jsing [Mon, 14 Jul 2014 01:05:36 +0000 (01:05 +0000)]
Hook in libressl to regress.
deraadt [Mon, 14 Jul 2014 01:01:27 +0000 (01:01 +0000)]
enter libressl for make includes
jsing [Mon, 14 Jul 2014 00:50:04 +0000 (00:50 +0000)]
Sort SUBDIRs.
jsing [Mon, 14 Jul 2014 00:49:03 +0000 (00:49 +0000)]
Hook libressl into the build.
Requested by deraadt@
deraadt [Mon, 14 Jul 2014 00:35:10 +0000 (00:35 +0000)]
whitespace
reyk [Mon, 14 Jul 2014 00:19:48 +0000 (00:19 +0000)]
first step towards keep-alive/persistent connections support
bluhm [Mon, 14 Jul 2014 00:14:43 +0000 (00:14 +0000)]
Now that the relayd timeouts have been fixed, make the http timeout
test more strict again. Backout rev 1.2 of args-timeout-http.pl.
bluhm [Mon, 14 Jul 2014 00:11:12 +0000 (00:11 +0000)]
When a connection was spliced in one direction and in copy mode in
the other direction, the timeouts did not work. They were longer
than specified. Link the splicing and non-splicing timeouts.
Found by make run-regress-args-timeout-http.pl
OK reyk@
deraadt [Mon, 14 Jul 2014 00:01:39 +0000 (00:01 +0000)]
Improve RAND_write_file(), chmod crud, etc.
ok tedu
jsing [Mon, 14 Jul 2014 00:00:44 +0000 (00:00 +0000)]
Update regress test to work with ressl API changes.
tedu [Sun, 13 Jul 2014 23:59:58 +0000 (23:59 +0000)]
use mallocarray for multiplied value checking
benno [Sun, 13 Jul 2014 23:59:57 +0000 (23:59 +0000)]
fix regress tests after log changes. noticed by bluhm@.
everybody stand back. i know regular expressions.
jsing [Sun, 13 Jul 2014 23:54:52 +0000 (23:54 +0000)]
Add configuration handling for certificate and key files.
uebayasi [Sun, 13 Jul 2014 23:49:40 +0000 (23:49 +0000)]
KASSERTMSG(9): New kernel assertion with message
KASSERT() is annoying as it only prints the expression as a string. If you
(developers) want to know a little more information, you have to do:
#ifdef DIAGNOSTIC
if (bad)
panic(...);
#endif
KASSERTMSG() replaces it into a single line:
KASSERTMSG(!bad, ...);
Taken from NetBSD.
(There is a concern that KASSERT() messages are too long; consume more memory,
and not friendly for small monitors. This have to be considered & revisited
later.)
"Like" from henning@
Man page review & advices from jmc@ and schwarze@
jsing [Sun, 13 Jul 2014 23:36:24 +0000 (23:36 +0000)]
Add stubs for the proposed server API.
sasano [Sun, 13 Jul 2014 23:36:09 +0000 (23:36 +0000)]
add RDC R1012 support
jsing [Sun, 13 Jul 2014 23:34:39 +0000 (23:34 +0000)]
Stop leaking internal library pointers in error messages.
Requested by miod@
tedu [Sun, 13 Jul 2014 23:33:26 +0000 (23:33 +0000)]
pass correct sizes to free()
schwarze [Sun, 13 Jul 2014 23:25:09 +0000 (23:25 +0000)]
add missing whitespace between .Fa macro argument and trailing punctuation
deraadt [Sun, 13 Jul 2014 23:24:47 +0000 (23:24 +0000)]
use mallocarray()
sasano [Sun, 13 Jul 2014 23:19:51 +0000 (23:19 +0000)]
pciide.c, pciide_rdc_reg.h(new): ported rdcide(4) from NetBSD.
it supports RDC's R1012 IDE controller.
tested on 86duino EduCake (DM&P Vortex86EX SoC)
ok by deraadt@
jsing [Sun, 13 Jul 2014 23:19:02 +0000 (23:19 +0000)]
Tabs, not spaces.
