jsing [Tue, 26 Mar 2024 12:23:02 +0000 (12:23 +0000)]
Inline initial values.
No functional change.
jsing [Tue, 26 Mar 2024 12:18:23 +0000 (12:18 +0000)]
Rework input and output handling for md4.
Use le32toh(), htole32() and crypto_{load,store}_htole32() as appropriate.
ok joshua@ tb@
joshua [Tue, 26 Mar 2024 12:10:50 +0000 (12:10 +0000)]
Simplify HMAC_CTX_new()
There is no need to call HMAC_CTX_init() as the memory has already been
initialised to zero.
ok tb
joshua [Tue, 26 Mar 2024 11:25:08 +0000 (11:25 +0000)]
Clean up EVP_DigestSignFinal
ok jsing tb
jsg [Tue, 26 Mar 2024 11:17:36 +0000 (11:17 +0000)]
Temporarily change the connector to unregistered when adding the backlight
property to avoid warnings. Matches how inteldrm_native_backlight()
handles this.
problem reported and fix tested by tb@
tb [Tue, 26 Mar 2024 11:09:37 +0000 (11:09 +0000)]
Reject setting invalid versions for certs, CRLs and CSRs
The toolkit aspect bites again. Lots of invalid CRLs and CSRs are produced
because people neither read the RFCs nor does the toolkit check anything it
is fed. Reviewers apparently also aren't capable of remembering that they
have three copy-pasted versions of the same API and that adding a version
check to one of the might suggest adding one for the other two.
This requires ruby-openssl 20240326p0 to pass
ok beck job jsing
jsg [Tue, 26 Mar 2024 11:09:02 +0000 (11:09 +0000)]
test bl_idx instead of the connector type to check for backlight
tested by tb@
nicm [Tue, 26 Mar 2024 10:20:20 +0000 (10:20 +0000)]
Fix selection present check, reported by M Kelly.
bluhm [Tue, 26 Mar 2024 10:01:57 +0000 (10:01 +0000)]
Avoid NULL pointer dereference in routing table an_match().
OK mvs@
mvs [Tue, 26 Mar 2024 09:46:47 +0000 (09:46 +0000)]
Use `sb_mtx' to protect `so_rcv' receive buffer of unix(4) sockets.
This makes re-locking unnecessary in the uipc_*send() paths, because
it's enough to lock one socket to prevent peer from concurrent
disconnection. As the little bonus, one unix(4) socket can perform
simultaneous transmission and reception with one exception for
uipc_rcvd(), which still requires the re-lock for connection oriented
sockets.
The socket lock is not held while filt_soread() and filt_soexcept()
called from uipc_*send() through sorwakeup(). However, the unlocked
access to the `so_options', `so_state' and `so_error' is fine.
The receiving socket can't be or became listening socket. It also can't
be disconnected concurrently. This makes immutable SO_ACCEPTCONN,
SS_ISDISCONNECTED and SS_ISCONNECTED bits which are clean and set
respectively.
`so_error' is set on the peer sockets only by unp_detach(), which also
can't be called concurrently on sending socket.
This is also true for filt_fiforead() and filt_fifoexcept(). For other
callers like kevent(2) or doaccept() the socket lock is still held.
ok bluhm
joshua [Tue, 26 Mar 2024 08:54:48 +0000 (08:54 +0000)]
Add TLS_ERROR_INVALID_CONTEXT error code to libtls
ok jsing@ beck@
dtucker [Tue, 26 Mar 2024 08:09:16 +0000 (08:09 +0000)]
test -h is the POSIXly way of testing for a symlink. Reduces diff vs
Portable.
jsing [Tue, 26 Mar 2024 07:12:52 +0000 (07:12 +0000)]
Remove now unnecessary do {} while (0);
jsing [Tue, 26 Mar 2024 07:11:29 +0000 (07:11 +0000)]
Inline HASH_MAKE_STRING.
No change to generated assembly.
tb [Tue, 26 Mar 2024 07:03:10 +0000 (07:03 +0000)]
Remove PKCS5_pbe2_set_iv()
This used to be a generalization of PKCS5_pbe2_set(). Its only caller was
the latter, which always passes aiv == NULL and pbe_prf == -1. Thus, the
iv would always be random and regarding the pbe_prf, it would always end
up being NID_hmacWithSHA1 since the only ctrl grokking EVP_CTRL_PBE_PRF_NID
was RC2's control, but only if PBE_PRF_TEST was defined, which it wasn't.
ok jsing
jsing [Tue, 26 Mar 2024 06:58:58 +0000 (06:58 +0000)]
Reorder functions expanded from md32_common.h.
