openbsd
10 months agoRework pkey_dh_keygen()
tb [Thu, 28 Dec 2023 22:06:41 +0000 (22:06 +0000)]
Rework pkey_dh_keygen()

Single exit, fix error checking and hold on to the DH by keeping a
reference. In other words, switch from EVP_PKEY_assign() to using
EVP_PKEY_set1_DH() and free unconditionally in the error path.

ok jsing

10 months agoRework and fix pkey_hmac_keygen()
tb [Thu, 28 Dec 2023 22:00:56 +0000 (22:00 +0000)]
Rework and fix pkey_hmac_keygen()

The usual: single exit, error check all functions even if they can't
actually fail. This one was flagged again.

ok jsing

CID 471706 (false positive)

10 months agoRework pkey_rsa_keygen()
tb [Thu, 28 Dec 2023 21:59:07 +0000 (21:59 +0000)]
Rework pkey_rsa_keygen()

As usual, make the function single exit. Initialize the pkey callback
pointer and the BN_GENCB on the stack at the top rather than relying
on the weird trans_cb() in evp_pkey_set_cb_translate() to do so.
Greatly simplify the control flow and add missing error checks.

ok jsing

10 months agoRework rsa_priv_decode()
tb [Thu, 28 Dec 2023 21:58:12 +0000 (21:58 +0000)]
Rework rsa_priv_decode()

Turn the function into single exit and error check EVP_PKEY_assign()
for style.

ok jsing

10 months agoClean up old_rsa_priv_decode()
tb [Thu, 28 Dec 2023 21:57:08 +0000 (21:57 +0000)]
Clean up old_rsa_priv_decode()

Again change this function into the single exit idiom, and error check
EVP_PKEY_assign().

ok jsing

10 months agoClean up and fix pkey_cmac_keygen()
tb [Thu, 28 Dec 2023 21:56:12 +0000 (21:56 +0000)]
Clean up and fix pkey_cmac_keygen()

A void pointer can be passed without any cast or assigning it to an
intermediate variable. That's one of hte puzzling things in old OpenSSL
code: there are plenty of unnecessary casts and assignments of void
pointers.

Make use of this fact and rework the function to be single exit, error
check consistently, including the EVP_PKEY_assign() call that can't
really fail and free the cmkey on exit.

Why coverity didn't flag this one is another mystery.

ok jsing

10 months agoReplace EVP_KEY_assign_GOST() calls with EVP_PKEY_set_type()
tb [Thu, 28 Dec 2023 21:53:09 +0000 (21:53 +0000)]
Replace EVP_KEY_assign_GOST() calls with EVP_PKEY_set_type()

Calling EVP_KEY_assign_GOST(pkey, NULL) has the same effect as calling
EVP_PKEY_set_type(pkey, EVP_PKEY_GOSTR01). The only difference is that
the latter form allows for error checking while the former won't let
you do that. Add comments explaining what we're actually doing: freeing
and zeroing the pkey->pkey union.

ok jsing

10 months agoFix another EVP_PKEY_assign_GOST() call
tb [Thu, 28 Dec 2023 21:49:07 +0000 (21:49 +0000)]
Fix another EVP_PKEY_assign_GOST() call

Again this can't actually fail, but if it did, things would leak.
Call GOST_KEY_free() in the error path.

ok jsing

CID 471706 (false positive)

10 months agoClean up pkey_gost_mac_keygen()
tb [Thu, 28 Dec 2023 21:47:17 +0000 (21:47 +0000)]
Clean up pkey_gost_mac_keygen()

Make this function single exit, check and assign and finally error
check EVP_PKEY_assign(). This can't actually fail currently, but
if it did, things would leak. Free the key data with freezero.

ok jsing

CID 471704 (false positive)

10 months agodon't add values we won't print, use scandir properly
espie [Thu, 28 Dec 2023 18:05:32 +0000 (18:05 +0000)]
don't add values we won't print, use scandir properly

okay tb@

(logic NOT simplified because I don't want to risk introducing bugs,
and the compiler knows as much boolean logic as me)

10 months agoIntroduce qwx(4), a work-in-progress port of the Linux ath11k driver.
stsp [Thu, 28 Dec 2023 17:36:28 +0000 (17:36 +0000)]
Introduce qwx(4), a work-in-progress port of the Linux ath11k driver.

