openbsd
2 years agoRemove duplicate scsi devices.
krw [Thu, 31 Mar 2022 14:44:49 +0000 (14:44 +0000)]
Remove duplicate scsi devices.

ok miod@ deraadt@

2 years agoFix leak in ASN1_TIME_adj_internal()
tb [Thu, 31 Mar 2022 13:04:47 +0000 (13:04 +0000)]
Fix leak in ASN1_TIME_adj_internal()

p is allocated by asprintf() in one of the *_from_tm() functions, so
it needs to be freed as in the other error path below.

CID 346194

ok jsing

2 years agoSimplify priv_key handling in d2i_ECPrivateKey()
tb [Thu, 31 Mar 2022 13:00:58 +0000 (13:00 +0000)]
Simplify priv_key handling in d2i_ECPrivateKey()

d2i_EC_PRIVATEKEY() can handle the allocation of priv_key internally,
no need to do this up front and reach it through the dangerous reuse
mechanism. There's also no point in freeing a variable we know to be
NULL.

ok jsing

2 years agoSync & permit ASPA objects to appear on Manifests
job [Thu, 31 Mar 2022 12:00:00 +0000 (12:00 +0000)]
Sync & permit ASPA objects to appear on Manifests

OK tb@ claudio@

2 years agoCheck EVPDigest* return values.
tb [Thu, 31 Mar 2022 09:36:09 +0000 (09:36 +0000)]
Check EVPDigest* return values.

CID 351293

2 years ago'e' is no longer an optional element for ober_scanf_elements.
martijn [Thu, 31 Mar 2022 09:06:55 +0000 (09:06 +0000)]
'e' is no longer an optional element for ober_scanf_elements.
This caused the last attribute to be dropped.

Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@

2 years ago'e' is no longer an optional element for ober_scanf_elements.
martijn [Thu, 31 Mar 2022 09:05:15 +0000 (09:05 +0000)]
'e' is no longer an optional element for ober_scanf_elements.
This caused the last attribute to be dropped.

Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@

2 years ago'e' is no longer an optional element for ober_scanf_elements.
martijn [Thu, 31 Mar 2022 09:03:48 +0000 (09:03 +0000)]
'e' is no longer an optional element for ober_scanf_elements.
This caused the last attribute to be dropped.

Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@

2 years agoregression test for sftp cp command
djm [Thu, 31 Mar 2022 03:07:33 +0000 (03:07 +0000)]
regression test for sftp cp command

2 years agoadd a sftp client "cp" command that supports server-side copying
djm [Thu, 31 Mar 2022 03:07:03 +0000 (03:07 +0000)]
add a sftp client "cp" command that supports server-side copying
of files. Useful for this task and for testing the copy-data
extension. Patch from Mike Frysinger; ok dtucker@

2 years agoadd support for the "corp-data" protocol extension to allow
djm [Thu, 31 Mar 2022 03:05:49 +0000 (03:05 +0000)]
add support for the "corp-data" protocol extension to allow
server-side copies to be performed without having to go via
the client. Patch by Mike Frysinger, ok dtucker@

2 years agoMove knote_processexit() call from exit1() to the reaper().
millert [Thu, 31 Mar 2022 01:41:22 +0000 (01:41 +0000)]
Move knote_processexit() call from exit1() to the reaper().
This fixes a problem where NOTE_EXIT could be received before
the process was officially a zombie and thus not immediately
waitable.  OK deraadt@ visa@

2 years agoselect post-quantum KEX sntrup761x25519-sha512@openssh.com as the
djm [Wed, 30 Mar 2022 21:13:23 +0000 (21:13 +0000)]
select post-quantum KEX sntrup761x25519-sha512@openssh.com as the
default; ok markus@

2 years agofix poll() spin when a channel's output fd closes without data in the
djm [Wed, 30 Mar 2022 21:10:25 +0000 (21:10 +0000)]
fix poll() spin when a channel's output fd closes without data in the
channel buffer. Introduce more exact packing of channel fds into the
pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@

2 years agoMention constification of *_hw_if (files forgotten during constification
miod [Wed, 30 Mar 2022 19:03:20 +0000 (19:03 +0000)]
Mention constification of *_hw_if (files forgotten during constification
commit)

2 years agoSimplify up_generate_updates()
tb [Wed, 30 Mar 2022 16:06:32 +0000 (16:06 +0000)]
Simplify up_generate_updates()

Instead of using new == NULL or new != NULL in combination with an again
label to steer the control flow of this function, switch to using a while
loop and break/continue/return. Simplified version of a diff by claudio.

ok claudio

2 years agoAdd a simple test to ensure that pmeth->cleanup() can cope with NULL
tb [Wed, 30 Mar 2022 08:57:26 +0000 (08:57 +0000)]
Add a simple test to ensure that pmeth->cleanup() can cope with NULL
pkey_ctx->data.

