openbsd
3 years agoCache implementation has changed, we do not hold on to an exact number
otto [Fri, 9 Apr 2021 06:04:15 +0000 (06:04 +0000)]
Cache implementation has changed, we do not hold on to an exact number
of pages anymore, but also cache larger regions; ok tb@

3 years agoFix release time
tb [Fri, 9 Apr 2021 05:54:00 +0000 (05:54 +0000)]
Fix release time

ok deraadt

3 years agoExpose two extra metrics via JSON
job [Thu, 8 Apr 2021 19:49:27 +0000 (19:49 +0000)]
Expose two extra metrics via JSON

This removes some of the needs of rpki-client affiniadios who
screen-scrape rpki-client's STDOUT.

OK deraadt@

3 years agosync
deraadt [Thu, 8 Apr 2021 19:14:26 +0000 (19:14 +0000)]
sync

3 years agoIncrease buffer size for http_info a bit. 64 chars is a bit short for
claudio [Thu, 8 Apr 2021 18:35:02 +0000 (18:35 +0000)]
Increase buffer size for http_info a bit. 64 chars is a bit short for
RRDP URLs.

3 years agoRefactor the regular and chunked data write so that one function can
claudio [Thu, 8 Apr 2021 18:32:55 +0000 (18:32 +0000)]
Refactor the regular and chunked data write so that one function can
handle both cases. Simplifies the code a fair bit.
OK tb@

3 years agoDo not request unused "classless-static-routes" dhcp-options(5)
kn [Thu, 8 Apr 2021 17:29:17 +0000 (17:29 +0000)]
Do not request unused "classless-static-routes" dhcp-options(5)

Doing so implies support for it, but dhcpleased(8) currently ingores it
entirely and does not configure any route from it.

As per RFC 3442 servers SHOULD NOT respond with a "routers" option when
"classless-static-routes" is set.

dhcpd(8)/dhcpd.conf(5) follows that, hence requesting but not using static
routes results in not installing any routes at all.

Stop signaling support for this option and only request "routers" such that
dhcpleased continues to install a default route and properly ignores the
unsupported option if used by the server.

Report from Uwe Werler <uwe @ werler dot is> about a default route not
being set when requesting the "classless-static-routes" dhcp-options(5)
from dhcpd(8), thanks!

OK florian

3 years agoEnable test-cve-2016-6309.py
tb [Thu, 8 Apr 2021 17:11:43 +0000 (17:11 +0000)]
Enable test-cve-2016-6309.py

3 years agoSwitch logic from != to ==. Makes the code easier to read.
claudio [Thu, 8 Apr 2021 17:07:55 +0000 (17:07 +0000)]
Switch logic from != to ==. Makes the code easier to read.

3 years agoChange the order of the poll loop to first process active http connections
claudio [Thu, 8 Apr 2021 16:56:34 +0000 (16:56 +0000)]
Change the order of the poll loop to first process active http connections
and then accept new ones. This way there is no risk of processing a new
connection before poll() was called.
OK tb@ as part of a larger diff

3 years agoShuffle deck chairs so that the order is more logical (at least for me).
claudio [Thu, 8 Apr 2021 16:46:59 +0000 (16:46 +0000)]
Shuffle deck chairs so that the order is more logical (at least for me).
No functional change.

3 years agoPrevent a use-after-free access in case of a http redirect by also clearing
claudio [Thu, 8 Apr 2021 16:43:08 +0000 (16:43 +0000)]
Prevent a use-after-free access in case of a http redirect by also clearing
the conn->res pointer after calling freeaddrinfo().
OK tb@ (as part of a bigger diff)

3 years agoMore cleanup of the main function. Use a loop to collect all childs with
claudio [Thu, 8 Apr 2021 16:32:42 +0000 (16:32 +0000)]
More cleanup of the main function. Use a loop to collect all childs with
waitpid() and print if they exited non-zero or by a signal. Also adjust
the poll hangup case to exit the poll loop instead of erroring out. This
way a crashed child should be reported before exit.
OK job@ tb@

3 years agoMissing setproctitle("rrdp") noticed by deraadt@
claudio [Thu, 8 Apr 2021 15:31:14 +0000 (15:31 +0000)]
Missing setproctitle("rrdp") noticed by deraadt@

3 years agoLog the key written to the terminal as well as tmux's idea of what it
nicm [Thu, 8 Apr 2021 14:16:12 +0000 (14:16 +0000)]
Log the key written to the terminal as well as tmux's idea of what it
is.

