djm [Fri, 2 Feb 2024 00:13:34 +0000 (00:13 +0000)]
whitespace
beck [Thu, 1 Feb 2024 23:16:38 +0000 (23:16 +0000)]
Fix the verifier to use the trust store
the trust store is yet another obscure way to add a trust anchor
kettenis [Thu, 1 Feb 2024 18:26:45 +0000 (18:26 +0000)]
Print information about (legacy) Multiple Message MSIs.
ok kevlo@, dlg@
tb [Thu, 1 Feb 2024 17:11:58 +0000 (17:11 +0000)]
Inline EVP_PBE_find() in its last two callers
This API was already cleaned up quite a bit, but it is unused in the
ecosystem and the two internal callers can be simplified a lot when
inlining the lookups.
EVP_PBE_CipherInit() can walk the table of "outer" PBEs and reach into
the matching pbe for its cipher_nid, md_nid and keygen().
PKCS5_v2_PBKDF2_keyivgen() uses EVP_PBE_find() as a way to mapping a
PRF (given by the nid of an HMAC with some digest) to the digest's nid.
This can be done by a simple switch. Move MD5 to the top and GOST to
the end in that switch and wrap the latter in OPENSSL_NO_GOST, so it
will go away once we define OPENSSL_NO_GOST.
ok beck
tb [Thu, 1 Feb 2024 17:04:09 +0000 (17:04 +0000)]
Prepare to remove the _cb() and _fp() versions of BIO_dump()
apache-httpd uses BIO_dump(), libssl uses BIO_dump_indent(), and the
openssl(1) app uses both. Otherwise this is unused. This is horribly
bad code even by libcrypto standards.
By doing away with the callbacks fixes incorrect error checking for
fwrite() but there is a lot more wrong in here. This can be cleaned
up in a later pass, the only concern here is to be able to remove the
unused variants in the next major bump.
ok beck
tb [Thu, 1 Feb 2024 15:11:38 +0000 (15:11 +0000)]
Normalize the nid printing
OBJ_nid2* can return NULL if the gloriously consistent objects.txt
database doesn't specify a long or a short name. So try the long name
first, fall back to the short name, and if both fail, use "unknown".
Always include the nid as a decimal.
ok claudio
claudio [Thu, 1 Feb 2024 11:37:10 +0000 (11:37 +0000)]
Convert the mrtparser to use ibufs in many places.
More is possible but for now this covers most of the message parsers.
OK tb@
tb [Thu, 1 Feb 2024 09:50:15 +0000 (09:50 +0000)]
proc_parser_mft_pre: tweak a warning message
discussed with job
ratchov [Thu, 1 Feb 2024 05:28:54 +0000 (05:28 +0000)]
aucat: Fix MIDI control of the levels of individual files
Change the order of slot_list to match the order of the -io options on
the command-line and fix the way slot_list searched using the MIDI
channel number of the CC-07 message.
Reported and analysed by Dirk-Wilhelm Peters <peters at schwertfisch.de>
Thanks!
djm [Thu, 1 Feb 2024 02:37:33 +0000 (02:37 +0000)]
whitespace
deraadt [Thu, 1 Feb 2024 00:39:57 +0000 (00:39 +0000)]
the clang binary never shrinks, especially since it is statically
linked (for performance). in this case, it grew larger than the
maximum text segment size; increase that size.
job [Wed, 31 Jan 2024 17:19:02 +0000 (17:19 +0000)]
Add reference to RRDP Session Desynchronization draft
job [Wed, 31 Jan 2024 15:01:13 +0000 (15:01 +0000)]
Make the error a bit easier to read
OK tb@
bluhm [Wed, 31 Jan 2024 14:56:42 +0000 (14:56 +0000)]
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only
invalidated when the socket closes or if the route gets invalid.
More specific routes were not detected. Especially with dynamic
routing protocols, sockets must be closed and reopened to use the
correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever
the routing table changes. The lookup in struct route is put into
the route_cache() function. If the generation number is too old,
the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first.
IPv6 and more places will follow.
OK claudio@
bluhm [Wed, 31 Jan 2024 12:27:57 +0000 (12:27 +0000)]
Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6.
