tb [Thu, 17 Nov 2022 19:06:35 +0000 (19:06 +0000)]
Add a regression test for curve25519.c r1.14
Generate random signatures of random messages and verify them. Then check
that the signature modified by adding the edwards25519 group order to the
upper half are rejected. This would not always be accepted without the
check in curve25519.c r1.14, but often enough that a few iterations suffice
to expose the missing check.
tb [Thu, 17 Nov 2022 19:01:59 +0000 (19:01 +0000)]
Prevent
Ed25519 signature malleability
Add a check that ensures that the upper half s of an
Ed25519 signature is
bounded by the group order, i.e, 0 <= s < order. This is required by the
Verify procedure in RFC 8032, section 5.1.7, step 1, and prevents simple
modifications of signatures such as adding (a multiple of) the group order
to the upper half of the signature.
Found with EdDSA testcase 63 of project Wycheproof.
ok beck jsing
deraadt [Thu, 17 Nov 2022 18:53:05 +0000 (18:53 +0000)]
stack growth from setrlimit was never updated to set UVM_ET_STACK on
the entries, so the check-sp-at-system-call check failed. Quite strange
it took this long to find this.
ok kettenis
mvs [Thu, 17 Nov 2022 18:05:43 +0000 (18:05 +0000)]
style(9) fix. No functional change.
florian [Thu, 17 Nov 2022 17:39:41 +0000 (17:39 +0000)]
Restrict what getaddrinfo(3) is willing to try to resolve.
Programs assume that a successful call to getaddrinfo(3) validates the
input as "safe", but that's not true. Characters like '$', '`', '\n'
or '*' can traverse the DNS without problems, but have special
meaning, for example a shell.
There is a function res_hnok() already in libc, but it validates if a
string is a host name, which is too strict in practice. For example
foo-.example.com is not a valid host name, but is used on the
Internet.
Posix has this to say:
"The getaddrinfo() function shall translate the name of a service
location (for example, a host name)"
It hints that the input should be a host name, but it does not
restrict it to it.
This introduces a function hnok_lenient() which restricts the input to
getaddrinfo(3) to the set [A-z0-9-_.]. Additionally two consecutive
dots ('.') are not allowed nor can the string start with - or '.'.
glibc introduced a similar restriction years ago, so this should not
cause problems.
It has been known in the DNS community for years, probably decades
that getaddrinfo(3) is too lenient what it accepts, but it has always
been kicked down the road as "not a DNS problem". Unfortunately this
information never made it out of the DNS community and no coordinated
effort happened to have this addressed in operating systems.
David Leadbeater recently demonstrated how ssh(1) and ftp(1) are too
trusting with what getaddrinfo(3) accepts. Both have been fixed
independently of this.
Input deraadt, eric
OK millert, deraadt
tobhe [Thu, 17 Nov 2022 13:30:21 +0000 (13:30 +0000)]
Add apple-boot firmware for Apple arm64 machines in fw_update(8) patterns.
The pattern matches the printed CPU_IMPL_APPLE name as in:
cpu0 at mainbus0 mpidr 0: Apple Icestorm Pro r2p0
cpu0 at mainbus0 mpidr 0: Apple Blizzard r1p0
ok deraadt@ afresh@ kettenis@
robert [Thu, 17 Nov 2022 12:24:02 +0000 (12:24 +0000)]
add .gnu.warning.SYMBOL support to ld.lld(1) to display the warnings in
these sections like ld.bfd(1)
e.g:
add.c(add.o:(add)): warning: sprintf() is often misused, please use snprintf()
add.c(add.o:(add)): warning: strcpy() is almost always misused, please use strlcpy()
add.c(add.o:(add)): warning: strcat() is almost always misused, please use strlcat()
ok deraadt@
dlg [Thu, 17 Nov 2022 01:30:57 +0000 (01:30 +0000)]
whitespace fixes. no functional change.
beck [Thu, 17 Nov 2022 00:42:12 +0000 (00:42 +0000)]
Revert "Check certificate extensions in trusted certificates"
There are some possible strange side effects noticed by the
openssl cms regress tests that I missed. Backing this out
until I untangle it
ok tb@
deraadt [Wed, 16 Nov 2022 18:48:50 +0000 (18:48 +0000)]
sync
florian [Wed, 16 Nov 2022 18:30:12 +0000 (18:30 +0000)]
tolower(3) guarantees to return its argument unchanged if it's not
uppercase.
