openbsd
17 months agoExpunge a bunch of eye searing trailing whitespace.
krw [Thu, 1 Jun 2023 17:24:56 +0000 (17:24 +0000)]
Expunge a bunch of eye searing trailing whitespace.

17 months agoChange wakeup_proc() to no longer grab the SCHED_LOCK() instead it must
claudio [Thu, 1 Jun 2023 10:21:26 +0000 (10:21 +0000)]
Change wakeup_proc() to no longer grab the SCHED_LOCK() instead it must
be called with SCHED_LOCK() held. Also add an extra argument to update
the process flags p_flag so that the timeout handler can set the
P_TIMEOUT flag before making the process runnable.
OK mpi@

17 months agoCheck the F_NEXTHOP flag on the right kroute6 object.
claudio [Thu, 1 Jun 2023 09:47:34 +0000 (09:47 +0000)]
Check the F_NEXTHOP flag on the right kroute6 object.

On multipath routes the check ended up checking the wrong route for the
nexthop update. This resulted in a use-after-free in kroute_detach_nexthop().
This only affects IPv6 in the IPv4 code path the right object was already used.

Thanks to sthen@ for providing the debug information to track this down.
OK sthen@ tb@

17 months agoRemove the speed test again
tb [Thu, 1 Jun 2023 09:46:00 +0000 (09:46 +0000)]
Remove the speed test again

It takes too much time and we now know that all covered ciphers can cope
with unaligned input and output on all tested architectures.

17 months agoEnable forwarding of ix(4) LRO Pakets via TSO
jan [Thu, 1 Jun 2023 09:05:33 +0000 (09:05 +0000)]
Enable forwarding of ix(4) LRO Pakets via TSO

Also fix ip6_forwarding of TSO packets with tcp_if_output_tso().

With a lot of testing from Hrvoje Popovski
and a lot of tweaks from bluhm@

ok bluhm@

17 months agoRework tls_check_subject_altname() error handling
tb [Thu, 1 Jun 2023 07:32:25 +0000 (07:32 +0000)]
Rework tls_check_subject_altname() error handling

Default to having rv = -1 and explicitly goto done to set rv = 0.
This matches other code better.

ok jsing

17 months agoCheck for X509_get_ext_d2i() failure
tb [Thu, 1 Jun 2023 07:29:15 +0000 (07:29 +0000)]
Check for X509_get_ext_d2i() failure

X509_get_ext_d2i() (or rather X509V3_get_d2i()) can return NULL for
various reasons. If it fails because the extension wasn't found, it
sets *crit = -1. In any other case, e.g., the cert is bad or we ran
out of memory in X509V3_EXT_d2i(), crit is set to something else, so
we should actually error.

ok jsing

17 months agoAvoid a potentially overflowing check
tb [Thu, 1 Jun 2023 02:34:23 +0000 (02:34 +0000)]
Avoid a potentially overflowing check

This doesn't actually overflow, but still is poor style.

Speaking of which: this is now the second time I get to fix something
reported by Nicky Mouha by way of a blog post. The first time was the
actual SHA-3 buffer overflow in Python where it is not entirely clear
who screwed up and how. Hopefully next time proper communication will
happen and work.

ok jsing

17 months agoadd missing include of time.h
op [Wed, 31 May 2023 16:51:46 +0000 (16:51 +0000)]
add missing include of time.h

spotted after a report on OpenSMTPD-portable.  While here include
sys/time.h in smtpd.h, as noted in event_init(3), since it includes
event.h.

ok millert@

17 months agoUpdate to reflect that default Ruby version in ports is now 3.2
jeremy [Wed, 31 May 2023 15:27:45 +0000 (15:27 +0000)]
Update to reflect that default Ruby version in ports is now 3.2

17 months agoRemove declarations for unused search_label() local variables
krw [Wed, 31 May 2023 13:49:56 +0000 (13:49 +0000)]
Remove declarations for unused search_label() local variables
error, i, p and poff. Fewer complaints from gcc -Wall.

