openbsd
2 months agoAdjust documentation for check/pubcheck removal
tb [Thu, 29 Aug 2024 17:01:40 +0000 (17:01 +0000)]
Adjust documentation for check/pubcheck removal

ok beck

2 months agoRemove check and pubcheck from openssl pkey and pkeyparam
tb [Thu, 29 Aug 2024 17:01:02 +0000 (17:01 +0000)]
Remove check and pubcheck from openssl pkey and pkeyparam

The underlying API will be removed, so these commands have to go.

ok beck

2 months agoRemove the pkey_{,public_,param_}check() handlers
tb [Thu, 29 Aug 2024 16:58:19 +0000 (16:58 +0000)]
Remove the pkey_{,public_,param_}check() handlers

This disables the EVP_PKEY_*check() API and makes it fail (more precisely
indicate lack of support) on all key types.

This is an intermediate step to full removal.
Removal is ok beck jsing

2 months agoRemove evp_pkey_check test
tb [Thu, 29 Aug 2024 16:43:52 +0000 (16:43 +0000)]
Remove evp_pkey_check test

The API it tests will be removed shortly

2 months agoIn m_pulldown() replace memmove() with memcpy().
bluhm [Thu, 29 Aug 2024 16:42:30 +0000 (16:42 +0000)]
In m_pulldown() replace memmove() with memcpy().

The memmove() in m_pulldown() copied memory between different mbufs.
So data cannot overlap and memcpy() is enough.

OK claudio@ deraadt@

2 months agoConvert prototypes to new style.
claudio [Thu, 29 Aug 2024 15:18:17 +0000 (15:18 +0000)]
Convert prototypes to new style.
OK millert@

2 months agoUse signal handler safe dprintf() instead of asprintf + write
claudio [Thu, 29 Aug 2024 15:16:43 +0000 (15:16 +0000)]
Use signal handler safe dprintf() instead of asprintf + write
OK millert@

2 months agoUnify proc_parser_* as far as possible and reasonable
tb [Thu, 29 Aug 2024 13:46:28 +0000 (13:46 +0000)]
Unify proc_parser_* as far as possible and reasonable

ok claudio job

2 months agodraft-ietf-v6ops-rfc3849-update turned into RFC9637, adjust comment
claudio [Thu, 29 Aug 2024 12:58:57 +0000 (12:58 +0000)]
draft-ietf-v6ops-rfc3849-update turned into RFC9637, adjust comment

2 months agoocsp.c: zap trailing whitespace
tb [Thu, 29 Aug 2024 11:04:02 +0000 (11:04 +0000)]
ocsp.c: zap trailing whitespace

2 months agoShow expensive mbuf operations in netstat(1) statistics.
bluhm [Thu, 29 Aug 2024 10:44:40 +0000 (10:44 +0000)]
Show expensive mbuf operations in netstat(1) statistics.

If the memory layout is not optimal, m_defrag(), m_prepend(),
m_pullup(), and m_pulldown() will allocate mbufs or copy memory.
Count these operations to find possible optimizations.

input dhill@; OK mvs@

2 months agoImprove warning message
job [Thu, 29 Aug 2024 09:54:13 +0000 (09:54 +0000)]
Improve warning message

Requested by claudio@

OK tb@

2 months agoPeriodically reinitialize RRDP sessions to snapshot at random intervals
job [Thu, 29 Aug 2024 09:53:04 +0000 (09:53 +0000)]
Periodically reinitialize RRDP sessions to snapshot at random intervals

It is technically possible for a series of RRDP deltas and a snapshot
to diverge. An RRDP server could distribute files via Deltas and then
forget about those files, causing copies to remain stuck in the caches
of RRDP clients. Resetting RRDP sessions once every few weeks helps with
garbage collection.

In week 0 the probability of triggering re-initialization is ~0.025% and
doubles every week, in week 11 its 50% and always after week 12. Thus,
RPs will reinitialize at least once every 3 months.

OK tb@ claudio@

2 months agoFix regression introduced in previous migration to strtol() by
anton [Thu, 29 Aug 2024 07:33:50 +0000 (07:33 +0000)]
Fix regression introduced in previous migration to strtol() by
correcting the error condition, making it on par with the example in the
manual.

ok op@

2 months agoUpdate root hints.
florian [Thu, 29 Aug 2024 07:20:16 +0000 (07:20 +0000)]
Update root hints.

b.root-servers.net renumbered on 2023-11-27.

