dtucker [Sun, 4 Dec 2022 11:03:11 +0000 (11:03 +0000)]
Remove duplicate includes. Patch from AtariDreams via github PR#364.
tb [Sun, 4 Dec 2022 08:22:13 +0000 (08:22 +0000)]
Fix warnings about binding changed to STB_WEAK on i386
Compiling libc on i386 results in compiler warnings for bcmp, bzero, bcopy,
brk, and sbrk. Use ENTRY_NB instead of ENTRY to avoid this.
ok jca millert
jsg [Sun, 4 Dec 2022 03:14:20 +0000 (03:14 +0000)]
regen
jsg [Sun, 4 Dec 2022 03:13:52 +0000 (03:13 +0000)]
add Intel DG1, DG2, ATS-M ids
from linux 6.1 i915_pciids.h, Mesa 22.3 iris_pci_ids.h
Intel Iris Xe MAX Graphics Open Source Programmer's Reference Manual
Volume 4: Configurations
tobhe [Sun, 4 Dec 2022 00:23:03 +0000 (00:23 +0000)]
Include endian.h for htobe32
tobhe [Sat, 3 Dec 2022 22:34:35 +0000 (22:34 +0000)]
Consistently use uintXX_t from <stdint.h> instead of u_intXX_t.
tobhe [Sat, 3 Dec 2022 21:02:27 +0000 (21:02 +0000)]
Include endian.h where needed for betohXX functions.
jca [Sat, 3 Dec 2022 15:03:49 +0000 (15:03 +0000)]
Use evcount_percpu(9) for clock interrupts
ok cheloha@
jca [Sat, 3 Dec 2022 15:02:30 +0000 (15:02 +0000)]
Add ENTRY_NB() and use it for brk.S and sbrk.S on riscv64
NB for "No Binding". This gets us rid of clang-13 warnings about
a global symbol redefined as weak. Mostly a copy of what guenther@
already implemented on other archs. ok guenther@ tb@
kettenis [Sat, 3 Dec 2022 13:42:23 +0000 (13:42 +0000)]
Rework the RTKit code such that we don't spin forever if for some reason
we don't get the expected replies from the firmware on the other side.
ok patrick@
kettenis [Sat, 3 Dec 2022 13:31:32 +0000 (13:31 +0000)]
The device tree bindings for aplcpu(4) changed once more, recycling the
"apple,cluster-cpufreq" compatible that was used for the first version.
Add support for the "new new" binding while retaining support for the
"old new" binding. Hopefully nobody is using the "old" binding anymore
now that we update the m1n1+u-boot+dtb "boot firmware" automatically on
sysupgrade.
ok patrick@, tobhe@
tb [Sat, 3 Dec 2022 11:35:34 +0000 (11:35 +0000)]
skip rust-openssl-tests on sparc64
The issue is likely that the build is trying to compile some generated
C code with the prehistoric gcc from base, so add a tentative workaround
for that. Since I don't currently have access to a sparc64 box where I
could validate this easily and check if the workaround is enough, let's
not waste lots of cycles on this.
yasuoka [Sat, 3 Dec 2022 10:57:04 +0000 (10:57 +0000)]
Modify vmt to use the buffer allocated in pvbus directly instead of
the buffer in the vmt softc when doing RPC for PVBUSIOC_KV{READ|WRITE}
ioctl.
ok asou
tb [Sat, 3 Dec 2022 09:59:19 +0000 (09:59 +0000)]
Clean up makefile
tb [Sat, 3 Dec 2022 09:55:53 +0000 (09:55 +0000)]
biotest needs bio_local.h now
Should have been part of the previous commit
tb [Sat, 3 Dec 2022 09:53:47 +0000 (09:53 +0000)]
Test BIO_{push,pop}() along a linear chain
tb [Sat, 3 Dec 2022 09:44:52 +0000 (09:44 +0000)]
More cleanup
Drop unnecessary loading of error strings, fix error path and consistently
print to stdout.
tb [Sat, 3 Dec 2022 09:37:02 +0000 (09:37 +0000)]
Refactor and fix bn_mod_exp test
The amount of copy-paste in this test led to a few bugs and it was hard to
spot them since things were done in random order. Use a different approach:
compute the result of a^b (mod m) according to BN_mod_exp_simple(), then
compare the results of all the other *_mod_exp* functions to that.
