openbsd
2 years agoRevert accidental commit
tb [Mon, 18 Jul 2022 09:17:44 +0000 (09:17 +0000)]
Revert accidental commit

2 years agoAdd comments to explain the magic numbers 57 and 58
tb [Mon, 18 Jul 2022 09:15:08 +0000 (09:15 +0000)]
Add comments to explain the magic numbers 57 and 58

2 years agoAvoid sending the QUIC transport parameters extension now that we
tb [Mon, 18 Jul 2022 08:36:47 +0000 (08:36 +0000)]
Avoid sending the QUIC transport parameters extension now that we
send an unsupported extension alert.

Noted by anton

2 years agothe domainname is under root control, but because we are producing a path
deraadt [Mon, 18 Jul 2022 04:42:37 +0000 (04:42 +0000)]
the domainname is under root control, but because we are producing a path
inside ypconnect(), it is best if we prevent "../" problems.  so reject
domainnames containing '/.
discussed with jca

2 years agoFor opening up the bindings file in ypconnect(2), bail out early
deraadt [Mon, 18 Jul 2022 03:02:05 +0000 (03:02 +0000)]
For opening up the bindings file in ypconnect(2), bail out early
if chrooted
issue pointed out by semarie

2 years agoypbinding should not be intrude to application namespace.
deraadt [Mon, 18 Jul 2022 02:32:11 +0000 (02:32 +0000)]
ypbinding should not be intrude to application namespace.
spotted by guenther

2 years agouse same way of reporting error as yp_bind.c
deraadt [Mon, 18 Jul 2022 02:31:19 +0000 (02:31 +0000)]
use same way of reporting error as yp_bind.c
Though really, should we be splatting to stdout/stderr?  The mysteries
of ancient code...

2 years agoHandle X509_check_purpose(3) and EVP_get_digestbyobj(3)
kn [Sun, 17 Jul 2022 19:40:38 +0000 (19:40 +0000)]
Handle X509_check_purpose(3) and EVP_get_digestbyobj(3)

OK tb

2 years agoRevert the changes made in rev 1.82. It is important to use pmap_enter(9)
kettenis [Sun, 17 Jul 2022 17:59:35 +0000 (17:59 +0000)]
Revert the changes made in rev 1.82.  It is important to use pmap_enter(9)
and pmap_remove(9) here since we're dealing with managed pages here.  Found
out the hard way by deraadt@ on landisk where we're running into issues
with virtual cache aliases because multiple mappings exist for the
pages we're dealing with here.  The pmap_enter(9) and pmap_remove(9)
functions handle conflicting cache aliases, whereas pmap_map_direct(9) and
pmap_kenter_pa(9) assume that the pages is exclusively mapped in the kernel
pmap.

ok deraadt@

2 years agoAdd initial support for ESSCertIDv2 verification
kn [Sun, 17 Jul 2022 17:00:44 +0000 (17:00 +0000)]
Add initial support for ESSCertIDv2 verification

Based on OpenSSL commit f0ef20bf386b5c37ba5a4ce5c1de9a819bbeffb2
"Added support for ESSCertIDv2".

This makes TS validation work in the new security/libdigidocpp port.

Input OK tb

2 years agoDisable TLSv1.3 middlebox compatibility mode for QUIC connections.
jsing [Sun, 17 Jul 2022 15:51:06 +0000 (15:51 +0000)]
Disable TLSv1.3 middlebox compatibility mode for QUIC connections.

This is required by RFC 9001.

ok tb@

2 years agoPass SSL pointer to tls13_ctx_new().
jsing [Sun, 17 Jul 2022 15:49:20 +0000 (15:49 +0000)]
Pass SSL pointer to tls13_ctx_new().

struct tls13_ctx already knows about SSL's and this way tls13_ctx_new() can
set up various pointers, rather than duplicating this in
tls13_legacy_accept() and tls13_legacy_connect().

ok tb@

2 years agoRevise regress for QUIC transport parameters TLS extension.
jsing [Sun, 17 Jul 2022 14:57:05 +0000 (14:57 +0000)]
Revise regress for QUIC transport parameters TLS extension.

2 years agoCorrect handling of QUIC transport parameters extension.
jsing [Sun, 17 Jul 2022 14:54:10 +0000 (14:54 +0000)]
Correct handling of QUIC transport parameters extension.

