tb [Sat, 13 Jan 2024 11:00:09 +0000 (11:00 +0000)]
Add a table of digest names, digests and aliases
This is the corresponding commit for digests and their aliases. It
only adds a table to be used in upcoming commits. What was said
about ciphers applies mutatis mutandis to digests.
ok jsing
tb [Sat, 13 Jan 2024 10:57:08 +0000 (10:57 +0000)]
Add a table of cipher names, ciphers and aliases
This arranges the data provided by dynamic library initialization
in a static table and will help avoid gross code with missing error
checking and other defects on every use of the library. This table
isn't pretty due to various naming inconsistecies accumulated over
the decades. It will significantly simplify the implementation of
API such as EVP_get_cipherbyname() and EVP_CIPHER_do_all().
All the table does is map strings to ciphers, typically used on the
openssl(1) command line or in code it's the mechanism that underlies
the map from NID_chacha20 to the data returned by EVP_chacha20().
It's of course more complicated because it just had to be stupid.
This is one of the places where the use of bsearch() is justified.
The price to pay for the simplification is that adding custom aliases
and custom ciphers to this table will no longer be supported. It is
one significant user of the LHASH madness. That's just another piece
of the awful "toolkit aspect"-guided misdesign that contributes to
making this codebase so terrible.
A corresponding table for the digests will be added in the next
commit.
ok jsing
kettenis [Sat, 13 Jan 2024 10:00:27 +0000 (10:00 +0000)]
Provide a more complete implementation of the "component" APIs. Also tweak
the "platform" interfaces to stash away the bits of fdt_attach_args that
we need later on instead of referencing it directly. This makes those
interfaces usable after attach time.
ok jsg@
mlarkin [Fri, 12 Jan 2024 23:50:11 +0000 (23:50 +0000)]
Clarify some behaviour for 'vmctl start' and 'vmctl reload'
Clarify that vmctl start max memory is governed by the vmd(8) user's
max datasize in /etc/login.conf and that vmctl reload only reloads
state for non-running VMs.
ok dv
jsg [Fri, 12 Jan 2024 22:29:04 +0000 (22:29 +0000)]
add license; ok kettenis@
tb [Fri, 12 Jan 2024 19:28:02 +0000 (19:28 +0000)]
Remove X509_STORE_CTX_purpose_inherit(3) documentation
This abomination of an API will be removed. Remove the hairy details of
its internals and make the documentation of X509_STORE_CTX_set_trust(3)
and X509_STORE_CTX_set_purpose(3) independent of it.
Neither of these two remaining APIs can be recommended. Once set, trust
and purpose are sticky. Setting the trust to a different (valid) value
will indicate success but leave the value unchanged. I suppose it means
the new trust value was successfully ignored. Also, setting the trust to
X509_TRUST_DEFAULT can succeed or fail depending on which OpenSSL
derivative you use. Setting the purpose will also set the trust (unless
it is already set). Setting some purposes may or may not fail depending
on the OpenSSL lib.
The only way you have a chance of knowing what will be set is by calling
only one of these functions directly after X509_STORE_CTX_init(). This
isn't really safe either because in some versions the user can override
the values stored in a global table by writing directly to it.
The actual contributions here are rather minimal. State more explicitly
that 0 is invalid (but results in success being returned), document the
error values to be accurate across implementations and call out some of
the nonsense in a CAVEATS section.
Many thanks to schwarze for the very helpful review with lots of input.
ok schwarze
tb [Fri, 12 Jan 2024 13:16:48 +0000 (13:16 +0000)]
appstest: Zap a trailing tab added in previous
job [Fri, 12 Jan 2024 11:24:02 +0000 (11:24 +0000)]
Add -force_pubkey -multivalue-rdn -set_issuer -set_subject -utf8 to x509 app
The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/
OK tb@
claudio [Fri, 12 Jan 2024 11:19:51 +0000 (11:19 +0000)]
Convert the simple IMSG calls in session.c to the new imsg API.
OK tb@
bluhm [Fri, 12 Jan 2024 10:48:03 +0000 (10:48 +0000)]
Send UDP packets in parallel.
