:43 +0000)]
document s_client -groups;
kn [Sun, 18 Feb 2018 01:50:04 +0000 (01:50 +0000)]
Simplify interface listing.
Discussed with tb, rpe, feedback from and OK halex.
pd [Sun, 18 Feb 2018 01:00:25 +0000 (01:00 +0000)]
vmd: fix vmctl pause for non existing vm ids (never returns)
check if vm id is valid before sending to vmm for pausing. The 'lock' is caused
by vmm sending back ENOENT for a non existent vm but vmd drops the message
because it doesn't recogize the vmid vmm is talking about. This is an artifact
of the 'policy' don't trust any imsg from a sibling priv sep process and do
your own checking.
reported by Abel Abraham Camarillo Ojeda
ok mlarkin@ and ccardenas@
rpe [Sun, 18 Feb 2018 00:43:16 +0000 (00:43 +0000)]
Create interfaces before processing the hostname.if file in ifstart().
This ensures, that IPv6 is configured for dynamically created network
interfaces like 'vlan' which would otherwise not yet exist at the time
parse_hn_line() checks for IPv6 capability of an interface before
applying the inet6 configuration from the hostname.if.
Found out, tested and OK naddy
schwarze [Sat, 17 Feb 2018 23:24:38 +0000 (23:24 +0000)]
In bio.h rev. 1.31 2018/02/17 13:57:14, tb@ provided new functions
BIO_meth_*(). Import the documentation from OpenSSL, with extensive
tweaks by me.
kettenis [Sat, 17 Feb 2018 22:33:00 +0000 (22:33 +0000)]
Rename memhook to vmmap to match other archs.
ok millert@
schwarze [Sat, 17 Feb 2018 19:14:16 +0000 (19:14 +0000)]
Remove a warning about the dangers of X509_VERIFY_PARAM_set1_name(3)
because jsing@ points out that this follows a (dangerous) general
pattern in the library, and mentioning that everywhere would become
repetitive.
rpe [Sat, 17 Feb 2018 19:05:41 +0000 (19:05 +0000)]
Since rev 1.543 of dhclient it sends the 'host-name' by default.
- remove the leftover _hn variable from dhcp_request()
- remove the "$_name" parameter when using dhcp_request() in v4_config()
- change comments of v{4,6}_config() to reflect the purpose of _name
OK krw tb
schwarze [Sat, 17 Feb 2018 18:44:36 +0000 (18:44 +0000)]
document LIBRESSL_VERSION_NUMBER and LIBRESSL_VERSION_TEXT
schwarze [Sat, 17 Feb 2018 18:00:59 +0000 (18:00 +0000)]
Document OpenSSL_version_num(3) and OpenSSL_version(3) that jsing@
recently provided. Many minor improvements while here, and delete
ridiculous text about MS Windows.
tb [Sat, 17 Feb 2018 17:55:32 +0000 (17:55 +0000)]
sync
schwarze [Sat, 17 Feb 2018 16:59:48 +0000 (16:59 +0000)]
Merge documentation for {DH,DSA}_get0_{key,pqg}(3),
EVP_PKEY_get0_{DH,DSA,RSA}(3), and RSA_{g,s}et0_key(3)
that tb@ just provided.
jsing [Sat, 17 Feb 2018 16:54:08 +0000 (16:54 +0000)]
Provide EVP_CIPHER_CTX_reset().
Rides previous minor bump.
jsing [Sat, 17 Feb 2018 15:52:48 +0000 (15:52 +0000)]
sync
jsing [Sat, 17 Feb 2018 15:51:29 +0000 (15:51 +0000)]
Bump libcrypto/libssl/libtls minors due to symbol additions.
jsing [Sat, 17 Feb 2018 15:50:42 +0000 (15:50 +0000)]
Provide X509_get0_extensions() and X509_get0_signature()
jsing [Sat, 17 Feb 2018 15:32:20 +0000 (15:32 +0000)]
Provide SSL_SESSION_get_master_key()
jsing [Sat, 17 Feb 2018 15:19:43 +0000 (15:19 +0000)]
Provide SSL_get_client_random() and SSL_get_server_random()
jsing [Sat, 17 Feb 2018 15:13:12 +0000 (15:13 +0000)]
Provide SSL_CTX_get0_certificate()
jsing [Sat, 17 Feb 2018 15:08:21 +0000 (15:08 +0000)]
Provide SSL_CTX_get_tlsext_status_cb() and SSL_CTX_get_tlsext_status_arg().
jsing [Sat, 17 Feb 2018 14:55:31 +0000 (14:55 +0000)]
Provide EVP_MD_CTX_new(), EVP_MD_CTX_free() and EVP_MD_CTX_reset().
jsing [Sat, 17 Feb 2018 14:53:58 +0000 (14:53 +0000)]
Provide HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_reset() and
HMAC_CTX_get_md().
jsing [Sat, 17 Feb 2018 14:35:40 +0000 (14:35 +0000)]
s/DH/DSA/
tb [Sat, 17 Feb 2018 13:57:14 +0000 (13:57 +0000)]
Provide BIO_meth_{free,new}() and BIO_meth_set_{create,crtl,destroy}()
and BIO_meth_set_{puts,read,write}().
ok jsing
tb [Sat, 17 Feb 2018 13:47:35 +0000 (13:47 +0000)]
Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().
ok jsing
rpe [Sat, 17 Feb 2018 13:11:03 +0000 (13:11 +0000)]
- Add descriptions for the new functions ifcreate() and vifscreate()
- In ifcreate() use the exit code of the {} block directly
- In vifscreate(), use the ifconfig -C output directly in the for _vif loop
- Remove superfluous and somewhat confusing comment
OK dlg kn sthen
jsing [Sat, 17 Feb 2018 06:56:12 +0000 (06:56 +0000)]
Fix behaviour of OpenSSL_version().