While here use the correct idiom of casting to unsigned char.
OK millert, farewell to ultrix deraadt
schwarze [Wed, 16 Nov 2022 15:34:41 +0000 (15:34 +0000)]
mark BN_X931_derive_prime_ex, BN_X931_generate_prime_ex,
and BN_X931_generate_Xpq as intentionally undocumented because
they are unused outside OpenSSL/LibreSSL and deprecated in OpenSSL 3.0
schwarze [Wed, 16 Nov 2022 14:55:40 +0000 (14:55 +0000)]
expose the documentation of X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and document X509_STORE_get_verify(3)
which tb@ all provided with x509_vfy.h revisions 1.48 and 1.49
schwarze [Wed, 16 Nov 2022 14:51:08 +0000 (14:51 +0000)]
document X509_STORE_CTX_verify_cb(3) and X509_STORE_get_verify_cb(3)
which tb@ provided with x509_vfy.h revisions 1.48 and 1.49
schwarze [Wed, 16 Nov 2022 14:19:22 +0000 (14:19 +0000)]
Mark BN_mod_exp2_mont() as intentionally undocumented.
It appears to be intended for internal use by DSA_do_verify(3) and using
codesearch.debian.net, i found nothing outside OpenSSL/LibreSSL using it.
In April 2018, jsing@ questioned whether the five related functions
BN_mod_exp_mont() and friends should even be exposed by <openssl/bn.h>,
so we decided to not document them. Now tb@ agrees that there is no
reason to document BN_mod_exp2_mont() as long as we don't want to
document BN_mod_exp_mont().
job [Wed, 16 Nov 2022 08:57:38 +0000 (08:57 +0000)]
Align output to a more tabular view
OK claudio@
tb [Wed, 16 Nov 2022 08:34:07 +0000 (08:34 +0000)]
Remove an outdated TODO
mvs [Tue, 15 Nov 2022 22:47:15 +0000 (22:47 +0000)]
style(9) fix. No functional change.
claudio [Tue, 15 Nov 2022 18:42:46 +0000 (18:42 +0000)]
Not assigning a link local address by default breaks various things.
A lot of code depends on a eui64 address to be present. So revert this
bit of the last commit.
OK florian@
schwarze [Tue, 15 Nov 2022 17:55:00 +0000 (17:55 +0000)]
document BN_mod_sqrt(3)
mvs [Tue, 15 Nov 2022 17:16:44 +0000 (17:16 +0000)]
Take `vmobjlock' around uao_grow() and uao_shrink() calls to fix tmpfs
panics [1].
1. https://marc.info/?l=openbsd-bugs&m=
165012301707403&w=2
from Leo Larnack <leo at pseven.xyz>
ok kn@ mpi@
sthen [Tue, 15 Nov 2022 10:44:06 +0000 (10:44 +0000)]
sync
kn [Mon, 14 Nov 2022 22:45:02 +0000 (22:45 +0000)]
Unlock SIOCGIFG{MEMB,ATTR,LIST}
The global interface group list is also protected by the net lock and all
access to it (all within if.c) take it accordingly.
Getting all
- members of a group (SIOCGIFGMEMB),
- attributes of a group (SIOCGIFGATTR),
- groups (SIOCGIFGLIST)
are each read-only operations on the global interface group `ifg_head'.
The global interface list `ifnetlist' or its per-interface group lists are
not used in these ioctls.
OK mvs
kn [Mon, 14 Nov 2022 22:07:30 +0000 (22:07 +0000)]
Unlock SIOCGIFCONF
As netintro(4) explains, this copies a bunch of data from the global
interface list as well as its per-interface address lists.
All of this is never written to by ifconf(), protected by the net lock
and documented as such in the struct comments already.
OK mvs
kn [Mon, 14 Nov 2022 22:06:25 +0000 (22:06 +0000)]
Document global interface group list locking
The per-interface group list is protected by the net lock and already
documented as such.
The global interface group list `ifg_head' is also protected by the net
lock and all access to it (all within if.c) take it accordingly.
