jsg [Sun, 30 Apr 2023 23:46:52 +0000 (23:46 +0000)]
avoid use after free
ok florian@
jsg [Sun, 30 Apr 2023 23:40:12 +0000 (23:40 +0000)]
regen
jsg [Sun, 30 Apr 2023 23:38:52 +0000 (23:38 +0000)]
add Ryzen 7040 "Phoenix" APU device id
spotted in notebookcheck review of
Asus ROG Zephyrus G14 (2023) GA402XY, Ryzen 9 7940HS (Radeon 780M)
djm [Sun, 30 Apr 2023 22:54:22 +0000 (22:54 +0000)]
adjust ftruncate() logic to handle servers that reorder requests.
sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.
Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@
prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-
110679778
krw [Sun, 30 Apr 2023 22:44:18 +0000 (22:44 +0000)]
FSSIZE was not updated when 'fakeramdisk' was enlarged from 5760
blocks to 6080 blocks with etc.alpha/disktab r1.24.
Noticed by deraadt@
krw [Sun, 30 Apr 2023 22:28:27 +0000 (22:28 +0000)]
Fix typo in MRDISKTYPE.
'rdroot' (size 10,240 blocks) is not the same as 'rdboot' (size
2,048 blocks).
Noticed by deraadt@
tb [Sun, 30 Apr 2023 21:31:16 +0000 (21:31 +0000)]
x509_asn1: make this test pass again after reinstating DER preservation
tb [Sun, 30 Apr 2023 20:33:31 +0000 (20:33 +0000)]
check_complete.pl: update for recent changes in bn
tb [Sun, 30 Apr 2023 20:17:59 +0000 (20:17 +0000)]
mandoc -Tlint tells me I forgot to zap a comma
benno [Sun, 30 Apr 2023 20:10:38 +0000 (20:10 +0000)]
document that - with recent changes - the -A option now also excludes
the ASPA data from the JSON output.
ok claudio@
tb [Sun, 30 Apr 2023 19:41:01 +0000 (19:41 +0000)]
sync
tb [Sun, 30 Apr 2023 19:40:23 +0000 (19:40 +0000)]
Remove most documentation pertaining to proxy certificates.
Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since
we need to keep them for the time being.
tb [Sun, 30 Apr 2023 19:31:05 +0000 (19:31 +0000)]
Remove proxy cert api remmnants
tb [Sun, 30 Apr 2023 19:24:42 +0000 (19:24 +0000)]
Remove documentation of BN_generate_prime(), BN_is_prime{,_fasttest}()
tb [Sun, 30 Apr 2023 19:23:54 +0000 (19:23 +0000)]
Remove documentation of BN_zero_ex() and update BN_one() and BN_zero()
which are no longer macros (and the latter is no longer deprecated and
no longer attempts to allocate memory).
tb [Sun, 30 Apr 2023 19:15:48 +0000 (19:15 +0000)]
Garbage collect BN_zero_ex()
kettenis [Sun, 30 Apr 2023 17:24:24 +0000 (17:24 +0000)]
Remove the EFI RTC implementation on amd64. Since all amd64 systems we
know have a MC146818A compatible RTC this code isn't actually used. But
there are systems that have a buggy EFI implementation that blows up when
we call the GetTime runtime service to check whether the RTC functionality
is implemented.
ok mlarkin@, dlg@
sf [Sun, 30 Apr 2023 17:16:36 +0000 (17:16 +0000)]
msdosfs: Never allocate clusters outside the volume
- Assert that usemap_alloc() and usemap_free() cluster number argument
is valid.
- In chainlength(), return 0 if cluster start is after the max cluster.
- In chainlength(), cut the calculated cluster chain length at the max
cluster.
Adapted from FreeBSD commit
097a1d5fbb7990980f8f806c6878537c964adf32
ok miod@
tb [Sun, 30 Apr 2023 17:07:46 +0000 (17:07 +0000)]
Remove __dead again. Apparently this causes issues for some upstreams.
Thanks to orbea for the report
job [Sun, 30 Apr 2023 16:46:49 +0000 (16:46 +0000)]
Revert disablement of the encoding cache
Without the cache, we verify CRL signatures on bytes that have been
pulled through d2i_ -> i2d_, this can cause reordering, which in turn
invalidates the signature. for example if in the original CRL revocation
entries were sorted by date instead of ascending serial number order.
