openbsd
6 years agoAdd regress for kcov. It will only run if /dev/kcov can be opened successfully.
anton [Sun, 26 Aug 2018 08:12:09 +0000 (08:12 +0000)]
Add regress for kcov. It will only run if /dev/kcov can be opened successfully.

6 years agoAdd test cases for private versus non-private futexes.
visa [Sun, 26 Aug 2018 06:50:30 +0000 (06:50 +0000)]
Add test cases for private versus non-private futexes.

While here, fix timeout handling in futex_twait(), and fix the return
value of functions awakener() and signaled().

OK mpi@

6 years agoreturn -1 from the interrupt handler if we didn't find any work to do
jmatthew [Sun, 26 Aug 2018 06:40:03 +0000 (06:40 +0000)]
return -1 from the interrupt handler if we didn't find any work to do

6 years agosync
deraadt [Sat, 25 Aug 2018 22:54:09 +0000 (22:54 +0000)]
sync

6 years agoAdd code to print the characteristics of the caches that can be discovered
kettenis [Sat, 25 Aug 2018 20:45:28 +0000 (20:45 +0000)]
Add code to print the characteristics of the caches that can be discovered
through the CLIDR_EL1 register.

ok patrick@

6 years agoAdd GPT support. Mostly copied from amd64.
kettenis [Sat, 25 Aug 2018 20:43:39 +0000 (20:43 +0000)]
Add GPT support.  Mostly copied from amd64.

ok krw@

6 years agoAdd umt(4) for USB Windows Precision Touchpad devices
jcs [Sat, 25 Aug 2018 20:31:31 +0000 (20:31 +0000)]
Add umt(4) for USB Windows Precision Touchpad devices

Based on imt(4)

Rename HIDMT_INPUT_MODE_MT to HIDMT_INPUT_MODE_MT_TOUCHPAD

ok deraadt

6 years agoremove unused header
gilles [Sat, 25 Aug 2018 19:05:23 +0000 (19:05 +0000)]
remove unused header

from Freddy Dissaux

6 years agoUse __HAVE_ACPI to decide whether ACPI support should be considered.
kettenis [Sat, 25 Aug 2018 18:42:43 +0000 (18:42 +0000)]
Use __HAVE_ACPI to decide whether ACPI support should be considered.

ok deraadt@, krw@, jca@

6 years agoMove HID->bus constant conversion for HID report types out of ihidev
jcs [Sat, 25 Aug 2018 18:32:05 +0000 (18:32 +0000)]
Move HID->bus constant conversion for HID report types out of ihidev
into hidmt.

The HID code uses hid_feature, hid_input, and hid_output constants
to refer to report types internally that then need to be converted
to their bus-level counterparts before actually getting sent out (so
hid_feature becomes UHID_FEATURE_REPORT for USB,
I2C_HID_REPORT_TYPE_FEATURE for i2c).

This conversion was hard-coded in ihidev but ihidev_[gs]et_report
should assume the type passed is already an i2c-level define, not a
hid one.  This is how uhidev does it.

Add a conversion routine callback that any hidmt callers need to set
so that hidmt can convert hid constants to the bus-level versions.

Also add a similar conversion function to uhidev.

ok deraadt

6 years agoregen
kettenis [Sat, 25 Aug 2018 17:39:15 +0000 (17:39 +0000)]
regen

6 years agoAudio as found on an "Oland" Radeon card. Naming is a bit arbitrary, but
kettenis [Sat, 25 Aug 2018 17:38:28 +0000 (17:38 +0000)]
Audio as found on an "Oland" Radeon card.  Naming is a bit arbitrary, but
this one is present on several GCN gen 1 cards that have names that start
in the HD 7700 range.

6 years agoDefine __HAVE_ACPI.
kettenis [Sat, 25 Aug 2018 17:24:22 +0000 (17:24 +0000)]
Define __HAVE_ACPI.

ok deraadt@, krw@, jca@

6 years agofix misplaced parenthesis inside an if-clause. already fixed in FreeBSD in rev
mestre [Sat, 25 Aug 2018 17:09:40 +0000 (17:09 +0000)]
fix misplaced parenthesis inside an if-clause. already fixed in FreeBSD in rev
295608.

OK jca@

6 years agofix misplaced parenthesis inside an if-clause. already fixed in NetBSD in rev
mestre [Sat, 25 Aug 2018 17:07:20 +0000 (17:07 +0000)]
fix misplaced parenthesis inside an if-clause. already fixed in NetBSD in rev
1.13.

