openbsd
3 years agoProperly refer to ioctl(2)
kn [Fri, 14 May 2021 13:10:20 +0000 (13:10 +0000)]
Properly refer to ioctl(2)

From Caspar Schutijser, thanks.

3 years agoImprove libcrypto obj_xref.h generator
inoguchi [Fri, 14 May 2021 10:50:55 +0000 (10:50 +0000)]
Improve libcrypto obj_xref.h generator

Modify objxref.pl to output $OpenBSD$ header and
__BEGIN_HIDDEN_DECLS / __END_HIDDEN_DECLS .

ok and comment from tb@

3 years agoremove comment describing GENERIC
jsg [Fri, 14 May 2021 08:10:39 +0000 (08:10 +0000)]
remove comment describing GENERIC

3 years agoadd dwge(4) to RAMDISK as well
jsg [Fri, 14 May 2021 06:55:19 +0000 (06:55 +0000)]
add dwge(4) to RAMDISK as well

3 years agoremove uneeded includes
jsg [Fri, 14 May 2021 06:48:52 +0000 (06:48 +0000)]
remove uneeded includes

3 years agomove some files to match other archs
jsg [Fri, 14 May 2021 05:21:00 +0000 (05:21 +0000)]
move some files to match other archs

ok deraadt@ drahn@

3 years agofix previous: test saved no_shell_flag, not the one that just got
djm [Fri, 14 May 2021 05:20:32 +0000 (05:20 +0000)]
fix previous: test saved no_shell_flag, not the one that just got
clobbered

3 years agoRiscv64 sets. Initial attempt.
drahn [Fri, 14 May 2021 03:49:18 +0000 (03:49 +0000)]
Riscv64 sets. Initial attempt.

3 years agoFix ssh started with ControlPersist incorrectly executing a shell
djm [Fri, 14 May 2021 03:09:48 +0000 (03:09 +0000)]
Fix ssh started with ControlPersist incorrectly executing a shell
when the -N (no shell) option was specified. bz3290 reported by
Richard Schwab; patch from markus@ ok me

3 years agoEnable riscv64 native kernel builds.
drahn [Fri, 14 May 2021 03:01:24 +0000 (03:01 +0000)]
Enable riscv64 native kernel builds.
remove extra targets

3 years agoOn riscv64, dynamically linked clang binary fails with:
drahn [Fri, 14 May 2021 02:29:00 +0000 (02:29 +0000)]
On riscv64, dynamically linked clang binary fails with:
libc++abi: Pure virtual function called!

By statically linking clang (and *-tblgen) this problem is worked around
at least for now.

3 years agoFix bootloader name and riscv64 doesn't have bsd.mp yet.
drahn [Fri, 14 May 2021 02:21:34 +0000 (02:21 +0000)]
Fix bootloader name and riscv64 doesn't have bsd.mp yet.

3 years agoAdjust ramdisk generation for self hosting, remove cross bits.
drahn [Fri, 14 May 2021 01:18:52 +0000 (01:18 +0000)]
Adjust ramdisk generation for self hosting, remove cross bits.

3 years agoInitial enablment of EMULTLS on RiscV
drahn [Fri, 14 May 2021 01:15:54 +0000 (01:15 +0000)]
Initial enablment of EMULTLS on RiscV
Uncertain if this is 100% correct, however this enables self hosting
using clang.

3 years agoFix regression for _setjmp, fucntion does not use stack and adjusting
drahn [Fri, 14 May 2021 00:57:03 +0000 (00:57 +0000)]
Fix regression for _setjmp, fucntion does not use stack and adjusting
it causes restored stack to be incorrect.

3 years agoImprove mereg_add() like I did on arm64.
kettenis [Thu, 13 May 2021 22:42:14 +0000 (22:42 +0000)]
Improve mereg_add() like I did on arm64.

3 years agoDo `so_rcv' cleanup with sblock() held.
mvs [Thu, 13 May 2021 19:43:11 +0000 (19:43 +0000)]
Do `so_rcv' cleanup with sblock() held.

solock() should be taken before sblock(). soreceive() grabs solock() and
then locks `so_rcv'. But later it releases solock() before call uimove(9).
So concurrent thread which performs soshutdown() could break sorecive()
loop. But `so_rcv' is still locked by sblock() so this soshutdown()
thread will sleep in sorflush() at sblock() call. soshutdown() thread
doesn't release solock() after sblock() call so it has no matter where to
release `so_rcv' - is will be locked until the solock() release.

