openbsd
2 years agoSwitch module codename retrieval to use the newly proposed device tree
patrick [Mon, 27 Dec 2021 12:03:59 +0000 (12:03 +0000)]
Switch module codename retrieval to use the newly proposed device tree
bindings.

2 years agoHandle trailing odd-sized 1024 byte blocks when calculating TCM RAM size.
patrick [Mon, 27 Dec 2021 10:59:20 +0000 (10:59 +0000)]
Handle trailing odd-sized 1024 byte blocks when calculating TCM RAM size.

2 years agoBump rxpost and rxcomplete ring size to 1024 for newer chips.
patrick [Mon, 27 Dec 2021 10:56:55 +0000 (10:56 +0000)]
Bump rxpost and rxcomplete ring size to 1024 for newer chips.

2 years agoRework garbage collector for unix(4) sockets.
mvs [Sun, 26 Dec 2021 23:41:41 +0000 (23:41 +0000)]
Rework garbage collector for unix(4) sockets.

This time unix(4) sockets garbage collector always destroys any socket
with positive "fp->f_count == unp->unp_msgcount" equation. This is wrong
because unix(4) sockets within SCM_RIGHTS message but closed on sender
side also have this equation positive. Such sockets are not in the loop,
and if garbage collector kill them before they are received, we get
kernel panic.

FreeBSD already has garbage collector reworked to fix this issue [1]. The
logic is pretty simple so import it to our garbage collector.

1. https://reviews.freebsd.org/D23142

ok bluhm@

2 years agosplit method list search functionality from authmethod_lookup() into
djm [Sun, 26 Dec 2021 23:34:41 +0000 (23:34 +0000)]
split method list search functionality from authmethod_lookup() into
a separate authmethod_byname(), for cases where we don't need to
check whether a method is enabled, etc.

use this to fix the "none" authentication method regression reported
by Nam Nguyen via bugs@

ok deraadt@

2 years agoAdd information about TCM rambase and how to check the SR capability for
patrick [Sun, 26 Dec 2021 20:50:17 +0000 (20:50 +0000)]
Add information about TCM rambase and how to check the SR capability for
a few more chips.

2 years agozap doubled semicolon
tb [Sun, 26 Dec 2021 15:44:29 +0000 (15:44 +0000)]
zap doubled semicolon

2 years agoCheck BIO_indent() return like all the others in this file.
tb [Sun, 26 Dec 2021 15:38:49 +0000 (15:38 +0000)]
Check BIO_indent() return like all the others in this file.

CID 345118

2 years agoCheck error returns for HMAC_* to appease coverity.
tb [Sun, 26 Dec 2021 15:34:26 +0000 (15:34 +0000)]
Check error returns for HMAC_* to appease coverity.

CID 345114

2 years agoOne more leak similar to previous.
tb [Sun, 26 Dec 2021 15:31:24 +0000 (15:31 +0000)]
One more leak similar to previous.

2 years agoPlug leaks
tb [Sun, 26 Dec 2021 15:28:37 +0000 (15:28 +0000)]
Plug leaks

CID 345111

2 years agoPlug memleak
tb [Sun, 26 Dec 2021 15:23:37 +0000 (15:23 +0000)]
Plug memleak

CID 345119

2 years agoDrop pointless cast in i2d_ASN1_BOOLEAN(). This may or may not fix
tb [Sun, 26 Dec 2021 15:20:21 +0000 (15:20 +0000)]
Drop pointless cast in i2d_ASN1_BOOLEAN().  This may or may not fix
a weird coverity warning.

CID 345121

ok jsing

2 years agoConsistently call BN_init() before BN_with_flags()
tb [Sun, 26 Dec 2021 15:16:50 +0000 (15:16 +0000)]
Consistently call BN_init() before BN_with_flags()

BN_with_flags() preserves the BN_FLG_MALLOCED flag of the destination
which results in a potential use of an uninitialized bit. In practice
this doesn't matter since we don't free the cloned BIGNUMs anyway.

As jsing points out, these are mostly pointless noise and should be
garbage collected. I'll leave that for another rainy day.