OK stsp@ jca@ claudio@

6 years agooops, hook up the tests for the roff(7) .char request
schwarze [Sat, 25 Aug 2018 16:46:28 +0000 (16:46 +0000)]
oops, hook up the tests for the roff(7) .char request

6 years agoRudimentary implementation of the roff(7) .char (output glyph
schwarze [Sat, 25 Aug 2018 16:43:52 +0000 (16:43 +0000)]
Rudimentary implementation of the roff(7) .char (output glyph
definition) request, used for example by groff_hdtbl(7).

This simplistic implementation may interact incorrectly
with the .tr (input character translation) request.
But come on, you are not only using .char *and* .tr, but you do so
with respect to the same character in the same manual page?

6 years agoFix printing of ioapic remapping messages; avoid printing duplicate info.
kettenis [Sat, 25 Aug 2018 16:09:29 +0000 (16:09 +0000)]
Fix printing of ioapic remapping messages; avoid printing duplicate info.

ok deraadt@

6 years agoprocess -> thread
anton [Sat, 25 Aug 2018 15:41:05 +0000 (15:41 +0000)]
process -> thread

6 years agoChange kcov semantics, kernel code coverage tracing is now enabled on a per
anton [Sat, 25 Aug 2018 15:38:07 +0000 (15:38 +0000)]
Change kcov semantics, kernel code coverage tracing is now enabled on a per
thread basis instead of process. The decision to enable on process made
development easier initially but could lead to non-deterministic results for
processes with more than one thread. This behavior matches the implementation
found on both Linux and FreeBSD.

With help and ok mpi@ visa@

6 years agomarkup flag arguments; ok jmc@ schwarze@
anton [Sat, 25 Aug 2018 15:18:34 +0000 (15:18 +0000)]
markup flag arguments; ok jmc@ schwarze@

6 years agoIf man(7) next-line scope is open and the line ends with \c,
schwarze [Sat, 25 Aug 2018 12:28:52 +0000 (12:28 +0000)]
If man(7) next-line scope is open and the line ends with \c,
the scope remains open.  Needed for example for groff_man(7).

6 years agoThe current rasops cursor implementation simply inverts the appropriate
kettenis [Sat, 25 Aug 2018 12:23:45 +0000 (12:23 +0000)]
The current rasops cursor implementation simply inverts the appropriate
framebuffer pixels by doing an XOR with an all-ones bit pattern.  This
means the code has to read from the framebuffer which can be very slow.
Add an implementation that simply redraws the character covered by the
cursor with the foreground and background color swapped.  While this
doesn't necessarily have the same visual result, most people probably
won't notice the difference (let's see).  Use this implementation when
the RI_WRONLY or the RI_VCONS flags are set.

ok fcambus@

6 years agoInsert new child nodes at the end.
kettenis [Sat, 25 Aug 2018 10:41:38 +0000 (10:41 +0000)]
Insert new child nodes at the end.

ok patrick@

6 years agoAlso run DSA tests with the PEM encoded public key.
tb [Sat, 25 Aug 2018 10:07:16 +0000 (10:07 +0000)]
Also run DSA tests with the PEM encoded public key.

6 years agoMatch ACPI devices based on _CID if no match for _HID is found.
kettenis [Sat, 25 Aug 2018 09:39:20 +0000 (09:39 +0000)]
Match ACPI devices based on _CID if no match for _HID is found.

ok mpi@

6 years agoAs Intel(TM) cpus are discovered to have more bugs, more workaround MSRs
deraadt [Sat, 25 Aug 2018 05:29:28 +0000 (05:29 +0000)]
As Intel(TM) cpus are discovered to have more bugs, more workaround MSRs
are added.  Presence of such MSRs is indicated with a feature flag, which
we probe and print at startup for each AP CPU.  EFI screen scrolling hasn't
gotten faster (yet) and 9600 baud serial console is still the same speed
as 1980.   Final piece of the puzzle is machines have more cpus, providing
more opportunity for screen scrolling and serial fifo's to fill up.  The
BSP cpu is watching the AP cpus probe and print, but increased latency
causes it to exceed a timeout and print "cpuXX: failed messages".
Crank that timeout.
discussed with kettenis, ok guenther

6 years agoRework disks to have pluggable backends.
ccardenas [Sat, 25 Aug 2018 04:16:09 +0000 (04:16 +0000)]
Rework disks to have pluggable backends.