That's why this strange looking code works fine. This sbunlock() movement
just after `so_rcv' cleanup  affects nothing but makes the code
consistent and clean to understand.

ok mpi@

3 years agoUse intr_enable()/int_disable()/intr_restore() instead of
kettenis [Thu, 13 May 2021 19:26:25 +0000 (19:26 +0000)]
Use intr_enable()/int_disable()/intr_restore() instead of
enable_interrupts()/disable_interrupts()/restore_interrupts() and remove
the latter interfaces.

ok mlarkin@, drahn@

3 years agoUse NULL instead of 0 for mbuf(9) pointers.
mvs [Thu, 13 May 2021 18:06:54 +0000 (18:06 +0000)]
Use NULL instead of 0 for mbuf(9) pointers.

ok millert@

3 years agoAssign NULL instead of 0 to `control' within sendit(). It's mbuf(9)
mvs [Thu, 13 May 2021 17:31:59 +0000 (17:31 +0000)]
Assign NULL instead of 0 to `control' within sendit(). It's mbuf(9)
pointer.

ok deraadt@

3 years agoMove ktrfds() below fdpunlock(). This fixes lock order issue between
mvs [Thu, 13 May 2021 17:02:31 +0000 (17:02 +0000)]
Move ktrfds() below fdpunlock(). This fixes lock order issue between
vn_lock(9) and fdplock().

Reported-by: syzbot+2300a1bedc425f6f851e@syzkaller.appspotmail.com
ok visa@

3 years agoMake memreg_add() a bit smarter and have it merge adjacent regions.
kettenis [Thu, 13 May 2021 16:08:16 +0000 (16:08 +0000)]
Make memreg_add() a bit smarter and have it merge adjacent regions.
This should reduce the number of physical memory segments that we pass
to uvm reducing the chance that we run out of physical memory segments
and should make physical memory allocation a bit more efficient.

ok patrick@

3 years agoRefactor iked process shutdown and cleanup. Remember configured
tobhe [Thu, 13 May 2021 15:20:48 +0000 (15:20 +0000)]
Refactor iked process shutdown and cleanup. Remember configured
addresses and routes in iked_vroute_sc to not depend on ikev2
process for cleanup.

This makes sure that all flows, routes and addresses are deleted
no matter which process is killed first.

ok patrick@

3 years agoUse field independent versions of {get,set}_coordinates()
tb [Thu, 13 May 2021 14:28:03 +0000 (14:28 +0000)]
Use field independent versions of {get,set}_coordinates()

ok tobhe

3 years agoUse field independent version of {get,set}_affine_coordinates.
tb [Thu, 13 May 2021 14:01:35 +0000 (14:01 +0000)]
Use field independent version of {get,set}_affine_coordinates.

ok tobhe

3 years agoRFC 4861 4.1 allows router solicitations from the unspecified address
florian [Thu, 13 May 2021 11:22:15 +0000 (11:22 +0000)]
RFC 4861 4.1 allows router solicitations from the unspecified address
(::). A short survey suggests that some systems respond with a
multicast router advertisement and other don't.

Andrew Forgue pointed out a usecase for this, booting a UEFI system
over http in an IPv6 network only. ("IPv6 support for UEFI IPv6
booting" on bugs@ a long time ago)

There is also no downside in allowing this, any host on the layer 2
network can solicit a router advertisement.

