openbsd
11 months agoMNT_SOFTDEP and mount -o softdep no longer have any effect
schwarze [Fri, 10 Nov 2023 00:25:59 +0000 (00:25 +0000)]
MNT_SOFTDEP  and  mount -o softdep  no longer have any effect
OK kn@ jmc@

11 months agoRun arp timeout without kernel lock.
bluhm [Thu, 9 Nov 2023 21:45:18 +0000 (21:45 +0000)]
Run arp timeout without kernel lock.

Since cheloha@ has implemented timeout processes that do not grab
the kernel lock, start using TIMEOUT_MPSAFE for arptimer().

OK kn@ mvs@

11 months agoForgot to fix the RFC number in the new comment
tb [Thu, 9 Nov 2023 19:08:07 +0000 (19:08 +0000)]
Forgot to fix the RFC number in the new comment

11 months agoConvert PKCS7_SIGNER_INFO_set() to X509_ALGOR_set0_by_nid()
tb [Thu, 9 Nov 2023 19:00:53 +0000 (19:00 +0000)]
Convert PKCS7_SIGNER_INFO_set() to X509_ALGOR_set0_by_nid()

This is a straightforward conversion because I'm not going to start a
cleanup here. Explain why this is not using X509_ALGOR_set_md(). See
below.

ok jca

Let me include a beautiful note from RFC 5754 in its entirety:

   NOTE: There are two possible encodings for the AlgorithmIdentifier
   parameters field associated with these object identifiers.  The two
   alternatives arise from the loss of the OPTIONAL associated with the
   algorithm identifier parameters when the 1988 syntax for
   AlgorithmIdentifier was translated into the 1997 syntax.  Later, the
   OPTIONAL was recovered via a defect report, but by then many people
   thought that algorithm parameters were mandatory.  Because of this
   history, some implementations encode parameters as a NULL element
   while others omit them entirely.  The correct encoding is to omit the
   parameters field; however, when some uses of these algorithms were
   defined, it was done using the NULL parameters rather than absent
   parameters.  For example, PKCS#1 [RFC3447] requires that the padding
   used for RSA signatures (EMSA-PKCS1-v1_5) MUST use SHA2
   AlgorithmIdentifiers with NULL parameters (to clarify, the
   requirement "MUST generate SHA2 AlgorithmIdentifiers with absent
   parameters" in the previous paragraph does not apply to this
   padding).

11 months agoTighten pledge in List and Append mode:
kn [Thu, 9 Nov 2023 18:54:15 +0000 (18:54 +0000)]
Tighten pledge in List and Append mode:

Drop "wpath cpath fattr dpath" in read-only:
-  cpio -i -t < test.tar
-  pax < test.tar
-  tar -t -f test.tar

Drop "cpath fattr dpath" in read-write:
-  echo foo | cpio -o -A -H ustar -O test.tar
-  tar -r -f test.tar foo
-  pax -w -a -f test.tar foo

Other modes remain unchanged and thus can create or modify files.

Feedback OK millert

11 months agoavoid restartable syscalls with siginterrupt() against all our handlers.
dlg [Thu, 9 Nov 2023 18:36:19 +0000 (18:36 +0000)]
avoid restartable syscalls with siginterrupt() against all our handlers.

pflogd uses blocking bpf reads, but installs a bunch of signal
handlers to handle cleanly closing and (re)opening the log file.
signal() by default sets the handlers up so they're restartable.
this has the effect that when pflogd receives a signal while waiting
in bpfread, the signal handler runs and sets a flag saying the file
should be rotated or closed or whatever, but then the kernel restarts
the read.

when pflogd used a bpf read timeout, pflogd would run it's "event"
loop every time the read timeout expired. this meant even though
the bpf read was restarted, by having the read timeout expire every
500ms the flag the signal handlers set would be processed in a
relatively short period of time.

after moving bpf to a wait timeout, pflogd basically has to wait
for a packet to be captured before the bpf read will return. if
you're trying to kill pflogd on an idle firewall then you're basically
stuck.

making the signal handlers not restartable allows bpfread to fail
with EINTR so pflogd can go around it's even loop and exit as
expected.

reported by Mikhail on bugs@
ok claudio@

pflogd needs a rewrite though.

11 months ago-C/resume without "proc exec"
kn [Thu, 9 Nov 2023 18:18:59 +0000 (18:18 +0000)]
-C/resume without "proc exec"

ftp(1) has "proc exec" to run sh(1) on interactive ! commands and filenames
starting with "|";  this is orthogonal to continuing transfers using the
existing file size as offsets.