2 years agoAvoid segfaults in EVP_PKEY_CTX_free()
tb [Wed, 30 Mar 2022 07:17:48 +0000 (07:17 +0000)]
Avoid segfaults in EVP_PKEY_CTX_free()

It is possible to call pmeth->cleanup() with an EVP_PKEY_CTX whose data
is NULL. If pmeth->init() in int_ctx_new() fails, EVP_PKEY_CTX_free() is
called with such a context. This in turn calls pmeth->cleanup(), and thus
these cleanup functions must be careful not to use NULL data.  Most of
them are, but one of GOST's functions and HMAC's aren't.

Reported for HMAC by Masaru Masada
https://github.com/libressl-portable/openbsd/issues/129

ok bcook jsing

2 years agopkey_hmac_init(): use calloc()
tb [Wed, 30 Mar 2022 07:12:30 +0000 (07:12 +0000)]
pkey_hmac_init(): use calloc()

Instead of using malloc() and setting most struct members to 0,
simply use calloc().

ok bcook jsing

2 years agoCapture up to used size not available size for each line.
nicm [Wed, 30 Mar 2022 07:05:26 +0000 (07:05 +0000)]
Capture up to used size not available size for each line.

2 years agoRemove double slash in path to test program.
anton [Wed, 30 Mar 2022 05:22:31 +0000 (05:22 +0000)]
Remove double slash in path to test program.

2 years agoFlag the kq-tun regress test as skipped as opposed of only mentioning it
anton [Wed, 30 Mar 2022 05:11:52 +0000 (05:11 +0000)]
Flag the kq-tun regress test as skipped as opposed of only mentioning it
in a comment. Allows my own regress runner (and bluhm's) to highlight
kqueue as having skipped tests.

While here, get rid of redundant usage of phony.

2 years agossh is almost out of getopt() characters; note the remaining
djm [Wed, 30 Mar 2022 04:33:09 +0000 (04:33 +0000)]
ssh is almost out of getopt() characters; note the remaining
remaining available ones in a comment

2 years agoavoid NULL deref via ssh-keygen -Y find-principals. bz3409, reported
djm [Wed, 30 Mar 2022 04:27:51 +0000 (04:27 +0000)]
avoid NULL deref via ssh-keygen -Y find-principals. bz3409, reported
by Mateusz Adamowski

2 years agoIf enough MSI-X vectors are available, set up multiple tx and rx queues.
jmatthew [Wed, 30 Mar 2022 00:25:27 +0000 (00:25 +0000)]
If enough MSI-X vectors are available, set up multiple tx and rx queues.
In multi-vector mode, the MSI-X vector number is the same as the irq number
on the nic, so use vector/irq 0 for link interrupts, then assign one to
each pair of rx and tx queues.  We don't configure RSS yet, so packets
will only be received on the first queue, but they can be transmitted on
any queue.

ok dlg@

2 years agoAdd Eric Biggers's reproducer for the memory corruption with
tb [Tue, 29 Mar 2022 23:12:30 +0000 (23:12 +0000)]
Add Eric Biggers's reproducer for the memory corruption with
the Z_DEFAULT_STRATEGY.

2 years agoOf the enabled tests only kq-pty-1 needs root, so reduce
tb [Tue, 29 Mar 2022 19:34:37 +0000 (19:34 +0000)]
Of the enabled tests only kq-pty-1 needs root, so reduce
REGRESS_ROOT_TARGTES and remove ${SUDO} from kq-pty-2.
kq-tun also needs root, but it isn't run.

discussed with and ok millert

2 years agoRegression test for NOTE_EXIT being delivered before child is waitable.
millert [Tue, 29 Mar 2022 19:04:19 +0000 (19:04 +0000)]
Regression test for NOTE_EXIT being delivered before child is waitable.