Remove duplicate U16 length prefix, since tlsext_build() already adds this
for us. Condition on SSL_is_quic() rather than TLS version - RFC 9001 is
clear that this extension is only permitted on QUIC transport and an
fatal unsupported extension alert is required if used elsewhere.
Additionally, at the point where extensions are parsed, we do not
necessarily know what TLS version has been negotiated.

ok beck@ tb@

2 years agoProvide SSL_is_quic()
jsing [Sun, 17 Jul 2022 14:49:01 +0000 (14:49 +0000)]
Provide SSL_is_quic()

This function will allow code to know if the SSL connection is configured
for use with QUIC or not. Also move existing SSL_.*quic.* functions under
LIBRESSL_HAS_QUIC to prevent exposing them prematurely.

ok beck@ tb@

2 years agoCorrect TLSEXT_TYPE_quic_transport_parameters message types.
jsing [Sun, 17 Jul 2022 14:41:27 +0000 (14:41 +0000)]
Correct TLSEXT_TYPE_quic_transport_parameters message types.

Per RFC 9001, TLSEXT_TYPE_quic_transport_parameters may only appear in
ClientHello and EncryptedExtensions (not ServerHello).

ok beck@ tb@

2 years agoCorrect value for TLSEXT_TYPE_quic_transport_parameters
jsing [Sun, 17 Jul 2022 14:39:09 +0000 (14:39 +0000)]
Correct value for TLSEXT_TYPE_quic_transport_parameters

Use the correct value for TLSEXT_TYPE_quic_transport_parameters according
to RFC 9001 section 8.2. Also move the define under LIBRESSL_HAS_QUIC to
avoid things finding it prematurely.

ok beck@ tb@

2 years agoModernize and cleanse fdisk.8, making it more concise and
krw [Sun, 17 Jul 2022 12:53:19 +0000 (12:53 +0000)]
Modernize and cleanse fdisk.8, making it more concise and
aligned with the code. Tweak usage() to stay in step.

Usual cogent feedback, tweaks and ok jmc@

2 years agoinfromation -> information
jsg [Sun, 17 Jul 2022 10:32:45 +0000 (10:32 +0000)]
infromation -> information

2 years agoadd section to mmap Xr
jsg [Sun, 17 Jul 2022 09:53:40 +0000 (09:53 +0000)]
add section to mmap Xr

2 years agosync with arm64.html
jsg [Sun, 17 Jul 2022 09:14:26 +0000 (09:14 +0000)]
sync with arm64.html

2 years agoAESCGM -> AESGCM
jsg [Sun, 17 Jul 2022 08:51:07 +0000 (08:51 +0000)]
AESCGM -> AESGCM

2 years agoorder sysctl(2) Xr by section
jsg [Sun, 17 Jul 2022 08:33:01 +0000 (08:33 +0000)]
order sysctl(2) Xr by section
missed when sysctl(3) references were changed to sysctl(2)

2 years agoampiic -> apliic
jsg [Sun, 17 Jul 2022 07:08:03 +0000 (07:08 +0000)]
ampiic -> apliic

2 years agofix a macro, and "new sentence, new line";
jmc [Sun, 17 Jul 2022 05:48:26 +0000 (05:48 +0000)]
fix a macro, and "new sentence, new line";

2 years agobackout last step: the path checks are too strong until everyone has a
deraadt [Sun, 17 Jul 2022 04:29:37 +0000 (04:29 +0000)]
backout last step: the path checks are too strong until everyone has a
new libc..

2 years agosync
deraadt [Sun, 17 Jul 2022 03:17:54 +0000 (03:17 +0000)]
sync

2 years ago/var/run/ypbind.lock doesn't need to be forcefully removed
deraadt [Sun, 17 Jul 2022 03:17:37 +0000 (03:17 +0000)]
/var/run/ypbind.lock doesn't need to be forcefully removed
ok aja

2 years agothe PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away. libc
deraadt [Sun, 17 Jul 2022 03:17:00 +0000 (03:17 +0000)]
the PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away.  libc
no longer does accesses /var/run/ypbind.lock to trigger extra permissions
for userland-opening of files & sockets to engage with ypserver for YP/LDAP
lookups.  libc now uses the super secret special ypconnect() system call
to perform socket-setup.
Delete some other things which are no longer reached via libc/rpc
ok jmatthew, miod

2 years agoDelete mention of the old /var/run/ypbind.lock hack.
deraadt [Sun, 17 Jul 2022 03:12:55 +0000 (03:12 +0000)]
Delete mention of the old /var/run/ypbind.lock hack.

