openbsd
15 months agoCope with LRO for TCP being enabled per default by now.
anton [Wed, 19 Jul 2023 05:56:42 +0000 (05:56 +0000)]
Cope with LRO for TCP being enabled per default by now.

15 months agoEnable LRO for TCP per default in the network drivers.
bluhm [Tue, 18 Jul 2023 16:01:20 +0000 (16:01 +0000)]
Enable LRO for TCP per default in the network drivers.

Large Receive Offload allows to receive aggregated packets larger
than the MTU.  Receiving TCP streams becomes much faster.  As the
network hardware is not aware whether a packet is received locally
or to be forwarded, everything is aggregated.  In case of forwarding
it is split on output to packets not larger than the original
packets.  So path MTU discovery should still work.  If the outgoing
interface supports TSO, the packet is chopped in hardware by TCP
Segmentation Offload.

Currently only ix(4) and lo(4) devices support LRO, and ix(4) is
limited to IPv4 and hardware newer than the old 82598 model.  If
the interface is added to a tpmr(4), bridge(4) or veb(4), LRO is
automatically disabled.  All ix(4) devices support outgoing TSO for
IPv4 and IPv6.  Enabling LRO on lo(4) automatically enables TSO and
TCP packets larger than the MTU pass the loopback interface.

LRO can be turned off per interface with ifconfig -tcplro.

OK jan@

15 months agoKill ibuf_cat() since there is now ibuf_add_buf() in the official API.
claudio [Tue, 18 Jul 2023 15:07:41 +0000 (15:07 +0000)]
Kill ibuf_cat() since there is now ibuf_add_buf() in the official API.
OK tb@ tobhe@

15 months agoDo not duplicate prototypes of log.h in ypldap.h (without the extra
claudio [Tue, 18 Jul 2023 13:06:33 +0000 (13:06 +0000)]
Do not duplicate prototypes of log.h in ypldap.h (without the extra
__format__ attribute on top).
Also properly ignore SIGHUP in the child processes.
OK jmatthew@

15 months agoWith the update of the sleep API the linux emulation of their wait API,
claudio [Tue, 18 Jul 2023 06:58:59 +0000 (06:58 +0000)]
With the update of the sleep API the linux emulation of their wait API,
schedule() and set_current_state() can be implemented in a much less
hacky way. This should remove some possible race conditions in the wait API.
Tested by many (kettenis, jsg, phessler, thfr)
OK kettenis@

15 months agoRemove extra parentheses.
asou [Tue, 18 Jul 2023 04:17:17 +0000 (04:17 +0000)]
Remove extra parentheses.

ok guenther@

15 months agoPut the USB Type-C power delivery controller into the "S5" state during
kettenis [Mon, 17 Jul 2023 17:50:22 +0000 (17:50 +0000)]
Put the USB Type-C power delivery controller into the "S5" state during
suspend.  This removes VBUS, avoiding USB devices that are plugged in
from consuming power during suspend.

ok mlarkin@, tobhe@, deraadt@

15 months agovfs: drop several macros hidding eopnotsupp
semarie [Mon, 17 Jul 2023 09:41:20 +0000 (09:41 +0000)]
vfs: drop several macros hidding eopnotsupp

make it obvious in the vfsops assignment that an op isnt supported.

from thib4711 at mailbox dot org
ok claudio@

15 months agomissing match localnetwork negation check
djm [Mon, 17 Jul 2023 06:16:33 +0000 (06:16 +0000)]
missing match localnetwork negation check

15 months ago- add -P to usage()
jmc [Mon, 17 Jul 2023 05:41:53 +0000 (05:41 +0000)]
- add -P to usage()
- sync the arg name to -J in usage() with that in ssh.1
- reformat usage() to match what "man ssh" does on 80width

15 months ago-P before -p in SYNOPSIS;
jmc [Mon, 17 Jul 2023 05:38:10 +0000 (05:38 +0000)]
-P before -p in SYNOPSIS;

15 months agoconfiguation -> configuration
jsg [Mon, 17 Jul 2023 05:36:14 +0000 (05:36 +0000)]
configuation -> configuration

15 months agomove other RCSIDs to before their respective license blocks too
djm [Mon, 17 Jul 2023 05:26:38 +0000 (05:26 +0000)]
move other RCSIDs to before their respective license blocks too
no code change

15 months agoMove RCSID to before license block and away from #includes, where
djm [Mon, 17 Jul 2023 05:22:30 +0000 (05:22 +0000)]
Move RCSID to before license block and away from #includes, where
it caused merge conflict in -portable for each commit :(

15 months agoreturn SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
djm [Mon, 17 Jul 2023 05:20:15 +0000 (05:20 +0000)]
return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a valid
magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is
needed to fall back to text revocation lists in some cases;
fixes t-cert-hostkey.