This driver is not working yet. Scanning almost works but a lot more
work remains to be done. So far most of the porting work was done by
myself, with some help from mpi, patrick, and kettenis.

Obviously this driver remains disabled for now. Enable relevant lines
in the kernel config if you want to help out with development.

At present firmware files must be obtained manually and placed
in the directory /etc/firmware/qwx/WCN6855/hw2.1/
This will be improved later.

Thanks to the OpenBSD Foundation for supporting this effort.

10 months agouse RB_FOREACH_SAFE for pf_purge_expired_src_nodes
aisha [Thu, 28 Dec 2023 16:21:08 +0000 (16:21 +0000)]
use RB_FOREACH_SAFE for pf_purge_expired_src_nodes

OK bluhm@

10 months agofix Tx watchdog trigger and freeze in dwqe(4)
uwe [Thu, 28 Dec 2023 14:30:28 +0000 (14:30 +0000)]
fix Tx watchdog trigger and freeze in dwqe(4)

dwqe(4) interfaces may trigger the "dwqe_watchdog" function and stop
transmitting packets under heavy Tx load. In this situation, ifconfig(8)
will permanently show OACTIVE until the interface is restarted (ifconfig
down/up).

The problem seems to be triggered by writing to the Tx ring tail pointer
register multiple times during dwqe_start(). Updating the Tx ring tail
pointer only after all Tx descriptors have been updated seems to fix it.

The fix is based on the eqos(4) driver in NetBSD. Verified on an Intel
Elkhart Lake machine but might affect other platforms with DesignWare
Ethernet Quality-of-Service Controller version 4.

Testing by bluhm@, ok kettenis@

10 months agoassume RGMII-to-Copper mode by default in eephy(4) for 88E151x PHYs
uwe [Thu, 28 Dec 2023 14:03:21 +0000 (14:03 +0000)]
assume RGMII-to-Copper mode by default in eephy(4) for 88E151x PHYs

The desired MII mode must be programmed explicitly for Marvel Atlantis
88E1512/88E1514 variants and we already do this for SGMII.

This change adds a missing case for RGMII-to-Copper that assumes RGMII,
unless the MAC driver sets MII_SGMII before calling mii_attach() or the
mode has already been programmed. (RGMII-to-Copper is also the hardware
default for E1510 and E1518.)

Suggestions and ok kettenis@

10 months agoAdd stream ID mapping support for PCIe controller found on M2 Pro/Max SoCs.
kettenis [Thu, 28 Dec 2023 13:32:56 +0000 (13:32 +0000)]
Add stream ID mapping support for PCIe controller found on M2 Pro/Max SoCs.

ok patrick@

10 months agoUpdate lang/ruby module documentation for Ruby 3.3
jeremy [Wed, 27 Dec 2023 23:46:42 +0000 (23:46 +0000)]
Update lang/ruby module documentation for Ruby 3.3

10 months agoOnly wrap pattern in *s if using a regular expression.
nicm [Wed, 27 Dec 2023 20:42:01 +0000 (20:42 +0000)]
Only wrap pattern in *s if using a regular expression.

10 months agoRemove flags from the prefix before comparing with the received key so
nicm [Wed, 27 Dec 2023 20:23:59 +0000 (20:23 +0000)]
Remove flags from the prefix before comparing with the received key so
that modifier keys with flags work correctly, GitHub issue 3764.

10 months agogroff apparently generates broken output for some common characters in
nicm [Wed, 27 Dec 2023 20:20:50 +0000 (20:20 +0000)]
groff apparently generates broken output for some common characters in
mdoc, so escaped versions have to be used instead. From Alexis
Hildebrandt in GitHub issue 3762.

10 months agoAlways initialize screen mode, GitHub issue 3750 from Ding Fei.
nicm [Wed, 27 Dec 2023 20:17:13 +0000 (20:17 +0000)]
Always initialize screen mode, GitHub issue 3750 from Ding Fei.

10 months agoCorrectly handle window ops with no pane, GitHub issue 3747.
nicm [Wed, 27 Dec 2023 20:13:35 +0000 (20:13 +0000)]
Correctly handle window ops with no pane, GitHub issue 3747.