There seems to be no case where a) the argument is an URL, i.e. we pledge,
and b) a shell is spawned somehow, so avoid these promises when resuming.

bsd.port.mk(5) FETCH_CMD uses -C by default.

OK millert

11 months agoAdd [-P progam] to filter dumps by basename
kn [Thu, 9 Nov 2023 15:43:28 +0000 (15:43 +0000)]
Add [-P progam] to filter dumps by basename

[-p pid] requires knowing the PIDs beforehand, sieving through big
dumps by argv[0] strings is more ergonomic.

OK deraadt

11 months agoFinish clean up of old 6.7 softraid migration code
kn [Thu, 9 Nov 2023 14:26:34 +0000 (14:26 +0000)]
Finish clean up of old 6.7 softraid migration code

All combos of no/CRYPTO softraid, old/new ofwboot, old/new kernel do boot.

OK stsp

11 months agoget rid of the ioctl whitelist that bio will tunnel for other devs.
dlg [Thu, 9 Nov 2023 14:07:18 +0000 (14:07 +0000)]
get rid of the ioctl whitelist that bio will tunnel for other devs.

this will allow bio(4) to be used with other (non raid) related
devices.

ok krw@ kn@

11 months agosort .xr after previous; from jmc
kn [Thu, 9 Nov 2023 13:47:27 +0000 (13:47 +0000)]
sort .xr after previous;  from jmc

11 months agolink to showmount(8); OK deraadt
kn [Thu, 9 Nov 2023 12:47:05 +0000 (12:47 +0000)]
link to showmount(8);  OK deraadt

11 months agovmctl(8): avoid abort when given an invalid "kernel" file.
dv [Thu, 9 Nov 2023 12:26:08 +0000 (12:26 +0000)]
vmctl(8): avoid abort when given an invalid "kernel" file.

The vmctl `start` command allows the user to pass an optional
"kernel" file (either a ramdisk kernel or a SeaBIOS image). This
file is opened by vmctl and the descriptor passed via imsg.

If the file provided isn't a regular file, the attempt to send the
start message to vmd(8)'s control socket will fail and results in
a the vmctl process aborting.

Check the file type after open and fail gracefully if not a regular
file.

reported by and ok gnezdo@

11 months agoConvert ecx_item_sign() to X509_ALGOR_set0_by_nid()
tb [Thu, 9 Nov 2023 11:39:13 +0000 (11:39 +0000)]
Convert ecx_item_sign() to X509_ALGOR_set0_by_nid()

ok jca

11 months agoConvert asn1_item_sign() to X509_ALGOR_set0_by_nid()
tb [Thu, 9 Nov 2023 11:36:39 +0000 (11:36 +0000)]
Convert asn1_item_sign() to X509_ALGOR_set0_by_nid()

ok jca

11 months agomissing full stop
jasper [Thu, 9 Nov 2023 09:13:32 +0000 (09:13 +0000)]
missing full stop

11 months agoRemove delayed timeout(9) initialization. timeout_set*() only assign
mvs [Thu, 9 Nov 2023 08:53:20 +0000 (08:53 +0000)]
Remove delayed timeout(9) initialization. timeout_set*() only assign
members of passed timeout structure, this delayed initialization
provides nothing but makes code weird.

ok kn

11 months agoFix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()
tb [Thu, 9 Nov 2023 08:29:53 +0000 (08:29 +0000)]
Fix X509_ALGOR_set0() usage in rsa_alg_set_oaep_padding()

Replace X509_ALGOR_set0() with X509_ALGOR_set0_by_nid(). This way there
is no missing error checking for OBJ_nid2obj() and no nested functions.
Slightly more importantly, this plugs two long standing potential leaks
in this function (or previously rsa_cms_encrypt()) due to missing error
checking: in the unlikely event that X509_ALGOR_set0() failed, astr/ostr
would leak.

ok jsing

11 months agoUse X509_ALGOR_set0_by_nid() in rsa_mgf1md_to_maskGenAlgorithm()
tb [Thu, 9 Nov 2023 08:20:10 +0000 (08:20 +0000)]
Use X509_ALGOR_set0_by_nid() in rsa_mgf1md_to_maskGenAlgorithm()

ok jsing

11 months agodrm/amdgpu: Reserve fences for VM update
jsg [Thu, 9 Nov 2023 08:16:47 +0000 (08:16 +0000)]
drm/amdgpu: Reserve fences for VM update