Splitting the IPv6 code into a separate function results in less
#ifdef INET6. Also struct route_in6 *ro in in6_pcbrtentry() is of
the correct type and in_pcbrtentry() does not rely on the fact that
inp_route and inp_route6 are pointers to the same union.
OK kn@ claudio@
claudio [Wed, 31 Jan 2024 11:23:19 +0000 (11:23 +0000)]
Convert IMSG_CTL_SHOW_RIB_ATTR over to the new ibuf API.
This converts show_attr() and json_attr() and with that also the
community specific functions. This removes some hacks inside of
show_attr() that where added before.
OK tb@
tb [Wed, 31 Jan 2024 08:02:53 +0000 (08:02 +0000)]
Merge OBJ_NAME_do_all*(3) into EVP_CIPHER_do_all(3)
This is the only OBJ_NAME API that will remain after the next major bump.
The API is misnamed and really is about EVP, so move it to an EVP manual
documenting another API doing essentially the same thing. Remove most cross
references to OBJ_NAME_*.
tb [Wed, 31 Jan 2024 06:57:21 +0000 (06:57 +0000)]
Introduce and use mft_compare_issued()
Newly issued manifests should not only have a higher manifestNumber,
their issuance time should also be later. Add corresponding checks
and warnings when comparing a newly fetched manifest to a manifest
from the cache.
ok job (who noticed that such a check was missing)
tb [Wed, 31 Jan 2024 06:54:43 +0000 (06:54 +0000)]
Rename mft_compare() to mft_compare_seqnum()
This makes it clearer what exactly this function compares. Also drop some
NULL checks that made the semantics of this function tricky.
ok job
tb [Wed, 31 Jan 2024 06:53:21 +0000 (06:53 +0000)]
Pull mft comparison into proc_parser_mft_pre()
This way we can be sure more easily that both manifests are non-NULL,
thus avoiding some NULL checks and risk of use-after-free. This also
makes it clearer which manifest is the "older" one and will simplify
an upcoming commit doing issuance time comparison.
This adds a bit of a hack to proc_parser_mft_pre() to ensure we don't
look into DIR_TEMP in noop mode.
ok job
jmc [Wed, 31 Jan 2024 06:50:16 +0000 (06:50 +0000)]
the maxupd example was removed in -r.1.15, so do not refer to it;
from janne johansson
with that removal the surrounding text becomes simpler, so trim it;
tb [Wed, 31 Jan 2024 06:48:27 +0000 (06:48 +0000)]
proc_parser_mft_pre: move freeing into an error path
Simplifies subsequent commits which will use the same exit path.
ok job
tb [Wed, 31 Jan 2024 06:46:31 +0000 (06:46 +0000)]
proc_parser_mft: fix overloading of error
parser.c r1.101 switched the meaning of mft1 and mft2, but did not
fix up the overloading of the error from the temporary file if both
are set.
ok job
guenther [Wed, 31 Jan 2024 06:06:28 +0000 (06:06 +0000)]
Swap the r10 and rcx registers in the amd64 trapframe so that the
first six entries are in the same order as syscall arguments, such
that syscall() can just use the trapframe as the argument vector
for mi_syscall() and not need to reorder into another buffer on the
stack. This doesn't affect coredump layout or ptrace(2), but does
affect kernel crash dumps.
Possibility noted during miod@'s cleanup of the MD syscall()
implementations
ok mlarkin@ kurt@
guenther [Wed, 31 Jan 2024 05:49:33 +0000 (05:49 +0000)]
Make wrpkru() consistent with rdpkru() by passing ecx as an argument.
ok mlarkin@
hastings [Wed, 31 Jan 2024 01:01:10 +0000 (01:01 +0000)]
add MediaTek UART support.
ok kettenis@
dv [Tue, 30 Jan 2024 23:01:49 +0000 (23:01 +0000)]
Rewrite vmd(8)'s vionet to be zero-copy.
Similar to the rewrite of the virtio block device to use zero-copy
semantics, this rewrites how the virtio network device works with
the virtqueue ring buffers to minimize data copying. For guests
that don't use the built-in DNS and mac filtering capabilities,
data can now be transfered to/from the virtqueue and the tap(4)
directly without temporary buffers.