This is prep work for adding qcow2 image support.

From Ori Bernstein.  Many thanks!

Tested by many.

OK ccardenas@

6 years agoDon't treat UnicodeChar == 0 as a keyboard input. The same fix was
yasuoka [Sat, 25 Aug 2018 00:12:14 +0000 (00:12 +0000)]
Don't treat UnicodeChar == 0 as a keyboard input.  The same fix was
done on amd64 already.  Original diff from Frank Groeneveld

ok tb patrick

6 years agoFix dates that got broken by committing from one day to another
schwarze [Fri, 24 Aug 2018 23:01:51 +0000 (23:01 +0000)]
Fix dates that got broken by committing from one day to another
due to timezone differences.

6 years agoupdate usage for pkcs8;
jmc [Fri, 24 Aug 2018 22:56:45 +0000 (22:56 +0000)]
update usage for pkcs8;
ok tb

6 years agoRudimentary implementation of the roff(7) .while request.
schwarze [Fri, 24 Aug 2018 22:56:37 +0000 (22:56 +0000)]
Rudimentary implementation of the roff(7) .while request.
Needed for example by groff_hdtbl(7).

There are two limitations:
It does not support nested .while requests yet,
and each .while loop must start and end in the same scope.

The roff_parseln() return codes are now more flexible
and allow OR'ing options.

6 years agotweak previous;
jmc [Fri, 24 Aug 2018 21:29:51 +0000 (21:29 +0000)]
tweak previous;

6 years agosync libcrypto relink file
sthen [Fri, 24 Aug 2018 21:29:45 +0000 (21:29 +0000)]
sync libcrypto relink file

6 years agosync
tb [Fri, 24 Aug 2018 20:34:37 +0000 (20:34 +0000)]
sync

6 years agocrank majors after symbol addition/modification/removal
tb [Fri, 24 Aug 2018 20:33:17 +0000 (20:33 +0000)]
crank majors after symbol addition/modification/removal

6 years agoAdjust documentation for SSL_copy_session_id()
tb [Fri, 24 Aug 2018 20:31:32 +0000 (20:31 +0000)]
Adjust documentation for SSL_copy_session_id()

ok jsing

6 years agoLet SSL_copy_session_id() return an int for error checking.
tb [Fri, 24 Aug 2018 20:30:21 +0000 (20:30 +0000)]
Let SSL_copy_session_id() return an int for error checking.

Accordingly, add some error checking to SSL_copy_session_id(),
BIO_ssl_copy_session_id(), and SSL_dup().
Prompted by OpenSSL commit 17dd65e6e1f

Tested in a bulk build by sthen

ok jsing

6 years agoAdd const to EVP_PKCS82PKEY().
tb [Fri, 24 Aug 2018 20:26:03 +0000 (20:26 +0000)]
Add const to EVP_PKCS82PKEY().

tested in a bulk by sthen
ok jsing

6 years agoAdd consts to EVP_PKEY_asn1_set_private()
tb [Fri, 24 Aug 2018 20:22:15 +0000 (20:22 +0000)]
Add consts to EVP_PKEY_asn1_set_private()

Requires adding a const to the priv_decode() member of
EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode()
functions. All this is already documented this way.

tested in a bulk build by sthen
ok jsing

6 years agoAfter removing support for broken PKCS#8 formats (it was high time),
tb [Fri, 24 Aug 2018 20:17:33 +0000 (20:17 +0000)]
After removing support for broken PKCS#8 formats (it was high time),
we can add const to PKCS8_pkey_get0().  In order for this to work,
we need to sprinkle a few consts here and there.

tested in a bulk by sthen
ok jsing

6 years agoThe broken pkcs8 formats generated by openssl pkcs -{embed,nooct,nsdb}
tb [Fri, 24 Aug 2018 20:12:24 +0000 (20:12 +0000)]
The broken pkcs8 formats generated by openssl pkcs -{embed,nooct,nsdb}
are no longer supported. Remove their documentation.

ok jsing

6 years agoStop handling broken PKCS#8 formats in openssl(1).
tb [Fri, 24 Aug 2018 20:09:56 +0000 (20:09 +0000)]
Stop handling broken PKCS#8 formats in openssl(1).