From Felix Kuehling
ff86d69b2e5004ec256a9301990acdaa282a777c in linux-6.1.y/6.1.62
316baf09d355aec1179981b6dfe28eba50c5ee5b in mainline linux

11 months agogpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET
jsg [Thu, 9 Nov 2023 08:14:14 +0000 (08:14 +0000)]
gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET

From Luben Tuikov
9f9b2ec53aca630783493a2ccc3bab0794052133 in linux-6.1.y/6.1.62
fa8391ad68c16716e2c06ada397e99ceed2fb647 in mainline linux

11 months agodrm/amdgpu: Unset context priority is now invalid
jsg [Thu, 9 Nov 2023 08:10:19 +0000 (08:10 +0000)]
drm/amdgpu: Unset context priority is now invalid

From Luben Tuikov
cafa191b27dd3c6199529f36a6dfddb707c240c0 in linux-6.1.y/6.1.62
eab0261967aeab528db4d0a51806df8209aec179 in mainline linux

11 months agodrm/ttm: Reorder sys manager cleanup step
jsg [Thu, 9 Nov 2023 08:08:17 +0000 (08:08 +0000)]
drm/ttm: Reorder sys manager cleanup step

From Karolina Stolarek
6a87b333ba4784ba23c1e74693f5c1b0268ac137 in linux-6.1.y/6.1.62
3b401e30c249849d803de6c332dad2a595a58658 in mainline linux

11 months agoDon't do the time window check if we're noAuthNoPriv. It's only needed
martijn [Wed, 8 Nov 2023 20:09:18 +0000 (20:09 +0000)]
Don't do the time window check if we're noAuthNoPriv. It's only needed
if we're authenticating according to RFC3414 section 2.3.

OK tb@

11 months agoLet usm_make_report() utilize appl_report(). usm_make_report utilized
martijn [Wed, 8 Nov 2023 20:07:14 +0000 (20:07 +0000)]
Let usm_make_report() utilize appl_report(). usm_make_report utilized
mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into
application_internal returned a noSuchObject. This doesn't seem to have
broken any tools that I'm aware of, but this returns the correct result.

OK tb@

11 months agoLet appl_report() collect its own metrics. This simplifies the interface
martijn [Wed, 8 Nov 2023 20:02:52 +0000 (20:02 +0000)]
Let appl_report() collect its own metrics. This simplifies the interface
and gives us a free report-pdu log line in debug mode.

OK tb@

11 months agoDon't rely on aru_pdu to rebuild the original varbindlist on error.
martijn [Wed, 8 Nov 2023 19:59:46 +0000 (19:59 +0000)]
Don't rely on aru_pdu to rebuild the original varbindlist on error.
Now that we have avi_origid it's not needed anymore and aru_pdu needs
to go.

OK tb@

11 months agoDon't use aru_pdu for determining the requesttype. It's owned by
martijn [Wed, 8 Nov 2023 19:54:52 +0000 (19:54 +0000)]
Don't use aru_pdu for determining the requesttype. It's owned by
snmp_message and getting rid of it is also needed for appl_report() to
gather its own information.

OK tb@

11 months agoOn second thought let's not overwrite sm_pdutype with a hardcoded value
martijn [Wed, 8 Nov 2023 19:50:24 +0000 (19:50 +0000)]
On second thought let's not overwrite sm_pdutype with a hardcoded value
after just setting it, it's a silly idea.

OK tb@

11 months agoexport SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts}
martijn [Wed, 8 Nov 2023 19:46:28 +0000 (19:46 +0000)]
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts}
via application_internal.

OK tb@

11 months agoHook up snmpTargetMIB to MIB_TREE.
martijn [Wed, 8 Nov 2023 19:43:29 +0000 (19:43 +0000)]
Hook up snmpTargetMIB to MIB_TREE.

OK tb@

11 months agoMore minor cleanup in rsa_alg_set_oaep_padding()
tb [Wed, 8 Nov 2023 19:30:38 +0000 (19:30 +0000)]
More minor cleanup in rsa_alg_set_oaep_padding()

Test and assign one more instance replace a useless comment by an empty
line.

