openbsd
2 years agosync
tb [Fri, 6 May 2022 07:40:10 +0000 (07:40 +0000)]
sync

2 years agoInstall EVP_PKEY_CTX_set_hkdf_md.3
tb [Fri, 6 May 2022 07:39:21 +0000 (07:39 +0000)]
Install EVP_PKEY_CTX_set_hkdf_md.3

2 years agoDocument the EVP HKDF API
tb [Fri, 6 May 2022 07:36:54 +0000 (07:36 +0000)]
Document the EVP HKDF API

Manual from OpenSSL 1.1.1o with minimal tweaks.

input/ok schwarze

2 years agosync
deraadt [Fri, 6 May 2022 02:54:17 +0000 (02:54 +0000)]
sync

2 years agokstat(1): implement wait with setitimer(2) instead of nanosleep(2)
cheloha [Thu, 5 May 2022 22:36:36 +0000 (22:36 +0000)]
kstat(1): implement wait with setitimer(2) instead of nanosleep(2)

kstat(1)'s wait period drifts because nanosleep(2) uses a relative
timeout.  If we use setitimer(2)/sigsuspend(2) the period does not
drift.

While here, bump the upper bound for wait up to UINT_MAX and switch to
the normal strtonum(3) error message format.

With input from kn@.

Tweaked by bluhm@ to block SIGALRM with sigprocmask(2) while we're
outside of sigsuspend(2).

Thread: https://marc.info/?l=openbsd-tech&m=160038548111187&w=2

Earlier version ok millert@.

ok bluhm@

2 years agoFix watchdog in the installer.
florian [Thu, 5 May 2022 20:07:23 +0000 (20:07 +0000)]
Fix watchdog in the installer.

We only had one watchdog running that triggered after 30 minutes. If
an unattended upgrade (e.g. started by sysupgrade(8)) took longer than
this in total, the machine would reboot half way through an upgrade.
The intention was that the watchdog would be reset after each set
download and after each set installation. But this never worked
correctly because the actual upgrade ran in a sub-shell and WDPID was
not visible.
To fix this we first need to export WDPID to make it visible in the
sub-shell. Then reset_watchdog was guarded by $UU && reset_watchdog,
but UU wasn't visible either. But we can't export it because we would
enter a loop. We can just use the fact that WDPID is not empty to
restart the watchdog.
Lastly the watchdog process would keep stderr and stdout open. This
made the tee(1) hang that is collecting the autoupgrade log that is
mailed to root.
As a simplification, we don't need to run the watchdog as a
co-process, we don't want to communicate with it, we can just run it
in the background.
Problem reported by stsp
With & OK deraadt
OK millert

2 years agoCheck that the challenge token which is turned into a filename is
florian [Thu, 5 May 2022 19:51:35 +0000 (19:51 +0000)]
Check that the challenge token which is turned into a filename is
base64url encoded.
We have only the challenge directory unveil(2)'ed so funny business
like ../ will not work, but we shouldn't generate garbage filenames
that someone else might trip over either.
Pointed out and diff by Ali Farzanrad (ali_farzanrad AT riseup.net)
OK beck

2 years agoSimplify: freezero() is NULL safe; assign + test in one go, as usual.
tb [Thu, 5 May 2022 19:48:06 +0000 (19:48 +0000)]
Simplify: freezero() is NULL safe; assign + test in one go, as usual.

ok jsing

2 years agoAvoid malloc(0) in EVP_PKEY_CTX_set1_hkdf_key()
tb [Thu, 5 May 2022 19:46:36 +0000 (19:46 +0000)]
Avoid malloc(0) in EVP_PKEY_CTX_set1_hkdf_key()

ok jsing

2 years agoSecurely wipe the entire HKDF_PKEY_CTX instead of only taking care of
tb [Thu, 5 May 2022 19:44:23 +0000 (19:44 +0000)]
Securely wipe the entire HKDF_PKEY_CTX instead of only taking care of
a piece of the embedded info array.

ok jsing

2 years agoUse size_t for ASN.1 lengths.
jsing [Thu, 5 May 2022 19:18:56 +0000 (19:18 +0000)]
Use size_t for ASN.1 lengths.

