kettenis [Tue, 20 Apr 2021 19:33:03 +0000 (19:33 +0000)]
Match on "amlogic,meson-sm1-mmc" compatible.
tb [Tue, 20 Apr 2021 17:38:02 +0000 (17:38 +0000)]
Fix indent of EC_METHODs as requested by jsing.
While there zap trailing whitespace from a KNF approximation gone wrong.
tb [Tue, 20 Apr 2021 17:35:21 +0000 (17:35 +0000)]
Adjust ectest.c for set_compressed_coordinates
tb [Tue, 20 Apr 2021 17:34:33 +0000 (17:34 +0000)]
Compare pointer against NULL and fix a KNF issue.
ok jsing
tb [Tue, 20 Apr 2021 17:32:57 +0000 (17:32 +0000)]
Prepare to provide EC_POINT_set_compressed_coordinates
ok jsing
tb [Tue, 20 Apr 2021 17:30:32 +0000 (17:30 +0000)]
Adjust ectest.c for get_Jprojective coordinate change
tb [Tue, 20 Apr 2021 17:29:21 +0000 (17:29 +0000)]
Compare function pointers against NULL, not 0.
ok jsing
tb [Tue, 20 Apr 2021 17:28:18 +0000 (17:28 +0000)]
Provide EC_POINT_{g,s}et_Jprojective_coordinates for internal use
ok jsing
tb [Tue, 20 Apr 2021 17:23:37 +0000 (17:23 +0000)]
Simplify code after adding EC_POINT_{s,g}et_affine_coordinates()
ok jsing
tb [Tue, 20 Apr 2021 17:21:27 +0000 (17:21 +0000)]
Adjust ecdhtest.c for affine_coordinates change
tb [Tue, 20 Apr 2021 17:19:39 +0000 (17:19 +0000)]
Adjust ectest.c for affine_coordinates change
tb [Tue, 20 Apr 2021 17:17:47 +0000 (17:17 +0000)]
Compare function pointers against NULL, not 0.
ok jsing
tb [Tue, 20 Apr 2021 17:16:37 +0000 (17:16 +0000)]
Prepare to provide EC_POINT_{g,s}et_affine_coordinates
Similar to part of OpenSSL commit
8e3cced75fb5fee5da59ebef9605d403a999391b
ok jsing
tb [Tue, 20 Apr 2021 17:12:43 +0000 (17:12 +0000)]
Simplify after EC_POINT_get_curve() addition
ok jsing
tb [Tue, 20 Apr 2021 17:09:45 +0000 (17:09 +0000)]
Adjust ectest.c for EC_GROUP_{g,s}et_curve change
tb [Tue, 20 Apr 2021 17:08:08 +0000 (17:08 +0000)]
Add prototypes for EC_GROUP_get_curve_{GF2m,GFp}().
These will be removed once EC_GROUP_get_curve() is public.
tb [Tue, 20 Apr 2021 17:06:17 +0000 (17:06 +0000)]
Compare function pointers against NULL, not 0.
ok jsing
tb [Tue, 20 Apr 2021 17:04:13 +0000 (17:04 +0000)]
Prepare to provide EC_GROUP_{get,set}_curve(3)
There are numerous functions in ec/ that exist with _GF2m and _GFp
variants for no good reason. The code of both variants is the same.
The EC_METHODs contain a pointer to the appropriate version. This
commit hides the _GF2m and _GFp variants from internal use and
provides versions that work for both curve types. These will be made
public in an upcoming library bump.
Similar to part of OpenSSL commit
8e3cced75fb5fee5da59ebef9605d403a999391b
ok jsing
lum [Tue, 20 Apr 2021 16:34:20 +0000 (16:34 +0000)]
Indicate if an mg function is unsuitable for a startup file (requires
user interaction).
claudio [Tue, 20 Apr 2021 14:32:49 +0000 (14:32 +0000)]
Add keep-alive support to the HTTP module.
Requests are split away from connections. When a request is received try
to reuse an IDLE connection. If none is around start a new one (unless
there are too many connections inflight).
Idle connections are kept for 10sec and closed after that time. For
rpki-client this is plenty of time since RRDP exchanges will be a burst
of requests. So the connection used to fetch the notification XML file
will be reused to fetch all delta XML files.
