stsp [Sun, 20 Mar 2022 11:59:39 +0000 (11:59 +0000)]
Don't announce VHT caps on 2GHz channels during iwm(4) and iwx(4) scans.
VHT capabilities were written into the "common" secion of the firmware
probe request frame template. This section is used on 2GHz and 5GHz bands.
Announcing VHT capabilities on 2GHz makes no sense.
Move them into the 5GHz-only section.
ok sthen@
sthen [Sun, 20 Mar 2022 10:54:43 +0000 (10:54 +0000)]
sync
djm [Sun, 20 Mar 2022 08:52:17 +0000 (08:52 +0000)]
don't leak argument list; bz3404, reported by Balu Gajjala
ok dtucker@
djm [Sun, 20 Mar 2022 08:51:21 +0000 (08:51 +0000)]
make addargs() and replacearg() a little more robust and improve error
reporting
make freeargs(NULL) a noop like the other free functions
ok dtucker as part of bz3403
stsp [Sun, 20 Mar 2022 07:50:32 +0000 (07:50 +0000)]
Make background scans pick up APs on 2GHz channels while in 11ac mode.
found by landry@
jmatthew [Sun, 20 Mar 2022 00:01:33 +0000 (00:01 +0000)]
Enable interrupt moderation, targeting around 20k interrupts per second.
There are separate timers for rx and tx interrupts, so we can use longer
timeouts for tx since that doesn't affect packet processing latency.
ok dlg@
tb [Sat, 19 Mar 2022 18:19:24 +0000 (18:19 +0000)]
Remove three useless tests files
The asn1test depends on asn1_mac.h which had a date with the bitbucket a
few years back (and the test "isn't meant to run particularly, it's just
to test type checking"). methtest.c tests an API that was never present
in OpenSSL's git history. r160test.c is nothing but a licence.
"nuke away" jsing
jsing [Sat, 19 Mar 2022 17:49:32 +0000 (17:49 +0000)]
Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj()
The current OBJ_txt2obj() implementation converts the text to ASN.1
object content octets, builds a full DER encoding from it, then feeds
the entire thing back through the DER to ASN.1 object conversion. Rather
than doing this crazy dance, provide an t2i_ASN1_OBJECT_internal() function
that converts the text to ASN.1 object content octets, then creates a new
ASN1_OBJECT and attaches the content octets to it.
ok inoguchi@ tb@
jsing [Sat, 19 Mar 2022 17:37:10 +0000 (17:37 +0000)]
Revise regress for ascii/text to ASN.1 object conversion rewrite.
jsing [Sat, 19 Mar 2022 17:35:52 +0000 (17:35 +0000)]
Rewrite ascii/text to ASN.1 object conversion.
Rewrite the ascii/text to ASN.1 object conversion code using CBB/CBS,
while also addressing some of the bizarre behaviour (such as allowing
mixed separators and treating '..' as a zero value).
ok inoguchi@ tb@
jmc [Sat, 19 Mar 2022 17:12:31 +0000 (17:12 +0000)]
remove unused Pp;
jsing [Sat, 19 Mar 2022 16:23:17 +0000 (16:23 +0000)]
Add another invalid separator test case.
stsp [Sat, 19 Mar 2022 15:21:13 +0000 (15:21 +0000)]
Fix wrongly implemented check for 5GHz access point RSSI threshold.
This check was wrong for drivers which report RSSI as a percentage,
such as iwm(4) and iwx(4). Such drivers will now prefer 5GHz with
50% or greater RSSI, as was intended.
ok phessler@
stsp [Sat, 19 Mar 2022 15:20:32 +0000 (15:20 +0000)]
Give 11n and 11ac networks a higher score during SSID selection.
ok phessler@
stsp [Sat, 19 Mar 2022 15:19:51 +0000 (15:19 +0000)]
Fix wrong logic in a check in iwm_vht_single_rate_control() to match
what was intended.
ok phessler@
stsp [Sat, 19 Mar 2022 14:50:01 +0000 (14:50 +0000)]
Fix attach of multiple iwm(4) or iwx(4) interfaces in the same machine.