Sending UDP packets via datagram socket is MP safe now. Same applies
to raw IPv4 and IPv6, and divert sockets. Switch sosend() from
exclusive net lock to shared net lock in combination with per socket
lock. TCP and GRE still use exclusive net lock.
tested by otto@ and florian@
OK mvs@
ratchov [Fri, 12 Jan 2024 08:47:46 +0000 (08:47 +0000)]
nfssvc: When the client disconnects, close the socket before sleeping.
If the server doesn't close the socket immediately and starts waiting
for the client to reconnect, then the TCP connection will remain open.
The client will have to wait for the connection to be closed in order
to reconnect with the same source port; this never happens, resulting
in a freeze until the file system is umounted.
This change fixes Linux NFS clients freezing after 5 min of inactivity.
ok miod, help from claudio
miod [Thu, 11 Jan 2024 19:16:26 +0000 (19:16 +0000)]
Since no system call takes more than 6 arguments, and no more than one
off_t argument, there is no need to process more than 6 arguments on
64-bit platforms and 8 on 32-bit platforms.
Make the syscall argument gathering code simpler by removing never-used code
to fetch more arguments from the stack, and local argument arrays when pointing
to the trap frame does the job.
ok guenther@ jsing@
jan [Thu, 11 Jan 2024 17:22:04 +0000 (17:22 +0000)]
ifconfig.8: reorder hwfeature list
ok jmc@
jan [Thu, 11 Jan 2024 17:13:48 +0000 (17:13 +0000)]
fix build with VMM_DEBUG option
ok dv@
tb [Thu, 11 Jan 2024 16:45:26 +0000 (16:45 +0000)]
Remove the evp_pkey_method() test
This is a minimal test for an API that will be removed in a subsequent
commit.
claudio [Thu, 11 Jan 2024 15:46:25 +0000 (15:46 +0000)]
rename field ibuf to imsgbuf in struct ctl_conn
OK tb@
claudio [Thu, 11 Jan 2024 15:38:05 +0000 (15:38 +0000)]
Clear the last errors after receiving a RTR_EVNT_END_OF_DATA event.
Once the cache is synced we can assume that the errors are no longer
relevant.
OK tb@
claudio [Thu, 11 Jan 2024 14:34:49 +0000 (14:34 +0000)]
Move the 'Last received shutdown reason:' output a bit down where it makes
more sense.
bluhm [Thu, 11 Jan 2024 14:15:11 +0000 (14:15 +0000)]
Use domain name for socket lock.
Syzkaller with witness complains about lock ordering of pf lock
with socket lock. Socket lock for inet is taken before pf lock.
Pf lock is taken before socket lock for route. This is a false
positive as route and inet socket locks are distinct. Witness does
not know this. Name the socket lock like the domain of the socket,
then rwlock name is used in witness lo_name subtype. Make domain
names more consistent for locking, they were not used anyway.
Regardless of witness problem, unique lock name for each socket
type make sense.
Reported-by: syzbot+34d22dcbf20d76629c5a@syzkaller.appspotmail.com
Reported-by: syzbot+fde8d07ba74b69d0adfe@syzkaller.appspotmail.com
OK mvs@
claudio [Thu, 11 Jan 2024 14:11:03 +0000 (14:11 +0000)]
Clear the last_sent_errcode, last_rcvd_errcode and last_reason when
the session comes up instead of at the start of a connect.
With this the last errors reported should stick around longer.
Reported by linx.net, OK job@
bluhm [Thu, 11 Jan 2024 13:49:49 +0000 (13:49 +0000)]
Fix white spaces in TCP.
claudio [Thu, 11 Jan 2024 13:09:41 +0000 (13:09 +0000)]
Display the exported rtr session state and fix a missing indent.
OK tb@
claudio [Thu, 11 Jan 2024 13:08:39 +0000 (13:08 +0000)]
Export the rtr session state as string.
OK tb@
jca [Thu, 11 Jan 2024 12:31:37 +0000 (12:31 +0000)]
Add basic support for R_386_GOT32X
Repairs ld.bfd operations on i386: since the switch to llvm-16 clang
emits such relocations (eg one is present in /usr/lib/crtbegin.o).
This unbreaks the build of ports/lang/fpc.