This reduces the CPU load since far less TLS handshakes need to happen.
OK job@ deraadt@
lum [Tue, 20 Apr 2021 14:26:19 +0000 (14:26 +0000)]
Allow more than one block of code to exist on a single line. Also,
move the code which expands variables to be ran when variables are
discovered instead of in multiarg() just before execution. This means
a variable who's value is included in anothers', won't change the
others value if its own is changed.
I have also included code, which is commented out at the moment, which
implements a function map specific to interpreter. Not sure if I can
ultimately avoid using it though.
claudio [Tue, 20 Apr 2021 13:26:46 +0000 (13:26 +0000)]
Switch some warnings to logx() to reduce log noise on runs without -v.
OK job@
claudio [Tue, 20 Apr 2021 11:19:56 +0000 (11:19 +0000)]
Update comment to be less confusing (I hope)
martijn [Tue, 20 Apr 2021 11:19:54 +0000 (11:19 +0000)]
Properly shutdown on connection loss instead of crashing.
Found by bluhm@ while playing with setting noclose to 1 for daemon(3):
Also included in this commit
OK bluhm@
martijn [Tue, 20 Apr 2021 11:17:52 +0000 (11:17 +0000)]
Don't overwrite environment CFLAGS.
OK bluhm@
lum [Tue, 20 Apr 2021 10:02:50 +0000 (10:02 +0000)]
Add 'dired-jump' from Philip K. <philip@warpmail.net> sent to tech@
over a year ago. Comments and testing from gkoehler@. Thanks to both.
Also, some modifications from me.
claudio [Tue, 20 Apr 2021 08:03:12 +0000 (08:03 +0000)]
prefix_insert() and prefix_remove() emulate a tail queue by keeping the
tail pointer (pointer to last element) around and depending on the state
of the list insert at head or insert after tailp. Now gcc has a hard time
to realize that the tail pointer is not used uninitalized. So rewrite the
code to be more explicit about tailp handling (also rename the pointer
to be more explicit). All in all this should be more readable and silences
the gcc warning as well.
claudio [Tue, 20 Apr 2021 07:35:42 +0000 (07:35 +0000)]
Use LIST instead of SLIST for requests. The way SLIST_REMOVE was used did
a double traverse of the list which now is replaced with no traversal at all.
Also stop double wrapping requests just for the list.
OK millert@
claudio [Tue, 20 Apr 2021 07:32:19 +0000 (07:32 +0000)]
Ignore SIGPIPE by default and restore default behaviour before executing
the CGI.
OK bluhm@ florian@
ratchov [Tue, 20 Apr 2021 04:31:54 +0000 (04:31 +0000)]
Add quirk to enable all Thinkpad X1 Extreme 1 speakers & atmos dolby
From Ivo Sbalzarini <ivo.sbalzarini@gmail.com>, thanks!
ratchov [Tue, 20 Apr 2021 04:30:05 +0000 (04:30 +0000)]
Allow INTEL 400SERIES cAVS to attach the azalia(4) driver
From Ivo Sbalzarini <ivo.sbalzarini at gmail.com>
deraadt [Tue, 20 Apr 2021 03:37:25 +0000 (03:37 +0000)]
more KNF
jsing [Mon, 19 Apr 2021 17:26:39 +0000 (17:26 +0000)]
Remove new_sym_enc and new_aead.
These can be replaced with accessors that allow this information to be
retrieved from the new record layer.
ok inoguchi@ tb@
tb [Mon, 19 Apr 2021 17:06:37 +0000 (17:06 +0000)]
Avoid division by zero in hybrid point encoding
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus fail with a division by
zero error as found by Guido Vranken's cryptofuzz.
This commit adds a few explanatory comments to oct2point and fixes some
KNF issues. The only actual code change is in the last hunk which adds a
BN_is_zero(x) check to avoid the division by zero.
ok jsing
deraadt [Mon, 19 Apr 2021 17:04:35 +0000 (17:04 +0000)]
code review results in KNF, and moving local variables into lowest scope
ok claudio
kettenis [Mon, 19 Apr 2021 17:03:49 +0000 (17:03 +0000)]
Recognize BCM57762 A0 and A1. My diff for this only added the A0 revision,
but the A1 revision has been seen in the wild and Brad Smith provided
a diff that adds both.
ok jsg@
jsing [Mon, 19 Apr 2021 17:03:39 +0000 (17:03 +0000)]
Move new_mac_secret_size into the TLSv1.2 handshake struct.