2 years agoUpdate list ofarchitectures
jca [Tue, 29 Mar 2022 18:44:12 +0000 (18:44 +0000)]
Update list ofarchitectures

Retire sparc (32 bits) and vax, add riscv64.
From Raf Czlonka

2 years agoman pages: add missing word, The foo() ... -> The foo() function ...
naddy [Tue, 29 Mar 2022 18:15:52 +0000 (18:15 +0000)]
man pages: add missing word, The foo() ... -> The foo() function ...

ok jmc@ schwarze@

2 years agoGiven asn1/a_object.c rev. 1.45 by jsing@, stop talking about BUGS
schwarze [Tue, 29 Mar 2022 17:41:20 +0000 (17:41 +0000)]
Given asn1/a_object.c rev. 1.45 by jsing@, stop talking about BUGS
we no longer have, focus on what our implementation now does, but
keep short warnings in how far other implementations might be more
fragile.  Some improvements to wordings and clarity while here.
OK tb@

2 years agoAdd Google Chromium tests for libz bugs. Write a minimal wrapper
bluhm [Tue, 29 Mar 2022 17:13:11 +0000 (17:13 +0000)]
Add Google Chromium tests for libz bugs.  Write a minimal wrapper
to avoid importing GoogleTest, Google's C++ test framework.

2 years agoDisable the recently introduced logic used to associate ucc and audio
anton [Tue, 29 Mar 2022 16:04:36 +0000 (16:04 +0000)]
Disable the recently introduced logic used to associate ucc and audio
devices. Caspar Schutijser reported on bugs@ that pressing the volume
keys on his headset causes a usb host controller interrupt storm. I'm
trying to figure out what's going on but since we're approaching release
keep it disabled.

2 years agoman pages: add missing commas in enumerations
naddy [Tue, 29 Mar 2022 14:27:59 +0000 (14:27 +0000)]
man pages: add missing commas in enumerations

2 years agoBound cofactor in EC_GROUP_set_generator()
tb [Tue, 29 Mar 2022 14:03:12 +0000 (14:03 +0000)]
Bound cofactor in EC_GROUP_set_generator()

Instead of bounding only bounding the group order, also bound the
cofactor using Hasse's theorem. This could probably be made a lot
tighter since all curves of cryptographic interest have small
cofactors,  but for now this is good enough.

A timeout found by oss-fuzz creates a "group" with insane parameters
over a 40-bit field: the order is 14464, and the cofactor has 4196223
bits (which is obviously impossible by Hasse's theorem). These led to
running an expensive loop in ec_GFp_simple_mul_ct() millions of times.

Fixes oss-fuzz #46056

Diagnosed and fix joint with jsing

ok inoguchi jsing (previous version)

2 years agooff-by-one check didn't recognize partition 'a' section on specified
deraadt [Tue, 29 Mar 2022 13:57:52 +0000 (13:57 +0000)]
off-by-one check didn't recognize partition 'a' section on specified
disk, and would fall through to the active partition selection
from crystal kolipe, ok miod krw

2 years agoDo not zero cofactor on ec_guess_cofactor() success
tb [Tue, 29 Mar 2022 13:48:40 +0000 (13:48 +0000)]
Do not zero cofactor on ec_guess_cofactor() success

The cofactor we tried to calculate should only be zeroed if we failed
to compute it.

ok inoguchi jsing

2 years agoZap trailing whitespace
tb [Tue, 29 Mar 2022 13:44:06 +0000 (13:44 +0000)]
Zap trailing whitespace

2 years agoclose enough to release, we drop -beta
deraadt [Tue, 29 Mar 2022 03:11:18 +0000 (03:11 +0000)]
close enough to release, we drop -beta

2 years agobring back getting framebuffer size from efifb (rev 1.3)
jsg [Tue, 29 Mar 2022 02:15:51 +0000 (02:15 +0000)]
bring back getting framebuffer size from efifb (rev 1.3)

avoids the following on BESSTAR TECH HM90 with Ryzen 9 4900H (renoir)
reported by Fredrik Engberg

drm:pid0:gmc_v9_0_process_interrupt *ERROR* [mmhub0] no-retry page fault (src_id:0 ring:158 vmid:0 pasid:0, for process  pid 0 thread pid 0)
drm:pid0:gmc_v9_0_process_interrupt *ERROR*   in page starting at address 0x0000000000561000 from IH client 0x12 (VMC)
drm:pid0:gmc_v9_0_process_interrupt *ERROR* VM_L2_PROTECTION_FAULT_STATUS:0x00003B3C
drm:pid0:gmc_v9_0_process_interrupt *ERROR* Faulty UTCL2 client ID: VCNU (0x1d)
drm:pid0:gmc_v9_0_process_interrupt *ERROR* MORE_FAULTS: 0x0
drm:pid0:gmc_v9_0_process_interrupt *ERROR* WALKER_ERROR: 0x6
drm:pid0:gmc_v9_0_process_interrupt *ERROR* PERMISSION_FAULTS: 0x3
drm:pid0:gmc_v9_0_process_interrupt *ERROR* MAPPING_ERROR: 0x1
drm:pid0:gmc_v9_0_process_interrupt *ERROR* RW: 0x0
[drm] *ERROR* ring vcn_dec test failed (-60)
[drm] *ERROR* hw_init of IP block <vcn_v2_0> failed -60
drm:pid0:amdgpu_device_init *ERROR* amdgpu_device_ip_init failed
drm:pid0:amdgpu_attachhook *ERROR* Fatal error during GPU init