Help and tests from tb@, ok tb@ kettenis@
job [Thu, 11 Jan 2024 11:55:14 +0000 (11:55 +0000)]
Make the -P option work for Trust Anchor certificates as well
OK tb@
claudio [Thu, 11 Jan 2024 11:43:07 +0000 (11:43 +0000)]
Try to improve RTR version negotiation.
RFC8210 and especially draft-ietf-sidrops-8210bis are underspecified when
it comes to inital version negotiation. The authors seem to have a very
different view on how this works compared to the various RTR cache
implementations.
Reducing the version on any session close is a problem since it often leads
to downgraded sessions where not needed. Instead require the server to send
PDUs with their correct version (either a code 4 error, a cache response
or cache reset pdu).
Extensively tested against various modes of StayRTR.
Also tested against routinator which is currently not following the spec
(https://github.com/NLnetLabs/routinator/issues/919) and breaks on unknown
versions.
This is probably not the last change to make RTR version negotiation work
but it is a step in the right direction.
OK tb@
stsp [Thu, 11 Jan 2024 09:52:19 +0000 (09:52 +0000)]
handle MHI M1->M2 state transitions in qwx(4)
When the device signals transition to state M1, the MHI driver may
set the device into M2 state to save power. The MHI device will be
woken up again by the driver ringing the wake doorbell register
before doing PCI reads/writes, which qwx(4) already implements.
deraadt [Thu, 11 Jan 2024 07:59:43 +0000 (07:59 +0000)]
add XKH
djm [Thu, 11 Jan 2024 04:50:28 +0000 (04:50 +0000)]
don't disable RSA test when DSA is disabled; bug introduced in last commit
djm [Thu, 11 Jan 2024 01:51:16 +0000 (01:51 +0000)]
ensure key_fd is filled when DSA is disabled; spotted by tb@
djm [Thu, 11 Jan 2024 01:45:58 +0000 (01:45 +0000)]
make DSA testing optional, defaulting to on
ok markus
djm [Thu, 11 Jan 2024 01:45:36 +0000 (01:45 +0000)]
make DSA key support compile-time optional, defaulting to on
ok markus@
tb [Wed, 10 Jan 2024 21:34:53 +0000 (21:34 +0000)]
X509_TRUST: tidy up includes
tb [Wed, 10 Jan 2024 21:19:56 +0000 (21:19 +0000)]
X509_TRUST: group together all trust_*() functions
Now they are next to the trstandard[] table and listed in the order they
appear in the table.
tb [Wed, 10 Jan 2024 21:14:14 +0000 (21:14 +0000)]
X509_TRUST: hoist trust_compat() to the other end of the file
tb [Wed, 10 Jan 2024 21:11:37 +0000 (21:11 +0000)]
X509_TRUST: start shuffling some code around
Hoist obj_trust() to the top and move the static default_trust() next
to its setter.
tb [Wed, 10 Jan 2024 17:31:28 +0000 (17:31 +0000)]
Rework X509_STORE_CTX_set_{purpose,trust}()
Split the two codepaths in x509_vfy_purpose_inherit() into its two callers.
What remains is gross, but at least a reader has a chance of following all
this nonsense without leaving a significant amount of hair behind.
In short, purpose and trust are only overridden if they're not already
set. Otherwise silently ignore valid purpose and trust identifiers that
were passed in and succeed. Error on almost all invalid trust or purpose
ids, except 0, because... well... who knows, really?
ok jsing
bluhm [Wed, 10 Jan 2024 16:44:30 +0000 (16:44 +0000)]
Split UDP PCB table into IPv4 and IPv6.
Having two hash tables instead of a common one, reduces table size
and contention on the per table lock. The address family is always
known in advance. The lookups and loops are more specific.
OK sashan@
claudio [Wed, 10 Jan 2024 16:08:36 +0000 (16:08 +0000)]
Improve rtr_send_error() so that there is no need to log_warnx() before.
Now rtr_send_error() supports a format string for the error message so
use this fact to make the error report better.
OK tb@
claudio [Wed, 10 Jan 2024 14:59:41 +0000 (14:59 +0000)]
Add missing newlines in printf.
tb [Wed, 10 Jan 2024 14:59:19 +0000 (14:59 +0000)]
Inline rsa_is_pss() and rsa_pkey_is_pss()
It's more explicit and not that much longer.
ok jsing
tb [Wed, 10 Jan 2024 14:23:37 +0000 (14:23 +0000)]
Drop an unnecessary cast
from jsing
tb [Wed, 10 Jan 2024 14:22:53 +0000 (14:22 +0000)]
Fix print_fp()
The callback-based printing needs to die. But first BIO_set() will die.