Drop the 'new_' prefix in the process.
ok inoguchi@ tb@
jsing [Mon, 19 Apr 2021 16:51:56 +0000 (16:51 +0000)]
Move reuse_message, message_type, message_size and cert_verify into the
TLSv1.2 handshake struct.
ok inoguchi@ tb@
jsing [Mon, 19 Apr 2021 16:47:25 +0000 (16:47 +0000)]
Set alpn_selected_len to zero when freeing alpn_selected.
This is not strictly necessary since we proceed to zero the entire struct,
however it keeps the code consistent and easily auditable.
ok tb@
kettenis [Mon, 19 Apr 2021 15:56:37 +0000 (15:56 +0000)]
The powerpc64 ELFv2 ABI explicitly states that exception enable bits
and rounding control bits are not restored by longjmp(3). So expect
the some failures on that platform.
ok bluhm@
stsp [Mon, 19 Apr 2021 14:27:25 +0000 (14:27 +0000)]
Multicast decryption fixes for iwx(4).
Pick the correct key for multicast frames in iwx_ccmp_decap().
Comparing the PN of a multicast frame against the last-seen PN of
the pairwise key is obviously wrong. We need to check the multicast
frame's PN against the last-seen PN of the group key.
Update crypto-offloading checks in iwx_rx_frame() to match recent
WPA1/TKIP groupcipher fixes made in athn(4).
The code inherited from iwm(4) only looked at the pairwise key, and
unlike iwx(4) and athn(4), iwm(4) only offloads pairwise crypto.
Found while investigating a question from zxystd at OpenIntelWireless.
millert [Mon, 19 Apr 2021 14:08:55 +0000 (14:08 +0000)]
RS ^-anchoring needs to know if it's reading the first record of a file.
Without this fix, when reading the first record of an input file named
on the command line, the regular expression engine will be
misconfigured, precluding a successful match. From Miguel Pineiro Jr
bluhm [Mon, 19 Apr 2021 10:58:31 +0000 (10:58 +0000)]
Fix TLS error message race. Due to less handshakes in TLS 1.3 an
EPIPE error may be reported instead of a TLS alert.
otto [Mon, 19 Apr 2021 06:43:15 +0000 (06:43 +0000)]
Same internal consistency check as libc malloc: size in hash table
should correspond to size of chunk meta data
jca [Sun, 18 Apr 2021 23:51:47 +0000 (23:51 +0000)]
Simpler error handling for suspend()/hibernate()
Save errno when we get an error so we can pass it to the apm(8) client.
ok kn@
deraadt [Sun, 18 Apr 2021 23:40:52 +0000 (23:40 +0000)]
post 6.9 development continues...
deraadt [Sun, 18 Apr 2021 00:21:58 +0000 (00:21 +0000)]
sync
deraadt [Sun, 18 Apr 2021 00:21:53 +0000 (00:21 +0000)]
even more shrink
deraadt [Sun, 18 Apr 2021 00:17:28 +0000 (00:17 +0000)]
sync
deraadt [Sun, 18 Apr 2021 00:17:22 +0000 (00:17 +0000)]
more shrink
sthen [Sat, 17 Apr 2021 21:21:41 +0000 (21:21 +0000)]
Adjust Raspberry Pi installation instructions, direct users towards the
U-Boot based method primarily, though keep a quick mention of the UEFI
firmware (U-Boot method not working on Pi400 currently whereas UEFI
sort-of works). Add some notes about framebuffer consoles, they do
work on RPi these days but there are still some rough edges.
sthen [Sat, 17 Apr 2021 21:19:40 +0000 (21:19 +0000)]
Embiggen arm64 ramdisk kernel and miniroot/install img files. Provide
U-Boot binaries that work on Raspberry Pi 3 and 4 (and possibly others)
and firmware for Raspberry Pi 4. This allows the same installation
method as used on Raspberry Pi 3 without separate UEFI firmware
(although UEFI can still be used). Help from kettenis@ jsg@ deraadt@
deraadt [Sat, 17 Apr 2021 14:29:02 +0000 (14:29 +0000)]
sync
deraadt [Sat, 17 Apr 2021 14:28:58 +0000 (14:28 +0000)]
some name shortening
jmc [Sat, 17 Apr 2021 06:01:49 +0000 (06:01 +0000)]
rewrite the text describing the "address" parameter into something
easier to read;
claudio [Fri, 16 Apr 2021 14:39:33 +0000 (14:39 +0000)]
When loading a config poll iscsid for up to 10 seconds and check if the
sessions all managed to connect to the targets.