3 years agoreword manpage on -n
job [Thu, 8 Apr 2021 14:03:32 +0000 (14:03 +0000)]
reword manpage on -n

OK claudio@

3 years agoThe path with the *highest* local weight is selected
danj [Thu, 8 Apr 2021 11:56:30 +0000 (11:56 +0000)]
The path with the *highest* local weight is selected

ok kn

3 years agofix SEE ALSO, and tidy up the text a little;
jmc [Thu, 8 Apr 2021 11:53:16 +0000 (11:53 +0000)]
fix SEE ALSO, and tidy up the text a little;

3 years agotidy up AUTHORS with -nosplit;
jmc [Thu, 8 Apr 2021 11:52:27 +0000 (11:52 +0000)]
tidy up AUTHORS with -nosplit;

3 years agoAvoid clobbering the error code when sending an alert
tb [Wed, 7 Apr 2021 21:48:23 +0000 (21:48 +0000)]
Avoid clobbering the error code when sending an alert

In order to fail gracefully on encountering a self-signed cert, curl looks
at the top-most error on the stack and needs specific SSL_R_ error codes.
This mechanism was broken when the tls13_alert_sent_cb() was added after
people complained about unhelpful unknown errors. Fix this by only setting
the error code from a fatal alert if no error has been set previously.

Issue reported by Christopher Reid

ok jsing

3 years agoUse ERR_print_error_fp() to avoid leaking a BIO in fatal()
tb [Wed, 7 Apr 2021 17:21:40 +0000 (17:21 +0000)]
Use ERR_print_error_fp() to avoid leaking a BIO in fatal()

3 years agographaudio(4)
kettenis [Wed, 7 Apr 2021 17:13:38 +0000 (17:13 +0000)]
graphaudio(4)

3 years agoAdd graphaudio(4), a driver to support linking together audio components
kettenis [Wed, 7 Apr 2021 17:12:22 +0000 (17:12 +0000)]
Add graphaudio(4), a driver to support linking together audio components
based on the audio graph description that uses ports and endpoints in
the device tree.

ok patrick@

3 years agoIn some cases the http process terminates and Theo's and my theory is that
claudio [Wed, 7 Apr 2021 16:40:38 +0000 (16:40 +0000)]
In some cases the http process terminates and Theo's and my theory is that
this is caused by a SIGPIPE. So add a handler that will abort the process
and dump core.
OK deraadt@

3 years agoAdd support for the fractional dividers for the i2s clocks.
kettenis [Wed, 7 Apr 2021 16:35:02 +0000 (16:35 +0000)]
Add support for the fractional dividers for the i2s clocks.
Fixes audio on the pinebook pro.

ok kn@, patrick@

3 years agoFree the parser then close the file. Seems like the better order.
claudio [Wed, 7 Apr 2021 16:29:14 +0000 (16:29 +0000)]
Free the parser then close the file. Seems like the better order.

3 years ago"oldlladddr" -> "oldlladdr" in fatal() verbiage.
krw [Wed, 7 Apr 2021 16:09:40 +0000 (16:09 +0000)]
"oldlladddr" -> "oldlladdr" in fatal() verbiage.

3 years agominor KNF found while hunting for a bug
deraadt [Wed, 7 Apr 2021 16:06:37 +0000 (16:06 +0000)]
minor KNF found while hunting for a bug

3 years agoRestore previous behaviour so that C-X remains the same as C-x. Instead,
nicm [Wed, 7 Apr 2021 15:46:12 +0000 (15:46 +0000)]
Restore previous behaviour so that C-X remains the same as C-x. Instead,
translate incoming extended keys so that they are consistent.