10 months agoFix handling of skipped elements on the very first element transmitted.
claudio [Wed, 27 Dec 2023 17:22:25 +0000 (17:22 +0000)]
Fix handling of skipped elements on the very first element transmitted.
rsync compares e.g. the first mtime against 0, if the mtime is the epoch
then rsync will skip this field and openrsync will choke when receiving it.
So if there is no first element but a FLIST_XYZ_SAME flag is use 0 as
value.
Problem noticed by job@
OK tb@ job@ and yoda@ for fixing the if statements

10 months agoAdd initial regress for CRYPTO_EX_DATA.
jsing [Wed, 27 Dec 2023 12:34:32 +0000 (12:34 +0000)]
Add initial regress for CRYPTO_EX_DATA.

10 months agoRemove engine regress.
jsing [Wed, 27 Dec 2023 12:26:17 +0000 (12:26 +0000)]
Remove engine regress.

Engines are no longer a thing.

Discussed with tb@

10 months agoRefactor rtr_parse_error() so that even a NO_DATA_AVAILABLE is logged
claudio [Wed, 27 Dec 2023 12:00:30 +0000 (12:00 +0000)]
Refactor rtr_parse_error() so that even a NO_DATA_AVAILABLE is logged
as last error. So that bgpctl can show that there was no data available.
OK tb@

10 months agosync table(5) with reality
op [Wed, 27 Dec 2023 11:29:56 +0000 (11:29 +0000)]
sync table(5) with reality

There are two different parser for table(5)s with different edge cases.
Adjust the documentation to what the strictier of the two (smtpd
internal parser) accepts, even if makemap(8) allows for more.

In particular, adjust the description for the comments (that cannot be
'anywhere in the file'), document the special comment @list and mention
that splitting is done on the colon character too.

ok and many improvements from jmc@

10 months ago'pax' format support for mtime and atime
jca [Wed, 27 Dec 2023 08:29:41 +0000 (08:29 +0000)]
'pax' format support for mtime and atime

Access time can't be represented by ustar, so always include it when
using the pax format.  Also include an extended header record for mtime
if the file modification time can't be fully represented by ustar (eg
subsecond resolution).

Input & ok millert@

10 months agoMark rrdp debug logging functions as used in regress
tb [Wed, 27 Dec 2023 07:17:39 +0000 (07:17 +0000)]
Mark rrdp debug logging functions as used in regress

ok claudio

10 months agoRework the warnings on internet resources
tb [Wed, 27 Dec 2023 07:15:55 +0000 (07:15 +0000)]
Rework the warnings on internet resources

Unify the printing of warnings about AS numbers and IP address blocks to
use a call to as_warn() and ip_warn(). Fix a bug in the latter where the
upper bound of an IP range didn't take the RFC 3779 encoding into account
and passed the address directly to inet_pton() rather than filling the
missing bits with 1. Switch the argument order to match the warnings and
tweak some warning messages.

ok claudio job

10 months agoX509_LOOKUP_shutdown() became a noop.
tb [Wed, 27 Dec 2023 01:55:25 +0000 (01:55 +0000)]
X509_LOOKUP_shutdown() became a noop.

That we are still calling this (NB without error check because heritage),
made coverity unhappy.

CID 471705

10 months agoRename some argument placeholders to be less cryptic,
schwarze [Tue, 26 Dec 2023 22:13:00 +0000 (22:13 +0000)]
Rename some argument placeholders to be less cryptic,
in particular s/inl/in_len/ and s/outl/out_len/ as suggested by tb@.

While here, also get rid of the "outm" placeholder that has been
around since the file was added to OpenSSL in 2000, replacing it
with the usual "out" in the four function prototypes affected; tb@
and myself suspect it was simply a typo followed by copy and paste.

Slightly improve variable naming in the examples, too, for clarity and
consistency, even though that doesn't turn the examples into good examples.

OK tb@

10 months agoClose some major gaps in the documentation of EVP_Cipher(3),
schwarze [Tue, 26 Dec 2023 19:09:08 +0000 (19:09 +0000)]
Close some major gaps in the documentation of EVP_Cipher(3),
and describe EVP_CIPHER_CTX_init(3) in a less misleading way.
Joint work with and OK tb@.

10 months agoUpdate documentation URL
miod [Tue, 26 Dec 2023 14:04:50 +0000 (14:04 +0000)]
Update documentation URL

10 months agoAlign the other RIRs with the recent clarifications from AFRINIC
job [Tue, 26 Dec 2023 13:36:18 +0000 (13:36 +0000)]
Align the other RIRs with the recent clarifications from AFRINIC

Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files
(since no resources can be transferred from AFRINIC to any other RIRs).