ok kettenis@, jca@
stsp [Sat, 19 Mar 2022 10:43:01 +0000 (10:43 +0000)]
Remove the paragraph about 802.11ac from CAVEATS in the iwm(4) man page.
stsp [Sat, 19 Mar 2022 10:28:44 +0000 (10:28 +0000)]
Do not define RA_DEBUG; pointed out by miod@
sthen [Sat, 19 Mar 2022 10:28:38 +0000 (10:28 +0000)]
backout r1.86 "login class routing table should be honored when doing
a full login with su -l", it breaks rc.d(8) daemon_rtable
stsp [Sat, 19 Mar 2022 10:26:52 +0000 (10:26 +0000)]
Add initial 802.11ac support to the iwm(4) driver.
VHT MCS and 80MHz channels can now be used.
Other 11ac features such as larger aggregates are left for later work.
Tested:
3160: stsp
7260: florian, jmatthew
7265: rfreeman, mlarkin, landry, Peter J. Philip
8260: bket
8265: jturner, Marcus MERIGHI, stsp
9260: florian, matthieu, stsp
9650: kmos, sthen
ok sthen@
stsp [Sat, 19 Mar 2022 10:25:09 +0000 (10:25 +0000)]
Add 11ac/VHT Tx rate adaptation support to net80211.
Based on our existing RA module for 11n.
The main difference is in dealing with 11ac-specific ratesets.
Tx rate selection heuristics remain identical.
Only supports 80MHz channels, for now. 160MHz is left for future work.
ok sthen@
espie [Sat, 19 Mar 2022 07:01:00 +0000 (07:01 +0000)]
mark injection fault test as okay to fail, since this case no longer
creates temp files with the current optimization.
jsg [Fri, 18 Mar 2022 22:28:06 +0000 (22:28 +0000)]
add list of apple machines from arm64.html
apple specific install instructions still needed
jsing [Fri, 18 Mar 2022 18:01:17 +0000 (18:01 +0000)]
Simplify SSL_do_handshake().
ok inoguchi@ tb@
jsing [Fri, 18 Mar 2022 18:00:54 +0000 (18:00 +0000)]
Rewrite legacy DTLS unexpected handshake message handling.
Rewrite the code that handles unexpected handshake messages in the legacy
DTLS stack. Parse the DTLS message header up front, then process it based
on the message type. Overall the code should be more strict and we should
reject various invalid messages that would have previously been accepted.
ok inoguchi@ tb@
bluhm [Fri, 18 Mar 2022 15:32:06 +0000 (15:32 +0000)]
Cleanup reference counting. Remove #ifdef DIAGNOSTIC to keep the
code similar in non DIAGNOSTIC case. Rename refcnt variable to
refs for consistency with r_refs. Add KASSERT() in refcnt_finalize().
OK visa@
visa [Fri, 18 Mar 2022 14:45:39 +0000 (14:45 +0000)]
Use the refcnt API with struct plimit.
OK bluhm@ dlg@
miod [Fri, 18 Mar 2022 11:09:55 +0000 (11:09 +0000)]
regen
miod [Fri, 18 Mar 2022 11:09:39 +0000 (11:09 +0000)]
Add bwfm chips to sdmmcdevs in order to get symbolic constants for them.
ok jsg
miod [Fri, 18 Mar 2022 11:08:34 +0000 (11:08 +0000)]
Don't bother generating (unused) CIS overrides.
ok jsg
sthen [Fri, 18 Mar 2022 09:04:05 +0000 (09:04 +0000)]
add crossrefs to the other port module documentation to port-modules(5)
(cabal/cargo/gnome/go/python/qmake-module; ruby-module is already listed)
djm [Fri, 18 Mar 2022 04:04:11 +0000 (04:04 +0000)]
don't try to resolve ListenAddress directives in the sshd re-exec
path - we're never going to use the result and if the operation fails
then it can prevent connections from being accepted. Reported by
Aaron Poffenberger; with / ok dtucker@
djm [Fri, 18 Mar 2022 02:50:21 +0000 (02:50 +0000)]
remove blank line
djm [Fri, 18 Mar 2022 02:32:22 +0000 (02:32 +0000)]
helpful comment
djm [Fri, 18 Mar 2022 02:31:25 +0000 (02:31 +0000)]
ssh-keygen -Y check-novalidate requires namespace or SEGV will ensue.
