openbsd
5 months agoRemove the now unsued s argument to SCHED_LOCK and SCHED_UNLOCK.
claudio [Mon, 3 Jun 2024 12:48:25 +0000 (12:48 +0000)]
Remove the now unsued s argument to SCHED_LOCK and SCHED_UNLOCK.

The SPL level is not tacked by the mutex and we no longer need to track
this in the callers.
OK miod@ mlarkin@ tb@ jca@

5 months agoThere is no more LO_CLASS_SCHED_LOCK lock class.
claudio [Mon, 3 Jun 2024 12:46:59 +0000 (12:46 +0000)]
There is no more LO_CLASS_SCHED_LOCK lock class.
OK miod@ mlarkin@ tb@ jca@

5 months agoRemove superfluous pmap_extract() call in the hibernation path.
mglocker [Mon, 3 Jun 2024 12:01:57 +0000 (12:01 +0000)]
Remove superfluous pmap_extract() call in the hibernation path.

ok jsg@

5 months agoimplement rapid commit
florian [Mon, 3 Jun 2024 11:08:31 +0000 (11:08 +0000)]
implement rapid commit

5 months agosync
florian [Mon, 3 Jun 2024 10:08:05 +0000 (10:08 +0000)]
sync

5 months agoTrack changes to dhcp6leased.conf
florian [Mon, 3 Jun 2024 10:07:27 +0000 (10:07 +0000)]
Track changes to dhcp6leased.conf

looks correct to deraadt

5 months agoetc bits for dhcp6leased
florian [Mon, 3 Jun 2024 10:06:35 +0000 (10:06 +0000)]
etc bits for dhcp6leased

looks correct to deraadt

5 months agohook dhcp6leased to the build
florian [Mon, 3 Jun 2024 10:05:18 +0000 (10:05 +0000)]
hook dhcp6leased to the build
OK deraadt

5 months agoFix input handling wrt redrawing. The new version of curses does
otto [Mon, 3 Jun 2024 09:43:10 +0000 (09:43 +0000)]
Fix input handling wrt redrawing. The new version of curses does
not like shortcutting switching windows, especially if you're also
using libc for i/o. Reported by Don Wilburn; ok jsg@

5 months agoPledge violation messages are no longer accessible through dmesg since
anton [Mon, 3 Jun 2024 08:02:22 +0000 (08:02 +0000)]
Pledge violation messages are no longer accessible through dmesg since
the switch to uprintf. Attach a pseudo terminal in pledge regress in order to
observe the syscall number that caused the pledge violation, shrug.

5 months agoPassing a NULL digest to SHA routines from libcrypto is no longer
anton [Mon, 3 Jun 2024 06:14:32 +0000 (06:14 +0000)]
Passing a NULL digest to SHA routines from libcrypto is no longer
supported.

ok tb@

5 months agoavoid shadowing a local variable in a lower scope
deraadt [Mon, 3 Jun 2024 03:41:47 +0000 (03:41 +0000)]
avoid shadowing a local variable in a lower scope

5 months agoSpelling fixes and removal of unneeded prototypes and extern.
millert [Mon, 3 Jun 2024 00:58:04 +0000 (00:58 +0000)]
Spelling fixes and removal of unneeded prototypes and extern.
From jsg@ via upstream.

5 months agoBuild with WARNINGS=Yes and fix resulting warnings.
millert [Mon, 3 Jun 2024 00:55:05 +0000 (00:55 +0000)]
Build with WARNINGS=Yes and fix resulting warnings.

5 months agoremove prototypes with no matching function
jsg [Sun, 2 Jun 2024 23:26:39 +0000 (23:26 +0000)]
remove prototypes with no matching function
leave prototypes with functions in OpenSMTPD-extras
ok op@

5 months agosencond -> second; ok florian@
jsg [Sun, 2 Jun 2024 22:41:42 +0000 (22:41 +0000)]
sencond -> second; ok florian@

5 months agough, another typo; spotted by naddy
deraadt [Sun, 2 Jun 2024 18:47:17 +0000 (18:47 +0000)]
ugh, another typo; spotted by naddy

5 months agooops typo
deraadt [Sun, 2 Jun 2024 18:01:37 +0000 (18:01 +0000)]
oops typo

5 months agoprev_plen is only accessed on the 2nd round through the loop.
florian [Sun, 2 Jun 2024 17:44:06 +0000 (17:44 +0000)]
prev_plen is only accessed on the 2nd round through the loop.

