openbsd
3 years agoRemove unused variables to silence clang.
patrick [Mon, 25 Oct 2021 15:59:46 +0000 (15:59 +0000)]
Remove unused variables to silence clang.

ok kettenis@

3 years agosort
tb [Mon, 25 Oct 2021 15:23:50 +0000 (15:23 +0000)]
sort

3 years agosync
tb [Mon, 25 Oct 2021 15:19:12 +0000 (15:19 +0000)]
sync

3 years agosort. alphanumerics have lower ASCII values than '_'
tb [Mon, 25 Oct 2021 15:16:35 +0000 (15:16 +0000)]
sort. alphanumerics have lower ASCII values than '_'

3 years agoInstall SSL_read_early_data.3. I should have done this during the last
tb [Mon, 25 Oct 2021 15:13:52 +0000 (15:13 +0000)]
Install SSL_read_early_data.3. I should have done this during the last
libssl bump.

3 years ago- add regression tests for pfctl '$rn' macro expansion
sashan [Mon, 25 Oct 2021 14:56:47 +0000 (14:56 +0000)]
- add regression tests for pfctl '$rn' macro expansion

OK @bluhm

3 years agotypos in comments, from jj, reported by Elyes Haouas on irc
sthen [Mon, 25 Oct 2021 14:53:15 +0000 (14:53 +0000)]
typos in comments, from jj, reported by Elyes Haouas on irc

3 years ago- pfctl $nr incorrect macro expansion
sashan [Mon, 25 Oct 2021 14:50:29 +0000 (14:50 +0000)]
- pfctl $nr incorrect macro expansion

Issue reported by Kristof Provost from FreeBSD.
[ https://reviews.freebsd.org/D32488 ]

In order to fix the issue we must delay '$nr' macro
expansion after optimizer collapses ruleset.

OK kn@

3 years agoRevert accidental change.
jca [Mon, 25 Oct 2021 14:41:09 +0000 (14:41 +0000)]
Revert accidental change.

Dunno why this ended up here, cvs is always full of surprises.

3 years agoMake brk() and sbrk() weak again as intended.
jca [Mon, 25 Oct 2021 14:38:10 +0000 (14:38 +0000)]
Make brk() and sbrk() weak again as intended.

Apparently spotted by mortimer@ while working on clang 13 and amd64.
No actual change on sparc64 as this architecture still uses ld.bfd.
ok kettenis@

3 years agoMake brk() and sbrk() weak again as intended.
kettenis [Mon, 25 Oct 2021 14:19:51 +0000 (14:19 +0000)]
Make brk() and sbrk() weak again as intended.

ok jca@

3 years agovi(1): fix use after free with unsaved buffer
dv [Mon, 25 Oct 2021 14:17:24 +0000 (14:17 +0000)]
vi(1): fix use after free with unsaved buffer

Issuing a zero-arg ex_edit command (:e) while using a named buffer
with no backing file caused vi(1)/ex(1) to free the strings
representing the buffer name and the name of the temporary file.
This change detects the situation and only frees the newly allocated
EXF structure (ep).

Reported on bugs@ by kn@.

OK millert@

3 years agoHook up the print.c functions in rpki-client
claudio [Mon, 25 Oct 2021 14:08:34 +0000 (14:08 +0000)]
Hook up the print.c functions in rpki-client

3 years agoRemove unused variables
claudio [Mon, 25 Oct 2021 14:07:56 +0000 (14:07 +0000)]
Remove unused variables

3 years agoNuke a bunch of pointless #ifndef _<.h file>/#endif guards.
krw [Mon, 25 Oct 2021 13:51:25 +0000 (13:51 +0000)]
Nuke a bunch of pointless #ifndef _<.h file>/#endif guards.