2 years ago/var/run/ypbind.lock doesn't need to be created with an advisory lock anymore,
deraadt [Sun, 17 Jul 2022 03:12:20 +0000 (03:12 +0000)]
/var/run/ypbind.lock doesn't need to be created with an advisory lock anymore,
because libc & pledge() doesn't care.
libc now calls ypconnect(), which still cares about the advisory lock on
/var/yp/bindings/$domain.2, so that code remains.
ok jmatthew miod

2 years agosince yp_bind() and yp_all() don't use open, fstat, read, socket, and other
deraadt [Sun, 17 Jul 2022 03:10:47 +0000 (03:10 +0000)]
since yp_bind() and yp_all() don't use open, fstat, read, socket, and other
rich system calls to perform YP/LDAP lookups, there is no need to access()
/var/run/ypbind.lock to "hint" to pledge that it should open up those system
calls.
ok jmatthew, miod

2 years agoRather than opening the binding file, checking for advisory lock, reading a
deraadt [Sun, 17 Jul 2022 03:08:58 +0000 (03:08 +0000)]
Rather than opening the binding file, checking for advisory lock, reading a
piece of it for the address, opening a socket, and providing the address to
the RPC clnt layer.. do all these steps with the magic system call ypconnect(2)
which performs these steps without other system calls, and provides a socket
which is not readily abuseable for other purposes.
ok jmatthew, miod

2 years agoAdd ypconnect(2) stub inside libc so that libc functions can use it,
deraadt [Sun, 17 Jul 2022 03:04:27 +0000 (03:04 +0000)]
Add ypconnect(2) stub inside libc so that libc functions can use it,
but do not export it.

2 years agoadd ypconnect(2) manual page
deraadt [Sun, 17 Jul 2022 03:01:22 +0000 (03:01 +0000)]
add ypconnect(2) manual page

2 years agoAdd ESSCertIDv2 stack macros
kn [Sat, 16 Jul 2022 19:11:51 +0000 (19:11 +0000)]
Add ESSCertIDv2 stack macros

Copy existing ESSCertID macros and s/_ID/&_V2/g.

Guard the new code under LIBRESSL_INTERNAL to defer visibility.

OK tb

2 years agoAdd ESSCertIDv2 ASN.1 boilerplate
kn [Sat, 16 Jul 2022 18:36:36 +0000 (18:36 +0000)]
Add ESSCertIDv2 ASN.1 boilerplate

Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).

ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
    Adding CertID Algorithm Agility

ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
        ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
        ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
        ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)

ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)

IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)

Feedback OK tb

2 years agoAdd NID for signingCertificateV2
kn [Sat, 16 Jul 2022 17:30:33 +0000 (17:30 +0000)]
Add NID for signingCertificateV2

https://oidref.com/1.2.840.113549.1.9.16.2.47

OK tb

2 years agoAvoid direct X509 structure access
kn [Sat, 16 Jul 2022 16:42:58 +0000 (16:42 +0000)]
Avoid direct X509 structure access

Cherry-picked from OpenSSL commit a8d8e06b0ac06c421fd11cc1772126dcb98f79ae.
This reduces upcoming TS changes.

OK jsing tb

2 years agoTo fix an KASSERT(la != NULL) panic in ARP, protect the rt_llinfo
bluhm [Sat, 16 Jul 2022 15:25:30 +0000 (15:25 +0000)]
To fix an KASSERT(la != NULL) panic in ARP, protect the rt_llinfo
field of the route with a mutex.  Keep rt_llinfo not NULL consistent
with RTF_LLINFO flag is set.  Also do not put the mutex in the fast
path.
OK mpi@

2 years agoZap duplicate ERR_load_TS_strings() prototype
kn [Sat, 16 Jul 2022 15:02:29 +0000 (15:02 +0000)]
Zap duplicate ERR_load_TS_strings() prototype

It's defined again (more appropiately) further down above the error codes.