15 months agoAdd support for configuration tags to ssh(1).
djm [Mon, 17 Jul 2023 04:08:31 +0000 (04:08 +0000)]
Add support for configuration tags to ssh(1).

This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.

ok markus

15 months agoadd a "match localnetwork" predicate.
djm [Mon, 17 Jul 2023 04:04:36 +0000 (04:04 +0000)]
add a "match localnetwork" predicate.

This allows matching on the addresses of available network interfaces
and may be used to vary the effective client configuration based on
network location (e.g. to use a ProxyJump when not on a particular
network).

ok markus@

15 months agoremove vestigal support for KRL signatures
djm [Mon, 17 Jul 2023 04:01:10 +0000 (04:01 +0000)]
remove vestigal support for KRL signatures

When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.

Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.

ok markus@

15 months agoSupport for KRL extensions.
djm [Mon, 17 Jul 2023 03:57:21 +0000 (03:57 +0000)]
Support for KRL extensions.

This defines wire formats for optional KRL extensions and implements
parsing of the new submessages. No actual extensions are supported at
this point.

ok markus

15 months agoRemove debug printfs that print the number of wakeups seen by the
kettenis [Sun, 16 Jul 2023 16:13:46 +0000 (16:13 +0000)]
Remove debug printfs that print the number of wakeups seen by the
individual CPUs.  Ever since we switched from WFE to WFE in the suspend
loops the information hasn't been very useful anymore.  And there is some
evidence that a printf here causes problems with syslog (e.g. running
xconsole under X).

ok deraadt@

15 months agoRead out the system power consumption immediately after wakeup and print
kettenis [Sun, 16 Jul 2023 16:11:11 +0000 (16:11 +0000)]
Read out the system power consumption immediately after wakeup and print
it out in the DVACT_WAKEUP phase.  This is a debugging aid to help us
drive down the power consumption in suspend.

ok deraadt@

15 months agoMerge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata().
claudio [Sun, 16 Jul 2023 15:21:46 +0000 (15:21 +0000)]
Merge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata().
Also replace a ibuf_reserve() call with ibuf_add_zero() and
remove a buf->buf == NULL check in ibuf_length() since it is not necessary.
OK tobhe@ tb@

15 months agoWhen detaching devices when we suspend, we need to continue processing
kettenis [Sun, 16 Jul 2023 09:33:18 +0000 (09:33 +0000)]
When detaching devices when we suspend, we need to continue processing
command completion events.  So only return early in xhci_softintr() if
the controller is dead instead of dying.  This fixes USB suspend/resume
in Apple M1/M2.

ok mlarkin@, deraadt@

15 months agorelayd: remove ENGINE dependency
tb [Sun, 16 Jul 2023 09:23:33 +0000 (09:23 +0000)]
relayd: remove ENGINE dependency

What is achieved here through ENGINE can be done in a much simpler way
by setting the default RSA implementation. Drop a number of indirections
that only add a bit of logging. This removes a lot of boiler plate and
shows where the actual magic happens more clearly.

ok op tobhe

15 months agoecc_cdh: plug leak of peer public key
tb [Sun, 16 Jul 2023 08:25:41 +0000 (08:25 +0000)]
ecc_cdh: plug leak of peer public key

15 months agoecdhtest: Drop unnecessary constant and unneeded includes
tb [Sun, 16 Jul 2023 07:34:07 +0000 (07:34 +0000)]
ecdhtest: Drop unnecessary constant and unneeded includes

15 months agoMake remaining unstable tests fail consistently by adjusting the
anton [Sun, 16 Jul 2023 06:36:18 +0000 (06:36 +0000)]
Make remaining unstable tests fail consistently by adjusting the
modification time of the problematic file(s), causing the check_file()
routine to always hit the "file exists and is possible match" case.

While here, sync expected failures with reality.