There are probably multiple things we can do here, but they will need
careful consideration and planning.
OK jsing@
tb [Sun, 30 Apr 2023 14:59:52 +0000 (14:59 +0000)]
Send x509_subject_cmp() to the attic
This helper has been inside #if 0 for nearly 25 years. Let it go. If we
should ever need it, I'm quite confident that we will be able to come up
with its one line body on our own.
tb [Sun, 30 Apr 2023 14:50:28 +0000 (14:50 +0000)]
sync
tb [Sun, 30 Apr 2023 14:49:47 +0000 (14:49 +0000)]
The policy tree is no more
Mop up documentation mentioning it or any of its numerous accessors that
almost nothing ever used.
tb [Sun, 30 Apr 2023 14:43:04 +0000 (14:43 +0000)]
Zap extra blank line
schwarze [Sun, 30 Apr 2023 14:03:47 +0000 (14:03 +0000)]
Make the descriptions of BIO_get_retry_BIO(3) and BIO_get_retry_reason(3)
more precise. Among other improvements, describe the three BIO_RR_*
constants serving as reason codes.
schwarze [Sun, 30 Apr 2023 13:57:29 +0000 (13:57 +0000)]
Slightly improve the documentation of the "oper" parameter by
explicitly listing the valid arguments, i.e. the BIO_CB_* constants.
schwarze [Sun, 30 Apr 2023 13:53:54 +0000 (13:53 +0000)]
Document the eight BIO_CONN_S_* constants that are passed to BIO_info_cb(3)
as the "state" argument. Document them here because connect BIOs are
the only built-in BIO type using these constants.
schwarze [Sun, 30 Apr 2023 13:38:48 +0000 (13:38 +0000)]
Mark the five BIO_GHBN_* constants as intentionally undocumented.
They are intended to be used by BIO_gethostbyname(), which is deprecated
in OpenSSL and already marked as intentionally undocumented in LibreSSL.
Besides, these constants are completely unused by anything.
phessler [Sun, 30 Apr 2023 13:08:40 +0000 (13:08 +0000)]
Remove artifical limit of 2 hours on a PIO lifetime, as recommended by
draft-ietf-6man-slaac-renum-05 and implemented by Linux in 2020.
OK florian@
tb [Sun, 30 Apr 2023 05:21:20 +0000 (05:21 +0000)]
whitespace
tb [Sun, 30 Apr 2023 05:02:59 +0000 (05:02 +0000)]
Sort alphabetically
tb [Sun, 30 Apr 2023 04:59:20 +0000 (04:59 +0000)]
Remove unnecessary target
tb [Sun, 30 Apr 2023 04:55:30 +0000 (04:55 +0000)]
policy test: simplify Makefile
yasuoka [Sun, 30 Apr 2023 00:58:38 +0000 (00:58 +0000)]
Fix that atactl sd0 readattr didn't work for some disks. Change it to
check the cksums of the attribute values instead of comparing the
revisions. diff from NetBSD through naito.yuichiro at gmail.com. test
by kolipe.c at exoticsilicon.com.
ok kevlo miod deraadt
benno [Sat, 29 Apr 2023 18:53:11 +0000 (18:53 +0000)]
bump version to 8.4
schwarze [Sat, 29 Apr 2023 15:38:14 +0000 (15:38 +0000)]
New manual page written by Ted Bullock,
dropping the empty RETURN VALUES section
and adding the missing "#include <stdilib.h>" below EXAMPLES.
schwarze [Sat, 29 Apr 2023 13:37:03 +0000 (13:37 +0000)]
Provide function prototypes for macros that take arguments,
rename the "ev" argument to "event" to make some text read better,
and get rid of colons at the ends of list tags.
OK jmc@ and Ted Bullock.
schwarze [Sat, 29 Apr 2023 13:06:10 +0000 (13:06 +0000)]
Mention a few standard BIO_ctrl(3) command constants
that provide type-specific functionality here.