Change asn1_get_length_cbs() and asn1_get_object_cbs() to handle and return
a length as a size_t rather than a uint32_t. This makes it simpler and less
error prone in the callers.

Suggested by and ok tb@

2 years agoSwitch wycheproof.go to using the EVP HKDF API.
tb [Thu, 5 May 2022 18:34:27 +0000 (18:34 +0000)]
Switch wycheproof.go to using the EVP HKDF API.

Gotta love EVP... Instead of a single, obvious call to HKDF(), you now
need to call eight EVP functions with plenty of allocations and pointless
copying internally. If you want to suffer even more, you could consider
using the gorgeous string interface instead.

2 years agoFix HMAC() with NULL key
tb [Thu, 5 May 2022 18:29:34 +0000 (18:29 +0000)]
Fix HMAC() with NULL key

If a NULL key is passed to HMAC_Init_ex(), it tries to reuse the
previous key. This makes no sense inside HMAC() since the HMAC_CTX
has no key set yet. This is hit by HKDF() with NULL salt() via the
EVP API and results in a few Wycheproof test failures. If key is
NULL, use a zero length dummy key.

This was not hit from wycheproof.go since we pass a []byte with a
single NUL from Go.

Matches OpenSSL if key is NULL and key_len is 0. If key_len != 0,
OpenSSL will still fail by passing a NULL key which makes no sense,
so set key_len to 0 instead.

ok beck jsing

2 years agoClean up divert_packet(). Function does not return error, make it
bluhm [Thu, 5 May 2022 16:44:22 +0000 (16:44 +0000)]
Clean up divert_packet().  Function does not return error, make it
void.  Introduce mutex and refcounting for inp like in the other
PCB functions.
OK sashan@

2 years agoAdd error handling if setting the keyboard encoding fails. After
bluhm [Thu, 5 May 2022 16:12:42 +0000 (16:12 +0000)]
Add error handling if setting the keyboard encoding fails.  After
open of all /dev/wskbd* devices failed, report the error from the
first one.  Also wrap long lines.
OK mpi@

2 years agoUpdate documentation for switch of default ruby version to 3.1
jeremy [Thu, 5 May 2022 15:45:05 +0000 (15:45 +0000)]
Update documentation for switch of default ruby version to 3.1

2 years agowe no longer announce rounding here
dv [Thu, 5 May 2022 15:42:04 +0000 (15:42 +0000)]
we no longer announce rounding here

2 years agoSwitch the log_warnx() about trailing garbage to log_debug(). After a
tb [Thu, 5 May 2022 14:44:59 +0000 (14:44 +0000)]
Switch the log_warnx() about trailing garbage to log_debug(). After a
maintenance window, my ISP started sending an unexpected 'ff' byte at
the very end which created noise in the log.  Apparently this came up
before.

From and ok florian

2 years agoUse static objects for struct rttimer_queue instead of dynamically
claudio [Thu, 5 May 2022 13:57:40 +0000 (13:57 +0000)]
Use static objects for struct rttimer_queue instead of dynamically
allocate them.

Currently there are 6 rttimer_queues and not many more will follow. So
change rt_timer_queue_create() to rt_timer_queue_init() which now takes
a struct rttimer_queue * as argument which will be initialized.
Since this changes the gloabl vars from pointer to struct adjust other
callers as well.
OK bluhm@

2 years agoregen
fcambus [Thu, 5 May 2022 12:29:14 +0000 (12:29 +0000)]
regen

2 years agoAdd ID for the AMD Sensor Fusion Hub found on my Ryzen-based ZBOX CA621.
fcambus [Thu, 5 May 2022 12:26:06 +0000 (12:26 +0000)]
Add ID for the AMD Sensor Fusion Hub found on my Ryzen-based ZBOX CA621.

OK jsg@

2 years agoFix argument order in HKDF and HKDF_extract().
tb [Thu, 5 May 2022 11:26:36 +0000 (11:26 +0000)]
Fix argument order in HKDF and HKDF_extract().