15 months agoMake the mbstat preserve the same size which is actually used. Also
yasuoka [Sun, 16 Jul 2023 03:01:31 +0000 (03:01 +0000)]
Make the mbstat preserve the same size which is actually used.  Also
revert the previous that the mbstat is located on the stack.

ok claudio

15 months agoecdhtest: fix a couple bugs plus some cosmetic tweaks
tb [Sun, 16 Jul 2023 00:16:42 +0000 (00:16 +0000)]
ecdhtest: fix a couple bugs plus some cosmetic tweaks

15 months agofix include directive - this is make, not C
tb [Sat, 15 Jul 2023 23:40:46 +0000 (23:40 +0000)]
fix include directive - this is make, not C

15 months agoRework the ecdhtest
tb [Sat, 15 Jul 2023 23:35:02 +0000 (23:35 +0000)]
Rework the ecdhtest

Test keyshare for all built-in curves and simplify, especially printing
on failure. Incorporate known answer tests from RFC 5114 and RFC 5903.
All in all, this is a lot less code and a lot more test coverage and
hopefully a little less eyebleed.

Very loosely based on OpenSSL b438f0ed by Billy Brumley

15 months agosync with <sys/namei.h>; 'looks good' deraadt
kn [Sat, 15 Jul 2023 23:01:25 +0000 (23:01 +0000)]
sync with <sys/namei.h>;  'looks good' deraadt

Document missing struct nameidata members and fix one member's const-ness.
Add REALPATH flag from 2019.

15 months agoFix return value check for ECDH_compute_key()
tb [Sat, 15 Jul 2023 20:11:37 +0000 (20:11 +0000)]
Fix return value check for ECDH_compute_key()

ECDH_compute_key() usually returns -1 on error (but sometimes 0). This
was also the case in OpenSSL when these tests were written. This will
soon change. The check for <= 0 will still be correct.

15 months agoAdd test coverage for cofactor ECDH using NIST test vectors
tb [Sat, 15 Jul 2023 19:51:13 +0000 (19:51 +0000)]
Add test coverage for cofactor ECDH using NIST test vectors

Since all non-binary NIST curves have cofactor 1, this is in effect plain
ECDH. Current regress coverage of ECDH is quite lacking on architectures
where Go isn't available. This fixes that.

Actual cofactor ECDH support may be added soon to libcrypto, at which
point I will also add testcases with cofactor > 1.

15 months agoImplement PAC support.
kettenis [Sat, 15 Jul 2023 19:35:53 +0000 (19:35 +0000)]
Implement PAC support.

ok patrick@

15 months agoLink symbols test to build
tb [Sat, 15 Jul 2023 19:32:54 +0000 (19:32 +0000)]
Link symbols test to build

15 months agoremove accidentally imported files again
tb [Sat, 15 Jul 2023 19:31:02 +0000 (19:31 +0000)]
remove accidentally imported files again

15 months agoImport a version of libcrypto's symbols test for libssl
tb [Sat, 15 Jul 2023 19:29:44 +0000 (19:29 +0000)]
Import a version of libcrypto's symbols test for libssl

15 months agoRemove stray argument name in function prototype.
kettenis [Sat, 15 Jul 2023 19:21:47 +0000 (19:21 +0000)]
Remove stray argument name in function prototype.

15 months agovmd(8): fix use of qcow base images.
dv [Sat, 15 Jul 2023 18:32:21 +0000 (18:32 +0000)]
vmd(8): fix use of qcow base images.

The vm process was prematurely setting device fds to not close-on-exec
and then trying to close(2) them after the fork(2) of the device
process.

This caused a reuse of an fd for one of the socketpair(2)'s for
communication between vm and device. Having device processes close(2)
other device fds after fork would break the socketpair, causing the
device to fail during startup post-exec when trying to receive its
device state from the parent vm process.

Instead, mark the fds to not close on exec post-fork(2) call allowing
other device fds to be closed automatically and avoid closing by
the tracked fd.

Reported by solene@. OK tb@.

15 months agoMop up MD32_XARRAY from md5.
jsing [Sat, 15 Jul 2023 15:37:05 +0000 (15:37 +0000)]
Mop up MD32_XARRAY from md5.

MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.

No change in generated assembly.

15 months agoMop up MD32_XARRAY from md4.
jsing [Sat, 15 Jul 2023 15:30:43 +0000 (15:30 +0000)]
Mop up MD32_XARRAY from md4.

MD32_XARRAY was added as a workaround for a broken HP C compiler (circa
1999). Clean it up to simplify the code.

No change in generated assembly.