Patch from Mateusz Adamowski via GHPR#307
jsg [Fri, 18 Mar 2022 01:49:47 +0000 (01:49 +0000)]
spelling
espie [Thu, 17 Mar 2022 21:45:51 +0000 (21:45 +0000)]
add some extra logic to prevent moving files around when this is possible.
Specifically, we created pkg.XXXX temp files for updates to work.
When I added tied files, I generalized this to installs as well, because
it was becoming too complex.
Forward a few years:
- we have tags and define-tag, so we can deem a lot of UpdateSets "safe"
(because they don't run command during the deletion/installation, but at
the end, so they won't see unwanted files)
- the tied logic is well-proven
With this diff:
- installs will again extract files directly in-place, so that install
is (mostly) chown + utimes.
- updates will extract files with new names directly in-place
- tied files that didn't change names will have zero churn (instead
of link to pkg.XXXX, rm orig file, mv pkg.XXXX back to orig file)
After lots of tests involving somewhat broken things.
Okay sthen@
(if it breaks it's easy to revert, but the speed-up for stuff like
texlive minor updates is significant)
tb [Thu, 17 Mar 2022 18:51:56 +0000 (18:51 +0000)]
Drop two variable names from function prototypes.
From Martin Vahlensieck
schwarze [Thu, 17 Mar 2022 18:45:43 +0000 (18:45 +0000)]
Avoid legacy CSS2 syntax for the "display" property and use the CSS3
two-value syntax "display: inline flow;" instead. In particular, there
is no need to establish a new block formatting context with "flow-root",
and in fact that's detrimental because it appears to introduce spurious
soft-wrap opportunities.
jmc@ reported a bogus line break between the opening angle bracket
generated by .Aq Mt and the following email address.
sthen [Thu, 17 Mar 2022 18:27:55 +0000 (18:27 +0000)]
fix typos; Martin Vahlensieck
jsing [Thu, 17 Mar 2022 17:28:08 +0000 (17:28 +0000)]
Rewrite legacy TLS unexpected handshake message handling.
Rewrite the code that handles unexpected handshake messages in the legacy
TLS stack. Parse the TLS message header up front, then process it based on
the message type. Overall the code should be more strict and we should
reject various invalid messages that would have previously been accepted.
I also reviewed steve's experimental code and fixed the bug that it
contained.
ok inoguchi@ tb@
jsing [Thu, 17 Mar 2022 17:24:37 +0000 (17:24 +0000)]
Clean up and simplify ssl3_renegotiate{,_check}()
ok inoguchi@ tb@
jsing [Thu, 17 Mar 2022 17:22:16 +0000 (17:22 +0000)]
Remove const from tls1_transcript_hash_value()
This function populates the passed *out argument, hence it should not be
marked const.
ok tb@
jsing [Thu, 17 Mar 2022 17:17:58 +0000 (17:17 +0000)]
Rework ASN1_STRING_set()
Rework ASN1_STRING_set() so that we always clear and free an existing
allocation, prior to storing the new data. This fixes a number of issues,
including a failure to zero data if the existing allocation was too small.
This also fixes other bugs such as leaving the allocation uninitialised
if NULL is passed for data. Require -1 where strlen() is expected and
improve length and overflow checks.
ok inoguchi@ tb@
bluhm [Thu, 17 Mar 2022 14:53:59 +0000 (14:53 +0000)]
Declare dtps_static array const to move it into read-only section.
OK mpi@
millert [Thu, 17 Mar 2022 14:37:26 +0000 (14:37 +0000)]
Update to tzdata2022a from iana.org. Major changes:
o Palestine will spring forward on 2022-03-27, not -03-26.
visa [Thu, 17 Mar 2022 14:23:34 +0000 (14:23 +0000)]
Use the refcnt API with struct ucred.