Reuse the test structure from bn_mod_exp_zero.c to loop over the list of
functions. This way we test more functions and don't forget to check some
crucial bits.
tb [Sat, 3 Dec 2022 08:21:38 +0000 (08:21 +0000)]
Add missing checks for BN_mod_exp_{non,}ct()
Someone added a few more functions to test, but forgot to check their
results, so if they would not do the expected thing that would only be
noticed if one of the already tested functions would break.
tb [Sat, 3 Dec 2022 08:05:52 +0000 (08:05 +0000)]
Fix some ancient silliness with a random byte
For nearly 25 years this test has attempted to generate random numbers of
bit length between 192 and 319 bits. Unfortunately, it used an unsigned
char so instead of generating numbers in the interval [-64..63] and add
them to 256, it used numbers in the intervals [0..63] and [192..255]...
jsg [Sat, 3 Dec 2022 03:05:13 +0000 (03:05 +0000)]
regen
jsg [Sat, 3 Dec 2022 03:04:36 +0000 (03:04 +0000)]
add AMD family 19h model 61h (Raphael) ids
initial diff from Laurence Tratt; ok mlarkin@
jsg [Sat, 3 Dec 2022 01:18:03 +0000 (01:18 +0000)]
drm/i915: fix TLB invalidation for Gen12 video and compute engines
From Andrzej Hajda
ee2d04f23bbb16208045c3de545c6127aaa1ed0e in linux 5.15.y/5.15.81
04aa64375f48a5d430b5550d9271f8428883e550 in mainline linux
tb [Fri, 2 Dec 2022 22:58:56 +0000 (22:58 +0000)]
Drop 'perhaps a little', plus grammar and spelling nits
BIO_push() and BIO_pop() are misnamed. No need to gently and politely
suggest that their 'names [...] are perhaps a little misleading'.
cheloha [Fri, 2 Dec 2022 22:36:34 +0000 (22:36 +0000)]
midicat(1): use err(3) everywhere
This is consistent with style(9) and makes the program shorter, too.
Tweaked by ratchov@.
Link: https://marc.info/?l=openbsd-tech&m=166982129428027&w=2
ok millert@ kn@ ratchov@
cheloha [Fri, 2 Dec 2022 22:29:59 +0000 (22:29 +0000)]
midicat(1): set ifile/ofile to "stdin"/"stdout" if it is an en-dash ("-")
This makes error messages a little bit more intuitive. Instead of, e.g.:
midicat: -: No space left on device
you get:
midicat: stdout: No space left on device
Link: https://marc.info/?l=openbsd-tech&m=166982129428027&w=2
ok millert@ kn@ ratchov@
cheloha [Fri, 2 Dec 2022 22:21:35 +0000 (22:21 +0000)]
midicat(1): add a usage() function
Tweaked by millert@.
Link: https://marc.info/?l=openbsd-tech&m=166982129428027&w=2
ok millert@ kn@ ratchov@
tb [Fri, 2 Dec 2022 19:44:04 +0000 (19:44 +0000)]
Revert bio_prev removal
As schwarze points out, you can pop any BIO in a chain, not just the first
one (bonus points for a great name for this API).
The internal doubly linked was used to fix up the BIO chain bio was part
of when you BIO_pop() a bio that wasn't in the first position, which is
explicitly allowed in our documentation and implied by OpenSSL's.
tb [Fri, 2 Dec 2022 18:31:40 +0000 (18:31 +0000)]
bn_mod_exp.c: printing to stdout needs no BIO
tb [Fri, 2 Dec 2022 18:24:01 +0000 (18:24 +0000)]
bn_mod_exp: we have a BN_CTX available...