Coverity flagged one instance BN_gcd_no_branch(), the rest was found by
the ever so helpful grep(1).

CID 345122

ok jsing

2 years agoHoist memset of CBB above EVP_MD_CTX_new() and HMAC_CTX_new() to avoid
tb [Sun, 26 Dec 2021 15:10:59 +0000 (15:10 +0000)]
Hoist memset of CBB above EVP_MD_CTX_new() and HMAC_CTX_new() to avoid
a use of uninitialized in the unlikely event that either of them fails.
Problem introduced in r1.128.

CID 345113

ok jsing

2 years agoCorrect SSL_get_peer_cert_chain() when used with the TLSv1.3 stack.
jsing [Sun, 26 Dec 2021 14:59:52 +0000 (14:59 +0000)]
Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack.

Due to a wonderful API inconsistency, a client includes the peer's leaf
certificate in the stored certificate chain, while a server does not.

Found due to a haproxy test failure reported by Ilya Shipitsin.

ok tb@

2 years agoAttempt to opportunistically use the host name for SNI in s_client.
jsing [Sun, 26 Dec 2021 14:46:06 +0000 (14:46 +0000)]
Attempt to opportunistically use the host name for SNI in s_client.

ok beck@ inoguchi@ tb@

2 years agoDIOCHANGERRULE ioctl must set pointer to ruleset in rule it inserts.
sashan [Sun, 26 Dec 2021 14:04:29 +0000 (14:04 +0000)]
DIOCHANGERRULE ioctl must set pointer to ruleset in rule it inserts.

Reported-by: syzbot+7718c5f69c595f76b298@syzkaller.appspotmail.com
OK bluhm@, OK jmatthew@

2 years agoAdd address locators for the ACPI "bus" and use these to fix the order of
kettenis [Sun, 26 Dec 2021 13:55:36 +0000 (13:55 +0000)]
Add address locators for the ACPI "bus" and use these to fix the order of
the com(4) devices to match the traditional order one the ISA bus.

ok patrick@, anton@

2 years agoFix compiler warnings with sparc64 gcc 4.2.1.
bluhm [Sun, 26 Dec 2021 13:32:05 +0000 (13:32 +0000)]
Fix compiler warnings with sparc64 gcc 4.2.1.

2 years agofix spelling of inheritance
tb [Sun, 26 Dec 2021 12:32:28 +0000 (12:32 +0000)]
fix spelling of inheritance

2 years agoCheck ipAddrBlock and autonomousSysNum for criticality
tb [Sun, 26 Dec 2021 12:30:11 +0000 (12:30 +0000)]
Check ipAddrBlock and autonomousSysNum for criticality

These extensions MUST be marked critical. Criticality is determined by the
ASN1_BOOLEAN that is extracted and ignored after the FIXME a few lines
below each of the two hunks. Rather than getting the info from there, it's
easier to use an API call that checks what was already parsed by d2i_X509().

ok claudio job

2 years agoadd missing include path; ok tb@
anton [Sun, 26 Dec 2021 08:37:21 +0000 (08:37 +0000)]
add missing include path; ok tb@

2 years agoFix unexpanded LOCALBASE and X11BASE
kn [Sun, 26 Dec 2021 02:53:17 +0000 (02:53 +0000)]
Fix unexpanded LOCALBASE and X11BASE

Hardcode them like the script does;  nothing does SUBST_* here
as is practise in ports land.

OK gnezdo

2 years agomake 'set skip on ...' in pf.conf dynamic
sashan [Sun, 26 Dec 2021 01:00:32 +0000 (01:00 +0000)]
make 'set skip on ...' in pf.conf dynamic

This is an old issue in pf(4): whenever new interface appears
in IP stack, we must reload pf.conf to apply 'set skip on ...'
to newly plumbed network interfaces. Time has come to fix it.
The idea is to also create pfi_kif for interfaces, which are
referred by 'set skip on ...'. Such pfi_kif instances are
created/destroyed by pfi_set_flags()/pfi_clear_flags().

claudio@ dragged my attention to this in Gouveia. Also his
feedback helped me to put change into shape.