ok jsing

6 years agoRemove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()
tb [Fri, 24 Aug 2018 20:07:41 +0000 (20:07 +0000)]
Remove EVP_PKEY2PKCS8_broken() and PKCS8_set_broken()

Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs().
Remove the whole broken code and simplify pkcs8_priv_key_info_st
accordingly. Based on OpenSSL commit
54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was
added later.

tested in a bulk build by sthen
ok jsing

6 years agoDocument const change for OCSP_cert_to_id()
tb [Fri, 24 Aug 2018 20:04:10 +0000 (20:04 +0000)]
Document const change for OCSP_cert_to_id()

ok jsing

6 years agoAdd const to two arguments of OCSP_cert_to_id()
tb [Fri, 24 Aug 2018 20:03:21 +0000 (20:03 +0000)]
Add const to two arguments of OCSP_cert_to_id()

tested in a bulk by sthen
ok jsing

6 years agoProvide X509_get0_serialNumber()
tb [Fri, 24 Aug 2018 19:59:32 +0000 (19:59 +0000)]
Provide X509_get0_serialNumber()

tested in a bulk by sthen
ok jsing

6 years agoTurn a number of #defines into proper functions with prototypes matching
tb [Fri, 24 Aug 2018 19:55:58 +0000 (19:55 +0000)]
Turn a number of #defines into proper functions with prototypes matching
those that OpenSSL has had for ages.

ok jsing

6 years agoChange PEM_Sign{Init,Update}() to return an int.
tb [Fri, 24 Aug 2018 19:51:31 +0000 (19:51 +0000)]
Change PEM_Sign{Init,Update}() to return an int.

tested in a bulk by sthen
ok jsing

6 years agoCheck return value of EVP_EncodeUpdate() in PEM_write_bio().
tb [Fri, 24 Aug 2018 19:48:39 +0000 (19:48 +0000)]
Check return value of EVP_EncodeUpdate() in PEM_write_bio().

ok jsing

6 years agoCheck return value of EVP_EncodeUpdate() in b64_write().
tb [Fri, 24 Aug 2018 19:47:25 +0000 (19:47 +0000)]
Check return value of EVP_EncodeUpdate() in b64_write().

ok jsing

6 years agoConvert EVP_EncodeUpdate() to return an int to allow for error
tb [Fri, 24 Aug 2018 19:45:11 +0000 (19:45 +0000)]
Convert EVP_EncodeUpdate() to return an int to allow for error
checking. Matches our documented behavior.

Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387

tested in a bulk by sthen
ok jsing

6 years agoProvide EVP_CIPHER_CTX_encrypting().
tb [Fri, 24 Aug 2018 19:36:52 +0000 (19:36 +0000)]
Provide EVP_CIPHER_CTX_encrypting().

tested in a bulk by sthen
ok jsing

6 years agounifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE.
jsing [Fri, 24 Aug 2018 19:35:05 +0000 (19:35 +0000)]
unifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE.

This code has been rotting since 2006.

ok bcook@ tb@

6 years agoDocument prototype change and return values for BIO_set_cipher()
tb [Fri, 24 Aug 2018 19:32:26 +0000 (19:32 +0000)]
Document prototype change and return values for BIO_set_cipher()

ok jsing

6 years agoReturn an int in BIO_set_cipher() to be able to report errors.
tb [Fri, 24 Aug 2018 19:30:24 +0000 (19:30 +0000)]
Return an int in BIO_set_cipher() to be able to report errors.

tested in a bulk by sthen
ok jsing

6 years agoIn DSO_up_ref(), check return value of CRYPTO_add() and report
tb [Fri, 24 Aug 2018 19:27:01 +0000 (19:27 +0000)]
In DSO_up_ref(), check return value of CRYPTO_add() and report
failure accordingly.

ok jsing

6 years agoIn ENGINE_up_ref(), check return value of CRYPTO_add() and report
tb [Fri, 24 Aug 2018 19:25:31 +0000 (19:25 +0000)]
In ENGINE_up_ref(), check return value of CRYPTO_add() and report
failure accordingly.