Use BN_CTX_get() instead of BN_new()/BN_free().
tb [Fri, 2 Dec 2022 17:42:45 +0000 (17:42 +0000)]
Check BN_rand() and BN_mod() return values
CID 430848
CID 430849
tb [Fri, 2 Dec 2022 17:34:26 +0000 (17:34 +0000)]
Link new bn_mod_exp_zero test to build
tb [Fri, 2 Dec 2022 17:33:38 +0000 (17:33 +0000)]
Rewrite the tests that various modular exponentiation functions
compute a^0 = 0 (mod 1) for all a from scratch.
kn [Fri, 2 Dec 2022 15:35:35 +0000 (15:35 +0000)]
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface
through the single-user SIOCGIFINFO_IN6:
$ ndp -i lo0
basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017
sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface
allocated struct nd_ifinfo to what is actually needed and inline
nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
kn [Fri, 2 Dec 2022 12:58:37 +0000 (12:58 +0000)]
Remove useless variable, simplify code
Using a local `duplicate' variable to defer the actual checks by a few
lines, interleaved with comments (saying the same thing but negated),
is harder to follow that neccessary.
Fold the logic and merge comments (remove the last obvious one missing
a negation) to save 20 LOC.
OK bluhm
kn [Fri, 2 Dec 2022 12:56:51 +0000 (12:56 +0000)]
Unlock in6_ioctl_get() aka. SIOCGIF{DSTADDR,NETMASK,AFLAG,ALIFETIME}_IN6
First the right address is picked from the net lock protected if_addrlist.
Then all ioctls just copy out the address, nothing requires the kernel lock.
SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags,
SIOCGIFALIFETIME_IN6 computes lifetimes which only need the address.
This removes the last kernel lock from IPv6 read ioctls (multicast being
the untouched exception here).
Users of these ioctl(2)s are route6d(8), rad(8), slaacd(8), isakmpd(8) and
of course ifconfig(8).
OK mvs
sthen [Fri, 2 Dec 2022 12:51:22 +0000 (12:51 +0000)]
sync
jca [Fri, 2 Dec 2022 12:27:08 +0000 (12:27 +0000)]
Drop _C_LABEL() uses in riscv64-specific code
_C_LABEL() was useful in the a.out->ELF transition days, way before
RISC-V was a thing.
Also drop uses of _ASM_LABEL() while here, suggested by guenther@
ok guenther@
martijn [Fri, 2 Dec 2022 10:57:12 +0000 (10:57 +0000)]
When checking if we're implied we must also check if we're working on a
string or an oid, else we can generate invalid OIDs.
Found by bluhm@ on powerpc64
OK bluhm@
tb [Fri, 2 Dec 2022 08:30:54 +0000 (08:30 +0000)]
libcrypto/bn: switch back to manual regress targets
The previous change had the undesired side effect of running the super
verbose run-regress-bn_test.
jsg [Fri, 2 Dec 2022 07:30:53 +0000 (07:30 +0000)]
regen
jsg [Fri, 2 Dec 2022 07:29:30 +0000 (07:29 +0000)]
add Intel Optane SSD DC P5800X
from Andreas Bartelt
djm [Fri, 2 Dec 2022 04:40:27 +0000 (04:40 +0000)]
make struct sshbuf private and remove an unused field; ok dtucker
tb [Fri, 2 Dec 2022 01:15:11 +0000 (01:15 +0000)]
regres/libssl/unit: simplify Makefile
tb [Fri, 2 Dec 2022 01:09:04 +0000 (01:09 +0000)]
Use regress framework rather than handrolling it
tb [Fri, 2 Dec 2022 00:55:57 +0000 (00:55 +0000)]
Use the default targets from bsd.regress.mk as far as possible
tb [Fri, 2 Dec 2022 00:47:32 +0000 (00:47 +0000)]
Let bsd.regress.mk take care of running tests
tb [Fri, 2 Dec 2022 00:01:06 +0000 (00:01 +0000)]
bn_add_sub: no need for a BIO to print to stderr
tb [Thu, 1 Dec 2022 23:03:40 +0000 (23:03 +0000)]
Unhook exp
tb [Thu, 1 Dec 2022 22:55:40 +0000 (22:55 +0000)]
Fix typo, move one .PHONY target nearer to the target itself
tb [Thu, 1 Dec 2022 22:41:46 +0000 (22:41 +0000)]
zap extra blank line
tb [Thu, 1 Dec 2022 22:31:59 +0000 (22:31 +0000)]
Check that the bn_isqrt -C output isn't changed
bn_isqrt -C generates code included in lib/libcrypto/lib/bn_isqrt.c. The
regress tests already ensure that the content of the tables don't change.