2 years agounbreak vmd(8) regress, update string matches
dv [Thu, 5 May 2022 11:19:18 +0000 (11:19 +0000)]
unbreak vmd(8) regress, update string matches

2 years agoFix line wrapping in wall(1).
bluhm [Thu, 5 May 2022 10:04:24 +0000 (10:04 +0000)]
Fix line wrapping in wall(1).
from Anton Borowka; OK mbuhl@

2 years agoUsing mutex initializer for static variable does not compile with
bluhm [Thu, 5 May 2022 09:45:15 +0000 (09:45 +0000)]
Using mutex initializer for static variable does not compile with
witness.  Make ratecheck mutex global.
Reported-by: syzbot+9864ba1338526d0e8aca@syzkaller.appspotmail.com
2 years agoAdd hkdf_pkey_meth to the standard_methods[]
tb [Thu, 5 May 2022 08:51:21 +0000 (08:51 +0000)]
Add hkdf_pkey_meth to the standard_methods[]

ok beck jsing

2 years agoLink kdf/ to the build
tb [Thu, 5 May 2022 08:50:35 +0000 (08:50 +0000)]
Link kdf/ to the build

ok beck jsing

2 years agoProvide EVP_PKEY_HKDF alias for NID_hkdf
tb [Thu, 5 May 2022 08:48:50 +0000 (08:48 +0000)]
Provide EVP_PKEY_HKDF alias for NID_hkdf

ok beck jsing

2 years agoProvide KDFerr() and KDFerror() macros
tb [Thu, 5 May 2022 08:48:05 +0000 (08:48 +0000)]
Provide KDFerr() and KDFerror() macros

ok beck jsing

2 years agoNo longer consider IN_EXPERIMENTAL aka 240/4 as not forwardable.
claudio [Thu, 5 May 2022 08:43:37 +0000 (08:43 +0000)]
No longer consider IN_EXPERIMENTAL aka 240/4 as not forwardable.
We already allow 240/4 in and out so lets allow it through as well.
One of many steps to make 240/4 useable.
Diff by Seth David Schoen (schoen at loyalty.org)
OK bluhm@ djm@

2 years agoProvide versions of EVP_PKEY_CTX_{str,hex}2ctrl() for internal use.
tb [Thu, 5 May 2022 08:42:27 +0000 (08:42 +0000)]
Provide versions of EVP_PKEY_CTX_{str,hex}2ctrl() for internal use.

ok beck jsing

2 years agoDitch #defines for tls1_prf and scrypt. Drop unused errors and massage
tb [Thu, 5 May 2022 08:24:14 +0000 (08:24 +0000)]
Ditch #defines for tls1_prf and scrypt. Drop unused errors and massage
some const.

ok beck jsing

2 years agoTranslate from OpenSSL's HKDF API to BoringSSL API.
tb [Thu, 5 May 2022 08:14:14 +0000 (08:14 +0000)]
Translate from OpenSSL's HKDF API to BoringSSL API.

ok beck jsing

2 years agoRemove function codes from errors, i.e., KDFerr(A, B) -> KDFerror(B)
tb [Thu, 5 May 2022 08:10:39 +0000 (08:10 +0000)]
Remove function codes from errors, i.e., KDFerr(A, B) -> KDFerror(B)

ok beck jsing

2 years agoFix typo in previous.
tb [Thu, 5 May 2022 08:07:24 +0000 (08:07 +0000)]
Fix typo in previous.

2 years agoInline OPENSSL_memdup() using malloc() + memcpy()
tb [Thu, 5 May 2022 08:05:58 +0000 (08:05 +0000)]
Inline OPENSSL_memdup() using malloc() + memcpy()

ok beck jsing

2 years agoTranslate OPENSSL_{cleanse,clear_free,free,zalloc}() to libc API.
tb [Thu, 5 May 2022 08:03:11 +0000 (08:03 +0000)]
Translate OPENSSL_{cleanse,clear_free,free,zalloc}() to libc API.