ok jsing

6 years agoDocument new prototype and return values of X509_OBJECT_up_ref_count()
tb [Fri, 24 Aug 2018 19:23:07 +0000 (19:23 +0000)]
Document new prototype and return values of X509_OBJECT_up_ref_count()

ok jsing

6 years agoMake X509_OBJECT_up_ref_count return an int.
tb [Fri, 24 Aug 2018 19:21:09 +0000 (19:21 +0000)]
Make X509_OBJECT_up_ref_count return an int.
Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387

tested in a bulk by sthen
ok jsing

6 years agoUpdate documentation of CRYPTO_mem_leaks*.
tb [Fri, 24 Aug 2018 19:17:38 +0000 (19:17 +0000)]
Update documentation of CRYPTO_mem_leaks*.

ok jsing

6 years agoLet CRYPTO_mem_leaks{,_fp,_cb}() return -1.
tb [Fri, 24 Aug 2018 19:16:03 +0000 (19:16 +0000)]
Let CRYPTO_mem_leaks{,_fp,_cb}() return -1.

These functions are no-ops. Their signature was changed by OpenSSL
to allow error checking.  This way we return an error and do not
indicate the (non-)existence of memory leaks.

tested in a bulk by sthen
ok jsing

6 years agoDrop special handling of SIGSYS.
cheloha [Fri, 24 Aug 2018 18:36:56 +0000 (18:36 +0000)]
Drop special handling of SIGSYS.

Tolerance for up to 25 SIGSYS deliveries was added to init(8) soon after
the addition of sysctl(2) at CSRG, presumably to ease the transition to
the new ABI.

After 25 years of work the ABI transition is finally complete and we can
now safely remove this splint.

In general, we now have better practices and methods for helping userspace
across kernel ABI breaks.

ok deraadt@

6 years agoSimplify session ticket parsing/handling.
jsing [Fri, 24 Aug 2018 18:10:25 +0000 (18:10 +0000)]
Simplify session ticket parsing/handling.

The original implementation is rather crazy and means that we effectively
have two lots of code that parse a ClientHello and two lots of code that
parse TLS extensions. Partially simplify this by passing a CBS containing
the extension block through to the session handling functions, removing the
need to reimplement the ClientHello parsing.

While here standarise on naming for session_id and session_id_len.

ok inoguchi@ tb@

6 years agoPull up the parsing of a ClientHello.
jsing [Fri, 24 Aug 2018 17:44:22 +0000 (17:44 +0000)]
Pull up the parsing of a ClientHello.

Parse up until the extensions (if any), then proceed with processing,
rather than gradually parsing while processing. This makes the code
cleaner, requires messages to be valid before processing and makes way
for upcoming changes.

ok inoguchi@ tb@

6 years agoAdd my copyright.
tb [Fri, 24 Aug 2018 17:37:25 +0000 (17:37 +0000)]
Add my copyright.

Discussed with jsing

6 years agoRemove DSA from TODO list and add RSA-PSS back.
tb [Fri, 24 Aug 2018 17:35:52 +0000 (17:35 +0000)]
Remove DSA from TODO list and add RSA-PSS back.

6 years agoAlso test DSA with the DER encoded key. Lots of help from jsing, thanks!
tb [Fri, 24 Aug 2018 17:34:46 +0000 (17:34 +0000)]
Also test DSA with the DER encoded key. Lots of help from jsing, thanks!

6 years agoClean up handshake message start/finish functions.
jsing [Fri, 24 Aug 2018 17:30:32 +0000 (17:30 +0000)]
Clean up handshake message start/finish functions.

Now that all handshake messages are created using CBB, remove the non-CBB
ssl3_handshake_msg_start()/ssl3_handshake_msg_finish() functions. Rename
the CBB variants by dropping the _cbb suffix.

ok bcook@ inoguchi@ tb@

6 years agoAdd common Ethernet interface attributes to vio(4)'s build config.
visa [Fri, 24 Aug 2018 16:07:01 +0000 (16:07 +0000)]
Add common Ethernet interface attributes to vio(4)'s build config.

OK deraadt@

6 years ago/tmp/cvsJqyynm
edd [Fri, 24 Aug 2018 13:14:14 +0000 (13:14 +0000)]
/tmp/cvsJqyynm

6 years agoAdd a regression test for the kernel stack exhaustion bug.
visa [Fri, 24 Aug 2018 12:46:39 +0000 (12:46 +0000)]
Add a regression test for the kernel stack exhaustion bug.

OK anton@

6 years agoRemove all knotes from a file descriptor before closing the file in
visa [Fri, 24 Aug 2018 12:45:27 +0000 (12:45 +0000)]
Remove all knotes from a file descriptor before closing the file in
fdfree(). This fixes a resource leak with cyclic kqueue references and
prevents a kernel stack exhaustion scenario with long kqueue chains.