Ensure further that the code generation doesn't get out of sync.
tb [Thu, 1 Dec 2022 21:59:54 +0000 (21:59 +0000)]
Update reference to table generation
tb [Thu, 1 Dec 2022 21:21:51 +0000 (21:21 +0000)]
regress/libcrypto: merge exp/ into bn/
Move exp/exptest.c to bn/bn_mod_exp.c. This is a BN test that mostly tests
a variety of BN_mod_exp*() API behavior and correctness.
Commit stolen from jsing
tb [Thu, 1 Dec 2022 21:13:58 +0000 (21:13 +0000)]
Silence this test and sprinkle some KNF
This test is fast enough even on very slow machines that printing dots
doesn't seem necessary.
tb [Thu, 1 Dec 2022 20:50:10 +0000 (20:50 +0000)]
Flatten structure of libcrypto/bn tests
The bn tests were distributed into three subdirectories rather randomly.
It's cleaner and easier to maintain if all this is in a single directory.
Use consistent names for the .c files, unify handling of the tests with
the exception of bn_test, which is special.
Discussed with jsing
tb [Thu, 1 Dec 2022 14:32:06 +0000 (14:32 +0000)]
Test prime constants exposed in public BN API
Run the prime constants exposed in BN_get0_nist_prime_*() and
BN_get_rfc3526_prime_*() through Ballie-PSW.
tb [Thu, 1 Dec 2022 13:55:22 +0000 (13:55 +0000)]
Make tests silent on success.
Also, run all x25519 tests, don't stop on first failure.
tb [Thu, 1 Dec 2022 13:49:12 +0000 (13:49 +0000)]
Refrain from printing SUCCESS in some of my tests
Silence is good. On failure, the regress framework will make it clear.
job [Thu, 1 Dec 2022 12:41:34 +0000 (12:41 +0000)]
Align uppercase / lowercase pattern
bluhm [Thu, 1 Dec 2022 12:13:59 +0000 (12:13 +0000)]
Run test in current directory. Copy test files to regress obj dir
dynamically. Check error code of keynote.
OK tb@
claudio [Thu, 1 Dec 2022 10:24:28 +0000 (10:24 +0000)]
Adjust comment for rtype_from_mftfile(). It is important that RTYPE_INVALID
is not an error. It marks file as not handled by rpki-client and they will
be ignored after checking that the provided hash matches.
New file types should only be added once the needed code in parse_entity() is
available.
OK tb@ job@
claudio [Thu, 1 Dec 2022 09:16:43 +0000 (09:16 +0000)]
Fix typo in variable peer_message_receive
Noticed by tb@
claudio [Thu, 1 Dec 2022 09:14:40 +0000 (09:14 +0000)]
Extend and rename ometric_set_int_with_label to ometric_set_int_with_labels
Instead of passing a single key value pair allow for multiple keys and values.
This is needed for rpki-client where 2 extra key value pairs are needed for
some values. To simplify passing simple values introduce a OKV() macro
which creates a compound literal array with the NULL terminal.
OK tb@
florian [Thu, 1 Dec 2022 07:34:06 +0000 (07:34 +0000)]
Oops, the tweak was not correct, go with my original version.
Pointed out by tb.
florian [Thu, 1 Dec 2022 07:11:17 +0000 (07:11 +0000)]
Make sure the length of an unknown IP option is sensible.