We have a FILE *. We have fprintf(). No need to use a static BIO to dump
error codes to said stream.
This basically undoes an unrelated change of "Move crpytlib.h prior bio.h"
from 19 years ago (OpenSSL
25a66ee3). Except we don't cast and check len.
ok jsing (who had a nearly identical diff)
claudio [Wed, 10 Jan 2024 13:31:09 +0000 (13:31 +0000)]
Implement log_roa() and log_aspa() and use these functions in printconf.c
OK tb@
claudio [Wed, 10 Jan 2024 11:08:04 +0000 (11:08 +0000)]
Update the control.c code to use the new imsg API.
OK tb@
jmc [Wed, 10 Jan 2024 06:33:13 +0000 (06:33 +0000)]
fix incorrect capitalisation;
jmatthew [Wed, 10 Jan 2024 05:06:00 +0000 (05:06 +0000)]
If bringing up a queue fails, only tear down the ones that we set up
successfully, rather than trying to tear them all down and crashing.
tested by hrvoje, who can make queue setup fail sometimes
ok bluhm@
cheloha [Wed, 10 Jan 2024 04:28:43 +0000 (04:28 +0000)]
pthread_cond_timedwait(3): accept negative absolute timeouts
Negative absolute timeouts are valid inputs.
With input from kettenis@.
Thread: https://marc.info/?l=openbsd-tech&m=
170467558006767&w=2
ok guenther@
dv [Wed, 10 Jan 2024 04:13:59 +0000 (04:13 +0000)]
vmm/vmd: add io instruction length to exit information.
Add the instruction length to the vm exit information to allower
vmd(8) to manipulate the instruction pointer after io emulation.
This is preparation for emulating string-based io instructions.
Removes the instruction pointer update from the kernel (vmm(4)) as
well as the instruction length checks, which were overly restrictive
anyways based on the way prefixes work in x86 instructions.
ok mlarkin@
djm [Tue, 9 Jan 2024 22:19:36 +0000 (22:19 +0000)]
extend ChannelTimeout regression test to exercise multiplexed connections
and the new "global" timeout type. ok dtucker@
djm [Tue, 9 Jan 2024 22:19:00 +0000 (22:19 +0000)]
add a "global" ChannelTimeout type to ssh(1) and sshd(8) that watches
all open channels and will close all open channels if there is no
traffic on any of them for the specified interval. This is in addition
to the existing per-channel timeouts added a few releases ago.
This supports use-cases like having a session + x11 forwarding channel
open where one may be idle for an extended period but the other is
actively used. The global timeout would allow closing both channels when
both have been idle for too long.
ok dtucker@
djm [Tue, 9 Jan 2024 21:39:14 +0000 (21:39 +0000)]
adapt ssh_api.c code for kex-strict
from markus@ ok me
bluhm [Tue, 9 Jan 2024 19:57:00 +0000 (19:57 +0000)]
Convert some struct inpcb parameter to const pointer.
OK millert@
claudio [Tue, 9 Jan 2024 15:13:49 +0000 (15:13 +0000)]
The End of Data PDU changed between v0 (RFC6810) and v1 (RFC8210).
Add struct rtr_endofdata_v0 and rtr_parse_end_of_data_v0() to handle this
oddity. With this bgpd supports RFC6810 and RFC8210 and some form of
draft-ietf-sidrops-8210bis
OK tb@
claudio [Tue, 9 Jan 2024 14:43:41 +0000 (14:43 +0000)]
rtr_parse_notify() state check is special since we ignore the PDU when
it arrives in a strange moment. The RFC is as helpful about this as one
could expect. Still I botched the state check and later added an
rtr_send_error() call which made the previous worse.
OK tb@
claudio [Tue, 9 Jan 2024 14:15:15 +0000 (14:15 +0000)]
Be more consistent with RTR parse error reporting.
Stop calling rtr_send_error() after a parse error in rtr_process_msg();
instead move the calls into the parse functions.