11 months agoAvoid a NULL dereference when handling a malformed fastcgi request.
millert [Wed, 8 Nov 2023 19:19:10 +0000 (19:19 +0000)]
Avoid a NULL dereference when handling a malformed fastcgi request.

Rework the hack to avoid a use-after-free in the fastcgi code.
Since server_fcgi() can be called by server_read_httpcontent() we
can't set clt_fcgi_error to NULL.  Instead, we implement a simple
reference count to track when a fastcgi session is in progress to
avoid closing the http session prematurely on fastcgi error.
Based on a diff from and OK by tb@.  Reported by Ben Kallus.

11 months agoPrepare further fixes of X509_ALGOR_set0() misuse
tb [Wed, 8 Nov 2023 19:14:43 +0000 (19:14 +0000)]
Prepare further fixes of X509_ALGOR_set0() misuse

In rsa_alg_set_oaep_padding() rename los to ostr for consistency with
astr, make it have function scope, free ostr in the error path and assume
X509_ALGOR_set0() success.

ok jca

11 months agoIncrease NKMEMPAGES_MAX_DEFAULT to same value as on amd64.
mglocker [Wed, 8 Nov 2023 18:59:01 +0000 (18:59 +0000)]
Increase NKMEMPAGES_MAX_DEFAULT to same value as on amd64.

OK deraadt@

11 months agozap a stray space
tb [Wed, 8 Nov 2023 17:07:07 +0000 (17:07 +0000)]
zap a stray space

11 months agoRename os into astr in rsa_alg_set_oaep_padding()
tb [Wed, 8 Nov 2023 16:42:18 +0000 (16:42 +0000)]
Rename os into astr in rsa_alg_set_oaep_padding()

11 months agoRename pkctx to pkey_ctx in rsa_alg_set_oaep_padding() and rsa_cms_encrypt()
tb [Wed, 8 Nov 2023 16:07:59 +0000 (16:07 +0000)]
Rename pkctx to pkey_ctx in rsa_alg_set_oaep_padding() and rsa_cms_encrypt()

11 months agoSome simple cosmetics in rsa_alg_set_oaep_padding()
tb [Wed, 8 Nov 2023 16:05:18 +0000 (16:05 +0000)]
Some simple cosmetics in rsa_alg_set_oaep_padding()

Rename rv into ret and split it on its own line, move labellen a bit down
add some empty lines. To match style elsewhere.

Most of this was requested by jsing

11 months agoSplit OAEP padding handling into a helper function
tb [Wed, 8 Nov 2023 16:02:41 +0000 (16:02 +0000)]
Split OAEP padding handling into a helper function

This matches what is done for PKCS#1 1.5 and PSS. This function needs a
lot of work still, but it's easier to do that without having to tiptoe
around a lot of other garbage.

ok jsing

11 months agolibc, librthread: _twait: fully validate absolute timeout
cheloha [Wed, 8 Nov 2023 15:51:28 +0000 (15:51 +0000)]
libc, librthread: _twait: fully validate absolute timeout

Use timespecisvalid(3) to check both bounds for tv_nsec.

Link: https://marc.info/?l=openbsd-tech&m=169913314230496&w=2
ok miod@

11 months agoAllow Xen to use backing store devices with 4K-byte sectors.
krw [Wed, 8 Nov 2023 12:01:21 +0000 (12:01 +0000)]
Allow Xen to use backing store devices with 4K-byte sectors.

Problem reported and much testing by Christian Kujau. Thanks!

Roughly equivalent to bouyer@NetBSD changes prompted by
Christian.

ok mlarkin@ dlg@

11 months agoremove accidental double space
deraadt [Wed, 8 Nov 2023 11:17:20 +0000 (11:17 +0000)]
remove accidental double space

11 months agopkg_add: sort flags in usage message
caspar [Wed, 8 Nov 2023 09:51:13 +0000 (09:51 +0000)]
pkg_add: sort flags in usage message

OK espie@

11 months agoRFC 7505 ("Null MX") handling
op [Wed, 8 Nov 2023 08:46:34 +0000 (08:46 +0000)]
RFC 7505 ("Null MX") handling

mail delivery will not be attempted if a domain advertises a single MX
record with preference 0 and a zero-length label.

based on an initial diff from Philipp (philipp+openbsd [at] bureaucracy
[dot] de), thanks!