OK jsing tb

2 years agoFix IPIs on systems with multiple clusters where the CPU interface
kettenis [Sat, 16 Jul 2022 12:07:55 +0000 (12:07 +0000)]
Fix IPIs on systems with multiple clusters where the CPU interface
numbers don't necessarily match the CPU numbers used by our kernel.

Seen on an Amlogic S922X SoC where cluster 0 consists of two Cortex-A53
cores and cluster 1 consists of four Cortes-A73 cores.

ok anton@

2 years agoFix previous commit. We need to enable the new "halt" IPI on all the CPUs
kettenis [Sat, 16 Jul 2022 12:02:28 +0000 (12:02 +0000)]
Fix previous commit.  We need to enable the new "halt" IPI on all the CPUs
like we do for the other ones.  If we don't, the IPI won't arrive and we'll
hang for ever when we try to suspend.

ok patrick@

2 years agoAdd support for using the power button to wake up from suspend.
kettenis [Sat, 16 Jul 2022 11:26:13 +0000 (11:26 +0000)]
Add support for using the power button to wake up from suspend.

ok anton@

2 years agoBump libsndio pkg-config version to 1.9.0
ratchov [Sat, 16 Jul 2022 09:49:46 +0000 (09:49 +0000)]
Bump libsndio pkg-config version to 1.9.0

2 years agoRevert previous. The added includes were already there. Duh.
tb [Sat, 16 Jul 2022 07:46:08 +0000 (07:46 +0000)]
Revert previous. The added includes were already there. Duh.

2 years agoIntroduce fine grained pipex(4) locking. Use per-session `pxs_mtx'
mvs [Fri, 15 Jul 2022 22:56:13 +0000 (22:56 +0000)]
Introduce fine grained pipex(4) locking. Use per-session `pxs_mtx'
mutex(9) to protect session context. Except MPPE encryption, PPPOE
sessions are mostly immutable, so no lock required for that case.

Global pipex(4) data is already protected by `pipex_list_mtx' mutex(9),
so pipex(4) doesn't rely on netlock anymore.

Recursion was removed from pipex_mppe_input() and pipex_mppe_output().

ok bluhm@

2 years agofix typos in previous
deraadt [Fri, 15 Jul 2022 19:29:27 +0000 (19:29 +0000)]
fix typos in previous

2 years agoImplement support for framebuffers that don't start on a page boundary.
kettenis [Fri, 15 Jul 2022 17:57:25 +0000 (17:57 +0000)]
Implement support for framebuffers that don't start on a page boundary.
This happens on the new 14" and 16" Macbook Pro where we deliberately use
a framebuffer that skips the first few lines to avoid "the notch".
The offset of the first pixel is added to struct wsdisplay_fbinfo.  The
stride is added as well, mirroring the value returned by the
WSDISPLAYIO_LINEBYTES ioctl, such that we can retire that one in the
future.  A compat ioctl is implemented to help the transition.  The compat
code will be removed after OpenBSD 7.3 has been released.

ok miod@

2 years agoAdd a new clnt*_control CLSET_CONNECTED, which says the socket has already
deraadt [Fri, 15 Jul 2022 17:33:28 +0000 (17:33 +0000)]
Add a new clnt*_control CLSET_CONNECTED, which says the socket has already
been connected.  In the udp case, this means to use send(), not sendto()
ok jmatthew, claudio, miod

2 years agoAllow ypconnect() in "getpw"
deraadt [Fri, 15 Jul 2022 17:25:18 +0000 (17:25 +0000)]
Allow ypconnect() in "getpw"
Annotate two blocks relating to ypbind.lock that will be deleted once libc
switches over to the new mechanism.

2 years agosync
deraadt [Fri, 15 Jul 2022 17:20:54 +0000 (17:20 +0000)]
sync

2 years agopledge "getpw" would notice access to /var/run/ypbind.lock, and grant "inet"
deraadt [Fri, 15 Jul 2022 17:20:24 +0000 (17:20 +0000)]
pledge "getpw" would notice access to /var/run/ypbind.lock, and grant "inet"
rights, so that libc/yp could access YP services via a fairly complex 'protocol'
including file access, sockets, etc.  This YP protocol is also used by ypldap --
this is our way of bringing 'NIS' services into libc without monster sub-libraries.
I have managed to remove this "inet" right by creating a new ypconnect() system
call, which performs parts of the yp_bind.c dance inside the kernel..  It checks if
domainname is set, looks for a binding file with advisory lock, reads it to
get the IP and udp/tcp port numbers, and then establishes a connnected socket
direct to that ypserv.  This socket has a SS_YP flag set, and non-required system
calls are prohibited. libc maintains lifetime on this socket so a process
should never see it, but it seems safer to block udp re-connect and other calls
even in non-pledge mode.
Userland changes to use this will follow in a few days.
Lots of help from claudio and jmatthew, also ok miod