15 months agoAdd mute control. This makes the mute button on laptops that use
kettenis [Sat, 15 Jul 2023 13:35:17 +0000 (13:35 +0000)]
Add mute control.  This makes the mute button on laptops that use
tascodec(4) work.

ok tobhe@

15 months agoPrevent patch(1) from scribbling all over the place.
florian [Sat, 15 Jul 2023 10:42:54 +0000 (10:42 +0000)]
Prevent patch(1) from scribbling all over the place.

Arguably the only sensible use of patch(1) is changing files in the
current working directory and subdirectories.

However, patch(1) has this anti-feature, or dare I say bug, where it
will happily follow "../" upwards and outside of the current working
directory to find files to change. All it takes is a line like
+++ ../../../../home/florian/.ssh/authorized_keys
in the patchfile.

patch(1) operates on untrusted input and it already pledge(2)'ed to
not execute arbitrary programs, but of course it needs to write
files.

A simple unveil(".", "rwc") restricts patch(1) to its current working
directory.

We also need to allow /tmp and potentially the output file and reject
file if given on the command line. But those paths are safe.

input op, deraadt
OK millert, sthen

15 months agoSet extended keys flag again after reset, from Eric T Johnson.
nicm [Fri, 14 Jul 2023 19:32:59 +0000 (19:32 +0000)]
Set extended keys flag again after reset, from Eric T Johnson.

15 months agoCheck if the OWN bit of Tx descriptor instead of Rx descriptor is set
kevlo [Fri, 14 Jul 2023 14:28:47 +0000 (14:28 +0000)]
Check if the OWN bit of Tx descriptor instead of Rx descriptor is set
in rtwn_tx().

Because definitions of R92C_TXDW0_OWN and R92C_RXDW0_OWN are the same,
no functional change.

ok stsp@

15 months agoCleanup mrt message handling. Remove the DUMP_XYZ() macros and replace
claudio [Fri, 14 Jul 2023 10:30:53 +0000 (10:30 +0000)]
Cleanup mrt message handling. Remove the DUMP_XYZ() macros and replace
them with direct calls to for example ibuf_add_n16(). Further cleanup
the error handling and use goto fail in most places. Remove many of the
error messages and combine all the possible ibuf errors in one place.
For this remove most warnings from internal functions (also mark all
internal helper functions with static to make that more obvious).
There are still some cases where an error will result in to warnings but
those errors are unreachable in normal operations.
OK tb@

15 months agoInclude stdint.h for SIZE_MAX. Fixes OPENSSL=no build.
dtucker [Fri, 14 Jul 2023 07:44:21 +0000 (07:44 +0000)]
Include stdint.h for SIZE_MAX.  Fixes OPENSSL=no build.

15 months agoDo not ignore the AF_LINK entries of carp(4) interfaces.
gerhard [Fri, 14 Jul 2023 07:09:00 +0000 (07:09 +0000)]
Do not ignore the AF_LINK entries of carp(4) interfaces.

OK kn@

15 months agostruct sleep_state is no longer used, remove it.
claudio [Fri, 14 Jul 2023 07:07:08 +0000 (07:07 +0000)]
struct sleep_state is no longer used, remove it.
Also remove the priority argument to sleep_finish() the code can use
the p_flag P_SINTR flag to know if the signal check is needed or not.
OK cheloha@ kettenis@ mpi@

15 months agoadd defence-in-depth checks for some unreachable integer overflows
djm [Fri, 14 Jul 2023 05:31:44 +0000 (05:31 +0000)]
add defence-in-depth checks for some unreachable integer overflows
reported by Yair Mizrahi @ JFrog; feedback/ok millert@

15 months agoRefactor ASN1_item_sign_ctx()
tb [Thu, 13 Jul 2023 20:59:10 +0000 (20:59 +0000)]
Refactor ASN1_item_sign_ctx()

Oh, joy! The muppets had a feast: they could combine the horrors of EVP
with X.509... Return values between -1 and 3 indicating how much work
needs to be done, depending on whether methods are present or absent.
Needless to say that RSA and EdDSA had inconsistent return values until
recently.

Instead of interleaving if/else branches, split out two helper functions
that do essentially independent things, which results in something that
isn't entirely bad. Well, at least not compared to the surrounding code.

asn1_item_set_algorithm_identifiers() extracts the signature algorithm
from the digest and pkey if known, and sets it on the two X509_ALGOR that
may or may not have been passed in.

asn1_item_sign() converts data into der and signs.