Feedback OK mvs
sthen [Mon, 14 Nov 2022 21:09:32 +0000 (21:09 +0000)]
merge conflicts
sthen [Mon, 14 Nov 2022 21:07:49 +0000 (21:07 +0000)]
import NSD 4.6.1, ok florian@, thanks aoyama@ for checking autoconf C99 bits
schwarze [Mon, 14 Nov 2022 19:51:35 +0000 (19:51 +0000)]
document BN_kronecker(3)
schwarze [Mon, 14 Nov 2022 18:28:29 +0000 (18:28 +0000)]
document BN_reciprocal(3)
beck [Mon, 14 Nov 2022 17:48:49 +0000 (17:48 +0000)]
Hide public symbols in libcrypto/x509 .c files
ok tb@
visa [Mon, 14 Nov 2022 17:25:00 +0000 (17:25 +0000)]
Fix tag type and buffer limit in DT_TEXTREL lookup.
OK deraadt@ kettenis@
claudio [Mon, 14 Nov 2022 17:23:43 +0000 (17:23 +0000)]
With the commit to in6_ifattach mpe(4) now also works with IPv6
visa [Mon, 14 Nov 2022 17:15:41 +0000 (17:15 +0000)]
Add missing clock trigger to loongson_isa_splx().
Fixes unexpected delays that have occurred with mips64 clock(4).
claudio [Mon, 14 Nov 2022 17:12:55 +0000 (17:12 +0000)]
Relax the list of interfaces which support IPv6 a bit.
No longer require IFF_MULTICAST for all interfaces. It is save to skip
this for interfaces that don't require a ND cache. Also do not assign a
link-local address in such cases. This affects point-to-point interfaces
and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4).
The NBMA interfaces need some alternative way to figure out the address
mapping. In the end this allows non-multicast interfaces to work with IPv6.
OK dlg@ kn@
sthen [Mon, 14 Nov 2022 14:35:39 +0000 (14:35 +0000)]
fix swapped user/group introduced in sync-with-mount_tmpfs commit;
from Josiah Frentsos
deraadt [Mon, 14 Nov 2022 14:04:25 +0000 (14:04 +0000)]
make the EFI partition quite large, like on arm64 x13s, because newer x86
((Lenovo in particular) firmware updating methods do the same -- placing
a payload in there, so a small space won't do.
ok kettenis
kn [Mon, 14 Nov 2022 13:57:46 +0000 (13:57 +0000)]
Preserve original order of nameservers
RFC 2132 "DHCP Options and BOOTP Vendor Extensions"
3.8. Domain Name Server Option says
Servers SHOULD be listed in order of preference.
tcpdump(8), route(8) monitor and dhcpleasectl(8) -l athn0 show servers from
the DHCP OFFER in their original order, as expected.
resolvd(8) however sorts proposals by priority and IP address before writing
them to resolv.conf(5).
But as the system resolver tries this file's `nameserver' options in the
order appearance, sorting by IP breaks DHCP's intended order and thus may
result in the wrong nameserver being queried.
Sorting by IP is done to later remove duplicates from the file.
Sort by priority alone and ensure uniqueness by iterating over the list of
of proposals and zeroeing duplicates instead to preserve any proposal's
original order.
Spotted on a public wifi OFFERing two local IPs plus 8.8.8.8 in this order
which ended up with 8.8.8.8 being the first entry in my /etc/resolv.conf.
In other words, `route nameserver lo0 2.2.2.2 1.1.1.1 1.1.1.1' now yields
nameserver 2.2.2.2 # resolvd: lo0
nameserver 1.1.1.1 # resolvd: lo0
rather than
nameserver 1.1.1.1 # resolvd: lo0
nameserver 2.2.2.2 # resolvd: lo0
Feedback OK deraadt
deraadt [Mon, 14 Nov 2022 13:42:19 +0000 (13:42 +0000)]
Recognize PT_OPENBSD_MUTABLE with LLVM's readobj / objdump.
from brad
kn [Mon, 14 Nov 2022 13:39:37 +0000 (13:39 +0000)]
Check for offline chunks first, then check for keydisks
Like keydisks, offline data chunks also report a size of zero, so skipping
zero sized chunks before doing the offline check means not printing the
"softraid chunk N not online - skipping..." warning.