OK phessler

3 years agoRun handlers with interrupts enabled.
kettenis [Thu, 13 May 2021 09:32:00 +0000 (09:32 +0000)]
Run handlers with interrupts enabled.

ok jsg@

3 years agochange sig_atomic_t from long to int matching all the other archs
jsg [Thu, 13 May 2021 08:44:18 +0000 (08:44 +0000)]
change sig_atomic_t from long to int matching all the other archs

ok kettenis@

3 years agoacme-client: use EC_POINT_{get,set}_affine_cooordinates()
tb [Thu, 13 May 2021 07:10:57 +0000 (07:10 +0000)]
acme-client: use EC_POINT_{get,set}_affine_cooordinates()

The versions with _GFp() suffix only exist for historical reasons.
Now that we have EC_POINT_{get,set}_affine_coordinates(), we should
stop using the old ones as they provide no benefit.

ok florian

3 years agoNo need to disable interrupts before returning to userland.
kettenis [Thu, 13 May 2021 06:45:23 +0000 (06:45 +0000)]
No need to disable interrupts before returning to userland.
The AST processing code will take care of doing that for us.

ok jsg@

3 years agoWhen doing AST processing:
kettenis [Thu, 13 May 2021 06:44:11 +0000 (06:44 +0000)]
When doing AST processing:
1) block interrupts, then check for ASTs
2) if no ASTs, return with interrupts blocked, so they can be re-enabled
   ATOMICALLY in the return to userspace
3) if an AST happened, then re-enable interrupts, call ast(), then goto 1

ok jsg@

3 years agoAdd missing .Pp in HISTORY section.
tb [Thu, 13 May 2021 06:00:53 +0000 (06:00 +0000)]
Add missing .Pp in HISTORY section.

3 years agoAdd missing .Pp
tb [Thu, 13 May 2021 05:52:28 +0000 (05:52 +0000)]
Add missing .Pp

3 years agoWhitespace fix for unintentional unindenting event in r1.260.
krw [Thu, 13 May 2021 02:22:33 +0000 (02:22 +0000)]
Whitespace fix for unintentional unindenting event in r1.260.

Reported by Ashton Fagg via tech@. Thanks!

3 years agoRemove about PACKET_TAG_PIPEX, it was replaced by ph_cookie.
yasuoka [Wed, 12 May 2021 23:17:30 +0000 (23:17 +0000)]
Remove about PACKET_TAG_PIPEX, it was replaced by ph_cookie.

3 years agoprint a newline after each instruction
deraadt [Wed, 12 May 2021 23:08:19 +0000 (23:08 +0000)]
print a newline after each instruction
ok kettenis

3 years agovmctl(8): remove unveil from disk image creation routines
dv [Wed, 12 May 2021 20:13:00 +0000 (20:13 +0000)]
vmctl(8): remove unveil from disk image creation routines

James Cook reported an issue creating images from qcow2 disks that
contained base images. Initial approach suggested was to replace the
use of realpath(3), but since this is common code used in vmd(8) the
better option is to just remove the use of unveil(1) in vmctl. (It was
added very early in vmctl's development before support for disk
conversion was added.)

This does not change existing unveil usage in vmctl for things like the
control socket or the serial console. There's no change to vmd either.

Discussed with and OK from mlarkin@

3 years agoBuild a list of memory regions and call yvm_physload(9) on those like
kettenis [Wed, 12 May 2021 17:43:26 +0000 (17:43 +0000)]
Build a list of memory regions and call yvm_physload(9) on those like
we do on riscv64.

ok patrick@

3 years agoMerge documentation for SSL_CIPHER_find(3) from OpenSSL 1.1.1.
tb [Wed, 12 May 2021 15:12:35 +0000 (15:12 +0000)]
Merge documentation for SSL_CIPHER_find(3) from OpenSSL 1.1.1.

3 years agoregen
mpi [Wed, 12 May 2021 15:05:09 +0000 (15:05 +0000)]
regen

3 years agoRevert unlock of connect(2), bind(2), listen(2) and shutdown(2).
mpi [Wed, 12 May 2021 15:04:48 +0000 (15:04 +0000)]
Revert unlock of connect(2), bind(2), listen(2) and shutdown(2).

At least one of them cause a deadlock involving `unplock' and mbuf allocations
('mbufpl') as reported by millert@.