Static analysers don't understand this. So give it a value
to shut them up.
Reported by jsg

5 months agoFix indent; pointed out by miod
florian [Sun, 2 Jun 2024 17:38:44 +0000 (17:38 +0000)]
Fix indent; pointed out by miod

5 months agoMake sure we find a link-local address and rdomain
florian [Sun, 2 Jun 2024 17:33:48 +0000 (17:33 +0000)]
Make sure we find a link-local address and rdomain

pointed out by jsg & miod

5 months agogc unused variable
florian [Sun, 2 Jun 2024 17:26:54 +0000 (17:26 +0000)]
gc unused variable

pointed out by jsg

5 months agoGrow amd64 install*.{iso,img} because -fret-clean *.tgz sets are a tiny
deraadt [Sun, 2 Jun 2024 16:00:07 +0000 (16:00 +0000)]
Grow amd64 install*.{iso,img} because -fret-clean *.tgz sets are a tiny
bit bigger.

5 months agoDue to growth, crunchgen must also try to block -fret-clean, so also use
deraadt [Sun, 2 Jun 2024 15:55:36 +0000 (15:55 +0000)]
Due to growth, crunchgen must also try to block -fret-clean, so also use
COPTS+=-fno-ret-clean

5 months agoDue to growth we can't allow -fret-clean behaviour in distrib/special,
deraadt [Sun, 2 Jun 2024 15:54:03 +0000 (15:54 +0000)]
Due to growth we can't allow -fret-clean behaviour in distrib/special,
so use COPTS+=-fno-ret-clean

5 months agooops, we need to hold on to ifap for a bit longer
florian [Sun, 2 Jun 2024 15:43:24 +0000 (15:43 +0000)]
oops, we need to hold on to ifap for a bit longer

5 months agoadd -fret-clean option (amd64 and i386 only at first), defaulting to off.
deraadt [Sun, 2 Jun 2024 15:42:19 +0000 (15:42 +0000)]
add -fret-clean option (amd64 and i386 only at first), defaulting to off.
This causes the caller to cleans the return address off the stack after
a callq completes.  The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs.  The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.

5 months agoadd -fret-clean option (amd64 and i386 only at first), defaulting to off.
deraadt [Sun, 2 Jun 2024 15:40:38 +0000 (15:40 +0000)]
add -fret-clean option (amd64 and i386 only at first), defaulting to off.
This causes the caller to cleans the return address off the stack after
a callq completes.  The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs.  The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.

5 months agopledge, MAP_STACK, and pinsyscall failures have been providing failure
deraadt [Sun, 2 Jun 2024 15:31:56 +0000 (15:31 +0000)]
pledge, MAP_STACK, and pinsyscall failures have been providing failure
visibility with kernel printf(9) (thus, onto console and into dmesg) since
the start of development.  I want to reduce the dmesg spam, and bring
this more into the attention of the user who ran the command, so let's
try using uprintf(9) which puts it onto the active foreground tty (yes,
there maybe cases where there is no tty, but that's ok.  I'll admit
I've considered deleting the logging messages entirely)
tested in snaps for a week

5 months agofix leaks
florian [Sun, 2 Jun 2024 15:19:05 +0000 (15:19 +0000)]
fix leaks

5 months agoUnlike DHCPv4 we will only send multicast messages.
florian [Sun, 2 Jun 2024 14:07:19 +0000 (14:07 +0000)]
Unlike DHCPv4 we will only send multicast messages.

Initialize destination address once and fold udp_send_packet()
into send_packet().
While here improve debugging output a bit.