Restore order to make this warning appear on degraded volumes again.
deraadt [Mon, 14 Nov 2022 13:21:50 +0000 (13:21 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the alpha version
deraadt [Mon, 14 Nov 2022 13:20:23 +0000 (13:20 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the i386 version
deraadt [Mon, 14 Nov 2022 13:13:19 +0000 (13:13 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the version for sparc64, tested by pascal also
deraadt [Mon, 14 Nov 2022 13:12:59 +0000 (13:12 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the version for powerpc, tested by pascal
kettenis [Mon, 14 Nov 2022 11:11:17 +0000 (11:11 +0000)]
Turns out the power button on the Mac mini and the touchid button on the
various Macbook models generate different events. So rename the existing
constant for a "short press" of the touchid button and add support for the
power button on the Mac mini such that is can be resumed.
ok tobhe@, patrick@
jmc [Mon, 14 Nov 2022 09:56:09 +0000 (09:56 +0000)]
- show -R with -s in options list
- show -t with -T in options list
- sort the -T commands
- small text/formatting tweaks
ok sthen
ok kn on an earlier version
kn [Mon, 14 Nov 2022 09:34:51 +0000 (09:34 +0000)]
Document arm64 as supporting RAID 1C boot
Now that installboot(8) -p is softraid(4) aware, fresh arm64 installations
actually boot out of the box without manual intervention, as expected.
miod [Mon, 14 Nov 2022 07:22:44 +0000 (07:22 +0000)]
When the fdt does not provide a list of brightness states, pwmbl(4)
builds a 256 state ramp (i.e. state[i] = i with 0 <= i < 256).
Change the logic to not need to malloc an array of values in this case,
since they are trivially known.
test&ok patrick@
deraadt [Mon, 14 Nov 2022 00:16:44 +0000 (00:16 +0000)]
include sys/device.h, on some architectures this gets pulled in, but others
(like sparc64) require it explicitly
tb [Sun, 13 Nov 2022 23:38:42 +0000 (23:38 +0000)]
Fix comment style
schwarze [Sun, 13 Nov 2022 22:11:44 +0000 (22:11 +0000)]
Various improvements; joint work with beck@:
1. Explain up front what "ASN1_TIME" is (suggested by beck@, wording by me).
2. For opaque structs, use the generic term "object",
like we already do it in many other LibreSSL manual pages.
3. Drop some redundant phrases.
4. Improve the EXAMPLES section (by beck@, with fixes by me).
6. Add a STANDARDS section.
...and some other minor polishing.
OK beck@
mbuhl [Sun, 13 Nov 2022 21:19:40 +0000 (21:19 +0000)]
Make sure csa->csa_bundled is NULL after freeing to prevent a
possible use after free.
ok tobhe@
florian [Sun, 13 Nov 2022 18:40:45 +0000 (18:40 +0000)]
Sync config.h, we have
ed25519 support now.
beck [Sun, 13 Nov 2022 18:37:32 +0000 (18:37 +0000)]
Check certificate extensions in trusted certificates.
Historically the standards let the implementation decide to
either check or ignore the certificate properties of trust anchors.
You could either use them simply as a source of a public key which
was trusted for everything, or you were also permitted to check the
certificate properties and fully enforce them. Hooray for freedumb.
OpenSSL changed to checking these with :
commit
0daccd4dc1f1ac62181738a91714f35472e50f3c
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu Jan 28 03:01:45 2016 -0500
BoringSSL currently does not check them, as it also inherited
the previous OpenSSL behaviour. It will change to check them in
the future.
(https://bugs.chromium.org/p/boringssl/issues/detail?id=533)
jca [Sun, 13 Nov 2022 16:14:06 +0000 (16:14 +0000)]
Sync data and instruction cache before entering an executable page
Adapted from kettenis' fix for arm64/pmap.c. Since we haven't been able
to reliably reproduce the clang crashes that affect base and ports, it
not yet known whether riscv64 was badly affected by this misordering.
Time will tell. ok kettenis@
mvs [Sun, 13 Nov 2022 16:01:32 +0000 (16:01 +0000)]
Split out handlers for SOCK_DGRAM unix(4) sockets from SOCK_STREAM and
SOCK_SEQPACKET. Introduce `uipc_dgram_usrreqs' to store pointers for
dgram specific handlers.