OK bluhm@
visa [Thu, 17 Mar 2022 14:22:03 +0000 (14:22 +0000)]
Use the refcnt API in bpf.
OK sashan@ bluhm@
stsp [Thu, 17 Mar 2022 14:00:53 +0000 (14:00 +0000)]
Make tcpdump(8) show 802.11ac VHT capability and operation IEs in -v mode.
ok sthen@
nicm [Thu, 17 Mar 2022 13:39:13 +0000 (13:39 +0000)]
Check scroll-on-clear for ED also.
nicm [Thu, 17 Mar 2022 11:35:37 +0000 (11:35 +0000)]
Add an option (scroll-on-clear) to control if tmux scrolls into history
on clear, from Robert Lange in GitHub issue 3121.
mpi [Thu, 17 Mar 2022 10:15:13 +0000 (10:15 +0000)]
In swap_io() allocate the buffer before doing encryption.
If the allocation fails due to memory pressure no time is wasted doing
encryption. This also simplify the error path.
Tested by sthen@.
ok kn@, miod@, kettenis@, tb@
kettenis [Thu, 17 Mar 2022 00:28:29 +0000 (00:28 +0000)]
Fix previous commit; the FDT header is big-endian so we need to do the
appropriate byte swapping.
schwarze [Wed, 16 Mar 2022 23:23:24 +0000 (23:23 +0000)]
Just say that the databases are intended for use by apropos(1), whatis(1),
and man(1), without restricting that statement to "man -k".
Suggested by and patch OK'ed by jmc@.
While only apropos(1) and whatis(1) strictly require the database
and while our man(1) implementation can find many manual pages even
when no database is available or when the database is incomplete or
corrupt, it does use the database even without -k whenever possible.
Consequently, this change makes the manual page less confusing.
kettenis [Wed, 16 Mar 2022 22:32:50 +0000 (22:32 +0000)]
When we allocate space a buffer with some extra space for the FDT, adjust
the size of the FDT to reflect the size of that buffer. This prevents
an FDT overflow if the original FDT doesn't have enough space for the
additional properties that we add to it in our bootloader.
Fixes boot on the mcbin.
tested by bluhm@, ok patrick@
tobhe [Wed, 16 Mar 2022 18:17:20 +0000 (18:17 +0000)]
Make sure contents of vroute messages are aligned properly.
Fixes address autoconfiguration on octeon.
Found by and ok mbuhl@
krw [Wed, 16 Mar 2022 17:03:13 +0000 (17:03 +0000)]
The 'status' parameter to uuid_* functions is uint32_t, not int.
No intentional functional change.
nicm [Wed, 16 Mar 2022 17:00:17 +0000 (17:00 +0000)]
Add an option to set the character used for unused areas of the
terminal, GitHub issue 3110.
visa [Wed, 16 Mar 2022 16:17:46 +0000 (16:17 +0000)]
Remove an unneeded include.
visa [Wed, 16 Mar 2022 14:38:43 +0000 (14:38 +0000)]
Use the refcnt API in kqueue.
OK dlg@ bluhm@
visa [Wed, 16 Mar 2022 14:13:01 +0000 (14:13 +0000)]
Add refcnt_shared() and refcnt_read()
refcnt_shared() checks whether the object has multiple references.
When refcnt_shared() returns zero, the caller is the only reference
holder.
refcnt_read() returns a snapshot of the counter value.
refcnt_shared() suggested by dlg@.
OK dlg@ mvs@
bluhm [Wed, 16 Mar 2022 12:37:44 +0000 (12:37 +0000)]
Fix dependency to build bn_mod_sqrt.
tb [Wed, 16 Mar 2022 11:44:36 +0000 (11:44 +0000)]
Make gcc 4 happier about x509_addr.c
gcc 4 on sparc64 issues a few 'warning: value computed is not used'.