ok jung@

11 months agoMove CMS_RecipientInfo_ktri_get0_algs() down a few lines and fix its
tb [Tue, 7 Nov 2023 22:35:03 +0000 (22:35 +0000)]
Move CMS_RecipientInfo_ktri_get0_algs() down a few lines and fix its
error check

11 months agoMove CMS_RecipientInfo_get0_pkey_ctx() to first use of pkctx
tb [Tue, 7 Nov 2023 22:32:09 +0000 (22:32 +0000)]
Move CMS_RecipientInfo_get0_pkey_ctx() to first use of pkctx

11 months agoFix an error message left out in the mustDecodeHexString() conversion
tb [Tue, 7 Nov 2023 21:22:34 +0000 (21:22 +0000)]
Fix an error message left out in the mustDecodeHexString() conversion

11 months agoPull up the handling of the two webcrypto special snowflakes
tb [Tue, 7 Nov 2023 21:20:48 +0000 (21:20 +0000)]
Pull up the handling of the two webcrypto special snowflakes

12 months agoDrop a useless line and bump copyright years
tb [Tue, 7 Nov 2023 16:56:12 +0000 (16:56 +0000)]
Drop a useless line and bump copyright years

12 months agoUnwrap a few lines
tb [Tue, 7 Nov 2023 16:54:43 +0000 (16:54 +0000)]
Unwrap a few lines

12 months agoWrap hex.DecodeString() into mustDecodeHexString()
tb [Tue, 7 Nov 2023 16:46:12 +0000 (16:46 +0000)]
Wrap hex.DecodeString() into mustDecodeHexString()

The hex decoding is only done from the JSON files provided by the
wycheproof-testvectors package. Failure is always fatal. So there
is no need for repeated error checks, and we can use an ergonomic
wrapper.

Also rework the calculation of the message digest from input data
this had a similar deficit.

All in all this shaves off about 10% of the code and removes a lot
of tedious repetition.

12 months agoUse maps to retrieve various AES variants
tb [Tue, 7 Nov 2023 16:37:02 +0000 (16:37 +0000)]
Use maps to retrieve various AES variants

12 months agoConvert hashEvpMdFromString() to a map
tb [Tue, 7 Nov 2023 16:35:55 +0000 (16:35 +0000)]
Convert hashEvpMdFromString() to a map

12 months agoAdd stringer interfaces to the test groups
tb [Tue, 7 Nov 2023 16:27:56 +0000 (16:27 +0000)]
Add stringer interfaces to the test groups

This simplifies and unifies a lot of error messages.

12 months agoInline rsa_ctx_to_pss_string()
tb [Tue, 7 Nov 2023 16:22:04 +0000 (16:22 +0000)]
Inline rsa_ctx_to_pss_string()

After previous refactoring, rsa_all_set_pss_padding() is the last remaining
caller of the weirdly named and ugly rsa_all_set_pss_padding(). This can be
handled in a few simple lines now that this mess has slightly cleaner code.

12 months agoRename pkctx to pkey_ctx in rsa_{cms,item}_sign()
tb [Tue, 7 Nov 2023 16:12:36 +0000 (16:12 +0000)]
Rename pkctx to pkey_ctx in rsa_{cms,item}_sign()

12 months agoTrivial cleanup in rsa_cms_sign()
tb [Tue, 7 Nov 2023 16:09:13 +0000 (16:09 +0000)]
Trivial cleanup in rsa_cms_sign()

Check and assign the EVP_PKEY_CTX and move the extraction of the algorithm
identifier from the signer info a few lines down.

12 months agoRework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()
tb [Tue, 7 Nov 2023 16:04:12 +0000 (16:04 +0000)]
Rework RSA_PKCS1_PSS_PADDING handling in rsa_item_sign()

The current convoluted mess can be handled with two calls to the new
rsa_alg_set_pss_padding() helper. Not that this would be obvious at
all.

This fixes two more leaks in case of X509_ALGOR_set0() failure.

ok jsing

12 months agoAdd a helper to set RSASSA-PSS padding parameters
tb [Tue, 7 Nov 2023 15:59:29 +0000 (15:59 +0000)]
Add a helper to set RSASSA-PSS padding parameters

This sets the AlgorithmIdentifier's algorithm to id-RSASSA-PSS with
appropriate RSASSA-PSS parameters. This pulls a chunk of code out of
rsa_cms_sign() and rewrites it with proper error checking, thereby
fixing a long-standing leak.