5 months agowe do not poke around in udp headers
florian [Sun, 2 Jun 2024 13:55:37 +0000 (13:55 +0000)]
we do not poke around in udp headers

5 months agoDHCPv6 is not concerned with link layer addresses.
florian [Sun, 2 Jun 2024 13:35:52 +0000 (13:35 +0000)]
DHCPv6 is not concerned with link layer addresses.
pointed out by martijn

5 months agoImplement renew & rebind.
florian [Sun, 2 Jun 2024 12:41:46 +0000 (12:41 +0000)]
Implement renew & rebind.

Missed in previous.

5 months agoSwitch to rebinding at the rebinding time not when one timeout past.
florian [Sun, 2 Jun 2024 12:39:26 +0000 (12:39 +0000)]
Switch to rebinding at the rebinding time not when one timeout past.

Spotted while hacking on dhcp6leased(8)

5 months agosync
florian [Sun, 2 Jun 2024 12:33:56 +0000 (12:33 +0000)]
sync

5 months agouser, group & /var/db/dhcp6leased for dhcpleased(8)
florian [Sun, 2 Jun 2024 12:32:33 +0000 (12:32 +0000)]
user, group & /var/db/dhcp6leased for dhcpleased(8)

typo spotted by ccappuc
Input & OK deraadt

5 months agoImport dhcp6leased(8)
florian [Sun, 2 Jun 2024 12:28:05 +0000 (12:28 +0000)]
Import dhcp6leased(8)

dhcp6leased is a daemon to manage IPv6 prefix delegations. It requests
a prefix from an upstream DHCPv6 server and configures downstream
network interfaces. rad(8) can be used to advertise available prefixes
to clients.

It's a transmogrified dhcpleased(8), so it's a bit rough around the
edges. But it can already request and renew prefixes and configure
interfaces. It's time to hack on it in-tree.

OK deraadt

5 months agoPower down PCI devices in S0 as well. Needed for suspend-to-idle.
kettenis [Sun, 2 Jun 2024 11:08:41 +0000 (11:08 +0000)]
Power down PCI devices in S0 as well.  Needed for suspend-to-idle.

ok mglocker@

5 months agomd4/ripemd: remove misplaced semicolons
tb [Sat, 1 Jun 2024 18:42:49 +0000 (18:42 +0000)]
md4/ripemd: remove misplaced semicolons

5 months agoNeuter the bounded attribute as was done elsewhere for portable
tb [Sat, 1 Jun 2024 17:56:44 +0000 (17:56 +0000)]
Neuter the bounded attribute as was done elsewhere for portable

5 months agoRemove mention of SHA-0, update STANDARDS section
tb [Sat, 1 Jun 2024 12:35:23 +0000 (12:35 +0000)]
Remove mention of SHA-0, update STANDARDS section

5 months agosndiod: Don't add/remove server.device entries in dev_{open,close}()
ratchov [Sat, 1 Jun 2024 09:44:10 +0000 (09:44 +0000)]
sndiod: Don't add/remove server.device entries in dev_{open,close}()

Fixes server.device entries disappearing when usb devices are unplugged
while in use. Found, analysed and tested by Laurie Tratt, thanks!

5 months agoMissed SHA224() in previous: reverse order of attributes
tb [Sat, 1 Jun 2024 08:11:44 +0000 (08:11 +0000)]
Missed SHA224() in previous: reverse order of attributes

5 months agoReverse order of attributes
tb [Sat, 1 Jun 2024 07:44:11 +0000 (07:44 +0000)]
Reverse order of attributes

requested by jsing on review

5 months agoRemove support for static buffers in HMAC/digests
tb [Sat, 1 Jun 2024 07:36:16 +0000 (07:36 +0000)]
Remove support for static buffers in HMAC/digests

HMAC() and the one-step digests used to support passing a NULL buffer and
would return the digest in a static buffer. This design is firmly from the
nineties, not thread safe and it saves callers a single line. The few ports
that used to rely this were fixed with patches sent to non-hostile (and
non-dead) upstreams. It's early enough in the release cycle that remaining
uses hidden from the compiler should be caught, at least the ones that
matter.