Use consistend and useful error text to most rtr_send_error() calls.
In parse header also check the minimal version for router key and ASPA pdus
before checking their length.
OK tb@
claudio [Tue, 9 Jan 2024 13:41:32 +0000 (13:41 +0000)]
Convert the parent process imsg handling over to the new imsg API.
This simplifies the code a fair bit and removes direct unchecked memory
access to imsg.data.
OK tb@
tb [Tue, 9 Jan 2024 07:25:57 +0000 (07:25 +0000)]
Fix copy-paste error that broke openssl-ruby and openssl regress
Noticed by anton
jsg [Tue, 9 Jan 2024 07:10:00 +0000 (07:10 +0000)]
remove unused of_device_get_match_data() prototype
jsg [Tue, 9 Jan 2024 05:49:44 +0000 (05:49 +0000)]
inline -> static inline ; fixes sparc64 build
jmatthew [Tue, 9 Jan 2024 04:32:29 +0000 (04:32 +0000)]
remove needless comment
jmatthew [Tue, 9 Jan 2024 04:29:46 +0000 (04:29 +0000)]
If there are still mbufs on a ring when we're freeing it,
it'd be a good idea to free them too.
ok dlg@
jsg [Tue, 9 Jan 2024 03:53:09 +0000 (03:53 +0000)]
avoid unused var warning on sparc64
guenther [Tue, 9 Jan 2024 03:15:59 +0000 (03:15 +0000)]
Delete support for FFS filesystems before the in-inode symlink
optimization. As observed by ali_farzanrad(at)riseup.net, support
for these was broken in the 5.5 release in early 2014 by the time_t
changes. No one noticed before now, so clearly this isn't something
we need to continue to support; rejecting in ffs_validate() is an
improvement.
Also: simplify DIRSIZ(), drop OLDDIRFMT and NEWDIRFMT, tests of
fs_maxsymlinklen against zero, #ifdef tests of FS_44INODEFMT, and
remove support for newfs -O0, last used in 2016.
ok miod@
kettenis [Mon, 8 Jan 2024 19:52:29 +0000 (19:52 +0000)]
Implement RootPathString support in the LoadTable() AML function. Fixes
booting OpenBSD on some (ancient?) Hyper-V version.
Tested by Henryk Paluch
ok mlarkin@
tb [Mon, 8 Jan 2024 19:46:19 +0000 (19:46 +0000)]
Only use DIR_VALID in noop mode
Looking in DIR_TEMP will not find a file, resulting in lots of ugly
printf (null). This is another bandaid until I figure out how to fix
my fix for this function...
with/ok job
claudio [Mon, 8 Jan 2024 16:39:17 +0000 (16:39 +0000)]
Rework rtr_parse_header() and introduce rtr_check_session_id() to make
the initial header parsing simpler.
This also allows to simplify the version negotiation dance a bit. More
is needed there.
OK tb@
claudio [Mon, 8 Jan 2024 15:09:14 +0000 (15:09 +0000)]
Simplify the IMSG_CTL_KROUTE after the change in bgpd.
OK tb@
claudio [Mon, 8 Jan 2024 15:08:34 +0000 (15:08 +0000)]
Define and use struct ctl_kroute_req to encode the arguments of
IMSG_CTL_KROUTE instead of doing it by hand.
OK tb@
tb [Mon, 8 Jan 2024 10:06:50 +0000 (10:06 +0000)]
Disable X509_STORE_CTX_purpose_inherit()
Nothing uses this function, except two internal callers. So split its guts
temporarily into a helper function and disable the gross general case.
The internal helper can be simplified by observing that def_purpose == 0:
Overriding 0 by 0 doesn't do anything, so drop that bit. Rename ptmp into
purp, and inline X509_PURPOSE_get_by_id(), i.e., make appropriate checks and
subtract X509_PURPOSE_MIN. The fallback to X509_PURPOSE_get_by_id(0) will
always fail since X509_PURPOSE_MIN == 1. So ditch that call. In particular,
X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_ANY) fails in current because
of this. That's nonsense. So remove the purp->trust == X509_TRUST_DEFAULT
check as only change of behavior. This matches what OpenSSL do nowadays.