No functional change.
tb [Tue, 26 Mar 2024 06:58:21 +0000 (06:58 +0000)]
Unifdef PBE_PRF_TEST
This gets use of the last mention of EVP_CTRL_PBE_PRF_NID outside of evp.h
ok jsing
jsing [Tue, 26 Mar 2024 06:54:20 +0000 (06:54 +0000)]
Expand HASH_* defines.
No change to generated assembly.
jsing [Tue, 26 Mar 2024 06:40:29 +0000 (06:40 +0000)]
Inline hash functions from md32_common.h.
No change to generated assembly.
jsing [Tue, 26 Mar 2024 06:31:22 +0000 (06:31 +0000)]
Fix previous commit.
joshua [Tue, 26 Mar 2024 06:24:52 +0000 (06:24 +0000)]
Add error code support to libtls
This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.
Additional error codes will be added in follow-up commits.
ok jsing@ beck@
jsing [Tue, 26 Mar 2024 06:23:07 +0000 (06:23 +0000)]
Reorder functions.
No functional change.
jsing [Tue, 26 Mar 2024 06:09:25 +0000 (06:09 +0000)]
Provide an optimised bn_subw() for amd64.
bn_subw() will be used more widely in an upcoming change.
joshua [Tue, 26 Mar 2024 06:08:51 +0000 (06:08 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_SignFinal
ok jsing@
jsing [Tue, 26 Mar 2024 05:55:15 +0000 (05:55 +0000)]
Stop including md32_common.h in md5.c and remove unused defines.
This is now no longer needed.
ok tb@
joshua [Tue, 26 Mar 2024 05:50:49 +0000 (05:50 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_VerifyFinal
ok tb@
jsing [Tue, 26 Mar 2024 05:46:13 +0000 (05:46 +0000)]
Include stdint.h for uintptr_t.
tb [Tue, 26 Mar 2024 05:43:22 +0000 (05:43 +0000)]
Add back x509_local.h for PBKDF2PARAM
tb [Tue, 26 Mar 2024 05:39:47 +0000 (05:39 +0000)]
PKCS5_pbe2_set_iv() can be local to p5_pbev2
quoth the muppet "yes I know this is horrible!"
joshua [Tue, 26 Mar 2024 05:37:28 +0000 (05:37 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS1_MGF1
ok tb@
joshua [Tue, 26 Mar 2024 05:26:27 +0000 (05:26 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in
RSA_verify_PKCS1_PSS_mgf1
ok jsing@ tb@
joshua [Tue, 26 Mar 2024 05:22:50 +0000 (05:22 +0000)]
Clean up use of EVP_CIPHER_CTX_{legacy_clear,cleanup} in EVP_OpenInit
ok tb@
jsing [Tue, 26 Mar 2024 05:21:35 +0000 (05:21 +0000)]
Demacro MD5 and improve data loading.
Use static inline functions instead of macros and improve handling of
aligned data. Also number rounds as per RFC 1321.
ok tb@
jsing [Tue, 26 Mar 2024 04:23:04 +0000 (04:23 +0000)]
Mark internal functions as static.
jsing [Tue, 26 Mar 2024 04:14:45 +0000 (04:14 +0000)]
Move bn_montgomery_reduce() and drop prototype.
No functional change.
jsing [Tue, 26 Mar 2024 04:11:42 +0000 (04:11 +0000)]
Fix function guards.
beck [Tue, 26 Mar 2024 03:44:11 +0000 (03:44 +0000)]
Add an indicator that an extension has been processed.
ok jsing@
beck [Tue, 26 Mar 2024 02:43:56 +0000 (02:43 +0000)]
Fix expected client hello value to allow for supported_groups change.
ok jsing@
tb [Tue, 26 Mar 2024 01:41:06 +0000 (01:41 +0000)]
Garbage collect the unused verifyctx() and verifyctx_init()
ok joshua jsing
jsg [Tue, 26 Mar 2024 01:28:17 +0000 (01:28 +0000)]
adapt ttm fault handler to OpenBSD
used by gem objects on dg2
dtucker [Tue, 26 Mar 2024 01:23:11 +0000 (01:23 +0000)]
Import regenerated moduli.
beck [Tue, 26 Mar 2024 01:21:34 +0000 (01:21 +0000)]
Process supported groups before key share.