A lot of the virtio semantics are cleaned up as well, including
proper error states.
Tested with help by mbuhl@, friehm@, mlarkin@, and others.
"go for it," mlarkin@
tb [Tue, 30 Jan 2024 17:43:39 +0000 (17:43 +0000)]
Remove now unnecessary NULL check before EVP_CIPHER_CTX_cleanup()
tb [Tue, 30 Jan 2024 17:41:01 +0000 (17:41 +0000)]
Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe
We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.
ok beck joshua
deraadt [Tue, 30 Jan 2024 16:43:22 +0000 (16:43 +0000)]
the clang binary never shrinks, especially since it is statically
linked (for performance). in this case, it grew larger than the
maximum text segment size; increase that size.
stsp [Tue, 30 Jan 2024 15:33:32 +0000 (15:33 +0000)]
enable qwx "ext" IRQs for data packets once we have moved into RUN state
stsp [Tue, 30 Jan 2024 15:32:04 +0000 (15:32 +0000)]
set up qwx REO ring routing
stsp [Tue, 30 Jan 2024 15:30:13 +0000 (15:30 +0000)]
fix qwx_core_pdev_create() to not drop into its error path on success
Otherwise we free rings that were just allocated, causing mbuf corruption.
jsing [Tue, 30 Jan 2024 14:50:50 +0000 (14:50 +0000)]
Restore SSL_shutdown() two step sequence.
Change SSL_shutdown() such that it will return 0 after sending a
close-notify, before potentially returning 1 (indicating that a
close-notify has been sent and received) on a subsequent call. Some
software depends on this behaviour, even though there are cases where
the first call could immediately return 1 (for example, when the peer
has already sent a close-notify prior to SSL_shutdown() being called).
ok tb@
jsing [Tue, 30 Jan 2024 14:46:46 +0000 (14:46 +0000)]
Add a shutdown sequence regress test.
Some software relies on SSL_shutdown() returning 0 (indicating close-notify
sent) before returning 1 on a subsequent call (indicating close-notify sent
and received). It is worth noting that there is no guarantee that this will
occur in normal operation, as the peer could send a close-notify prior to
SSL_shutdown() being called.
This is currently failing for TLSv1.3.
claudio [Tue, 30 Jan 2024 13:51:13 +0000 (13:51 +0000)]
Adjust bgpctl to work with the modified aspath functions from util.c
While doing that convert IMSG_CTL_SHOW_RIB over to the new ibuf api.
OK tb@
claudio [Tue, 30 Jan 2024 13:50:08 +0000 (13:50 +0000)]
Convert he ATTR_ASPATH and ATTR_AS4_PATH handlers in rde_attr_parse()
to new ibuf API.
Various aspath functions are modified to work better with ibufs.
aspath_inflate() now only works with ibufs and is a lot simpler.
aspath_verify() does all the checks using the ibuf api and therefor
most length checks can be skipped.
aspath_asprint() and the new internal aspath_strsize() and aspath_snprint()
are totally overhauled -- including some bugs that got squashed.
OK tb@
claudio [Tue, 30 Jan 2024 11:15:05 +0000 (11:15 +0000)]
In the previous commit idle connections are reinserted onto the active list
when the connection is closed. Since active connections are processed after
idle ones this will trigger a "timeout, connection closed" warning.
Work around this by clearing io_time in the close case of idle connections
and checking for this in the active connection case.
Problem noticed and OK job@
claudio [Tue, 30 Jan 2024 10:16:13 +0000 (10:16 +0000)]
Fix a race between scheduling a new request onto an idle connection and
closing the same connection.
When closing an idle connection that connection needs to be moved off the
idle queue and back onto the active queue. Do this in the two possible
cases (directly in http_close() and in http_handle() for the STATE_IDLE
case). In both cases it is possible that the system needs to repoll the
connection and while waiting a request could be scheduled on that connection
if it remains on the idle queue.
Problem hit by job@
OK tb@
job [Tue, 30 Jan 2024 03:40:01 +0000 (03:40 +0000)]
Add more RPKI TA constraints: LACNIC ASNs cannot transfer to/from other RIRs
OK tb@
bluhm [Mon, 29 Jan 2024 22:47:13 +0000 (22:47 +0000)]
Run TCP timer without kernel lock.