OK tb@

10 months agoDo not accept empty delta elements
tb [Tue, 26 Dec 2023 11:03:27 +0000 (11:03 +0000)]
Do not accept empty delta elements

Ties de Kock found RRDP content that doesn't match the XML schema, most
likely generated by krill: https://github.com/NLnetLabs/krill/issues/1180

Use the state machine to mark a new delta element as empty and check at
the end whether that state was changed (which means it contained publish
or withdraw elements). If so, raise a parse failure.

ok claudio job

10 months agoApple machines with multiple speakers typically have the shutdown pin of
kettenis [Tue, 26 Dec 2023 09:25:15 +0000 (09:25 +0000)]
Apple machines with multiple speakers typically have the shutdown pin of
the digital amplifier codecs wired up to a single GPIO.  This is apparently
problematic for Linux and Asahi Linux changed their device trees to use a
regulator instead to such that reference counting makes sure that shutdown
isn't asserted until all codecs are ready for it.  Follow suit, even though
our regulator code doesn't do the proper reference counting yet.

ok patrick@

10 months agoImprove handling of SError interrupts. Print some useful information and
kettenis [Tue, 26 Dec 2023 09:19:15 +0000 (09:19 +0000)]
Improve handling of SError interrupts.  Print some useful information and
allow additional information to be printed for specific CPU types.  Use
this to print the L2C registers on Apple CPUs which can be very useful
in tracking down the source of certain SError interrupts.

ok miod@, dlg@

10 months agoEVP_CipherInit(): remove cleanup call
tb [Tue, 26 Dec 2023 09:04:30 +0000 (09:04 +0000)]
EVP_CipherInit(): remove cleanup call

There is a bizarre EVP_CIPHER_CTX_cleanup() call in EVP_CipherInit()
leading to a subtle behavior difference with EVP_CipherInit_ex().

The history is that before EVP_CIPHER_CTX was made opaque, a context would
often live on the stack (hello, MariaDB) and the EVP_CIPHER_CTX_cleanup()
call was in fact an EVP_CIPHER_CTX_init() which just zeroes out the struct.
The problem with doing this is that on context reuse there could be data
hanging off it, causing leaks. Attempts were made to clean up things in
EVP_CipherFinal*(), but that broke applications reaching into the context
afterward, so they were removed again. Later on, opacity allowed changing
the _init() to a _cleanup() since EVP_CIPHER_CTX could no longer live on
the stack, so it would no longer contain garbage. I have to correct myself:
it would no longer contain stack garbage.

Now: EVP_CipherInit_ex() does some extra dances to preserve the AES key
wrap flag, which is cleared unconditionally in EVP_CipherInit(). That's
annoying to document and very likely never going to be an issue in the
wild: you'd need to do key wrap and then use the same context for use
with a cipher that does not allow key wrap for this to make a difference.

This way, all our EVP_{Cipher,Decrypt,Encrypt}*_ex() functions are now
trivially wrapped by their non-_ex() versions.

ok jsing

10 months agoEVP_CipherInit_ex() merge two code paths
tb [Tue, 26 Dec 2023 08:39:28 +0000 (08:39 +0000)]
EVP_CipherInit_ex() merge two code paths

Clean up the cipher context unconditionally if the cipher is being set.
This allows doing the dance to retain the key wrap flag only once and
makes it more obvious that allocating the cipher data doesn't leak.

suggested by/ok jsing

10 months agoMove EVP_PKEY_assign() a bit up and tweak it slightly
tb [Mon, 25 Dec 2023 22:41:50 +0000 (22:41 +0000)]
Move EVP_PKEY_assign() a bit up and tweak it slightly

ok jsing

10 months agoRemove unused X509_LOOKUP_METHODs
tb [Mon, 25 Dec 2023 22:14:23 +0000 (22:14 +0000)]
Remove unused X509_LOOKUP_METHODs

None of these function pointers were ever set. Now that the structure is
opaque they won't ever be, so time for them to hit the bitbucket. Infinite
extensibility of the toolkit results in complications, bugs, and dead code.

ok jsing

10 months agoAvoid out-of-bounds accesses in ASN1_BIT_STRING_{get,set}()
tb [Mon, 25 Dec 2023 22:02:59 +0000 (22:02 +0000)]
Avoid out-of-bounds accesses in ASN1_BIT_STRING_{get,set}()

If a negative n is passed, these functions would underrun the bitstring's
data array. So add checks for that and drop spades of unnecessary parens.