3 years agonew manual page EVP_PKCS82PKEY(3), also documenting EVP_PKEY2PKCS8(3)
schwarze [Mon, 25 Oct 2021 13:48:12 +0000 (13:48 +0000)]
new manual page EVP_PKCS82PKEY(3), also documenting EVP_PKEY2PKCS8(3)

3 years agonew manual page PKCS8_pkey_set0(3)
schwarze [Mon, 25 Oct 2021 12:25:14 +0000 (12:25 +0000)]
new manual page PKCS8_pkey_set0(3)
documenting four PKCS#8 PrivateKeyInfo accessors

3 years agoAdd missing RCS markers
tb [Mon, 25 Oct 2021 11:55:27 +0000 (11:55 +0000)]
Add missing RCS markers

3 years agoZap two unused includes
jca [Mon, 25 Oct 2021 11:48:24 +0000 (11:48 +0000)]
Zap two unused includes

Spotted by egcc.  ok tb@

3 years agoGarbage collect another unused variable.
jca [Mon, 25 Oct 2021 11:47:39 +0000 (11:47 +0000)]
Garbage collect another unused variable.

Spotted by egcc and probably clang 13.  ok tb@

3 years agoIf we use type to SNMP_V2 we should check against that.
martijn [Mon, 25 Oct 2021 11:21:32 +0000 (11:21 +0000)]
If we use type to SNMP_V2 we should check against that.

Reported by Johan Huldtgren (jhuldtgren <at> gmail <dot> com) via sthen@

OK sthen@

3 years agodocument ASN1_STRING_set0(3)
schwarze [Mon, 25 Oct 2021 10:26:21 +0000 (10:26 +0000)]
document ASN1_STRING_set0(3)

3 years agoRevert commitid: ufM9BcSbXqfLpzBH;
claudio [Mon, 25 Oct 2021 10:24:54 +0000 (10:24 +0000)]
Revert commitid: ufM9BcSbXqfLpzBH;
Move vfs_stall_barrier() from the fd layer into vn_lock() and the vfs layer.
In some cases it can result in a deadlock while suspending.
Discussed with mpi@ and deraadt@

3 years agoAdd record processing limit to DTLS code.
jsing [Mon, 25 Oct 2021 10:14:48 +0000 (10:14 +0000)]
Add record processing limit to DTLS code.

This is effectively the same record processing limit that was previously
added to the legacy TLS stack - without this a single session can be made
to spin on a stream of alerts or other similar records.

ok beck@ tb@

3 years agoUse ssl_force_want_read() in the DTLS code.
jsing [Mon, 25 Oct 2021 10:09:28 +0000 (10:09 +0000)]
Use ssl_force_want_read() in the DTLS code.

Also mop up some mostly unhelpful comments while here.

ok beck@ tb@

3 years agoopen() flags never contain O_CREAT, so variatic mode_t can be removed here also
deraadt [Mon, 25 Oct 2021 10:08:26 +0000 (10:08 +0000)]
open() flags never contain O_CREAT, so variatic mode_t can be removed here also

3 years agodo not need a temporary one time use variable which befuddles
deraadt [Mon, 25 Oct 2021 10:07:12 +0000 (10:07 +0000)]
do not need a temporary one time use variable which befuddles

3 years agoFold SSL_SESSION_INTERNAL back into SSL_SESSION.
jsing [Mon, 25 Oct 2021 10:01:46 +0000 (10:01 +0000)]
Fold SSL_SESSION_INTERNAL back into SSL_SESSION.

ok beck@ tb@

3 years agoFix use of uninitialized variable 'rpl'.
tobhe [Mon, 25 Oct 2021 09:47:02 +0000 (09:47 +0000)]
Fix use of uninitialized variable 'rpl'.

Found by jsg@
ok patrick@

3 years agoAdd -s and -S to display-popup to set popup and border style, from
nicm [Mon, 25 Oct 2021 09:38:36 +0000 (09:38 +0000)]
Add -s and -S to display-popup to set popup and border style, from
Alexis Hildebrandt in GitHub issue 2931.

3 years agoInstead of setting the popup default colours in the draw callback, set
nicm [Mon, 25 Oct 2021 09:22:17 +0000 (09:22 +0000)]
Instead of setting the popup default colours in the draw callback, set
it up in popup_display and follow the same routine as panes in the draw
and init_ctx callbacks - use the palette if the option value is default.
Allows application-set fg and bg to work in panes again.