TCP timers are protected by exclusive net lock. They may sleep to
grab it as they run in process context. There is no reason for
them to hold additional kernel lock. Since we have MP safe timeouts
now, convert them by adding TIMEOUT_PROC and TIMEOUT_MPSAFE flag.
OK mvs@
job [Mon, 29 Jan 2024 20:37:03 +0000 (20:37 +0000)]
Add id-ct-rpkiSignedPrefixList NID
References:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
job [Mon, 29 Jan 2024 20:36:19 +0000 (20:36 +0000)]
Add id-ct-rpkiSignedPrefixList OID
References:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
OK tb@
stsp [Mon, 29 Jan 2024 16:06:45 +0000 (16:06 +0000)]
handle qwx(4) association state transitions from ASSOC to RUN
We can succesfully complete the association sequence with the AP.
The next step will be getting data frames to pass.
kettenis [Mon, 29 Jan 2024 14:52:25 +0000 (14:52 +0000)]
Because of the way the Linux code behind apldrm(4) is structured it may
fail to create a framebuffer without propagating an error to its callers.
Prevent a kernel panic by explicitly checking that we have a framebuffer.
To prevent us ending up with no framebuffer at all, only claim the
framebuffer in apldrm(4) when we actually created our own. Delay the
attach of simplefb(4) such that we check whether someone else claimed its
framebuffer until apldrm(4) has done its thing.
tested by robert@
ok jsg@
tb [Mon, 29 Jan 2024 06:05:50 +0000 (06:05 +0000)]
Curious to see if explicitly ignoring the return value appeases Coverity
jsg [Mon, 29 Jan 2024 01:58:43 +0000 (01:58 +0000)]
drm/amdgpu: fall back to INPUT power for AVG power via INFO IOCTL
From Alex Deucher
836e236b878a385911db619b38393d624a4d7eae in linux-6.6.y/6.6.14
d02069850fc102b07ae923535d5e212f2c8a34e9 in mainline linux
jsg [Mon, 29 Jan 2024 01:56:26 +0000 (01:56 +0000)]
drm/amdkfd: fixes for HMM mem allocation
From Dafna Hirschfeld
1515db19c4a374f75e6bf5430f9cb9b7e3c2fd0d in linux-6.6.y/6.6.14
02eed83abc1395a1207591aafad9bcfc5cb1abcb in mainline linux
jsg [Mon, 29 Jan 2024 01:54:54 +0000 (01:54 +0000)]
Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"
From Kaibo Ma
3a99f15ce9d01bcce4f1f260194f964523f5c07a in linux-6.6.y/6.6.14
0f35b0a7b8fa402adbffa2565047cdcc4c480153 in mainline linux
jsg [Mon, 29 Jan 2024 01:53:19 +0000 (01:53 +0000)]
drm/amd/display: avoid stringop-overflow warnings for dp_decide_lane_settings()
From Arnd Bergmann
ecfaeb66b1f08c72fe8e8d1df955cf2879d7333b in linux-6.6.y/6.6.14
c966dc0e9d96dc44423c404a2628236f1200c24e in mainline linux
jsg [Mon, 29 Jan 2024 01:51:19 +0000 (01:51 +0000)]
drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init
From Zhipeng Lu
ae7cbf935b9a1b41f65fe6443e7cd0c401500b20 in linux-6.6.y/6.6.14
2f3be3ca779b11c332441b10e00443a2510f4d7b in mainline linux
jsg [Mon, 29 Jan 2024 01:49:28 +0000 (01:49 +0000)]
drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
From Srinivasan Shanmugam
5024cce888e11e5688f77df81db9e14828495d64 in linux-6.6.y/6.6.14
499839eca34ad62d43025ec0b46b80e77065f6d8 in mainline linux
jsg [Mon, 29 Jan 2024 01:47:49 +0000 (01:47 +0000)]
drm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process'
From Srinivasan Shanmugam
9b0cc30d26c32432b334ee7a5fc11b9d401c0a85 in linux-6.6.y/6.6.14
217e85f97031791fb48a2d374c7bdcf439365b21 in mainline linux
jsg [Mon, 29 Jan 2024 01:46:11 +0000 (01:46 +0000)]
drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table
From Zhipeng Lu