This will allow us to know the client preferences for an upcoming
change to key share processing.
ok jsing@
beck [Tue, 26 Mar 2024 01:18:16 +0000 (01:18 +0000)]
Disable client handshake test for now for pending changes.
ok jsing@
joshua [Tue, 26 Mar 2024 01:15:57 +0000 (01:15 +0000)]
Use errno_value instead of num for readability
ok jsing@
dlg [Tue, 26 Mar 2024 00:54:24 +0000 (00:54 +0000)]
print amps and watts
dlg [Tue, 26 Mar 2024 00:53:51 +0000 (00:53 +0000)]
amps and watts types
volts felt lonely
joshua [Tue, 26 Mar 2024 00:50:22 +0000 (00:50 +0000)]
Use errno_value instead of num for readability
ok beck@ jsing@
beck [Tue, 26 Mar 2024 00:39:22 +0000 (00:39 +0000)]
Change ts to only support one second precision.
RFC 3631 allows for sub second ASN1 GENERALIZED times, if you
choose to support sub second time precison. It does not
indicate that an implementation must support them.
Supporting sub second timestamps is just silly and unrealistic,
so set our maximum to one second of precision. We then simplify
this code by removing some nasty eye-bleed that made artisinally
hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME.
ok tb@, jsing@, with one second precision tested by kn@
tb [Tue, 26 Mar 2024 00:24:11 +0000 (00:24 +0000)]
Clean up conf's module_init()
Immediately error out when no name or value is passed instead of hiding
this in a a combination of ternary operator and strdup error check.
Use calloc(). Unindent some stupid, don't pretend this function can return
anything but -1 and 1, turn the whole thing into single exit and call the
now existing imodule_free() instead of handrolling it.
ok jsing
kettenis [Mon, 25 Mar 2024 23:10:03 +0000 (23:10 +0000)]
Add missing SFENCE.VMA instructions after switching page tables during
early kernel bootstrap.
ok jsg@, mlarkin@
mbuhl [Mon, 25 Mar 2024 20:25:13 +0000 (20:25 +0000)]
Add the VLAN_HWTAGGING capability. Big thanks to bket@ for testing,
rebasing, refactoring, and addressing feedback for this diff.
ok bluhm@, jan@
djm [Mon, 25 Mar 2024 19:28:09 +0000 (19:28 +0000)]
optional debugging
op [Mon, 25 Mar 2024 19:11:52 +0000 (19:11 +0000)]
remove possibly bogus length check
len is initially the line length, but then the two go out of sync.
ok millert@
guenther [Mon, 25 Mar 2024 17:57:07 +0000 (17:57 +0000)]
Move the "no (hard) linking directories" and "no cross-mount links"
checks from all the filesystems that support hardlinks at all into
the VFS layer. Simplify, EPERM description in link(2).
ok miod@ mpi@
mvs [Mon, 25 Mar 2024 17:43:10 +0000 (17:43 +0000)]
regen
mvs [Mon, 25 Mar 2024 17:42:34 +0000 (17:42 +0000)]
Unlock shutdown(2).
ok bluhm
patrick [Mon, 25 Mar 2024 17:24:03 +0000 (17:24 +0000)]
Add rpigpio(4), a driver for the RP1 GPIO controller on the Raspberry Pi 5.
With this, GPIOs can be correctly configured and engaged. Complete pinctrl
as well as IRQ functionality is yet to be implemented.
ok kettenis@
millert [Mon, 25 Mar 2024 15:52:39 +0000 (15:52 +0000)]
whois: use getline(3) instead of fgetln(3)
This simplifies the code and fixes a potential out of bounds read.
OK op@ mbuhl@
jsing [Mon, 25 Mar 2024 13:09:13 +0000 (13:09 +0000)]
Rewrite HKDF_expand().
Simplify overflow checking and length tracking, use a CBB to handle output
and use HMAC_CTX_new() rather than having a HMAC_CTX on the stack.
ok tb@
mvs [Mon, 25 Mar 2024 13:01:49 +0000 (13:01 +0000)]
Add 'ws_' prefix to 'wseventvar' structure members. No functional
changes.
ok miod
jsing [Mon, 25 Mar 2024 12:10:57 +0000 (12:10 +0000)]
Revert r1.13 since it currently breaks openssl-ruby regress tests.
ok tb@
joshua [Mon, 25 Mar 2024 11:41:40 +0000 (11:41 +0000)]
Inline sctx in EVP_DigestSignFinal
ok tb@ jsing@
joshua [Mon, 25 Mar 2024 11:38:47 +0000 (11:38 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS5_PBE_keyivgen
ok tb@
jsg [Mon, 25 Mar 2024 11:37:18 +0000 (11:37 +0000)]
fix xbacklight on amdgpu
Call amdgpu_init_backlight() after drm_dev_register() otherwise
the connector isn't registered yet and dm->backlight_dev is not set.
tb@ mentioned this broke with the 6.6 drm update and confirmed this fixes it.