2 years agoBasic copy editing:
schwarze [Tue, 29 Mar 2022 01:26:08 +0000 (01:26 +0000)]
Basic copy editing:
Eliminate weasel words and needless parentheses, reduce "will" and
"shall" and "may", add more precision, some grammar fixes, shorten
and improve wordings, add some missing macros.
Triggered by a question from naddy@.

2 years agoRunning getty(8) on /dev/console when using a glass console interferes with
kettenis [Mon, 28 Mar 2022 18:53:40 +0000 (18:53 +0000)]
Running getty(8) on /dev/console when using a glass console interferes with
running Xorg in a way that isn't fully understood.  So change the arm64
install.md to munge /etc/ttys to enable the ttyC0 entry if we detect that
wsdisplay0 is the console and make sure the code in install.sub that
does the actual munging disables the console entry before enabling another
entry to prevent running two getty(8) processes on (effectively) the same
device.

ok deraadt@

2 years agoif_detach() does if_remove(ifp); NET_LOCK(); rti_delete(). New
bluhm [Mon, 28 Mar 2022 16:31:26 +0000 (16:31 +0000)]
if_detach() does if_remove(ifp); NET_LOCK(); rti_delete().  New
igmp groups may join while sleeping in interface destruction.  In
this case if_get() in igmp_joingroup() fails and rti_fill() is not
called.  Then inm->inm_rti may be NULL.  This is the condition when
syzkaller crashes in igmp_leavegroup().
Pass the ifp the current CPU is already holding down to igmp_joingroup()
and igmp_leavegroup() to avoid half constructed igmp groups.  Calling
if_get() in caller and callee makes no sense anyway.
Reported-by: syzbot+146823a676b7bea83649@syzkaller.appspotmail.com
OK denis@

2 years agoOnly SLIST_REMOVE() a link when the link is on the list.
krw [Mon, 28 Mar 2022 15:47:11 +0000 (15:47 +0000)]
Only SLIST_REMOVE() a link when the link is on the list.

Avoids a potential panic.

2 years agoCompare the SKI of the embedded EE certificate of the CMS message with the
claudio [Mon, 28 Mar 2022 13:04:01 +0000 (13:04 +0000)]
Compare the SKI of the embedded EE certificate of the CMS message with the
SID of the Signer Info structure. RFC6488 mandates this.
OK job@ tb@

2 years agoChange internal functions to static in openssl(1) pkcs12
inoguchi [Mon, 28 Mar 2022 11:02:49 +0000 (11:02 +0000)]
Change internal functions to static in openssl(1) pkcs12

ok tb@

2 years agoRemove unused function cert_load in openssl(1) pkcs12
inoguchi [Mon, 28 Mar 2022 10:56:26 +0000 (10:56 +0000)]
Remove unused function cert_load in openssl(1) pkcs12

ok tb@

2 years agoFix misspelled NM town names, from personal knowledge, checked against USPS.
bentley [Mon, 28 Mar 2022 10:29:44 +0000 (10:29 +0000)]
Fix misspelled NM town names, from personal knowledge, checked against USPS.

2 years agoFix error check of CMS_unsigned_get_addr_count()
tb [Mon, 28 Mar 2022 08:19:15 +0000 (08:19 +0000)]
Fix error check of CMS_unsigned_get_addr_count()

According to RFC 5652, unsignedAttrs are a SET OF at least one member,
however the CMS code doesn't actually check for this. Since SET OF may
contain zero members in general, an empty set of unsignedAttrs would
be accepted. Catch this by explicitly checking for a -1 return value.

ok claudio

2 years agoRemove extra 'or'
claudio [Mon, 28 Mar 2022 08:18:13 +0000 (08:18 +0000)]
Remove extra 'or'
OK tb@

2 years agoPrint OK after all of the RRDP related tests. To make it clear that
claudio [Mon, 28 Mar 2022 08:11:36 +0000 (08:11 +0000)]
Print OK after all of the RRDP related tests. To make it clear that
the regress test was successful.

