openbsd
9 months agothe clang binary never shrinks, especially since it is statically
deraadt [Thu, 1 Feb 2024 00:39:57 +0000 (00:39 +0000)]
the clang binary never shrinks, especially since it is statically
linked (for performance).  in this case, it grew larger than the
maximum text segment size; increase that size.

9 months agoAdd reference to RRDP Session Desynchronization draft
job [Wed, 31 Jan 2024 17:19:02 +0000 (17:19 +0000)]
Add reference to RRDP Session Desynchronization draft

9 months agoMake the error a bit easier to read
job [Wed, 31 Jan 2024 15:01:13 +0000 (15:01 +0000)]
Make the error a bit easier to read

OK tb@

9 months agoAdd route generation number to route cache.
bluhm [Wed, 31 Jan 2024 14:56:42 +0000 (14:56 +0000)]
Add route generation number to route cache.

The outgoing route is cached at the inpcb.  This cache was only
invalidated when the socket closes or if the route gets invalid.
More specific routes were not detected.  Especially with dynamic
routing protocols, sockets must be closed and reopened to use the
correct route.  Running ping during a route change shows the problem.

To solve this, add a route generation number that is updated whenever
the routing table changes.  The lookup in struct route is put into
the route_cache() function.  If the generation number is too old,
the cached route gets discarded.

Implement route_cache() for ip_output() and ip_forward() first.
IPv6 and more places will follow.

OK claudio@

9 months agoSplit in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6.
bluhm [Wed, 31 Jan 2024 12:27:57 +0000 (12:27 +0000)]
Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6.

Splitting the IPv6 code into a separate function results in less
#ifdef INET6.  Also struct route_in6 *ro in in6_pcbrtentry() is of
the correct type and in_pcbrtentry() does not rely on the fact that
inp_route and inp_route6 are pointers to the same union.

OK kn@ claudio@

9 months agoConvert IMSG_CTL_SHOW_RIB_ATTR over to the new ibuf API.
claudio [Wed, 31 Jan 2024 11:23:19 +0000 (11:23 +0000)]
Convert IMSG_CTL_SHOW_RIB_ATTR over to the new ibuf API.

This converts show_attr() and json_attr() and with that also the
community specific functions. This removes some hacks inside of
show_attr() that where added before.

OK tb@

9 months agoMerge OBJ_NAME_do_all*(3) into EVP_CIPHER_do_all(3)
tb [Wed, 31 Jan 2024 08:02:53 +0000 (08:02 +0000)]
Merge OBJ_NAME_do_all*(3) into EVP_CIPHER_do_all(3)

This is the only OBJ_NAME API that will remain after the next major bump.
The API is misnamed and really is about EVP, so move it to an EVP manual
documenting another API doing essentially the same thing. Remove most cross
references to OBJ_NAME_*.

9 months agoIntroduce and use mft_compare_issued()
tb [Wed, 31 Jan 2024 06:57:21 +0000 (06:57 +0000)]
Introduce and use mft_compare_issued()

Newly issued manifests should not only have a higher manifestNumber,
their issuance time should also be later. Add corresponding checks
and warnings when comparing a newly fetched manifest to a manifest
from the cache.

ok job (who noticed that such a check was missing)

9 months agoRename mft_compare() to mft_compare_seqnum()
tb [Wed, 31 Jan 2024 06:54:43 +0000 (06:54 +0000)]
Rename mft_compare() to mft_compare_seqnum()

This makes it clearer what exactly this function compares. Also drop some
NULL checks that made the semantics of this function tricky.

ok job

9 months agoPull mft comparison into proc_parser_mft_pre()
tb [Wed, 31 Jan 2024 06:53:21 +0000 (06:53 +0000)]
Pull mft comparison into proc_parser_mft_pre()

This way we can be sure more easily that both manifests are non-NULL,
thus avoiding some NULL checks and risk of use-after-free. This also
makes it clearer which manifest is the "older" one and will simplify
an upcoming commit doing issuance time comparison.