ok beck jsing

2 years agoAdjust includes for LibreSSL
tb [Thu, 5 May 2022 07:57:33 +0000 (07:57 +0000)]
Adjust includes for LibreSSL

ok beck jsing

2 years agoUse C99 initializres for hkdf_pkey_meth
tb [Thu, 5 May 2022 07:53:30 +0000 (07:53 +0000)]
Use C99 initializres for hkdf_pkey_meth

ok beck jsing

2 years agoRemove OpenSSL versions of HKDF*().
tb [Thu, 5 May 2022 07:50:06 +0000 (07:50 +0000)]
Remove OpenSSL versions of HKDF*().

ok beck jsing

2 years agoFix includes of the removed kdferr.h
tb [Thu, 5 May 2022 07:48:07 +0000 (07:48 +0000)]
Fix includes of the removed kdferr.h

2 years agoAdd NID for HKDF
tb [Thu, 5 May 2022 07:45:57 +0000 (07:45 +0000)]
Add NID for HKDF

ok beck jsing

2 years agosshkey_unshield_private() contains a exact duplicate of the code in
djm [Thu, 5 May 2022 01:04:14 +0000 (01:04 +0000)]
sshkey_unshield_private() contains a exact duplicate of the code in
private2_check_padding(). Pull private2_check_padding() up so the code
can be reused. From Martin Vahlensieck, ok deraadt@

2 years agochannel_new no longer frees remote_name. So update the comment
djm [Thu, 5 May 2022 00:56:58 +0000 (00:56 +0000)]
channel_new no longer frees remote_name.  So update the comment
accordingly.  As remote_name is not modified, it can be const
as well. From Martin Vahlensieck

2 years agomux.c: mark argument as const; from Martin Vahlensieck
djm [Thu, 5 May 2022 00:55:11 +0000 (00:55 +0000)]
mux.c: mark argument as const; from Martin Vahlensieck

2 years agovmctl(8)/vmd(8): convert disk sizes from MB to bytes
dv [Wed, 4 May 2022 23:17:25 +0000 (23:17 +0000)]
vmctl(8)/vmd(8): convert disk sizes from MB to bytes

Continue converting other parts to storing data in bytes instead
of MB. In this case, the logic for disk sizes was being scaled.

This fixes issues reported by Martin Vahlensieck where vmctl could
no longer create disks larger than 7 MiB after previous commits to
change storing memory sizes as bytes.

While this keeps the vm memory limit check in vmctl's size parser,
it skips the limit check for disks. The error messages adjust
accordingly and this removes the double error message logging.

Update comments and function types accordingly.

ok marlkin@

2 years agoIntroduce mutex for ratecheck(9) and ppsratecheck(9). A global
bluhm [Wed, 4 May 2022 21:24:33 +0000 (21:24 +0000)]
Introduce mutex for ratecheck(9) and ppsratecheck(9).  A global
mutex with spl high for all function calls is used for now.  It
protects the lasttime and curpps parameter.  This solution is MP
safe for the usual use case, allows progress, and can be optimized
later.  Remove a useless #if 1 while there.
OK claudio@

2 years agoremove accidentally duplicated line
tb [Wed, 4 May 2022 19:34:26 +0000 (19:34 +0000)]
remove accidentally duplicated line

2 years agoWhitespace nit (knfmt(1) agrees after inserting an empty line after the
tb [Wed, 4 May 2022 19:15:52 +0000 (19:15 +0000)]
Whitespace nit (knfmt(1) agrees after inserting an empty line after the
variable declaration)

2 years agoFound two multiple evaluation macros. One of them so long and scary it
deraadt [Wed, 4 May 2022 18:57:50 +0000 (18:57 +0000)]
Found two multiple evaluation macros. One of them so long and scary it
too many people to unravel correctly and place into a static function.
While here, move the flags bits into local variables, which reduces
the amount of () in the checks.
help from millert, miod, tedu

2 years agoKNF according to knfmt(1)
tb [Wed, 4 May 2022 18:56:34 +0000 (18:56 +0000)]
KNF according to knfmt(1)

2 years agoAdd RCS tags
tb [Wed, 4 May 2022 18:49:50 +0000 (18:49 +0000)]
Add RCS tags

2 years agoRestore copyright years to 2016-2018 as they were before the previous
tb [Wed, 4 May 2022 18:48:55 +0000 (18:48 +0000)]
Restore copyright years to 2016-2018 as they were before the previous
commit.