tedu [Sun, 13 Jul 2014 23:18:01 +0000 (23:18 +0000)]
use mallocarray
jsing [Sun, 13 Jul 2014 23:17:29 +0000 (23:17 +0000)]
Rename the context allocation from ressl_new to ressl_client, which makes
it completely obvious what the context is for. Ensure client functions are
used on client contexts.
schwarze [Sun, 13 Jul 2014 23:12:02 +0000 (23:12 +0000)]
one .Fn argument per function argument
deraadt [Sun, 13 Jul 2014 23:10:23 +0000 (23:10 +0000)]
Some reallocarray() use; review Jean-Philippe Ouellet, patrick keshishian
ok tedu
jsing [Sun, 13 Jul 2014 23:06:18 +0000 (23:06 +0000)]
Split the context allocation out from the configuration. This will allow
us to properly report errors that occur during configuration processing.
Discussed with tedu@
schwarze [Sun, 13 Jul 2014 23:03:03 +0000 (23:03 +0000)]
Do not fold multiple function arguments into the same .Fn argument:
That may cause indexing and formatting issues.
Buggy mdoc(7) code mentioned by uebayasi@ to jmc@.
uebayasi [Sun, 13 Jul 2014 22:53:38 +0000 (22:53 +0000)]
boot(9): Cosmetic changes to improve diff'ability.
jsing [Sun, 13 Jul 2014 22:42:01 +0000 (22:42 +0000)]
Move the client code into a separate file.
jsing [Sun, 13 Jul 2014 22:31:42 +0000 (22:31 +0000)]
Rename various configuration handling functions.
Requested by and discussed with tedu@.
miod [Sun, 13 Jul 2014 22:28:03 +0000 (22:28 +0000)]
Comment out option GPT until the matching userland bits are in place.
jsing [Sun, 13 Jul 2014 22:13:52 +0000 (22:13 +0000)]
Use a single ressl.h header file.
Discussed with beck@ and tedu@.
uebayasi [Sun, 13 Jul 2014 22:13:06 +0000 (22:13 +0000)]
Cosmetic changes to reduce diffs.
claudio [Sun, 13 Jul 2014 21:59:50 +0000 (21:59 +0000)]
Update procflags list, add PS_SYSTEM, PS_EMBRYO, PS_ZOMBIE and
PS_NOBROADCASTKILL. The resulting table is shifted so far right
that a few additional lines had to be wrapped. Not ideal but the
best we can do at the moment.
kettenis [Sun, 13 Jul 2014 21:51:12 +0000 (21:51 +0000)]
The correct place to call _bus_dmamap_sync() is after we copy data *to* the
bounce buffer and before we copy data *from* the bounce buffer. Currently
_bus_dmamap_sync() is a no-op, but keeping it #ifdef'ed out in the wrong
place makes no sense.
ok deraadt@, miod@
deraadt [Sun, 13 Jul 2014 21:49:02 +0000 (21:49 +0000)]
sync
claudio [Sun, 13 Jul 2014 21:46:25 +0000 (21:46 +0000)]
Use lerrx instead of errx since the logging subsystem is already initialized.
OK florian@
matthew [Sun, 13 Jul 2014 21:44:58 +0000 (21:44 +0000)]
Fix sched_stop_secondary_cpus() to properly drain CPUs
TAILQ_FOREACH() isn't safe to use in sched_chooseproc() to iterate
over the run queues because within the loop body we remove the threads
from their run queues and reinsert them elsewhere. As a result, we
end up only draining the first thread of each run queue rather than
all of them.
ok kettenis
deraadt [Sun, 13 Jul 2014 21:39:00 +0000 (21:39 +0000)]
yes indeed, it returns void *. from Jean-Philippe Ouellet, i also had
this lurking in a tree
jsing [Sun, 13 Jul 2014 21:38:23 +0000 (21:38 +0000)]
Explicitly initialise slen - this was not previously done due to a missing
M_ASN1_D2I_begin macro.
jsing [Sun, 13 Jul 2014 21:35:27 +0000 (21:35 +0000)]
Convert error handling to SSLerr and ERR_asprintf_error_data.