OK phessler, jsg, sthen, deraadt

2 months agounstub pdev_to_i915()
jsg [Thu, 29 Aug 2024 03:57:35 +0000 (03:57 +0000)]
unstub pdev_to_i915()

2 months agocall pci_set_drvdata() on attach
jsg [Thu, 29 Aug 2024 03:38:13 +0000 (03:38 +0000)]
call pci_set_drvdata() on attach

2 months agorepair bizzare indents; ok tb
deraadt [Thu, 29 Aug 2024 03:30:05 +0000 (03:30 +0000)]
repair bizzare indents; ok tb

2 months agoIf bounce buffers do not fit, defragment mbuf.
bluhm [Wed, 28 Aug 2024 18:21:15 +0000 (18:21 +0000)]
If bounce buffers do not fit, defragment mbuf.

Some packets were dropped by vio_encap() when using bounce buffers.
These mbufs are too fragmented for the pre allocated bounce buffer
pages.  By returing EFBIG the network driver will call m_defrag()
and try again.  This fixes the problem.

OK sf@ hshoexer@

2 months agoEnable per-cpu page cache.
miod [Wed, 28 Aug 2024 17:37:12 +0000 (17:37 +0000)]
Enable per-cpu page cache.

2 months agouse the right FILE to parse the config, not stdin
op [Wed, 28 Aug 2024 15:51:01 +0000 (15:51 +0000)]
use the right FILE to parse the config, not stdin

I typoed the file argument to getline() in rev 1.14 when converting
fgetln remnants to getline back in aug 2022.  guess not many people
are hosting hunt servers.

2 months agodef_create(): switch from malloc() to calloc()
tb [Wed, 28 Aug 2024 15:48:33 +0000 (15:48 +0000)]
def_create(): switch from malloc() to calloc()

ok jsing

2 months agoAdd test for for the case where the pattern space is empty but does
millert [Wed, 28 Aug 2024 14:32:02 +0000 (14:32 +0000)]
Add test for for the case where the pattern space is empty but does
not start with a NUL character, which might occur after using the
D command.

2 months agoFix the case where the pattern space is empty but does not start
millert [Wed, 28 Aug 2024 14:30:26 +0000 (14:30 +0000)]
Fix the case where the pattern space is empty but does not start
with a NUL character, which might occur after using the D command.
From Mohamed Akram

2 months agoStop printing the "syscall" bit in the header line, too.
naddy [Wed, 28 Aug 2024 14:22:36 +0000 (14:22 +0000)]
Stop printing the "syscall" bit in the header line, too.

ok deraadt@

2 months agoIntroduce peer_is_up() and use it instead of peer->state == PEER_UP checks
claudio [Wed, 28 Aug 2024 13:21:39 +0000 (13:21 +0000)]
Introduce peer_is_up() and use it instead of peer->state == PEER_UP checks
also enqueue update and rrfresh imsgs only if the peer is up and flush them
once this is no longer the case.
OK tb@

2 months agoCheck the max_prefix and max_out_prefix limit during config reload.
claudio [Wed, 28 Aug 2024 13:18:11 +0000 (13:18 +0000)]
Check the max_prefix and max_out_prefix limit during config reload.
This is cheap and will trigger immediatly instead of waiting until
the next UPDATE happens (which could happen a lot later).
OK tb@ job@

2 months agoExtend maxprefix and maxprefixout tests to also check that the limits
claudio [Wed, 28 Aug 2024 13:14:39 +0000 (13:14 +0000)]
Extend maxprefix and maxprefixout tests to also check that the limits
are checked during reload.

2 months agovio: Fix allocation sizes
sf [Wed, 28 Aug 2024 12:40:22 +0000 (12:40 +0000)]
vio: Fix allocation sizes

For both rx and tx, we need an array of bus_dmamap_t and mbuf pointers each.
This results in a size of

  (rxqsize + txqsize) * (sizeof(bus_dmamap_t) + sizeof(struct mbuf *))

The factor 2 before the sizeof(bus_dmamap_t) was too much and we
allocated more than we needed.