2 years agoReinstate the licenses that were replaced with license stubs in
tb [Wed, 4 May 2022 18:47:26 +0000 (18:47 +0000)]
Reinstate the licenses that were replaced with license stubs in
OpenSSL commits d2e9e320186f0917cc940f46bdf1a7e4120da9b0 and
b6cff313cbb1d0381b329fe4f6a8f009cdb270e4

2 years agoBump copyright years to 2016-2018 as it was before the previous commit.
tb [Wed, 4 May 2022 18:37:00 +0000 (18:37 +0000)]
Bump copyright years to 2016-2018 as it was before the previous commit.

2 years agoReinstate the license that was replaced with a stub in OpenSSL commit
tb [Wed, 4 May 2022 18:36:03 +0000 (18:36 +0000)]
Reinstate the license that was replaced with a stub in OpenSSL commit
21dcbebc6e35419f1842f39a125374ea1ba45693

2 years agoInline kdferr.h at the end of kdf.h
tb [Wed, 4 May 2022 18:27:39 +0000 (18:27 +0000)]
Inline kdferr.h at the end of kdf.h

2 years agoRename hkdf.c to hkdf_evp.c to avoid a name clash with hkdf/hkdf.c
tb [Wed, 4 May 2022 18:19:17 +0000 (18:19 +0000)]
Rename hkdf.c to hkdf_evp.c to avoid a name clash with hkdf/hkdf.c

2 years agoImport HKDF code from OpenSSL 1.1.1o
tb [Wed, 4 May 2022 18:02:07 +0000 (18:02 +0000)]
Import HKDF code from OpenSSL 1.1.1o

This imports verbatim copies as of the OpenSSL_1_1_1o tag of

  crypto/kdf/hkdf.c
  crypto/kdf/hkdf_err.c
  include/openssl/kdf.h
  include/openssl/kdferr.h

from https://www.github.com/openssl/openssl.git into lib/libcrypto/kdf.

We only want the EVP interface to HKDF since some ports need them.  Not
yet linked to the build since it will not compile. Follow-on commits will
add KNF, clean up and make this compile.

Tests of an early draft version by abieber and Caspar Schutijser

ok jsing

2 years agoMove rttimer callback function from the rttimer itself to rttimer_queue.
claudio [Wed, 4 May 2022 16:52:10 +0000 (16:52 +0000)]
Move rttimer callback function from the rttimer itself to rttimer_queue.
All users use the same callback per queue so that makes sense.
Also replace rt_timer_queue_destroy() with rt_timer_queue_flush().
OK bluhm@

2 years agoIn ipsp_spd_lookup() rename the parameter tdbp to tdbin as it is
bluhm [Wed, 4 May 2022 15:29:58 +0000 (15:29 +0000)]
In ipsp_spd_lookup() rename the parameter tdbp to tdbin as it is
always the incoming TDB that has to be checked.
from markus@

2 years agorpki-client: bypass timeout in file mode.
tb [Wed, 4 May 2022 15:21:25 +0000 (15:21 +0000)]
rpki-client: bypass timeout in file mode.

ok claudio

2 years agoMerge swap-backed and object-backed inactive page lists.
mpi [Wed, 4 May 2022 14:58:26 +0000 (14:58 +0000)]
Merge swap-backed and object-backed inactive page lists.

ok millert@, kettenis@

2 years agoVariable pri is uninitialized, use msg.m_pri instead. This affects
bluhm [Wed, 4 May 2022 14:47:46 +0000 (14:47 +0000)]
Variable pri is uninitialized, use msg.m_pri instead.  This affects
the priority of userland messages with kernel or unspecified facility.
broken in previous commit; fix from markus@

2 years agoTweak wording of a comment to reflect current reality better.
tb [Wed, 4 May 2022 13:07:35 +0000 (13:07 +0000)]
Tweak wording of a comment to reflect current reality better.

