openbsd
3 months agoUse FEAT_RNG to feed entropy into the random subsystem like we do on amd64.
kettenis [Thu, 11 Jul 2024 12:07:39 +0000 (12:07 +0000)]
Use FEAT_RNG to feed entropy into the random subsystem like we do on amd64.

ok patrick@, deraadt@

3 months agoBe a bit more noisy in syslog on what is going on.
florian [Thu, 11 Jul 2024 10:48:51 +0000 (10:48 +0000)]
Be a bit more noisy in syslog on what is going on.

So far dhcp6leased(8) has been completely silent.
Prodding by Brian Conway.

3 months agoWrite lease after we configured prefixes.
florian [Thu, 11 Jul 2024 10:38:57 +0000 (10:38 +0000)]
Write lease after we configured prefixes.

While here, do not claim we have a ::/0 lease, it confuses the parser.

3 months agoDo not show expired lease information in dhcp6leasectl.
florian [Thu, 11 Jul 2024 10:37:47 +0000 (10:37 +0000)]
Do not show expired lease information in dhcp6leasectl.

3 months agosync
deraadt [Thu, 11 Jul 2024 09:41:07 +0000 (09:41 +0000)]
sync

3 months agoForgot to initialize status_code in previous.
florian [Thu, 11 Jul 2024 09:39:13 +0000 (09:39 +0000)]
Forgot to initialize status_code in previous.

No STATUS_CODE option from the server means "success", but we are now
using stack garbage, which is usually not "success".

3 months agoumoddi3.c is now needed for libz
deraadt [Thu, 11 Jul 2024 07:40:03 +0000 (07:40 +0000)]
umoddi3.c is now needed for libz

3 months agocorrect keyword; from Yatao Su via GHPR509
djm [Wed, 10 Jul 2024 21:58:34 +0000 (21:58 +0000)]
correct keyword; from Yatao Su via GHPR509

3 months agoAllow pfIfTable to have more than 64 entries.
martijn [Wed, 10 Jul 2024 20:33:31 +0000 (20:33 +0000)]
Allow pfIfTable to have more than 64 entries.
Taken from pfctl_table.c r1.85 by sashan@

OK tb@

3 months agoFix the problem that it breaks the event timer because there is no
yasuoka [Wed, 10 Jul 2024 18:59:10 +0000 (18:59 +0000)]
Fix the problem that it breaks the event timer because there is no
consideration for new disconnect requests during requesting DAE.  The
ipcp module didn't send a DAE request again once DAE request failed.
Also fix log messages.

3 months agoExtend DMA constraints override to include all SC8280XP and X1E80100 based
patrick [Wed, 10 Jul 2024 18:46:42 +0000 (18:46 +0000)]
Extend DMA constraints override to include all SC8280XP and X1E80100 based
machines.  The shipped hardware containing ath11k and ath12k WiFi cards all
need to have 32-bit DMA constraints enforced.

ok kettenis@

3 months agoFix memory leaks, a use after free, accessing outside the region
yasuoka [Wed, 10 Jul 2024 16:30:43 +0000 (16:30 +0000)]
Fix memory leaks, a use after free, accessing outside the region
introduced by recent commits.  Found by malloc(3).

3 months agoZap warning against __findenv usage, it is not exported by libc
jca [Wed, 10 Jul 2024 14:17:58 +0000 (14:17 +0000)]
Zap warning against __findenv usage, it is not exported by libc

The comment probably made sense before guenther restricted the symbols
exported by libc in 2015.

3 months agoRemove the static symbols.namespace, and just generate the _libre_
beck [Wed, 10 Jul 2024 13:30:14 +0000 (13:30 +0000)]
Remove the static symbols.namespace, and just generate the _libre_
symbols from symbols.list now that we have everything hidden

ok tb@

3 months agoAdd flags NOPERM, STALLED, SWAPPABLE, DOOMED to -v output.
krw [Wed, 10 Jul 2024 13:29:23 +0000 (13:29 +0000)]
Add flags NOPERM, STALLED, SWAPPABLE, DOOMED to -v output.