While here, fix some wrong return types in the SYNOPSIS.
schwarze [Sat, 29 Apr 2023 12:22:08 +0000 (12:22 +0000)]
Mention a few standard BIO_ctrl(3) command constants
that provide type-specific functionality here,
and add the missing return type to one function prototype.
miod [Sat, 29 Apr 2023 12:10:08 +0000 (12:10 +0000)]
Add "counter-timer" to openboot_special[] in order to not mention it as
unconfigured during boot, now that timer(4) is gone.
schwarze [Sat, 29 Apr 2023 12:04:54 +0000 (12:04 +0000)]
Mention the type-specific BIO_ctrl(3) command constants
in the manual pages of the respective BIO types.
schwarze [Sat, 29 Apr 2023 12:01:53 +0000 (12:01 +0000)]
Mention the type-specific BIO_ctrl(3) command constants
in the manual pages of the respective BIO type.
While here, fix some wrong return types in the SYNOPSIS.
kn [Sat, 29 Apr 2023 10:25:32 +0000 (10:25 +0000)]
Remove net lock from DIOCGETQUEUE
Same logic and argument as for the parent *S ioctl unlocked in r1.400,
might as well have committed them together:
Both ticket and number of queues stem from the pf_queues_active list which
is effectively static to pf_ioctl.c and fully protected by the pf lock.
OK sashan
mlarkin [Sat, 29 Apr 2023 10:18:06 +0000 (10:18 +0000)]
remove some 19 year old #if 0 code
ok deraadt
mlarkin [Sat, 29 Apr 2023 10:12:33 +0000 (10:12 +0000)]
whitespace
espie [Sat, 29 Apr 2023 10:08:18 +0000 (10:08 +0000)]
as noticed by sdk@, a package with an exact numbers of 64K chunks would
produce a spurious error (so 1 chance in 2^26)
It's like read/write: we need to recognize 0 as EOF and not try to checksum
a non-existing block.
while there, also make sure that we got all the signed blocks at EOF
before exit(0)
Note that none of those two bugs affect the actual security of signed
packages: the basic assertion that only signed data gets written
through the pipe is still 100% valid !
but it's a good idea to not emit spurious messages for valid files, and also
to recognize truncated files !
okay tb@ (thanks a lot)
kettenis [Sat, 29 Apr 2023 08:50:53 +0000 (08:50 +0000)]
Print VHE feature in dmesg.
ok mlarkin@, patrick@
bluhm [Sat, 29 Apr 2023 00:20:46 +0000 (00:20 +0000)]
Run open rsync and ports rsync programs against each other using
the --rsync-path option. So we can see whether the tests pass in
all interoperability combinations.
Suggested by claudio@
tb [Fri, 28 Apr 2023 21:40:14 +0000 (21:40 +0000)]
Mark OpenSSLDie() as __dead
This tells gcc that OPENSSL_assert() will not return and thus avoids a
silly warning that triggers scary gentoo QA warnings.
From claudio
dv [Fri, 28 Apr 2023 21:22:20 +0000 (21:22 +0000)]
vmd(8): fix specifying boot image in vm.conf
Previous change to allow overriding changed the way we parsed and
stored the boot image path. The lifetime of the path was...much too
short. Heap allocate the kernel path.
Found by Mischa Peters.
ok mlarkin@
schwarze [Fri, 28 Apr 2023 20:34:26 +0000 (20:34 +0000)]
adjust after man_validate.c rev. 1.128 improved the error messages
tb [Fri, 28 Apr 2023 20:22:35 +0000 (20:22 +0000)]
Make LLVM 15 happier by changing from K&R to ANSI prototypes
schwarze [Fri, 28 Apr 2023 20:14:19 +0000 (20:14 +0000)]
Do not rewrite MAN_LP and MAN_P to MAN_PP because doing that causes
confusing warning messages complaining about macros that don't even
appear in the input file.
As a welcome side effect, this also shortens the code...