There won't be that many since BoringSSL removed this feature in 2017.
https://boringssl-review.googlesource.com/14528

Add non-null attributes to the headers and add a few missing bounded
attributes.

ok beck jsing

5 months agobe really strict with fds reserved for communication with the separate
djm [Sat, 1 Jun 2024 07:03:37 +0000 (07:03 +0000)]
be really strict with fds reserved for communication with the separate
sshd-session process - reserve them early and fatal if we can't dup2(2)
them later. The pre-split fallback to re-reading the configuration
files is not possible, so sshd-session absolutely requires the fd the
configuration is passed over to be in order.

ok deraadt@

5 months agoMove common definitions into the header file.
aoyama [Sat, 1 Jun 2024 00:48:16 +0000 (00:48 +0000)]
Move common definitions into the header file.

No binary change.

5 months agoPreferred and valid lifetime options are sometimes ignored.
florian [Fri, 31 May 2024 16:19:53 +0000 (16:19 +0000)]
Preferred and valid lifetime options are sometimes ignored.

When a prefix is discovered on a network interface and and the IP
address has a valid or preferred lifetime configured that value is
used instead of the static value from the configuration.

Limitation pointed out by & man page text proposed by Ryan Vogt.
Slightly tweaked by me.

rad(8) should calculate the minimum of the static value from the
config file and what is configured on the interface. Implementing that
is slightly complicated and is left for a future diff.

5 months agoPrefixes delegated via DHCPv6 have a lifetime, honour it.
florian [Fri, 31 May 2024 16:10:42 +0000 (16:10 +0000)]
Prefixes delegated via DHCPv6 have a lifetime, honour it.

The "auto prefix" feature derives the prefix to announce from a
configured IPv6 address. If that address has a vltime / pltime use
that value in router advertisements instead of statically configured
values.

We also need to count down the vltime / pltime as time progresses.

testing Ryan Vogt
testing & OK bket@, jmatthew@

5 months agogetifaddrs(3) does a non trivial amount of work.
florian [Fri, 31 May 2024 16:10:02 +0000 (16:10 +0000)]
getifaddrs(3) does a non trivial amount of work.

Call it once and pass a pointer to the head of the list around when
reconfiguring interfaces.

testing Ryan Vogt
ok benno
testing & OK bket@, jmatthew@

5 months agoDocument a weird decision in RFC 8209
tb [Fri, 31 May 2024 11:27:34 +0000 (11:27 +0000)]
Document a weird decision in RFC 8209

The subject commonName of a BGPsec Router Certificate is RECOMMENDED to
be "CN=ROUTER-%08x", asn. It thus made perfect sense to deviate from
RFC 6487 and support encoding this as a UTF8String... We have three such
certs in the wild, so punt on complicating the logic at least until the
point where we need more than the fingers of one hand to count them.

ok claudio

5 months agowarn when -r (deprecated option to disable re-exec) is passed
djm [Fri, 31 May 2024 09:01:08 +0000 (09:01 +0000)]
warn when -r (deprecated option to disable re-exec) is passed

5 months agotypos
djm [Fri, 31 May 2024 08:49:35 +0000 (08:49 +0000)]
typos

5 months agorpki-client: check issuer for certs and CRLs
tb [Fri, 31 May 2024 02:45:15 +0000 (02:45 +0000)]
rpki-client: check issuer for certs and CRLs

Per RFC 6487, the subject and issuer fields of a certificate and the issuer
field of a CRL are subject to the same restrictions: only a commonName and
an optional serialNumber may be present and the commonName must be an ASN.1
printable string.

So far we've only checked the subject of certificates, which covers almost
everything by relying on the verifier to check that the issuer's subject is
identical to the subject's issuer, also for CRLs per X509_V_FLAG_CRL_CHECK.
The only thing missing this way is the TA's issuer.