Brings -v output into line with MNT_BITS used in vfs_mount_print().

ok deraadt@

3 months agoTeach symbols test about the namespace
tb [Wed, 10 Jul 2024 13:11:22 +0000 (13:11 +0000)]
Teach symbols test about the namespace

This ensures that when adding public symbols, the magic is not omitted.

with/ok beck

3 months agoPass status option up.
florian [Wed, 10 Jul 2024 12:52:51 +0000 (12:52 +0000)]
Pass status option up.

If we are in state "renewing" and the DHCPv6 server returns an
unsuccessful status go to "rebinding", i.e. ask any DHCPv6 server for
a lease not just the one we got the lease from.

This likely fixes a problem reported by Brian Conway where the ISP
returned "NoBinding - Prefix not bound to this interface." for a renew.
dhcp6leased recovered once T1 expired and we went to "rebinding" after
some time.

3 months agoPass int to the *2str functions, we don't need anything fancy.
florian [Wed, 10 Jul 2024 12:44:46 +0000 (12:44 +0000)]
Pass int to the *2str functions, we don't need anything fancy.

3 months agoUse AMD SEV C-bit in inital page tables setup by locore0.
bluhm [Wed, 10 Jul 2024 12:36:13 +0000 (12:36 +0000)]
Use AMD SEV C-bit in inital page tables setup by locore0.

Similar to the NX-bit apply the C-bit to the PTEs built by locore0.
Right now, pg_crypt is initialized to 0, so nothing will change.

from hshoexer@; OK mlarkin@

3 months agoKill the runfast and run label and inline those bits. No functional change.
claudio [Wed, 10 Jul 2024 12:28:46 +0000 (12:28 +0000)]
Kill the runfast and run label and inline those bits. No functional change.
OK mpi@

3 months agoImplement support for deeper idle states offered by PSCI. Reduces the
kettenis [Wed, 10 Jul 2024 11:01:24 +0000 (11:01 +0000)]
Implement support for deeper idle states offered by PSCI.  Reduces the
idle power usage of the Vivobook S15 by almost 50%.

ok patrick@

3 months agoHook up the Qualcomm UEFI Secure Application that handles EFI variables to
kettenis [Wed, 10 Jul 2024 10:53:55 +0000 (10:53 +0000)]
Hook up the Qualcomm UEFI Secure Application that handles EFI variables to
efi(4) such that we can access EFI variables through ioctls on /dev/efi.

ok patrick@

3 months agoMissed some files in previous commit to split vmd into mi/md.
dv [Wed, 10 Jul 2024 10:41:19 +0000 (10:41 +0000)]
Missed some files in previous commit to split vmd into mi/md.

Forgot `cvs add` and sys/dev/vmm/vmm.h changes.

3 months agosync
deraadt [Wed, 10 Jul 2024 10:34:40 +0000 (10:34 +0000)]
sync

3 months agoOnly vis(3) the option, not the rest of the packet.
florian [Wed, 10 Jul 2024 10:30:46 +0000 (10:30 +0000)]
Only vis(3) the option, not the rest of the packet.

Lots of head scratching and help from the hackroom ensued because of a
inconveniently placed \r that truncated a string and placed garbage at
a weird place.

3 months agoforgot to add a history section for the TLS PRF API
tb [Wed, 10 Jul 2024 10:22:03 +0000 (10:22 +0000)]
forgot to add a history section for the TLS PRF API

3 months agouse better endian swaps for populating the irq map request
jmatthew [Wed, 10 Jul 2024 09:50:28 +0000 (09:50 +0000)]
use better endian swaps for populating the irq map request

from NetBSD's if_iavf.c r1.1

3 months agoSplit vmd into mi/md parts.
dv [Wed, 10 Jul 2024 09:27:32 +0000 (09:27 +0000)]
Split vmd into mi/md parts.

Makes as much of the core of vmd mi, pushing x86-isms into separate
compilation units. Adds build logic for arm64, but no emulation
yet. (You can build vmd, but it won't have a vmm device to connect
to.)

Some more cleanup probably needed around interrupt controller
abstraction, but that can come as we implement more than the i8259.

ok mlarkin@

3 months agoSweep up more softdep crumbs.
krw [Wed, 10 Jul 2024 09:24:03 +0000 (09:24 +0000)]
Sweep up more softdep crumbs.