With this slow session establishment should not cause mount errors
during startup.
Initial version from Dr Ashton Fagg ashton (at) fagg id au
OK dlg@ deraadt@
claudio [Fri, 16 Apr 2021 14:37:06 +0000 (14:37 +0000)]
Implement a control message to get the state of iscsid. This is used
by iscsictl to poll for completion after reload commands.
With this slow session establishment should not cause mount errors
during startup.
Initial version from Dr Ashton Fagg ashton (at) fagg id au
OK dlg@ deraadt@
bluhm [Fri, 16 Apr 2021 12:08:25 +0000 (12:08 +0000)]
Turn on the direct ACK on every other segment.
This is a backout of rev 1.366 which turned this feature off.
Although sending less ACKs makes TCP faster if the CPU is busy with
processing packets, there are corner cases where TCP gets slower.
Especially OpenBSD 6.8 and older has a maxbust limitiation that
scales badly if the other side sends too few ACKs. Also regress
test relayd run-args-http-slow-consumer.pl uses strange socket
buffer sizes that triggers slow performance with the new algorithm.
For OpenBSD 6.9 release switch back to 6.8 delayed ACK behavior.
discussed with deraadt@ benno@ claudio@ jan@
aoyama [Fri, 16 Apr 2021 12:05:32 +0000 (12:05 +0000)]
Add a workaround to avoid wrong code generated by m88k gcc.
NATIVE_TO_UNI is defined as follows in utf8.h:
--
#define NATIVE_TO_UNI(ch) ((UV) ((ch) | 0))
--
and UV is 'unsigned long' on m88k.
Details are at:
https://github.com/Perl/perl5/issues/18655
help and ok afresh1@
stsp [Fri, 16 Apr 2021 08:17:35 +0000 (08:17 +0000)]
Unhook ieee80211_mira.c from the build. All consumers have switched to RA.
Keeping files in CVS HEAD for now until we are certain we're not going back.
ok deraadt@
claudio [Fri, 16 Apr 2021 06:20:29 +0000 (06:20 +0000)]
Add back IMSG_RECONF_ROA_ITEM in the parent imsg handler. It is needed
for origin-sets. Found by and reminder procter@
OK deraadt@
djm [Fri, 16 Apr 2021 03:42:00 +0000 (03:42 +0000)]
openssh-8.6
stsp [Thu, 15 Apr 2021 18:32:19 +0000 (18:32 +0000)]
Since iwi(4) doesn't call into net80211_newstate() the interface link state
must be updated by the driver in order to get packets to flow.
In case of WPA the link state was updated as a side-effect of a successful
WPA handshake. This commit fixes the WEP and plaintext cases.
Similar fix as recently committed to ipw(4).
Additionally, check for errors from iwi_auth_and_assoc() and keep scanning
if this function fails.
Problem confirmed and fix tested by matthieu@
ok deraadt@
stsp [Thu, 15 Apr 2021 18:25:43 +0000 (18:25 +0000)]
Switch athn(4) 802.11n Tx rate adaptation from MiRA to RA.
Tests:
AR5418: Uwe Werler
AR9280: kn, jmatthew, Lauri Tirkkonen, Scott Bennett, Mikolaj Kucharski
AR9285: kevlo, trondd, myself
ok deraadt@
stsp [Thu, 15 Apr 2021 18:14:45 +0000 (18:14 +0000)]
Make athn(4) set the channel when hostap or monitor modes enter RUN state.
Fixes a problem where the hardware would end up using a different channel
than the one selected by net80211.
Found while investigating issues reported by trondd testing my athn RA patch.
ok deraadt@
kettenis [Thu, 15 Apr 2021 18:13:24 +0000 (18:13 +0000)]
Make the description of the ELF header reflect reality, removing the
traces of the long gone FreeBSD "ELF brand" code.