This helper can also be used in rsa_item_sign(), but that part is a
bit special, and will therefore be commmitted separately.

ok jsing

12 months agoAdd a helper to set RSA PKCS #1 v1.5 padding OID
tb [Tue, 7 Nov 2023 15:45:41 +0000 (15:45 +0000)]
Add a helper to set RSA PKCS #1 v1.5 padding OID

This removes a few duplicated and unchecked X509_ALGOR_set0() calls and
factors them into a helper function that sets the AlgorithmIdentifier on
the recipient info or signer info to rsaEncryption with null parameters.

ok jsing

12 months agoiface->auth_key is not a real C string so use strnlen() to define the maximum.
claudio [Tue, 7 Nov 2023 11:29:05 +0000 (11:29 +0000)]
iface->auth_key is not a real C string so use strnlen() to define the maximum.

This fixes the use of 8 char passwords with auth simple.
Reported by Laurent CARON (lcaron at unix-scripts info)
OK tb@

12 months agoRename struct imsgbuf *ibuf to *imsgbuf in all places.
claudio [Tue, 7 Nov 2023 11:18:35 +0000 (11:18 +0000)]
Rename struct imsgbuf *ibuf to *imsgbuf in all places.
ibuf should be reserved for struct ibuf * values.
OK tb@

12 months agoAlter imsg_move() to clear the full imsg buffer instead of just the
claudio [Tue, 7 Nov 2023 11:17:35 +0000 (11:17 +0000)]
Alter imsg_move() to clear the full imsg buffer instead of just the
imsg->data field. This is needed for future imsg API changes.
OK tb@

12 months agocomment out test that no longer makes sense, as noticed by anton
espie [Tue, 7 Nov 2023 07:40:50 +0000 (07:40 +0000)]
comment out test that no longer makes sense, as noticed by anton

12 months agosync
jca [Mon, 6 Nov 2023 21:00:05 +0000 (21:00 +0000)]
sync

12 months agoProvide machine/apmvar.h on riscv64 too
jca [Mon, 6 Nov 2023 20:59:26 +0000 (20:59 +0000)]
Provide machine/apmvar.h on riscv64 too

OpenBSD/riscv64 doesn't provide suspend/resume or battery support yet,
but some ports need this interface at build time, so provide it.

ok phessler@

12 months agoPull everything except the actual run call out of the closure
tb [Mon, 6 Nov 2023 15:21:44 +0000 (15:21 +0000)]
Pull everything except the actual run call out of the closure

The determination of the test group type and the JSON unmarshalling can be
done before the closure without performance impact. This is more readable
and eliminates the need of a temporary variable again.

Suggested by jsing

12 months agoIntroduce testGroupFromAlgorithm()
tb [Mon, 6 Nov 2023 15:17:02 +0000 (15:17 +0000)]
Introduce testGroupFromAlgorithm()

This factors another ugly switch into a helper function. This should
probably become a map eventually, but for now keep things straightforward.

12 months agoAdd a wycheproofTestGroupRunner interface
tb [Mon, 6 Nov 2023 15:14:52 +0000 (15:14 +0000)]
Add a wycheproofTestGroupRunner interface

This allows us to use a simpler way of running the individual test groups
and gets rid of an ugly mostly copy-pasted switch inside a closure.

12 months agoAdd aliases for AES AEAD constructions and ChaCha
tb [Mon, 6 Nov 2023 15:07:57 +0000 (15:07 +0000)]
Add aliases for AES AEAD constructions and ChaCha

These used the wycheproofTestGroupAead type but an upcoming change requires
to change this. Introduce the aliases now to make the next diff cleaner.

12 months agoFix a for loop bug introduced in the concurrency refactor
tb [Mon, 6 Nov 2023 14:50:12 +0000 (14:50 +0000)]
Fix a for loop bug introduced in the concurrency refactor

Due to Go's idiosyncratic semantics of for loops, tests would only run
some of the test groups in the JSON file because by the time the closure
is called, the array index could be changed. For example, on fast 8 core
machines, the CMAC tests would run the last test group with key size 320
eight times rather than each of the eight test groups once.

Make a copy of the pointer before passing it to the closure to avoid this
issue.

Simpler version of my initial fix from jsing

12 months agoUncomment json webcrypto line. Packages will have caught up...
tb [Mon, 6 Nov 2023 14:43:02 +0000 (14:43 +0000)]
Uncomment json webcrypto line. Packages will have caught up...