OK claudio@

2 years agoFix some weird line wrapping and a minor KNF nit
tb [Sat, 25 Dec 2021 23:35:25 +0000 (23:35 +0000)]
Fix some weird line wrapping and a minor KNF nit

2 years agoreword some old text mentioning openbsd 5.5 and windows 7; ok deraadt
tj [Sat, 25 Dec 2021 17:26:13 +0000 (17:26 +0000)]
reword some old text mentioning openbsd 5.5 and windows 7; ok deraadt

2 years agoDon't accept an empty string as selector value
ratchov [Sat, 25 Dec 2021 16:25:07 +0000 (16:25 +0000)]
Don't accept an empty string as selector value

"looks good" edd@

2 years agoMove example about USB devices from -F description to hot plugging section
ratchov [Sat, 25 Dec 2021 16:15:53 +0000 (16:15 +0000)]
Move example about USB devices from -F description to hot plugging section

ok kn

2 years agoNo need for assert.h in here.
tb [Sat, 25 Dec 2021 15:46:05 +0000 (15:46 +0000)]
No need for assert.h in here.

2 years agodrop a meaningless XXX
tb [Sat, 25 Dec 2021 15:43:13 +0000 (15:43 +0000)]
drop a meaningless XXX

2 years agoUse C99 initializers for v3_addr, v3_asid and v3_ct_scts[]
tb [Sat, 25 Dec 2021 15:42:32 +0000 (15:42 +0000)]
Use C99 initializers for v3_addr, v3_asid and v3_ct_scts[]
as is done for most other X.509 v3 extension methods.

discussed with jsing

2 years agoAdd section to explain how to handle device hot plugging
ratchov [Sat, 25 Dec 2021 15:24:02 +0000 (15:24 +0000)]
Add section to explain how to handle device hot plugging

mostly from kn@, tweaks from me

2 years agoFor a long time ip_ours() and ip6_ours() are calling ip_deliver()
bluhm [Sat, 25 Dec 2021 13:35:17 +0000 (13:35 +0000)]
For a long time ip_ours() and ip6_ours() are calling ip_deliver()
without kernel lock.  Unlock the two callers in ip6_input_if() that
have been forgotten.
OK mvs@ kn@

2 years agoIndent goto labels for diffability.
jsing [Sat, 25 Dec 2021 13:17:48 +0000 (13:17 +0000)]
Indent goto labels for diffability.

Whitespace change only.

2 years agoMerge asn_pack.c into asn1_item.c - these are two ASN1_item_* functions.
jsing [Sat, 25 Dec 2021 12:21:36 +0000 (12:21 +0000)]
Merge asn_pack.c into asn1_item.c - these are two ASN1_item_* functions.

No functional change.

2 years agoMerge evp_asn1.c into a_type.c - these are all ASN1_TYPE_* functions.
jsing [Sat, 25 Dec 2021 12:19:16 +0000 (12:19 +0000)]
Merge evp_asn1.c into a_type.c - these are all ASN1_TYPE_* functions.

No functional change.

2 years agoMove more ASN1_STRING_* functions to a_string.c.
jsing [Sat, 25 Dec 2021 12:11:57 +0000 (12:11 +0000)]
Move more ASN1_STRING_* functions to a_string.c.

No functional change.

2 years agoMore consolidation of ASN.1 code.
jsing [Sat, 25 Dec 2021 12:00:22 +0000 (12:00 +0000)]
More consolidation of ASN.1 code.

Consolidate various ASN1_item_* functions into asn1_item.c and the
remaining NO_OLD_ASN1 code (not to be confused with the NO_ASN1_OLD code)
into asn1_old.c. This is preferable to having many files, often with one
or two functions per file.

No functional change.

Discussed with tb@

2 years agoAdjust pty case for kqueue-based poll(2)
visa [Sat, 25 Dec 2021 11:27:19 +0000 (11:27 +0000)]
Adjust pty case for kqueue-based poll(2)

Unlike the old code, kqueue-based poll(2) sets POLLIN when the other
end of a pty has been closed. Calling read(2) on such a pty returns
zero anyway. FreeBSD sets POLLIN too.