Of course there were also a few leaks and missing error checks.

ok jsing

15 months agobcmp(3) tries to return length, which is a size_t, as an int.
millert [Thu, 13 Jul 2023 20:33:30 +0000 (20:33 +0000)]
bcmp(3) tries to return length, which is a size_t, as an int.
Instead, just return 1 if there is a difference, else 0.
Fixed by ray@ in 2008 but the libkern version was not synced.
OK deraadt@

15 months ago- use IS_ELF() to check the ELF magic bytes
jasper [Thu, 13 Jul 2023 19:04:50 +0000 (19:04 +0000)]
- use IS_ELF() to check the ELF magic bytes
- reject non-sensical program header values which would result in a crash
  when accessing the 0 bytes sized buffer allocated due to it

ok deraadt@ kettenis@

15 months agovmd(8): pull validation into local prefix parser.
dv [Thu, 13 Jul 2023 18:31:59 +0000 (18:31 +0000)]
vmd(8): pull validation into local prefix parser.

Validation for local prefixes, both inet and inet6, was scattered
around. To make it even more confusing, vmd was using generic address
parsing logic from prior network daemons. vmd doesn't need to parse
addresses other than when parsing the local prefix settings in
vm.conf and no runtime parsing is needed.

This change merges parsing and validation based on vmd's specific
needs for local prefixes (e.g. reserving enough bits for vm id and
network interface id encoding in an ipv4 address). In addition, it
simplifies the struct from a generic address struct to one focused
on just storing the v4 and v6 prefixes and masks. This cleans up an
unused TAILQ struct member that isn't used by vmd and was leftover
copy-pasta from those prior daemons.

The address parsing that vmd uses is also updated to using the
latest logic in bgpd(8).

ok mlarkin@

15 months agoCheck input before trying to disable a non-existing daemon to prevent parsing
ajacoutot [Thu, 13 Jul 2023 13:54:27 +0000 (13:54 +0000)]
Check input before trying to disable a non-existing daemon to prevent parsing
bogus characters and outputing hell on the console.

based on an initial submission from Anthony Coulter, thanks!

15 months agoUse the deep idle state available on Apple M1/M2 cores in the idle loop and
kettenis [Thu, 13 Jul 2023 08:33:36 +0000 (08:33 +0000)]
Use the deep idle state available on Apple M1/M2 cores in the idle loop and
for suspend.  This state makes the CPU lose some of its register state so
we need to save these registers before putting the core to sleep and
restore them when we wake up.  This deep idle state has a higher wakeup
latency than the normal WFI idle state.  Use similar logic as acpucpu(4) to
decide which idle state to pick.

If some cores of a cluster are in this deep idle state, turbo states become
available to the cores that remain active.  So stop skipping these states.
This improves single-core performance a little bit.

The main win is in power savings when running in a state with a high clock
frequency.  My M2 Pro mini goes from 14W to 6.5W when idle at the maximum
clock frequency.  But event at the lowest clock frequency there are small
but significant power savings.

ok deraadt@, tobhe@

15 months agoChange function definitions using the identifier-list form used in the
jsg [Thu, 13 Jul 2023 07:31:12 +0000 (07:31 +0000)]
Change function definitions using the identifier-list form used in the
1st edition of Kernighan and Ritchie's The C Programming Language, to
that of the parameter-type-list form described in the ANSI X3.159-1989
standard.

In ISO/IEC 9899:2023 drafts, there is only one form of function definition.
"N2432 Remove support for function definitions with identifier lists".

15 months agoUse 8 for underscore colour defaults instead of 0 which is less
nicm [Thu, 13 Jul 2023 06:03:48 +0000 (06:03 +0000)]
Use 8 for underscore colour defaults instead of 0 which is less
confusing, and fix writing tge default colour. GitHub issue 3627.

15 months agovalidate alignment of ELF program headers
jasper [Wed, 12 Jul 2023 19:49:06 +0000 (19:49 +0000)]
validate alignment of ELF program headers

15 months agoaddress incomplete validation of ELF program headers in execve(2) which could lead
jasper [Wed, 12 Jul 2023 19:34:14 +0000 (19:34 +0000)]
address incomplete validation of ELF program headers in execve(2) which could lead
to a panic in vmcmd_map_readvn() with a malformed binary/interpreter.

original crash found with Melkor, additional validation provided by
guenther@.

ok kettenis@ guenther@ deraadt@

15 months agoGPROF: sleep_state: disable _mcount() across suspend/resume
cheloha [Wed, 12 Jul 2023 18:40:06 +0000 (18:40 +0000)]
GPROF: sleep_state: disable _mcount() across suspend/resume

Something in the amd64 resume path doesn't agree with _mcount(), so
suspend/resume always fails if gmoninit is non-zero.  It would be nice
if GPROF kernels didn't crash during resume.