For example, an unknown option with length 0 would result in an
infinite loop.
bluhm points out that the network stack in the kernel would not let
such packets through to userland.
tweak & OK miod
OK bluhm
tb [Thu, 1 Dec 2022 05:33:55 +0000 (05:33 +0000)]
Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated
tb [Thu, 1 Dec 2022 05:27:04 +0000 (05:27 +0000)]
Annotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unused
tb [Thu, 1 Dec 2022 05:20:30 +0000 (05:20 +0000)]
Retire X509_V_FLAG_CB_ISSUER_CHECK
This flag has been deprecated in OpenSSL 1.1 and has not had an effect
since. This way we can simplify the default check_issued() callback,
which helpfully has its arguments reversed compared to the public API
X509_check_issued().
ok jsing
tb [Thu, 1 Dec 2022 05:16:08 +0000 (05:16 +0000)]
Getters and setters for the check_issued() callback
Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along
with X509_STORE_{get,set}_check_issued(). As you would expect, they all
return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const
in OpenSSL 1.1, but they now are in OpenSSL 3...
These will be made available in the next minor bump and will ship in the
stable release of LibreSSL 3.7
Part of OpenSSL commit
1060a50b
See also https://github.com/libressl-portable/portable/issues/748
ok beck jsing
jsing [Thu, 1 Dec 2022 02:58:40 +0000 (02:58 +0000)]
BN_one() can fail, check its return value.
jsing [Thu, 1 Dec 2022 02:58:31 +0000 (02:58 +0000)]
BN_one() can fail, check its return value.
ok tb@
dtucker [Thu, 1 Dec 2022 02:22:13 +0000 (02:22 +0000)]
Clean up ssh-add and ssh-agent logs.
dtucker [Thu, 1 Dec 2022 02:19:29 +0000 (02:19 +0000)]
Log output of ssh-agent and ssh-add to make debugging easier.
guenther [Thu, 1 Dec 2022 00:26:15 +0000 (00:26 +0000)]
_C_LABEL() is no longer useful in the "everything is ELF" world.
Start eliminating it.
ok mpi@ mlarkin@ krw@
millert [Wed, 30 Nov 2022 17:59:46 +0000 (17:59 +0000)]
Update to 2022ggtz from https://github.com/JodaOrg/global-tz
Major changes:
* The northern edge of Chihuahua changes to US timekeeping.
* Much of Greenland stops changing clocks after March 2023.
* Fix some pre-1996 timestamps in northern Canada.
cheloha [Wed, 30 Nov 2022 14:56:45 +0000 (14:56 +0000)]
midicat.c: add missing CVS tag; ok millert@
kn [Wed, 30 Nov 2022 14:01:02 +0000 (14:01 +0000)]
Unlock nd6_ioctl(), push kernel lock into in6_ioctl_{get,change_ifaddr}()
Neighbour Discovery information is protected by the net lock, as
documented in nd6.h struct nd_ifinfo.
ndp(8) is the only SIOCGIFINFO_IN6 and SIOCGNBRINFO_IN6 user in base.
nd6_lookup(), also used in ICMP6 input and IPv6 forwarding, only needs
the net lock.
OK mvs
kn [Wed, 30 Nov 2022 13:58:39 +0000 (13:58 +0000)]
Use shared socket/net lock for IP sockets
so{,un}lock_shared() take the shared net lock for PF_INET and PF_INET6
while sticking to the exclusive rwlock elsewhere.
getsockopt(2), getsockname(2) and getpeername(2) (all UNLOCK) do not
write, so the exclusive net lock is overkill here.
OK mvs
tb [Wed, 30 Nov 2022 12:42:24 +0000 (12:42 +0000)]
Switch idiom of d2i_ECDSA_SIG() invocation
Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the
recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference
here, it's better practice.
suggested by & ok markus
tb [Wed, 30 Nov 2022 10:47:30 +0000 (10:47 +0000)]
Link libkeynote to regress.
tb [Wed, 30 Nov 2022 10:47:05 +0000 (10:47 +0000)]
Resurrect the libkeynote testsuite
This was part of the lib/libkeynote/Makefile.in r1.12 removed in 2004 by
msf. It would have caught the bug fixed by markus and bluhm in
lib/libkeynote/signature.c r1.30.
bluhm [Wed, 30 Nov 2022 10:40:23 +0000 (10:40 +0000)]
Passing preallocated keys to d2i_RSAPublicKey() does not work anymore
with LibreSSL. This caused a crash in isakmpd with libkeynote.