3 years agoDrop two uses of the terrible asn1 kludge spotted by anton
tb [Mon, 25 Oct 2021 07:17:14 +0000 (07:17 +0000)]
Drop two uses of the terrible asn1 kludge spotted by anton

3 years agoUse EXPECTED_FAIL instead of DISABLED.
mbuhl [Mon, 25 Oct 2021 00:48:49 +0000 (00:48 +0000)]
Use EXPECTED_FAIL instead of DISABLED.

3 years agoMerge esp_input_cb() intp esp_input().
tobhe [Sun, 24 Oct 2021 23:33:37 +0000 (23:33 +0000)]
Merge esp_input_cb() intp esp_input().

ok bluhm@

3 years agoRemove code duplication by merging the v4 and v6 input functions
bluhm [Sun, 24 Oct 2021 22:59:47 +0000 (22:59 +0000)]
Remove code duplication by merging the v4 and v6 input functions
for ah, esp, and ipcomp.  Move common code into ipsec_protoff()
which finds the offset of the next protocol field in the previous
header.
OK tobhe@

3 years agoRefactor ah_input() and ah_output() for new crypto API.
tobhe [Sun, 24 Oct 2021 22:34:19 +0000 (22:34 +0000)]
Refactor ah_input() and ah_output() for new crypto API.

ok bluhm@

3 years agoFor open/openat, if the flags parameter does not contain O_CREAT, the
deraadt [Sun, 24 Oct 2021 21:37:49 +0000 (21:37 +0000)]
For open/openat, if the flags parameter does not contain O_CREAT, the
3rd (variadic) mode_t parameter is irrelevant.  Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk.  They could all be 0xdeafbeef.
ok millert

3 years agoWhat kind of Sun idiot called open() with flags of "2".
deraadt [Sun, 24 Oct 2021 21:27:07 +0000 (21:27 +0000)]
What kind of Sun idiot called open() with flags of "2".

3 years agoFor open/openat, if the flags parameter does not contain O_CREAT, the
deraadt [Sun, 24 Oct 2021 21:24:15 +0000 (21:24 +0000)]
For open/openat, if the flags parameter does not contain O_CREAT, the
3rd (variadic) mode_t parameter is irrelevant.  Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk.  They could all be 0xdeafbeef.
ok millert

3 years agoRefactor ipcomp_input() and ipcomp_output(). Remove obsolete code related
tobhe [Sun, 24 Oct 2021 18:15:58 +0000 (18:15 +0000)]
Refactor ipcomp_input() and ipcomp_output(). Remove obsolete code related
to old crypto API.

ok bluhm@

3 years agoEven though AgentX supports null-oids and incidentally has a valid usecase
martijn [Sun, 24 Oct 2021 18:03:27 +0000 (18:03 +0000)]
Even though AgentX supports null-oids and incidentally has a valid usecase
for them, they don't map on ber, which needs a minimum of 2 identifiers.
Enforce this minimum in libagentx.

While here add some additional checks where they were lacking.

OK claudio@

3 years agoUse the print.c file which is now shipped in rpki-client to print
claudio [Sun, 24 Oct 2021 17:54:28 +0000 (17:54 +0000)]
Use the print.c file which is now shipped in rpki-client to print
the cert, gbr, mft, roa and tal file contents. No real functional change.
OK tb@

3 years agoMove the various print functions from the regress tests into print.c.
claudio [Sun, 24 Oct 2021 17:53:07 +0000 (17:53 +0000)]
Move the various print functions from the regress tests into print.c.
OK tb@

3 years agoConstify struct cfattach.
mpi [Sun, 24 Oct 2021 17:52:26 +0000 (17:52 +0000)]
Constify struct cfattach.

ok visa@ a long time ago, ok patrick@

3 years ago#define open O_* flags in libsa/stand.h, so that bootblocks can use
deraadt [Sun, 24 Oct 2021 17:49:19 +0000 (17:49 +0000)]
#define open O_* flags in libsa/stand.h, so that bootblocks can use
O_RDONLY rather using 0
ok beck

3 years agoInitialize OID print buffer, even when oidlen is 0.
martijn [Sun, 24 Oct 2021 17:43:38 +0000 (17:43 +0000)]
Initialize OID print buffer, even when oidlen is 0.
Fix printing old garbage from previous conversions.