OK bluhm@

2 months agofix test: -F is the argument to specify a non-default ssh_config,
djm [Wed, 28 Aug 2024 12:08:26 +0000 (12:08 +0000)]
fix test: -F is the argument to specify a non-default ssh_config,
not -f (this is sadly not a new bug)

2 months agolibpcap: replace atoi() usage with strtonum()
op [Wed, 28 Aug 2024 11:41:42 +0000 (11:41 +0000)]
libpcap: replace atoi() usage with strtonum()

ok/improvements beck@

2 months agolibpcap: replace hand-rolled number parser with strtol
op [Wed, 28 Aug 2024 11:40:33 +0000 (11:40 +0000)]
libpcap: replace hand-rolled number parser with strtol

can't use strtonum here since it needs to handle octal and hex
notations as well.  Part of a larger diff that's ok beck@

2 months agosync ibuf_realloc() copy with libutil
tb [Wed, 28 Aug 2024 09:39:17 +0000 (09:39 +0000)]
sync ibuf_realloc() copy with libutil

This pulls in an overflow check and the change from recallocarray() to
realloc(). claudio tells me that we might soon get rid of this copy.

ok claudio

2 months agoGet rid of last use of db_meth
tb [Wed, 28 Aug 2024 08:59:03 +0000 (08:59 +0000)]
Get rid of last use of db_meth

Nothing touches db_meth in ports. Thus only way a db_meth can be set is
now as a side effect X509V3_set_conf() in which case the db is an NCONF
database and the db_meth will be a thin wrapper of NCONF_get_section().
Make that explicit in the implementation, remove the guts of the unused
X509V3_get_string() and X509V3_string_free(), turn X509V3_section_free()
into a noop and replace several checks for ctx->db, ctx->db->meth, ...
with a simple ctx->db != NULL check.

ok beck jsing

2 months agoRemove a few obvious comments, unwrap a few lines and annotate some
tb [Wed, 28 Aug 2024 08:50:41 +0000 (08:50 +0000)]
Remove a few obvious comments, unwrap a few lines and annotate some
functions for removal

2 months agoTurn X509V3_set_conf_lhash() into a noop
tb [Wed, 28 Aug 2024 08:43:55 +0000 (08:43 +0000)]
Turn X509V3_set_conf_lhash() into a noop

Another legacy turd that was only used by PHP 7.4 and 8.0.

ok beck jsing

2 months agoAdd LCRYPTO_USED(X509_get_signature_info)
tb [Wed, 28 Aug 2024 08:41:18 +0000 (08:41 +0000)]
Add LCRYPTO_USED(X509_get_signature_info)

2 months agoDisable X509V3_EXT{,_CRL,_REQ}_add_conf()
tb [Wed, 28 Aug 2024 08:33:06 +0000 (08:33 +0000)]
Disable X509V3_EXT{,_CRL,_REQ}_add_conf()

These legacy interfaces were only used by PHP 7.4 and 8.0 and they will
be removed in an upcoming bump.

ok beck jsing

2 months agoAnnotate X509V3_CONF_CTX and its only instance for removal
tb [Wed, 28 Aug 2024 08:22:57 +0000 (08:22 +0000)]
Annotate X509V3_CONF_CTX and its only instance for removal

A comment saying /* Maybe more here */ in a public also goes (yuck).
Of course the promise was fulfilled by OpenSSL 3.

ok beck jsing

2 months agoMake use of X509_get_signature_info() in check_sig_level()
tb [Wed, 28 Aug 2024 07:37:50 +0000 (07:37 +0000)]
Make use of X509_get_signature_info() in check_sig_level()

If an auth_level (i.e., security_level, but not quite, because Viktor) was
set on the X509_VERIFY_PARAM in the X509_STORE_CTX, the verifier would
reject RSA-PSS or EdDSA certificates for insufficient security bits due to
incorrect use of OBJ_find_sigid_algs() (this was also a bug in the initial
security level implementation in OpenSSL 1.1).

Using X509_get_signature_info() fixes this while preserving behavior for
all other algorithms.

Reported by Steffen Ullrich as one of multiple issues with RSA-PSS.

ok jsing

2 months agoDocument X509_get0_signature_info()
tb [Wed, 28 Aug 2024 07:18:55 +0000 (07:18 +0000)]
Document X509_get0_signature_info()

Loosely based on the OpenSSL 1.1 documentation but extended quite a bit to
explain what the flags mean and what info they do (and do not) convey. With
the usual valuable feedback from jmc.

ok jmc

2 months agoImplement X509_get_signature_info()
tb [Wed, 28 Aug 2024 07:15:04 +0000 (07:15 +0000)]
Implement X509_get_signature_info()

This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.

The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.

