openbsd
2 years agoDelete an #if block that dates from rev 1.1 and hasn't been enabled
guenther [Tue, 7 Dec 2021 17:50:44 +0000 (17:50 +0000)]
Delete an #if block that dates from rev 1.1 and hasn't been enabled
in those 20 years.  We're unlikely to take the macppc pmap in the
direction where it would apply.

ok kettenis@

2 years agoIn ipo_tdb the flow contains a reference counted TDB cache. This
bluhm [Tue, 7 Dec 2021 17:28:46 +0000 (17:28 +0000)]
In ipo_tdb the flow contains a reference counted TDB cache.  This
may prevent that tdb_free() is called.  It is not a real leak as
ipsecctl -F or termination of iked flush this cache when they remove
the IPsec policy.  Move the code from tdb_free() to tdb_delete(),
then the kernel does the cleanup itself.
OK mvs@ tobhe@

2 years agoAdd test case for authentication with locally stored peer certificates.
tobhe [Tue, 7 Dec 2021 17:26:14 +0000 (17:26 +0000)]
Add test case for authentication with locally stored peer certificates.

2 years agoFix locally stored peer certificates in /etc/iked/certs as documented in
tobhe [Tue, 7 Dec 2021 17:03:01 +0000 (17:03 +0000)]
Fix locally stored peer certificates in /etc/iked/certs as documented in
iked(8).  Local certificates are always trusted and preferred over certs
received over the wire.

ok patrick@ markus@

2 years agobe more specific which NETSCAPE stuff to ignore, and why
schwarze [Tue, 7 Dec 2021 17:01:08 +0000 (17:01 +0000)]
be more specific which NETSCAPE stuff to ignore, and why

2 years agoSome improvements allowing to handle asn1.h and x509v3.h:
schwarze [Tue, 7 Dec 2021 16:43:24 +0000 (16:43 +0000)]
Some improvements allowing to handle asn1.h and x509v3.h:
* handle multiple qualifiers on the function return type
* handle function pointer type declarations
* handle unions inside structs
* handle forward struct declarations
* handle "typedef const"
* handle ASN1_F_, ASN1_R_, and X509V3_R_ error constants
* handle "#if defined" in the same way as "#ifdef"
* skip whitespace between "#" and "define"
* skip whitespace before C comments
* ignore TYPEDEF_D2I2D_OF

2 years agoprint the failed method number
deraadt [Tue, 7 Dec 2021 16:07:56 +0000 (16:07 +0000)]
print the failed method number

2 years agoDon't truncate the default OpenBSD partition at the end of the
krw [Tue, 7 Dec 2021 14:58:32 +0000 (14:58 +0000)]
Don't truncate the default OpenBSD partition at the end of the
last full cylinder. Let it extend to the end of the disk.

2 years agoAdd EVFILT_EXCEPT filter for pipes
visa [Tue, 7 Dec 2021 14:06:16 +0000 (14:06 +0000)]
Add EVFILT_EXCEPT filter for pipes

The kqueue-based select(2) needs the filter to replicate the old
exceptfds behaviour. The upcoming new poll(2) code will use the filter
for POLLHUP condition checking when the events bitmap is clear of
read/write events.

OK anton@

2 years agoswitch from tradcpp(1) to cpp(1); ok jsg@
robert [Tue, 7 Dec 2021 14:00:33 +0000 (14:00 +0000)]
switch from tradcpp(1) to cpp(1); ok jsg@

2 years agoImprove the COMMAND SECTION section in multiple respects regarding
schwarze [Tue, 7 Dec 2021 13:26:49 +0000 (13:26 +0000)]
Improve the COMMAND SECTION section in multiple respects regarding
correctness, clarity, readability, and markup conventions.
Triggered by Richard Ulmer <... rulmer at mailbox dot org> wondering
whether the list of actions is complete and pointing out that
the "shell" action no longer exists (it was removed quite some time
ago for security reasons).
OK jmc@

2 years agoUse one common function to build the base directory path for repositories.
claudio [Tue, 7 Dec 2021 12:46:47 +0000 (12:46 +0000)]
Use one common function to build the base directory path for repositories.
OK benno@