2 years agokqueue: Invalidate revoked vnodes' knotes on the fly
visa [Sat, 25 Dec 2021 11:04:58 +0000 (11:04 +0000)]
kqueue: Invalidate revoked vnodes' knotes on the fly

When a tty device is revoked, the associated knotes should be
invalidated. Otherwise the user processes can keep on receiving
events from the device.

It appears tricky to do the invalidation as part of revocation
in a way that does not allow unwanted event registration or clutter
the tty code. For now, make the knotes invalid lazily before delivery.

OK mpi@

2 years agoConsolidate code/templates for ASN.1 types.
jsing [Sat, 25 Dec 2021 08:52:44 +0000 (08:52 +0000)]
Consolidate code/templates for ASN.1 types.

Where an ASN.1 type has its own file, move the ASN.1 item template and
template related functions into the file.

Discussed with tb@

2 years agoMove ASN1_<type>_* functions to the top, encoding/decoding to the bottom.
jsing [Sat, 25 Dec 2021 07:48:09 +0000 (07:48 +0000)]
Move ASN1_<type>_* functions to the top, encoding/decoding to the bottom.

No functional change.

2 years agoRewrite ASN.1 identifier/length parsing in CBS.
jsing [Sat, 25 Dec 2021 07:04:03 +0000 (07:04 +0000)]
Rewrite ASN.1 identifier/length parsing in CBS.

Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs()
functions that are called from asn1_get_object_cbs(). Convert the existing
ASN1_get_object() function so that it calls asn1_get_object_cbs(), before
mapping the result into the API that it implements.

ok tb@

2 years agosync
deraadt [Sat, 25 Dec 2021 02:50:51 +0000 (02:50 +0000)]
sync

2 years agoSync DF_1_* flag definitions with llvm 13, including support in
guenther [Sat, 25 Dec 2021 01:25:51 +0000 (01:25 +0000)]
Sync DF_1_* flag definitions with llvm 13, including support in
readelf -d for displaying them.
(lld 13 sets DF_1_PIE on most our binaries)

ok jsg@

2 years agoUpdate to reflect changes over the last six years
guenther [Sat, 25 Dec 2021 01:13:44 +0000 (01:13 +0000)]
Update to reflect changes over the last six years

2 years agoFilter out all symbols starting with a double underbar. In particular,
tb [Fri, 24 Dec 2021 23:01:56 +0000 (23:01 +0000)]
Filter out all symbols starting with a double underbar.  In particular,
this filters out all retguard symbols, which are no fun to guess. One
recognizes them easily but can get yourself hanged by a single digit!

An earlier version filtering only __retguard symbols was

ok deraadt, jsing

guenther agreed that filtering all double underbar symbols makes sense.
He also suggested to filter out symbols containing several consecutive
digits, but how much fun is guessing libcrypto symbols without all the
X509 goodness?

2 years agowhen getopts prints "unknown option" or "requires argument", it should
deraadt [Fri, 24 Dec 2021 22:08:37 +0000 (22:08 +0000)]
when getopts prints "unknown option" or "requires argument", it should
not print the shell script line number where this occured.  Doing so is
pointless, or an information leak.
This change does not affect any other error reporting.
ok millert

2 years agosync
deraadt [Fri, 24 Dec 2021 20:10:23 +0000 (20:10 +0000)]
sync

2 years agouniq(1): skip() each input line only once
cheloha [Fri, 24 Dec 2021 17:59:28 +0000 (17:59 +0000)]
uniq(1): skip() each input line only once

In uniq(1), skip() is very expensive.  We should only do it once per
input line.  Doing it more than once is redundant, anyway.