The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.

ok jsing

2 months agoFix underlying pkey of RSA-PSS
tb [Wed, 28 Aug 2024 06:53:24 +0000 (06:53 +0000)]
Fix underlying pkey of RSA-PSS

There are currently very few differences between the rsa_asn1_meth for
plain RSA and the rsa_pss_asn1_meth for RSA-PSS apart from the obviously
necessary differnces for base_method, pkey_id, pem_str and info (and the
fact that RSA has support for legacy private key encoding). This had the
lucky side effect that it didn't really matter which ameth one ended up
using after OBJ_find_sigid_algs().

With the upcoming support for X509_get_signature_infO() for RSA-PSS, this
needs to change as for RSA-PSS we need to decode the PSS parameters for
extracting the "security level", whereas for RSA we can just use the hash
length. Thus, for RSA-PSS switch pkey_id from the incorrect rsaEncryption
to rassaPss.

ok jsing

PS: OBJ_find_sigid_algs() manual is no longer entirely correct, but this
has been the case since we added Ed25519 support to obj_xref.

2 months agoAdd a comment to OCSP_id_issuer_cmp() to make blind use of X509_ALGOR_cmp()
tb [Wed, 28 Aug 2024 06:27:19 +0000 (06:27 +0000)]
Add a comment to OCSP_id_issuer_cmp() to make blind use of X509_ALGOR_cmp()
less likely.

ok jsing

2 months agoClean up and simplify OCSP_cert_id_new()
tb [Wed, 28 Aug 2024 06:26:06 +0000 (06:26 +0000)]
Clean up and simplify OCSP_cert_id_new()

Use proper NULL checks, set hashAlgorithm with X509_ALGOR_set0_by_nid(),
and avoid a silly digerr label.

ok jsing

2 months agoAvoid reaching into X509_ALGOR in ocsp_certid_print()
tb [Wed, 28 Aug 2024 06:18:44 +0000 (06:18 +0000)]
Avoid reaching into X509_ALGOR in ocsp_certid_print()

ok jsing

2 months agoAvoid polluting the error stack when printing certificates
tb [Wed, 28 Aug 2024 06:17:06 +0000 (06:17 +0000)]
Avoid polluting the error stack when printing certificates

For a certificate serial number between LONG_MAX and ULONG_MAX, the call to
ASN1_INTEGER_get() fails and leaves an error on the stack because the check
bs->length <= sizeof(long) doesn't quite do what it's supposed to do (bs is
probably for bitstring, although the more common reading would be adequate,
too.)

Fix this by checking for non-negativity and using ASN1_INTEGER_get_uint64()
and add a lengthy comment to explain the nonsense per beck's request.

discussed with jsing
ok beck

2 months agochange dev_set_drvdata() call to pci_set_drvdata() to match linux
jsg [Wed, 28 Aug 2024 06:09:36 +0000 (06:09 +0000)]
change dev_set_drvdata() call to pci_set_drvdata() to match linux
no functional change

2 months agoimplement pci drvdata functions
jsg [Wed, 28 Aug 2024 04:55:45 +0000 (04:55 +0000)]
implement pci drvdata functions

2 months agosplnet() not needed in activate function
deraadt [Wed, 28 Aug 2024 03:54:54 +0000 (03:54 +0000)]
splnet() not needed in activate function
ok gkoehler

2 months agoskip GPU reset on everything, not just APUs
jsg [Wed, 28 Aug 2024 01:59:27 +0000 (01:59 +0000)]
skip GPU reset on everything, not just APUs

Fixes S3 suspend/resume on jrick's VEGA10 after the
amdgpu_pmops_suspend_noirq() call was added to amdgpu_activate().
To be revisted after more of the reset functions are unstubbed.

2 months agoinline `start' and simplify; from/ok millert@
op [Tue, 27 Aug 2024 19:27:19 +0000 (19:27 +0000)]
inline `start' and simplify;  from/ok millert@

2 months agovio: whitespace and message tweaks
sf [Tue, 27 Aug 2024 19:11:20 +0000 (19:11 +0000)]
vio: whitespace and message tweaks

Fix whitespace.

Other network drivers use a comma in the boot message.