2 years agoReport error if creating socket fails with -D.
nicm [Mon, 28 Mar 2022 07:40:57 +0000 (07:40 +0000)]
Report error if creating socket fails with -D.

2 years agoPut call to vmx_remote_vmclear() under #ifdef MULTIPROCESSOR
tb [Mon, 28 Mar 2022 06:28:47 +0000 (06:28 +0000)]
Put call to vmx_remote_vmclear() under #ifdef MULTIPROCESSOR
to unbreak build of amd64 GENERIC

makes sense to jsing

2 years agotweak the pflog ifname filter to include the terminating nul.
dlg [Mon, 28 Mar 2022 02:58:06 +0000 (02:58 +0000)]
tweak the pflog ifname filter to include the terminating nul.

without this the code effectively just compares the start of the
string, which means you can get a prefix match unexpectedly. including
the nul in the comparison means it only works for whole interface
names, as it was originally intended.

reported by Aner Perez on misc@
ok deraadt@ (who also dug through the history behind this)

2 years agojason tubnor points out that vxlan talking multicast needs a parent iface.
dlg [Mon, 28 Mar 2022 02:54:33 +0000 (02:54 +0000)]
jason tubnor points out that vxlan talking multicast needs a parent iface.

2 years agovmm(4): add quiesce/wakeup hooks to sync vcpu state.
dv [Mon, 28 Mar 2022 00:22:20 +0000 (00:22 +0000)]
vmm(4): add quiesce/wakeup hooks to sync vcpu state.

If a host suspends or hibernates, a task in the middle of using
vcpu state may be rescheduled to another cpu. This is primarily a
problem for Intel hosts as vcpu state is kept local to the physical
cpu and must be flushed back to physical memory before another cpu
can issue certain vmx instructions.

This change ensures no tasks are actively using the vmm device,
flushes all vcpu state (if Intel hardware), and turns off virtualization
mode on the host cpus. Upon wakeup, we reverse the process.

Reported on bugs@ by mpi@. OK mlarkin@

2 years agoftp.1: remove a sentence fragment left over from a previous edit
naddy [Sun, 27 Mar 2022 20:09:12 +0000 (20:09 +0000)]
ftp.1: remove a sentence fragment left over from a previous edit

ok deraadt@ jmc@ miod@

2 years agosys/vnode.h cleanup for vnode_hold_list, vnode_free_list, struct freelst
semarie [Sun, 27 Mar 2022 16:19:39 +0000 (16:19 +0000)]
sys/vnode.h cleanup for vnode_hold_list, vnode_free_list, struct freelst

vnode_hold_list and vnode_free_list aren't used outside kern/vfs_subr.c

move `struct freelst` where used in kern/vfs_subr.c

no intented behaviour changes. survived a release(8) build.

ok millert@

2 years agoFix memory corruption bug in zlib
bluhm [Sun, 27 Mar 2022 10:01:51 +0000 (10:01 +0000)]
Fix memory corruption bug in zlib

zlib has a crashing bug. The bug fix has been sitting in the
unreleased develop branch for nearly four years. Pull in this fix
and a small followup.

same fix as in base lib/libz

2 years agoRevert previous. Use private copy of zlib in Compress::Raw::Zlib
bluhm [Sun, 27 Mar 2022 09:53:04 +0000 (09:53 +0000)]
Revert previous.  Use private copy of zlib in Compress::Raw::Zlib
again.  The header zlib.h in our base uses z_off_t for fields
total_in and total_out in struct z_stream_s.  The rest of the world
uses uLong there.  This leads to an incompatibility when comiled
with Perl.  The pkg tools fail on i386.
debugged by semarie@; discussed with tb@

2 years agoCheck EVP_Digest* functions return value in openssl(1) ts
inoguchi [Sun, 27 Mar 2022 00:37:10 +0000 (00:37 +0000)]
Check EVP_Digest* functions return value in openssl(1) ts

Move up md_ctx and add EVP_MD_CTX_free under the 'err:' label.
CID 149810

comment and ok jsing@

2 years agoname constraints: be more careful with NULs
tb [Sat, 26 Mar 2022 16:34:21 +0000 (16:34 +0000)]
name constraints: be more careful with NULs

An IA5STRING is a Pascal string that can have embedded NULs and is
not NUL terminated (except that for legacy reasons it happens to be).

Instead of taking the strlen(), use the already known ASN.1 length and
use strndup() instead of strdup() to generate NUL terminated strings
after some existing code has checked that there are no embedded NULs.