Thread: https://marc.info/?l=openbsd-tech&m=163950278018535&w=2

ok millert@

2 years agoRun malloc_duel for 60 seconds instead of 20. It did find kernel
bluhm [Fri, 24 Dec 2021 15:09:10 +0000 (15:09 +0000)]
Run malloc_duel for 60 seconds instead of 20.  It did find kernel
crashes due to missing TLB flushes in the past.  Other stress tests
in regress also run for a minute.  Additional 40 seconds to the run
time of the test suite is a small price compared to higher chance
of finding bugs.

2 years agoReorder some functions.
jsing [Fri, 24 Dec 2021 14:12:26 +0000 (14:12 +0000)]
Reorder some functions.

No functional change.

2 years agoThe RFC 3779 test needs LIBRESSL_CRYPTO_INTERNAL as lon as the API
tb [Fri, 24 Dec 2021 14:00:11 +0000 (14:00 +0000)]
The RFC 3779 test needs LIBRESSL_CRYPTO_INTERNAL as lon as the API
isn't public.

2 years agoUndo commenting of OPENSSL_NO_RFC3779
tb [Fri, 24 Dec 2021 13:58:15 +0000 (13:58 +0000)]
Undo commenting of OPENSSL_NO_RFC3779

The define implies that we have the RFC 3779 API and corresponding
symbols publicly exposed. We don't do that since there are still
concerns about its suitability and security. oss-fuzz has code
depending on this define and this broke its build as tracked down
by jsing. This commit gets us oss-fuzz builds back while keeping
job happy since the extension pretty printing will continue to work.

ok jsing

2 years agoPrepare to provide PEM_write_bio_PrivateKey_traditional()
tb [Fri, 24 Dec 2021 12:59:17 +0000 (12:59 +0000)]
Prepare to provide PEM_write_bio_PrivateKey_traditional()

This will be needed in openssl-ruby after the bump.
Part of OpenSSL commit 05dba815.

ok inoguchi jsing

2 years agoPrepare to provide EVP_CIPHER_CTX_{get,set}_cipher_data
tb [Fri, 24 Dec 2021 12:55:04 +0000 (12:55 +0000)]
Prepare to provide EVP_CIPHER_CTX_{get,set}_cipher_data

They will be needed by security/py-M2Crypto and telephony/sngrep.

ok inoguchi jsing

2 years agoPrepare to provide EVP_CIPHER_CTX_buf_noconst()
tb [Fri, 24 Dec 2021 12:02:15 +0000 (12:02 +0000)]
Prepare to provide EVP_CIPHER_CTX_buf_noconst()

This is just a dumb 'return ctx->buf' whose name was chosen to be consistent
with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf()

ok jsing

The backstory is this:

This wonderful API will be needed by MariaDB once EVP is opaque. To be able
to use its own handrolled AES CTR variant, it needs to reach inside the cipher
ctx's buffer and mess with it:

      uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
      /*
        Not much we can do, block ciphers cannot encrypt data that aren't
        a multiple of the block length. At least not without padding.
        Let's do something CTR-like for the last partial block.

        NOTE this assumes that there are only buf_len bytes in the buf.
        If OpenSSL will change that, we'll need to change the implementation
        of this class too.
      */

Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API
obviously doesn't provide a means of doing any length checks.

If it is any consolation, it was committed with the vague hope of being a
temporary measure as OpenSSL commit 83b06347 suggests:

    Note that the accessors / writers for iv, buf and num may go away, as
    those rather belong in the implementation's own structure (cipher_data)
    when the implementation would affect them [...]

As is true for many temporary kludges and dumb accessors, these are here
to stay a with us for a while.

While I'm at it, MariaDB has other phantastic things it did to ease its
pain with the OpenSSL 1.1 API transition.

To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per
EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and
uses arrays of these sizes that it aligns, casts and passes as ctx to the
EVP API.

Of course, they need to safeguard themselves against the inevitable buffer
overruns that this might cause since the type is opaque and could (and actually
did) change its size between two OpenSSL releases. There is a runtime check in
mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc()
with "coc_malloc()" to determine the sizes that OpenSSL would allocate
internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's
ideas of the ctx sizes.

Go look, I'm not making this stuff up.