Since the check is cheap and simple, we're better off doing it ourselves:
Refactor the x509_vaild_subject() helper to take an X509_NAME (which is of
course the appropriate name for a type representing an X.501 distinguished
name). This checks the details of RFC 6487, section 4.4, except that we
still can't check for a printable string since afrinic has ~3000 EE certs
that don't follow the spec, which would knock out ~45% of their ROAs. We're
told that this is going to be fixed this year.

looks good to claudio
ok job

5 months agoAdjust hmac test for removal of static buffer from HMAC()
tb [Thu, 30 May 2024 17:01:38 +0000 (17:01 +0000)]
Adjust hmac test for removal of static buffer from HMAC()

5 months agosem_open() uses /tmp/*.sem files. Exclude them from /tmp daily cleanup
sthen [Thu, 30 May 2024 14:29:05 +0000 (14:29 +0000)]
sem_open() uses /tmp/*.sem files. Exclude them from /tmp daily cleanup
like is already done for /tmp/*.shm used by libc.

ok millert@ tb@, same diff landry@

5 months agossl(8): the history section hasn't aged well at all. zap it.
tb [Thu, 30 May 2024 14:06:23 +0000 (14:06 +0000)]
ssl(8): the history section hasn't aged well at all. zap it.

discussed with naddy and jmc
ok naddy

5 months agoProperly setup the fts_state in the FTS_D case.
claudio [Thu, 30 May 2024 12:33:15 +0000 (12:33 +0000)]
Properly setup the fts_state in the FTS_D case.

At fts_level 1 the state needs to be fully reset since we most probably
exited from a directory at level 1 and entered a new dir at level 1.
Without this empty directories remained since the fts_state.type
was wrong for those entries.
Noticed by job@, OK tb@

5 months agoEnsure pmap_create() waits in case kernel virtual space shortage.
mpi [Thu, 30 May 2024 10:56:24 +0000 (10:56 +0000)]
Ensure pmap_create() waits in case kernel virtual space shortage.

Prevents a panic in pmap_pinit_pd_pae() when applying a lot of memory
pressure and the kernel needs time to recover while swapping.

Reported and fix tested by mvs@, also tested by sthen@

ok mlarkin@, mvs@, kettenis@

5 months agoavoid potential use-after-free
jsg [Thu, 30 May 2024 10:25:58 +0000 (10:25 +0000)]
avoid potential use-after-free
found by smatch, ok tb@

5 months agoIncrease logging verbosity as to what exactly hit a limit
job [Thu, 30 May 2024 09:54:59 +0000 (09:54 +0000)]
Increase logging verbosity as to what exactly hit a limit

rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: pulling from network
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: downloading snapshot (bfb0a57e-d16b-44a1-9502-f15b4bc1ce1a#110135)
rpki-client: parse failed, snapshot element for rsync://testbed.krill.cloud/repo/testbed/0/DDAF321520EE4817D716FA047FC05FE2934204DB.crl too big
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: parse error at line 135: parsing aborted
rpki-client: https://testbed.krill.cloud/rrdp/notification.xml: load from network failed, fallback to rsync

OK tb@ claudio@

5 months agoFix copy-paste error in last commit. Fixes lladdr and l3vpn regress.
claudio [Thu, 30 May 2024 08:29:30 +0000 (08:29 +0000)]
Fix copy-paste error in last commit. Fixes lladdr and l3vpn regress.
Noticed by anton@

5 months agoarm64: move cpu_suspended out of #ifdef SUSPEND
tb [Thu, 30 May 2024 04:16:25 +0000 (04:16 +0000)]
arm64: move cpu_suspended out of #ifdef SUSPEND

Matches amd64 and i386 and unbreaks the RAMDISK build

ok deraadt

5 months agosync
tb [Thu, 30 May 2024 04:14:07 +0000 (04:14 +0000)]
sync

5 months agoConvert SCHED_LOCK from a recursive kernel lock to a mutex.
claudio [Wed, 29 May 2024 18:55:45 +0000 (18:55 +0000)]
Convert SCHED_LOCK from a recursive kernel lock to a mutex.