2 years agoFix parsing of SR_IRQ resource descriptors here as well.
kettenis [Tue, 7 Dec 2021 10:16:50 +0000 (10:16 +0000)]
Fix parsing of SR_IRQ resource descriptors here as well.

ok patrick@, anton@

2 years agoFix parsing of SR_IRQ resource descriptors.
kettenis [Tue, 7 Dec 2021 10:15:25 +0000 (10:15 +0000)]
Fix parsing of SR_IRQ resource descriptors.

ok patrick@, anton@

2 years agoAdd missing kernel unlock in error path.
anton [Tue, 7 Dec 2021 07:58:56 +0000 (07:58 +0000)]
Add missing kernel unlock in error path.

ok dv@

Reported-by: syzbot+c773ba1ce9b2d259d27f@syzkaller.appspotmail.com
2 years agoRespond to OSC 4 query.
nicm [Tue, 7 Dec 2021 07:28:44 +0000 (07:28 +0000)]
Respond to OSC 4 query.

2 years agoUse four digits not two for RGB responses to match other terminals.
nicm [Tue, 7 Dec 2021 07:21:40 +0000 (07:21 +0000)]
Use four digits not two for RGB responses to match other terminals.

2 years agoContinue to delete emulation support: since we're Just ELF, the size
guenther [Tue, 7 Dec 2021 04:19:24 +0000 (04:19 +0000)]
Continue to delete emulation support: since we're Just ELF, the size
of the auxinfo is fixed: provide ELF_AUX_WORDS in <sys/exec_elf.h>
as a replacement for emul->e_arglen

ok millert@

2 years agoTwo of the umount -f are not neccessary, and only risk leaving
deraadt [Tue, 7 Dec 2021 04:13:22 +0000 (04:13 +0000)]
Two of the umount -f are not neccessary, and only risk leaving
filesystems in bad shape.  The other -f are special, and I haven't
though through them yet.
discussed with florian and tb a while back

2 years agolsearch(3): append key to array with memmove(3) instead of memcpy(3)
cheloha [Tue, 7 Dec 2021 04:01:45 +0000 (04:01 +0000)]
lsearch(3): append key to array with memmove(3) instead of memcpy(3)

If the key overlaps the end of the array, memcpy(3) mutates the key
and copies a corrupted value into the end of the array.

If we use memmove(3) instead we at least end up with a clean copy of
the key at the end of the array.  This is closer to the intended
behavior.

With input from millert@ and deraadt@.

Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2

ok millert@

2 years agosleep.3: miscellanous cleanup, rewrites
cheloha [Tue, 7 Dec 2021 03:16:08 +0000 (03:16 +0000)]
sleep.3: miscellanous cleanup, rewrites

Highlights:

- Tighten up the NAME.
- "process" -> "thread".
- Tidy up the DESCRIPTION.  In particular, omit discussion of the
  historial SIGALRM-based implementation.
- Simplify RETURN VALUES.
- Add an ERRORS section, note that sleep(3) can set EINTR.
- Update STANDARDS to POSIX.1-2008.
- Note that setting errno is an extension to the spec.

Discussed with and revised by jmc@, deraadt@, millert@, and schwarze@.
With a history lesson from jsg@.

Thread: https://marc.info/?l=openbsd-tech&m=162718445809428&w=2

"the changes read fine to me" jmc@, ok millert@ schwarze@

2 years agouvn_reference(): correct printf(9) argument order
cheloha [Tue, 7 Dec 2021 02:58:46 +0000 (02:58 +0000)]
uvn_reference(): correct printf(9) argument order

Thread: https://marc.info/?l=openbsd-tech&m=163884527530326&w=2

ok deraadt@

2 years agoMake `unp_msgcount' and `unp_file' protection with `unp_gc_lock'
mvs [Tue, 7 Dec 2021 01:19:47 +0000 (01:19 +0000)]
Make `unp_msgcount' and `unp_file' protection with `unp_gc_lock'
rwlock(9).

This save us from from races provided by unlocked access to the `f_count'
which cause false marking alive socket as dead. We always modify `f_count'
and `unp_msgcount' together so the `f_count' modification should also pass
the `unp_gc_rwlock' before `unp_msgcount' increment and after
`unp_msgcount' decrement. The locked `unp_file' assignment avoids us from
drain unp_gc() run.