The same was done to the NetBSD version in 2011 by tsutui.

Remove two more recent load_disklabel() comments implying that
search_label() checks MBR partitions. It doesn't and never has
despite the enticing names/types of the above unused variables.

No functional change.

17 months agoadd net_tq_barriers
dlg [Tue, 30 May 2023 23:55:42 +0000 (23:55 +0000)]
add net_tq_barriers

this waits once for something to end in all the net tqs.

ok claudio@

17 months agoUse generic checksum calculation for TCP SYN+ACK packets.
bluhm [Tue, 30 May 2023 19:32:57 +0000 (19:32 +0000)]
Use generic checksum calculation for TCP SYN+ACK packets.

Our syn cache did checksum calculation by hand, instead of the
established mechanism in ip output.  The software-checksummed counter
increased once per incoming TCP connection.

Just set the flag M_TCP_CSUM_OUT in syn_cache_respond() and let
in_proto_cksum_out() do the work later.  Then hardware checksumming
is used where available.  Also remove redundant code.  The unhandled
af case is handled in the first switch statement of the function.

tested by Hrvoje Popovski; OK mvs@

17 months agofail when an argument is given on 'id -R'
op [Tue, 30 May 2023 16:44:16 +0000 (16:44 +0000)]
fail when an argument is given on 'id -R'

from Lucas (lucas [at] sexy [dot] is).
ok millert@

17 months agoFixup file modification timestamps to optimize failover from RRDP to RSYNC
job [Tue, 30 May 2023 16:02:28 +0000 (16:02 +0000)]
Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

17 months agoAdd json.c to linker instructions
job [Tue, 30 May 2023 15:56:47 +0000 (15:56 +0000)]
Add json.c to linker instructions

17 months agosparc64 disklabel(8) must be compiled with SUN_CYLCHECK and SUN_AAT0.
krw [Tue, 30 May 2023 15:10:39 +0000 (15:10 +0000)]
sparc64 disklabel(8) must be compiled with SUN_CYLCHECK and SUN_AAT0.

sparc64 auto allocation during install does not use fdisk(8).

Add *.sparc64.ok files that reflect sparc64 reality.

Should fix disklabel(8) regression on sparc64.

Requested by & ok bluhm@

17 months agofix markups in character classes
aisha [Tue, 30 May 2023 14:04:53 +0000 (14:04 +0000)]
fix markups in character classes

ok jmc@

17 months agoRevert commitid ANSBO0rBvIUtTi45:
claudio [Tue, 30 May 2023 12:14:48 +0000 (12:14 +0000)]
Revert commitid ANSBO0rBvIUtTi45:
   Make rpki-client choose the verification time of the time it is invoked
   rather than always getting the current system time for every certificate
   verification. This will result in output that is not variable on run-time.

Using the time of invocation does not work well with fast publishing CAs. It
can take a few minutes to reach a repo and that CA may have issued certificates
that are not yet valid if that startup time of rpki-client is used to validate.

This still keeps the -P option to specify a fixed validation time.
OK beck@ job@ tb@

17 months agoSplit cleanup into cleanup and repository cleanup and show how many files
claudio [Tue, 30 May 2023 12:12:06 +0000 (12:12 +0000)]
Split cleanup into cleanup and repository cleanup and show how many files
are kept / removed in the repository temporary storage.
After a discussion with tb@ and job@

17 months agoConvert all of filemode to use the json API as well.
claudio [Tue, 30 May 2023 12:02:22 +0000 (12:02 +0000)]
Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

17 months agoUse error check to ensure we have SignedData in CMS
tb [Tue, 30 May 2023 11:09:08 +0000 (11:09 +0000)]
Use error check to ensure we have SignedData in CMS

CMS_get0_SignerInfos() only returns a non-NULL pointer if the CMS object
contains SignedData. The subsequent assert can trigger if we parse an
object that is not of this type. Nothing ensures this up to this point,
so we have no way of knowing that the assertion is actually true. If we
get a CMS object without SignedData, we should ignore it, not abort the
rpki-client run. With this check in place it is also clear that we
actually check point 1a of the list of things to check in RFC 6488,
section 3.