Nuke #if notyet/#endif chunks containing references to never defined
STATFS_SOFTUPD;

ok otto@

3 months agoSweep up more softdep crumbs.
krw [Wed, 10 Jul 2024 09:20:33 +0000 (09:20 +0000)]
Sweep up more softdep crumbs.

FFS_SOFTUPDATES is no longer used. Remove stray defined(FFS_SOFTUPDATES) checks
and an #if/#endif block referencing no longer defined softdep_fsync().

ok otto@

3 months agoiaq_datalen is 16 bits, so always use htole16 to populate it
jmatthew [Wed, 10 Jul 2024 09:14:50 +0000 (09:14 +0000)]
iaq_datalen is 16 bits, so always use htole16 to populate it

from NetBSD's if_iavf.c r1.2

3 months agoSweep up another softdep crumb.
krw [Wed, 10 Jul 2024 09:12:11 +0000 (09:12 +0000)]
Sweep up another softdep crumb.

Remove #if notyet/#endif chunk that references the never-defined STATFS_SOFTUPD.

ok jsg@

3 months agosync
tb [Wed, 10 Jul 2024 08:52:12 +0000 (08:52 +0000)]
sync

3 months agolink EVP_PKEY_CTX_set_tls1_prf_md.3 to build
tb [Wed, 10 Jul 2024 08:51:28 +0000 (08:51 +0000)]
link EVP_PKEY_CTX_set_tls1_prf_md.3 to build

3 months agoImport EVP_PKEY_CTX_set_tls1_prf_md.3 from OpenSSL 1.1.1
tb [Wed, 10 Jul 2024 08:49:48 +0000 (08:49 +0000)]
Import EVP_PKEY_CTX_set_tls1_prf_md.3 from OpenSSL 1.1.1

With only slight application of color to this entelodont's lips. It's the
usual deal - hard to say what's worse, the code or its docs...

3 months agoas per if_ixl.c r1.88, protect the admin queue with a muteX
jmatthew [Wed, 10 Jul 2024 08:48:20 +0000 (08:48 +0000)]
as per if_ixl.c r1.88, protect the admin queue with a muteX
cVS: ----------------------------------------------------------------------

3 months agoIncluding kdf.h isn't enough, you also need evp.h
tb [Wed, 10 Jul 2024 07:57:37 +0000 (07:57 +0000)]
Including kdf.h isn't enough, you also need evp.h

It will be a cold day in hell before I see an OpenSSL manpage without
mistakes in it.

3 months agocorrect some Broadcom adapter model numbers that I mistyped
jmatthew [Wed, 10 Jul 2024 07:56:21 +0000 (07:56 +0000)]
correct some Broadcom adapter model numbers that I mistyped

from Bryan Vyhmeister

3 months agoUnwrap two lines
tb [Wed, 10 Jul 2024 06:53:27 +0000 (06:53 +0000)]
Unwrap two lines

3 months agoremove stray ".Xc";
jmc [Wed, 10 Jul 2024 05:41:34 +0000 (05:41 +0000)]
remove stray ".Xc";

3 months agogrammar tweak;
jmc [Wed, 10 Jul 2024 05:40:08 +0000 (05:40 +0000)]
grammar tweak;

3 months agogrammar/macro/spelling fixes;
jmc [Wed, 10 Jul 2024 05:39:25 +0000 (05:39 +0000)]
grammar/macro/spelling fixes;

3 months agoan universal -> a universal
jmc [Wed, 10 Jul 2024 05:19:02 +0000 (05:19 +0000)]
an universal -> a universal

3 months agoPrepare pmap for using the AMD SEV C-bit to encrypt guest memory.
bluhm [Tue, 9 Jul 2024 19:11:06 +0000 (19:11 +0000)]
Prepare pmap for using the AMD SEV C-bit to encrypt guest memory.