OK tb@

3 years agoSome more whitespace cleanup
patrick [Sun, 24 Oct 2021 17:20:06 +0000 (17:20 +0000)]
Some more whitespace cleanup

3 years agoAdd $OpenBSD$ header and add a licence to rrdp.h which was lacking it.
claudio [Sun, 24 Oct 2021 17:16:09 +0000 (17:16 +0000)]
Add $OpenBSD$ header and add a licence to rrdp.h which was lacking it.

3 years agoThere are more m_pullup() in IPsec input. Pass down the pointer
bluhm [Sun, 24 Oct 2021 17:08:27 +0000 (17:08 +0000)]
There are more m_pullup() in IPsec input.  Pass down the pointer
to the mbuf to update it globally.  At the end it will reach
ip_deliver() which expects a pointer to an mbuf.
OK sashan@

3 years agoConstify struct cfattach.
mpi [Sun, 24 Oct 2021 17:05:03 +0000 (17:05 +0000)]
Constify struct cfattach.

ok visa@ a long time ago

3 years agoAdd my copyright to some files
claudio [Sun, 24 Oct 2021 16:59:14 +0000 (16:59 +0000)]
Add my copyright to some files
OK job@

3 years agoConstify struct cfattach.
mpi [Sun, 24 Oct 2021 16:57:30 +0000 (16:57 +0000)]
Constify struct cfattach.

ok visa@ a long time ago, ok krw@

3 years agotiny little whitespace fixes
patrick [Sun, 24 Oct 2021 16:02:44 +0000 (16:02 +0000)]
tiny little whitespace fixes

3 years agoAdd httpd custom error page facility. Adapted by me from
ian [Sun, 24 Oct 2021 16:01:04 +0000 (16:01 +0000)]
Add httpd custom error page facility. Adapted by me from
https://github.com/mpfr/httpd-plus.
Improvements from & (earlier version) reads fine to tracey@;
improvements & OK this version benno@, florian@. Thanks.

3 years agoUse braces in config examples
kn [Sun, 24 Oct 2021 15:57:17 +0000 (15:57 +0000)]
Use braces in config examples

We document them as explicitly required, `unwind -dnvf...' spits them
out like this and the last `force' example uses them as well.

3 years agoRemove 'struct tdb_crypto' allocations from esp_input() and esp_output().
tobhe [Sun, 24 Oct 2021 15:47:39 +0000 (15:47 +0000)]
Remove 'struct tdb_crypto' allocations from esp_input() and esp_output().
This was needed to pass arguments to the callback function, but is no longer
necessary after the API makeover.

ok bluhm@

3 years agoA tiny bit of cleanup.
patrick [Sun, 24 Oct 2021 15:41:47 +0000 (15:41 +0000)]
A tiny bit of cleanup.

3 years agoAdd mount -ur/uw support to tmpfs.
patrick [Sun, 24 Oct 2021 15:33:12 +0000 (15:33 +0000)]
Add mount -ur/uw support to tmpfs.

From Pedro Martelletto

3 years agoUnlock top part of UVM fault handler on mips64.
visa [Sun, 24 Oct 2021 15:29:10 +0000 (15:29 +0000)]
Unlock top part of UVM fault handler on mips64.

OK mpi@

3 years agoMove pmap_{,k}remove() inside uvm_km_pgremove{,_intrsafe}().
mpi [Sun, 24 Oct 2021 15:23:52 +0000 (15:23 +0000)]
Move pmap_{,k}remove() inside uvm_km_pgremove{,_intrsafe}().

Reduce differences with NetBSD, tested by many as part of a larger diff.

ok kettenis@

3 years agomerge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3)
schwarze [Sun, 24 Oct 2021 15:10:13 +0000 (15:10 +0000)]
merge documentation for SSL_read_ex(3), SSL_peek_ex(3), and SSL_write_ex(3)
from the OpenSSL 1.1.1 branch, which is still under a free license

3 years agoNow that ampintcmsi(4)'s establish function returns a pointer to the
patrick [Sun, 24 Oct 2021 14:54:52 +0000 (14:54 +0000)]
Now that ampintcmsi(4)'s establish function returns a pointer to the
more generic machine intr handle, we need to call intr_barrier() for
it instead.