2 years agoHook up iocond regress.
visa [Fri, 24 Dec 2021 10:25:36 +0000 (10:25 +0000)]
Hook up iocond regress.

2 years agoReplace wait channel polling with simple sleep for portability.
visa [Fri, 24 Dec 2021 10:22:41 +0000 (10:22 +0000)]
Replace wait channel polling with simple sleep for portability.

2 years agoFix a typo in a comment and add some empty lines for readability
tb [Fri, 24 Dec 2021 10:09:44 +0000 (10:09 +0000)]
Fix a typo in a comment and add some empty lines for readability

2 years agoSync test code after the change of id from size_t to unsigned int.
claudio [Fri, 24 Dec 2021 09:21:41 +0000 (09:21 +0000)]
Sync test code after the change of id from size_t to unsigned int.
Fixes test-http tests which currently fail. The change in test-rrdp.c
are just cosmetic the id is not used by the test.
Reported by anton@

2 years agoDelete obsolete __syscall regress that tested the old lseek syscall
guenther [Fri, 24 Dec 2021 08:49:19 +0000 (08:49 +0000)]
Delete obsolete __syscall regress that tested the old lseek syscall
with an explicit pad argument.

noted by anton@

2 years agoPrint the name of the test before we run it.
jsing [Fri, 24 Dec 2021 08:31:55 +0000 (08:31 +0000)]
Print the name of the test before we run it.

2 years agoadd mtw(4);
jmc [Fri, 24 Dec 2021 07:09:46 +0000 (07:09 +0000)]
add mtw(4);

2 years agouse -nosplit for AUTHORS;
jmc [Fri, 24 Dec 2021 07:08:04 +0000 (07:08 +0000)]
use -nosplit for AUTHORS;

2 years agoiic.4: add apliic to the master list
jmc [Fri, 24 Dec 2021 07:05:55 +0000 (07:05 +0000)]
iic.4: add apliic to the master list
apliic.4: add arch to Dt

2 years agoSupport more mtw(4) devices.
hastings [Fri, 24 Dec 2021 06:53:18 +0000 (06:53 +0000)]
Support more mtw(4) devices.
ASUS USB-N10 v2, D-Link DWA-127 rev B1, Edimax EW-7711UAn v2,
various Ralink/MediaTek ids.

ok stsp@

2 years agoMake poll/select version of filt_solisten() more similar to soo_poll().
visa [Fri, 24 Dec 2021 06:50:16 +0000 (06:50 +0000)]
Make poll/select version of filt_solisten() more similar to soo_poll().

OK mpi@

2 years agoregen
hastings [Fri, 24 Dec 2021 06:19:24 +0000 (06:19 +0000)]
regen

2 years agoAdd some more mtw(4) devices.
hastings [Fri, 24 Dec 2021 06:18:11 +0000 (06:18 +0000)]
Add some more mtw(4) devices.
ASUS USB-N10 v2, D-Link DWA-127 rev B1, Edimax EW-7711UAn v2,
various Ralink/MediaTek ids.

ok stsp@

2 years agoAdd a manual page for mtw(4).
hastings [Fri, 24 Dec 2021 05:25:39 +0000 (05:25 +0000)]
Add a manual page for mtw(4).

ok stsp@

2 years agoStyle tweak in {d2i,i2d}_IPAddrBlocks()
tb [Fri, 24 Dec 2021 03:11:56 +0000 (03:11 +0000)]
Style tweak in {d2i,i2d}_IPAddrBlocks()

2 years agoDrop -g -O0 from CFLAGS
tb [Fri, 24 Dec 2021 03:06:05 +0000 (03:06 +0000)]
Drop -g -O0 from CFLAGS

2 years agolink rfc3779 test to build
tb [Fri, 24 Dec 2021 03:01:23 +0000 (03:01 +0000)]
link rfc3779 test to build

2 years agoAdd initial test coverage for RFC 3779 code.
tb [Fri, 24 Dec 2021 03:00:37 +0000 (03:00 +0000)]
Add initial test coverage for RFC 3779 code.