The dgram pru_shutdown and pru_send handlers were splitted to
uipc_dgram_shutdown() and uipc_dgram_send(). The pru_accept, pru_rcvd
and pru_abort handlers are not required for dgram sockets.
The unp_disconnect() remains shared between all unix(4) sockets because
it called from common paths too.
Proposed by and ok guenther@
tb [Sun, 13 Nov 2022 14:09:44 +0000 (14:09 +0000)]
sync
tb [Sun, 13 Nov 2022 14:09:17 +0000 (14:09 +0000)]
Avoid symbol collision with libcrypto
libcrypto now provides
Ed25519 and the raw public key API, so neuter the
compat implementations. Also link libfido against libcrypto.
The #ifdefs were upstreamed in https://github.com/Yubico/libfido2/pull/645
no objection djm
ok jsing
tb [Sun, 13 Nov 2022 14:07:15 +0000 (14:07 +0000)]
Bump libtls minor to match libcrypto and libssl
tb [Sun, 13 Nov 2022 14:06:58 +0000 (14:06 +0000)]
Bump libssl minor to match libcrypto
tb [Sun, 13 Nov 2022 14:06:35 +0000 (14:06 +0000)]
Bump minor after symbol addition
tb [Sun, 13 Nov 2022 14:06:15 +0000 (14:06 +0000)]
Update Symbols.list
tb [Sun, 13 Nov 2022 14:05:04 +0000 (14:05 +0000)]
Expose direct access API for
Ed25519.
tb [Sun, 13 Nov 2022 14:04:13 +0000 (14:04 +0000)]
Expose various EVP hooks for
Ed25519 and X25519
This adds the EVP_PKEY_ED25519 and EVP_PKEY_X25519 aliases for the NIDs
and exposes the raw public key API.
The ED25519_KEYLEN and X25519_KEYLEN defines are still kept internal for
now to match what OpenSSL have. We may want to expose those later.
tb [Sun, 13 Nov 2022 14:03:13 +0000 (14:03 +0000)]
Add
ED25519 aliases for NID, SN and OBJ
The
Ed25519 versions already existed, but OpenSSL chose to uppercase the D.
tb [Sun, 13 Nov 2022 13:59:46 +0000 (13:59 +0000)]
Expose ASN1_buf_print() in asn1.h
This is needed to print the 32-byte
Ed25519 keys which aren't handled
as BNs.
kn [Sat, 12 Nov 2022 16:36:07 +0000 (16:36 +0000)]
Remove unused fields from struct in6_ifextra
This is all under _KERNEL:
- rs_lhcookie was added in 2014
110585f259f4974284e531f0a1e121b001a580dc
"Move sending of router solicitations to the kernel; [...]"
but never used
- nprefixes and ndefrouters became obsolete with 2017
4a2f474d14c160dc7829cce0149ead09d473ece9
"Remove sending of router solicitations and processing of router
advertisements from the kernel. [...]"
OK mpi
mpi [Sat, 12 Nov 2022 14:19:08 +0000 (14:19 +0000)]
Add support for string comparison in filters.
It is now possible to filter by process name, like:
syscall:mmap:entry
/comm == "ld"/
{
...
}
Currently the parser treats C-string like any other expression member even
if arithmetic operations do no apply to strings.
beck [Sat, 12 Nov 2022 13:16:10 +0000 (13:16 +0000)]
Hide symbols in libcrypto/ui
ok jsing@
beck [Sat, 12 Nov 2022 13:03:28 +0000 (13:03 +0000)]
Hide symbols in libcrypto/pkcs12
ok jsing@
kettenis [Sat, 12 Nov 2022 12:58:34 +0000 (12:58 +0000)]
Fix a long-standing pmap bug, where we would enter an executable mapping
for a page before synchronizing the data and instruction cache. This means
that another thread that is executing code on this page may not fault, but
see stale contennts until the data cache flushes and/or instruction cache
invalidation propagates. The bug surfaced when testing a change that would
recycle code pages quickly instead of keeping them around.