Panic found by bluhm@
ok kettenis@

3 years agoRemove crp_etype and return errors directly from crypto_invoke()
tobhe [Sun, 24 Oct 2021 14:50:42 +0000 (14:50 +0000)]
Remove crp_etype and return errors directly from crypto_invoke()

ok patrick@

3 years agouse O_RDONLY instead of 0 as open() flags parameter
deraadt [Sun, 24 Oct 2021 14:40:30 +0000 (14:40 +0000)]
use O_RDONLY instead of 0 as open() flags parameter

3 years agoPass the error of the IPsec callback to the caller. The dropped
bluhm [Sun, 24 Oct 2021 14:24:29 +0000 (14:24 +0000)]
Pass the error of the IPsec callback to the caller.  The dropped
counter is handled there.
OK tobhe@

3 years agoUse unveil(2) for the possible script file, dt(4) and ksyms(4) nodes.
mpi [Sun, 24 Oct 2021 14:18:58 +0000 (14:18 +0000)]
Use unveil(2) for the possible script file, dt(4) and ksyms(4) nodes.

btrace(8) cannot be pledge due to its use of special ioctl()s.

ok deraadt@

3 years agoPrepare to provide a number of X509_STORE_CTX_* setters.
tb [Sun, 24 Oct 2021 13:52:13 +0000 (13:52 +0000)]
Prepare to provide a number of X509_STORE_CTX_* setters.

ok beck jsing

3 years agoPrepare to provide EVP_MD_CTX_get_md_data()
tb [Sun, 24 Oct 2021 13:51:07 +0000 (13:51 +0000)]
Prepare to provide EVP_MD_CTX_get_md_data()

ok beck jsing

3 years agoPrepare to provide a bunch of OCSP_resp_* getters.
tb [Sun, 24 Oct 2021 13:50:14 +0000 (13:50 +0000)]
Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

3 years agoPrepare to provide X509_STORE_CTX_get_num_untrusted()
tb [Sun, 24 Oct 2021 13:48:15 +0000 (13:48 +0000)]
Prepare to provide X509_STORE_CTX_get_num_untrusted()

ok beck jsing

3 years agoPrepare to provide BIO_get_init()
tb [Sun, 24 Oct 2021 13:46:56 +0000 (13:46 +0000)]
Prepare to provide BIO_get_init()

ok beck jsing

3 years agoShuffle variables around and use KASSERT() instead of panic().
mpi [Sun, 24 Oct 2021 13:46:14 +0000 (13:46 +0000)]
Shuffle variables around and use KASSERT() instead of panic().

No functionnal change.

Reduce differences with NetBSD, tested by many as part of a larger diff.

3 years agoImprove variable naming
job [Sun, 24 Oct 2021 13:45:19 +0000 (13:45 +0000)]
Improve variable naming

OK tb@ claudio@

3 years agosync
deraadt [Sun, 24 Oct 2021 13:32:48 +0000 (13:32 +0000)]
sync

3 years agoSince tb@ added DECLARE_STACK_OF(GENERAL_NAMES) to x509v3.h in rev. 1.9
schwarze [Sun, 24 Oct 2021 13:10:46 +0000 (13:10 +0000)]
Since tb@ added DECLARE_STACK_OF(GENERAL_NAMES) to x509v3.h in rev. 1.9
and since CMS_ReceiptRequest_get0_values(3) uses it, add it to the
list of STACK_OF(3) types.

While here, also add the missing CMS_RecipientInfo, CMS_SignerInfo,
OPENSSL_STRING, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP and
X509_NAME to the list of stack types used by the API, drop
STACK_OF(X509_PURPOSE) which is only used internally, and list those
STACK_OF(*) types separately that are obfuscated with typedef.