2 years agoUse db_rint() to make it possible to enter ddb(4) by typing ESC D.
kettenis [Fri, 15 Jul 2022 17:14:49 +0000 (17:14 +0000)]
Use db_rint() to make it possible to enter ddb(4) by typing ESC D.

ok jca@, miod@

2 years agoOnce a ypserv is discovered we know the remote UDP port number, but not
deraadt [Fri, 15 Jul 2022 16:59:49 +0000 (16:59 +0000)]
Once a ypserv is discovered we know the remote UDP port number, but not
the TCP port number.  Immediately reach out (syncronously via pmap_getport,
to ask the portmap on the ypserv machine) to learn the TCP port number.
Append this as 2 bytes (network byte order) to the binding file, because
an upcoming change will require this information also.
with jmatthew, also ok claudio miod

2 years agoMissing xhcivar.h bit that should have gone with xhci.c r1.125
tb [Fri, 15 Jul 2022 13:08:23 +0000 (13:08 +0000)]
Missing xhcivar.h bit that should have gone with xhci.c r1.125

From kettenis, spotted by krw

2 years agoUse a separate varaible to signal a "dead" controller (that has disappeared
kettenis [Fri, 15 Jul 2022 07:52:06 +0000 (07:52 +0000)]
Use a separate varaible to signal a "dead" controller (that has disappeared
from the bus, probably because of hot(un)plugging it).  This makes sure
that we still ack interrupts that arrive while the controller is "dying"
(when we go down into suspend or if an unrecoverable hardware error
occurs).  Fixes an interrupt storm when we suspend on Amlogic arm64 boards.

ok deraadt@

2 years agoExpand the comment explaining the for loop with bn_lucas_step() a bit.
tb [Fri, 15 Jul 2022 06:19:27 +0000 (06:19 +0000)]
Expand the comment explaining the for loop with bn_lucas_step() a bit.

2 years agoComment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()
tb [Fri, 15 Jul 2022 06:14:17 +0000 (06:14 +0000)]
Comment for factorization of n - 1 = k * 2^s in bn_miller_rabin_base_2()

2 years agoRename is_perfect_square to out_perfect in prototype to match
tb [Fri, 15 Jul 2022 06:10:00 +0000 (06:10 +0000)]
Rename is_perfect_square to out_perfect in prototype to match
the code in bn_isqrt.c.

2 years agoAdd sxirintc(4), a driver for the "wake up" interrupt controller found
kettenis [Thu, 14 Jul 2022 19:06:29 +0000 (19:06 +0000)]
Add sxirintc(4), a driver for the "wake up" interrupt controller found
on various Allwinner SoCs.

ok anton@

2 years agoWhen the autoconf flag flaps around we might end up with multiple bpf
florian [Thu, 14 Jul 2022 15:23:09 +0000 (15:23 +0000)]
When the autoconf flag flaps around we might end up with multiple bpf
FDs in flight. Things then get confusing. The kernel tells us we can
read from the bpf FD but the data is actually "on the other FD", so
read(2) returns 0.

Found the hard way by, and patiently debugged with weerd@

One way to trigger this is booting a vmm VM where dhcpleased(8)'s
init_ifaces() loses a race against netstart(8). init_ifaces() would
already see the autoconf flag and request a bpf FD.
But then it would receive a RTM_IFINFO message without the autoconf flag
set from when the interface came up. Then it will see another RTM_IFINFO
message with the autoconf flag set and request yet another bpf FD. If
the first bpf FD had not arrived yet we ended up with two in the frontend
process.

While here make sure a bpf FD has been received for an iface before
trying to close(2) it.

tweak & OK dv

2 years agoZap trailing whitespace
tb [Thu, 14 Jul 2022 14:49:09 +0000 (14:49 +0000)]
Zap trailing whitespace

2 years agoUse capital letters for global ipsec(4) locks description. Use 'D'
mvs [Thu, 14 Jul 2022 13:52:10 +0000 (13:52 +0000)]
Use capital letters for global ipsec(4) locks description. Use 'D'
instead of 's' for `tdb_sadb_mtx' mutex(9) because this is 'D'atabase.