3 years agoHandle bind() failure like connect() or socket() failure and try next
claudio [Wed, 7 Apr 2021 14:26:21 +0000 (14:26 +0000)]
Handle bind() failure like connect() or socket() failure and try next
address if available. No other tools consider bind() errors as non-fatal
warnings so rpki-client should not behave different.
OK tb@

3 years agoWhen merging a repo even files to delete can be part of the temporary
claudio [Wed, 7 Apr 2021 14:19:31 +0000 (14:19 +0000)]
When merging a repo even files to delete can be part of the temporary
work dir. So unlink can return an ENOENT error for the main repo. In
which case the temp dir should be tried.
Refactor this code a bit since there is no way rrdp_filename() should
fail in this part of the code.
OK tb@

3 years agoAdd a current_file format for the config file being parsed. Originally
nicm [Wed, 7 Apr 2021 12:50:12 +0000 (12:50 +0000)]
Add a current_file format for the config file being parsed. Originally
suggested by kn@, also GitHub issue 2638.

3 years agoWhen display-message used in config file, show the message after the
nicm [Wed, 7 Apr 2021 12:49:33 +0000 (12:49 +0000)]
When display-message used in config file, show the message after the
config file finishes. GitHub issue 2637.

3 years agoCheck function return value in openssl(1) x509.c
inoguchi [Wed, 7 Apr 2021 10:44:03 +0000 (10:44 +0000)]
Check function return value in openssl(1) x509.c

input from bcook@, ok and comments from tb@

3 years agoAvoid leak in error path
inoguchi [Wed, 7 Apr 2021 10:29:58 +0000 (10:29 +0000)]
Avoid leak in error path

ok and input from tb@

3 years agoFixes for extended keys: 1) allow C-x and C-X to be bound separately
nicm [Wed, 7 Apr 2021 07:30:02 +0000 (07:30 +0000)]
Fixes for extended keys: 1) allow C-x and C-X to be bound separately
since some terminals report them differently 2) use the "backspace"
option to translate backspace 3) map ctrl which are have the ctrl
implied (such as C-x) properly when the terminal reports both the key
and the modifier.

Note that any key bindings for C-X where C-x is meant must now be
changed.

3 years agoback out r1.22, ie, don't blindly trim the FCS on rxed packets.
dlg [Wed, 7 Apr 2021 06:52:22 +0000 (06:52 +0000)]
back out r1.22, ie, don't blindly trim the FCS on rxed packets.

there's been multiple reports of severely reduced throughput using
ure(4) since 1.22 was committed, but all the gear we have to play
with is fine with it. i'm backing the diff out until we can get a
better handle on the problem

discussed with and ok kevlo@ jmatthew@

3 years agodisable POOL_DEBUG for release
jsg [Wed, 7 Apr 2021 00:16:00 +0000 (00:16 +0000)]
disable POOL_DEBUG for release
ok deraadt@

3 years agoAdd TEST_SSH_ELAPSED_TIMES environment variable to print the elapsed
dtucker [Tue, 6 Apr 2021 23:57:56 +0000 (23:57 +0000)]
Add TEST_SSH_ELAPSED_TIMES environment variable to print the elapsed
time in seconds of each test.  This depends on "date +%s" which is not
specified by POSIX but is commonly implemented.

3 years agoinclude "ssherr.h" not <ssherr.h>; from Balu Gajjala via bz#3292
djm [Tue, 6 Apr 2021 23:24:30 +0000 (23:24 +0000)]
include "ssherr.h" not <ssherr.h>; from Balu Gajjala via bz#3292

3 years agohandle_client() doesn't need to return a value
jca [Tue, 6 Apr 2021 22:12:48 +0000 (22:12 +0000)]
handle_client() doesn't need to return a value

Its caller doesn't use the return value so zap it.  Also zap tentative
error handling in the caller.  ok kn@

3 years agoMissing indentation, ok kn@
jca [Tue, 6 Apr 2021 22:10:12 +0000 (22:10 +0000)]
Missing indentation, ok kn@

3 years agoBump APMD_VNO, for the size of struct apm_reply has changed
jca [Tue, 6 Apr 2021 22:09:56 +0000 (22:09 +0000)]
Bump APMD_VNO, for the size of struct apm_reply has changed

ok kn@

3 years agoMake apm(8) report apmd(8) failure
kn [Tue, 6 Apr 2021 20:30:32 +0000 (20:30 +0000)]
Make apm(8) report apmd(8) failure

apm(8) never got the result of the requested power action carried out by
apmd(8), so apm(4) errors got silently discarded;  for example, zzz(8)
would merely print "Suspending system..." and exit zero on platforms
lacking suspend/resume support.