In v2i_GENERAL_NAME_ex() use %.*s to print the bytes. This is not
optimal and might be switched to using strvis() later.

ok beck inoguchi jsing

2 years agoClean up {dtls1,ssl3}_read_bytes()
jsing [Sat, 26 Mar 2022 15:05:53 +0000 (15:05 +0000)]
Clean up {dtls1,ssl3}_read_bytes()

Now that {dtls1,ssl3}_read_bytes() have been refactored, do a clean up
pass - this cleans up various parts of the code and reduces differences
between these two functions.

ok = 1; *(&(ok)) tb@

ok inoguchi@

2 years agoRemove the minimum record length checks from dtls1_read_bytes()
jsing [Sat, 26 Mar 2022 15:00:51 +0000 (15:00 +0000)]
Remove the minimum record length checks from dtls1_read_bytes()

The code that handles each record type already has appropriate length
checks. Furthermore, the handling of application data here is likely
incorrect and bypasses the normal state checks at the end of this function.

ok inoguchi@ tb@

2 years agoConvert c2i_ASN1_OBJECT() and d2i_ASN1_OBJECT to CBS.
jsing [Sat, 26 Mar 2022 14:54:58 +0000 (14:54 +0000)]
Convert c2i_ASN1_OBJECT() and d2i_ASN1_OBJECT to CBS.

Along the way, rather than having yet another piece of code that parses
OID arcs, reuse oid_parse_arc(). Always allocate a new ASN1_OBJECT rather
than doing a crazy dance with ASN1_OBJECT_FLAG_DYNAMIC and trying to free
parts of an ASN1_OBJECT if one is passed in.

ok inoguchi@ tb@

2 years agoProvide asn1_get_primitive()
jsing [Sat, 26 Mar 2022 14:47:58 +0000 (14:47 +0000)]
Provide asn1_get_primitive()

This takes a CBS, gets the ASN.1 identifier and length, ensures the
resulting identifier is a valid primitive, then returns the tag number and
the content as a CBS.

ok inoguchi@ tb@

2 years agogrow i386 media
deraadt [Sat, 26 Mar 2022 14:26:44 +0000 (14:26 +0000)]
grow i386 media

2 years agoEnable mtw(4) on i386, macppc, and arm64.
stsp [Sat, 26 Mar 2022 14:25:14 +0000 (14:25 +0000)]
Enable mtw(4) on i386, macppc, and arm64.

Testing by hastings@ and myself.
i386 has a media size issue, deraadt@ will sort it out.

2 years agotypo: currents -> current
tb [Sat, 26 Mar 2022 12:43:11 +0000 (12:43 +0000)]
typo: currents -> current

2 years agoExpand tx dma maps to allow packets up to the MTU limit to be transmitted.
jmatthew [Sat, 26 Mar 2022 06:04:20 +0000 (06:04 +0000)]
Expand tx dma maps to allow packets up to the MTU limit to be transmitted.
Don't clear TPB_TX_BUF_EN when taking the interface down, as somehow that
causes transmission to fail when the interface comes up again if any large
packets had been sent.

Handle packets received into multiple rx buffers using the same approach as
ixl(4), with the addition that a receive error can be signaled on any of
the buffers rather than just the last one.  Set the low water mark on the
rx ring so there are always enough buffers to receive the largest packet
supported by the interface, and fix the calculation of the data pointer
in rx buffers so there's actually MCLBYTES space available.

ok dlg@

2 years agouse the new CPU_ID_AA64ISAR0 sysctl to determine CPU features on arm64
robert [Fri, 25 Mar 2022 17:42:07 +0000 (17:42 +0000)]
use the new CPU_ID_AA64ISAR0 sysctl to determine CPU features on arm64

ok tb@, deraadt@, kettenis@

2 years agoadd an exception to the CPU_ID_AA64ISAR0 in pledged applications so that
robert [Fri, 25 Mar 2022 17:40:59 +0000 (17:40 +0000)]
add an exception to the CPU_ID_AA64ISAR0 in pledged applications so that
libcrypto can access this sysctl on arm64 without restrictions to determine
cpu features

ok deraadt@, kettenis@

2 years agoSavecore uses its own private copy of compress, so it should
tb [Fri, 25 Mar 2022 16:14:55 +0000 (16:14 +0000)]
Savecore uses its own private copy of compress, so it should
not include <zlib.h>

discussed with deraadt

2 years agoImplement reboot/powerdown support based on nvmem cells. This works on
kettenis [Fri, 25 Mar 2022 15:52:03 +0000 (15:52 +0000)]
Implement reboot/powerdown support based on nvmem cells.  This works on
M1 Pro/Max machines and will hopefully continue to work on future models
by abstracting the magic flag that needs to be set using device tree
properties.