Better pass NULL and let libcrypto do the allocation.
from markus@; OK tb@
mvs [Wed, 30 Nov 2022 10:21:29 +0000 (10:21 +0000)]
regen
mvs [Wed, 30 Nov 2022 10:20:37 +0000 (10:20 +0000)]
Unlock getsockopt(2) and setsockopt(2). Unlock them both because at
protocol layer they follow the same (*pr_ctloutput)() handlers.
At sockets layer we touch only per-socket data, which is solock()
protected.
At protocol layer, udp(4), unix(4) and key management sockets have no
(*pr_ctloutput)() handlers. route_ctloutput() touches only per socket
data, which is solock() protected. inet{,6} globals are protected by
netlock, which is solock() backend for corresponding sockets.
ok bluhm@
claudio [Wed, 30 Nov 2022 10:15:01 +0000 (10:15 +0000)]
Pass a FILE pointer to ometric_output_all() and use fprintf() instead of
printing to stdout by default. Additionally check if fprintf() fails and
return -1 in that case. With this ometric code can be used in rpki-client.
OK tb@
patrick [Wed, 30 Nov 2022 09:52:13 +0000 (09:52 +0000)]
Provide default address for qcpwm(4), as Linux upstream removed it from
the device tree.
job [Wed, 30 Nov 2022 09:12:50 +0000 (09:12 +0000)]
Remove unused includes
OK claudio@
job [Wed, 30 Nov 2022 09:12:34 +0000 (09:12 +0000)]
Remove unused includes
OK claudio@
job [Wed, 30 Nov 2022 09:03:44 +0000 (09:03 +0000)]
Remove unused includes
OK claudio@
job [Wed, 30 Nov 2022 09:02:58 +0000 (09:02 +0000)]
Remove unused include
OK claudio@
job [Wed, 30 Nov 2022 08:17:21 +0000 (08:17 +0000)]
Remove unused sys/socket.h include
OK claudio@
job [Wed, 30 Nov 2022 08:16:10 +0000 (08:16 +0000)]
Remove unused ctype.h include
OK tb@
jsing [Wed, 30 Nov 2022 03:08:39 +0000 (03:08 +0000)]
Rewrite bn_correct_top().
bn_correct_top() is currently a macro and far more complex than it needs
to be - rewrite it as a function.
ok tb@
kn [Wed, 30 Nov 2022 02:54:15 +0000 (02:54 +0000)]
add configtest; OK martijn
jsing [Wed, 30 Nov 2022 02:52:25 +0000 (02:52 +0000)]
Fix return values bug in BN_ucmp().
BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however
it currently returns other negative and positive values when the top of
a and b differ. Correct this.
ok tb@
jsing [Wed, 30 Nov 2022 02:51:05 +0000 (02:51 +0000)]
Add regress coverage for BN_cmp()/BN_ucmp().
Some tests current fail due to a bug in BN_ucmp(), which will be fixed
soon.
jsing [Wed, 30 Nov 2022 01:56:18 +0000 (01:56 +0000)]
Mostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.
For various historical reasons, there are a number of cases where our
BIO_read() and BIO_write() return slightly different values to what
OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which
differs from OpenSSL 3.x). Mostly align these - some further work will be
needed.
Issue raised by tb@ who also wrote some test code.
jsing [Wed, 30 Nov 2022 01:47:19 +0000 (01:47 +0000)]
Mop up more BN_DEBUG related code.
dtucker [Tue, 29 Nov 2022 22:41:14 +0000 (22:41 +0000)]
Add void to client_repledge args to fix compiler warning. ok djm@