Enrich reply messages from apmd to apm with an error field containing the
failed ioctl(2)'s errno if need be.

Hoist apmd's power action dispatch into handle_client() so it can write the
error in the first place before replying.

OK dv

3 years agoShared semaphores are not supported
kn [Tue, 6 Apr 2021 19:59:32 +0000 (19:59 +0000)]
Shared semaphores are not supported

Shared semaphores were reverted with lib/librthread/rthread_sem.c r1.18
in 2013 but corresponding manual bits were not;  revert sem_init.3 r1.6
(modulo the unrelated "named semaphores" hunk).

Reported by Rubén Llorente, thanks.
Prodding OK jmc

3 years agoconvert UTF-8 to plain ascii, spotted by florian
sthen [Tue, 6 Apr 2021 19:10:42 +0000 (19:10 +0000)]
convert UTF-8 to plain ascii, spotted by florian

3 years agomerge NSD 4.3.6
sthen [Tue, 6 Apr 2021 18:57:55 +0000 (18:57 +0000)]
merge NSD 4.3.6

3 years agomerge NSD 4.3.6
sthen [Tue, 6 Apr 2021 18:51:46 +0000 (18:51 +0000)]
merge NSD 4.3.6

3 years agoDo not return when a hash check failed in rrdp_data_handler() instead
claudio [Tue, 6 Apr 2021 18:35:46 +0000 (18:35 +0000)]
Do not return when a hash check failed in rrdp_data_handler() instead
let the code progress to set the state to RRDP_STATE_PARSE_DONE and
call rrdp_finished() since this transfer is over.
Should fix a hang seen by deraadt@
OK tb@

3 years agouppercase "HTTP";
jmc [Tue, 6 Apr 2021 18:29:43 +0000 (18:29 +0000)]
uppercase "HTTP";

3 years agouse errx() instead of err()
tb [Tue, 6 Apr 2021 16:40:34 +0000 (16:40 +0000)]
use errx() instead of err()

3 years agospaces -> tabs
tb [Tue, 6 Apr 2021 16:30:27 +0000 (16:30 +0000)]
spaces -> tabs

3 years agoMention the http client in two places.
tb [Tue, 6 Apr 2021 15:22:30 +0000 (15:22 +0000)]
Mention the http client in two places.

ok claudio

3 years agominor style tweaks
tb [Tue, 6 Apr 2021 15:00:19 +0000 (15:00 +0000)]
minor style tweaks

3 years agoPrint all mount(2) flags in ddb's "show all mounts"
kn [Tue, 6 Apr 2021 14:17:35 +0000 (14:17 +0000)]
Print all mount(2) flags in ddb's "show all mounts"

Quite a few flags were never accounted for in MNT_BITS, resulting in bogus
debug output such as "flags 4205800<WXALLOWED,LOCAL,ROOTFS>" (integer value
does not match string interpretation, i.e. "SOFTDEP,SWAPPABLE" is missing).

Spotted while instrumenting "show all mounts" to report a softdep panic.

Feedback OK visa

3 years agoCleanup http_connect() and make it look more like the example in
claudio [Tue, 6 Apr 2021 12:35:24 +0000 (12:35 +0000)]
Cleanup http_connect() and make it look more like the example in
getaddrinfo(3). Most notable change is the error reporting.
Do not warn if cause is not set. In this case the last connect attempt
failed but there is no alternate address to use. Since that error was
already logged there is no need for an extra warning here.
OK job@

3 years agoMove the http_fail() call out of http_free(). Doing the error reporting
claudio [Tue, 6 Apr 2021 12:30:43 +0000 (12:30 +0000)]
Move the http_fail() call out of http_free(). Doing the error reporting
there is not quite right.
OK job@

3 years agoKill unused globals and swap the POLLIN and POLLOUT handler for the
claudio [Tue, 6 Apr 2021 12:28:56 +0000 (12:28 +0000)]
Kill unused globals and swap the POLLIN and POLLOUT handler for the
pipe to the main process.
OK job@

3 years agoDon't check return value of unsetenv(). It's part of the environment
dtucker [Tue, 6 Apr 2021 09:07:33 +0000 (09:07 +0000)]
Don't check return value of unsetenv().  It's part of the environment
setup and not part of the actual test, and some platforms -portable runs
on declare it as returning void, which prevents the test from compiling.