These functions are quite broken anyway. The setter attempts to zap the
unnecessary trailing zero octets, but fails to do so if the bit being
cleared isn't already set. Worse is the getter where you can't tell an
error (like attempting an out-of-bounds read) from the bit being unset.

ok joshua

10 months agoRename a few ret into pkey
tb [Mon, 25 Dec 2023 21:55:31 +0000 (21:55 +0000)]
Rename a few ret into pkey

10 months agoRework EVP_PKEY_set_type{,_str}()
tb [Mon, 25 Dec 2023 21:51:57 +0000 (21:51 +0000)]
Rework EVP_PKEY_set_type{,_str}()

These two functions previously wrapped a pkey_set_type() helper, which
was an utter mess because of ENGINE. With the long awaited departure of
ENGINE, this function became a lot simpler. A further simplification is
obtained by not doing the optimization to avoid an ameth lookup: this
requires walking a list of 11 ameths. We should consider bsearch()...

With this gone and a saner implementation of EVP_PKEY_free_it(), we can
implement these functions with a dozen lines of code each.

ok jsing

10 months agoRework EVP_PKEY_free()
tb [Mon, 25 Dec 2023 21:41:19 +0000 (21:41 +0000)]
Rework EVP_PKEY_free()

Use pkey instead of x, remove the pointless variable i, no need to check
for NULL before sk_X509_ATTRIBUTE_pop_free(), switch to freezero() to
leave fewer invalid pointers around.

ok jsing

10 months agoMove EVP_PKEY_free() up next to evp_pkey_free_pkey_ptr()
tb [Mon, 25 Dec 2023 21:37:26 +0000 (21:37 +0000)]
Move EVP_PKEY_free() up next to evp_pkey_free_pkey_ptr()

ok jsing

10 months agoFix EVP_PKEY_up_ref() - must have hit ^X somehow
tb [Mon, 25 Dec 2023 21:36:05 +0000 (21:36 +0000)]
Fix EVP_PKEY_up_ref() - must have hit ^X somehow

10 months agoRework evp_pkey_free_pkey_ptr()
tb [Mon, 25 Dec 2023 21:33:50 +0000 (21:33 +0000)]
Rework evp_pkey_free_pkey_ptr()

Rename the variable from x into pkey, make it NULL safe and unindent.

ok jsing

10 months agoRename EVP_PKEY_free_it() into evp_pkey_free_pkey_ptr()
tb [Mon, 25 Dec 2023 21:31:58 +0000 (21:31 +0000)]
Rename EVP_PKEY_free_it() into evp_pkey_free_pkey_ptr()

ok jsing

10 months agoMove the confusingly named EVP_PKEY_free_it() a bit up
tb [Mon, 25 Dec 2023 21:30:53 +0000 (21:30 +0000)]
Move the confusingly named EVP_PKEY_free_it() a bit up

ok jsing

10 months agoSimplify EVP_PKEY_up_ref()
tb [Mon, 25 Dec 2023 21:27:03 +0000 (21:27 +0000)]
Simplify EVP_PKEY_up_ref()

There is no need for a local variable and a ternary operator here.

ok jsing

10 months agoSwitch EVP_PKEY_new() from malloc() to calloc()
tb [Mon, 25 Dec 2023 21:25:24 +0000 (21:25 +0000)]
Switch EVP_PKEY_new() from malloc() to calloc()

ok jsing

10 months agoClarify that the ENGINE argument is ignored; OK tb@.
schwarze [Mon, 25 Dec 2023 15:52:18 +0000 (15:52 +0000)]
Clarify that the ENGINE argument is ignored; OK tb@.
While here, also switch the argument placeholder from *impl to *engine
as suggested by tb@.

10 months agoInstall media contain no packages anymore so move packages build last
jca [Mon, 25 Dec 2023 10:01:18 +0000 (10:01 +0000)]
Install media contain no packages anymore so move packages build last

This may the first items all speak about base and xenocara material, and
the mention of ports/packages feels less out of place.  Input and ok tb@

10 months agoZap HISTORY
jca [Mon, 25 Dec 2023 09:58:15 +0000 (09:58 +0000)]
Zap HISTORY

Knowing for which release this documentation was introduced seems
superfluous.  ok tb@

10 months agoMove EVP_Digest() next to the functions it wraps
tb [Sun, 24 Dec 2023 22:17:05 +0000 (22:17 +0000)]
Move EVP_Digest() next to the functions it wraps

It really makes no sense to have the mess that is EVP_MD_CTX_copy{,_ex}()
live between EVP_Digest{Init{,_ex},Update,Final{,_ex}}() and EVP_Digest(),
the latter being a relatively simple wrapper of Init_ex/Update/Final_ex.