0c5d08b1c98e5dbb0cf56cb99c45adec887790ce in linux-6.6.y/6.6.14
a6582701178a47c4d0cb2188c965c59c0c0647c8 in mainline linux
jsg [Mon, 29 Jan 2024 01:44:25 +0000 (01:44 +0000)]
gpu/drm/radeon: fix two memleaks in radeon_vm_init
From Zhipeng Lu
4c9a96dd6d4acaa18146f5b1de457fec1004628c in linux-6.6.y/6.6.14
c2709b2d6a537ca0fa0f1da36fdaf07e48ef447d in mainline linux
jsg [Mon, 29 Jan 2024 01:42:34 +0000 (01:42 +0000)]
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
From Zhipeng Lu
95084632a65d5c0d682a83b55935560bdcd2a1e3 in linux-6.6.y/6.6.14
28dd788382c43b330480f57cd34cde0840896743 in mainline linux
jsg [Mon, 29 Jan 2024 01:40:59 +0000 (01:40 +0000)]
drm/amd/pm: fix a double-free in si_dpm_init
From Zhipeng Lu
fb1936cb587262cd539e84b34541abb06e42b2f9 in linux-6.6.y/6.6.14
ac16667237a82e2597e329eb9bc520d1cf9dff30 in mainline linux
jsg [Mon, 29 Jan 2024 01:39:33 +0000 (01:39 +0000)]
drm/amdgpu/debugfs: fix error code when smc register accessors are NULL
From Alex Deucher
5bc4f16118c575410e7be220bbb9b1fa2ee4274b in linux-6.6.y/6.6.14
afe58346d5d3887b3e49ff623d2f2e471f232a8d in mainline linux
jsg [Mon, 29 Jan 2024 01:37:52 +0000 (01:37 +0000)]
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
From Zhipeng Lu
0564e8a427914015d773a32f6e9baa2bd2f38a37 in linux-6.6.y/6.6.14
28c28d7f77c06ac2c0b8f9c82bc04eba22912b3b in mainline linux
jsg [Mon, 29 Jan 2024 01:36:31 +0000 (01:36 +0000)]
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
From Zhipeng Lu
a26634b3ce218ee3a308f2c0e326a1c7d4bb97ec in linux-6.6.y/6.6.14
0737df9ed0997f5b8addd6e2b9699a8c6edba2e4 in mainline linux
jsg [Mon, 29 Jan 2024 01:34:47 +0000 (01:34 +0000)]
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
From Yang Yingliang
0b813a6a0087451cb702b6eb841f10856f49d088 in linux-6.6.y/6.6.14
7a2464fac80d42f6f8819fed97a553e9c2f43310 in mainline linux
jsg [Mon, 29 Jan 2024 01:32:31 +0000 (01:32 +0000)]
drm/drv: propagate errors from drm_modeset_register_all()
From Dmitry Baryshkov
af9d39677c919f5c7dc67675aa0d30f7793bd324 in linux-6.6.y/6.6.14
5f8dec200923a76dc57187965fd59c1136f5d085 in mainline linux
jsg [Mon, 29 Jan 2024 01:30:49 +0000 (01:30 +0000)]
drm/radeon: check return value of radeon_ring_lock()
From Nikita Zhandarovich
18bd4d184675fbb2fc4b2f9b80aaebea2e05fca0 in linux-6.6.y/6.6.14
71225e1c930942cb1e042fc08c5cc0c4ef30e95e in mainline linux
jsg [Mon, 29 Jan 2024 01:29:18 +0000 (01:29 +0000)]
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
From Nikita Zhandarovich
056484916a131ebad65ee33048ec959f6186befc in linux-6.6.y/6.6.14
b5c5baa458faa5430c445acd9a17481274d77ccf in mainline linux
jsg [Mon, 29 Jan 2024 01:27:31 +0000 (01:27 +0000)]
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
From Nikita Zhandarovich
0413e8869171145d8a53f9d009f59c804b37c7b2 in linux-6.6.y/6.6.14
39c960bbf9d9ea862398759e75736cfb68c3446f in mainline linux
jsg [Mon, 29 Jan 2024 01:25:00 +0000 (01:25 +0000)]
drm/bridge: Fix typo in post_disable() description
From Dario Binacchi
c111350d673a517c3995849c724e444205f7e51c in linux-6.6.y/6.6.14
288b039db225676e0c520c981a1b5a2562d893a3 in mainline linux
jsg [Mon, 29 Jan 2024 01:23:04 +0000 (01:23 +0000)]
drm/dp_mst: Fix fractional DSC bpp handling
From Ville Syrjala
4e042f022255604c68ab5d5f73c8f437d24d651e in linux-6.6.y/6.6.14
7707dd6022593f3edd8e182e7935870cf326f874 in mainline linux
yasuoka [Mon, 29 Jan 2024 00:59:54 +0000 (00:59 +0000)]
Open /etc/{services,protocols} before pledge(2).