Based on a diff from George Brown.
ok jmc@
stsp [Thu, 15 Apr 2021 18:05:05 +0000 (18:05 +0000)]
When starting an AP or IBSS network, reconfigure the operation mode to
11ac/n/a/g/b as applicable. Fixes an issue where hostap would end up
running in the rather meaningless MODE_AUTO unless a mode was explicitly
configured with ifconfig.
Found while investigating issues reported by trondd testing my athn RA patch.
ok deraadt@
patrick [Thu, 15 Apr 2021 17:06:59 +0000 (17:06 +0000)]
Implement version 2 of virtio(4) at fdt, as used by Parallels on the
Apple M1. With this vio(4) shows up and we can properly install and
use OpenBSD as VM.
"not afraid of the virtio diff" deraadt@
"okie dokie" jcs@
tb [Thu, 15 Apr 2021 16:43:27 +0000 (16:43 +0000)]
mention DTLS1_2_VERSION
tb [Thu, 15 Apr 2021 16:40:32 +0000 (16:40 +0000)]
Mention DTLS1_2_VERSION here, too
tb [Thu, 15 Apr 2021 16:35:54 +0000 (16:35 +0000)]
Document SSL_OP_NO_DTLSv1{,_2}
tb [Thu, 15 Apr 2021 16:30:14 +0000 (16:30 +0000)]
Document DTLSv1_2_{,client_,server_}method(3)
markus [Thu, 15 Apr 2021 16:24:31 +0000 (16:24 +0000)]
do not pass file/func to monitor; noted by Ilja van Sprundel; ok djm@
tb [Thu, 15 Apr 2021 16:13:22 +0000 (16:13 +0000)]
Merge documentation for SSL_is_dtls() from OpenSSL
claudio [Thu, 15 Apr 2021 16:07:21 +0000 (16:07 +0000)]
Reshuffle and reindent code. No functional change.
claudio [Thu, 15 Apr 2021 14:22:05 +0000 (14:22 +0000)]
Rework the http code to require poll() only when really needed.
Especially tls_read() and tls_write() do not map 1:1 to read() and write()
calls and so assuming that after a tls_read() one needs to poll for more
data is wrong. Instead call tls_read() until it returns a TLS_WANT_*
return.
While here also ignore SIGPIPE. It is almost impossible to properly guard
from SIGPIPE by looking at POLLHUP. Instead just let write() handle it and
return an error.
Putting this in now so this can be tested widely.
tb [Thu, 15 Apr 2021 14:15:03 +0000 (14:15 +0000)]
Switch back to the legacy verifier for the release.
This is disappointing as a lot of work was put into the new verifier
during this cycle. However, there are still too many known bugs and
incompatibilities. It is better to be faced with known broken behavior
than with new broken behavior and to switch now rather than via errata.
This way we have another cycle to iron out the kinks and to fix some of
the remaining bugs.
ok jsing
claudio [Thu, 15 Apr 2021 14:12:05 +0000 (14:12 +0000)]
Fix bgpctl show mrt for UPDATE messages. The call to output->attr() was
incorrect. Adjust output->attr() to take a reqflag argument instead of
a struct parse_result pointer since that is the only bit needed.
Found by and OK procter@, OK deraadt@
bluhm [Thu, 15 Apr 2021 13:42:33 +0000 (13:42 +0000)]
On powerpc64 regress/usr.sbin/bgpd/config failed. It parses a
config file, writes bgpd's config to stdout and compares it with
an expected output. On big endian machines the order of the set
of communities is different. The parser used memcmp(3) to sort a
struct of integers. This depends of the endianess. The correct
way is to compare the integer fields in native byte order. With
this change, the resulting order is the same on i386 and powerpc64.
OK claudio@
claudio [Thu, 15 Apr 2021 13:33:17 +0000 (13:33 +0000)]
Make rpki-client -V output nicer.
OK job@, kn@, deraadt@
claudio [Thu, 15 Apr 2021 13:31:30 +0000 (13:31 +0000)]
Call rrdp_data_handler() for any kind of poll event that has happened.