2 years agoRewrite asn1_collect() and asn1_find_end() with CBS.
jsing [Wed, 4 May 2022 10:57:48 +0000 (10:57 +0000)]
Rewrite asn1_collect() and asn1_find_end() with CBS.

Use more readable variable and arguments names in the process.

ok tb@

2 years agoAvoid special handling of definite length before calling asn1_find_end().
jsing [Wed, 4 May 2022 10:53:26 +0000 (10:53 +0000)]
Avoid special handling of definite length before calling asn1_find_end().

The asn1_find_end() function handles definite length ASN.1, which means
that there is no point in the only caller having code to explicitly handle
definite length - it can just call the function.

ok tb@

2 years agoChange asn1_check_tag_cbs() out_len from long to size_t.
jsing [Wed, 4 May 2022 10:47:36 +0000 (10:47 +0000)]
Change asn1_check_tag_cbs() out_len from long to size_t.

The long vs size_t checks can be handled in the asn1_check_tag() wrapper
and this will help to avoid propagating long vs size_t issues into new
code.

ok tb@

2 years agoRemove extra empty line
claudio [Wed, 4 May 2022 10:17:16 +0000 (10:17 +0000)]
Remove extra empty line

2 years agoregen
jsg [Wed, 4 May 2022 08:11:11 +0000 (08:11 +0000)]
regen

2 years agoupdate Intel ADL-S graphics ids, add ADL-N RPL-S RPL-P
jsg [Wed, 4 May 2022 08:10:43 +0000 (08:10 +0000)]
update Intel ADL-S graphics ids, add ADL-N RPL-S RPL-P

2 years agomake sure stdout is non-blocking; ok djm@
markus [Wed, 4 May 2022 07:31:22 +0000 (07:31 +0000)]
make sure stdout is non-blocking; ok djm@

2 years agoAs found by n18fuhtm AT tutanota.com there are dhcp servers that send a
florian [Wed, 4 May 2022 05:57:18 +0000 (05:57 +0000)]
As found by n18fuhtm AT tutanota.com there are dhcp servers that send a
domain name option with length 1 and a single \0.
We strip trailing \0 and then end up with length 0.
This is a protocol violation, the minimum length for domain name option
is 1, and we ignore the lease.

Since we are not going to get this fixed this server side, we might as
well just pretend that we didn't receive a domain name (or host name).
We only ever care about them in the installer anyway. Not getting a
lease because of this corner case is not helpful.

OK deraadt

2 years agodrm/i915/adl-n: Enable ADL-N platform
jsg [Wed, 4 May 2022 05:25:28 +0000 (05:25 +0000)]
drm/i915/adl-n: Enable ADL-N platform

From Tejas Upadhyay
7e28d0b26759846485978ada860ef4a427e06c8f in mainline linux

2 years agodrm/i915/rpl-s: Add PCI IDS for Raptor Lake S
jsg [Wed, 4 May 2022 05:20:33 +0000 (05:20 +0000)]
drm/i915/rpl-s: Add PCI IDS for Raptor Lake S

From Anusha Srivatsa
52407c220c44c8dcc6aa8aa35ffc8a2db3c849a9 in mainline linux

2 years agodrm/i915/dg1: Add new PCI id
jsg [Wed, 4 May 2022 05:17:14 +0000 (05:17 +0000)]
drm/i915/dg1: Add new PCI id

From Jose Roberto de Souza
5f0d4214938db66969a50d4b1262307e39f4f2b2 in mainline linux

2 years agodrm/i915/adl_s: Update ADL-S PCI IDs
jsg [Wed, 4 May 2022 05:14:35 +0000 (05:14 +0000)]
drm/i915/adl_s: Update ADL-S PCI IDs

From Tejas Upadhyay
c79b846f892d64f169d3dba18fd2500a83805e3a in mainline linux

2 years agoMissed removing some memory scaling in vmm, vmctl.
dv [Wed, 4 May 2022 02:24:26 +0000 (02:24 +0000)]
Missed removing some memory scaling in vmm, vmctl.