3 years agosync
tb [Wed, 12 May 2021 14:19:30 +0000 (14:19 +0000)]
sync

3 years agoInstall SSL_SESSION_get0_cipher.3
tb [Wed, 12 May 2021 14:17:27 +0000 (14:17 +0000)]
Install SSL_SESSION_get0_cipher.3

3 years agoDocument SSL_SESSION_get0_cipher(3)
tb [Wed, 12 May 2021 14:16:25 +0000 (14:16 +0000)]
Document SSL_SESSION_get0_cipher(3)

Based on the OpenSSL 1.1.1 manual written by Rich Salz with a healthy
dose of improvements by schwarze.

ok schwarze

3 years agoClarify language about moduli. While both ends of the connection do need
dtucker [Wed, 12 May 2021 11:34:30 +0000 (11:34 +0000)]
Clarify language about moduli.  While both ends of the connection do need
to use the same parameters (ie groups), the DH-GEX protocol takes care
of that and both ends do not need the same contents in the moduli file,
which is what the previous text suggested.  ok djm@ jmc@

3 years agoCount the number of arguments in each expression as we initially go
lum [Wed, 12 May 2021 11:13:23 +0000 (11:13 +0000)]
Count the number of arguments in each expression as we initially go
through the expression. To be used in checking function parameter
profiles later.

3 years agofix broken escape; ok schwarze
jmc [Wed, 12 May 2021 10:59:43 +0000 (10:59 +0000)]
fix broken escape; ok schwarze

3 years agoModify cms test in appstest.sh to work with ec cert/key
inoguchi [Wed, 12 May 2021 10:39:13 +0000 (10:39 +0000)]
Modify cms test in appstest.sh to work with ec cert/key

3 years agoAdd obj_xref for ECDH schemes in RFC 5753
inoguchi [Wed, 12 May 2021 10:24:39 +0000 (10:24 +0000)]
Add obj_xref for ECDH schemes in RFC 5753

Found missing sigoid_srt record in crypto/objects/obj_xref.h, and
this causes error while executing openssl cms -encrypt with EC key/cert.
Added required definitions to obj_xref.txt and obj_xref.h.

Issue reported by Theodore Wynnychenko (tmw <at> uchicago.edu) on misc.

ok tb@

3 years agoFix several issues introduced with iwm(4) Tx aggregation support.
stsp [Wed, 12 May 2021 10:05:57 +0000 (10:05 +0000)]
Fix several issues introduced with iwm(4) Tx aggregation support.

Keep station queues marked as enabled until the device gets reset.
The firmware becomes unhappy if it finds some queues enabled but missing
from the station's queue mask, even across removals and re-additions of the
station which occur during re-associations and while roaming between APs.
Fixes "could not add sta (error 35)" fatal firmware errors.

When stopping a BA session, properly set the bit corresponding to the
session's TID in the node's tid_disable_ampu bitmask.

During dis- and re-associations all Tx block ack sessions are torn down,
so clear the bitmask which identifies queues with active Tx BA sessions.

Don't byte-swap values written to host-side variables.

Problems reported and fixes tested by Matthias Schmidt and kettenis@.
Additional testing by phessler@, mlarkin@, and Mikolaj Kucharski.

3 years agoUse local copy of `ps_rtableid' in ip{,6}_ctloutput() and mark
mvs [Wed, 12 May 2021 08:09:33 +0000 (08:09 +0000)]
Use local copy of `ps_rtableid' in ip{,6}_ctloutput() and mark
`ps_rtableid' as atomic. This allows us to unlock setrtable(2).

ok claudio@ mpi@

3 years agoThe official service name of tcp/465 is "submissions"
jca [Wed, 12 May 2021 06:50:33 +0000 (06:50 +0000)]
The official service name of tcp/465 is "submissions"

Keep "smtps" as an alias.
https://datatracker.ietf.org/doc/html/rfc8314#section-7.3

ok sthen@ florian@ kmos@

3 years agoDrop swat (tcp/901)
jca [Wed, 12 May 2021 06:45:30 +0000 (06:45 +0000)]
Drop swat (tcp/901)

The Samba Web Administration Tool has been dropped by the samba project and
TCP port 901 is not registered at IANA.  ok sthen@ florian@ kmos@

3 years agoKNF
mlarkin [Wed, 12 May 2021 04:00:46 +0000 (04:00 +0000)]
KNF

3 years agoCorrect defines for fenv rounding modes and change fenv_t and fexcept_t
jsg [Wed, 12 May 2021 02:28:25 +0000 (02:28 +0000)]
Correct defines for fenv rounding modes and change fenv_t and fexcept_t
from unsigned long long to unsigned int.

ok kettenis@

3 years agovmd(8): omit a possibly uninitialized var in a log_warnx
mlarkin [Wed, 12 May 2021 02:24:56 +0000 (02:24 +0000)]
vmd(8): omit a possibly uninitialized var in a log_warnx

Don't print 'base' since it might not be initialized in all code paths.