ok tobhe
stsp [Sun, 28 Jan 2024 22:30:39 +0000 (22:30 +0000)]
add support for sending management frames to qwx(4)
The initial AUTH frame is now sent when an AP is found during scans.
We then receive an AUTH response from the AP. Handling this response
in the driver will be our next step.
tb [Sun, 28 Jan 2024 21:00:54 +0000 (21:00 +0000)]
The KNF script didn't grok LHASH_OF(), STACK_OF()
tb [Sun, 28 Jan 2024 20:57:15 +0000 (20:57 +0000)]
Avoid calling EVP_CIPHER_CTX_reset() on a NULL ctx
bluhm [Sun, 28 Jan 2024 20:34:25 +0000 (20:34 +0000)]
Use more specific sockaddr type for inpcb notify.
in_pcbnotifyall() is an IPv4 only function. All callers check that
sockaddr dst is in fact a sockaddr_in. Pass the more spcific type
and remove the runtime check at beginning of in_pcbnotifyall().
Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6
in6_pcbnotify() as dst parameter.
OK millert@
deraadt [Sun, 28 Jan 2024 19:05:33 +0000 (19:05 +0000)]
Remove the 'l' and 'L' flag printing in 'STAT' column. These were added
to provide visibility of the internal behaviour of pinsyscalls(2) during
introduction. These flags remain (less) visible in the "-o procflags"
option, as 0x08000000 (PS_PIN) and 0x10000000 (PS_LIBCPIN).
That's good enough.
mglocker [Sun, 28 Jan 2024 18:42:58 +0000 (18:42 +0000)]
Back out the TSO support diff, since we got issues reported for which
no solution could be found. Known issues at this point:
1. sparc64 panics, probably because of an alignment issue in struct
tcphdr { th_off }. A diff for potentially fixing the alignment issue
exists, but testing is pending.
2. Watchdogs reported on the I350 chip, which can't be reproduced on own
hardware.
deraadt [Sun, 28 Jan 2024 18:38:16 +0000 (18:38 +0000)]
correct DPADD; fromKrystian Lewandowski
op [Sun, 28 Jan 2024 17:23:17 +0000 (17:23 +0000)]
allow escaping inside quotes
RFC5322 allows for escapes using \ inside quotes. Otherwise, headers
such as
From: "\"Doe, John\"" <op>
get mangled as "\"Doe@localhost, John\" <op> since \ would be treated as
ordinary character and not the escape for the quote.
Bug reported by TobiasEgg on the OpenSMTPD-portable github repository.
ok millert@
tb [Sun, 28 Jan 2024 16:11:31 +0000 (16:11 +0000)]
sync with userland
tb [Sun, 28 Jan 2024 16:10:51 +0000 (16:10 +0000)]
Pull in some post 1.3.1 upstream commits
This is only cosmetic as far as OpenBSD is concerned.
joshua [Sun, 28 Jan 2024 14:55:40 +0000 (14:55 +0000)]
Clean up EVP_CIPHER_CTX_init() usage in cmac.c
This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(),
and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset().