This exercises the code paths that are reached from the validator
and also tests that the public API behaves as expected. There is a
lot more that could be done here, but this test is already big enough.

Missing are tests for X509v3_{addr,asid}_validate_{path,resource_set}()
themselves.

One test failure is ignored and will be fixed in the near future
when a bad logic error in range_should_be_prefix() is fixed.
A consequence of this bug is that we will currently accept and generate
DER that doesn't conform to RFC 3779.

2 years agoFix some KNF issues in the RFC 3779 section that have bothered me for
tb [Fri, 24 Dec 2021 02:41:35 +0000 (02:41 +0000)]
Fix some KNF issues in the RFC 3779 section that have bothered me for
way too long.

2 years agoKNF nit
tb [Fri, 24 Dec 2021 02:30:15 +0000 (02:30 +0000)]
KNF nit

2 years agoRemove asserts from asid_validate_path_internal()
tb [Fri, 24 Dec 2021 02:28:52 +0000 (02:28 +0000)]
Remove asserts from asid_validate_path_internal()

The first asserts ensure that things checked in the callers hold true.
Turn them into error checks and set the error on the X509_STORE_CTX
if it's present. Checking sk_value(..., i) with i < sk_num(...) isn't
useful, particularly if that check is done via an assert. Turn one
remaining assert into a NULL check. Finally, simplify the sk_num()
checks in the callers.

ok jsing

2 years agoTurn asserts in ASIdentifierChoice_canonize() into error checks
tb [Fri, 24 Dec 2021 02:23:44 +0000 (02:23 +0000)]
Turn asserts in ASIdentifierChoice_canonize() into error checks

The first assert ensures that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.

ok jsing

2 years agoRemove assert from extract_min_max() (again)
tb [Fri, 24 Dec 2021 02:22:16 +0000 (02:22 +0000)]
Remove assert from extract_min_max() (again)

All callers ensure that aor != NULL, so this isn't necessary.

ok jsing

2 years agoRevert previous. The commit contained more than intended.
tb [Fri, 24 Dec 2021 02:17:27 +0000 (02:17 +0000)]
Revert previous. The commit contained more than intended.

2 years agoTurn asserts in ASIdentifierChoice_canonize() into error checks
tb [Fri, 24 Dec 2021 02:12:31 +0000 (02:12 +0000)]
Turn asserts in ASIdentifierChoice_canonize() into error checks

The first assert ensure that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.

ok jsing

2 years agoRemove assert from extract_min_max()
tb [Fri, 24 Dec 2021 02:07:37 +0000 (02:07 +0000)]
Remove assert from extract_min_max()

All callers ensure that aor != NULL, so this isn't necessary.

ok jsing

2 years agoFix indent of a comment.
tb [Fri, 24 Dec 2021 02:04:00 +0000 (02:04 +0000)]
Fix indent of a comment.

2 years agoRemove asserts from addr_validate_path_internal()
tb [Fri, 24 Dec 2021 02:02:37 +0000 (02:02 +0000)]
Remove asserts from addr_validate_path_internal()

This is reachable from x509_verify(), but all asserts are previously
checked in the caller. Turn them into error checks and make sure
the error is set on the X509_STORE_CTX if present. Change some
stack == NULL || sk_num(stack) == 0 checks into sk_num(stack) <= 0
which is equivalent but simpler.

ok jsing

2 years agoTurn assert in X509v3_addr_canonize() into an error check.
tb [Fri, 24 Dec 2021 01:56:08 +0000 (01:56 +0000)]
Turn assert in X509v3_addr_canonize() into an error check.