The constant values do not map 1:1 to SSLeay_version(), so implement it
separately.
Issue noted by schwarze@
eric [Fri, 16 Feb 2018 20:57:30 +0000 (20:57 +0000)]
bump max line length to 16K for incoming mail.
SMTP commands are still limited to LINE_MAX.
ok gilles@
schwarze [Fri, 16 Feb 2018 18:48:55 +0000 (18:48 +0000)]
typo fix s/issuserAltName/issuerAltName/
from Andrew Siplas <andrew at asiplas dot net>
via OpenSSL commit
36cf10cf Oct 4 02:11:08 2017 -0400
schwarze [Fri, 16 Feb 2018 18:38:51 +0000 (18:38 +0000)]
Copy all function names from the SYNOPSIS to the NAME section because
i found another page containing an .Xr to one of the functions that
were not in the NAME section. This manual page is ugly either way;
just ugly is better than broken links in addition to ugly.
schwarze [Fri, 16 Feb 2018 18:21:57 +0000 (18:21 +0000)]
Merge OpenSSL commit
a8c5ed81 Jul 18 13:57:25 2017 -0400
from <xemdetia at 808inorganic dot com>.
Original commit message:
"Document default section and library configuration.
It is talked around but not explicitly stated in one part of the
documentation that you should put library configuration lines at the
start of the configuration file."
schwarze [Fri, 16 Feb 2018 17:54:23 +0000 (17:54 +0000)]
Add missing RETURN VALUES sections; from Paul Yang
via OpenSSL commit
1f13ad31 Dec 25 17:50:39 2017 +0800 tweaked by me.
schwarze [Fri, 16 Feb 2018 17:24:33 +0000 (17:24 +0000)]
Add missing RETURN VALUES sections; from Paul Yang
via OpenSSL commit
1f13ad31 Dec 25 17:50:39 2017 +0800, tweaked by me.
fcambus [Fri, 16 Feb 2018 14:42:29 +0000 (14:42 +0000)]
Add sizes for free() in the i386 version of the Enhanced SpeedStep driver.
It was already done on amd64, but not on i386. Tested on an Atom N270.
OK mpi@
nicm [Fri, 16 Feb 2018 09:51:41 +0000 (09:51 +0000)]
Reflowing the grid in-place involved way too much memmove() for a big
performance cost with a large history. Instead change back to using a
second grid and copying modified lines over which is much faster (this
doesn't revert to the old code however which didn't support UTF-8
properly). GitHub issue 1249.
nicm [Fri, 16 Feb 2018 07:42:07 +0000 (07:42 +0000)]
Fix function argument names, from Abel Abraham Camarillo Ojeda via jmc@.
patrick [Fri, 16 Feb 2018 07:37:48 +0000 (07:37 +0000)]
Support card interrupts in imxesdhc(4). The code that was written
initially was never tested with SDIO, as there had been no user. With
bwfm(4) we now have the first SDIO card on that controller. Align the
code with the standard sdhc(4), so that it doesn't hang after the first
interrupt fires.
ok kettenis@
jmc [Fri, 16 Feb 2018 07:27:07 +0000 (07:27 +0000)]
simplify synopsis and text;
ok millert
jmc [Fri, 16 Feb 2018 07:24:26 +0000 (07:24 +0000)]
remove or adapt sendmail specific parts;
original diff from edgar pettijohn, tweaked with help from millert
ok millert
dlg [Fri, 16 Feb 2018 06:26:10 +0000 (06:26 +0000)]
make gre_encap prepend both the gre and tunnel ip headers.
makes the code a bit more straightforward
dtucker [Fri, 16 Feb 2018 04:43:11 +0000 (04:43 +0000)]
Don't send IUTF8 to servers that don't like them.
Some SSH servers eg "ConfD" drop the connection if the client sends the
new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit
for such servers and avoid sending IUTF8 to them. ok djm@
dlg [Fri, 16 Feb 2018 02:41:07 +0000 (02:41 +0000)]
put egre back in a tree
it's new so there's no existing configs to be compat with.
djm [Fri, 16 Feb 2018 02:40:45 +0000 (02:40 +0000)]
Mention recent DH KEX methods:
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
From Jakub Jelen via bz#2826
djm [Fri, 16 Feb 2018 02:32:40 +0000 (02:32 +0000)]
stop loading DSA keys by default, remove sshd_config stanza and manpage
bits; from Colin Watson via bz#2662, ok dtucker@
dlg [Fri, 16 Feb 2018 01:28:07 +0000 (01:28 +0000)]
allow wccp processing to be enabled per interface with the link0 flag.
this also changes the wccp handling to peek into it's payload to
determine whether it is wccp 1 or 2. wccp1 says the gre header is
followed by ipv4, while wccp2 says there's a small header before
the ipv4 packet. the wccp2 header cannot have 4 in the first nibble,
while ipv4 must have 4 in the first nibble. the code now looks at
the nibble to determine whether it should strip the wccp2 header
or not.
naddy [Thu, 15 Feb 2018 21:50:33 +0000 (21:50 +0000)]
sync
schwarze [Thu, 15 Feb 2018 19:55:59 +0000 (19:55 +0000)]
Merge the new RETURN VALUES section from Paul Yang,
OpenSSL commit
1f13ad31 Dec 25 17:50:39 2017 +0800,
with a number of fixes by me.
Also include three earlier, minor improvements from OpenSSL.
schwarze [Thu, 15 Feb 2018 19:39:56 +0000 (19:39 +0000)]
Add missing RETURN VALUES section; from Paul Yang
via OpenSSL commit
1f13ad31 Dec 25 17:50:39 2017 +0800.
projects / openbsd / log