yasuoka [Sun, 13 Jul 2014 21:34:35 +0000 (21:34 +0000)]
Some functions need to dup() before sending a socket by imsg and don't
need to close() after sending socket since imsg_compose() closes the
passing socket.
rpe [Sun, 13 Jul 2014 21:24:43 +0000 (21:24 +0000)]
Only set machdep.allowaperture if 'vga1: aperture needed' is found
in dmesg output. Use that information to decide whether or not to
ask the user if he intends to use X.
initial diff from and OK halex@
OK deraadt@
tedu [Sun, 13 Jul 2014 21:21:25 +0000 (21:21 +0000)]
include stdint.h for standard ints. from Jean-Philippe Ouellet
jasper [Sun, 13 Jul 2014 21:18:44 +0000 (21:18 +0000)]
fix even more trailing tabs
miod [Sun, 13 Jul 2014 21:18:26 +0000 (21:18 +0000)]
#$%#@$# CONSPEED
kettenis [Sun, 13 Jul 2014 21:13:51 +0000 (21:13 +0000)]
Display zero page hit and miss counters in vmstat -s.
ok deraadt@
jasper [Sun, 13 Jul 2014 21:13:30 +0000 (21:13 +0000)]
more hanging tabs
deraadt [Sun, 13 Jul 2014 21:11:40 +0000 (21:11 +0000)]
ugly hanging tabs; ok jasper
nicm [Sun, 13 Jul 2014 20:57:46 +0000 (20:57 +0000)]
Show an error if cmd_find_session can't find the current session, like
the other functions.
miod [Sun, 13 Jul 2014 20:53:35 +0000 (20:53 +0000)]
No libsa putchar wanted here actually
krw [Sun, 13 Jul 2014 20:51:08 +0000 (20:51 +0000)]
An EOF is a good reason to close a connection.
ok nicm@
deraadt [Sun, 13 Jul 2014 20:49:42 +0000 (20:49 +0000)]
obvious conversion to mallocarray()
jmc [Sun, 13 Jul 2014 20:42:33 +0000 (20:42 +0000)]
tweak previous;
jmc [Sun, 13 Jul 2014 20:40:34 +0000 (20:40 +0000)]
missing bracket in previous;
miod [Sun, 13 Jul 2014 20:29:05 +0000 (20:29 +0000)]
Still needs <sys/reboot.h>
nicm [Sun, 13 Jul 2014 20:23:10 +0000 (20:23 +0000)]
If a client is killed while suspended with ^Z so has gone through the
MSG_EXITED dance, don't try to resume it since a) it's pointless and b)
the tty structures have been cleaned up and tmux will crash.
tedu [Sun, 13 Jul 2014 20:09:38 +0000 (20:09 +0000)]
remove all crypt choices other than bcrypt. ok afresh1 deraadt
tedu [Sun, 13 Jul 2014 19:40:57 +0000 (19:40 +0000)]
calling this "encryption" makes me cringe. "slightly obfuscated" is better.
tedu [Sun, 13 Jul 2014 18:59:40 +0000 (18:59 +0000)]
compare snprintf return value with -1. this isn't really necessary because
int promotion rules guarantee the correct result when compared with sizeof,
but it is perhaps easier for some people to understand it this way.
from Doug Hogan.
deraadt [Sun, 13 Jul 2014 18:22:12 +0000 (18:22 +0000)]
sync
jasper [Sun, 13 Jul 2014 18:08:16 +0000 (18:08 +0000)]
sync with kernel, root= -> rootdev=
jasper [Sun, 13 Jul 2014 18:07:38 +0000 (18:07 +0000)]
consistency with upcoming bootloader device parsing of the uboot arguments,
root= becomes rootdev=
jsing [Sun, 13 Jul 2014 17:56:56 +0000 (17:56 +0000)]
Convert d2i_SSL_SESSION to ASN1 primitives, instead of the horrific
asn1_mac.h macros. This still needs a lot of improvement, but immediately
becomes readable.
ok miod@ (sight unseen!)
claudio [Sun, 13 Jul 2014 17:53:41 +0000 (17:53 +0000)]
Use errx() after getpwnam() failure since errno may not be set.