ok patrick@

2 years agoImplement support for the "bits" property for nvmem cells.
kettenis [Fri, 25 Mar 2022 15:49:29 +0000 (15:49 +0000)]
Implement support for the "bits" property for nvmem cells.

ok patrick@

2 years agoNow that syslogd(8) supports SSL shutdown when the TLS connection
bluhm [Fri, 25 Mar 2022 14:15:10 +0000 (14:15 +0000)]
Now that syslogd(8) supports SSL shutdown when the TLS connection
terminates, do SSL shutdown in the test client.  This will detect
SSL handshake errors also with TLS 1.3 if the CA of the client
certificate is invalid.
test races reported by anton@; debugged with Carsten Arzig

2 years agoBuild Perl module Compress::Raw::Zlib with zlib from /usr/lib/libz.so
bluhm [Fri, 25 Mar 2022 11:38:11 +0000 (11:38 +0000)]
Build Perl module Compress::Raw::Zlib with zlib from /usr/lib/libz.so
instead of the sources that are packaged with Perl.  This allows
us to apply security fixes for userland base in one place.  Zlib.so
is used with dlopen(3) and gets a new library dependency to libz.
Before zlib objects from zlib-src were linked statically.
OK tb@

2 years agoSync with userland libz (memory-corruption + followup).
tb [Fri, 25 Mar 2022 10:59:59 +0000 (10:59 +0000)]
Sync with userland libz (memory-corruption + followup).

ok mbuhl millert

2 years agoImprove error checking in deflatePrime()
tb [Fri, 25 Mar 2022 10:58:39 +0000 (10:58 +0000)]
Improve error checking in deflatePrime()

This is a small follow-up commit to the previous commit.

ok mbuhl millert

commit 4346a16853e19b45787ce933666026903fb8f3f8
Author: Mark Adler <madler@alumni.caltech.edu>
Date:   Tue Apr 17 22:44:41 2018 -0700

    Assure that the number of bits for deflatePrime() is valid.

https://github.com/madler/zlib/commit/4346a16853e19b45787ce933666026903fb8f3f8

2 years agoFix memory corruption bug in zlib
tb [Fri, 25 Mar 2022 10:54:27 +0000 (10:54 +0000)]
Fix memory corruption bug in zlib

zlib has a crashing bug. The bug fix has been sitting in the
unreleased develop branch for nearly four years. Pull in this fix.

ok mbuhl millert

Reported by Tavis Ormandy on oss-security:
https://marc.info/?l=oss-security&m=164809382107156&w=2

commit 5c44459c3b28a9bd3283aaceab7c615f8020c531
Author: Mark Adler <madler@alumni.caltech.edu>
Date:   Tue Apr 17 22:09:22 2018 -0700

    Fix a bug that can crash deflate on some input when using Z_FIXED.

    This bug was reported by Danilo Ramos of Eideticom, Inc. It has
    lain in wait 13 years before being found! The bug was introduced
    in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
    option forces the use of fixed Huffman codes. For rare inputs with
    a large number of distant matches, the pending buffer into which
    the compressed data is written can overwrite the distance symbol
    table which it overlays. That results in corrupted output due to
    invalid distances, and can result in out-of-bound accesses,
    crashing the application.

    The fix here combines the distance buffer and literal/length
    buffers into a single symbol buffer. Now three bytes of pending
    buffer space are opened up for each literal or length/distance
    pair consumed, instead of the previous two bytes. This assures
    that the pending buffer cannot overwrite the symbol table, since
    the maximum fixed code compressed length/distance is 31 bits, and
    since there are four bytes of pending space for every three bytes
    of symbol space.

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

2 years agoImplement most of the CMS related checks required by RFC 6488 section 3
claudio [Fri, 25 Mar 2022 08:19:04 +0000 (08:19 +0000)]
Implement most of the CMS related checks required by RFC 6488 section 3

Verify that SignerInfo and Signed Attributes are set according to the RFC.
Especially enforce that the right attributes are signed. Check that there
are no unsigned attributes, no CRL and that the correct content-type,
digest and signature algorithm are used.

The OpenSSL API makes it impossible to verify the versions and some other
more suttle differences like detecting signle attributes vs a SET OF one.
Similarly OpenSSL accepts both DER and BER encoding in the payload.
These smaller differences to the RFC are not optimal but not a risk.

Lots of feedback and OK tb@

2 years agoFix exit message if creating socket fails.
nicm [Fri, 25 Mar 2022 06:14:42 +0000 (06:14 +0000)]
Fix exit message if creating socket fails.