There are two cases: sk_set_cmp_function() returns the old comparison
function of the stack which we don't care about. The one warning about
an sk_delete() is about a return value that we know already and which
we will free a few lines down.
ok inoguchi miod
florian [Wed, 16 Mar 2022 10:14:50 +0000 (10:14 +0000)]
Update to nsd 4.4.0
tested by sthen and me
OK sthen
bcook [Tue, 15 Mar 2022 21:15:08 +0000 (21:15 +0000)]
LibreSSL 3.5.2
jsing [Tue, 15 Mar 2022 18:47:22 +0000 (18:47 +0000)]
Initialise *out_name at the start of i2t_ASN1_OBJECT_name().
ok tb@
kettenis [Tue, 15 Mar 2022 18:46:15 +0000 (18:46 +0000)]
Implement additional error checking for aplsmc_read_key() such that we can
detect when we read a key that isn't supported by the firmware.
Only provide RTC functionality if the "CLKM" key is implemented.
Fixes reading the time on machines with old SMC firmware from macOS 11.x.
ok jsg@
tb [Tue, 15 Mar 2022 18:29:12 +0000 (18:29 +0000)]
Check BIO_reset() return value to make gcc happy.
krw [Tue, 15 Mar 2022 17:59:39 +0000 (17:59 +0000)]
Always use letoh32(gh.gh_part_num) instead of NGPTPARTITIONS when
scanning the GPT partition table. gh.gh_part_num reflects the actual
size of the table read from/written to the disk and scanning
possible entries between this value and the maximum allowed size
of a partition table is pointless.
No intentional functional change.
solene [Tue, 15 Mar 2022 17:13:50 +0000 (17:13 +0000)]
login class routing table should be honored when
doing a full login with su -l
ok millert@
patch from Matthew Martin < phy1729 at gmail dot com >
claudio [Tue, 15 Mar 2022 16:50:29 +0000 (16:50 +0000)]
Replace the eor member of struct prefix with a flag. Saves a byte that
will be reused soon.
OK denis@ tb@
tb [Tue, 15 Mar 2022 16:28:42 +0000 (16:28 +0000)]
Add a simple regress to verify that the infinite loop in BN_mod_sqrt()
is fixed.
tb [Tue, 15 Mar 2022 15:52:39 +0000 (15:52 +0000)]
Fix infinite loop in BN_mod_sqrt()
A bug in the implementation of the Tonelli-Shanks algorithm can lead to
an infinite loop. This loop can be hit in various ways, in particular on
decompressing an elliptic curve public key via EC_POINT_oct2point() - to
do this, one must solve y^2 = x^3 + ax + b for y, given x.
If a certificate uses explicit encoding for elliptic curve parameters,
this operation needs to be done during certificate verification, leading
to a DoS. In particular, everything dealing with untrusted certificates
is affected, notably TLS servers explicitly configured to request
client certificates (httpd, smtpd, various VPN implementations, ...).
Ordinary TLS servers do not consume untrusted certificates.
The problem is that we cannot assume that x^3 + ax + b is actually a
square on untrusted input and neither can we assume that the modulus
p is a prime. Ensuring that p is a prime is too expensive (it would
likely itself lead to a DoS). To avoid the infinite loop, fix the logic
to be more resilient and explicitly limit the number of iterations that
can be done. The bug is such that the infinite loop can also be hit for
primes = 3 (mod 4) but fortunately that case is optimized earlier.
It's also worth noting that there is a size bound on the field size
enforced via OPENSSL_ECC_MAX_FIELD_BITS (= 661), which help mitigate
further DoS vectors in presence of this fix.
Reported by Tavis Ormandy and David Benjamin, Google
Patch based on the fixes by David Benjamin and Tomas Mraz, OpenSSL
ok beck inoguchi
espie [Tue, 15 Mar 2022 14:53:53 +0000 (14:53 +0000)]
document noconfigurejunk, assuming it works as expected
claudio [Tue, 15 Mar 2022 14:39:34 +0000 (14:39 +0000)]
Refactor prefix_adjout_update(). Move the new prefix logic up and
then just fall through the update path. This is more in line with
prefix_update() and will make further work simpler.