ok claudio job

17 months agoReplace the one use of ibuf_prepend() using a similar ibuf_new() + ibuf_cat()
claudio [Tue, 30 May 2023 08:41:15 +0000 (08:41 +0000)]
Replace the one use of ibuf_prepend() using a similar ibuf_new() + ibuf_cat()
method but instead of overwriting ibuf internals replace the buf a level up.
Users of ikev2_msg_send() are not allowed to hold and reuse a pointer to
msg_data (which is another footgun to disarm at some point).
OK tb@

17 months agospelling
jsg [Tue, 30 May 2023 08:30:00 +0000 (08:30 +0000)]
spelling
ok jmc@ guenther@ tb@

17 months agofix some nits on previous
op [Tue, 30 May 2023 07:37:34 +0000 (07:37 +0000)]
fix some nits on previous

- move a sentence out of a Bd block
- add some .Pp for spacing
- avoid a double colon on a sentence and the usage of second person
- mark STORE_CTX with .Vt
- change one Vt -> Dv (done after this has been ok'd by beck)

ok beck@

17 months agoDue to the way make is designed, not being able to read a makefile
espie [Tue, 30 May 2023 04:42:21 +0000 (04:42 +0000)]
Due to the way make is designed, not being able to read a makefile
is basically silent.

Record errors due to missing permissions and other oddities, and display them
when we error out due to lack of targets, as a quality-of-life diagnostic.

Based on a remark from sthen@, with some feedback and tweaks from op@

okay op@, kn@

17 months agoAdd IBT support to the retpoline+znow PLTs
guenther [Tue, 30 May 2023 02:02:00 +0000 (02:02 +0000)]
Add IBT support to the retpoline+znow PLTs

ok kettenis@

17 months agofix markups and reference sections properly
aisha [Mon, 29 May 2023 21:13:24 +0000 (21:13 +0000)]
fix markups and reference sections properly

from Josiah Frentsos <jfrent AT tilde DOT team>
OK op@

17 months agoCorrect test that was pasto'ed incorrectly
beck [Mon, 29 May 2023 15:52:46 +0000 (15:52 +0000)]
Correct test that was pasto'ed incorrectly

This now tests what the comment says it does

17 months agoCorrectly catch all return values from X509_NAME_get_index_by_NID
beck [Mon, 29 May 2023 14:12:36 +0000 (14:12 +0000)]
Correctly catch all return values from X509_NAME_get_index_by_NID

And some comment requests, from jsing@

ok jsing@

17 months agoOops, Fa -> .Fa
beck [Mon, 29 May 2023 11:57:23 +0000 (11:57 +0000)]
Oops, Fa -> .Fa

17 months agoMake X509_NAME_get_text_by[NID|OBJ] safer.
beck [Mon, 29 May 2023 11:54:50 +0000 (11:54 +0000)]
Make X509_NAME_get_text_by[NID|OBJ] safer.

This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.

This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.

ok jsing@ tb@

17 months agoStop suggesting that children play with loaded revolvers.
beck [Mon, 29 May 2023 11:14:19 +0000 (11:14 +0000)]
Stop suggesting that children play with loaded revolvers.

This takes much of the language that boring uses to document
the verify callback, and corrects the historical horror that
OpenSSL introduced years ago by suggesting people ignore expiry
dates using the callback instead of the verify flags.

nits by jsg@ and tb@
ok tb@

17 months agorenamed log file
espie [Mon, 29 May 2023 09:05:24 +0000 (09:05 +0000)]
renamed log file

17 months agovirtio: Set DRIVER_OK earlier
sf [Mon, 29 May 2023 08:13:35 +0000 (08:13 +0000)]
virtio: Set DRIVER_OK earlier

The DRIVER_OK bit must be set before using any virt-queues. To allow
virtio device drivers to use the virt-queues in their attach functions,
set the bit there and not in the virtio transport attach function. Only
vioscsi and viogpu really need this, but let's only have one standard
way to do this.