Make more clear what features are meant in an error message

OK bluhm@

2 months agoconstify struct virtio_ops
sf [Tue, 27 Aug 2024 19:01:11 +0000 (19:01 +0000)]
constify struct virtio_ops

OK bluhm@

2 months agoksh: use strtonum() in findhistrel()
op [Tue, 27 Aug 2024 18:45:58 +0000 (18:45 +0000)]
ksh: use strtonum() in findhistrel()

ok millert@, deraadt@

2 months agovirtio: Remove some unused leftovers
sf [Tue, 27 Aug 2024 18:44:12 +0000 (18:44 +0000)]
virtio: Remove some unused leftovers

Some fields in struct virtqueue are unused.
The maxsegsize argument to virtio_alloc_vq is unused.

OK bluhm@

2 months agoremove some dead code that wasn't cleaned up
aisha [Tue, 27 Aug 2024 13:52:41 +0000 (13:52 +0000)]
remove some dead code that wasn't cleaned up

ok sashan

2 months agouse UQ_ALWAYS_OPEN for various PixArt/Logitech USB mice. ok bru miod
sthen [Tue, 27 Aug 2024 12:41:18 +0000 (12:41 +0000)]
use UQ_ALWAYS_OPEN for various PixArt/Logitech USB mice. ok bru miod

Some USB mice are known to have problems if the device isn't polled
regularly (seems to be something in the firmware overflows). Symptoms
are frequent disconnect/reconnect cycles unless either X or wsmoused
are used.

jcs and kurt figured out a related problem with the Surface Type Cover
and added UQ_ALWAYS_OPEN in 2021 (similar to linux HID_QUIRK_ALWAYS_POLL
and NetBSD UQ_ALWAYS_ON) which also works around the problem with these
mice.

I've added the list of vid/pid from NetBSD, plus the mouse which I've
been having problems with which they didn't have.

2 months agosync
sthen [Tue, 27 Aug 2024 12:31:43 +0000 (12:31 +0000)]
sync

2 months agoadd a few USB mice, to be used for quirks. ok bru miod
sthen [Tue, 27 Aug 2024 12:31:18 +0000 (12:31 +0000)]
add a few USB mice, to be used for quirks.  ok bru miod

2 months agoframbuffer -> framebuffer
jsg [Tue, 27 Aug 2024 10:58:53 +0000 (10:58 +0000)]
frambuffer -> framebuffer

2 months agoEnable AMD SEV support in vmm(4).
bluhm [Tue, 27 Aug 2024 09:16:03 +0000 (09:16 +0000)]
Enable AMD SEV support in vmm(4).

Bring the pieces for vmm(4) to support guests with SEV memory
encryption on AMD CPUs.  The corresponding vmd(8) changes will
follow.
Emulate cpuid 0x8000001f so the guest can discover SEV features.
Allow vmd(8) to enable SEV on VM creation.  Inform vmd(8) about the
c-bit position and ASID assigned to each VCPU.
Note that vmd(8) has to be rebuilt with the new header files.

from hshoexer@; input dv@; OK mlarkin@

2 months agoDisplay hyperlinks in copy mode and add copy_cursor_hyperlink format to
nicm [Tue, 27 Aug 2024 07:49:07 +0000 (07:49 +0000)]
Display hyperlinks in copy mode and add copy_cursor_hyperlink format to
get the hyperlink under the cursor.

2 months agoAdd search_count and search_count_partial formats in copy mode, GitHub
nicm [Tue, 27 Aug 2024 07:31:26 +0000 (07:31 +0000)]
Add search_count and search_count_partial formats in copy mode, GitHub
issue 4091.

2 months agoDo not reset mouse pane if clicked on status line, it may have been set
nicm [Tue, 27 Aug 2024 07:25:27 +0000 (07:25 +0000)]
Do not reset mouse pane if clicked on status line, it may have been set
by a range.

2 months agoMechanically change inet_aton to inet_pton.
florian [Tue, 27 Aug 2024 06:06:14 +0000 (06:06 +0000)]
Mechanically change inet_aton to inet_pton.

Documentation says IP addresses are not truncated, so the parser can
be stricter and only accept dotted IP addresses.

OK yasuoka

2 months agoUse getaddrinfo to parse IP addresses and lookup names.
florian [Tue, 27 Aug 2024 06:04:03 +0000 (06:04 +0000)]
Use getaddrinfo to parse IP addresses and lookup names.

Input & OK bluhm

2 months agoUse getaddrinfo to parse IP addresses and lookup names.
florian [Tue, 27 Aug 2024 06:03:20 +0000 (06:03 +0000)]
Use getaddrinfo to parse IP addresses and lookup names.