Fix the issue by synchronizing the caches before entering an executable
mapping for a page. Also make sure we mark the page as "clean" after
synchronization instead of before.
ok patrick@, jca@ (and mpi@ and dlg@ for an earlier version of this diff)
beck [Sat, 12 Nov 2022 12:11:14 +0000 (12:11 +0000)]
Hide symbols in libcrypto/pkcs7
This applies the guentherizer 9000(tm) to pkcs7, after moving
several pkcs7 funcitions back to pkcs7 that were in x509/x_all.c
for reasons known only to the miasma.
ok jsing@
kn [Sat, 12 Nov 2022 02:53:17 +0000 (02:53 +0000)]
Remove unused RS_LHCOOKIE macro
Added in 2014
110585f259f4974284e531f0a1e121b001a580dc
Move sending of router solicitations to the kernel; [...]
but never used.
kn [Sat, 12 Nov 2022 02:50:59 +0000 (02:50 +0000)]
Zap comment about dead linkmtu
Removed in 2015
a923c8476c6771493ee2bc4f277a429c9ae3eaff
Remove linkmtu and maxmtu from struct nd_ifinfo.
kn [Sat, 12 Nov 2022 02:49:34 +0000 (02:49 +0000)]
Zap dead ip6_auto_linklocal
Removed in 2015
15f0a5b39a2bb226b44457ed81a5d989cfee0393
Ensure that link-local addresses are correctly configured on loopback
interfaces.
kn [Sat, 12 Nov 2022 02:48:14 +0000 (02:48 +0000)]
Put pf_state_import() under NPFSYNC>0 to fix build without pfsync
mpi [Fri, 11 Nov 2022 22:43:09 +0000 (22:43 +0000)]
Add support for storing builtins arguments into local variables.
mpi [Fri, 11 Nov 2022 22:40:41 +0000 (22:40 +0000)]
Add support for multiple statements in if () blocks.
jmc [Fri, 11 Nov 2022 21:41:45 +0000 (21:41 +0000)]
fix ounctuation and SEE ALSO;
beck [Fri, 11 Nov 2022 19:18:55 +0000 (19:18 +0000)]
Hide symbols in libcrypto/stack
Automated change from the first attempts at the semi automated
Guentherizer 2000.
ok jsing@ tb@ joshua@
krw [Fri, 11 Nov 2022 18:53:29 +0000 (18:53 +0000)]
Revert last until we can guarantee gh_guid can't escape to the
d_uid written to disk.
joshua [Fri, 11 Nov 2022 18:24:32 +0000 (18:24 +0000)]
Clean up openssl(1) command execution.
This cleans up the code that handles command execution for openssl(1),
displays the help message when 'openssl help' is executed, and exits
with code 1 when an invalid command is executed, matching the behaviour
of OpenSSL version 1.1+ and above.
ok tb@
cheloha [Fri, 11 Nov 2022 18:09:58 +0000 (18:09 +0000)]
timeout(9): remove timeout_set_kclock(), TIMEOUT_INITIALIZER_KCLOCK()
We have too many timeout(9) initialization functions and macros.
Let's slim it down and combine some interfaces.
- Remove timeout_set_kclock(), TIMEOUT_INITIALIZER_KCLOCK().
- Expand timeout_set_flags(), TIMEOUT_INITIALIZER_FLAGS() to accept
an additional "kclock" parameter.
- Reimplement timeout_set(), timeout_set_proc() with timeout_set_flags().
- Reimplement TIMEOUT_INITIALIZER() with TIMEOUT_INITIALIZER_FLAGS().
- Update the sole timeout_set_flags() user to pass a kclock parameter.
- Update the sole timeout_set_kclock() user to call timeout_set_flags().
- Update the sole TIMEOUT_INITIALIZER_FLAGS() user to provide a kclock
parameter.
The timeout(9) code is now a bit out of sync with the manpage. This
will be corrected in a subsequent commit.
ok kn@
mbuhl [Fri, 11 Nov 2022 17:58:14 +0000 (17:58 +0000)]
Make sure csa->csa_bundled is NULL after freeing to prevent a
possible use after free.
ok tobhe@
matthieu [Fri, 11 Nov 2022 17:23:09 +0000 (17:23 +0000)]
Debug was accidentally left enabled in previous commit.
jsing [Fri, 11 Nov 2022 17:15:26 +0000 (17:15 +0000)]
Convert the legacy TLS stack to tls_content.