In sleep_state(), (1) clear gmoninit after sched_stop_secondary_cpus()
so the primary CPU isn't racing sysctl(2) on another CPU, and (2)
restore gmoninit just after resume_mp() so the secondary CPUs are out
of cpu_hatch() and away from whatever is causing the crash before
_mcount() is reenabled.

Lots of input from claudio@, deraadt@, and kettenis@.

Thread 1: https://marc.info/?l=openbsd-tech&m=168721453821801&w=2
Thread 2: https://marc.info/?l=openbsd-tech&m=168892518722935&w=2

ok kettenis@ deraadt@

15 months agoAdd test which consistently triggers the problem with test6_perms,
anton [Wed, 12 Jul 2023 18:36:06 +0000 (18:36 +0000)]
Add test which consistently triggers the problem with test6_perms,
omitting all other irrelevant files.

15 months agoReport fork errors as this test is likely to hit the default
anton [Wed, 12 Jul 2023 18:21:39 +0000 (18:21 +0000)]
Report fork errors as this test is likely to hit the default
kern.maxproc limit.

15 months agomissing word; from thib4711
jmc [Wed, 12 Jul 2023 18:14:13 +0000 (18:14 +0000)]
missing word; from thib4711

15 months agoFix solock()/sounlock() usage.
mvs [Wed, 12 Jul 2023 16:10:45 +0000 (16:10 +0000)]
Fix solock()/sounlock() usage.

This time solock() doesn't return value and sounlock() hasn't second
parameter. Bi-directional Forwarding Detection is disabled by default,
so it was forgotten when solock()/sounlock() were changed.

Build test done with BFD option.

ok phessler claudio

15 months agoDon't run off the end of path if it ends in /.
florian [Wed, 12 Jul 2023 15:45:34 +0000 (15:45 +0000)]
Don't run off the end of path if it ends in /.
OK op, sthen

15 months agobasename(3) can fail, prevent segfault in strlen(3).
florian [Wed, 12 Jul 2023 15:44:47 +0000 (15:44 +0000)]
basename(3) can fail, prevent segfault in strlen(3).
OK tb, sthen

15 months agoAdd regress test to check for bad attribute lenght for optional transitive
claudio [Wed, 12 Jul 2023 15:34:59 +0000 (15:34 +0000)]
Add regress test to check for bad attribute lenght for optional transitive
attributes.

15 months agoUpdate rde_community_test after the major change in how attributes and
claudio [Wed, 12 Jul 2023 15:27:11 +0000 (15:27 +0000)]
Update rde_community_test after the major change in how attributes and
communities are written.

15 months agoUpdate OpenBGPD to use new ibuf API.
claudio [Wed, 12 Jul 2023 14:45:42 +0000 (14:45 +0000)]
Update OpenBGPD to use new ibuf API.

This replaces the old way of using a static buffer and a len to build
UPDATEs with a pure ibuf solution. The result is much cleaner and a lot
of almost duplicate code can be removed because often a version for ibufs
and one for this static buffer was implemented (e.g. for mrt or bgpctl).
With and OK tb@

15 months agoWork around use after free in httpd(8)
tb [Wed, 12 Jul 2023 12:37:27 +0000 (12:37 +0000)]
Work around use after free in httpd(8)

A malformed HTTP request can cause httpd in fastcgi mode to crash due to a
use-after-free. This is an awful hack, but it's good enough until someone
figures out the correct way of dealing with server_close() here.

"this will do the trick for now" claudio
ok beck deraadt

15 months agoIn rde_attr_parse() if an attribute causes a parse error which results in
claudio [Wed, 12 Jul 2023 12:31:28 +0000 (12:31 +0000)]
In rde_attr_parse() if an attribute causes a parse error which results in
a treat-as-withdraw consume the full attribute by updating plen else the
parser will fail parsing a possible next element which results in a
session reset.