10 months agorename bus_type enum to sparc_bus_type to not conflict with bus_type in drm
jsg [Sun, 24 Dec 2023 11:12:34 +0000 (11:12 +0000)]
rename bus_type enum to sparc_bus_type to not conflict with bus_type in drm
build error reported by deraadt@ ok kettenis@

10 months agoZal dead code
job [Sun, 24 Dec 2023 10:48:58 +0000 (10:48 +0000)]
Zal dead code

OK tb@

10 months agoRewrite dev_mkdb with FTS
gnezdo [Sun, 24 Dec 2023 06:35:05 +0000 (06:35 +0000)]
Rewrite dev_mkdb with FTS

This adds support for the devices in nested directories.

Pointers, review, and OK by semarie@

10 months agoRelax -C pledge to unbreak shelling out in interactive mode
kn [Sat, 23 Dec 2023 23:03:00 +0000 (23:03 +0000)]
Relax -C pledge to unbreak shelling out in interactive mode

r1.69 introduced -C in 2008 "to continue multiple transfers";
'ftp -C ftp://ftp.eu.openbsd.org/' lands in "ftp> " and turns "mget"
into "reget" by default.

r1.139 -C/resume without "proc exec" thusly was too strict.
Instead, now after recent cleanups/tweaks, prevent execution with -o.

OK millert

10 months agoRemove unused variables.
kettenis [Sat, 23 Dec 2023 22:40:42 +0000 (22:40 +0000)]
Remove unused variables.

10 months agoSync for perl 5.36.3
afresh1 [Sat, 23 Dec 2023 21:03:01 +0000 (21:03 +0000)]
Sync for perl 5.36.3

10 months agoUpdate to perl 5.36.3
afresh1 [Sat, 23 Dec 2023 21:02:20 +0000 (21:02 +0000)]
Update to perl 5.36.3

No changes to perl, as those were already committed for the earlier errata.
This just brings documentation and such in line with upstream.

ok bluhm@

10 months agoAdd support for "locked" DARTs. These have the page table registers
kettenis [Sat, 23 Dec 2023 18:28:38 +0000 (18:28 +0000)]
Add support for "locked" DARTs.  These have the page table registers
locked down and we need to retain the existing mappings.

ok patrick@

10 months agoSuppress a spurious empty arg at EOF w/ "find -0" caused by the last commit.
millert [Sat, 23 Dec 2023 15:58:58 +0000 (15:58 +0000)]
Suppress a spurious empty arg at EOF w/ "find -0" caused by the last commit.

10 months agoProvide more complete implementations of some of the Linux compat
kettenis [Sat, 23 Dec 2023 14:18:27 +0000 (14:18 +0000)]
Provide more complete implementations of some of the Linux compat
interfaces that are needed for the upcoming apple kms driver.

ok jsg@

10 months agoChange the type of dma_addr_t to uint64_t. It is a 64-bit type on most
kettenis [Sat, 23 Dec 2023 13:44:57 +0000 (13:44 +0000)]
Change the type of dma_addr_t to uint64_t.  It is a 64-bit type on most
Linux architectures (including the most popular 32-bit ones) and a new
driver I'm working on tries to print a dma_addr_t variable using %llx.

ok jsg@

10 months agoUse more consistent order for Init/Update/Final
tb [Sat, 23 Dec 2023 13:05:06 +0000 (13:05 +0000)]
Use more consistent order for Init/Update/Final

Consistently implement the _ex() version after the non-extended versions,
First Cipher Init/Update/Final, then Encrypt, then Decrypt. This only
switches the order of CipherFinal{,_ex} and move the DecryptInit* down,
so they are no longer somewhere in the middle of the Encrypt* functions.

10 months agoBackout always allocate per-CPU statistics counters for network
bluhm [Sat, 23 Dec 2023 10:52:54 +0000 (10:52 +0000)]
Backout always allocate per-CPU statistics counters for network
interface descriptor.  It panics during attach of em(4) device at
boot.