OK tb@
tobhe [Tue, 15 Mar 2022 13:07:33 +0000 (13:07 +0000)]
Fix build after recent IKEv2 message fragment retransmit change.
Found by anton@
sthen [Tue, 15 Mar 2022 13:00:30 +0000 (13:00 +0000)]
sync
jan [Tue, 15 Mar 2022 11:22:10 +0000 (11:22 +0000)]
Enable IP header checksum offloading in ix(4).
ok jmatthew@
claudio [Tue, 15 Mar 2022 11:16:25 +0000 (11:16 +0000)]
Add a test for expanding macros in large-community strings.
claudio [Tue, 15 Mar 2022 11:13:48 +0000 (11:13 +0000)]
Change how $macros are expanded in the config.
Expand $macros not only at the start of a yacc token but also inside STRING
elements. STRING elements are used e.g. for community specifications and
it makes sense to allow $FOO:$BAR to correctly expand. There is no expansion
of macros in quoted strings (both single and double quotes).
Factor out the macro expand logic and with this introduce its own lookup
buffer for the macro name. For expansion to work inside STRING the char
after the makro name must be a character not allowed in macro names (not
alpha-numerical or '_').
Add extra checks to set variables. Mainly restrict length of the name and
also make sure it does not include not allowed characters.
OK tb@
stsp [Tue, 15 Mar 2022 09:23:01 +0000 (09:23 +0000)]
Fix Tx rate used by rtwn(4) and urtwn(4) for RTS frames.
Using ni_txrate for RTS is a bad choice since it could go up to 54 Mbit/s.
The AP needs to receive our RTS frame reliably. Usually, 1 Mbit/s is used
for RTS, but this hurts throughput and does not really make sense on today's
wifi networks.
Use 1 Mbit/s in 11b mode, and otherwise use 24 Mbit/s, as damien@
already hard-coded in urtwn long ago.
ok kevlo@
stsp [Tue, 15 Mar 2022 09:22:56 +0000 (09:22 +0000)]
Fix Tx rate used by rtwn(4) and urtwn(4) for RTS frames.
Using ni_txrate for RTS is a bad choice since it could go up to 54 Mbit/s.
The AP needs to receive our RTS frame reliably. Usually, 1 Mbit/s is used
for RTS, but this hurts throughput and does not really make sense on today's
wifi networks.
Use 1 Mbit/s in 11b mode, and otherwise use 24 Mbit/s, as damien@
already hard-coded in urtwn long ago.
ok kevlo@
jsg [Tue, 15 Mar 2022 08:15:23 +0000 (08:15 +0000)]
remove if_vxlan.h unused after if_vxlan.c rev 1.84
ok kevlo@ claudio@
espie [Tue, 15 Mar 2022 08:12:53 +0000 (08:12 +0000)]
if we pass exact pkg args, just check that their files are there instead
of the full pkgtree, useful for debug
ratchov [Tue, 15 Mar 2022 05:53:37 +0000 (05:53 +0000)]
Fix crash caused by confusion between requested device and last used one
Found by and ok semarie@
djm [Tue, 15 Mar 2022 05:27:37 +0000 (05:27 +0000)]
improve DEBUG_CHANNEL_POLL debugging message
jmatthew [Tue, 15 Mar 2022 02:07:21 +0000 (02:07 +0000)]
Enable checksum offloads. The nic does all the work here, so we don't
need to calculate header offsets for it.
ok dlg@
dlg [Mon, 14 Mar 2022 23:41:42 +0000 (23:41 +0000)]
unload the dmamap in bnxt_dmamem_free.
this is technically not necessary, but it makes it feel symmetrical
with bnxt_dmamem_alloc which loads it.
ok jmatthew@
tb [Mon, 14 Mar 2022 22:38:43 +0000 (22:38 +0000)]
Unbreak the tree, revert commitid aZ8fm4iaUnTCc0ul
This reverts the commit protecting the list and hashes in the PCB tables
with a mutex since the build of sysctl(8) breaks, as found by kettenis.
ok sthen
solene [Mon, 14 Mar 2022 21:52:08 +0000 (21:52 +0000)]
add -k flag to gzip and gunzip
When using this flag, the input file is kept after
compression or decompression, this makes our gzip
more compatible with the other gzip
changes reworked by jca@, thanks
ok jca@ millert@
tb [Mon, 14 Mar 2022 21:30:48 +0000 (21:30 +0000)]
Add a few regress test cases for name constraints.