All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.

ok jsing

2 years agosync
patrick [Fri, 24 Dec 2021 00:07:56 +0000 (00:07 +0000)]
sync

2 years agoapliic(4)
patrick [Fri, 24 Dec 2021 00:07:06 +0000 (00:07 +0000)]
apliic(4)

2 years agoAdd apliic(4), a driver for the I2C controller found on various Apple SoCs.
patrick [Fri, 24 Dec 2021 00:01:39 +0000 (00:01 +0000)]
Add apliic(4), a driver for the I2C controller found on various Apple SoCs.

ok kettenis@

2 years agoFully check the second strtoul() call in v2i_IPAddrBlocks()
tb [Thu, 23 Dec 2021 23:48:38 +0000 (23:48 +0000)]
Fully check the second strtoul() call in v2i_IPAddrBlocks()

This can read a value in an arbitrary base from a string that is
supposed to be followed by whitespace or a colon, so it cannot be
switched to strtonum(). The current checks don't allow a read past
the end, but let's use the standard idiom instead.

ok jsing

2 years agoFix an arbitrary out-of-bounds stack read in v2i_IPAddrBlocks()
tb [Thu, 23 Dec 2021 23:41:26 +0000 (23:41 +0000)]
Fix an arbitrary out-of-bounds stack read in v2i_IPAddrBlocks()

Switch an insufficiently checked strtoul() to strtonum(). This can
be used to trigger a read of a user-controlled size from the stack.

$ openssl req -new -addext 'sbgp-ipAddrBlock = IPv4:192.0.2.0/12341234'
Segmentation fault (core dumped)

The bogus prefix length 12341234 is fed into X509v3_addr_add_prefix() and
used to read (prefixlen + 7) / 8 bytes from the stack variable 'min[16]'
that ends up as 'data' in the memmove in ASN1_STRING_set().

The full fix will add length checks to X509v3_addr_add_prefix() and
make_addressPrefix() and will be dealt with later. The entire
X509v3_{addr,asid}_* API will need a thorough review before it can be
exposed.

This code is only enabled in -current and can only be reached from
openssl.cnf files that contain sbgp-ipAddrBlock or from the openssl(1)
command line.

ok jsing

2 years agofix indent to make it clear a line isn't part of previous if
jsg [Thu, 23 Dec 2021 23:23:42 +0000 (23:23 +0000)]
fix indent to make it clear a line isn't part of previous if
ok deraadt@ millert@

2 years agoRemove unused variables and assignments in ah and esp output.
bluhm [Thu, 23 Dec 2021 22:35:11 +0000 (22:35 +0000)]
Remove unused variables and assignments in ah and esp output.
found by clang 13; OK tobhe@

2 years agoFix endless loop in the interrupt handler. When iterating over each
patrick [Thu, 23 Dec 2021 20:48:24 +0000 (20:48 +0000)]
Fix endless loop in the interrupt handler.  When iterating over each
GPIO base register we must not replace the iterator variable with the
index of the pin inside the register.

ok kettenis@

2 years agosync
guenther [Thu, 23 Dec 2021 18:50:59 +0000 (18:50 +0000)]
sync

2 years agoRoll the syscalls that have an off_t argument to remove the explicit padding.
guenther [Thu, 23 Dec 2021 18:50:31 +0000 (18:50 +0000)]
Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets.  This affected the nine system
calls that pass off_t arguments:
   ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned.  Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them.  The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument.  So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel.  Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

2 years agofix typo: boolean true should decode to 1, not 0
tb [Thu, 23 Dec 2021 18:12:58 +0000 (18:12 +0000)]
fix typo: boolean true should decode to 1, not 0

2 years agoRoute templated implementations of {d2i,i2d}_ASN1_BOOLEAN() through
tb [Thu, 23 Dec 2021 18:04:41 +0000 (18:04 +0000)]
Route templated implementations of {d2i,i2d}_ASN1_BOOLEAN() through
ASN1_item_ex_{d2i,i2d}() instead of ASN1_item_{d2i,i2d}(). Fixes test
failure on sparc64, and hopefully all other architectures.

reported by tobhe
with/ok jsing

2 years agoIPsec is not MP safe yet. To allow forwarding in parallel without
bluhm [Thu, 23 Dec 2021 12:21:48 +0000 (12:21 +0000)]
IPsec is not MP safe yet.  To allow forwarding in parallel without
dirty hacks, it is better to protect IPsec input and output with
kernel lock.  Not much is lost as crypto needs the kernel lock
anyway.  From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path.  Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@