No functional changes.

ok bluhm@

2 years agoProtect all writers to ifm_cur with a mutex. ifmedia_match() does
bluhm [Thu, 14 Jul 2022 13:46:24 +0000 (13:46 +0000)]
Protect all writers to ifm_cur with a mutex.  ifmedia_match() does
not return any pointers without lock anymore.
OK mvs@ mbuhl@

2 years agoFix JSON output in filemode for TALs
job [Thu, 14 Jul 2022 13:24:56 +0000 (13:24 +0000)]
Fix JSON output in filemode for TALs

OK claudio@

2 years agoMore IPv6 scope_id fixes, now hopefully scope_id should be handled
claudio [Thu, 14 Jul 2022 12:56:37 +0000 (12:56 +0000)]
More IPv6 scope_id fixes, now hopefully scope_id should be handled
correctly in kroute.c
OK tb@

2 years agoTurn pppoe(4) back to kernel lock. We can't predict netlock state within
mvs [Thu, 14 Jul 2022 11:03:15 +0000 (11:03 +0000)]
Turn pppoe(4) back to kernel lock. We can't predict netlock state within
pppoe_start(), so we can't use it for pppoe(4) data protection. Except
input path, pppoe(4) always accessed with kernel lock held, so grab it
around pppoeintr() too.

Interfaces should not use netlock for their data protection. They should
rely on kernel lock or implement their own.

ok bluhm@ bket@

2 years agoReplace tabs by spaces after "#define". No functional changes, just
mvs [Thu, 14 Jul 2022 10:52:21 +0000 (10:52 +0000)]
Replace tabs by spaces after "#define". No functional changes, just
prevent future diffs to be ugly.

ok bluhm@

2 years agoTime to bump version
claudio [Thu, 14 Jul 2022 09:16:09 +0000 (09:16 +0000)]
Time to bump version

2 years agoSuppress output of the deprecated -tls1 option in usage() and help
tb [Thu, 14 Jul 2022 08:37:17 +0000 (08:37 +0000)]
Suppress output of the deprecated -tls1 option in usage() and help
output. The option wasn't documented in the manpage.

pointed out by jsing

2 years agoSwitch to using TLS_client_method()
tb [Thu, 14 Jul 2022 08:35:15 +0000 (08:35 +0000)]
Switch to using TLS_client_method()

Apparently, TLSv1_client_method() is used for historical reasons.
This behavior is no longer helpful if we want to know what ciphers
a TLS connection could use. This could change again after further
investigation of what the behavior should be...

ok beck jsing

2 years agoOnly run the client connection test with supported ciphers. Avoids test
tb [Thu, 14 Jul 2022 08:33:31 +0000 (08:33 +0000)]
Only run the client connection test with supported ciphers. Avoids test
breakage also noted by anton.

2 years agoDocument openssl ciphers -s
tb [Thu, 14 Jul 2022 08:08:26 +0000 (08:08 +0000)]
Document openssl ciphers -s

ok beck jsing

2 years agoAdd -s option to openssl ciphers
tb [Thu, 14 Jul 2022 08:07:54 +0000 (08:07 +0000)]
Add -s option to openssl ciphers

With this option, the command only shows the ciphers supported by the
SSL method.

ok beck jsing

2 years agosync
deraadt [Thu, 14 Jul 2022 03:07:33 +0000 (03:07 +0000)]
sync

2 years agoadd .Xr links to SSL_CTX_set_security_level(3)
schwarze [Wed, 13 Jul 2022 22:05:53 +0000 (22:05 +0000)]
add .Xr links to SSL_CTX_set_security_level(3)

2 years agoadd a few .Xr links to new manual pages
schwarze [Wed, 13 Jul 2022 21:51:35 +0000 (21:51 +0000)]
add a few .Xr links to new manual pages

2 years agoIn dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).
schwarze [Wed, 13 Jul 2022 21:44:23 +0000 (21:44 +0000)]
In dsa.h rev. 1.34 (14 Jan 2022), tb@ provided DSA_bits(3).
Document it from scratch.