The C-bit in a page table entry is used by a SEV guest to specify,
which pages are to be encrypted and which not.  The latter is needed
to share pages with the hypervisor for virtio(4).
The actual position of the C-bit within a PTE is CPU implementation
dependend and needs to be determined dynamically at system boot.
The position of the C-bit also determines the actual size of page
frame mask.  This will be provided by a separate change.
To be able to use the same kernel as both host and guest, the C-bit
is provided as variable similar to the NX-bit.  Same holds for the
page frame masks.
Right now, pg_crypt is set to 0, pg_frame an pg_lgframe to PG_FRAME
and PG_LGFRAME respectively.  Thus the kernel works as a host system
same as before.
Also introduce a PMAP_NOCRYPT flag.  A guest will use this with
busdma to establish unencrypted mappings that can be shared with
the hypervisor.

from hshoexer@; OK mlarkin@

3 months agombuf.9: Add missing fields, fix order and spacing.
jan [Tue, 9 Jul 2024 18:56:54 +0000 (18:56 +0000)]
mbuf.9: Add missing fields, fix order and spacing.

fine by jmc@
sure mvs@

3 months agovmd(8): Avoid double DHCP reply when using the internal dhcp server.
jan [Tue, 9 Jul 2024 18:49:05 +0000 (18:49 +0000)]
vmd(8): Avoid double DHCP reply when using the internal dhcp server.

DHCP request should no leave vmd if its answered internally.

ok dv@

3 months agoAdd another empty line
tb [Tue, 9 Jul 2024 17:58:36 +0000 (17:58 +0000)]
Add another empty line

3 months agoTurn tls1_prf_alg() into single exit
tb [Tue, 9 Jul 2024 17:56:41 +0000 (17:56 +0000)]
Turn tls1_prf_alg() into single exit

requested by jsing on review
ok beck

3 months agoUnwrap a few more lines
tb [Tue, 9 Jul 2024 17:47:20 +0000 (17:47 +0000)]
Unwrap a few more lines

3 months agoUnwrap a couple of lines
tb [Tue, 9 Jul 2024 17:46:32 +0000 (17:46 +0000)]
Unwrap a couple of lines

3 months agoAlign math with t1_enc.c
tb [Tue, 9 Jul 2024 17:44:18 +0000 (17:44 +0000)]
Align math with t1_enc.c

suggested by jsing on review

3 months agoMinor cosmetics in pkey_tls1_prf_derive()
tb [Tue, 9 Jul 2024 17:35:55 +0000 (17:35 +0000)]
Minor cosmetics in pkey_tls1_prf_derive()

noticed by jsing on review

3 months agoFix a typo
yasuoka [Tue, 9 Jul 2024 17:34:10 +0000 (17:34 +0000)]
Fix a typo

3 months agoReplace explicit_bzero() plus free() with freezero()
tb [Tue, 9 Jul 2024 17:29:51 +0000 (17:29 +0000)]
Replace explicit_bzero() plus free() with freezero()

This is simpler, if slightly more expensive

3 months agoAdd radiusd_ipcp(8). A module which provides IP configuration through
yasuoka [Tue, 9 Jul 2024 17:26:14 +0000 (17:26 +0000)]
Add radiusd_ipcp(8).  A module which provides IP configuration through
RADIUS Access-Accept messages and manages IP address pool through
RADIUS accounting messages.

3 months agoImprove test coverage for TLS1-PRF
tb [Tue, 9 Jul 2024 17:24:12 +0000 (17:24 +0000)]
Improve test coverage for TLS1-PRF

This is basically a copy of the libssl unit tests, moved to libcrypto to
avoid starting the infection of libssl with this particular piece of EVP
garbage.

3 months agoAdd a minimal regress test for TLS1-PRF
tb [Tue, 9 Jul 2024 17:09:23 +0000 (17:09 +0000)]
Add a minimal regress test for TLS1-PRF

3 months agoShuffle things into a more sensible order
tb [Tue, 9 Jul 2024 17:05:46 +0000 (17:05 +0000)]
Shuffle things into a more sensible order

no functional change

3 months agoUse better order in EVP_PKEY_CTRL_TLS_SECRET
tb [Tue, 9 Jul 2024 17:04:50 +0000 (17:04 +0000)]
Use better order in EVP_PKEY_CTRL_TLS_SECRET

Also avoid an unnecessary NULL check.