12 months agoeliminate discrepancies between termcap-generated info and infocmp results
espie [Mon, 6 Nov 2023 13:40:39 +0000 (13:40 +0000)]
eliminate discrepancies between termcap-generated info and infocmp results
(see user_caps(5))
also obviously protects the term name just in case someone wants to have
fun with it..

12 months agoHook up agentx-{Add,Remove}AgentCaps-PDU to appl_{add,remove}agentcaps.
martijn [Mon, 6 Nov 2023 11:04:41 +0000 (11:04 +0000)]
Hook up agentx-{Add,Remove}AgentCaps-PDU to appl_{add,remove}agentcaps.

OK tb@

12 months agoReadd the sysORTable based on the new struct appl_agentcap.
martijn [Mon, 6 Nov 2023 11:02:57 +0000 (11:02 +0000)]
Readd the sysORTable based on the new struct appl_agentcap.

OK tb@

12 months agoAllow agent capabilities to be stored on a per appl_context basis.
martijn [Mon, 6 Nov 2023 11:00:46 +0000 (11:00 +0000)]
Allow agent capabilities to be stored on a per appl_context basis.
This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.

OK tb@

12 months agoAllow appl_internal_object's getnext to be called.
martijn [Mon, 6 Nov 2023 10:58:13 +0000 (10:58 +0000)]
Allow appl_internal_object's getnext to be called.

OK tb@

12 months agoMark a couple of tests as broken, now that the sysORTable is gone/empty.
martijn [Mon, 6 Nov 2023 09:46:04 +0000 (09:46 +0000)]
Mark a couple of tests as broken, now that the sysORTable is gone/empty.
Relying on the live snmpd(8) metrics is brittle and this regress test
should probably move to a custom agent in a similar fashion to the
custom manager from the snmpd(8) regress.

Pointed out by anton@

12 months agoavoid using MCS9 in iwm(4) Tx rate selection if 40 MHz is disabled
stsp [Mon, 6 Nov 2023 08:34:41 +0000 (08:34 +0000)]
avoid using MCS9 in iwm(4) Tx rate selection if 40 MHz is disabled

MCS9 is not valid on 20HMz so we must not use it in 20MHz-only mode.
Fixes firmware panic 0x00002078, which indicates the driver sets a rate
with a bad number of antennas, bad number of Tx streams, or bad bandwidth.

Observed by dlg@ with the miktrotik AP for which iwm(4) firmware requires
our 20MHz-only workaround to interoperate in 11ac mode.

ok dlg@

12 months agoactually, I still need to exit() if infocmp can't be run
espie [Mon, 6 Nov 2023 08:22:59 +0000 (08:22 +0000)]
actually, I still need to exit() if infocmp can't be run

12 months agosystem + exit -> exec
espie [Mon, 6 Nov 2023 08:21:43 +0000 (08:21 +0000)]
system + exit -> exec
as noticed by afresh1@
(this should be all for now)

12 months agosince we're always running info_cmp in the end, remove the whole
espie [Mon, 6 Nov 2023 08:20:51 +0000 (08:20 +0000)]
since we're always running info_cmp in the end, remove the whole
"in case of emergency run info_cmp block" (more efficient: we only
parse the entry we need). Keep the small part that creates a dumb terminal
on VMS, even though we're not running that.

Add an extra state check in the automaton to avoid skipping a tmp_term

12 months agosimplify logic for $entry in the main termcap loop
espie [Mon, 6 Nov 2023 08:14:36 +0000 (08:14 +0000)]
simplify logic for $entry in the main termcap loop

12 months agoalways try to run info_cmp at the end if we haven't got what we wanted
espie [Mon, 6 Nov 2023 08:13:01 +0000 (08:13 +0000)]
always try to run info_cmp at the end if we haven't got what we wanted
This allows terminals with only terminfo capabilities to show up in
Term::Cap (like kitty) !

12 months agosimplify $ENV{TERMCAP} handling: don't bother setting anything if
espie [Mon, 6 Nov 2023 08:11:11 +0000 (08:11 +0000)]
simplify $ENV{TERMCAP} handling: don't bother setting anything if
the variable doesn't exist

12 months agoinstead of a max number of iterations, record terms that have been seen
espie [Mon, 6 Nov 2023 08:08:49 +0000 (08:08 +0000)]
instead of a max number of iterations, record terms that have been seen
in a hash instead.
Side effect: we no longer parse the same tc again and again, leading
to a smaller result with the same capabilities but no duplicates.
(instead of parsing 36 entries for xterm, we end up with 10 entries, as
the "tc=" stuff is actually a tree instead of a list: xterm references
several intermediate tc that all lead to the same basic list !)