They now set def_purpose = purpose if purpose != 0 and def_purpose == 0,
so in all real-world uses of this function they will just fetch the same
purpose again and do not check for default trust the second time around.
Finally, X509_TRUST_get_by_id() is only used to ensure that a non-zero (or
overridden) trust is between X509_TRUST_MIN and X509_TRUST_MAX. So expand
that into its explicit form.
ok jsing
tb [Mon, 8 Jan 2024 09:51:09 +0000 (09:51 +0000)]
Inline X509_{TRUST,PUPROSE}_set() in their only callers
They are now unused and will join the exodus to the attic in the next bump.
ok jsing
tb [Mon, 8 Jan 2024 09:31:09 +0000 (09:31 +0000)]
const correct aesni_{128,256}_cbc_hmac_sha1_cipher
tb [Mon, 8 Jan 2024 08:26:38 +0000 (08:26 +0000)]
Fix regress build since the reacharounds are fragile
noted by anton
djm [Mon, 8 Jan 2024 05:11:18 +0000 (05:11 +0000)]
Remove outdated note from PROTOCOL.mux
Port forward close by control master is already implemented
by `mux_master_process_close_fwd` in `mux.c`
GHPR442 from bigb4ng
djm [Mon, 8 Jan 2024 05:05:15 +0000 (05:05 +0000)]
fix missing field in users-groups-by-id@openssh.com reply documentation
GHPR441 from TJ Saunders
yasuoka [Mon, 8 Jan 2024 04:16:48 +0000 (04:16 +0000)]
Pass the request packet to response decorations for future use.
This is required for many cases and will be used future.
djm [Mon, 8 Jan 2024 04:10:03 +0000 (04:10 +0000)]
make kex-strict section more explicit about its intent: banning all
messages not strictly required in KEX
tb [Mon, 8 Jan 2024 03:32:01 +0000 (03:32 +0000)]
Fix logic error (&& -> ||)
CID 477172
djm [Mon, 8 Jan 2024 00:34:33 +0000 (00:34 +0000)]
remove ext-info-* in the kex.c code, not in callers; with/ok markus@
djm [Mon, 8 Jan 2024 00:30:39 +0000 (00:30 +0000)]
fix typo; spotted by Albert Chin
bluhm [Sun, 7 Jan 2024 21:01:45 +0000 (21:01 +0000)]
In ixl(4) attach, initialize mutex before using it.
Function ixl_get_link_status() calls ixl_set_link_status() which
locks sc_link_state_mtx. Move initilization of mutex before calling
ixl_get_link_status(). This makes witness happy.
Bug reported and fix tested by Hrvoje Popovski; OK miod@
miod [Sun, 7 Jan 2024 20:52:44 +0000 (20:52 +0000)]
Error out if one syscall ever takes more than 6 arguments.
This is not necessarily wrong per se, but would need special consideration,
as not all platforms are currently able to process more than six syscall
arguments (and upcoming diffs will rely upon reasonably-sized argument
lists), so better break now and reconsider later if need be.
ok deraadt@
tb [Sun, 7 Jan 2024 19:59:32 +0000 (19:59 +0000)]
Garbage collect call to X509_TRUST_cleanup()
Since x509_trs.c r1.33, this is a noop.
cheloha [Sun, 7 Jan 2024 19:44:28 +0000 (19:44 +0000)]
libc, librthread: _twait: subtraction is not comparison
Compare the current time with the absolute timeout before computing
the relative timeout to avoid arithmetic overflow. Fixes a bug where
large negative absolute timeouts are subtracted into large positive
relative timeouts and incorrectly cause the caller to block.
While here, use timespeccmp(3) and timespecsub(3) to simplify the
code.
Thread: https://marc.info/?l=openbsd-tech&m=
169945962503129&w=2
tb [Sun, 7 Jan 2024 18:15:42 +0000 (18:15 +0000)]
Minor cleanup in X509_STORE_CTX_purpose_inherit()
Make a few checks against 0 explicit to reduce noise in an upcoming diff
and tiny KNF tweaks.
tb [Sun, 7 Jan 2024 16:22:46 +0000 (16:22 +0000)]
purpose/trust: Improve comments about COUNT/MAX confusion
tb [Sun, 7 Jan 2024 16:18:18 +0000 (16:18 +0000)]
const-correct r4_hmac_md5_cipher
tb [Sun, 7 Jan 2024 15:42:57 +0000 (15:42 +0000)]
Convert the remaining legacy ciphers to C99 initializers
No change in the generated aarch64 assembly apart from line number changes.
ok jsing
tb [Sun, 7 Jan 2024 15:21:04 +0000 (15:21 +0000)]
Improve EVP_CIPHER_{get,set}_asn1_iv()
Use iv_len for the variables storing the IV length, formerly l and j.