Over the last weeks the last SCHED_LOCK recursion was removed so this
is now possible and will allow to split up the SCHED_LOCK in a upcoming
step.

Instead of implementing an MP and SP version of SCHED_LOCK this just
always uses the mutex implementation.
While this makes the local s argument unused (the spl is now tracked by
the mutex itself) it is still there to keep this diff minimal.

Tested by many.
OK jca@ mpi@

5 months agoasn1object: zap trailing whitespace
tb [Wed, 29 May 2024 17:23:05 +0000 (17:23 +0000)]
asn1object: zap trailing whitespace

5 months agoMake it possible for the large OID test to fail
tb [Wed, 29 May 2024 16:49:36 +0000 (16:49 +0000)]
Make it possible for the large OID test to fail

failed was set to 0 at the top of the function, so failure and success
were indistinguishable. Move failed = 0 to the end so it can actually
fail.

5 months agoAdd regress coverage for some corner cases of i2d_ASN1_OBJECT()
tb [Wed, 29 May 2024 16:47:26 +0000 (16:47 +0000)]
Add regress coverage for some corner cases of i2d_ASN1_OBJECT()

5 months agoAdd regress coverage for i2d_ASN1_OBJECT() fixes
tb [Wed, 29 May 2024 16:19:50 +0000 (16:19 +0000)]
Add regress coverage for i2d_ASN1_OBJECT() fixes

5 months agoFix i2d_ASN1_OBJECT()
tb [Wed, 29 May 2024 16:14:38 +0000 (16:14 +0000)]
Fix i2d_ASN1_OBJECT()

When called with a pointer to NULL as an output buffer, one would expect
an i2d API to allocate the buffer and return it. The implementation here
is special and the allocation dance was forgotten, resulting in a SIGSEGV.
Add said dance.

ok jsing

5 months agoMake i2d_ASN1_OBJECT() return -1 on error
tb [Wed, 29 May 2024 16:10:41 +0000 (16:10 +0000)]
Make i2d_ASN1_OBJECT() return -1 on error

This is what the (not quite appropriately) referenced ASN1_item_i2d()
page documents for errors, matches what the RETURN VALUE section has
been documenting for ages, matches BoringSSL, it's the usal behavior
for i2d_*. It's also what OpenSSL (of course incorrectly) documents.

discussed with jsing

5 months agoRemove unnecessary parens from i2d_ASN1_OBJECT()
tb [Wed, 29 May 2024 16:04:50 +0000 (16:04 +0000)]
Remove unnecessary parens from i2d_ASN1_OBJECT()

5 months agorecognise Cortex-X925 (Blackhawk), Cortex-A725 (Chaberton)
jsg [Wed, 29 May 2024 15:32:06 +0000 (15:32 +0000)]
recognise Cortex-X925 (Blackhawk), Cortex-A725 (Chaberton)

5 months agoSet 'needs-flag' for ufshci(4) as preparation for some future hibernate
mglocker [Wed, 29 May 2024 13:56:49 +0000 (13:56 +0000)]
Set 'needs-flag' for ufshci(4) as preparation for some future hibernate
code.  Remove obsolete comment while here as pointed out by kettenis@.

ok kettenis@

5 months agoClean up the list of standards a little
tb [Wed, 29 May 2024 13:27:52 +0000 (13:27 +0000)]
Clean up the list of standards a little

No need to spell out RPKI and a few other things every time they appear
in titles. Replace an obsolete standard with a new draft.

with/ok job

5 months agorpki-client: rework CRL handling
tb [Wed, 29 May 2024 13:26:24 +0000 (13:26 +0000)]
rpki-client: rework CRL handling

There is no benefit in parsing the CRLNumber in the RPKI. It is redundant
with other mechanisms, notably the requirements on manifests. rpki-client
never did anything with the CRL number anyway so stop parsing it in the
main process.