From Alex Wilson
tb [Mon, 14 Mar 2022 21:29:46 +0000 (21:29 +0000)]
Allow constraints of the form @domain.com
Some things issue and expect that we support a non-standard extension of
accepting any email address from a host by prefixing an email name
constraint with @. This used to be the case with the old code as well.
Pointed out and based on a diff by Alex Wilson.
ok jsing
tb [Mon, 14 Mar 2022 21:15:49 +0000 (21:15 +0000)]
Rework ownership handling in x509_constraints_validate()
Instead of having the caller allocate and pass in a new
x509_constraints_name struct, handle allocation inside
x509_constraints_validate(). Also make the error optional.
All this is done to simplify the call sites and to make it
more obvious that there are no leaks.
ok jsing
miod [Mon, 14 Mar 2022 20:07:57 +0000 (20:07 +0000)]
There is no objectionable-C compiler in the comp set anymore.
kettenis [Mon, 14 Mar 2022 19:09:32 +0000 (19:09 +0000)]
The current FDT code we use in the bootloader is buggy and will write into
memory beyond the actual FDT data structure when adding information to the
device tree. This is especially problematic on ACPI systems where we add
lots of information to the device tree based on ACPI tables. Fix the FDT
code to never write beyond the end of the data structure and panic if we
run out of free space. Raise the amount of free space frm 4K to 16K for
the proto-FDT we use on ACPI systems. Bump the version number of the
arm64 bootloader.
ok visa@, patrick@
bluhm [Mon, 14 Mar 2022 17:23:00 +0000 (17:23 +0000)]
pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To
run pf in parallel, make parts of the stack MP safe. Protect the
list and hashes in the PCB tables with a mutex.
Note that the protocol notify functions may call pf via tcp_output().
As the pf lock is a sleeping rw_lock, we must not hold a mutex. To
solve this for now, collect these PCBs in inp_notify list and protect
it with exclusive netlock.
OK sashan@
krw [Mon, 14 Mar 2022 17:11:44 +0000 (17:11 +0000)]
Abstract duplicated code scanning gpt_types[] into a helper
function find_gpt_type().
Use find_gpt_type() to simplify the functions obtaining
information from gpt_types[]. Add not yet used
PRT_uuid_to_protection() to allow simplification of GPT partition
protection code..
No intentional functional change.
jsing [Mon, 14 Mar 2022 16:49:35 +0000 (16:49 +0000)]
Factor out unexpected handshake message handling code in the legacy stack.
The TLS record layer has to be able to handle unexpected handshake messages
that result when it has been asked to read application data. The way that
this is currently done in the legacy stack is a layering violation - the
record layer knows about DTLS/TLS handshake messages, parsing them and then
deciding what action to take. This is further complicated by the need to
handle handshake message fragments.
For now, factor this code out with minimal changes - since it is a layering
violation we have to retain separate code for DTLS and TLS.
ok beck@ inoguchi@ tb@
jsing [Mon, 14 Mar 2022 16:35:45 +0000 (16:35 +0000)]
Factor out ASN1_STRING clearing code.
This fixes a bug in ASN1_STRING_set0() where it does not respect the
ASN1_STRING_FLAG_NDEF flag and potentially frees memory that we do not own.
ok inguchi@ tb@
jsing [Mon, 14 Mar 2022 16:23:29 +0000 (16:23 +0000)]
First pass clean up of ASN1_STRING code.
Use consistent variable names (astr/src) rather than 'a', 'bs', 'str', 'v'
or 'x', add some whitespace and remove some unneeded parentheses.
ok inoguchi@ tb@
projects / openbsd / log