Noticed because of hangs with vioscsi on qemu/windows and in the Oracle
cloud.  With much debugging help by Aaron Mason.

Also revert vioscsi.c 1.31 "Temporarily workaround double calls into
vioscsi_req_done()"

ok krw@

17 months agouse v5.36, this one is somewhat trivial
espie [Mon, 29 May 2023 07:35:39 +0000 (07:35 +0000)]
use v5.36, this one is somewhat trivial

17 months agosome hackery to make arm64 ramdisk compile again
deraadt [Mon, 29 May 2023 04:24:39 +0000 (04:24 +0000)]
some hackery to make arm64 ramdisk compile again

17 months agorecognise Cortex-A520 (Hayes), Cortex-A720 (Hunter), Cortex-X4 (Hunter-ELP)
jsg [Mon, 29 May 2023 02:26:14 +0000 (02:26 +0000)]
recognise Cortex-A520 (Hayes), Cortex-A720 (Hunter), Cortex-X4 (Hunter-ELP)

17 months agoProvide optimised bn_mulw_{addw,addw_addw,addtw}() for aarch64.
jsing [Sun, 28 May 2023 17:42:30 +0000 (17:42 +0000)]
Provide optimised bn_mulw_{addw,addw_addw,addtw}() for aarch64.

This results in bn_mul_comba4() and bn_mul_comba8() requiring ~30% less
instructions than they did previously.

17 months agoProvide optimised bn_addw_addw()/bn_subw_subw() for aarch64.
jsing [Sun, 28 May 2023 17:22:04 +0000 (17:22 +0000)]
Provide optimised bn_addw_addw()/bn_subw_subw() for aarch64.

17 months agoSprinkle some style(9).
jsing [Sun, 28 May 2023 14:54:37 +0000 (14:54 +0000)]
Sprinkle some style(9).

17 months agoExpand occurrences of HASH_CTX that were previously missed.
jsing [Sun, 28 May 2023 14:49:21 +0000 (14:49 +0000)]
Expand occurrences of HASH_CTX that were previously missed.

No change in generated assembly.

17 months agoReorder functions.
jsing [Sun, 28 May 2023 14:14:33 +0000 (14:14 +0000)]
Reorder functions.

No intended functional change.

17 months agoClean up includes.
jsing [Sun, 28 May 2023 13:57:27 +0000 (13:57 +0000)]
Clean up includes.

17 months agoRemove now unnecessary do {} while(0);
jsing [Sun, 28 May 2023 13:55:55 +0000 (13:55 +0000)]
Remove now unnecessary do {} while(0);

17 months agoInline HASH_MAKE_STRING for SHA256.
jsing [Sun, 28 May 2023 13:53:08 +0000 (13:53 +0000)]
Inline HASH_MAKE_STRING for SHA256.

No change to generated assembly.

17 months agoRewrite BN_{asc,dec,hex}2bn() using CBS.
jsing [Sun, 28 May 2023 10:34:17 +0000 (10:34 +0000)]
Rewrite BN_{asc,dec,hex}2bn() using CBS.

This gives us more readable and safer code. There are two intentional
changes to behaviour - firstly, all three functions zero any BN that was
passed in, prior to doing any further processing. This means that a passed
BN is always in a known state, regardless of what happens later. Secondly,
BN_asc2bn() now fails on NULL input, rather than crashing. This brings its
behaviour inline with BN_dec2bn() and BN_hex2bn().

ok tb@

17 months agocorrect comment, spotted by tb@
beck [Sun, 28 May 2023 09:06:34 +0000 (09:06 +0000)]
correct comment, spotted by tb@

17 months agoRefactor tls_check_common_name to use lower level API.
beck [Sun, 28 May 2023 09:02:01 +0000 (09:02 +0000)]
Refactor tls_check_common_name to use lower level API.