Debugged with help from dtucker@ on another machine.
job [Mon, 25 Mar 2024 11:27:00 +0000 (11:27 +0000)]
Error on setting an invalid CSR version
Reported by David Benjamin (BoringSSL)
OK tb@
joshua [Mon, 25 Mar 2024 11:10:17 +0000 (11:10 +0000)]
Remove unneeded brackets from if statement in EVP_DigestSignFinal
ok tb@
joshua [Mon, 25 Mar 2024 10:58:06 +0000 (10:58 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKey
ok tb@
jsing [Mon, 25 Mar 2024 10:41:36 +0000 (10:41 +0000)]
Codify more insane CRYPTO_EX_DATA API.
The current CRYPTO_EX_DATA implementation allows for data to be set without
calling new, indexes can be used without allocation, new can be called without
getting an index and dup can be called after new or without calling new.
jsing [Mon, 25 Mar 2024 10:19:14 +0000 (10:19 +0000)]
Revise for TLS extension parsing/processing changes.
jsing [Mon, 25 Mar 2024 10:18:13 +0000 (10:18 +0000)]
Simplify TLS extension parsing and processing.
Rather than having a separate parse and process step for each TLS
extension, do a first pass that parses all of the TLS outer extensions and
retains the extension data, before running a second pass that calls the TLS
extension processing code.
ok beck@ tb@
tb [Mon, 25 Mar 2024 10:16:02 +0000 (10:16 +0000)]
Clean up create_digest()
The ts code is its own kind of special. I only sent this diff out to hear
beck squeal. This diff doesn't actually fix anything, apart from (maybe)
appeasing some obscure static analyzer. It is decidedly less bad than a
similar change in openssl's issue tracker.
ok beck
beck [Mon, 25 Mar 2024 07:02:22 +0000 (07:02 +0000)]
Fix time conversion that broke regress.
ok tb@
joshua [Mon, 25 Mar 2024 06:20:16 +0000 (06:20 +0000)]
Move custom sigctx handling out of EVP_DigestSignFinal
ok tb@
dtucker [Mon, 25 Mar 2024 06:05:42 +0000 (06:05 +0000)]
Verify string returned from local shell command.
tb [Mon, 25 Mar 2024 05:48:39 +0000 (05:48 +0000)]
Fix typo msg_types -> msg_type
from jsing
jsing [Mon, 25 Mar 2024 04:06:41 +0000 (04:06 +0000)]
Revise TLS extension regress for parse/process changes.
joshua [Mon, 25 Mar 2024 04:05:22 +0000 (04:05 +0000)]
Clean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.c
Additionally, this tidies up some surrounding code and replaces usage of
free with freezero and malloc with calloc.
ok tb@
tb [Mon, 25 Mar 2024 04:03:26 +0000 (04:03 +0000)]
Final tweaks in x509_trs.c for now
looked over by jsing
jsing [Mon, 25 Mar 2024 04:02:29 +0000 (04:02 +0000)]
Split TLS extension parsing from processing.
The TLS extension parsing and processing order is currently dependent on
the order of the extensions in the handshake message. This means that the
processing order (and callback order) is not under our control. Split the
parsing from the processing such that the processing (and callbacks) are
run in a defined order.
Convert ALPN to the new model - other extensions will be split into
separate parse/process in following diffs.
ok beck@ tb@
tb [Mon, 25 Mar 2024 03:57:13 +0000 (03:57 +0000)]
Kill X509_TRUST
After peeling off enough layers, the entire wacky abstraction turns out
to be nothing but dispatching from a trust_id to a trust handler and
passing the appropriate nid and the cert.
ok beck jsing
joshua [Mon, 25 Mar 2024 03:41:16 +0000 (03:41 +0000)]
Clean up EVP_MD_CTX_{legacy_clear,cleanup}() usage in x509/x509_cmp.c
ok tb@
dtucker [Mon, 25 Mar 2024 03:30:31 +0000 (03:30 +0000)]
Improve shell portability: grep -q is not portable so redirect stdout,
and use printf instead of relying on echo to do \n substitution. Reduces
diff vs Portable.
jsing [Mon, 25 Mar 2024 03:23:59 +0000 (03:23 +0000)]
Decouple TLS extension table order from tlsext_randomize_build_order()
The PSK extension must be the last extension in the client hello. This is
currently implemented by relying on the fact that it is the last extension
in the TLS extension table. Remove this dependency so that we can reorder
the table as needed.
ok tb@
tb [Mon, 25 Mar 2024 02:18:35 +0000 (02:18 +0000)]
Add back trust member of X509_TRUST that I accidentally deleted
dtucker [Mon, 25 Mar 2024 02:07:08 +0000 (02:07 +0000)]
Save error code from SSH for use inside case statement, from portable.