Fixing a minibug
reported by Alejandro Colomar <alx dot manpages at gmail dot com>.
dv [Fri, 28 Apr 2023 20:13:56 +0000 (20:13 +0000)]
Clarify -b usage by `vmctl start`.
mvs [Fri, 28 Apr 2023 20:03:13 +0000 (20:03 +0000)]
Add rtentry refcnt type to dt(4).
ok bluhm@
dv [Fri, 28 Apr 2023 19:46:41 +0000 (19:46 +0000)]
vmd(8)/vmctl(8): allow vm owners to override boot kernel.
vmd allows non-root users to "own" a vm defined in vm.conf(5). While
the user can start/stop the vm, if they break their filesystem they
have no means of booting recovery media like a ramdisk kernel.
This change opens the provided boot kernel via vmctl and passes the
file descriptor through the control channel to vmd. The next boot
of the vm will use the provided file descriptor as boot kernel/bios.
Subsequent boots (e.g. a reboot) will return to using behavior
defined in vm.conf or the default bios image.
ok mlarkin@
bluhm [Fri, 28 Apr 2023 19:41:07 +0000 (19:41 +0000)]
Execute each test as make target. Remove the shell wrapper. Mark
failing test so that claudio@ can fix them.
dv [Fri, 28 Apr 2023 18:52:22 +0000 (18:52 +0000)]
Remove unneeded header includes in vmd.
No functional change. virtio block/networking emulation do not need
to know about vmm or any kernel types.
robert [Fri, 28 Apr 2023 18:33:22 +0000 (18:33 +0000)]
bump MAXDSIZ to 128G on amd64 and 64G on arm64
discussed with kettenis@, ok deraadt@
job [Fri, 28 Apr 2023 18:32:40 +0000 (18:32 +0000)]
Free all libcrypto global state memory before returning
Found with the help of Otto's malloc memory leak detector!
job [Fri, 28 Apr 2023 18:31:34 +0000 (18:31 +0000)]
Return a non-zero error exit code on any DER cache discrepancies
cheloha [Fri, 28 Apr 2023 18:27:55 +0000 (18:27 +0000)]
timer(4/sparc64): remove driver
The timer(4/sparc64) driver was effectively disabled during the
previous release. Nobody has come forward asking for it to be adapted
to work with the new clockintr framework, so it's time to remove the
driver from the tree.
As of today, if you want to run OpenBSD on SPARC v9 hardware, that
hardware needs to sport either %tick and %tick_compare (%asr23), or
%stick (%asr24) and %stick_compare (%asr25).
All Sun/Oracle SPARC v9 hardware meets these conditions, from the
UltraSPARC I onward.
Most HAL/Fujitsu SPARC v9 hardware meets these conditions, from the
SPARC64 III onward. The only HAL/Fujitsu hardware that might not have
%tick_compare are the HAL SPARC64 I and SPARC64 II, for which I can
find no documentation. However, those processors are currently
unsupported by OpenBSD for other reasons, so their support status is
unchanged by the removal of this driver.
With help from miod@.
Link: https://marc.info/?l=openbsd-tech&m=167898759928206&w=2
"after unlock" deraadt@, ok mlarkin@ miod@
tb [Fri, 28 Apr 2023 18:27:49 +0000 (18:27 +0000)]
Fix leaks reported by ASAN
debugged with job
krw [Fri, 28 Apr 2023 18:14:59 +0000 (18:14 +0000)]
Revert amd64/i386 floppy change. Missing diff to vnconfig broke
installboot'ing due to incorrect d_type (must be 'floppy' not
'vnd') in disklabel.
Noticed by deraadt@ and sthen@
tb [Fri, 28 Apr 2023 18:14:59 +0000 (18:14 +0000)]
Too many stupid things whine about these being used uninitialized
(which they aren't), so appease them.
job [Fri, 28 Apr 2023 17:59:53 +0000 (17:59 +0000)]
Remove preservation and use of cached DER/BER encodings in the d2i/i2d paths
A long time ago a workflow was envisioned for X509, X509_CRL, and X509_REQ
structures in which only fields modified after deserialization would need to
be re-encoded upon serialization.
Unfortunately, over the years, authors would sometimes forget to add code in
setter functions to trigger invalidation of previously cached DER encodings.
The presence of stale versions of structures can lead to very hard-to-debug
issues and cause immense sorrow.
Fully removing the concept of caching DER encodings ensures stale versions
of structures can never rear their ugly heads again.