This also replaces usage of malloc with calloc, and free with freezero.
ok tb@
joshua [Sun, 28 Jan 2024 14:43:48 +0000 (14:43 +0000)]
Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()
ok tb@
anton [Sun, 28 Jan 2024 12:36:21 +0000 (12:36 +0000)]
Use the wait until construct in ixp.sh in the hopes of making it more
stable.
jsg [Sun, 28 Jan 2024 03:01:39 +0000 (03:01 +0000)]
match on Intel C3000
tested by Stephane Tranchemer
deraadt [Sun, 28 Jan 2024 01:07:26 +0000 (01:07 +0000)]
Force -fno-stack-protector on "boot block" that absolutely can't have
a stack protector (probably not even a -fstack-protector-strong) because
the bloat would render them unuseable. This also means the system
compiler can now take on any more it wants, and all the pieces which
can't use the stack protector are properly marked.
ok kettenis
deraadt [Sun, 28 Jan 2024 00:40:22 +0000 (00:40 +0000)]
set -fno-stack-protector in NORMAL_C_NOP, which is used to compile
mcount.c, in the same way that -fno-ret-protector is set (because
the default ret-protector is an "always" generator). This change
ensures there is never a stack protector prologue/epilogue in the
functions in that file, no matter what stack protector selection
algorithm is in play.
ok kettenis guenther
tb [Sat, 27 Jan 2024 23:34:18 +0000 (23:34 +0000)]
Dynamic EVP_PKEY_METHODs are a thing from the past
bluhm [Sat, 27 Jan 2024 21:35:13 +0000 (21:35 +0000)]
Assert that tcp_timer_rexmt() uses IPv4 inpcb.
in_pcbnotifyall() must be called with IPv4 inpcb only. Comment why
this is the case and verify it with kassert. This assures that
inp_faddr is a valid address.
OK mvs@
bluhm [Sat, 27 Jan 2024 21:13:46 +0000 (21:13 +0000)]
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup(). They
are needed for hash lookup and are not modified.
OK mvs@
tb [Sat, 27 Jan 2024 18:12:27 +0000 (18:12 +0000)]
Add a few aliases for ECDSA and DSA for security/xca
ok jsing
tb [Sat, 27 Jan 2024 17:20:20 +0000 (17:20 +0000)]
Use ret instead of rv in a few keyivgen functions
tb [Sat, 27 Jan 2024 17:14:33 +0000 (17:14 +0000)]
Fold keyivgen functions into evp_pbe.c
These are only used by the EVP_PBE routines and will become internal in
the next major bump.
tb [Sat, 27 Jan 2024 16:50:39 +0000 (16:50 +0000)]
Make some comments and some whitespace less ugly
tb [Sat, 27 Jan 2024 16:36:17 +0000 (16:36 +0000)]
Whitespace tweak
tb [Sat, 27 Jan 2024 16:26:25 +0000 (16:26 +0000)]
Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.c
This has been a noop since forever and will be removed in the next bump.
tb [Sat, 27 Jan 2024 16:22:29 +0000 (16:22 +0000)]
Mark the functions at the end of this file for removal
tb [Sat, 27 Jan 2024 16:18:25 +0000 (16:18 +0000)]
Support HMAC with SHA-3 as a PBE PRF
ok jsing
tb [Sat, 27 Jan 2024 16:17:32 +0000 (16:17 +0000)]
Support HMAC with truncated SHA-2 as a PBE PRF
ok jsing
tb [Sat, 27 Jan 2024 16:08:43 +0000 (16:08 +0000)]
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS products
using ECDSA with SHA-3 can be generated using the openssl command line tool.
ok jsing
phessler [Sat, 27 Jan 2024 15:15:01 +0000 (15:15 +0000)]
firmware for qwx(4) devices
jsing [Sat, 27 Jan 2024 14:35:13 +0000 (14:35 +0000)]
Enable for TLSv1.3 now that shutdown behaviour matches the legacy stack.
jsing [Sat, 27 Jan 2024 14:34:28 +0000 (14:34 +0000)]
Rework tls13_legacy_shutdown() to match the legacy stack behaviour.
Respect the ssl->shutdown flags rather than what has actually happened,
return -1 for all EOF errors and completely ignore the return value when
attempting to read a close-notify from the wire.
ok tb@
projects / openbsd / log