Initial report by Ben Cox (ben at benjojo.co.uk)
OK tb@

15 months agoUse ssize_t instead of short for line lengths
tb [Wed, 12 Jul 2023 11:26:13 +0000 (11:26 +0000)]
Use ssize_t instead of short for line lengths

sthen hit a binary patch containing a 'line' of length > 32kB. This made
the short used for storing the line length wrap and resulted in a buffer
underflow and segfault.  This uses a larger type, which doesn't actually
fix the problem, but makes it much less likely to be hit.

ok florian otto sthen

15 months agoRevert accidental addition of cofactor ECDH support
tb [Wed, 12 Jul 2023 08:54:18 +0000 (08:54 +0000)]
Revert accidental addition of cofactor ECDH support

This snuck in with ech_key.c r1.33 because I committed from a dirty tree.

15 months agoReenable clienttest and servertest
tb [Wed, 12 Jul 2023 07:03:24 +0000 (07:03 +0000)]
Reenable clienttest and servertest

15 months agoFix last bit of the clienttest, needs ssl_pkt.c r1.66
tb [Tue, 11 Jul 2023 17:03:44 +0000 (17:03 +0000)]
Fix last bit of the clienttest, needs ssl_pkt.c r1.66

15 months agoRemove old workaround for F5
tb [Tue, 11 Jul 2023 17:02:47 +0000 (17:02 +0000)]
Remove old workaround for F5

F5 is well-known for needing workaround (go read RFC 8446). In this
particular case, it required implementation sending CHs larger than
255 bytes to 0x0300 otherwise their server would hang. This is the
same hang that required the CH padding extension which broke other
implementations. The CH padding extension was removed ~6 years ago,
so hopefully this kludge will no longer needed either.

ok jsing

15 months agodrop engine support
op [Tue, 11 Jul 2023 16:40:22 +0000 (16:40 +0000)]
drop engine support

diff originally by tb@, tweaked to apply after the useless logging
methods removal.

ok tb

15 months agoremove the useless logging methods
op [Tue, 11 Jul 2023 16:39:41 +0000 (16:39 +0000)]
remove the useless logging methods

Instead of wrapping all the methods of the RSA and ECDSA ENGINE,
duplicate the default and override only the ones that are actually
needed for the privsep crypto engine.

part of a larger diff that's ok tb@

15 months agoRemove Ns and Li and change Nm to Ic, suggested by jmc.
nicm [Tue, 11 Jul 2023 16:09:09 +0000 (16:09 +0000)]
Remove Ns and Li and change Nm to Ic, suggested by jmc.

15 months agoBump version for -portable release
claudio [Tue, 11 Jul 2023 15:18:31 +0000 (15:18 +0000)]
Bump version for -portable release

15 months agoNo need to initialize the first element of st->string since it was just
claudio [Tue, 11 Jul 2023 12:14:16 +0000 (12:14 +0000)]
No need to initialize the first element of st->string since it was just
calloc(3)-ed a few lines above.
OK tb@

15 months agoKeep servertest silent and align with clienttest
tb [Tue, 11 Jul 2023 11:52:35 +0000 (11:52 +0000)]
Keep servertest silent and align with clienttest

15 months agoNeuter expected server test failures with SSLv2
tb [Tue, 11 Jul 2023 10:09:47 +0000 (10:09 +0000)]
Neuter expected server test failures with SSLv2

This test should either be extended or retired. As it is it is useless.

15 months agoFix most of the clienttest. With this only test cases 9 and 13 fail.
tb [Tue, 11 Jul 2023 08:31:34 +0000 (08:31 +0000)]
Fix most of the clienttest. With this only test cases 9 and 13 fail.

15 months agoAdd descriptions of copy mode commands, from Michael Bianco.
nicm [Tue, 11 Jul 2023 07:34:23 +0000 (07:34 +0000)]
Add descriptions of copy mode commands, from Michael Bianco.

15 months agoRework sleep_setup()/sleep_finish() to no longer hold the scheduler lock
claudio [Tue, 11 Jul 2023 07:02:43 +0000 (07:02 +0000)]
Rework sleep_setup()/sleep_finish() to no longer hold the scheduler lock
between calls.

Instead of forcing an atomic operation across multiple calls use a three
step transaction.
1. setup sleep state by calling sleep_setup()
2. recheck sleep condition to ensure that the event did not fire before
   sleep_setup() registered the proc onto the sleep queue
3. call sleep_finish() to either sleep or keep on running based on the
   step 2 outcome and any possible signal delivery

To make this work wakeup from signals, single thread api and wakeup(9) need
to be aware if a process is between step 1 and step 3 so that the process
is not enqueued back onto the runqueue while going to sleep. Introduce
the p_flag P_WSLEEP to detect this situation.