This converts the legacy TLS stack to tls_content - records are now
opened into a tls_content structure, rather than being written back into
the same buffer that the sealed record was read into.
This will allow for further clean up of the legacy record layer.
ok tb@
dlg [Fri, 11 Nov 2022 17:12:30 +0000 (17:12 +0000)]
me and my text editor are not getting along today
joshua [Fri, 11 Nov 2022 17:07:38 +0000 (17:07 +0000)]
Remove the legacy interactive mode from openssl(1).
This removes the legacy interactive mode from openssl(1) since it is
rarely used, complicates the code, and has also been removed from
OpenSSL in version 3.x.x.
ok tb@ jsing@
mbuhl [Fri, 11 Nov 2022 16:41:44 +0000 (16:41 +0000)]
Due to checksum offloading one more element could be written to the ring
than there is space available.
ok dlg
mbuhl [Fri, 11 Nov 2022 16:17:16 +0000 (16:17 +0000)]
In case of an invalid SA resp is passed to ikev2_msg_cleanup without
initialization where the msg_parent field is accessed.
ok tobhe
dlg [Fri, 11 Nov 2022 16:12:08 +0000 (16:12 +0000)]
try pf.c r1.1143 again: move pf_purge out from under the kernel lock
this also avoids holding NET_LOCK too long.
the main change is done by running the purge tasks in systqmp instead
of systq. the pf state list was recently reworked so iteration over
the state can be done without blocking insertions.
however, scanning a lot of states can still take a lot of time, so
this also makes the state list scanner yield if it has spent too
much time running.
the other purge tasks for source nodes, rules, and fragments have
been moved to their own timeout/task pair to simplify the time
accounting.
in my environment, before this change pf purges often took 10 to
50ms. the softclock thread runs next to it often took a similar
amount of time, presumably because they ended up spinning waiting
for each other. after this change the pf_purges are more like 6 to
12ms, and dont block softclock. most of the variability in the runs
now seems to come from contention on the net lock.
tested by me sthen@ chris@
ok sashan@ kn@ claudio@
the diff was backed out because it made things a bit more racey,
but sashan@ has squashed those races this week. let's try it again.
matthieu [Fri, 11 Nov 2022 16:06:13 +0000 (16:06 +0000)]
sync
matthieu [Fri, 11 Nov 2022 15:27:39 +0000 (15:27 +0000)]
Enable icc(4). ok anton@ patrick@
matthieu [Fri, 11 Nov 2022 15:25:13 +0000 (15:25 +0000)]
Add icc(4) to handle Customer Control keyboards attached to i2c bus.
ok anton@ patrick@
dlg [Fri, 11 Nov 2022 15:02:31 +0000 (15:02 +0000)]
add a mutex to struct pf_state and init it.
nothing is protected by it yet but it will allow us to provide
consistent updates to individual states without relying on a global
lock. getting that right between the packet processing in pf itself,
pfsync, the pf purge code, the ioctl paths, etc is not worth the
required contortions.
while pf_state does grow, it doesn't use more cachelines on machines
where we will want to run in parallel with a lot of states.
stolen from and ok sashan@
anton [Fri, 11 Nov 2022 13:59:40 +0000 (13:59 +0000)]
ihidev can pass a buffer larger than the size of the claimed input
report since it unconditionally uses the size of the longest input
report. This is quite harmless and the defensive check in hidcc can
therefore be relaxed and instead only examining the number of expected
bytes.
ok matthieu@ patrick@
anton [Fri, 11 Nov 2022 13:59:02 +0000 (13:59 +0000)]
cvs(1) populates the author keyword using getlogin(2), therefore favor
logname(1) when normalizing the output.
tb [Fri, 11 Nov 2022 13:08:29 +0000 (13:08 +0000)]
Symbols.list: Drop comments and sort.
While grouping the API by its purpose is nice, it doesn't help much if >90%
is "general API".
ok jsing
dlg [Fri, 11 Nov 2022 12:50:45 +0000 (12:50 +0000)]
kn points out that brackets are not parentheses
dlg [Fri, 11 Nov 2022 12:36:05 +0000 (12:36 +0000)]
fix a misuse of vi.
dlg [Fri, 11 Nov 2022 12:29:32 +0000 (12:29 +0000)]
kn@ points out that lock annotations are usually wrapped in ()