openbsd
5 months agoAdd another empty line
tb [Tue, 9 Jul 2024 17:58:36 +0000 (17:58 +0000)]
Add another empty line

5 months agoTurn tls1_prf_alg() into single exit
tb [Tue, 9 Jul 2024 17:56:41 +0000 (17:56 +0000)]
Turn tls1_prf_alg() into single exit

requested by jsing on review
ok beck

5 months agoUnwrap a few more lines
tb [Tue, 9 Jul 2024 17:47:20 +0000 (17:47 +0000)]
Unwrap a few more lines

5 months agoUnwrap a couple of lines
tb [Tue, 9 Jul 2024 17:46:32 +0000 (17:46 +0000)]
Unwrap a couple of lines

5 months agoAlign math with t1_enc.c
tb [Tue, 9 Jul 2024 17:44:18 +0000 (17:44 +0000)]
Align math with t1_enc.c

suggested by jsing on review

5 months agoMinor cosmetics in pkey_tls1_prf_derive()
tb [Tue, 9 Jul 2024 17:35:55 +0000 (17:35 +0000)]
Minor cosmetics in pkey_tls1_prf_derive()

noticed by jsing on review

5 months agoFix a typo
yasuoka [Tue, 9 Jul 2024 17:34:10 +0000 (17:34 +0000)]
Fix a typo

5 months agoReplace explicit_bzero() plus free() with freezero()
tb [Tue, 9 Jul 2024 17:29:51 +0000 (17:29 +0000)]
Replace explicit_bzero() plus free() with freezero()

This is simpler, if slightly more expensive

5 months agoAdd radiusd_ipcp(8). A module which provides IP configuration through
yasuoka [Tue, 9 Jul 2024 17:26:14 +0000 (17:26 +0000)]
Add radiusd_ipcp(8).  A module which provides IP configuration through
RADIUS Access-Accept messages and manages IP address pool through
RADIUS accounting messages.

5 months agoImprove test coverage for TLS1-PRF
tb [Tue, 9 Jul 2024 17:24:12 +0000 (17:24 +0000)]
Improve test coverage for TLS1-PRF

This is basically a copy of the libssl unit tests, moved to libcrypto to
avoid starting the infection of libssl with this particular piece of EVP
garbage.

5 months agoAdd a minimal regress test for TLS1-PRF
tb [Tue, 9 Jul 2024 17:09:23 +0000 (17:09 +0000)]
Add a minimal regress test for TLS1-PRF

5 months agoShuffle things into a more sensible order
tb [Tue, 9 Jul 2024 17:05:46 +0000 (17:05 +0000)]
Shuffle things into a more sensible order

no functional change

5 months agoUse better order in EVP_PKEY_CTRL_TLS_SECRET
tb [Tue, 9 Jul 2024 17:04:50 +0000 (17:04 +0000)]
Use better order in EVP_PKEY_CTRL_TLS_SECRET

Also avoid an unnecessary NULL check.

5 months agoAdd tls1_prf_pkey_meth to pkey_methods
tb [Tue, 9 Jul 2024 17:02:29 +0000 (17:02 +0000)]
Add tls1_prf_pkey_meth to pkey_methods

ok jsing

5 months agoMake a NULL check explicit
tb [Tue, 9 Jul 2024 17:01:40 +0000 (17:01 +0000)]
Make a NULL check explicit

5 months agoZap or align some ugly comments
tb [Tue, 9 Jul 2024 17:00:59 +0000 (17:00 +0000)]
Zap or align some ugly comments

5 months agoTest & assign once more
tb [Tue, 9 Jul 2024 17:00:25 +0000 (17:00 +0000)]
Test & assign once more

5 months agosec_len -> secret_len
tb [Tue, 9 Jul 2024 16:59:50 +0000 (16:59 +0000)]
sec_len -> secret_len

5 months agoTest and assign in tls1_prf_P_hash()
tb [Tue, 9 Jul 2024 16:59:07 +0000 (16:59 +0000)]
Test and assign in tls1_prf_P_hash()

5 months agoFix whitespace around '/'
tb [Tue, 9 Jul 2024 16:58:13 +0000 (16:58 +0000)]
Fix whitespace around '/'

5 months agoInvert logic in tls1_prf_alg()
tb [Tue, 9 Jul 2024 16:57:27 +0000 (16:57 +0000)]
Invert logic in tls1_prf_alg()

5 months agoolen -> out_len
tb [Tue, 9 Jul 2024 16:54:13 +0000 (16:54 +0000)]
olen -> out_len

5 months agoAdd a few empty lines
tb [Tue, 9 Jul 2024 16:53:33 +0000 (16:53 +0000)]
Add a few empty lines

5 months agoseedlen -> seed_len
tb [Tue, 9 Jul 2024 16:52:34 +0000 (16:52 +0000)]
seedlen -> seed_len

5 months agoseclen -> secret_len
tb [Tue, 9 Jul 2024 16:51:50 +0000 (16:51 +0000)]
seclen -> secret_len