From James Cook

3 years agoadd a comment describing how this was created
jsg [Wed, 12 May 2021 01:24:32 +0000 (01:24 +0000)]
add a comment describing how this was created

ok deraadt@

3 years agoadd OpenBSD rcs ids
jsg [Wed, 12 May 2021 01:20:52 +0000 (01:20 +0000)]
add OpenBSD rcs ids

3 years agovmm(4): fix flawed physical cpu tracking logic in svm_run_vcpu
dv [Tue, 11 May 2021 22:04:10 +0000 (22:04 +0000)]
vmm(4): fix flawed physical cpu tracking logic in svm_run_vcpu

Replace the overly complicated logic used to track which CPU we are on
in svm_run_vcpu. This fixes an issue where ltr causes a #GP on exit in
certain conditions due to referencing the wrong GDT.

This was primarily witnessed with NixOS guests that performed a heavy
amount of disk io.

Reported by Josh Rickmar. Tested by Josh & abieber@. OK mlarkin@.

3 years agoCast printf args to remove compiler warnings.
dv [Tue, 11 May 2021 21:45:33 +0000 (21:45 +0000)]
Cast printf args to remove compiler warnings.

From Ashton Fagg. OK tb@.

3 years agoDocument SSL_CTX_get_ssl_method(3)
tb [Tue, 11 May 2021 19:48:56 +0000 (19:48 +0000)]
Document SSL_CTX_get_ssl_method(3)

3 years agoMerge some details from OpenSSL 1.1.1.
tb [Tue, 11 May 2021 18:57:17 +0000 (18:57 +0000)]
Merge some details from OpenSSL 1.1.1.

3 years agoA Data Segment Interrupt does not indicate whether it was the result
kettenis [Tue, 11 May 2021 18:21:12 +0000 (18:21 +0000)]
A Data Segment Interrupt does not indicate whether it was the result
of a read or a write fault.  Unfortunately that means we can't call
uvm_fault(), as we have to pass the right access_type.  In particular,
passing PROT_READ for write access on a write-only page will fail.
Fix this issue by inserting an appropriate SLB entry when a mapping
exists at the fault address.  A subsequent Data Storage Interrupt
will call uvm_fault() to insert a mapping for the page into the
page tables.

Fixes the sys/kern/fork-exit regress test.

Debugging done by bluhm@ and patrick@
ok bluhm@

3 years agoTemporarily release the mutex while calling sensor_task_register() as it
anton [Tue, 11 May 2021 16:40:57 +0000 (16:40 +0000)]
Temporarily release the mutex while calling sensor_task_register() as it
might end up sleeping in malloc(). This can only happen if uhidpp is the
first one calling the aforementioned routine which causes the sensors
task queue to be allocated.

Thanks to Justin Yang <linuxjustin at gmail dot com> for the report.

3 years agomissing word in previous
tb [Tue, 11 May 2021 15:31:13 +0000 (15:31 +0000)]
missing word in previous

3 years agoMerge documentation for EVP_DigestVerify() from OpenSSL 1.1.1.
tb [Tue, 11 May 2021 15:26:21 +0000 (15:26 +0000)]
Merge documentation for EVP_DigestVerify() from OpenSSL 1.1.1.

3 years agoinitial attempt at install*.img
deraadt [Tue, 11 May 2021 15:18:48 +0000 (15:18 +0000)]
initial attempt at install*.img

3 years agoMerge documentation for EVP_DigestSign from OpenSSL 1.1.1.
tb [Tue, 11 May 2021 15:14:56 +0000 (15:14 +0000)]
Merge documentation for EVP_DigestSign from OpenSSL 1.1.1.