3 months agoAdd tls1_prf_pkey_meth to pkey_methods
tb [Tue, 9 Jul 2024 17:02:29 +0000 (17:02 +0000)]
Add tls1_prf_pkey_meth to pkey_methods

ok jsing

3 months agoMake a NULL check explicit
tb [Tue, 9 Jul 2024 17:01:40 +0000 (17:01 +0000)]
Make a NULL check explicit

3 months agoZap or align some ugly comments
tb [Tue, 9 Jul 2024 17:00:59 +0000 (17:00 +0000)]
Zap or align some ugly comments

3 months agoTest & assign once more
tb [Tue, 9 Jul 2024 17:00:25 +0000 (17:00 +0000)]
Test & assign once more

3 months agosec_len -> secret_len
tb [Tue, 9 Jul 2024 16:59:50 +0000 (16:59 +0000)]
sec_len -> secret_len

3 months agoTest and assign in tls1_prf_P_hash()
tb [Tue, 9 Jul 2024 16:59:07 +0000 (16:59 +0000)]
Test and assign in tls1_prf_P_hash()

3 months agoFix whitespace around '/'
tb [Tue, 9 Jul 2024 16:58:13 +0000 (16:58 +0000)]
Fix whitespace around '/'

3 months agoInvert logic in tls1_prf_alg()
tb [Tue, 9 Jul 2024 16:57:27 +0000 (16:57 +0000)]
Invert logic in tls1_prf_alg()

3 months agoolen -> out_len
tb [Tue, 9 Jul 2024 16:54:13 +0000 (16:54 +0000)]
olen -> out_len

3 months agoAdd a few empty lines
tb [Tue, 9 Jul 2024 16:53:33 +0000 (16:53 +0000)]
Add a few empty lines

3 months agoseedlen -> seed_len
tb [Tue, 9 Jul 2024 16:52:34 +0000 (16:52 +0000)]
seedlen -> seed_len

3 months agoseclen -> secret_len
tb [Tue, 9 Jul 2024 16:51:50 +0000 (16:51 +0000)]
seclen -> secret_len

3 months agoslen -> secret_len
tb [Tue, 9 Jul 2024 16:51:01 +0000 (16:51 +0000)]
slen -> secret_len

3 months agosec -> secret
tb [Tue, 9 Jul 2024 16:50:07 +0000 (16:50 +0000)]
sec -> secret

3 months agoReplace local typedef with spelling out the struct name
tb [Tue, 9 Jul 2024 16:48:39 +0000 (16:48 +0000)]
Replace local typedef with spelling out the struct name

3 months agoRemove a few useless comments
tb [Tue, 9 Jul 2024 16:47:36 +0000 (16:47 +0000)]
Remove a few useless comments

3 months agoApply a knfmt(8) sledgehammer
tb [Tue, 9 Jul 2024 16:46:33 +0000 (16:46 +0000)]
Apply a knfmt(8) sledgehammer

3 months agoAdd an RCS tag
tb [Tue, 9 Jul 2024 16:45:33 +0000 (16:45 +0000)]
Add an RCS tag

3 months agoReplace license stub with full license
tb [Tue, 9 Jul 2024 16:44:42 +0000 (16:44 +0000)]
Replace license stub with full license

This reverts to the license added in OpenSSL's initial import of this
file in commit 1eff3485b63f84956b5f212aa4d853783bf6c8b5

3 months agolink tls1_prf.c to build
tb [Tue, 9 Jul 2024 16:41:44 +0000 (16:41 +0000)]
link tls1_prf.c to build

ok jsing

3 months agoReplace a malloc() call with calloc()
tb [Tue, 9 Jul 2024 16:38:40 +0000 (16:38 +0000)]
Replace a malloc() call with calloc()

3 months agoReplace an ossl_assert() with an error check
tb [Tue, 9 Jul 2024 16:37:43 +0000 (16:37 +0000)]
Replace an ossl_assert() with an error check

3 months agoUse C99 initializers for tls1_prf_pkey_meth()
tb [Tue, 9 Jul 2024 16:36:46 +0000 (16:36 +0000)]
Use C99 initializers for tls1_prf_pkey_meth()

3 months agoInline an instance of OPENSSL_memdup()
tb [Tue, 9 Jul 2024 16:33:10 +0000 (16:33 +0000)]
Inline an instance of OPENSSL_memdup()

3 months agoTidy up includes
tb [Tue, 9 Jul 2024 16:31:40 +0000 (16:31 +0000)]
Tidy up includes

3 months agoOPENSSL_free() -> free()
tb [Tue, 9 Jul 2024 16:30:54 +0000 (16:30 +0000)]
OPENSSL_free() -> free()