X509_NAME_get_text_by_NID is kind of a bad interface that
we wish to make safer, and does not give us the visibility
we really want here to detect hostile things.

Instead call the lower level functions to do some better
checking that should be done by X509_NAME_get_text_by_NID,
but is not in the OpenSSL version. Specifically we will treat
the input as hostile and fail if:

1) The certificate contains more than one CN in the subject.
2) The CN does not decode as UTF-8
3) The CN is of invalid length (must be between 1 and 64 bytes)
4) The CN contains a 0 byte

4) matches the existing logic, 1 and 2, and 3 are new checks.

ok tb@

17 months agoUsed number of bytes instead of number of 512 byte sectors.
asou [Sun, 28 May 2023 05:28:50 +0000 (05:28 +0000)]
Used number of bytes instead of number of 512 byte sectors.

ok dv@

17 months agoMerge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM
tb [Sun, 28 May 2023 05:25:24 +0000 (05:25 +0000)]
Merge X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM

Back in the day when essentially every struct was open to all applications,
X509_VERIFY_PARAM_ID provided a modicum of opacity. This indirection is now
no longer needed with X509_VERIFY_PARAM being opaque itself, so stop using
X509_VERIFY_PARAM_ID and merge it into X509_VERIFY_PARAM. This is a first
small step towards cleaning up the X509_VERIFY_PARAM mess.

ok jsing

17 months agoImplement battery charge control.
kettenis [Sat, 27 May 2023 19:35:55 +0000 (19:35 +0000)]
Implement battery charge control.

ok patrick@, tobhe@

17 months agoImplement SHA256_{Update,Transform,Final}() directly in sha256.c.
jsing [Sat, 27 May 2023 18:39:03 +0000 (18:39 +0000)]
Implement SHA256_{Update,Transform,Final}() directly in sha256.c.

m32_common.h is a typical OpenSSL macro horror show - copy the update,
transform and final functions from md32_common.h, manually expanding the
macros for SHA256. This will allow for further clean up to occur.

No change in generated assembly.

ok beck@ tb@

17 months agoAdd HASH_NO_UPDATE and HASH_NO_TRANSFORM to md32_common.h
jsing [Sat, 27 May 2023 18:33:34 +0000 (18:33 +0000)]
Add HASH_NO_UPDATE and HASH_NO_TRANSFORM to md32_common.h

This makes it possible to still use minimal parts of md32_common.h, while
disabling the update and transform functions.

ok beck@ tb@

17 months agoAdd coverage for calling BN_{dec,hex}2bn() with NULL inputs.
jsing [Sat, 27 May 2023 15:50:56 +0000 (15:50 +0000)]
Add coverage for calling BN_{dec,hex}2bn() with NULL inputs.

17 months agoBump LibreSSL version
tb [Sat, 27 May 2023 13:54:46 +0000 (13:54 +0000)]
Bump LibreSSL version

17 months agothe solver needs some love for later
espie [Sat, 27 May 2023 10:08:45 +0000 (10:08 +0000)]
the solver needs some love for later

17 months agoremove the extra local variable (blessing a ref to self DOES work)
espie [Sat, 27 May 2023 10:08:25 +0000 (10:08 +0000)]
remove the extra local variable (blessing a ref to self DOES work)
accordingly zap the extra blocks that are no longer needed making
this look less funky

17 months agocomment/cosmetic
espie [Sat, 27 May 2023 10:07:33 +0000 (10:07 +0000)]
comment/cosmetic

17 months agomore comment
espie [Sat, 27 May 2023 10:07:12 +0000 (10:07 +0000)]
more comment

17 months agoyeah, yeah, those names are horrible
espie [Sat, 27 May 2023 10:06:55 +0000 (10:06 +0000)]
yeah, yeah, those names are horrible

17 months agofinish making this a singleton class (which I don't always like
espie [Sat, 27 May 2023 10:06:38 +0000 (10:06 +0000)]
finish making this a singleton class (which I don't always like
and is definitely worthy of a comment)