This moves unp_gc() locking back when these wariables were protected with
the same lock which was taken for all garbage collector run but uses
another lock not `unp_lock'.

ok kettenis@ bluhm@

2 years agosys/signal.h (or some master include) must happen before sys/proc.h, which
deraadt [Tue, 7 Dec 2021 00:40:03 +0000 (00:40 +0000)]
sys/signal.h (or some master include) must happen before sys/proc.h, which
is not standalone.
This problem is being hidden by a sys/param.h which cannot be deleted yet.

2 years agoUse PATH_MAX (the standard name) rather than MAXPATHLEN (from BSD sys/param.h)
deraadt [Tue, 7 Dec 2021 00:38:42 +0000 (00:38 +0000)]
Use PATH_MAX (the standard name) rather than MAXPATHLEN (from BSD sys/param.h)

2 years agoLogging received addresses and DNS configuration only makes sense for
tobhe [Mon, 6 Dec 2021 21:47:27 +0000 (21:47 +0000)]
Logging received addresses and DNS configuration only makes sense for
the initiator.

ok patrick@

2 years agoStart to delete emulation support: since we're Just ELF, make
guenther [Mon, 6 Dec 2021 21:21:10 +0000 (21:21 +0000)]
Start to delete emulation support: since we're Just ELF, make
copyargs() return 0/1 and merge elf_copyargs() into it.  Rename
ep_emul_arg and ep_emul_argp to have clearer meaning and type and
eliminate ep_emul_argsize as no longer necessary.  Make sure
ep_auxinfo (nee ep_emul_argp) is initialized as powerpc64 always
uses it in setregs().

ok semarie@ deraadt@ kettenis@

2 years agoImplement DMA address translation for "raw" loads as well.
kettenis [Mon, 6 Dec 2021 20:01:54 +0000 (20:01 +0000)]
Implement DMA address translation for "raw" loads as well.

ok patrick@

2 years agoIn the next major bump, some BN macros will become functions.
schwarze [Mon, 6 Dec 2021 19:45:27 +0000 (19:45 +0000)]
In the next major bump, some BN macros will become functions.
In order to not forget it, already remove the statements
that these APIs are currently implemented as macros:
Not saying that doesn't make the documentation wrong.

2 years agoImplement DMA address translation for "raw" loads as well.
kettenis [Mon, 6 Dec 2021 19:38:39 +0000 (19:38 +0000)]
Implement DMA address translation for "raw" loads as well.

ok patrick@

2 years agoAdd missing short-circuit in bcmpcie_dmamap_load_raw().
kettenis [Mon, 6 Dec 2021 18:02:58 +0000 (18:02 +0000)]
Add missing short-circuit in bcmpcie_dmamap_load_raw().

ok patrick@

2 years agoClean up a bunch of dead code in s_server.c and s_socket.c
tb [Mon, 6 Dec 2021 11:06:58 +0000 (11:06 +0000)]
Clean up a bunch of dead code in s_server.c and s_socket.c

jsg's analysis tool flagged a potential double free in do_server().
While this looks like a false positive, we can clean this code up
a little: the host name passed to the callbacks isn't used by either
sv_body() and www_body(), so it can be made local to do_accept()
(an extra variable would not even be needed).  Simplify the callbacks'
signatures accordingly. Remove some commented out linger code that
would never be used again anyway.

ok inoguchi jsg

2 years agoFix g/G keys to be in line with copy mode.
nicm [Mon, 6 Dec 2021 10:10:52 +0000 (10:10 +0000)]
Fix g/G keys to be in line with copy mode.

2 years agoDo not dereference NULL window when resizing client, GitHub issue 2982.
nicm [Mon, 6 Dec 2021 10:08:42 +0000 (10:08 +0000)]
Do not dereference NULL window when resizing client, GitHub issue 2982.

2 years agozero correct var in cpu_dump()
jsg [Mon, 6 Dec 2021 09:49:46 +0000 (09:49 +0000)]
zero correct var in cpu_dump()
ok guenther@ deraadt@

2 years agofix odd check in pfi_kif_free()
sashan [Mon, 6 Dec 2021 07:41:33 +0000 (07:41 +0000)]
fix odd check in pfi_kif_free()
pointed out by jsg@

OK jsg@

2 years agoTest poll/select with various I/O conditions; not hooked up yet.
visa [Mon, 6 Dec 2021 05:52:07 +0000 (05:52 +0000)]
Test poll/select with various I/O conditions; not hooked up yet.