Move CRL AKI and CRL number handling from x509.c to crl.c, slightly improve
error checking for X509_CRL_get_ext_d2i() and only check well-formedness of
the CRL number: check it's there and non-critical. Avoid double warnings.

Add some checks for the well-formedness of the list of revoked certs.
Due to bugs in rpki-rs and Krill we can't reject empty lists (because
~15% of CRL's have this). And some people still use CRLs revoking certs
at the time they expire. This latter point might change mid-2025.

Add a hook for printing CRL numbers in file mode and warn about ill-formed
numbers (negative and overlong ones).

ok claudio job

5 months agoImplement the guts for "suspend-to-idle" on amd64. This enables suspend
kettenis [Wed, 29 May 2024 12:21:33 +0000 (12:21 +0000)]
Implement the guts for "suspend-to-idle" on amd64.  This enables suspend
on machines that don't support S3.  In its current state it doesn't save
a lot of power, but this should improve over time.  Implementation of
wakeup methods is incomplete which means that some machine can't resume
at the moment.

ok mglocker@, mlarkin@, stsp@, deraadt@

5 months agoHandle IPvX only interfaces with IPvY sessions more gracefully.
claudio [Wed, 29 May 2024 10:41:12 +0000 (10:41 +0000)]
Handle IPvX only interfaces with IPvY sessions more gracefully.

In up_get_nexthop() check that the local_vX_addr is actually valid
before using it. In the UPDATE generation functions check that the
nexthop is valid before adding it and fail hard if it does not exist.
You can't announce an IPv4 prefix/gateway over an IPv6 only link.
OK henning@ sthen@

5 months agoOnly fall back to the default IPv4 unicast mode if there was no MP
claudio [Wed, 29 May 2024 10:38:24 +0000 (10:38 +0000)]
Only fall back to the default IPv4 unicast mode if there was no MP
capability neither from our side not the remote end.

Also track unknown AFI/SAFI combos for the remote end in AID_UNSPEC
this way even unknown combos will prevent a fall back.
OK henning@ sthen@

5 months agoRemove nexthop_compare() prototype.
claudio [Wed, 29 May 2024 10:36:32 +0000 (10:36 +0000)]
Remove nexthop_compare() prototype.
OK henning@ sthen@

5 months agoRename nexthop_compare to nexthop_cmp and make it static inline.
claudio [Wed, 29 May 2024 10:34:56 +0000 (10:34 +0000)]
Rename nexthop_compare to nexthop_cmp and make it static inline.
OK henning@ sthen@

5 months agoIntroduce a ring buffer for log_sockaddr() this way log_addr() can be
claudio [Wed, 29 May 2024 10:34:07 +0000 (10:34 +0000)]
Introduce a ring buffer for log_sockaddr() this way log_addr() can be
used more then once in a log message (e.g. log_peer_warnx + log_addr.
OK henning@ sthen@

5 months agodocument qwx(4) caveats and known bugs
stsp [Wed, 29 May 2024 09:04:12 +0000 (09:04 +0000)]
document qwx(4) caveats and known bugs

5 months agofix WEP on athn(4) USB hostap
stsp [Wed, 29 May 2024 07:27:33 +0000 (07:27 +0000)]
fix WEP on athn(4) USB hostap

Deferring installation of software crypto keys to a task context is
not needed and results in race conditions that trigger the infamous
"key not installed for sw crypto" panic.

5 months agorepair qwx(4) WEP and TKIP via software crypto
stsp [Wed, 29 May 2024 07:24:26 +0000 (07:24 +0000)]
repair qwx(4) WEP and TKIP via software crypto

It is difficult to make WEP and WPA1/TKIP work with hardware crypto.
Add a comment which explains why.

Ensure that setkey task state is properly cleared when the interface
goes down. This issue was found while trying to add WEP keys for hw
crypto, but is still worth fixing in general.