Continuation of commitid RbITgDkOsW8SMssz removing use of megabytes
instead of bytes in vmm(4) and vmctl(8). Missed this spot that only
manifests after a vm is started and has its runtime details
inspected.

2 years agovmm/vmd/vmctl: standardize memory units to bytes
dv [Tue, 3 May 2022 21:39:18 +0000 (21:39 +0000)]
vmm/vmd/vmctl: standardize memory units to bytes

At different points in the vm lifecycle vmm(4), vmctl(8), and vmd(8)
refer to a vm's memory range sizes in either bytes or megabytes.
This is needlessly complex.

Switch to using bytes everywhere and adjust types and constants
accordingly. While this makes it possible to specify vm's with
memory in fractions of megabytes, the logic requiring whole
megabyte values remains.

Feedback from deraadt@, mlarkin@, and Matthew Martin.

ok mlarkin@

2 years agoRate limit uvn_flush error during pageout messages. They occur
bluhm [Tue, 3 May 2022 21:20:35 +0000 (21:20 +0000)]
Rate limit uvn_flush error during pageout messages.  They occur
when a memory mapped file cannot be written to disk, e.g. if the
file system is full.  Too much printf() during kernel relinking
slows down the system boot.
OK deraadt@

2 years agoMake pf(4) more paranoid about IGMP/MLP messages. MLD/IGMP messages
sashan [Tue, 3 May 2022 13:32:47 +0000 (13:32 +0000)]
Make pf(4) more paranoid about IGMP/MLP messages. MLD/IGMP messages
with ttl other than 1 will be discarded. Also MLD messages with
other than link-local source address will be discarded. IGMP
messages with destination address other than multicast class
will be discarded.

feedback and OK bluhm@, cluadio@

2 years agosioctl_onval(3) returns int not void
ratchov [Tue, 3 May 2022 13:03:30 +0000 (13:03 +0000)]
sioctl_onval(3) returns int not void

Fix from Carlin Bingham <cb at viennan.net>, thanks!

2 years agoRework display of partition types, removing unnecessary trailing
krw [Tue, 3 May 2022 11:48:47 +0000 (11:48 +0000)]
Rework display of partition types, removing unnecessary trailing
blanks in the arrays of type names, simplifying the code and
making better use of printf().

Along the way discover that "APFS Recovery" fits, so nuke the
annoying "AFPS Recovry" contraction.

No intentional functional change.

Some "APFS Recovery" nits pointed out by jsg@

2 years agoActivate parallel IP forwarding. Start 4 softnet tasks. Limit the
bluhm [Tue, 3 May 2022 11:47:03 +0000 (11:47 +0000)]
Activate parallel IP forwarding.  Start 4 softnet tasks.  Limit the
usage to the number of CPUs.
lots of testing Hrvoje Popovski; OK sashan@ sthen@

2 years agoRetire CRYPTO_F_MPSAFE it is no longer of any use. The crypto framework
claudio [Tue, 3 May 2022 09:18:11 +0000 (09:18 +0000)]
Retire CRYPTO_F_MPSAFE it is no longer of any use. The crypto framework
no longer uses a callback and so there is no need to define the
callback as MPSAFE.
OK bluhm@

2 years agoAdd FIDO AUTHENTICATOR section and explain a bit how FIDO works. The
florian [Tue, 3 May 2022 07:42:27 +0000 (07:42 +0000)]
Add FIDO AUTHENTICATOR section and explain a bit how FIDO works. The
wording came mostly from the 8.2 OpenSSH release notes, addapted to
fit the man page.
Then move the -O bits into the new section as is already done for
CERTIFICATES and MODULI GENERATION.
Finally we can explain the trade-offs of resident keys.
While here, consistently refer to the FIDO thingies as "FIDO
authenticators", not "FIDO tokens".

input & OK jmc, naddy

2 years agoDisable DMA as part of the hardware reset, preventing the device from
anton [Mon, 2 May 2022 06:30:45 +0000 (06:30 +0000)]
Disable DMA as part of the hardware reset, preventing the device from
ending up in an odd state during netboot in which u-boot (in my case)
hands of the device in a somewhat initialized state.