While here, merge a few details from the OpenSSL 1.1.1 branch, which
is still under a free license, into the documentation of DSA_size(3).

2 years agoIn x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)
schwarze [Wed, 13 Jul 2022 21:17:03 +0000 (21:17 +0000)]
In x509_vfy.h rev. 1.54, tb@ provided X509_VERIFY_PARAM_get_time(3)
and X509_VERIFY_PARAM_set_auth_level(3).  Document them.
For the latter, i included a few sentences from the OpenSSL 1.1.1
branch, which is still under a free license.

2 years agolink three new manual pages to the build
schwarze [Wed, 13 Jul 2022 20:54:39 +0000 (20:54 +0000)]
link three new manual pages to the build

2 years agoStart documenting our new pet octopus, SSL_CTX_set_security_level(3).
schwarze [Wed, 13 Jul 2022 20:52:36 +0000 (20:52 +0000)]
Start documenting our new pet octopus, SSL_CTX_set_security_level(3).
Or should we call it a centipede?

Feedback and OK on a previous version from jsing@
and from our chief myriapodologist, tb@.

2 years agoCast int64_t to uint64_t before negating.
jsing [Wed, 13 Jul 2022 20:07:44 +0000 (20:07 +0000)]
Cast int64_t to uint64_t before negating.

Avoid undefined behaviour/integer overflow by casting an int64_t to
uint64_t before negating.

Fixes oss-fuzz #49043

ok tb@

2 years agoWrite documentation for EVP_PKEY_check(3), EVP_PKEY_public_check(3),
schwarze [Wed, 13 Jul 2022 19:10:40 +0000 (19:10 +0000)]
Write documentation for EVP_PKEY_check(3), EVP_PKEY_public_check(3),
EVP_PKEY_param_check(3), and EVP_PKEY_security_bits(3) from scratch.

Move the documentation of EVP_PKEY_size(3) and EVP_PKEY_bits(3)
to the new manual page EVP_PKEY_size(3).

Merge the documentation of the related function pointers
from the OpenSSL 1.1.1 branch, which is still under a free license.

OK tb@ on the new page EVP_PKEY_size(3).

2 years agoSimplify computation of max_pub_key = dh->p - 1.
tb [Wed, 13 Jul 2022 18:38:20 +0000 (18:38 +0000)]
Simplify computation of max_pub_key = dh->p - 1.

ok jsing

2 years agoNew manual page written from scratch;
schwarze [Wed, 13 Jul 2022 17:32:16 +0000 (17:32 +0000)]
New manual page written from scratch;
tb@ recently added these functions to libcrypto
and also provided feedback on my first draft of this page.

2 years agoRemove #ifndef around the definition of OPENSSL_TLS_SECURITY_LEVEL.
tb [Wed, 13 Jul 2022 14:28:09 +0000 (14:28 +0000)]
Remove #ifndef around the definition of OPENSSL_TLS_SECURITY_LEVEL.
We do not intend to make this a compile-time option.

Reminded by schwarze who asked about it

ok jsing

2 years agoOn May 4 14:19:08 2006 UTC, while fixing a security issue, djm@
schwarze [Wed, 13 Jul 2022 13:47:59 +0000 (13:47 +0000)]
On May 4 14:19:08 2006 UTC, while fixing a security issue, djm@
provided the new public function DH_check_pub_key(3) in <openssl/dh.h>.
Sorry for being a bit tardy in documenting the new function.
Then again, OpenSSL doesn't document it either, yet.

While here, drop a HISTORY entry about a constant that
was renamed in OpenSSL 0.9.5.  That's no longer relevant.

2 years agoFix apmd_flags example.
ajacoutot [Wed, 13 Jul 2022 13:36:12 +0000 (13:36 +0000)]
Fix apmd_flags example.

2 years agoDo not make tables static so we can access them from regress.
tb [Wed, 13 Jul 2022 11:20:00 +0000 (11:20 +0000)]
Do not make tables static so we can access them from regress.

2 years agoRevert BUILD_LLDB use, don't push manual repair on all people building from source
jca [Wed, 13 Jul 2022 10:20:18 +0000 (10:20 +0000)]
Revert BUILD_LLDB use, don't push manual repair on all people building from source

Pointed out by sthen@

While make build indeed takes care of running make install in share/mk,
running make obj first would error out when encountering the unknown
BUILD_LLDB variable.  I can wait a few days before committing this again.