In some shells, "case" will reset the value of $?, so save it first.
tb [Mon, 25 Mar 2024 01:48:50 +0000 (01:48 +0000)]
Const correct the trust handlers
The certificates no longer need to be modified since we cache the
extensions up front.
ok beck
dtucker [Mon, 25 Mar 2024 01:40:47 +0000 (01:40 +0000)]
Increase timeout. Resyncs with portable where some of the test
VMs are slow enough for this to matter.
dtucker [Mon, 25 Mar 2024 01:28:29 +0000 (01:28 +0000)]
In PuTTY interop test, don't assume the PuTTY major version is 0.
Patch from cjwatson at debian.org via bz#3671.
tb [Mon, 25 Mar 2024 01:00:02 +0000 (01:00 +0000)]
Pass the nid instead of the entire trust structure
This code is so ridiculously overengineered that it is an achievement even
by early OpenSSL standards.
ok beck
tb [Mon, 25 Mar 2024 00:46:57 +0000 (00:46 +0000)]
Pull extension caching into X509_check_trust()
This way the trust handlers can stop modifying the certificates.
ok beck
beck [Mon, 25 Mar 2024 00:05:49 +0000 (00:05 +0000)]
Remove unnecessary stat() calls from by_dir
When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a deliberate TOCTOU introduced
to avoid setting an error on the error stack, when what you
really want to say is "we couldn't find a CA" and continue
merrily on your way.
As it so happens you really do not care why the load_file failed
in any of these cases, it all boils down to "I can't find the CA
or CRL". Instead we just omit the stat call, and clear the error
stack if the load_file fails. The fact that you don't have a CA or
CRL is caught later in the callers and is what you want, mimicing
the non by_dir behaviour instead of possibly some bizzaro file
system error.
Based on a similar change in Boring.
ok tb@
patrick [Sun, 24 Mar 2024 22:34:48 +0000 (22:34 +0000)]
Enable cad(4).
ok kettenis@
patrick [Sun, 24 Mar 2024 22:34:06 +0000 (22:34 +0000)]
Implement resetting the PHY via a GPIO pin, like in fec(4). This helps
enable the PHY on the Raspberry Pi 5.
ok kettenis@
millert [Sun, 24 Mar 2024 19:51:47 +0000 (19:51 +0000)]
whois: remove obsolete handle support
Contact handles have been obsolete for some time now. The "!handle"
InterNic syntax no longer works and core COCO handle queries seems
to only return empty records. OK sthen@ job@
jca [Sun, 24 Mar 2024 14:00:11 +0000 (14:00 +0000)]
Add tests for EVP_get_cipherbyname(NULL) and EVP_get_digestbyname(NULL)
Requested by and ok tb@
jca [Sun, 24 Mar 2024 13:56:35 +0000 (13:56 +0000)]
Restore EVP_get_cipherbyname(NULL)/EVP_get_digestbyname(NULL) handling
The previous implementation used the now defunct OBJ_NAME_get() which
bailed out when passed a NULL argument. Difference spotted by the
regress tests in ports/net/openvpn (regular openvpn use is fine but
openvpn --show-ciphers/--show-digests crashes).
ok tb@
beck [Sun, 24 Mar 2024 11:30:12 +0000 (11:30 +0000)]
Convert libressl to use the BoringSSL style time conversions
This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.
ok tb@
job [Sun, 24 Mar 2024 10:53:27 +0000 (10:53 +0000)]
Sync with IANA Status Code Registry
From https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
OK sthen@ miod@
mpi [Sun, 24 Mar 2024 10:29:35 +0000 (10:29 +0000)]
Cleanup uvmpd_tune() & document global variable ownership.
- Stop calling uvmpd_tune() inside uvm_pageout(). OpenBSD currently doesn't
support adding RAM. `uvmexp.npages' is immutable after boot.
- Document that `uvmexp.freemin' and `uvmexp.freetarg' are immutable.
- Reduce the scope of the `uvm_pageq_lock' lock. It serializes accesses
to `uvmexp.active' and `uvmexp.inactive'.
ok kettenis@
tb [Sun, 24 Mar 2024 08:27:35 +0000 (08:27 +0000)]
Rename ax into aux