3 years agomore whitespace cleanups
deraadt [Tue, 11 May 2021 14:58:25 +0000 (14:58 +0000)]
more whitespace cleanups

3 years agowhitespace cleanup
deraadt [Tue, 11 May 2021 14:58:08 +0000 (14:58 +0000)]
whitespace cleanup

3 years agoriscv has no delay slots, we don't need anything like this in the sigcode.
deraadt [Tue, 11 May 2021 13:56:28 +0000 (13:56 +0000)]
riscv has no delay slots, we don't need anything like this in the sigcode.
ok jsg drahn

3 years agotimeout_barrier(9), timeout_del_barrier(9): remove kernel lock
cheloha [Tue, 11 May 2021 13:29:25 +0000 (13:29 +0000)]
timeout_barrier(9), timeout_del_barrier(9): remove kernel lock

In timeout_barrier(9) we take/release the kernel lock to ensure that the
given timeout has finished running (if it had been running at all).

This approach is inefficient.  If we put a barrier timeout on the
queue and wait for it to run in cond_wait(9) we can block instead of
spinning for the kernel lock.  We already do this for process-context
timeouts in timeout_barrier(9) anyway.

Discussed with dlg@, visa@, and mpi@.

ok dlg@

3 years agoEnable iwx(4).
patrick [Tue, 11 May 2021 13:25:26 +0000 (13:25 +0000)]
Enable iwx(4).

3 years agoDon't leak fd on error.
claudio [Tue, 11 May 2021 12:09:19 +0000 (12:09 +0000)]
Don't leak fd on error.

3 years agouse FE_ALL_EXCEPT not _ROUND_MASK when masking fcsr exception bits
jsg [Tue, 11 May 2021 12:05:13 +0000 (12:05 +0000)]
use FE_ALL_EXCEPT not _ROUND_MASK when masking fcsr exception bits

3 years agoMake sure some variables are initialised since modern gcc warns about them.
claudio [Tue, 11 May 2021 11:48:02 +0000 (11:48 +0000)]
Make sure some variables are initialised since modern gcc warns about them.
Handle rrdppid like we do for all other child processes. The two warnings
in rrdp are probably false positives.
OK tb@

3 years agoArm the alarms in all childs so they terminate if the timeout is hit.
claudio [Tue, 11 May 2021 11:43:21 +0000 (11:43 +0000)]
Arm the alarms in all childs so they terminate if the timeout is hit.
Also install the special signal handler around the main poll() loop.
The main process handles SIGALRM so it can log an error to the operator
before exiting.
With and OK deraadt@

3 years agoBefore calling ASN1_time_parse() initialize the struct tm. While
claudio [Tue, 11 May 2021 11:32:51 +0000 (11:32 +0000)]
Before calling ASN1_time_parse() initialize the struct tm. While
recent libressl version initalise the struct tm properly older
versions did not and so -portable runs into problem on systems
with older libressl versions installed.
Problem found by job@
OK tb@

3 years agoregen
mvs [Tue, 11 May 2021 11:21:58 +0000 (11:21 +0000)]
regen

3 years agoUnlock shutdown(2).
mvs [Tue, 11 May 2021 11:21:31 +0000 (11:21 +0000)]
Unlock shutdown(2).

ok mpi@

3 years agoregen
mvs [Tue, 11 May 2021 11:20:51 +0000 (11:20 +0000)]
regen

3 years agoUnlock listen(2).
mvs [Tue, 11 May 2021 11:20:23 +0000 (11:20 +0000)]
Unlock listen(2).

ok mpi@

3 years agoregen
mvs [Tue, 11 May 2021 11:19:39 +0000 (11:19 +0000)]
regen

3 years agoUnlock connect(2).
mvs [Tue, 11 May 2021 11:19:10 +0000 (11:19 +0000)]
Unlock connect(2).

ok mpi@

3 years agoregen
mvs [Tue, 11 May 2021 11:18:15 +0000 (11:18 +0000)]
regen

3 years agoUnlock bind(2).
mvs [Tue, 11 May 2021 11:17:32 +0000 (11:17 +0000)]
Unlock bind(2).

ok mpi@

3 years agoSince ld.lld doesn't properly support R_RISCV_RELAX relocations, switch the
kettenis [Tue, 11 May 2021 09:36:41 +0000 (09:36 +0000)]
Since ld.lld doesn't properly support R_RISCV_RELAX relocations, switch the
default to -no-relax.

ok drahn@

3 years agoDuring a "key unset for sw crypto" panic, display more meta-data
stsp [Tue, 11 May 2021 08:46:31 +0000 (08:46 +0000)]
During a "key unset for sw crypto" panic, display more meta-data
about the offending key. This will hopefully help with debugging.