2 years agogettimeofday.2: miscellaneous manpage cleanup
cheloha [Mon, 6 Dec 2021 02:48:55 +0000 (02:48 +0000)]
gettimeofday.2: miscellaneous manpage cleanup

Highlights:

- Tweak the one-liner description.
- Better variable names.
- Reorder DESCRIPTION to reflect the importance of each interface.
- Advise against using gettimeofday(2) for measuring elapsed time.
- Isolate discussion of the historical timezone parameter to its
  own paragraph at the end of the DESCRIPTION.
- Update ERRORS.  Mention the securelevel(7) EPERM for settimeofday(2).
- Expand SEE ALSO.
- Note settimeofday(2) in STANDARDS.  It is available on many systems.

Discussed with jmc@, millert@, and deraadt@.  Possibly discussed with
schwarze@, though I can't find the email.

Thread: https://marc.info/?t=162765632800002&r=1&w=2

"reads fine to me" jmc@, ok millert@

2 years agotime.3: miscellaneous manpage cleanup
cheloha [Mon, 6 Dec 2021 00:15:01 +0000 (00:15 +0000)]
time.3: miscellaneous manpage cleanup

- Change "tloc" variable to "now" to reinforce meaning.
- Simplify DESCRIPTION.
- No point in describing how gettimeofday(2) can fail here.
- Add a STANDARDS section.
- Rework the HISTORY section.

With input from jmc@, millert@, and schwarze@.

Thread: https://marc.info/?l=openbsd-tech&m=162766815024823&w=2

"reads fine" jmc@, ok schwarze@

2 years agosys/select.h is not needed, if howmany/NBBY are needed they will arrive
deraadt [Sun, 5 Dec 2021 22:36:19 +0000 (22:36 +0000)]
sys/select.h is not needed, if howmany/NBBY are needed they will arrive
via netinet/in.h and sys/time.h, which I must say surprises me a bit

2 years agokbind(2): disable system call if not initialized before first __tfork(2)
cheloha [Sun, 5 Dec 2021 22:00:42 +0000 (22:00 +0000)]
kbind(2): disable system call if not initialized before first __tfork(2)

To unlock kbind(2) we need to protect ps_kbind_addr and
ps_kbind_cookie.

The simplest way to do this is to disallow kbind(2) initialization
after the first __tfork(2) call.  If the first thread does not
initialize the kbind(2) variables before __tfork(2) then we disable
kbind(2) during that first __tfork(2) call.

This is guenther@'s patch, I'm just committing it.

Discussed with guenther@, deraadt@, kettenis@, and mpi@.

ok kettenis@, positive response from mpi@, "I am busy" guenther@

2 years agoAdd test case for policy matching on responder with multiple policies that
tobhe [Sun, 5 Dec 2021 20:21:14 +0000 (20:21 +0000)]
Add test case for policy matching on responder with multiple policies that
only differ by srcid.

2 years agolibpcap parser uses a memory tracker to only free all objects at the end.
deraadt [Sun, 5 Dec 2021 16:40:24 +0000 (16:40 +0000)]
libpcap parser uses a memory tracker to only free all objects at the end.
this code was slicing up large mallocs with sys/param.h ALIGN().  such a
scheme loses the many overflow/damage checking benefits of malloc per object.
Change the code to track independent allocations, rather than slicing.
ok gnezdo claudio

2 years agoelf64_checkum->elf64_checksum; adapted from changes by saitoh masanobu
jmc [Sun, 5 Dec 2021 16:07:01 +0000 (16:07 +0000)]
elf64_checkum->elf64_checksum; adapted from changes by saitoh masanobu

2 years agosytle -> style; adapted from changes by saitoh masanobu
jmc [Sun, 5 Dec 2021 15:53:46 +0000 (15:53 +0000)]
sytle -> style; adapted from changes by saitoh masanobu

2 years agoadd missing mtx_leave() calls in error paths
jsg [Sun, 5 Dec 2021 15:35:32 +0000 (15:35 +0000)]
add missing mtx_leave() calls in error paths
ok anton@

2 years agofix use after free
jsg [Sun, 5 Dec 2021 13:48:14 +0000 (13:48 +0000)]
fix use after free
ok tb@

2 years agoAllow libradius tests to compile with opaque HMAC_CTX.
tb [Sun, 5 Dec 2021 13:47:52 +0000 (13:47 +0000)]
Allow libradius tests to compile with opaque HMAC_CTX.