This adds a bit of a hack to proc_parser_mft_pre() to ensure we don't
look into DIR_TEMP in noop mode.

ok job

9 months agothe maxupd example was removed in -r.1.15, so do not refer to it;
jmc [Wed, 31 Jan 2024 06:50:16 +0000 (06:50 +0000)]
the maxupd example was removed in -r.1.15, so do not refer to it;
from janne johansson

with that removal the surrounding text becomes simpler, so trim it;

9 months agoproc_parser_mft_pre: move freeing into an error path
tb [Wed, 31 Jan 2024 06:48:27 +0000 (06:48 +0000)]
proc_parser_mft_pre: move freeing into an error path

Simplifies subsequent commits which will use the same exit path.

ok job

9 months agoproc_parser_mft: fix overloading of error
tb [Wed, 31 Jan 2024 06:46:31 +0000 (06:46 +0000)]
proc_parser_mft: fix overloading of error

parser.c r1.101 switched the meaning of mft1 and mft2, but did not
fix up the overloading of the error from the temporary file if both
are set.

ok job

9 months agoSwap the r10 and rcx registers in the amd64 trapframe so that the
guenther [Wed, 31 Jan 2024 06:06:28 +0000 (06:06 +0000)]
Swap the r10 and rcx registers in the amd64 trapframe so that the
first six entries are in the same order as syscall arguments, such
that syscall() can just use the trapframe as the argument vector
for mi_syscall() and not need to reorder into another buffer on the
stack.  This doesn't affect coredump layout or ptrace(2), but does
affect kernel crash dumps.

Possibility noted during miod@'s cleanup of the MD syscall()
implementations

ok mlarkin@ kurt@

9 months agoMake wrpkru() consistent with rdpkru() by passing ecx as an argument.
guenther [Wed, 31 Jan 2024 05:49:33 +0000 (05:49 +0000)]
Make wrpkru() consistent with rdpkru() by passing ecx as an argument.

ok mlarkin@

9 months agoadd MediaTek UART support.
hastings [Wed, 31 Jan 2024 01:01:10 +0000 (01:01 +0000)]
add MediaTek UART support.

ok kettenis@

9 months agoRewrite vmd(8)'s vionet to be zero-copy.
dv [Tue, 30 Jan 2024 23:01:49 +0000 (23:01 +0000)]
Rewrite vmd(8)'s vionet to be zero-copy.

Similar to the rewrite of the virtio block device to use zero-copy
semantics, this rewrites how the virtio network device works with
the virtqueue ring buffers to minimize data copying. For guests
that don't use the built-in DNS and mac filtering capabilities,
data can now be transfered to/from the virtqueue and the tap(4)
directly without temporary buffers.

A lot of the virtio semantics are cleaned up as well, including
proper error states.

Tested with help by mbuhl@, friehm@, mlarkin@, and others.

"go for it," mlarkin@

9 months agoRemove now unnecessary NULL check before EVP_CIPHER_CTX_cleanup()
tb [Tue, 30 Jan 2024 17:43:39 +0000 (17:43 +0000)]
Remove now unnecessary NULL check before EVP_CIPHER_CTX_cleanup()

9 months agoMake EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe
tb [Tue, 30 Jan 2024 17:41:01 +0000 (17:41 +0000)]
Make EVP_{CIPHER,MD}_CTX_{cleanup,reset}() NULL-safe

We have a bunch of code that relies on this. Surely there is code out
there in the wider ecosystem that relies on these being NULL-safe by
now since upstream sprinkles NULL checks wherever they can.

ok beck joshua

9 months agothe clang binary never shrinks, especially since it is statically
deraadt [Tue, 30 Jan 2024 16:43:22 +0000 (16:43 +0000)]
the clang binary never shrinks, especially since it is statically
linked (for performance).  in this case, it grew larger than the
maximum text segment size; increase that size.

9 months agoenable qwx "ext" IRQs for data packets once we have moved into RUN state
stsp [Tue, 30 Jan 2024 15:33:32 +0000 (15:33 +0000)]
enable qwx "ext" IRQs for data packets once we have moved into RUN state

9 months agoset up qwx REO ring routing
stsp [Tue, 30 Jan 2024 15:32:04 +0000 (15:32 +0000)]
set up qwx REO ring routing

9 months agofix qwx_core_pdev_create() to not drop into its error path on success
stsp [Tue, 30 Jan 2024 15:30:13 +0000 (15:30 +0000)]
fix qwx_core_pdev_create() to not drop into its error path on success

Otherwise we free rings that were just allocated, causing mbuf corruption.

9 months agoRestore SSL_shutdown() two step sequence.
jsing [Tue, 30 Jan 2024 14:50:50 +0000 (14:50 +0000)]
Restore SSL_shutdown() two step sequence.

Change SSL_shutdown() such that it will return 0 after sending a
close-notify, before potentially returning 1 (indicating that a
close-notify has been sent and received) on a subsequent call. Some
software depends on this behaviour, even though there are cases where
the first call could immediately return 1 (for example, when the peer
has already sent a close-notify prior to SSL_shutdown() being called).

ok tb@

9 months agoAdd a shutdown sequence regress test.
jsing [Tue, 30 Jan 2024 14:46:46 +0000 (14:46 +0000)]
Add a shutdown sequence regress test.