2 years agoSync zlib with userland
tb [Fri, 25 Mar 2022 00:42:27 +0000 (00:42 +0000)]
Sync zlib with userland

Backport zlib fix for the multi line CLEAR_HASH macro.  There is
an else branch where only half of the macro is executed conditionally.
Acording to upstream comment this has only little impact.
https://github.com/madler/zlib/commit/38e8ce32afbaa82f67d992b9f3056f281fe69259

ok bluhm (who had the same diff)

2 years agoLink libz into regress build.
bluhm [Thu, 24 Mar 2022 22:11:11 +0000 (22:11 +0000)]
Link libz into regress build.

2 years agoBackport zlib fix for the multi line CLEAR_HASH macro. There is
bluhm [Thu, 24 Mar 2022 22:04:27 +0000 (22:04 +0000)]
Backport zlib fix for the multi line CLEAR_HASH macro.  There is
an else branch where only half of the macro is executed conditionally.
Acording to upstream comment this has only little impact.
https://github.com/madler/zlib/commit/38e8ce32afbaa82f67d992b9f3056f281fe69259
OK deraadt@ tb@

2 years agoThe installer no longer runs dhclient(8).
krw [Thu, 24 Mar 2022 20:46:56 +0000 (20:46 +0000)]
The installer no longer runs dhclient(8).

New verbiage suggested by deraadt@.

2 years agoImport upstream madler/zlib test files and run them with our libz.
bluhm [Thu, 24 Mar 2022 19:41:06 +0000 (19:41 +0000)]
Import upstream madler/zlib test files and run them with our libz.

2 years agoAdd $OpenBSD$ tag and declare that this file is in the public domain.
kettenis [Thu, 24 Mar 2022 18:42:05 +0000 (18:42 +0000)]
Add $OpenBSD$ tag and declare that this file is in the public domain.

requested by miod@

2 years agoAdjust the signer test to link statically and work with hidden tls_signer
tb [Thu, 24 Mar 2022 15:58:57 +0000 (15:58 +0000)]
Adjust the signer test to link statically and work with hidden tls_signer
API.

2 years agosync
tb [Thu, 24 Mar 2022 15:57:44 +0000 (15:57 +0000)]
sync

2 years agoCrank major after symbol removal.
tb [Thu, 24 Mar 2022 15:57:04 +0000 (15:57 +0000)]
Crank major after symbol removal.

2 years agoHide the tls_signer from public visibility. It's not ready yet and
tb [Thu, 24 Mar 2022 15:56:34 +0000 (15:56 +0000)]
Hide the tls_signer from public visibility. It's not ready yet and
should not be used. It will be revisited after release.

ok beck inoguchi jsing

2 years agowhitespace niggle noticed during review
deraadt [Thu, 24 Mar 2022 14:39:08 +0000 (14:39 +0000)]
whitespace niggle noticed during review

2 years agoCheck function return value
inoguchi [Thu, 24 Mar 2022 14:07:08 +0000 (14:07 +0000)]
Check function return value

2 years agoCompare pointer value with NULL
inoguchi [Thu, 24 Mar 2022 13:47:55 +0000 (13:47 +0000)]
Compare pointer value with NULL

2 years agoAdd unit (milliseconds) to escape-time, show unset colours as "none"
nicm [Thu, 24 Mar 2022 12:07:25 +0000 (12:07 +0000)]
Add unit (milliseconds) to escape-time, show unset colours as "none"
rather than "invalid" and don't show the same text twice for user
options in customize mode.

2 years agoWrap long lines
inoguchi [Thu, 24 Mar 2022 12:00:17 +0000 (12:00 +0000)]
Wrap long lines

2 years agoRemove space between asterisk and variable name
inoguchi [Thu, 24 Mar 2022 11:40:07 +0000 (11:40 +0000)]
Remove space between asterisk and variable name

2 years agoConvert openssl(1) ts option handling
inoguchi [Thu, 24 Mar 2022 11:27:45 +0000 (11:27 +0000)]
Convert openssl(1) ts option handling

Apply new option handling to openssl(1) ts, and there is no functional
changes here.
usage strings are comes from manual page.

comments and ok jsing@

2 years agoAdd a capability for OSC 7 and use it similarly to how the title is set
nicm [Thu, 24 Mar 2022 09:05:57 +0000 (09:05 +0000)]
Add a capability for OSC 7 and use it similarly to how the title is set
(and controlled by the same set-titles option). GitHub issue 3127.