All other privsep / privdrop daemons do this the same way.
OK florian@ some time ago
claudio [Sun, 13 Jul 2014 17:47:03 +0000 (17:47 +0000)]
Document KERN_PROC_NOBROADKILL
bluhm [Sun, 13 Jul 2014 17:41:04 +0000 (17:41 +0000)]
When reassembled IPv6 fragments are NATed or RDRed by pf, the
checksum has to be recalculated before the packet is fragmented
again. Put a missing in6_proto_cksum_out() into pf_refragment6().
This makes run-regress-frag6 and run-regress-frag6-ext pass again.
From Matthias Pitzl; OK henning@
jmc [Sun, 13 Jul 2014 17:39:57 +0000 (17:39 +0000)]
tweak previous;
deraadt [Sun, 13 Jul 2014 17:39:56 +0000 (17:39 +0000)]
do not need malloc.h
deraadt [Sun, 13 Jul 2014 17:34:25 +0000 (17:34 +0000)]
use mallocarray where arguments are multiplied; ok tedu
jmc [Sun, 13 Jul 2014 17:28:13 +0000 (17:28 +0000)]
-N for SYNOPSIS and usage(), and some small changes to previous;
espie [Sun, 13 Jul 2014 17:24:06 +0000 (17:24 +0000)]
bye bye src url. Never amounted to much, we went another road a while ago
pirofti [Sun, 13 Jul 2014 17:19:17 +0000 (17:19 +0000)]
Keep track of port connections and port resets.
Also notify upstream when a port finished reseting and when the
connection status changes.
Gets things further along to the point where pipe device transfer
and control methods are required.
espie [Sun, 13 Jul 2014 17:17:21 +0000 (17:17 +0000)]
bundling base + packages was slow, as it needed to find lots of files.
different approach: mark the base system in one go, then hand pick the
files from the pkglocatedb.
quite a few unaccounted files yet, this will get better
claudio [Sun, 13 Jul 2014 17:07:00 +0000 (17:07 +0000)]
Set KERN_PROC_NOBROADCASTKILL so that iscsid is not killed by init
when terminating multi-user so that we have a chance to sync the
file systems mounted via iscsi.
deraadt [Sun, 13 Jul 2014 17:02:48 +0000 (17:02 +0000)]
sync
pelikan [Sun, 13 Jul 2014 16:59:35 +0000 (16:59 +0000)]
kill fs2hXX/h2fsXX macros with letohXX/htoleXX
The reason being that ext2 structures are little-endian but JBD2 journal
is big-endian. Don't confuse readers by talking about "file system endian".
Some KNF while there.
ok guenther
bluhm [Sun, 13 Jul 2014 16:58:43 +0000 (16:58 +0000)]
Put back a m_copyback() that got lost in rev 1.837 of pf.c. This
fixes the rewrite of an IPv6 header of an ICMP6 packet in the payload
of an ICMP6 error packet. Path MTU discovery with ping6 over pf
nat or rdr works again.
Found by src/regress/sys/net/pf_fragment make run-regress-fragping6
OK henning@
deraadt [Sun, 13 Jul 2014 16:50:25 +0000 (16:50 +0000)]
GPTSIGNATURE must be LL, for operation on non-punk machines
ok punk
claudio [Sun, 13 Jul 2014 16:49:47 +0000 (16:49 +0000)]
Add iscsid_flags to rc.conf so we do not try to start iscsid all the time.
Noticed by naddy@
pelikan [Sun, 13 Jul 2014 16:44:20 +0000 (16:44 +0000)]
kill fs2hXX/h2fsXX macros with letohXX/htoleXX
The reason being that ext2 structures are little-endian but JBD2 journal
is big-endian. Don't confuse readers by talking about "file system endian".