3 years agouse "braces" consistenly; fastcgi can take multiple options;
jmc [Tue, 6 Apr 2021 06:28:38 +0000 (06:28 +0000)]
use "braces" consistenly; fastcgi can take multiple options;
original issue and text from laurence tratt, with updates from raf czlonka

3 years agoRestore EPT protection checks on VMX when using VMM_IOC_MPROTECT_EPT
dv [Tue, 6 Apr 2021 00:19:58 +0000 (00:19 +0000)]
Restore EPT protection checks on VMX when using VMM_IOC_MPROTECT_EPT

A prior fix related to lack of TLB flushing accidentally removed the
fault type checks related to the access protection features available
via the VMM_IOC_MPROTECT_EPT ioctl. This restores the same logic for
checking the fault type and the exit to userland if the fault is due
to EPT access protections.

While here, update the comment for vmx_fault_page to accurately
reflect the various potential return values.

Reported by Adam Steen.

OK mlarkin@

3 years agoregen
mglocker [Mon, 5 Apr 2021 20:46:06 +0000 (20:46 +0000)]
regen

3 years agoAdd a new quirk flag to not attach video devices which aren't supported by
mglocker [Mon, 5 Apr 2021 20:45:49 +0000 (20:45 +0000)]
Add a new quirk flag to not attach video devices which aren't supported by
uvideo(4) currently, like the Chicony Integrated IR Camera.  This is
especially helpful when you have two video devices of which the unsupported
one is attached first as reported by martijn@.

OK gnezdo@

3 years agoImprove rdmsr/wrmsr exit handling for both AMD SVM and Intel VMX.
dv [Mon, 5 Apr 2021 18:26:45 +0000 (18:26 +0000)]
Improve rdmsr/wrmsr exit handling for both AMD SVM and Intel VMX.

At some point, the logic for handling vmexits related to msr access
changed and the handling for SVM diverged from VMX. While booting the
newest 9front release, abieber@ noticed boot loops on an AMD host.

This commit changes the behavior to be the same between SVM and VMX hosts,
with the exception of a single MSR, and enforces that any rdmsr
instruction must be explicitly handled otherwise a #GP is injected into
the guest. Any wrmsr instructions that are not explicitly handled are
ignored (%rax, %rdx set to 0).

The PAT msr is now shadowed, allowing guests to read a copy of the host
PAT. Their writes are stored in guest vcpu state and not passed through to
the host cpu. (PAT writes are validated, however, and invalid values
inject #GP.)

tested by brynet@, abieber@
ok brynet@, mlarkin@

3 years agominor KNF
deraadt [Mon, 5 Apr 2021 18:17:37 +0000 (18:17 +0000)]
minor KNF

3 years agoSupport booting from compressed kernel images.
dv [Mon, 5 Apr 2021 18:09:48 +0000 (18:09 +0000)]
Support booting from compressed kernel images.

The bsd.rd ramdisk now ships gzip'd on amd64. Use libz in base to
transparently handle decompression of any compressed kernel images.

Patch from Josh Rickmar.

ok kn@

3 years agougold(4): add support for TEMPerGold & more TEMPerHUM devices
landry [Mon, 5 Apr 2021 16:26:06 +0000 (16:26 +0000)]
ugold(4): add support for TEMPerGold & more TEMPerHUM devices

originally from mlarkin@ for TEMPerGold_V3.1 (only a temperature sensor),
i just added TEMPerX variants to the mix - all those devices share the
same usb product id (boo), so differentiate them on the firmware string...
even if the device is labelled as TEMPerHUM and has a blue TXT button on
it, its firmware reports itself as TEMPerX_V3.3.

ok jung@ sthen@ mlarkin@

3 years agosync
landry [Mon, 5 Apr 2021 16:18:32 +0000 (16:18 +0000)]
sync

3 years agoAdd 0x413d:0x2107 for various PCSensors TEMPer devices
landry [Mon, 5 Apr 2021 16:17:25 +0000 (16:17 +0000)]
Add 0x413d:0x2107 for various PCSensors TEMPer devices

3 years agoUntil tls_accept_socket() succeeds, the tls context bound to a session
eric [Mon, 5 Apr 2021 15:50:11 +0000 (15:50 +0000)]
Until tls_accept_socket() succeeds, the tls context bound to a session
belongs to the listener, and should not be freed with that session if
an error occurs before.  Unlink it from the session early in the accept
callback to avoid this.

tweaks and ok millert@

3 years agoSet sysclk before using it
kn [Mon, 5 Apr 2021 14:36:18 +0000 (14:36 +0000)]
Set sysclk before using it

simpleaudio_set_params() calls set_params() which reads sysclk off the
"i2s_clk" property before it sets that very clock's rate with
dd_set_sysclk() (in case there's multiplier specified).