Some software relies on SSL_shutdown() returning 0 (indicating close-notify
sent) before returning 1 on a subsequent call (indicating close-notify sent
and received). It is worth noting that there is no guarantee that this will
occur in normal operation, as the peer could send a close-notify prior to
SSL_shutdown() being called.

This is currently failing for TLSv1.3.

9 months agoAdjust bgpctl to work with the modified aspath functions from util.c
claudio [Tue, 30 Jan 2024 13:51:13 +0000 (13:51 +0000)]
Adjust bgpctl to work with the modified aspath functions from util.c

While doing that convert IMSG_CTL_SHOW_RIB over to the new ibuf api.
OK tb@

9 months agoConvert he ATTR_ASPATH and ATTR_AS4_PATH handlers in rde_attr_parse()
claudio [Tue, 30 Jan 2024 13:50:08 +0000 (13:50 +0000)]
Convert he ATTR_ASPATH and ATTR_AS4_PATH handlers in rde_attr_parse()
to new ibuf API.

Various aspath functions are modified to work better with ibufs.
aspath_inflate() now only works with ibufs and is a lot simpler.
aspath_verify() does all the checks using the ibuf api and therefor
most length checks can be skipped.
aspath_asprint() and the new internal aspath_strsize() and aspath_snprint()
are totally overhauled -- including some bugs that got squashed.
OK tb@

9 months agoIn the previous commit idle connections are reinserted onto the active list
claudio [Tue, 30 Jan 2024 11:15:05 +0000 (11:15 +0000)]
In the previous commit idle connections are reinserted onto the active list
when the connection is closed. Since active connections are processed after
idle ones this will trigger a "timeout, connection closed" warning.
Work around this by clearing io_time in the close case of idle connections
and checking for this in the active connection case.
Problem noticed and OK job@

9 months agoFix a race between scheduling a new request onto an idle connection and
claudio [Tue, 30 Jan 2024 10:16:13 +0000 (10:16 +0000)]
Fix a race between scheduling a new request onto an idle connection and
closing the same connection.

When closing an idle connection that connection needs to be moved off the
idle queue and back onto the active queue. Do this in the two possible
cases (directly in http_close() and in http_handle() for the STATE_IDLE
case). In both cases it is possible that the system needs to repoll the
connection and while waiting a request could be scheduled on that connection
if it remains on the idle queue.

Problem hit by job@
OK tb@

9 months agoAdd more RPKI TA constraints: LACNIC ASNs cannot transfer to/from other RIRs
job [Tue, 30 Jan 2024 03:40:01 +0000 (03:40 +0000)]
Add more RPKI TA constraints: LACNIC ASNs cannot transfer to/from other RIRs

OK tb@

9 months agoRun TCP timer without kernel lock.
bluhm [Mon, 29 Jan 2024 22:47:13 +0000 (22:47 +0000)]
Run TCP timer without kernel lock.

TCP timers are protected by exclusive net lock.  They may sleep to
grab it as they run in process context.  There is no reason for
them to hold additional kernel lock.  Since we have MP safe timeouts
now, convert them by adding TIMEOUT_PROC and TIMEOUT_MPSAFE flag.

OK mvs@

9 months agoAdd id-ct-rpkiSignedPrefixList NID
job [Mon, 29 Jan 2024 20:37:03 +0000 (20:37 +0000)]
Add id-ct-rpkiSignedPrefixList NID

References:
    https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/
    https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

OK tb@

9 months agoAdd id-ct-rpkiSignedPrefixList OID
job [Mon, 29 Jan 2024 20:36:19 +0000 (20:36 +0000)]
Add id-ct-rpkiSignedPrefixList OID

References:
    https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-prefixlist/
    https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1

OK tb@

9 months agohandle qwx(4) association state transitions from ASSOC to RUN
stsp [Mon, 29 Jan 2024 16:06:45 +0000 (16:06 +0000)]
handle qwx(4) association state transitions from ASSOC to RUN

We can succesfully complete the association sequence with the AP.
The next step will be getting data frames to pass.