On top of this remove the spl dance in msleep() which is no longer required.
It is ok to process interrupts between step 1 and 3.

OK mpi@ cheloha@

15 months agoTrim leading whitespace from find(1) output, missed in previous.
anton [Tue, 11 Jul 2023 06:09:32 +0000 (06:09 +0000)]
Trim leading whitespace from find(1) output, missed in previous.

15 months agoAllow unveiled programs to dump core (in the default, classic, into . way)
deraadt [Mon, 10 Jul 2023 22:54:40 +0000 (22:54 +0000)]
Allow unveiled programs to dump core (in the default, classic, into . way)
by passing BYPASSUNVEIL just for this vnode.  The coredump() code is quite
careful, so this will be fine.
ok kn kettenis semarie

15 months agoAdd test case for negative number with highest bit of top octet set
tb [Mon, 10 Jul 2023 20:21:37 +0000 (20:21 +0000)]
Add test case for negative number with highest bit of top octet set

This currently adds an incorrect 00: padding, consistent with OpenSSL's
behavior.

15 months agoix(4): allocate less memory for tx buffers
jan [Mon, 10 Jul 2023 19:36:54 +0000 (19:36 +0000)]
ix(4): allocate less memory for tx buffers

TSO packets are limited to MAXMCLBYTES (64k).  Thus, we don't need to
allocate IXGBE_TSO_SIZE (256k) per packet for the transmit buffers.

tested by bluhm

ok bluhm@

15 months agoRename EC_KEY from r to key like in the rest of the file
tb [Mon, 10 Jul 2023 19:10:51 +0000 (19:10 +0000)]
Rename EC_KEY from r to key like in the rest of the file

15 months agoThe rsync tests are unstable since the directory listing includes the
anton [Mon, 10 Jul 2023 17:46:29 +0000 (17:46 +0000)]
The rsync tests are unstable since the directory listing includes the
last modification timestamp. One directory represents the one rsync is
operating on and the other is our reference to compare against. If the
current time managed to tick up to the next minute between creation of
the two directories, the timestamps will differ.

Improving the normalization in the findme helper makes the tests stable.

ok bluhm@ claudio@

15 months agoInfer the timeout from the environment, with sane defaults. Should
anton [Mon, 10 Jul 2023 17:46:03 +0000 (17:46 +0000)]
Infer the timeout from the environment, with sane defaults. Should
hopefully make these tests more stable on my slow^W regress machines.

ok sashan@

15 months agoImprove err/warn messages:
anton [Mon, 10 Jul 2023 17:45:17 +0000 (17:45 +0000)]
Improve err/warn messages:

* The colon space separator is already appended by err/warn.
* Favor err(1, NULL) for malloc errors.

15 months agoDon't open files that will be skipped
jeremy [Mon, 10 Jul 2023 16:28:33 +0000 (16:28 +0000)]
Don't open files that will be skipped

Previously, when creating an archive file with pax(1), pax will attempt
to open a file even if the file will be skipped due to an -s replacement
with the empty string. With this change, pax will not attempt to open
files that it knows will be skipped.

When doing direct copies to a directory (-rw), pax already skips
the file before attempting to open it. So this makes the behavior
more consistent.

This can measurably speed up pax when skipping a large number of files.

OK tb@

15 months agoThe changes to the register layout affect the interrupt status/ack registers
patrick [Mon, 10 Jul 2023 13:48:02 +0000 (13:48 +0000)]
The changes to the register layout affect the interrupt status/ack registers
as well.  Make use of these, otherwise it might lead to an interrupt flood.

ok kettenis@

15 months agoUpdate outdated comment
job [Mon, 10 Jul 2023 12:02:37 +0000 (12:02 +0000)]
Update outdated comment

15 months agoIt should no longer be necessary to ignore SIGCHLD because it is now
nicm [Mon, 10 Jul 2023 12:00:08 +0000 (12:00 +0000)]
It should no longer be necessary to ignore SIGCHLD because it is now
blocked around daemon(), and doing so causes trouble with newer libevent
(it cannot restore the original handler). Reported by Azat Khuzhin in
GitHub issue 3626.