OK mpi@

6 years agoInclude the list of multicast groups in the rx filter configuration.
jmatthew [Fri, 24 Aug 2018 12:35:10 +0000 (12:35 +0000)]
Include the list of multicast groups in the rx filter configuration.
The adapter reads this from host memory, so we allocate a new page for it.
The rx filter code ends up looking a lot more like other drivers as a
result.

6 years ago- cosmetic tweak to if_pfsync.c
sashan [Fri, 24 Aug 2018 12:29:33 +0000 (12:29 +0000)]
- cosmetic tweak to if_pfsync.c

OK bluhm@, OK mpi@, henning@, jca@

6 years agoDuring our refactor with tedu@ tb@ and myself we moved the score file to the
mestre [Fri, 24 Aug 2018 11:31:17 +0000 (11:31 +0000)]
During our refactor with tedu@ tb@ and myself we moved the score file to the
user's home folder and setgid was removed. Therefore it's not possible to have a
single score file with all the users anymore but we forgot to change a comment
that still implied that.

Suggested by tb@ to just delete the comment.

6 years agoRemove a few too early pledge(2)s on games/ and apply them a little bit later
mestre [Fri, 24 Aug 2018 11:14:49 +0000 (11:14 +0000)]
Remove a few too early pledge(2)s on games/ and apply them a little bit later
but with much reduced permissions ("stdio tty" if ncurses based and "stdio"
for the ones that only perform basic operations).

There's still a few games that we cannot yet remove their fs access, through
pledge(2), since they open files on demand and too late, this might get
revisited in the future.

OK tb@

6 years agodisplay CPU_CPUID / machdep.cpuid in hex not decimal
jsg [Fri, 24 Aug 2018 06:43:22 +0000 (06:43 +0000)]
display CPU_CPUID / machdep.cpuid in hex not decimal

6 years agoprint cpu family/model/stepping in dmesg
jsg [Fri, 24 Aug 2018 06:25:40 +0000 (06:25 +0000)]
print cpu family/model/stepping in dmesg
discussed with deraadt@ bluhm@ and sthen@

6 years agoAllocate framebuffer PCI BAR if left uninitialized by firmware.
kettenis [Fri, 24 Aug 2018 05:21:48 +0000 (05:21 +0000)]
Allocate framebuffer PCI BAR if left uninitialized by firmware.

ok mlarkin@

6 years agoset the rx mask to always accept all vlan tags, making vlan interfaces
jmatthew [Fri, 24 Aug 2018 02:26:31 +0000 (02:26 +0000)]
set the rx mask to always accept all vlan tags, making vlan interfaces
on top of bnxt work properly.

6 years agoDon't treat UnicodeChar == 0 as a keyboard input.
yasuoka [Fri, 24 Aug 2018 01:42:41 +0000 (01:42 +0000)]
Don't treat UnicodeChar == 0 as a keyboard input.
This fixes the problem that which prevents typing the passpharase for
softraid on boot.  It happened at least with some external keyboards
on ThinkPad X2{6,8}0.  diff from Frank Groeneveld

ok tb

6 years agoRun our DSA against wycheproof test vectors.
tb [Thu, 23 Aug 2018 19:46:59 +0000 (19:46 +0000)]
Run our DSA against wycheproof test vectors.

6 years agoThe upcoming .while request will have to re-execute roff(7) lines
schwarze [Thu, 23 Aug 2018 19:32:03 +0000 (19:32 +0000)]
The upcoming .while request will have to re-execute roff(7) lines
parsed earlier, so they will have to be saved for reuse - but the
read.c preparser does not know yet whether a line contains a .while
request before passing it to the roff parser.  To cope with that,
save all parsed lines for now.  Even shortens the code by 20 lines.

6 years agoall_jobs can be static.
nicm [Thu, 23 Aug 2018 18:39:12 +0000 (18:39 +0000)]
all_jobs can be static.

6 years agoA sequence of increasingly restrictive pledges was already present
deraadt [Thu, 23 Aug 2018 16:52:13 +0000 (16:52 +0000)]
A sequence of increasingly restrictive pledges was already present
in su. Rearrange them slightly, so that a unveil's can be added
also.  (Sometimes you only learn a required path late in the game,
you don't know them upfront at program start.  That is the tricky bit)

6 years agoswitch installurl example to cdn.openbsd.org
tj [Thu, 23 Aug 2018 16:28:12 +0000 (16:28 +0000)]
switch installurl example to cdn.openbsd.org

6 years agoMove job struct into job.c.
nicm [Thu, 23 Aug 2018 15:45:05 +0000 (15:45 +0000)]
Move job struct into job.c.