10 months agoremove trailing whitespaces
op [Sat, 23 Dec 2023 10:29:05 +0000 (10:29 +0000)]
remove trailing whitespaces

10 months agoketttenis -> kettenis
jsg [Sat, 23 Dec 2023 02:42:51 +0000 (02:42 +0000)]
ketttenis -> kettenis

10 months agoPrefix get_trusted_issuer() with x509_vfy_
tb [Sat, 23 Dec 2023 00:52:13 +0000 (00:52 +0000)]
Prefix get_trusted_issuer() with x509_vfy_

10 months agoAlways allocate per-CPU statistics counters for network interface
mvs [Fri, 22 Dec 2023 23:01:50 +0000 (23:01 +0000)]
Always allocate per-CPU statistics counters for network interface
descriptor.

We have the mess in network interface statistics. Only pseudo drivers
do per-CPU counters allocation, all other network devices use the old
`if_data'. The network stack partially uses per-CPU counters and
partially use `if_data', but the protection is inconsistent: some times
counters accessed with exclusive netlock, some times with shared
netlock, some times with kernel lock, but without netlock, some times
with another locks.

To make network interfaces statistics more consistent, always allocate
per-CPU counters at interface attachment time and use it instead of
`if_data'. At this step only move counters allocation to the if_attach()
internals. The `if_data' removal will be performed with the following
diffs to make review and tests easier.

ok bluhm

10 months agoZap useless newline added in previous
jca [Fri, 22 Dec 2023 20:32:29 +0000 (20:32 +0000)]
Zap useless newline added in previous

10 months ago'pax' format support for files over 8GB
jca [Fri, 22 Dec 2023 20:29:27 +0000 (20:29 +0000)]
'pax' format support for files over 8GB

ok millert@

10 months agoRemove two no longer necessary reminders
tb [Fri, 22 Dec 2023 17:37:14 +0000 (17:37 +0000)]
Remove two no longer necessary reminders

I guess I'm getting old. Next time I'll have to add a reminder not to
forget to remove the reminder.

10 months agoRemove extra whitespace on two lines
tb [Fri, 22 Dec 2023 17:25:47 +0000 (17:25 +0000)]
Remove extra whitespace on two lines

10 months agoxargs: fix parsing of empty fields when "xargs -0" is used.
millert [Fri, 22 Dec 2023 17:12:13 +0000 (17:12 +0000)]
xargs: fix parsing of empty fields when "xargs -0" is used.
Previously, these fields would be skipped.  From Hiltjo Posthuma.

10 months agoAdd length checks for partial_len
tb [Fri, 22 Dec 2023 14:58:05 +0000 (14:58 +0000)]
Add length checks for partial_len

These remove a few more potential out-of-bounds accesses and ensure in
particular that the padding is between 1 and block_size (inclusive).

ok joshua jsing

10 months agosync
deraadt [Fri, 22 Dec 2023 13:48:04 +0000 (13:48 +0000)]
sync

10 months agoRename check_hosts()
tb [Fri, 22 Dec 2023 13:46:37 +0000 (13:46 +0000)]
Rename check_hosts()

10 months agoReplace check_trust() with its x509_vfy_ prefixed wrapper
tb [Fri, 22 Dec 2023 13:45:28 +0000 (13:45 +0000)]
Replace check_trust() with its x509_vfy_ prefixed wrapper

10 months agoReplace check_chain_extensions() with its x509_vfy_ wrapper
tb [Fri, 22 Dec 2023 13:42:18 +0000 (13:42 +0000)]
Replace check_chain_extensions() with its x509_vfy_ wrapper

10 months agoReplace check_id() with its x509_vfy_check_id() wrapper
tb [Fri, 22 Dec 2023 13:36:20 +0000 (13:36 +0000)]
Replace check_id() with its x509_vfy_check_id() wrapper

10 months agoRemove a bunch of function pointers from X509_STORE_CTX
tb [Fri, 22 Dec 2023 13:31:35 +0000 (13:31 +0000)]
Remove a bunch of function pointers from X509_STORE_CTX

These are only ever set to one particular function which is either local
to this file or part of the public API and we never added the public API
to set them to something else. Prefix the local functions touched in this
commit with x509_vfy_. More cleanup to follow.

ok joshua jsing

10 months agoCall log_setverbosity() directly after getopt() so that debugging
martijn [Fri, 22 Dec 2023 13:04:30 +0000 (13:04 +0000)]
Call log_setverbosity() directly after getopt() so that debugging
information during config-parsing can be displayed.