17 months agomore descriptive comment
espie [Sat, 27 May 2023 10:05:50 +0000 (10:05 +0000)]
more descriptive comment

17 months agoindicate that not having hashes already is just legacy needed
espie [Sat, 27 May 2023 10:04:17 +0000 (10:04 +0000)]
indicate that not having hashes already is just legacy needed
until all old packages are gone

17 months agopoint people towards relevant comments
espie [Sat, 27 May 2023 10:03:43 +0000 (10:03 +0000)]
point people towards relevant comments

17 months agoa few comments
espie [Sat, 27 May 2023 10:03:21 +0000 (10:03 +0000)]
a few comments
explicitly return undef from check,
which will prevent casual me from 'fixing' it later

17 months agoprepare for 5.36: pass $code as @code so that we don't have
espie [Sat, 27 May 2023 10:02:38 +0000 (10:02 +0000)]
prepare for 5.36: pass $code as @code so that we don't have
to decide a default right away (I should apply this
everywhere I go to read a plist actually)

17 months agocomments
espie [Sat, 27 May 2023 10:01:51 +0000 (10:01 +0000)]
comments

17 months agodocument base method
espie [Sat, 27 May 2023 10:01:38 +0000 (10:01 +0000)]
document base method

17 months agotry/catch to be revisited
espie [Sat, 27 May 2023 10:01:21 +0000 (10:01 +0000)]
try/catch to be revisited

17 months agocomments/cosmetics
espie [Sat, 27 May 2023 10:01:08 +0000 (10:01 +0000)]
comments/cosmetics

17 months agorestore documentation: explain what ArcCheck does
espie [Sat, 27 May 2023 10:00:48 +0000 (10:00 +0000)]
restore documentation: explain what ArcCheck does

17 months agocosmetic/comments improvement
espie [Sat, 27 May 2023 10:00:23 +0000 (10:00 +0000)]
cosmetic/comments improvement

17 months ago- make the handling of interactive more regular by
espie [Sat, 27 May 2023 09:59:51 +0000 (09:59 +0000)]
- make the handling of interactive more regular by
delegating the choice of the class to a separate method
- zap/improve meaningless comments
- mark ntogo as a focus for improvements

17 months agoprepare for 5.36, document methods in base class
espie [Sat, 27 May 2023 09:58:26 +0000 (09:58 +0000)]
prepare for 5.36, document methods in base class

17 months agoClean up alignment handling for SHA-512.
jsing [Sat, 27 May 2023 09:18:17 +0000 (09:18 +0000)]
Clean up alignment handling for SHA-512.

This recommits r1.37 of sha512.c, however uses uint8_t * instead of void *
for the crypto_load_* functions and primarily uses const uint8_t * to track
input, only casting to const SHA_LONG64 * once we know that it is suitably
aligned. This prevents the compiler from implying alignment based on type.

Tested by tb@ and deraadt@ on platforms with gcc and strict alignment.

ok tb@

17 months agoRemove malloc interposition, a workaround that was once needed for emacs
otto [Sat, 27 May 2023 04:33:00 +0000 (04:33 +0000)]
Remove malloc interposition, a workaround that was once needed for emacs
ok guenther@

17 months agoProperly account del_extra_files and add the value to the json header.
claudio [Fri, 26 May 2023 14:57:38 +0000 (14:57 +0000)]
Properly account del_extra_files and add the value to the json header.
OK tb@ (from a larger diff)

17 months agoMove verified_chain from SSL to SSL_HANDSHAKE
tb [Fri, 26 May 2023 13:44:05 +0000 (13:44 +0000)]
Move verified_chain from SSL to SSL_HANDSHAKE

This is a better version of the fix for the missing pointer invalidation
but a bit larger, so errata got the minimal fix.

tested by jcs
ok jsing

17 months agoRemove net lock from DIOC{S,G}ETLIMIT
kn [Fri, 26 May 2023 12:13:26 +0000 (12:13 +0000)]
Remove net lock from DIOC{S,G}ETLIMIT

Grab the pf lock for pf_pool_limits[] in pfsync such that all access is
covered by the pf lock;  document accordingly.