2 years agoSimplify DH_check_params a bit.
tb [Sun, 5 Dec 2021 13:45:26 +0000 (13:45 +0000)]
Simplify DH_check_params a bit.

It makes no sense to allocate an entire BN_CTX if we only use it to
get a single BIGNUM, from which we subtract 1 to compare it to g.
We can just use a plain BIGNUM and delete a bunch of lines.

ok inoguchi jsing

2 years agoAdd initial regress for CT.
jsing [Sun, 5 Dec 2021 13:01:08 +0000 (13:01 +0000)]
Add initial regress for CT.

This provides test coverage for SCT encoding/decoding.

2 years agofix unintended sizeof pointer in debug path
jsg [Sun, 5 Dec 2021 12:28:27 +0000 (12:28 +0000)]
fix unintended sizeof pointer in debug path
ok markus@

2 years agofix unintended sizeof pointer
jsg [Sun, 5 Dec 2021 12:26:27 +0000 (12:26 +0000)]
fix unintended sizeof pointer
ok claudio@

2 years agoDefer rtm_80211info() call from ieee80211_set_link_state() to a task context.
stsp [Sun, 5 Dec 2021 11:33:45 +0000 (11:33 +0000)]
Defer rtm_80211info() call from ieee80211_set_link_state() to a task context.

Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.

Should fix a witness-related panic reported by cheloha@

ok mvs@ tobhe@ florian@

2 years agoAdd RCS markers
tb [Sun, 5 Dec 2021 09:37:46 +0000 (09:37 +0000)]
Add RCS markers

2 years agovmm(4): reload vmcs after possible sleep points
dv [Sat, 4 Dec 2021 18:51:36 +0000 (18:51 +0000)]
vmm(4): reload vmcs after possible sleep points

Guests running on Intel hosts that sleep on a lock might have their
process moved to another cpu core by the scheduler. If this happens,
the VMCS needs to be remotely cleared and locally loaded otherwise
vmx instructions will fail. vmd(8) will receive a failure code and
abort the guest.

This change stores the current (last) cpu the process was on before
attempting a function call that may sleep (e.g. uvm_fault(9)). Upon
function return, perform the VMCS dance if needed.

Tested with help from Mischa Pieters.

OK mlarkin@

2 years agogross trailing whitespace
tb [Sat, 4 Dec 2021 17:03:43 +0000 (17:03 +0000)]
gross trailing whitespace

2 years agoList subdirectories as a simple list. Avoids a source of many merge
tb [Sat, 4 Dec 2021 16:29:25 +0000 (16:29 +0000)]
List subdirectories as a simple list. Avoids a source of many merge
conflicts in my work on making much of libcrypto opaque.

discussed with jsing

2 years agoAnnotate the structs to be moved to bn_lcl.h in the next bump
tb [Sat, 4 Dec 2021 16:11:10 +0000 (16:11 +0000)]
Annotate the structs to be moved to bn_lcl.h in the next bump

ok inoguchi jsing

2 years agoUse BN_is_negative(p) instead of p->neg in one place.
tb [Sat, 4 Dec 2021 16:09:59 +0000 (16:09 +0000)]
Use BN_is_negative(p) instead of p->neg in one place.