ok kettenis@

2 years agoUse the given queue id argument which happen to already be equal to
anton [Mon, 2 May 2022 06:30:05 +0000 (06:30 +0000)]
Use the given queue id argument which happen to already be equal to
GENET_DMA_DEFAULT_QUEUE.

ok kettenis@

2 years agoremove an obsolete rsa1 format example from an example;
jmc [Mon, 2 May 2022 05:40:37 +0000 (05:40 +0000)]
remove an obsolete rsa1 format example from an example;

from megan batty
ok djm

2 years agosync
deraadt [Sun, 1 May 2022 23:50:48 +0000 (23:50 +0000)]
sync

2 years agofix some integer overflows in sieve_large() that show up when trying
djm [Sun, 1 May 2022 23:20:30 +0000 (23:20 +0000)]
fix some integer overflows in sieve_large() that show up when trying
to generate modp groups > 16k bits. Reported via GHPR#306 by
Bertram Felgenhauer, but fixed in a different way. feedback/ok tb@

2 years agoregen
tedu [Sun, 1 May 2022 23:00:04 +0000 (23:00 +0000)]
regen

2 years agono need to test for toupper function in awk
tedu [Sun, 1 May 2022 22:59:49 +0000 (22:59 +0000)]
no need to test for toupper function in awk
ok cheloha millert miod

2 years agoInstall useful btrace scripts into /usr/share/btrace directory.
bluhm [Sun, 1 May 2022 20:23:11 +0000 (20:23 +0000)]
Install useful btrace scripts into /usr/share/btrace directory.
OK tedu@

2 years agoSplit a new function roff_parse_comment() out of roff_expand() because this
schwarze [Sun, 1 May 2022 16:18:59 +0000 (16:18 +0000)]
Split a new function roff_parse_comment() out of roff_expand() because this
functionality is not needed when called from roff_getarg().  This makes the
long and complicated function roff_expand() significantly shorter, and also
simpler in so far as it no longer needs to return ROFF_APPEND.
No functional change intended.

2 years agoPrevent out-of-bounds array access with binaries that use unsupported
kettenis [Sun, 1 May 2022 11:03:48 +0000 (11:03 +0000)]
Prevent out-of-bounds array access with binaries that use unsupported
relocations.

ok guenther@

2 years agoCheck for the correct length field when checking the control transfer data
mglocker [Sun, 1 May 2022 10:28:54 +0000 (10:28 +0000)]
Check for the correct length field when checking the control transfer data
length.  Remove obsolete comment while here.

ok kettenis@

2 years agoRun IP input and forwarding with shared netlock. Also distribute
bluhm [Sat, 30 Apr 2022 21:13:57 +0000 (21:13 +0000)]
Run IP input and forwarding with shared netlock.  Also distribute
packets from the interface receive rings into multiple net task
queues.
Note that we still have only one softnet task.  So there will be
no concurrency yet, but we can notice wrong exclusive lock assertions.
Soon the final step will be to increase the NET_TASKQ define.
lots of testing Hrvoje Popovski; OK sashan@

2 years agoProvide a new function roff_req_or_macro() to parse and handle a request
schwarze [Sat, 30 Apr 2022 18:46:16 +0000 (18:46 +0000)]
Provide a new function roff_req_or_macro() to parse and handle a request
or macro, including context-dependent error handling inside tbl(7) code
and inside .ce/.rj blocks.  Use it both in the top level roff(7) parser
and inside conditional blocks.

This fixes an assertion failure triggered by ".if 1 .ce" inside tbl(7)
code, found by tb@ using afl(1).

As a side benefit for readability, only one place remains in the
code that calls the main handler functions for the various roff(7)
requests.  This patch also improves column numbers in some error
messages and various comments.

2 years agoRecheck PG_BUSY after locking the page.
mpi [Sat, 30 Apr 2022 17:58:43 +0000 (17:58 +0000)]
Recheck PG_BUSY after locking the page.

Another thread can set the bit if we sleep during rw_enter(9) in which case
the page shouldn't be touched.

ok semarie@