Also, use m_makespace to append trailing padding for the MIC when
hardware crypto is used in combination with "raw" frame mode (not
the default), instead of blindly adjusting m_len.

ok kevlo@

5 months agoregen
jsg [Wed, 29 May 2024 06:49:38 +0000 (06:49 +0000)]
regen

5 months agoanother apple bluetooth; from jon@elytron.openbsd.amsterdam
jsg [Wed, 29 May 2024 06:48:43 +0000 (06:48 +0000)]
another apple bluetooth; from jon@elytron.openbsd.amsterdam

5 months agoindent with tabs not spaces; from jon@elytron.openbsd.amsterdam
jsg [Wed, 29 May 2024 06:39:13 +0000 (06:39 +0000)]
indent with tabs not spaces; from jon@elytron.openbsd.amsterdam

5 months agoremove externs with no matching var
jsg [Wed, 29 May 2024 01:11:53 +0000 (01:11 +0000)]
remove externs with no matching var

5 months agoremove prototypes with no matching function
jsg [Wed, 29 May 2024 00:48:14 +0000 (00:48 +0000)]
remove prototypes with no matching function

5 months agodocument MODPY_COMPILEALL, MODPY_PYTEST_USERARGS
sthen [Tue, 28 May 2024 16:05:39 +0000 (16:05 +0000)]
document MODPY_COMPILEALL, MODPY_PYTEST_USERARGS

5 months agoTest that invalid operations push the X509V3_R_UNSUPPORTED_OPTION error
tb [Tue, 28 May 2024 15:42:09 +0000 (15:42 +0000)]
Test that invalid operations push the X509V3_R_UNSUPPORTED_OPTION error

5 months agoClean up and fix X509V3_EXT_add1_i2d()
tb [Tue, 28 May 2024 15:40:38 +0000 (15:40 +0000)]
Clean up and fix X509V3_EXT_add1_i2d()

When looking at this code I noticed a few leaks. Fixing those leaks
was straightforward, but following the code was really hard.

This attempts to make the logic a bit clearer. In short, there are
6 mutually exclusive modes for this function (passed in the variable
aptly called flags). The default mode is to append the extension of
type nid and to error if such an extension already exists. Then there
are other modes with varying degree of madness.

The existing code didn't make X509V3_ADD_REPLACE explicit, which is
confusing. Operations 6-15 would all be treated like X509V3_ADD_REPLACE
due to the way the function was written. Handle the supported operations
via a switch and error for operations 6-15. This and the elimination
of leaks are the only changes of behavior, as validated by relatively
extensive test coverage.

ok jsing

5 months agoAdd regress coverage for X509V3_add1_i2d()
tb [Tue, 28 May 2024 15:33:35 +0000 (15:33 +0000)]
Add regress coverage for X509V3_add1_i2d()

5 months agoRework the pmap ASID handling to not require the SCHED_LOCK
claudio [Tue, 28 May 2024 15:16:45 +0000 (15:16 +0000)]
Rework the pmap ASID handling to not require the SCHED_LOCK

The ASID lookup code already uses its own mutex (pmap_asid_mtx)
and this mutex is enough to ensure that pmap_rollover_asid()
is safe. Now only the generation number check in pmap_setttb()
is done without the lock but the update of the pmap_asid_gen
is now atomic so using READ_ONCE there is enough.

OK kettenis@ mpi@

5 months agoremove outdated zlib version information
tb [Tue, 28 May 2024 13:42:06 +0000 (13:42 +0000)]
remove outdated zlib version information

from jan stary
fine with jmc

5 months agoremove space between function names and argument list
jsg [Tue, 28 May 2024 13:21:13 +0000 (13:21 +0000)]
remove space between function names and argument list

5 months agoreturn type on a dedicated line when declaring functions
jsg [Tue, 28 May 2024 13:02:45 +0000 (13:02 +0000)]
return type on a dedicated line when declaring functions
ok stsp@

5 months agoremove maxmem extern, var removed from all archs long ago
jsg [Tue, 28 May 2024 12:50:23 +0000 (12:50 +0000)]
remove maxmem extern, var removed from all archs long ago