6 years agoSet the pointer to the EFI Runtime Services, otherwise we call into
patrick [Thu, 23 Aug 2018 15:31:12 +0000 (15:31 +0000)]
Set the pointer to the EFI Runtime Services, otherwise we call into
nowhere.

ok kettenis@

6 years agoAdd license header.
inoguchi [Thu, 23 Aug 2018 15:16:21 +0000 (15:16 +0000)]
Add license header.

6 years agoCheck reusing SSL/TLS session ticket by regression test
inoguchi [Thu, 23 Aug 2018 14:54:28 +0000 (14:54 +0000)]
Check reusing SSL/TLS session ticket by regression test

- Added checking for session ticket reusing with using openssl(1) s_server and
  s_client command in appstest.sh
- Confirm certificate verification status.
- Save s_server message to log file.

ok tb@ and jsing@

6 years agoport the amd64 code for loading intel microcode on boot to i386
jsg [Thu, 23 Aug 2018 14:47:52 +0000 (14:47 +0000)]
port the amd64 code for loading intel microcode on boot to i386
ok deraadt@ mlarkin@

6 years agoImplement the roff(7) .shift and .return requests,
schwarze [Thu, 23 Aug 2018 14:16:11 +0000 (14:16 +0000)]
Implement the roff(7) .shift and .return requests,
for example used by groff_hdtbl(7) and groff_mom(7).

Also correctly interpolate arguments during nested macro execution
even after .shift and .return, implemented using a stack of argument
arrays.

Note that only read.c, but not roff.c can detect the end of a macro
execution, and the existence of .shift implies that arguments cannot
be interpolated up front, so unfortunately, this includes a partial
revert of roff.c rev. 1.209, moving argument interpolation back into
the function roff_res().

6 years agoAlways check the return values of get_[fsize|bsize|cpg].
krw [Thu, 23 Aug 2018 13:21:27 +0000 (13:21 +0000)]
Always check the return values of get_[fsize|bsize|cpg].

Accept partition changes only if all succeed.

ok tb@ deraadt@

6 years agoimport alternative message parser (not used yet).
eric [Thu, 23 Aug 2018 10:07:06 +0000 (10:07 +0000)]
import alternative message parser (not used yet).

6 years agoWe can safely assume that our utmp(5) file format implementation can guarantee
mestre [Thu, 23 Aug 2018 06:27:54 +0000 (06:27 +0000)]
We can safely assume that our utmp(5) file format implementation can guarantee
space for the NUL character, nevertheless there will always be some piece of
software that can get it wrong and corrupt the database, so we must take this
into consideration.

That being said, there is one strlcpy(3) that needs to be reverted back into
strncpy(3) + '\0' since if we try to use a bogus wtmp(5) file with ac(8) that
is big enough then the NUL char is not verified and it will write memory
out-of-bounds which will make the program crash.

discussed with and OK cheloha@ deraadt@

6 years agoreduce pledge(2) to "stdio tty" after ncurses initialization. robots(6) uses a
mestre [Thu, 23 Aug 2018 06:26:35 +0000 (06:26 +0000)]
reduce pledge(2) to "stdio tty" after ncurses initialization. robots(6) uses a
scorefile nevertheless an fd is opened way in advance and therefore we can
disable any further access to the filesystem.

OK tb@

6 years agoreduce pledge(2) to "stdio tty" after ncurses initialization.
mestre [Thu, 23 Aug 2018 06:25:01 +0000 (06:25 +0000)]
reduce pledge(2) to "stdio tty" after ncurses initialization.

OK tb@

6 years agoAllow to boot CDROM-only VMs.
reyk [Thu, 23 Aug 2018 06:04:53 +0000 (06:04 +0000)]
Allow to boot CDROM-only VMs.

Pointed out by Jon Williams

OK mlarkin@ kn@ ccardenas@

6 years agomemleak introduced in r1.83; from Colin Watson
djm [Thu, 23 Aug 2018 03:01:08 +0000 (03:01 +0000)]
memleak introduced in r1.83; from Colin Watson