2 years agoAdd #include "bn_lcl.h" to the files that will soon need it.
tb [Sat, 4 Dec 2021 16:08:32 +0000 (16:08 +0000)]
Add #include "bn_lcl.h" to the files that will soon need it.

ok inoguchi jsing

2 years agoPrevious diff was incomplete, we also need to do DMA translation for
kettenis [Sat, 4 Dec 2021 16:08:02 +0000 (16:08 +0000)]
Previous diff was incomplete, we also need to do DMA translation for
bus_dmamap_load_raw(9).  This fixes xhci(4) on the rpi4 with the
U-Boot from ports that is installed on the arm64 installation media.

ok mglocker@, patrick@

2 years agoImplement the BN_to_montgomery() macro as a function
tb [Sat, 4 Dec 2021 16:05:46 +0000 (16:05 +0000)]
Implement the BN_to_montgomery() macro as a function

ok inoguchi jsing

2 years agoImplement the BN_is_negative macro as a function
tb [Sat, 4 Dec 2021 16:02:44 +0000 (16:02 +0000)]
Implement the BN_is_negative macro as a function

ok inoguchi jsing

2 years agoProvide function implementations for various BN_* macros
tb [Sat, 4 Dec 2021 15:59:52 +0000 (15:59 +0000)]
Provide function implementations for various BN_* macros

BN_abs_is_word, BN_is_{zero,one,word,odd}, BN_one, BN_zero_ex are
now implemented as functions for internal use. They will be exposed
publicly to replace the macros reaching into BIGNUM in the next bump.

ok inoguchi jsing

2 years agoProvide replacement functions for the BN_{get,set,with}_flags() macros.
tb [Sat, 4 Dec 2021 15:53:01 +0000 (15:53 +0000)]
Provide replacement functions for the BN_{get,set,with}_flags() macros.

ok inoguchi jsing

2 years agoProvide replacement functions for the BN_GENCB_set{,_old}() macros
tb [Sat, 4 Dec 2021 15:48:23 +0000 (15:48 +0000)]
Provide replacement functions for the BN_GENCB_set{,_old}() macros

The function implementations are necessary to make BIGNUM opaque.
They will be used in libcrypto internally until they will replace
the macro implementations with the next bump.

ok inoguchi jsing

2 years agoConsolidate {d2i,i2d}_{pr,pu}.c
jsing [Sat, 4 Dec 2021 15:38:10 +0000 (15:38 +0000)]
Consolidate {d2i,i2d}_{pr,pu}.c

Currently there are two files for private key ASN.1 (d2i_pr.c, i2d_pr.c)
and two files for public key ASN.1 (d2i_pu.c, i2d_pu.c). All of the other
ASN.1 code has d2i and i2d in the same per-object file.

Consolidate d2i_pr.c/i2d_pr.c into a_pkey.c and consolidate
d2i_pu.c/i2d_pu.c into a_pubkey.c before making any further changes to
this code.

ok tb@

2 years agoClean up and refactor server side DHE key exchange.
jsing [Sat, 4 Dec 2021 14:03:22 +0000 (14:03 +0000)]
Clean up and refactor server side DHE key exchange.

Provide ssl_kex_generate_dhe_params_auto() which handles DHE key generation
based on parameters determined by the specified key bits. Convert the
existing DHE auto parameter selection code into a function that just tells
us how many key bits to use.

Untangle and rework the server side DHE key exchange to use the ssl_kex_*
functions.

ok inoguchi@ tb@

2 years agoMove the minimum DHE key size check into ssl_kex_peer_params_dhe()
jsing [Sat, 4 Dec 2021 13:50:35 +0000 (13:50 +0000)]
Move the minimum DHE key size check into ssl_kex_peer_params_dhe()

ok inoguchi@ tb@

2 years agoCheck DH public key in ssl_kex_peer_public_dhe().
jsing [Sat, 4 Dec 2021 13:15:10 +0000 (13:15 +0000)]
Check DH public key in ssl_kex_peer_public_dhe().

Call DH_check_pub_key() after decoding the peer public key - this will be
needed for the server DHE key exchange, but also benefits the client.

ok inoguchi@ tb@

2 years agoSend out dstid as initiator if configured. This makes it easier for
tobhe [Sat, 4 Dec 2021 13:07:17 +0000 (13:07 +0000)]
Send out dstid as initiator if configured. This makes it easier for
the responder to match the correct policy if multiple are available.

ok patrick@

2 years agoFree cert, key and ocsp_staple on exit of do_keypair_test().
tb [Sat, 4 Dec 2021 09:04:36 +0000 (09:04 +0000)]
Free cert, key and ocsp_staple on exit of do_keypair_test().

Reported by Ilya Shipitsine, discussed with jsing

2 years agoConvert main into single exit to appease asan.
tb [Sat, 4 Dec 2021 08:15:16 +0000 (08:15 +0000)]
Convert main into single exit to appease asan.