3 years agoUse ifconfig(8)'s "join" command by default
kn [Sun, 24 Oct 2021 12:32:42 +0000 (12:32 +0000)]
Use ifconfig(8)'s "join" command by default

Its adoption went quite well, so install "join" rather than the old "nwid"
in new hostname.if(5) files and follow this trend in our wifi manuals.

OK deraadt sthen

3 years agonsd 4.3.7 shipped with DNS cookies on and then flipped to a default of
florian [Sun, 24 Oct 2021 12:16:14 +0000 (12:16 +0000)]
nsd 4.3.7 shipped with DNS cookies on and then flipped to a default of
in 4.3.8. Since we shipped 4.3.7 in 7.0 we should not flip-flop
between on and off all the time. Keep the default to on.
Suggested by & OK sthen

3 years agoUpdate to 4.3.8.
florian [Sun, 24 Oct 2021 12:14:18 +0000 (12:14 +0000)]
Update to 4.3.8.
OK sthen

3 years agoRestrict the characterset for filenames on Manifests
job [Sun, 24 Oct 2021 12:06:16 +0000 (12:06 +0000)]
Restrict the characterset for filenames on Manifests

feedback from benno@

OK claudio@

3 years agoImplement poll(2), select(2), ppoll(2) & pselect(2) on top of kqueue.
mpi [Sun, 24 Oct 2021 11:23:22 +0000 (11:23 +0000)]
Implement poll(2), select(2), ppoll(2) & pselect(2) on top of kqueue.

The given set of fds are converted to equivalent kevents using EV_SET(2)
and passed to the scanning internals of kevent(2): kqueue_scan().

ktrace(1) will now output the converted kevents on top of the usuals set
bits to be able to find possible error in the convertion.

This switch implies that poll(2) and select(2) will now query underlying
kqfilters instead of the *_poll() routines.  An increase in latency is
visible, especially with UDP sockets and NET_LOCK()-contended subsystems
and will be addressed in next steps.

Based on similar work done on MacOS and DragonFlyBSD with inputs from
visa@, millert@, anton@, cheloha@, thanks!

Tested by many, thanks!

ok claudio@, bluhm@

3 years agolet pf_table.c to use standard way to work with lists
sashan [Sun, 24 Oct 2021 10:58:43 +0000 (10:58 +0000)]
let pf_table.c to use standard way to work with lists

OK todd@, mvs@, kn@

3 years agoStop setting etype in the MD crypto code. So far we have set the etype
patrick [Sun, 24 Oct 2021 10:26:22 +0000 (10:26 +0000)]
Stop setting etype in the MD crypto code.  So far we have set the etype
and returned the error, which made the MI crypto code set the etype for
a second time.  We still have to set etype after calling the MD process
function, as the callers of crypto_invoke() still expect error handling
to be shown through the etype.  But at least now all MD crypto code does
not have to worry about that anymore.  Once the callers are changed to
not look at etype anymore, we can get rid of it completely.

ok tobhe@

3 years agoFall back to HTTP for fetching automatically
kn [Sun, 24 Oct 2021 10:11:24 +0000 (10:11 +0000)]
Fall back to HTTP for fetching automatically

Drop the "Unable to connect using https. Use http instead?" question as it
does not provide any security benefit;  SHA256.sig is used to verify sets.

Do provide an informative message iff the fallback happened such that
installations/upgrades that cannot Get/Verify first but Install directly
can be aborted in lack of SHA256.sig, i.e. sets were fetched over HTTP and
verification would be skipped.

Discussed with deraadt tb
OK deraadt

3 years agoansi
jsg [Sun, 24 Oct 2021 10:05:22 +0000 (10:05 +0000)]
ansi
ok mpi@ deraadt@

3 years agoProhibit renames of tmpfs mount-points to fix a panic.
patrick [Sun, 24 Oct 2021 09:59:52 +0000 (09:59 +0000)]
Prohibit renames of tmpfs mount-points to fix a panic.