Hence reverse the order so set_params() can pick up the newly set rate.

The rate is still off on the Pinebook Pro, but I came across this when
reading the code;  this also matches NetBSD's sys/dev/fdt/ausoc.c r1.6
"Set sysclk rate at set_format time, so the link set_format callback can
read the new sysclk".

OK kettenis patrick

3 years agoMove client-detached into server_client_lost so it is fired even if a
nicm [Mon, 5 Apr 2021 14:11:05 +0000 (14:11 +0000)]
Move client-detached into server_client_lost so it is fired even if a
client is closed unexpectedly.

3 years agoFix typo in debug message. ok kettenis@
dtucker [Mon, 5 Apr 2021 12:13:07 +0000 (12:13 +0000)]
Fix typo in debug message.  ok kettenis@

3 years agoSend correct response type on unpause errors.
dv [Mon, 5 Apr 2021 11:35:26 +0000 (11:35 +0000)]
Send correct response type on unpause errors.

ok pd@

3 years agoRevert slow mode change so that we always use it for legacy and high speed
patrick [Mon, 5 Apr 2021 09:31:45 +0000 (09:31 +0000)]
Revert slow mode change so that we always use it for legacy and high speed
timings, and if the device tree tells us to.  While the change was done to
reduce diff, it introduced a regression on some devices, hence this revert.

Reported and tested by dtucker@
Tested by kettenis@ and myself

3 years agoFix a couple of edge cases with the jump-back-xxx commands, and also
nicm [Mon, 5 Apr 2021 08:43:48 +0000 (08:43 +0000)]
Fix a couple of edge cases with the jump-back-xxx commands, and also
update back-to-indentation to use grid_reader, thereby fixing line
wrapping issues. From Anindya Mukherjee, GitHub issue 2633.

3 years agoDon't leak param->name in x509_verify_param_zero()
tb [Mon, 5 Apr 2021 07:02:50 +0000 (07:02 +0000)]
Don't leak param->name in x509_verify_param_zero()

For dynamically allocated verify parameters, param->name is only ever set
in X509_VERIFY_set1_name() where the old one is freed and the new one is
assigned via strdup(). Setting it to NULL without freeing it beforehand is
a leak.

looks correct to millert, ok inoguchi

3 years agoRemove unused variables
kn [Mon, 5 Apr 2021 00:51:14 +0000 (00:51 +0000)]
Remove unused variables

From Daniel Kovacic <daniel dot kovacic at unbugd dot com>, thanks!
No object change.

3 years agoleave -beta
deraadt [Sun, 4 Apr 2021 23:03:07 +0000 (23:03 +0000)]
leave -beta

3 years agoAdd missing error check for AES_unwrap_key().
tb [Sun, 4 Apr 2021 20:40:48 +0000 (20:40 +0000)]
Add missing error check for AES_unwrap_key().

3 years agoFix two copy paste errors in error messages
tb [Sun, 4 Apr 2021 20:21:43 +0000 (20:21 +0000)]
Fix two copy paste errors in error messages

3 years agoAdd tests for DTLSv1_2{,_client,_server}_method()
tb [Sun, 4 Apr 2021 20:16:29 +0000 (20:16 +0000)]
Add tests for DTLSv1_2{,_client,_server}_method()

3 years ago431 is an overlay over 204 (Manitoba)
deraadt [Sun, 4 Apr 2021 20:08:49 +0000 (20:08 +0000)]
431 is an overlay over 204 (Manitoba)

3 years agoUse correct type for tmp in test_write_bytes()
tb [Sun, 4 Apr 2021 19:55:46 +0000 (19:55 +0000)]
Use correct type for tmp in test_write_bytes()

3 years agoExplicitly NULL pointers to avoid a double free.
tb [Sun, 4 Apr 2021 19:36:09 +0000 (19:36 +0000)]
Explicitly NULL pointers to avoid a double free.