OK bluhm

2 months agoDo not send zero sized vendor or client ids.
florian [Tue, 27 Aug 2024 05:55:39 +0000 (05:55 +0000)]
Do not send zero sized vendor or client ids.

The frontend and engine do not like this due to improved error
checking.

Found by Josh Grosse and Renato Aguiar, thanks!

2 months agocms_att.c: tidy includes and add x509_local.h for upcoming change
tb [Tue, 27 Aug 2024 01:19:27 +0000 (01:19 +0000)]
cms_att.c: tidy includes and add x509_local.h for upcoming change

2 months agocalendars are so hard
deraadt [Mon, 26 Aug 2024 22:54:21 +0000 (22:54 +0000)]
calendars are so hard

2 months agoreplace atoi(3) usage with strtonum(3); ok/tweaks tb@
op [Mon, 26 Aug 2024 22:01:28 +0000 (22:01 +0000)]
replace atoi(3) usage with strtonum(3); ok/tweaks tb@

2 months agoreplace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@
op [Mon, 26 Aug 2024 22:00:47 +0000 (22:00 +0000)]
replace strtol(3) usage with strtonum(3); idea/ok/tweaks tb@

2 months agoreplace hand-rolled number parser with strtonum
op [Mon, 26 Aug 2024 21:34:32 +0000 (21:34 +0000)]
replace hand-rolled number parser with strtonum

original report by Collin Funk
ok bluhm, millert

2 months agofortune files are no longer being rot13d;
jmc [Mon, 26 Aug 2024 20:12:33 +0000 (20:12 +0000)]
fortune files are no longer being rot13d;

2 months ago- remove the "real" dance. there is no longer a need for it.
jmc [Mon, 26 Aug 2024 20:10:53 +0000 (20:10 +0000)]
- remove the "real" dance. there is no longer a need for it.

- do not install the offensive files rotated 13 chars, as suggested by deraadt.
it hardly makes sense, and only one of the "potentially offensive" files
was being treated this way anyway

- simplify the makefile to catch up with all this

- update NOTES to catch up with all this

- the notes in README pertaining to not installing the offensive files is no
longer relevant, so remove it, as suggested by millert

2 months agovirtio: Introduce dedicated attach args
sf [Mon, 26 Aug 2024 19:37:54 +0000 (19:37 +0000)]
virtio: Introduce dedicated attach args

Instead of abusing virtio_softc as attach args, create a separate
struct. Use it to pass the number of available interrupts. This will be
useful for vio(4) multi-queue support.

ok jan@

2 months agovio(4): Fix hardmtu without MRG_RXBUF
sf [Mon, 26 Aug 2024 19:24:02 +0000 (19:24 +0000)]
vio(4): Fix hardmtu without MRG_RXBUF

Without VIRTIO_NET_F_MRG_RXBUF, we cannot chain several buffers together
and we can only receive packets up to the length of the buffers we put
into the ring.

OK bluhm@

2 months agots.c: typo flaf -> flag
tb [Mon, 26 Aug 2024 18:40:50 +0000 (18:40 +0000)]
ts.c: typo flaf -> flag

2 months agoReplace recallocarray() with a realloc() + memset() combo.
claudio [Mon, 26 Aug 2024 13:57:34 +0000 (13:57 +0000)]
Replace recallocarray() with a realloc() + memset() combo.

recallocarray(), with its guarantee that memory becoming unallocated is
explicitly discarded, is too slow. In rpki-client forming one particular
ibuf takes more then 4mins because every recallocarray() call ends up
doing a fresh malloc + memcpy + freezero call.
For sensitive data use ibuf_open() instead of ibuf_dynamic() to avoid
any memory reallocations.
OK tb@

2 months agoRearrange #ifdef TCP_SIGNATURE to keep braces balanced.
bluhm [Mon, 26 Aug 2024 13:55:14 +0000 (13:55 +0000)]
Rearrange #ifdef TCP_SIGNATURE to keep braces balanced.

2 months agoUse strtonum instead of atoi.
nicm [Mon, 26 Aug 2024 13:02:15 +0000 (13:02 +0000)]
Use strtonum instead of atoi.

2 months agoTest bitstring macro evaluation.
bluhm [Mon, 26 Aug 2024 12:15:40 +0000 (12:15 +0000)]
Test bitstring macro evaluation.

For all bitstring macros, add a test with side effects in the
arguments.  Also fix compiler warnings and wrap long line.  In
main() replace exit(0) with return(0) to check stack canary.  Create
expected test files with make target create-good.