OK tb@ jsing@
schwarze [Fri, 28 Apr 2023 17:31:58 +0000 (17:31 +0000)]
Some wording tweaks to finish the polishing.
While here, also correct the HISTORY section.
OK jmc@
schwarze [Fri, 28 Apr 2023 16:59:03 +0000 (16:59 +0000)]
Mark the obsolete PROXY_PARAM and SOCKS BIO_ctrl(3) command constants
as intentionally undocumented. Do that here because no related
manual pages exist.
beck [Fri, 28 Apr 2023 16:50:16 +0000 (16:50 +0000)]
Enable policy checking by default now that we are DAG implementation based.
This ensures that we will no longer silently ignore a certificate with
a critical policy extention by default.
ok tb@
schwarze [Fri, 28 Apr 2023 16:49:00 +0000 (16:49 +0000)]
Mark a number of BIO_ctrl(3) command constants as intentionally
undocumented because they are NOOPs or deprecated.
schwarze [Fri, 28 Apr 2023 16:39:19 +0000 (16:39 +0000)]
kill the .Xr to BN_nist_mod_521(3) which no longer exists
tb [Fri, 28 Apr 2023 16:30:14 +0000 (16:30 +0000)]
Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile
with beck
claudio [Fri, 28 Apr 2023 16:28:28 +0000 (16:28 +0000)]
Import rsync regress provided by Martin Cracauer so that bluhm@ can work
improve it in tree.
schwarze [Fri, 28 Apr 2023 16:22:45 +0000 (16:22 +0000)]
Add BIO_C_SET_MD_CTX to the list of command constants.
tb [Fri, 28 Apr 2023 16:21:57 +0000 (16:21 +0000)]
Take the old policy code behind the barn
It can go play in the fields with all the other exponential time policy
"code".
discussed with jsing
ok & commit message beck
schwarze [Fri, 28 Apr 2023 16:20:01 +0000 (16:20 +0000)]
Document BIO_set_md_ctx(3) and BIO_C_SET_MD_CTX.
Correct the return types of some macros.
Improve the RETURN VALUES section.
tb [Fri, 28 Apr 2023 16:18:17 +0000 (16:18 +0000)]
The policy test is no longer expected to fail
tb [Fri, 28 Apr 2023 16:14:46 +0000 (16:14 +0000)]
Enable the new policy checking code in x509_policy.c
ok beck jsing
tb [Fri, 28 Apr 2023 15:57:38 +0000 (15:57 +0000)]
Silence gcc-4 warnings about sk_sort()
Tell it we deliberately ignore the return value, (we really don't
care what the old comparison function was).
job [Fri, 28 Apr 2023 15:51:18 +0000 (15:51 +0000)]
Remove misinformation, reason had nothing to do with efficiency
"Failure to re-encode on modification is a bug not a feature."
OK jsing@
sashan [Fri, 28 Apr 2023 15:50:05 +0000 (15:50 +0000)]
remove superfluous/invalid KASSERT() in pfsync_q_del().
pointed and OK bluhm@
tb [Fri, 28 Apr 2023 15:39:29 +0000 (15:39 +0000)]
Remove now no longer needed <assert.h>; sort headers
ok jsing
tb [Fri, 28 Apr 2023 15:37:28 +0000 (15:37 +0000)]
Deassert has_explicit_policy()
The only caller is X509_policy_check() which goes straight to error.
with beck
ok jsing
tb [Fri, 28 Apr 2023 15:35:55 +0000 (15:35 +0000)]
Deassert delete_if() callbacks
Add sk_is_sorted() checks to the callers of sk_X509_POLICY_NODE_delete_if()
and add a comment that this is necessary.
with beck
ok jsing
tb [Fri, 28 Apr 2023 15:30:14 +0000 (15:30 +0000)]
Deassert x509_policy_level_find()
Move the check that level->nodes is sorted to the call site and make sure
that the logic is preserved and erroring does the right thing.
with beck
ok jsing
tb [Fri, 28 Apr 2023 15:27:15 +0000 (15:27 +0000)]
Deassert X509_policy_check()
Instead of asserting that i == num_certs - 2, simply make that an error
check.