9 months agoBecause of the way the Linux code behind apldrm(4) is structured it may
kettenis [Mon, 29 Jan 2024 14:52:25 +0000 (14:52 +0000)]
Because of the way the Linux code behind apldrm(4) is structured it may
fail to create a framebuffer without propagating an error to its callers.
Prevent a kernel panic by explicitly checking that we have a framebuffer.
To prevent us ending up with no framebuffer at all, only claim the
framebuffer in apldrm(4) when we actually created our own.  Delay the
attach of simplefb(4) such that we check whether someone else claimed its
framebuffer until apldrm(4) has done its thing.

tested by robert@
ok jsg@

9 months agoCurious to see if explicitly ignoring the return value appeases Coverity
tb [Mon, 29 Jan 2024 06:05:50 +0000 (06:05 +0000)]
Curious to see if explicitly ignoring the return value appeases Coverity

9 months agodrm/amdgpu: fall back to INPUT power for AVG power via INFO IOCTL
jsg [Mon, 29 Jan 2024 01:58:43 +0000 (01:58 +0000)]
drm/amdgpu: fall back to INPUT power for AVG power via INFO IOCTL

From Alex Deucher
836e236b878a385911db619b38393d624a4d7eae in linux-6.6.y/6.6.14
d02069850fc102b07ae923535d5e212f2c8a34e9 in mainline linux

9 months agodrm/amdkfd: fixes for HMM mem allocation
jsg [Mon, 29 Jan 2024 01:56:26 +0000 (01:56 +0000)]
drm/amdkfd: fixes for HMM mem allocation

From Dafna Hirschfeld
1515db19c4a374f75e6bf5430f9cb9b7e3c2fd0d in linux-6.6.y/6.6.14
02eed83abc1395a1207591aafad9bcfc5cb1abcb in mainline linux

9 months agoRevert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"
jsg [Mon, 29 Jan 2024 01:54:54 +0000 (01:54 +0000)]
Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole"

From Kaibo Ma
3a99f15ce9d01bcce4f1f260194f964523f5c07a in linux-6.6.y/6.6.14
0f35b0a7b8fa402adbffa2565047cdcc4c480153 in mainline linux

9 months agodrm/amd/display: avoid stringop-overflow warnings for dp_decide_lane_settings()
jsg [Mon, 29 Jan 2024 01:53:19 +0000 (01:53 +0000)]
drm/amd/display: avoid stringop-overflow warnings for dp_decide_lane_settings()

From Arnd Bergmann
ecfaeb66b1f08c72fe8e8d1df955cf2879d7333b in linux-6.6.y/6.6.14
c966dc0e9d96dc44423c404a2628236f1200c24e in mainline linux

9 months agodrm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init
jsg [Mon, 29 Jan 2024 01:51:19 +0000 (01:51 +0000)]
drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init

From Zhipeng Lu
ae7cbf935b9a1b41f65fe6443e7cd0c401500b20 in linux-6.6.y/6.6.14
2f3be3ca779b11c332441b10e00443a2510f4d7b in mainline linux

9 months agodrm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c
jsg [Mon, 29 Jan 2024 01:49:28 +0000 (01:49 +0000)]
drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c

From Srinivasan Shanmugam
5024cce888e11e5688f77df81db9e14828495d64 in linux-6.6.y/6.6.14
499839eca34ad62d43025ec0b46b80e77065f6d8 in mainline linux

9 months agodrm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process'
jsg [Mon, 29 Jan 2024 01:47:49 +0000 (01:47 +0000)]
drm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process'

From Srinivasan Shanmugam
9b0cc30d26c32432b334ee7a5fc11b9d401c0a85 in linux-6.6.y/6.6.14
217e85f97031791fb48a2d374c7bdcf439365b21 in mainline linux

9 months agodrm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table
jsg [Mon, 29 Jan 2024 01:46:11 +0000 (01:46 +0000)]
drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table

From Zhipeng Lu
0c5d08b1c98e5dbb0cf56cb99c45adec887790ce in linux-6.6.y/6.6.14
a6582701178a47c4d0cb2188c965c59c0c0647c8 in mainline linux

9 months agogpu/drm/radeon: fix two memleaks in radeon_vm_init
jsg [Mon, 29 Jan 2024 01:44:25 +0000 (01:44 +0000)]
gpu/drm/radeon: fix two memleaks in radeon_vm_init

From Zhipeng Lu
4c9a96dd6d4acaa18146f5b1de457fec1004628c in linux-6.6.y/6.6.14
c2709b2d6a537ca0fa0f1da36fdaf07e48ef447d in mainline linux

9 months agodrivers/amd/pm: fix a use-after-free in kv_parse_power_table
jsg [Mon, 29 Jan 2024 01:42:34 +0000 (01:42 +0000)]
drivers/amd/pm: fix a use-after-free in kv_parse_power_table

From Zhipeng Lu
95084632a65d5c0d682a83b55935560bdcd2a1e3 in linux-6.6.y/6.6.14
28dd788382c43b330480f57cd34cde0840896743 in mainline linux