3 years agoIn hostap mode don't send data frames to nodes which aren't in state ASSOC.
stsp [Tue, 11 May 2021 08:39:32 +0000 (08:39 +0000)]
In hostap mode don't send data frames to nodes which aren't in state ASSOC.

Sending data frames to nodes in other states is wrong since the node's
data structure might not be set up properly in such states.
This could explain occasional "key unset for sw crypto" panics observed
with athn(4) hostap interfaces.

Problem reported and fix tested by Mikolaj Kucharski.

3 years agoUse non-blocking connect() to setup the RTR socket. connect() can hang for
claudio [Tue, 11 May 2021 07:57:24 +0000 (07:57 +0000)]
Use non-blocking connect() to setup the RTR socket. connect() can hang for
a long time if the IP is not reachable and would block the main process
while doing so.
Problem noticed by Pier Carlo Chiodi
OK benno@

3 years agozap stray comma
tb [Tue, 11 May 2021 04:22:32 +0000 (04:22 +0000)]
zap stray comma

3 years agoReplace unnecessary calls to EC_GROUP_get_curve_GF{p,2m}() with
tb [Mon, 10 May 2021 20:58:32 +0000 (20:58 +0000)]
Replace unnecessary calls to EC_GROUP_get_curve_GF{p,2m}() with
EC_GROUP_get_curve() and remove no longer needed prototypes.

3 years agoIt's no longer necessary to link ecdhtest statically.
tb [Mon, 10 May 2021 20:41:44 +0000 (20:41 +0000)]
It's no longer necessary to link ecdhtest statically.

3 years agoMerge documentation for EC_GROUP_{set,get}_curve(3) from OpenSSL 1.1.1.
tb [Mon, 10 May 2021 20:20:49 +0000 (20:20 +0000)]
Merge documentation for EC_GROUP_{set,get}_curve(3) from OpenSSL 1.1.1.

3 years agoMerge documentation for EC_POINT_{get,set}_coordinates and
tb [Mon, 10 May 2021 20:00:58 +0000 (20:00 +0000)]
Merge documentation for EC_POINT_{get,set}_coordinates and
for EC_POINT_set_compressed_coordinates from OpenSSL 1.1.1.

3 years agoRevert previous, it introduced a regression with breakpoints in gdb.
mpi [Mon, 10 May 2021 18:01:24 +0000 (18:01 +0000)]
Revert previous, it introduced a regression with breakpoints in gdb.

3 years agolibexpat major bump to 13.0
bluhm [Mon, 10 May 2021 17:46:56 +0000 (17:46 +0000)]
libexpat major bump to 13.0

3 years agoUpdate libexpat to 2.3.0. Relevant for OpenBSD are only bug fix
bluhm [Mon, 10 May 2021 17:36:48 +0000 (17:36 +0000)]
Update libexpat to 2.3.0.  Relevant for OpenBSD are only bug fix
#438 and other change #443.  A new error constant has been added
to a public header file.  According to guenther@ this is an ABI
break that requires a major bump.
OK tb@; tested by matthieu@

3 years agoAdd ld.script for macppc kernel, ofwboot
gkoehler [Mon, 10 May 2021 17:29:41 +0000 (17:29 +0000)]
Add ld.script for macppc kernel, ofwboot

These are copies of powerpc64/conf/ld.script with some changes for
macppc.  They work with both ld.bfd and ld.lld.

The ld.script fixes ld.lld.  Without ld.script, lld would set the
symbol "etext" to a wrong value like 0x10000034, then ofwboot would
freeze and fail to boot the kernel.  With ld.script, we PROVIDE a
correct etext.

ok kettenis@

3 years agoReplace some magic numbers with #define's. Rename GPT_get_gpt() to
krw [Mon, 10 May 2021 17:16:01 +0000 (17:16 +0000)]
Replace some magic numbers with #define's. Rename GPT_get_gpt() to
GPT_read() to match MBR_read().

No intentional functional change.