with beck
ok jsing
tb [Fri, 28 Apr 2023 15:21:22 +0000 (15:21 +0000)]
Deassert x509_policy_level_add_nodes()
This assert is in debugging code that ensures that there are no duplicate
nodes on this level. This is an expensive and unnecessary check. Duplicates
already cause failures as ensured by regress.
with beck
ok jsing
tb [Fri, 28 Apr 2023 15:16:48 +0000 (15:16 +0000)]
Deassert x509_policy_new()
Turn the check into an error which will make all callers error.
with beck
ok jsing
job [Fri, 28 Apr 2023 15:12:51 +0000 (15:12 +0000)]
Rearrange freeing of memory in the regress test
schwarze [Fri, 28 Apr 2023 15:04:33 +0000 (15:04 +0000)]
Reorder the text such that every function is discussed only once
instead of discussing some of them at two different places.
Also follow a more logical order: initialization first, then reading
and writing, then retrieving the digest and reinitialization.
Leave context handling and chain duplication at the end because
both are rarely needed.
While here, also tweak the wording of the shuffled text
and add some precision in a few places.
tb [Fri, 28 Apr 2023 14:45:51 +0000 (14:45 +0000)]
make the policy test compile on sparc64
phessler [Fri, 28 Apr 2023 14:09:06 +0000 (14:09 +0000)]
Inbound portion of RFC9131. Routers can create new neighbor cache entries
when receiving a valid Neighbor Advertisement.
OK florian@ kn@
sashan [Fri, 28 Apr 2023 14:08:38 +0000 (14:08 +0000)]
This change speeds up DIOCGETRULE ioctl(2) which pfctl(8) uses to
retrieve rules from kernel. The current implementation requires
like O((n^2)/2) operation to read the complete rule set, because
each DIOCGETRULE operation must iterate over previous n
rules to find (n + 1)-th rule to read.
To address the issue diff introduces a pf_trans structure to keep
pointer to next rule to read, thus reading process does not need
to iterate from beginning of rule set to reach the next rule.
All transactions opened by process get closed either when process
is done (reads all rules) or when /dev/pf device is closed.
the diff also comes with lots of improvements from dlg@ and kn@
OK dlg@, kn@
phessler [Fri, 28 Apr 2023 14:08:34 +0000 (14:08 +0000)]
Relax the "pass all" rule so all forms of neighbor advertisements are allowed
in either direction.
This more closely matches the IPv4 ARP behaviour.
From sashan@
discussed with kn@ deraadt@
job [Fri, 28 Apr 2023 13:48:38 +0000 (13:48 +0000)]
Add X509_REQ_add_extensions and to X509_REQ_add1_attr to DER cache test
These new tests won't bubble up a non-zero error exit code because
other libcrypto bits still need to land first.
claudio [Fri, 28 Apr 2023 13:24:25 +0000 (13:24 +0000)]
Same change as in bgpd:
Add explicit default labels in switch() statements with error handling.
Right now these are not reachable. Should also clear some gcc warnings.
OK tb@
claudio [Fri, 28 Apr 2023 13:23:52 +0000 (13:23 +0000)]
Add explicit default labels in switch() statements with error handling.
Right now these are not reachable. Should also clear some gcc warnings.
OK tb@
bluhm [Fri, 28 Apr 2023 12:53:42 +0000 (12:53 +0000)]
Add a membar_consumer() for the taskq_create() in sosplice(). Membar
producer and consumer must come in pair and the latter was missing.
Also move the code a bit to make clear which check is needed for
what.
OK mvs@
krw [Fri, 28 Apr 2023 12:26:43 +0000 (12:26 +0000)]
Move FSDISKTYPE uses from disklabel(8) invocations to vnconfig(8)
invocations, making the geometry information written to the
disklabel a bit more logically related to the disktab information
from whence it came. Also makes FSDISKTYPE usage consistent.
Flip the disklabel(8) invocations to the "echo '/ *'"
idiom to make it obvious that the desire is to create a single
'a' partition containing all free space.
No intentional functional change. MBRs, disklabels and newfs
outputs appear identical.
reads good to kn@
gnezdo [Fri, 28 Apr 2023 12:03:49 +0000 (12:03 +0000)]
Enable kernel-address sanitizer for clang openbsd target
OK deraadt@