3 months agoOPENSSL_cleanse() -> explicit_bzero()
tb [Tue, 9 Jul 2024 16:30:28 +0000 (16:30 +0000)]
OPENSSL_cleanse() -> explicit_bzero()

3 months agoOPENSSL_clear_free() -> freezero()
tb [Tue, 9 Jul 2024 16:29:27 +0000 (16:29 +0000)]
OPENSSL_clear_free() -> freezero()

3 months agoOPENSSL_malloc() -> malloc()
tb [Tue, 9 Jul 2024 16:28:31 +0000 (16:28 +0000)]
OPENSSL_malloc() -> malloc()

3 months agoSpell OPENSSL_zalloc() correctly as calloc()
tb [Tue, 9 Jul 2024 16:27:48 +0000 (16:27 +0000)]
Spell OPENSSL_zalloc() correctly as calloc()

3 months agoMechanically replace KDFerr() with KDFerror()
tb [Tue, 9 Jul 2024 16:26:59 +0000 (16:26 +0000)]
Mechanically replace KDFerr() with KDFerror()

3 months agoTrack configured and new prefix delegations in iface.
florian [Tue, 9 Jul 2024 16:24:57 +0000 (16:24 +0000)]
Track configured and new prefix delegations in iface.

When the DHCPv6 server renumbers and hands us new delegations we have
to deconfigure the old prefixes. To prevent situations where we have
no IPv6 at all, first configure the new prefixes and then remove the
old prefixes.

3 months agoAdd a verbatim copy of tls1_prf.c from OpenSSL 1.1.1
tb [Tue, 9 Jul 2024 16:24:47 +0000 (16:24 +0000)]
Add a verbatim copy of tls1_prf.c from OpenSSL 1.1.1

From the last public commit b372b1f76450acdfed1e2301a39810146e28b02c
of the OpenSSL_1_1_1-stable branch

SHA256 (kdf/tls1_prf.c) = a519d3ff721d4ec59befac8586e24624fa87d9d8f6479327f7af58d652b6e4e5

Will be beat (a little bit) into shape in tree before linking it to the
build.

ok jsing

3 months agoAdd various defines for TLS1-PRF
tb [Tue, 9 Jul 2024 16:20:17 +0000 (16:20 +0000)]
Add various defines for TLS1-PRF

ok jsing

3 months agoSkip prefixes with vltime 0.
florian [Tue, 9 Jul 2024 16:15:42 +0000 (16:15 +0000)]
Skip prefixes with vltime 0.

Servers indicate unusable prefixes with vltime 0 when we are in
state reboot and probably hand us new, valid prefixes.
In IPv4 dhcp we would receive a NACK instead...

3 months agoAdd EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf
tb [Tue, 9 Jul 2024 16:15:37 +0000 (16:15 +0000)]
Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf

ok jsing

3 months agoChoose fixed NID for TLS1-PRF
tb [Tue, 9 Jul 2024 16:12:33 +0000 (16:12 +0000)]
Choose fixed NID for TLS1-PRF

3 months agoAdd NID for TLS1-PRF
tb [Tue, 9 Jul 2024 16:12:08 +0000 (16:12 +0000)]
Add NID for TLS1-PRF

ok jsing

3 months agoRead the whole buffer, not its size minus one.
mpi [Tue, 9 Jul 2024 16:08:30 +0000 (16:08 +0000)]
Read the whole buffer, not its size minus one.

From Christian Ludwig cludwig at genua.de.

3 months agonetlock is no longer held for SIOCSIFMEDIA and SIOCGIFMEDIA, so rely on
jmatthew [Tue, 9 Jul 2024 16:04:15 +0000 (16:04 +0000)]
netlock is no longer held for SIOCSIFMEDIA and SIOCGIFMEDIA, so rely on
the kernel lock instead, as done in if_ixl.c r1.84.

from Yuichiro NAITO

3 months agovmctl(8): set exit code for vmctl stat -r
mlarkin [Tue, 9 Jul 2024 15:51:11 +0000 (15:51 +0000)]
vmctl(8): set exit code for vmctl stat -r

set exit code to 1 if no running VMs are detected with vmctl stat -r.

ok dv