2 years agoExplicitly free EVP_MD_CTX to appease asan. Reported by Ilya Shipitsin.
tb [Sat, 4 Dec 2021 07:58:10 +0000 (07:58 +0000)]
Explicitly free EVP_MD_CTX to appease asan. Reported by Ilya Shipitsin.

2 years agolist backup files created by adduser; from leon fischer
jmc [Sat, 4 Dec 2021 07:31:38 +0000 (07:31 +0000)]
list backup files created by adduser; from leon fischer
adjust list width to make it all fit

2 years agoupdate the firmware file list, helped by stsp;
jmc [Sat, 4 Dec 2021 07:27:38 +0000 (07:27 +0000)]
update the firmware file list, helped by stsp;

2 years agoConsolidate error paths in usbd_new_device, shaving of 14 lines.
anton [Sat, 4 Dec 2021 07:01:59 +0000 (07:01 +0000)]
Consolidate error paths in usbd_new_device, shaving of 14 lines.

ok bluhm@

2 years agoDo not setup pipes between SERVER processes, they don't talk to each
florian [Sat, 4 Dec 2021 06:52:58 +0000 (06:52 +0000)]
Do not setup pipes between SERVER processes, they don't talk to each
other. Since this generates a full mesh, the amount of filedescriptors
needed grows quadratically with the amount of configured prefork
processes.

Might fix an out of filedescriptor bug that beck is seeing.
OK benno

2 years agoAdd regress for ECPKParameters ASN.1 encoding/decoding.
jsing [Sat, 4 Dec 2021 05:15:09 +0000 (05:15 +0000)]
Add regress for ECPKParameters ASN.1 encoding/decoding.

2 years agoRSA/SHA-1 is not used by default anymore on the server
naddy [Sat, 4 Dec 2021 00:05:39 +0000 (00:05 +0000)]
RSA/SHA-1 is not used by default anymore on the server

2 years agoadd Allwinner H6 support
uaa [Fri, 3 Dec 2021 19:22:42 +0000 (19:22 +0000)]
add Allwinner H6 support
ok kettenis@

2 years agosupport AXP805 PMIC
uaa [Fri, 3 Dec 2021 19:17:27 +0000 (19:17 +0000)]
support AXP805 PMIC
ok kettenis@

2 years ago- support I2C connected PMIC, add "early 1" to sxitwi.
uaa [Fri, 3 Dec 2021 19:16:29 +0000 (19:16 +0000)]
- support I2C connected PMIC, add "early 1" to sxitwi.
- support axppmic via iic

ok kettenis@

2 years agoAdd tdb_delete_locked() to replace duplicate tdb deletion code in
tobhe [Fri, 3 Dec 2021 19:04:49 +0000 (19:04 +0000)]
Add tdb_delete_locked() to replace duplicate tdb deletion code in
pfkey_flush().

ok bluhm@ mvs@

2 years agoPerform DMA address translation if required.
kettenis [Fri, 3 Dec 2021 18:23:41 +0000 (18:23 +0000)]
Perform DMA address translation if required.

ok patrick@

2 years agoReplace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function.
jsing [Fri, 3 Dec 2021 17:27:34 +0000 (17:27 +0000)]
Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a function.

Call the replacement asn1_tlc_invalidate() since it does not actually
clear the ASN1_TLC.

While here, name the ASN1_TLC variables consistently as ctx, remove a
pointless comment and simplify ASN1_item_d2i() slightly.

ok inoguchi@ tb@

2 years agoGroup and sort includes.
jsing [Fri, 3 Dec 2021 17:23:16 +0000 (17:23 +0000)]
Group and sort includes.