From gerhard@

3 years agoPrepare to provide X509_OBJECT_{new,free}()
tb [Sun, 24 Oct 2021 09:27:48 +0000 (09:27 +0000)]
Prepare to provide X509_OBJECT_{new,free}()

ok beck inoguchi jsing

3 years agoextra 0 fields in cfdriver are not needed
deraadt [Sun, 24 Oct 2021 09:18:51 +0000 (09:18 +0000)]
extra 0 fields in cfdriver are not needed

3 years agopretty & normalize the cfdriver decl
deraadt [Sun, 24 Oct 2021 09:16:53 +0000 (09:16 +0000)]
pretty & normalize the cfdriver decl

3 years agoDon't leak internal->verfied_chain, clean it up in ssl3_clear and free.
beck [Sun, 24 Oct 2021 09:15:00 +0000 (09:15 +0000)]
Don't leak internal->verfied_chain, clean it up in ssl3_clear and free.

spotted by and ok jsing@

3 years agoAnther day another broken test-http.c report from anton@
claudio [Sun, 24 Oct 2021 09:05:41 +0000 (09:05 +0000)]
Anther day another broken test-http.c report from anton@
Adjust code again.

3 years agoFix mangled license.
mpi [Sun, 24 Oct 2021 08:42:38 +0000 (08:42 +0000)]
Fix mangled license.

From Leon Fischer

3 years agospelling;
jmc [Sun, 24 Oct 2021 07:08:20 +0000 (07:08 +0000)]
spelling;

3 years agoSet klist lock for sockets to make socket event filters MP-safe
visa [Sun, 24 Oct 2021 07:02:47 +0000 (07:02 +0000)]
Set klist lock for sockets to make socket event filters MP-safe

The filterops instances already provide f_modify and f_process
callbacks with proper internal locking. Locking of socket klists
has been the missing detail for MP-safety.

OK mpi@

3 years agoMake pipe event filters MP-safe
visa [Sun, 24 Oct 2021 06:59:54 +0000 (06:59 +0000)]
Make pipe event filters MP-safe

Add the missing f_modify and f_process callbacks so that pipe_lock
serializes pipe knote handling. As pipe klist locking is already in
place, pipe event filters should now be MP-safe.

This uses write locking everywhere in the callbacks for simplicity.
There is not much multiple-readers parallelism to utilize.

OK mpi@ anton@

3 years agouse NULL not 0 for pointer values in kern
jsg [Sun, 24 Oct 2021 00:02:24 +0000 (00:02 +0000)]
use NULL not 0 for pointer values in kern
ok semarie@

3 years agoThere is an m_pullup() down in AH input. As it may free or change
bluhm [Sat, 23 Oct 2021 22:19:37 +0000 (22:19 +0000)]
There is an m_pullup() down in AH input.  As it may free or change
the mbuf, the callers must be careful.  Although there is no bug,
use the common pattern to handle this.  Pass down an mbuf pointer
mp and let m_pullup() update the pointer in all callers.
It looks like the tcp signature functions should not be called.
Avoid an mbuf leak and return an error.
OK mvs@

3 years agoFix use-after-free in ipcomp_output() introduced by previous commit.
bluhm [Sat, 23 Oct 2021 22:00:51 +0000 (22:00 +0000)]
Fix use-after-free in ipcomp_output() introduced by previous commit.
Retrieve ilen and olen from crypto descriptors before freeing them.
Found by regress/sys/netinet/ipsec.
OK mpi@

3 years agospread some ipcrm/ipcs Xr; from mikhail
jmc [Sat, 23 Oct 2021 21:17:45 +0000 (21:17 +0000)]
spread some ipcrm/ipcs Xr; from mikhail
ok schwarze

3 years agodo not duplicate "Connection: close" headers and only add it if its
benno [Sat, 23 Oct 2021 20:46:18 +0000 (20:46 +0000)]
do not duplicate "Connection: close" headers and only add it if its
not a websockets response.
Reported by Marcus MERIGHI and Jonathon Fletcher, this fix is by Jonathon, Thanks!
ok claudio@

3 years agosonewconn() returns the pointer to 'socket' struct so check it against
mvs [Sat, 23 Oct 2021 20:44:42 +0000 (20:44 +0000)]
sonewconn() returns the pointer to 'socket' struct so check it against
NULL instead of '0'.

ok deraadt@