2 years agoImplement the fundamentals for suspend/resume on arm64. This uses PSCI
kettenis [Wed, 13 Jul 2022 09:28:18 +0000 (09:28 +0000)]
Implement the fundamentals for suspend/resume on arm64.  This uses PSCI
to turn off the secondary CPUs and suspend the primary CPU using the
CPU_OFF and SYSTEM_SUSPEND calls.  A new "halt" IPI is added to turn off
the ssecondary CPUs.  This IPI is implemented for the ampintc(4) and
agintc(4) interrupt controllers.  Fulle suspend/resume support is only
implemented for ampintc(4).  This is enough to suspend and resume boards
based on the Allwinner A64 SoC, provided the necessary wakeup interrupts
have been set up (not part of this commit).

ok patrick@

2 years agoEnable Wycheproof primality tests.
tb [Wed, 13 Jul 2022 06:40:24 +0000 (06:40 +0000)]
Enable Wycheproof primality tests.

2 years agoEnable BPSW primality test.
tb [Wed, 13 Jul 2022 06:38:02 +0000 (06:38 +0000)]
Enable BPSW primality test.

ok jsing

2 years agoHook BPSW into BN_is_prime_fasttest_ex()
tb [Wed, 13 Jul 2022 06:36:08 +0000 (06:36 +0000)]
Hook BPSW into BN_is_prime_fasttest_ex()

ok jsing

2 years agoLink bn_bpsw.c to build
tb [Wed, 13 Jul 2022 06:32:54 +0000 (06:32 +0000)]
Link bn_bpsw.c to build

ok jsing

2 years agoImplement the Baillie-PSW primality test
tb [Wed, 13 Jul 2022 06:32:15 +0000 (06:32 +0000)]
Implement the Baillie-PSW primality test

It has long been known that pure Miller-Rabin primality tests are
insufficient. "Prime and Prejudice: Primality Testing Under Adversarial
Conditions" https://eprint.iacr.org/2018/749 points out severe flaws
in many widely used libraries. In particular, they exhibited a method to
generate 2048-bit composites that bypass the default OpenSSL (and hence
LibreSSL) primality test with a probability of 1/16 (!).

As a remedy, the authors recommend switching to using BPSW wherever
possible. This possibility has always been there, but someone had to
sit down and actually implement a properly licensed piece of code.

Fortunately, espie suggested to Martin Grenouilloux to do precisely this
after asking us whether we would be interested. Of course we were!
After a good first implementation from Martin and a lot of back and
forth, we came up with the present version.

This implementation is ~50% slower than the current default Miller-Rabin
test, but that is a small price to pay given the improvements.

Thanks to Martin Grenouilloux <martin.grenouilloux () lse ! epita ! fr>
for this awesome work, to espie without whom it wouldn't have happened,
and to djm for pointing us at this problem a long time back.

ok jsing

2 years agoLink bn_isqrt.c to build
tb [Wed, 13 Jul 2022 06:28:58 +0000 (06:28 +0000)]
Link bn_isqrt.c to build

ok jsing

2 years agoInteger square root and perfect square test
tb [Wed, 13 Jul 2022 06:28:22 +0000 (06:28 +0000)]
Integer square root and perfect square test

This adds an implementation of the integer square root using a variant
of Newton's method with adaptive precision. The implementation is based
on a pure Python description of cpython's math.isqrt(). This algorithm
is proven to be correct with a tricky but very neat loop invariant:
https://github.com/mdickinson/snippets/blob/master/proofs/isqrt/src/isqrt.lean

Using this algorithm instead of Newton method, implement Algorithm 1.7.3
(square test) from H. Cohen, "A course in computational algebraic number
theory" to detect perfect squares.

ok jsing

2 years agodrm/i915: Fix a race between vma / object destruction and unbinding
jsg [Wed, 13 Jul 2022 03:56:21 +0000 (03:56 +0000)]
drm/i915: Fix a race between vma / object destruction and unbinding

From Thomas Hellstrom
51a405dea0ae54330b6441c5f7c3bb9ceadedce8 in linux 5.15.y/5.15.54
bc1922e5d349db4be14c55513102c024c2ae8a50 in mainline linux