On OpenBSD closing a connection will result in a read even (POLLIN) while
on Linux POLLHUP is returned. rrdp_data_handler()'s read() call returns
in both cases 0 and finishes the XML parsing.
Found and fix tested by job@, OK deraadt@
claudio [Thu, 15 Apr 2021 08:58:46 +0000 (08:58 +0000)]
Do not only check the serial number but also the session_id before
adding a delta to the queue. If the session_id differs there is no
need for deltas since a snapshot must be fetched.
OK job@ benno@ deraadt@
kettenis [Thu, 15 Apr 2021 07:28:37 +0000 (07:28 +0000)]
The SSR1 register can have bits set that don't match to bits in the MSR
register. We would set the sc_ps member of struct sigcontext to SSR1
when entering a signal handler, and compare it to PSL_USER in sigreturn(2)
to make sure that the user code didn't set any bits it shouldn't set.
If non-MSR bits are set that comparison would fail and sigreturn(2) would
fail. Fix this by initializing sc_ps to PSL_USER instead of taking its
value from SSR1. On OpenBSD we always run processes with the same MSR
value.
ok deraadt@
nicm [Thu, 15 Apr 2021 05:38:11 +0000 (05:38 +0000)]
%begin now has three arguments, not two. GitHubs issue 2646.
kevlo [Thu, 15 Apr 2021 02:23:17 +0000 (02:23 +0000)]
Match Linux path in r8153_set_rx_early_size().
The rx early size is used to reduce the loading of CPU by letting a transfer
contain more data to reduce the number of transfers.
ok deraadt@
deraadt [Wed, 14 Apr 2021 23:35:24 +0000 (23:35 +0000)]
my fingers cannot avoid KNF'ing as I review code
bluhm [Wed, 14 Apr 2021 19:34:56 +0000 (19:34 +0000)]
On powerpc64 tcpdump(8) could not parse wireguard packets.
EXTRACT_LE_32BITS() converts the type from little endian to host
endian. So we need the constants in host endianess. This fixes
regress/sys/net/wg.
OK deraadt@ sthen@
stsp [Wed, 14 Apr 2021 18:38:54 +0000 (18:38 +0000)]
Make iwx(4) attach to AX201 devices with PCI ID 0x06f0.
Patch and testing by Ivo Sbalzarini
ok deraadt@
stsp [Wed, 14 Apr 2021 18:37:14 +0000 (18:37 +0000)]
regen
stsp [Wed, 14 Apr 2021 18:36:42 +0000 (18:36 +0000)]
Add PCI IDs of the Thunderbolt and WiFi devices in Thinkpad X1 Extreme Gen 3.
Patch by Ivo Sbalzarini
ok deraadt@
kettenis [Wed, 14 Apr 2021 18:35:14 +0000 (18:35 +0000)]
Properly restore FPSCR register.
ok deraadt@
deraadt [Wed, 14 Apr 2021 18:10:47 +0000 (18:10 +0000)]
handle obj dir
benno [Wed, 14 Apr 2021 18:05:47 +0000 (18:05 +0000)]
move the RPKI_VERSION define into its own version.h file, helps portable.
ok claudio@
kettenis [Wed, 14 Apr 2021 16:06:15 +0000 (16:06 +0000)]
Unify pivot.h; brings powerpc/powerpc64 support to the usr.bin/lastcomm
regress test.
ok bluhm@
tb [Wed, 14 Apr 2021 14:54:30 +0000 (14:54 +0000)]
revert previous. some of the keyupdate tests still fail occasionally
tb [Wed, 14 Apr 2021 14:29:16 +0000 (14:29 +0000)]
Enable test-tls13-keyupdate.py
tb [Wed, 14 Apr 2021 14:19:51 +0000 (14:19 +0000)]
move test-record-size-limit.py to unsupported
millert [Wed, 14 Apr 2021 13:59:59 +0000 (13:59 +0000)]
_PASSWORD_LEN is no longer the limit for an unencrypted password.
It is now used as the max length of the encrypted password hash.
From Benjamin Baier.
tb [Wed, 14 Apr 2021 13:37:59 +0000 (13:37 +0000)]
enable test-record-layer-fragmentation.py
tb [Wed, 14 Apr 2021 13:06:53 +0000 (13:06 +0000)]
factor argument to catch an alert mismatch into a helper function