OK florian deraadt@

2 months agoEvaluate arguments of bitstring macros only once.
bluhm [Mon, 26 Aug 2024 11:52:54 +0000 (11:52 +0000)]
Evaluate arguments of bitstring macros only once.

According to bit_alloc(3) man page the arguments to bitstring macros
are evaluated only once and may safely have side effects.  Fix the
implementation with temporary variables to fulfill this requirement.

OK florian@ deraadt@

2 months agostyle(9) fix. No functional changes.
mvs [Mon, 26 Aug 2024 08:24:25 +0000 (08:24 +0000)]
style(9) fix. No functional changes.

2 months agoC-h should not be treated specially and represented internally as \b but
nicm [Mon, 26 Aug 2024 07:45:05 +0000 (07:45 +0000)]
C-h should not be treated specially and represented internally as \b but
as C-h like the other Ctrl keys. Backspace is already handled separately
if it VERASE.

2 months agoPass the screen_redraw_ctx struct into more functions instead of
nicm [Mon, 26 Aug 2024 07:34:40 +0000 (07:34 +0000)]
Pass the screen_redraw_ctx struct into more functions instead of
individual arguments (for example for the pane status), from Michael
Grant.

2 months agoClient flags was changed to uint64_t a while ago, fix a few cases where
nicm [Mon, 26 Aug 2024 07:30:46 +0000 (07:30 +0000)]
Client flags was changed to uint64_t a while ago, fix a few cases where
it is still int (do not matter now but will with some new flags). From
Michael Grant.

2 months agoAdd window_pane_mode helper function to tell if a pane is in copy mode,
nicm [Mon, 26 Aug 2024 07:14:40 +0000 (07:14 +0000)]
Add window_pane_mode helper function to tell if a pane is in copy mode,
from Michael Grant.

2 months agoAdd copy-mode -d flag to scroll a page down if in copy mode already,
nicm [Mon, 26 Aug 2024 07:09:34 +0000 (07:09 +0000)]
Add copy-mode -d flag to scroll a page down if in copy mode already,
from Michael Grant.

2 months agoUse i2s instead of hard coding the imsg type. Suggested by tb.
florian [Mon, 26 Aug 2024 06:06:04 +0000 (06:06 +0000)]
Use i2s instead of hard coding the imsg type. Suggested by tb.

2 months agoerrno is unset, use fatalx(3) instead of fatal(3).
florian [Mon, 26 Aug 2024 06:05:05 +0000 (06:05 +0000)]
errno is unset, use fatalx(3) instead of fatal(3).

2 months agoBe stricter in what we accept from the main process.
florian [Mon, 26 Aug 2024 06:04:24 +0000 (06:04 +0000)]
Be stricter in what we accept from the main process.

While here mention function where fatalx(3) occurred like everywhere
else.

Suggested by & OK tb

2 months agoannoying whitespace found during an audit process
deraadt [Mon, 26 Aug 2024 03:49:06 +0000 (03:49 +0000)]
annoying whitespace found during an audit process

2 months agoreplace multiple '.arch armv8.3-a' with a pauth target attribute
jsg [Mon, 26 Aug 2024 03:37:56 +0000 (03:37 +0000)]
replace multiple '.arch armv8.3-a' with a pauth target attribute
'no objection' kettenis@

2 months agotypo
miod [Sun, 25 Aug 2024 19:57:33 +0000 (19:57 +0000)]
typo

2 months agomake activate function confirm to the common idiom; ok miod
deraadt [Sun, 25 Aug 2024 14:51:33 +0000 (14:51 +0000)]
make activate function confirm to the common idiom; ok miod

2 months agoDo not peek inside of struct imsg.
florian [Sun, 25 Aug 2024 09:53:53 +0000 (09:53 +0000)]
Do not peek inside of struct imsg.

input & OK tb

2 months agoSince netstart r1.208 (2020), it no longer applies /etc/myname
tb [Sun, 25 Aug 2024 09:32:08 +0000 (09:32 +0000)]
Since netstart r1.208 (2020), it no longer applies /etc/myname

Change Xr from netstart to rc.

From Christian Schulte, ok florian

2 months agosin6_to_str and i2s take a single argument.
florian [Sun, 25 Aug 2024 07:04:05 +0000 (07:04 +0000)]
sin6_to_str and i2s take a single argument.

Pointed out by tb