While here, nuke the copy of bswap.c and link it against the kernel's like
fsck_ext2fs has done, for better maintainability.
ok guenther
jsing [Sun, 13 Jul 2014 16:43:37 +0000 (16:43 +0000)]
Remove license introduced with the PSK code, which has since been removed.
ok deraadt@
krw [Sun, 13 Jul 2014 16:43:25 +0000 (16:43 +0000)]
When the three possible return values are -1, 0, and 1, != 1 is the same
as <= 0. And the latter is the normal idiom so use that.
ok claudio@ henning@
claudio [Sun, 13 Jul 2014 16:41:21 +0000 (16:41 +0000)]
Introduce PS_NOBROADCASTKILL a process flag that excludes processes from
receiving broadcast signals (kill -1). The flag can be set via a new
sysctl KERN_PROC_NOBROADCASTKILL. This will be used by iscsid to survive
the mass killing by init(8) when terminating multi-user operations.
With and OK guenther@
jsing [Sun, 13 Jul 2014 16:39:19 +0000 (16:39 +0000)]
Another compression remnant.
jsing [Sun, 13 Jul 2014 16:33:01 +0000 (16:33 +0000)]
Expand the tlsext_sigalg macros. The end result is about the same number
of lines and much more readable.
ok miod@
jsing [Sun, 13 Jul 2014 16:30:50 +0000 (16:30 +0000)]
Rewrite i2d_SSL_SESSION to use the ASN1 primitives, rather than using the
horrific macros from asn1_mac.h.
This is a classic example of using macros to obfuscate code, in an attempt
to reduce the line count. The end result is so ridiculously convoluted that
it is completely unreadable and it takes hours to deconstruct the macros
and figure out what is actually going on behind the scenes.
ok miod@
pelikan [Sun, 13 Jul 2014 16:08:53 +0000 (16:08 +0000)]
kill fs2hXX/h2fsXX macros with letohXX/htoleXX
The reason being that ext2 structures are little-endian but JBD2 journal
is big-endian. Don't confuse readers by talking about "file system endian".
ok guenther
jsing [Sun, 13 Jul 2014 16:03:54 +0000 (16:03 +0000)]
Add a regress test for the ASN1 handling of SSL session tickets.
beck [Sun, 13 Jul 2014 16:03:09 +0000 (16:03 +0000)]
The bell tolls for BUF_strdup - Start the migration to using
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@
espie [Sun, 13 Jul 2014 15:58:40 +0000 (15:58 +0000)]
tedu setlist support, superseded by the new locate dbs.
espie [Sun, 13 Jul 2014 15:54:28 +0000 (15:54 +0000)]
stuff no longer needed, now that base/x release install its own locate dbs
mpi [Sun, 13 Jul 2014 15:52:49 +0000 (15:52 +0000)]
No need for <netinet/in_systm.h> here.
tedu [Sun, 13 Jul 2014 15:52:38 +0000 (15:52 +0000)]
bzero -> memset. for the speeds.
tedu [Sun, 13 Jul 2014 15:48:41 +0000 (15:48 +0000)]
trim some casts
miod [Sun, 13 Jul 2014 15:48:32 +0000 (15:48 +0000)]
Remove stale comment which used to explain why we had a special 31-bit freelist
for DMA, back when this was applicable.
logan [Sun, 13 Jul 2014 15:47:51 +0000 (15:47 +0000)]
Fix memory leak.
OK from beck@ and miod@
uebayasi [Sun, 13 Jul 2014 15:46:21 +0000 (15:46 +0000)]
KERNEL_ASSERT_LOCKED(9): Assertion for kernel lock (Rev. 3)
This adds a new assertion macro, KERNEL_ASSERT_LOCKED(), to assert that
kernel_lock is held. In the long process of removing kernel_lock, there will
be a lot (hundreds or thousands) of use of this; virtually almost all functions
in !MP-safe subsystems should have this assertion. Thus this assertion should
have a short, good name.
Not only that "KERNEL_ASSERT_LOCKED" is consistent with other KERNEL_* and
SCHED_ASSERT_LOCKED() macros.
Input from dlg@ guenther@ kettenis@.
OK dlg@ guenther@
miod [Sun, 13 Jul 2014 15:42:42 +0000 (15:42 +0000)]
OPENSSL_{malloc,free} -> {malloc,free}