9 months agodrm/amd/pm: fix a double-free in si_dpm_init
jsg [Mon, 29 Jan 2024 01:40:59 +0000 (01:40 +0000)]
drm/amd/pm: fix a double-free in si_dpm_init

From Zhipeng Lu
fb1936cb587262cd539e84b34541abb06e42b2f9 in linux-6.6.y/6.6.14
ac16667237a82e2597e329eb9bc520d1cf9dff30 in mainline linux

9 months agodrm/amdgpu/debugfs: fix error code when smc register accessors are NULL
jsg [Mon, 29 Jan 2024 01:39:33 +0000 (01:39 +0000)]
drm/amdgpu/debugfs: fix error code when smc register accessors are NULL

From Alex Deucher
5bc4f16118c575410e7be220bbb9b1fa2ee4274b in linux-6.6.y/6.6.14
afe58346d5d3887b3e49ff623d2f2e471f232a8d in mainline linux

9 months agodrm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
jsg [Mon, 29 Jan 2024 01:37:52 +0000 (01:37 +0000)]
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table

From Zhipeng Lu
0564e8a427914015d773a32f6e9baa2bd2f38a37 in linux-6.6.y/6.6.14
28c28d7f77c06ac2c0b8f9c82bc04eba22912b3b in mainline linux

9 months agodrm/radeon/dpm: fix a memleak in sumo_parse_power_table
jsg [Mon, 29 Jan 2024 01:36:31 +0000 (01:36 +0000)]
drm/radeon/dpm: fix a memleak in sumo_parse_power_table

From Zhipeng Lu
a26634b3ce218ee3a308f2c0e326a1c7d4bb97ec in linux-6.6.y/6.6.14
0737df9ed0997f5b8addd6e2b9699a8c6edba2e4 in mainline linux

9 months agodrm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
jsg [Mon, 29 Jan 2024 01:34:47 +0000 (01:34 +0000)]
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

From Yang Yingliang
0b813a6a0087451cb702b6eb841f10856f49d088 in linux-6.6.y/6.6.14
7a2464fac80d42f6f8819fed97a553e9c2f43310 in mainline linux

9 months agodrm/drv: propagate errors from drm_modeset_register_all()
jsg [Mon, 29 Jan 2024 01:32:31 +0000 (01:32 +0000)]
drm/drv: propagate errors from drm_modeset_register_all()

From Dmitry Baryshkov
af9d39677c919f5c7dc67675aa0d30f7793bd324 in linux-6.6.y/6.6.14
5f8dec200923a76dc57187965fd59c1136f5d085 in mainline linux

9 months agodrm/radeon: check return value of radeon_ring_lock()
jsg [Mon, 29 Jan 2024 01:30:49 +0000 (01:30 +0000)]
drm/radeon: check return value of radeon_ring_lock()

From Nikita Zhandarovich
18bd4d184675fbb2fc4b2f9b80aaebea2e05fca0 in linux-6.6.y/6.6.14
71225e1c930942cb1e042fc08c5cc0c4ef30e95e in mainline linux

9 months agodrm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
jsg [Mon, 29 Jan 2024 01:29:18 +0000 (01:29 +0000)]
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()

From Nikita Zhandarovich
056484916a131ebad65ee33048ec959f6186befc in linux-6.6.y/6.6.14
b5c5baa458faa5430c445acd9a17481274d77ccf in mainline linux

9 months agodrm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
jsg [Mon, 29 Jan 2024 01:27:31 +0000 (01:27 +0000)]
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()

From Nikita Zhandarovich
0413e8869171145d8a53f9d009f59c804b37c7b2 in linux-6.6.y/6.6.14
39c960bbf9d9ea862398759e75736cfb68c3446f in mainline linux

9 months agodrm/bridge: Fix typo in post_disable() description
jsg [Mon, 29 Jan 2024 01:25:00 +0000 (01:25 +0000)]
drm/bridge: Fix typo in post_disable() description

From Dario Binacchi
c111350d673a517c3995849c724e444205f7e51c in linux-6.6.y/6.6.14
288b039db225676e0c520c981a1b5a2562d893a3 in mainline linux

9 months agodrm/dp_mst: Fix fractional DSC bpp handling
jsg [Mon, 29 Jan 2024 01:23:04 +0000 (01:23 +0000)]
drm/dp_mst: Fix fractional DSC bpp handling

From Ville Syrjala
4e042f022255604c68ab5d5f73c8f437d24d651e in linux-6.6.y/6.6.14
7707dd6022593f3edd8e182e7935870cf326f874 in mainline linux

9 months agoOpen /etc/{services,protocols} before pledge(2).
yasuoka [Mon, 29 Jan 2024 00:59:54 +0000 (00:59 +0000)]
Open /etc/{services,protocols} before pledge(2).

ok tobhe

9 months agoadd support for sending management frames to qwx(4)
stsp [Sun, 28 Jan 2024 22:30:39 +0000 (22:30 +0000)]
add support for sending management frames to qwx(4)

The initial AUTH frame is now sent when an AP is found during scans.
We then receive an AUTH response from the AP. Handling this response
in the driver will be our next step.