12 months agouse modern file open instead of GLOBS
espie [Mon, 6 Nov 2023 08:05:45 +0000 (08:05 +0000)]
use modern file open instead of GLOBS

12 months agoget rid of useless eval
espie [Mon, 6 Nov 2023 08:04:38 +0000 (08:04 +0000)]
get rid of useless eval
use \Q\E to quote stuff around tmp_term, instead of rolling our own
in termpat (get rid of termpat)

12 months agoremove upstream files we don't need
espie [Mon, 6 Nov 2023 07:59:22 +0000 (07:59 +0000)]
remove upstream files we don't need

12 months agoreapply max=64 for now
espie [Mon, 6 Nov 2023 07:58:47 +0000 (07:58 +0000)]
reapply max=64 for now

12 months agoupdate to Term::Cap 1.18, so that we can patch it further
espie [Mon, 6 Nov 2023 07:57:38 +0000 (07:57 +0000)]
update to Term::Cap 1.18, so that we can patch it further
as discussed with afresh1@

12 months agoProvide simpler cpu_number, CPU_INFO_UNIT and CPU_IS_XXX macros in the
miod [Sun, 5 Nov 2023 16:33:50 +0000 (16:33 +0000)]
Provide simpler cpu_number, CPU_INFO_UNIT and CPU_IS_XXX macros in the
non-MULTIPROCESSOR case, as done on all other platforms.

ok deraadt@ kettenis@

12 months agoAdd cdXX.iso to MDEXT, for it to be included in SHA256; reported by `petcat30'
miod [Sun, 5 Nov 2023 16:27:18 +0000 (16:27 +0000)]
Add cdXX.iso to MDEXT, for it to be included in SHA256; reported by `petcat30'
on bugs@.

12 months agocurrent code no longer uses Lst_Replace not Lst_Requeue
espie [Sun, 5 Nov 2023 11:22:59 +0000 (11:22 +0000)]
current code no longer uses Lst_Replace not Lst_Requeue
so don't bother compiling them.

12 months agofix bad path allocation in makeinfo
op [Sun, 5 Nov 2023 07:39:16 +0000 (07:39 +0000)]
fix bad path allocation in makeinfo

In one branch of the image handling, the wrong malloc() call was
copied-pasted making the allocation possibly smaller than needed.
Spotted while building the gcc11 port, libgccjit.info exercise that
branch and the write out of bounds was discovered by malloc().

Convert the malloc + strlcpy/cat dance to an asprintf, and while here
also fix the leak of the two paths.

ok tb@

12 months agoUse proper length in session_newmsg() for the RFC9072 case.
claudio [Sat, 4 Nov 2023 11:17:51 +0000 (11:17 +0000)]
Use proper length in session_newmsg() for the RFC9072 case.

Right now OpenBGPD can not produce so many capabilities that this
case is reached but still better to fix it now.
OK tb@

12 months agoKNF plus fixed a few signed vs unsigned compares (that we actually
otto [Sat, 4 Nov 2023 11:02:35 +0000 (11:02 +0000)]
KNF plus fixed a few signed vs unsigned compares (that we actually
not real problems)

12 months agoWith the move of SNMPv2-SMI::snmpV2 into application_internal.c, it's no
martijn [Sat, 4 Nov 2023 09:42:17 +0000 (09:42 +0000)]
With the move of SNMPv2-SMI::snmpV2 into application_internal.c, it's no
longer possible to register objects underneath this region. This
effectively made a few snmp(1) regress tests unusable, which essentially
don't belong here. Simply remove these tests.

12 months agoMove SNMPv2-MIB::system from mib.c into the new application_internal.c.
martijn [Sat, 4 Nov 2023 09:38:47 +0000 (09:38 +0000)]
Move SNMPv2-MIB::system from mib.c into the new application_internal.c.
This was the last consumer of mib.c, so send it to the great bitbucket
in the sky.

This move removes the sysORTable, but it was basically non-functioning
anyway and removal of previous entries from the table didn't caused
any fallout that reached my ears.
I hope to add proper sysORTable/agent-capabilities support, which
is compatible with AgentX's {Add,Remove}AgentCaps, soon.

OK tb@