2 years agoCall asn1_item_ex_d2i() directly from ASN1_item_d2i()
jsing [Fri, 3 Dec 2021 17:22:10 +0000 (17:22 +0000)]
Call asn1_item_ex_d2i() directly from ASN1_item_d2i()

ASN1_item_ex_d2i() is just a wrapper around the internal asn1_item_ex_d2i()
function, so call asn1_item_ex_d2i() directly.

ok inoguchi@ tb@

2 years agoAdd TDB reference counting to ipsp_spd_lookup(). If an output
bluhm [Fri, 3 Dec 2021 17:18:34 +0000 (17:18 +0000)]
Add TDB reference counting to ipsp_spd_lookup().  If an output
pointer is passed to the function, it will return a refcounted TDB.
The ref happens when ipsp_spd_inp() copies the pointer from
ipo->ipo_tdb.  The caller of ipsp_spd_lookup() has to unref after
using it.
tested by Hrvoje Popovski; OK mvs@ tobhe@

2 years agoConvert ASN1_PCTX_new() to calloc().
jsing [Fri, 3 Dec 2021 17:10:49 +0000 (17:10 +0000)]
Convert ASN1_PCTX_new() to calloc().

Rather than using malloc() and then initialising all struct members to zero
values, use calloc().

ok schwarze@ tb@

2 years agoUse calloc() for X509_CRL_METHOD_new() instead of malloc().
jsing [Fri, 3 Dec 2021 17:07:53 +0000 (17:07 +0000)]
Use calloc() for X509_CRL_METHOD_new() instead of malloc().

This ensures that if any members are added to this struct, they will be
initialised.

ok schwarze@ tb@

2 years agoRewrite ASN1_STRING_cmp().
jsing [Fri, 3 Dec 2021 17:03:54 +0000 (17:03 +0000)]
Rewrite ASN1_STRING_cmp().

This removes nested ifs and uses more sensible variable names.

ok schwarze@ tb@

2 years agoConvert ASN1_STRING_type_new() to calloc().
jsing [Fri, 3 Dec 2021 17:01:07 +0000 (17:01 +0000)]
Convert ASN1_STRING_type_new() to calloc().

Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.

ok schwarze@ tb@

2 years agoConvert ASN1_OBJECT_new() to calloc().
jsing [Fri, 3 Dec 2021 16:58:11 +0000 (16:58 +0000)]
Convert ASN1_OBJECT_new() to calloc().

Rather than using malloc() and then initialising all struct members, use
calloc() and only initialise the single non-zero value member.

ok schwarze@ tb@

2 years agoConvert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1
jsing [Fri, 3 Dec 2021 16:46:50 +0000 (16:46 +0000)]
Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated ASN1

These functions previously used the old ASN1_{d2i,i2d}_{bio,fp}()
interfaces.

ok inoguchi@ tb@

2 years agoFixed-size NOFILE_MAX (from sys/param.h of course) array is crazy, so
deraadt [Fri, 3 Dec 2021 15:15:22 +0000 (15:15 +0000)]
Fixed-size NOFILE_MAX (from sys/param.h of course) array is crazy, so
rewrite to expand the array as needed.
ok tb

2 years agoSwitch iwx(4) to new -67 firmware images.
stsp [Fri, 3 Dec 2021 14:32:08 +0000 (14:32 +0000)]
Switch iwx(4) to new -67 firmware images.

iwx-firmware-20211101 must be installed with fw_update(1) before
booting a new kernel. sysupgrade(8) will take care of this.

Intel has published a related security advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html

iwx(4) devices which are using the iwx-Qu-c0-hr-b0-63 image did
not receive a firmware update. I have no idea why.

Tested:
ax200: jmc, stsp, Matthias Schmidt
ax201: fkr, stsp

2 years agoUse calloc() in EVP_PKEY_meth_new() instead of malloc() and setting
tb [Fri, 3 Dec 2021 14:19:57 +0000 (14:19 +0000)]
Use calloc() in EVP_PKEY_meth_new() instead of malloc() and setting
almost all members to 0. Just set the two things that need setting.

ok jsing

2 years agoFix EVP_PKEY_{asn1,meth}_copy once and for all
tb [Fri, 3 Dec 2021 14:18:06 +0000 (14:18 +0000)]
Fix EVP_PKEY_{asn1,meth}_copy once and for all

It is very easy to forget to copy over newly added methods. Everyone
working in this corner has run into this. Instead, preserve what needs
preserving and use a struct copy, so all methods get copied from src
to dest.

tweak/ok jsing

2 years agoRevert previous
kn [Fri, 3 Dec 2021 14:15:07 +0000 (14:15 +0000)]
Revert previous

Those scripts are not hooked up to the build yet;
I assumed they were without checking, my bad.

Reminded by deraadt