9 months agoThe KNF script didn't grok LHASH_OF(), STACK_OF()
tb [Sun, 28 Jan 2024 21:00:54 +0000 (21:00 +0000)]
The KNF script didn't grok LHASH_OF(), STACK_OF()

9 months agoAvoid calling EVP_CIPHER_CTX_reset() on a NULL ctx
tb [Sun, 28 Jan 2024 20:57:15 +0000 (20:57 +0000)]
Avoid calling EVP_CIPHER_CTX_reset() on a NULL ctx

9 months agoUse more specific sockaddr type for inpcb notify.
bluhm [Sun, 28 Jan 2024 20:34:25 +0000 (20:34 +0000)]
Use more specific sockaddr type for inpcb notify.

in_pcbnotifyall() is an IPv4 only function.  All callers check that
sockaddr dst is in fact a sockaddr_in.  Pass the more spcific type
and remove the runtime check at beginning of in_pcbnotifyall().
Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6
in6_pcbnotify() as dst parameter.

OK millert@

9 months agoRemove the 'l' and 'L' flag printing in 'STAT' column. These were added
deraadt [Sun, 28 Jan 2024 19:05:33 +0000 (19:05 +0000)]
Remove the 'l' and 'L' flag printing in 'STAT' column. These were added
to provide visibility of the internal behaviour of pinsyscalls(2) during
introduction.  These flags remain (less) visible in the "-o procflags"
option, as 0x08000000 (PS_PIN) and 0x10000000 (PS_LIBCPIN).
That's good enough.

9 months agoBack out the TSO support diff, since we got issues reported for which
mglocker [Sun, 28 Jan 2024 18:42:58 +0000 (18:42 +0000)]
Back out the TSO support diff, since we got issues reported for which
no solution could be found.  Known issues at this point:

1. sparc64 panics, probably because of an alignment issue in struct
   tcphdr { th_off }.  A diff for potentially fixing the alignment issue
   exists, but testing is pending.
2. Watchdogs reported on the I350 chip, which can't be reproduced on own
   hardware.

9 months agocorrect DPADD; fromKrystian Lewandowski
deraadt [Sun, 28 Jan 2024 18:38:16 +0000 (18:38 +0000)]
correct DPADD; fromKrystian Lewandowski

9 months agoallow escaping inside quotes
op [Sun, 28 Jan 2024 17:23:17 +0000 (17:23 +0000)]
allow escaping inside quotes

RFC5322 allows for escapes using \ inside quotes.  Otherwise, headers
such as

From: "\"Doe, John\"" <op>

get mangled as "\"Doe@localhost, John\" <op> since \ would be treated as
ordinary character and not the escape for the quote.

Bug reported by TobiasEgg on the OpenSMTPD-portable github repository.

ok millert@

9 months agosync with userland
tb [Sun, 28 Jan 2024 16:11:31 +0000 (16:11 +0000)]
sync with userland

9 months agoPull in some post 1.3.1 upstream commits
tb [Sun, 28 Jan 2024 16:10:51 +0000 (16:10 +0000)]
Pull in some post 1.3.1 upstream commits

This is only cosmetic as far as OpenBSD is concerned.

9 months agoClean up EVP_CIPHER_CTX_init() usage in cmac.c
joshua [Sun, 28 Jan 2024 14:55:40 +0000 (14:55 +0000)]
Clean up EVP_CIPHER_CTX_init() usage in cmac.c

This replaces usage of EVP_CIPHER_CTX_init() with EVEP_CIPHER_CTX_new(),
and EVP_CIPHER_CTX_cleanup() with EVP_CIPHER_CTX_reset().

This also replaces usage of malloc with calloc, and free with freezero.

ok tb@

9 months agoClean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()
joshua [Sun, 28 Jan 2024 14:43:48 +0000 (14:43 +0000)]
Clean up EVP_MD_CTX_{init,cleanup}() usage in ASN1_item_verify()

ok tb@

9 months agoUse the wait until construct in ixp.sh in the hopes of making it more
anton [Sun, 28 Jan 2024 12:36:21 +0000 (12:36 +0000)]
Use the wait until construct in ixp.sh in the hopes of making it more
stable.