3 years agoDon't leak key and dh in the error path.
tb [Sun, 4 Apr 2021 19:32:26 +0000 (19:32 +0000)]
Don't leak key and dh in the error path.

3 years agoClean up client and server tls{,_config} contexts in tls_test().
tb [Sun, 4 Apr 2021 16:19:47 +0000 (16:19 +0000)]
Clean up client and server tls{,_config} contexts in tls_test().

Leaks reported by Ilya Shipitsin.

3 years agoDocument support subset of conversion specification
kn [Sun, 4 Apr 2021 15:25:11 +0000 (15:25 +0000)]
Document support subset of conversion specification

Clarify that printf(9) only knows
%[width][size]conversion
contrary to printf(3)'s
%[argno$][flags][width][.precision][size]conversion

Feedback OK jmc
OK deraadt

3 years agoremove stray inserts; from matthias schmidt
jmc [Sun, 4 Apr 2021 11:36:56 +0000 (11:36 +0000)]
remove stray inserts; from matthias schmidt

3 years agofix spacing issue in macro;
jmc [Sun, 4 Apr 2021 06:18:58 +0000 (06:18 +0000)]
fix spacing issue in macro;

3 years agomissing comma; from kawashima james
jmc [Sun, 4 Apr 2021 06:11:24 +0000 (06:11 +0000)]
missing comma; from kawashima james

3 years agoAdd size check for sockaddr mask.
tobhe [Sat, 3 Apr 2021 21:29:14 +0000 (21:29 +0000)]
Add size check for sockaddr mask.

3 years agoAdd a guard page between I/O virtual address space allocations. The idea
patrick [Sat, 3 Apr 2021 15:59:08 +0000 (15:59 +0000)]
Add a guard page between I/O virtual address space allocations.  The idea
is that IOVA allocations always have a gap in-between which produces a fault
on access.  If a transfer to a given allocation runs further than expected
we should be able to see it.  We pre-allocate IOVA on bus DMA map creation,
and as long as we don't allocate a PTE descriptor, this comes with no cost.
We have plenty of address space anyway, so adding a page-sized gap does not
hurt at all and can only have positive effects.

Idea from kettenis@

3 years agoExclude the first page from I/O virtual address space, which is the NULL
patrick [Sat, 3 Apr 2021 15:10:58 +0000 (15:10 +0000)]
Exclude the first page from I/O virtual address space, which is the NULL
pointer address.  Not allowing this one to be allocated might help find
driver bugs, where the device is programmed with a NULL pointer.  We have
plenty of address space anyway, so excluding this single page does not
hurt at all and can only have positive effects.

Idea from kettenis@

3 years agoRun the CMAC tests through EVP_PKEY_new_CMAC_key().
tb [Sat, 3 Apr 2021 13:34:45 +0000 (13:34 +0000)]
Run the CMAC tests through EVP_PKEY_new_CMAC_key().

3 years agotypos in comments; GHPR#180 from Ville Skyttä
djm [Sat, 3 Apr 2021 06:58:30 +0000 (06:58 +0000)]
typos in comments; GHPR#180 from Ville Skyttä

3 years agosync CASignatureAlgorithms lists with reality. GHPR#174 from
djm [Sat, 3 Apr 2021 06:55:52 +0000 (06:55 +0000)]
sync CASignatureAlgorithms lists with reality. GHPR#174 from
Matt Hazinski

3 years agohighly polished whitespace, mostly fixing spaces-for-tab and bad
djm [Sat, 3 Apr 2021 06:18:40 +0000 (06:18 +0000)]
highly polished whitespace, mostly fixing spaces-for-tab and bad
indentation on continuation lines. Prompted by GHPR#185

3 years agowhitespace (tab after space)
djm [Sat, 3 Apr 2021 05:54:14 +0000 (05:54 +0000)]
whitespace (tab after space)

3 years agofix incorrect plural; from Ville Skyttä via GHPR#181
djm [Sat, 3 Apr 2021 05:46:41 +0000 (05:46 +0000)]
fix incorrect plural; from Ville Skyttä via GHPR#181