Hard memory pool limits don't need the net lock for protection, pool(9)s
have their own internal lock and the pf lock fully covers limit values.

(pf_pool_limits[] access in DIOCXCOMMIT remains under pf *and net* lock
 until the rest in there gets pulled out of the net lock.)

OK sashan

17 months agosimplify yes/no answer handling
kn [Fri, 26 May 2023 11:41:50 +0000 (11:41 +0000)]
simplify yes/no answer handling

ask_yn() returns 0/1 on yes/no, so use the shorter '|| skip' found in
install.sub;  no functional change.

OK solene

17 months agoDisable witness for mutexes created on the stack which allows
kurt [Thu, 25 May 2023 19:35:58 +0000 (19:35 +0000)]
Disable witness for mutexes created on the stack which allows
the ddb command 'show witness' to succeed without panicking.
Leaving witness enabled on these mutexes saves a pointer to
struct lock_type on the stack which gets clobbered resulting
in a panic in witness_ddb_display_descendants().

okay miod@

17 months agoWork around sparc64 WITNESS kernel failing to load by moving large witness
kurt [Thu, 25 May 2023 19:32:34 +0000 (19:32 +0000)]
Work around sparc64 WITNESS kernel failing to load by moving large witness
data structures from bss to be allocated in witness_initialize().

Tested on sparc64, amd64, arm64, i386, octeon. okay miod@

17 months agoIn session_process_msg() recheck the validity of the rbuf before moving
claudio [Thu, 25 May 2023 14:20:25 +0000 (14:20 +0000)]
In session_process_msg() recheck the validity of the rbuf before moving
the remaining data around.

There is an improbable case where a NOTIFICATION is received while also
reaching the MSG_PROCESS_LIMIT. In this case rbuf is NULL when breaking
out of the for loop and hitting this code.

sthen@ is the (un)lucky person to hit that improbable case
OK tb@ sthen@

17 months agoUpdate usage add -P epoch
claudio [Thu, 25 May 2023 12:52:56 +0000 (12:52 +0000)]
Update usage add -P epoch

17 months agoFix repo_cleanup_entry() state machine so that the repository lookups
claudio [Thu, 25 May 2023 12:49:39 +0000 (12:49 +0000)]
Fix repo_cleanup_entry() state machine so that the repository lookups
are done when the full repo path is available. Without this all repo
lookups returned NULL and the code did not work as intended.
OK tb@

17 months agoremove two unused defines
op [Thu, 25 May 2023 11:37:58 +0000 (11:37 +0000)]
remove two unused defines

last PROC_COUNT use was removed with the switch to fork+exec by eric@ in
2016, CA_FILE with the removal of cert.c two years ago.

ok tb@, kn@

17 months agoAfter RFC 9110, the IANA services registry now lists both udp and tcp
sthen [Thu, 25 May 2023 09:41:46 +0000 (09:41 +0000)]
After RFC 9110, the IANA services registry now lists both udp and tcp
for https (HTTP/3 over QUIC). Add it to /etc/services so that it's included
when /etc/rc populates sysctl net.inet.udp.baddynamic.

suggested by Renauld Allard, ok tb@

17 months agoForcibly update the EVP_PKEY's internal key
op [Thu, 25 May 2023 07:46:21 +0000 (07:46 +0000)]
Forcibly update the EVP_PKEY's internal key

To aid privilege separation, libtls maintains application-specific data
on the key inside the EVP_PKEY abstraction because the EVP API doesn't
provide a way to do that on the EVP_PKEY itself.

OpenSSL 3 changed behavior of EVP_PKEY_get1_RSA() and related functions.
These now return a struct from some cache.  Thus, modifying the RSA will
no longer modify the EVP_PKEY like it did previously, which was clearly
implied to be the case in the older documentation.
This is a subtle breaking change that affects several applications.