OK tb@

10 months agoRemove a log_debug from usm_checkuser(). It would only display what is in
martijn [Fri, 22 Dec 2023 13:03:16 +0000 (13:03 +0000)]
Remove a log_debug from usm_checkuser(). It would only display what is in
the config and was never actually displayed because of insufficient
verbosity level during config-parsing and would display the wrong auth
algorithm for SHA2.

OK tb@

10 months agohandle MODPY_PYBUILD=jupyter_packaging
sthen [Fri, 22 Dec 2023 12:51:53 +0000 (12:51 +0000)]
handle MODPY_PYBUILD=jupyter_packaging

10 months agoSimplify some logic in EVP_EncryptInit_ex()
tb [Fri, 22 Dec 2023 12:35:22 +0000 (12:35 +0000)]
Simplify some logic in EVP_EncryptInit_ex()

Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the
middle of the function. Handle the reuse case outside of the big non-NULL
cipher case for now. This looks a bit odd but relies on the invariant that
cipher_data is only set if the cipher is set. It will be reworked in a
subsequent commit.

ok jsing

10 months agoClean up includes in cms_smime.c
tb [Fri, 22 Dec 2023 10:23:11 +0000 (10:23 +0000)]
Clean up includes in cms_smime.c

10 months agoevp_enc: make some flag checks explicit
tb [Fri, 22 Dec 2023 10:20:33 +0000 (10:20 +0000)]
evp_enc: make some flag checks explicit

ok joshua jsing

10 months agoRemove cleanup() and get_crl() from X509_STORE_CTX
tb [Fri, 22 Dec 2023 09:40:14 +0000 (09:40 +0000)]
Remove cleanup() and get_crl() from X509_STORE_CTX

ok jsing

10 months agoRemove unused function pointers from X509_STORE
tb [Fri, 22 Dec 2023 07:35:09 +0000 (07:35 +0000)]
Remove unused function pointers from X509_STORE

The struct underlying the X509_STORE type is opaque ars and nothing uses
the accessors that OpenSSL added blindly for these. Therefore we didn't
add them in the first place. So this rips out several dozens of lines of
dead code.

ok beck joshua jsing

10 months agoUpdate microcode, initialization and reset behavior.
kevlo [Fri, 22 Dec 2023 05:28:14 +0000 (05:28 +0000)]
Update microcode, initialization and reset behavior.
Remove two chip versions (identified by MAC_CFG2 and MAC_CFG4) support that
may not be available in the market, and also raise rxring lwm to 32.

Tested by Nick Owens.

10 months agoRemove EVP_PKEY_asn1_add{0,_alias}() documentation
tb [Thu, 21 Dec 2023 21:32:01 +0000 (21:32 +0000)]
Remove EVP_PKEY_asn1_add{0,_alias}() documentation

This API was recently neutered and will be removed in the next major bump.
Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it
from all other manuals.

10 months agoMark some API-to-be-removed as intentionally undocumented
tb [Thu, 21 Dec 2023 21:23:37 +0000 (21:23 +0000)]
Mark some API-to-be-removed as intentionally undocumented

10 months agoRemove some superfluous parentheses
tb [Thu, 21 Dec 2023 20:50:43 +0000 (20:50 +0000)]
Remove some superfluous parentheses

10 months agoNew TEMPerGold sensor; reported by Mikolaj Kucharski on bugs@
miod [Thu, 21 Dec 2023 19:40:47 +0000 (19:40 +0000)]
New TEMPerGold sensor; reported by Mikolaj Kucharski on bugs@

10 months agoRemove logic and comments related to INDIR now that they aren't supported
miod [Thu, 21 Dec 2023 19:34:07 +0000 (19:34 +0000)]
Remove logic and comments related to INDIR now that they aren't supported
anymore.
ok tb@ deraadt@, no need to regen anything

10 months agomib_init() and MIB() disappeared with mib.c, remove their declarations.
martijn [Thu, 21 Dec 2023 13:54:05 +0000 (13:54 +0000)]
mib_init() and MIB() disappeared with mib.c, remove their declarations.
MIBDECL() and MIBEND are only used inside mib.h, so move their definition
in there.

OK tb@