Remove use of the unnecessary variable i and unindent the whole mess.
Some return values are fishy. That will be addressed in subsequent
commits.
ok jsing
tb [Sun, 7 Jan 2024 14:50:45 +0000 (14:50 +0000)]
Remove X509_TRUST extensibility
This is pretty much identical to the X509_PURPOSE case: remove the stack
used for extending and overriding the trust table and make X509_TRUST_add()
always fail. Simplify some other bits accordingly.
ok jsing
tb [Sun, 7 Jan 2024 09:48:29 +0000 (09:48 +0000)]
rpki-client: zap a stray space
tb [Sun, 7 Jan 2024 09:48:03 +0000 (09:48 +0000)]
rpki-client: print revocation time in filemode
If a certificate was revoked, extract the revocation timestamp and
update the warning message in filemode to include it.
ok job
tb [Sat, 6 Jan 2024 20:47:01 +0000 (20:47 +0000)]
Zap some more CRL method things
bluhm [Sat, 6 Jan 2024 19:34:54 +0000 (19:34 +0000)]
Prevent use after free of TLS context at syslogd(8) shutdown.
When splitting the event fields f_ev and f_bufev, disabling some
events was missed. Callbacks could happen after tls_free(). Call
bufferevent_disable() before f_bufev and struct filed are cleaned.
In some error cases f_bufev might be NULL, add a check before
cleanup.
OK tb@
mglocker [Sat, 6 Jan 2024 17:47:43 +0000 (17:47 +0000)]
Zap more obsolete debug code.
tb [Sat, 6 Jan 2024 17:43:39 +0000 (17:43 +0000)]
Remove X509_PURPOSE_cleanup() call in OPENSSL_cleanup()
Since x509_purp.c r1.34 this is a noop since there is nothing to clean up
anymore. Remove the last caller.
tb [Sat, 6 Jan 2024 17:37:23 +0000 (17:37 +0000)]
Remove X509_CRL_METHOD internals
Another complication of dubious value that nobody's ever used. crl_init(),
crl_free() and the meth_data are dead weight, as are their accessors.
Inline def_crl_verify() in X509_CRL_verify() so that the latter becomes
the trivial wrapper of ASN1_item_verify() that one would expect it to be.
It is quite unclear what kind of customization would make sense here...
def_crl_lookup() is renamed into crl_lookup() and its two callers,
X509_CRL_lookup_by_{serial,cert}(), are moved below it so that we
don't need a prototype.
ok jsing
tb [Sat, 6 Jan 2024 17:17:08 +0000 (17:17 +0000)]
Remove X509_PURPOSE extensibility
Another bit of global state without lock protection. The by now familiar
complications of a stack to make this user configurable, which, of course,
no one ever did. The table is not currently const, and the API exposes its
entries directly, so anyone can modify it. This fits very well with the
safety guarantees of Rust's 'static lifetime, which is how rust-openssl
exposes it (for no good reason).
Remove the stack and make the X509_PURPOSE_add() API always fail.
Simplify the other bits accordingly.
In addition, this API inflicts the charming difference between purpose
identifiers and purpose indexes (the former minus one) onto the user.
Neither of the two obvious solutions to avoid this trap seems to have
crossed the implementer's mind.
ok jsing
jsg [Sat, 6 Jan 2024 15:52:13 +0000 (15:52 +0000)]
revert component_add() change
avoids fault in amdgpu_dm_audio_component_bind()
problem reported by matthieu@
schwarze [Sat, 6 Jan 2024 15:38:45 +0000 (15:38 +0000)]
Ergaenzung der fehlenden Jahreszahlen;
Flicken von Lennart Jablonka <humm bei ljabl Punkt com>