While this is documented, no real solution is provided.  The transition
plan from one OpenSSL major version to the next one tends to involve
many #ifdef in the ecosystem, and the only suggestion provided by the
new documentation is to switch to a completely unrelated, new API.

Instead, forcibly reset the internal key on EVP_PKEY after modification,
this way the change is picked up also by OpenSSL 3.

Fixes issue 1171 in OpenSMTPD-portable

ok tb@, jsing@

17 months agoDo not use wakeup_proc() outside of the sleep machinery. Just use
claudio [Thu, 25 May 2023 07:45:33 +0000 (07:45 +0000)]
Do not use wakeup_proc() outside of the sleep machinery. Just use
wakeup_one().
OK mpi@

17 months agofix AuthorizedPrincipalsCommand when AuthorizedKeysCommand appears
djm [Wed, 24 May 2023 23:01:06 +0000 (23:01 +0000)]
fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand appears
previously in configuration. Reported by John Meyers in bz3574
ok dtucker@

17 months agoSkip tests if p5-BSD-Socket-Splice is not installed.
bluhm [Wed, 24 May 2023 20:31:49 +0000 (20:31 +0000)]
Skip tests if p5-BSD-Socket-Splice is not installed.

17 months agoreplace "$(cat file)" with the ksh construct "$(<file)"
naddy [Wed, 24 May 2023 20:04:05 +0000 (20:04 +0000)]
replace "$(cat file)" with the ksh construct "$(<file)"

ok kn@ millert@

17 months agomark S_ISVTX with Dv in sticky(8); makes `man -k any=S_ISVTX' more useful
op [Wed, 24 May 2023 15:48:11 +0000 (15:48 +0000)]
mark S_ISVTX with Dv in sticky(8); makes `man -k any=S_ISVTX' more useful

ok millert@

17 months agoksh: make $(< filename) error output include the errno string.
millert [Wed, 24 May 2023 14:20:33 +0000 (14:20 +0000)]
ksh: make $(< filename) error output include the errno string.
This is more consistent with how bash, zsh and ksh93 behave and
makes $(< filename) more of a drop-in replacment for $(cat filename).
OK kn@ florian@

17 months agoDefault pf rule "block return; pass" interferes with test.
bluhm [Wed, 24 May 2023 11:52:30 +0000 (11:52 +0000)]
Default pf rule "block return; pass" interferes with test.
Use "block; pass" instead.

17 months agoUpdate X509_VERIFY_PARAM_inherit() to reflect the change of behavior
tb [Wed, 24 May 2023 09:57:50 +0000 (09:57 +0000)]
Update X509_VERIFY_PARAM_inherit() to reflect the change of behavior
in x509_vpm.c r1.39.

17 months agoCopy the verify param hostflags independently of the host list
tb [Wed, 24 May 2023 09:15:14 +0000 (09:15 +0000)]
Copy the verify param hostflags independently of the host list

Without this, hostflags set on the SSL_CTX would not propagate to newly
created SSL. This is surprising behavior that was changed in OpenSSL 1.1
by Christian Heimes after the issue was flagged by Quentin Pradet:
https://bugs.python.org/issue43522
This is a version of the fix that landed in OpenSSL.

There used to be a workaround in place in urllib3, but that was removed at
some point. We haven't fixed this earlier since it wasn't reported. It only
showed up after recent fallout of extraordinarily strict library checking
in urllib3 coming from their own interpretation of the implications of
PEP 644.

ok jsing

17 months agoAdd a test to verify that an SSL inherits the hostflags from the SSL_CTX
tb [Wed, 24 May 2023 08:54:59 +0000 (08:54 +0000)]
Add a test to verify that an SSL inherits the hostflags from the SSL_CTX

This is currently an expected failure that will be fixed shortly.

17 months agoProvide CRYPTO_INT for statically linking libcrypto for libssl regress
tb [Wed, 24 May 2023 08:49:06 +0000 (08:49 +0000)]
Provide CRYPTO_INT for statically linking libcrypto for libssl regress

This will be needed for the ssl_verify_param test