9 months agomatch on Intel C3000
jsg [Sun, 28 Jan 2024 03:01:39 +0000 (03:01 +0000)]
match on Intel C3000
tested by Stephane Tranchemer

9 months agoForce -fno-stack-protector on "boot block" that absolutely can't have
deraadt [Sun, 28 Jan 2024 01:07:26 +0000 (01:07 +0000)]
Force -fno-stack-protector on "boot block" that absolutely can't have
a stack protector (probably not even a -fstack-protector-strong) because
the bloat would render them unuseable.  This also means the system
compiler can now take on any more it wants, and all the pieces which
can't use the stack protector are properly marked.
ok kettenis

9 months agoset -fno-stack-protector in NORMAL_C_NOP, which is used to compile
deraadt [Sun, 28 Jan 2024 00:40:22 +0000 (00:40 +0000)]
set -fno-stack-protector in NORMAL_C_NOP, which is used to compile
mcount.c, in the same way that -fno-ret-protector is set (because
the default ret-protector is an "always" generator).  This change
ensures there is never a stack protector prologue/epilogue in the
functions in that file, no matter what stack protector selection
algorithm is in play.
ok kettenis guenther

9 months agoDynamic EVP_PKEY_METHODs are a thing from the past
tb [Sat, 27 Jan 2024 23:34:18 +0000 (23:34 +0000)]
Dynamic EVP_PKEY_METHODs are a thing from the past

9 months agoAssert that tcp_timer_rexmt() uses IPv4 inpcb.
bluhm [Sat, 27 Jan 2024 21:35:13 +0000 (21:35 +0000)]
Assert that tcp_timer_rexmt() uses IPv4 inpcb.

in_pcbnotifyall() must be called with IPv4 inpcb only.  Comment why
this is the case and verify it with kassert.  This assures that
inp_faddr is a valid address.

OK mvs@

9 months agoDeclare address parameter in TCP SYN cache const.
bluhm [Sat, 27 Jan 2024 21:13:46 +0000 (21:13 +0000)]
Declare address parameter in TCP SYN cache const.

tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr.
sa6_src may be &sa6_any which lives in read-only data section.
Better pass down the const addresses to syn_cache_lookup().  They
are needed for hash lookup and are not modified.

OK mvs@

9 months agoAdd a few aliases for ECDSA and DSA for security/xca
tb [Sat, 27 Jan 2024 18:12:27 +0000 (18:12 +0000)]
Add a few aliases for ECDSA and DSA for security/xca

ok jsing

9 months agoUse ret instead of rv in a few keyivgen functions
tb [Sat, 27 Jan 2024 17:20:20 +0000 (17:20 +0000)]
Use ret instead of rv in a few keyivgen functions

9 months agoFold keyivgen functions into evp_pbe.c
tb [Sat, 27 Jan 2024 17:14:33 +0000 (17:14 +0000)]
Fold keyivgen functions into evp_pbe.c

These are only used by the EVP_PBE routines and will become internal in
the next major bump.

9 months agoMake some comments and some whitespace less ugly
tb [Sat, 27 Jan 2024 16:50:39 +0000 (16:50 +0000)]
Make some comments and some whitespace less ugly

9 months agoWhitespace tweak
tb [Sat, 27 Jan 2024 16:36:17 +0000 (16:36 +0000)]
Whitespace tweak

9 months agoThrow PKCS5_PBE_add() into the trash bin at the end of evp_pbe.c
tb [Sat, 27 Jan 2024 16:26:25 +0000 (16:26 +0000)]
Throw PKCS5_PBE_add() into the trash bin at the end of evp_pbe.c

This has been a noop since forever and will be removed in the next bump.

9 months agoMark the functions at the end of this file for removal
tb [Sat, 27 Jan 2024 16:22:29 +0000 (16:22 +0000)]
Mark the functions at the end of this file for removal

9 months agoSupport HMAC with SHA-3 as a PBE PRF
tb [Sat, 27 Jan 2024 16:18:25 +0000 (16:18 +0000)]
Support HMAC with SHA-3 as a PBE PRF

ok jsing

9 months agoSupport HMAC with truncated SHA-2 as a PBE PRF
tb [Sat, 27 Jan 2024 16:17:32 +0000 (16:17 +0000)]
Support HMAC with truncated SHA-2 as a PBE PRF

ok jsing

9 months agoTeach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3
tb [Sat, 27 Jan 2024 16:08:43 +0000 (16:08 +0000)]
Teach OBJ_find_sigid_{,by_}algs(3) about ECDSA with SHA-3

This allows signing and verifying ASN.1 "items" using the ECDSA with SHA-3
signature algorithms. With this diff, ECDSA certificates and CMS products
using ECDSA with SHA-3 can be generated using the openssl command line tool.

ok jsing

9 months agofirmware for qwx(4) devices
phessler [Sat, 27 Jan 2024 15:15:01 +0000 (15:15 +0000)]
firmware for qwx(4) devices

9 months agoEnable for TLSv1.3 now that shutdown behaviour matches the legacy stack.
jsing [Sat, 27 Jan 2024 14:35:13 +0000 (14:35 +0000)]
Enable for TLSv1.3 now that shutdown behaviour matches the legacy stack.

9 months agoRework tls13_legacy_shutdown() to match the legacy stack behaviour.
jsing [Sat, 27 Jan 2024 14:34:28 +0000 (14:34 +0000)]
Rework tls13_legacy_shutdown() to match the legacy stack behaviour.

Respect the ssl->shutdown flags rather than what has actually happened,
return -1 for all EOF errors and completely ignore the return value when
attempting to read a close-notify from the wire.

ok tb@

9 months agoMake tls13_legacy_return_code() static.
jsing [Sat, 27 Jan 2024 14:31:01 +0000 (14:31 +0000)]
Make tls13_legacy_return_code() static.

9 months agoAdd message callbacks for alerts in the TLSv1.3 stack.
jsing [Sat, 27 Jan 2024 14:23:51 +0000 (14:23 +0000)]
Add message callbacks for alerts in the TLSv1.3 stack.

This will make it easier to regress test shutdown behaviour in the TLSv1.3
stack. Additionally, `openssl -msg` now shows alerts for TLSv1.3
connections.

ok tb@

9 months agoAdd a few drivers to support Allwinner D1.
kettenis [Sat, 27 Jan 2024 12:23:03 +0000 (12:23 +0000)]
Add a few drivers to support Allwinner D1.

9 months agoOn Allwinner D1, the SBI call to schedule timer interrupts doesn't work.
kettenis [Sat, 27 Jan 2024 12:05:40 +0000 (12:05 +0000)]
On Allwinner D1, the SBI call to schedule timer interrupts doesn't work.
Instead we have to use one of the timers integerated on the SoC that
triggers an external interrupt.  Add the appropriate driver and change
the MD clock code to hook it up.

ok cheloha@, jca@

9 months agoAdd support for newer SoCs that store the data as number of days since the
kettenis [Sat, 27 Jan 2024 11:22:16 +0000 (11:22 +0000)]
Add support for newer SoCs that store the data as number of days since the
Unix epoch instead of a calender date.

ok jca@

9 months agoImplement an initial SMIv2 parser based around RFC257[89]. RFC2580 isn't
martijn [Sat, 27 Jan 2024 09:53:59 +0000 (09:53 +0000)]
Implement an initial SMIv2 parser based around RFC257[89]. RFC2580 isn't
supported yet. SMIv1 is not supported. Parsing is done in a strict
manner, but except for the (deprecated) IPV6-TC MIB everything from
IETF/IANA that I found parses.

For now this code will be used OID<->name translations, but other
functionality could be added in the future.

This commit just includes the parser, usage and including the MIB files
will be done in separate commits.

Go ahead from tb@

9 months agoAllocate a fixed NID for the acmeIdentifer OID
tb [Sat, 27 Jan 2024 07:28:28 +0000 (07:28 +0000)]
Allocate a fixed NID for the acmeIdentifer OID

ok job jsing

9 months agoAdd data for the RFC 8737 acmeIdentifier
tb [Sat, 27 Jan 2024 07:27:41 +0000 (07:27 +0000)]
Add data for the RFC 8737 acmeIdentifier

This teaches the object database OID, long and short names for the
ACME identifier X.509v3 extension defined in RFC 8737.

ok job jsing

9 months agosync
deraadt [Sat, 27 Jan 2024 00:12:34 +0000 (00:12 +0000)]
sync

9 months agoPut checksum flags in bpf_hdr to use them in userland dhcpleased.
jan [Fri, 26 Jan 2024 21:14:08 +0000 (21:14 +0000)]
Put checksum flags in bpf_hdr to use them in userland dhcpleased.

Thus, dhcpleased accept non-calculated checksums which were verified by
hardware/hypervisor.

With tweaks from dlg@

ok bluhm@
mkay tobhe@