5 months agoslen -> secret_len
tb [Tue, 9 Jul 2024 16:51:01 +0000 (16:51 +0000)]
slen -> secret_len

5 months agosec -> secret
tb [Tue, 9 Jul 2024 16:50:07 +0000 (16:50 +0000)]
sec -> secret

5 months agoReplace local typedef with spelling out the struct name
tb [Tue, 9 Jul 2024 16:48:39 +0000 (16:48 +0000)]
Replace local typedef with spelling out the struct name

5 months agoRemove a few useless comments
tb [Tue, 9 Jul 2024 16:47:36 +0000 (16:47 +0000)]
Remove a few useless comments

5 months agoApply a knfmt(8) sledgehammer
tb [Tue, 9 Jul 2024 16:46:33 +0000 (16:46 +0000)]
Apply a knfmt(8) sledgehammer

5 months agoAdd an RCS tag
tb [Tue, 9 Jul 2024 16:45:33 +0000 (16:45 +0000)]
Add an RCS tag

5 months agoReplace license stub with full license
tb [Tue, 9 Jul 2024 16:44:42 +0000 (16:44 +0000)]
Replace license stub with full license

This reverts to the license added in OpenSSL's initial import of this
file in commit 1eff3485b63f84956b5f212aa4d853783bf6c8b5

5 months agolink tls1_prf.c to build
tb [Tue, 9 Jul 2024 16:41:44 +0000 (16:41 +0000)]
link tls1_prf.c to build

ok jsing

5 months agoReplace a malloc() call with calloc()
tb [Tue, 9 Jul 2024 16:38:40 +0000 (16:38 +0000)]
Replace a malloc() call with calloc()

5 months agoReplace an ossl_assert() with an error check
tb [Tue, 9 Jul 2024 16:37:43 +0000 (16:37 +0000)]
Replace an ossl_assert() with an error check

5 months agoUse C99 initializers for tls1_prf_pkey_meth()
tb [Tue, 9 Jul 2024 16:36:46 +0000 (16:36 +0000)]
Use C99 initializers for tls1_prf_pkey_meth()

5 months agoInline an instance of OPENSSL_memdup()
tb [Tue, 9 Jul 2024 16:33:10 +0000 (16:33 +0000)]
Inline an instance of OPENSSL_memdup()

5 months agoTidy up includes
tb [Tue, 9 Jul 2024 16:31:40 +0000 (16:31 +0000)]
Tidy up includes

5 months agoOPENSSL_free() -> free()
tb [Tue, 9 Jul 2024 16:30:54 +0000 (16:30 +0000)]
OPENSSL_free() -> free()

5 months agoOPENSSL_cleanse() -> explicit_bzero()
tb [Tue, 9 Jul 2024 16:30:28 +0000 (16:30 +0000)]
OPENSSL_cleanse() -> explicit_bzero()

5 months agoOPENSSL_clear_free() -> freezero()
tb [Tue, 9 Jul 2024 16:29:27 +0000 (16:29 +0000)]
OPENSSL_clear_free() -> freezero()

5 months agoOPENSSL_malloc() -> malloc()
tb [Tue, 9 Jul 2024 16:28:31 +0000 (16:28 +0000)]
OPENSSL_malloc() -> malloc()

5 months agoSpell OPENSSL_zalloc() correctly as calloc()
tb [Tue, 9 Jul 2024 16:27:48 +0000 (16:27 +0000)]
Spell OPENSSL_zalloc() correctly as calloc()

5 months agoMechanically replace KDFerr() with KDFerror()
tb [Tue, 9 Jul 2024 16:26:59 +0000 (16:26 +0000)]
Mechanically replace KDFerr() with KDFerror()

5 months agoTrack configured and new prefix delegations in iface.
florian [Tue, 9 Jul 2024 16:24:57 +0000 (16:24 +0000)]
Track configured and new prefix delegations in iface.

When the DHCPv6 server renumbers and hands us new delegations we have
to deconfigure the old prefixes. To prevent situations where we have
no IPv6 at all, first configure the new prefixes and then remove the
old prefixes.

5 months agoAdd a verbatim copy of tls1_prf.c from OpenSSL 1.1.1
tb [Tue, 9 Jul 2024 16:24:47 +0000 (16:24 +0000)]
Add a verbatim copy of tls1_prf.c from OpenSSL 1.1.1

From the last public commit b372b1f76450acdfed1e2301a39810146e28b02c
of the OpenSSL_1_1_1-stable branch

SHA256 (kdf/tls1_prf.c) = a519d3ff721d4ec59befac8586e24624fa87d9d8f6479327f7af58d652b6e4e5

Will be beat (a little bit) into shape in tree before linking it to the
build.

ok jsing

5 months agoAdd various defines for TLS1-PRF
tb [Tue, 9 Jul 2024 16:20:17 +0000 (16:20 +0000)]
Add various defines for TLS1-PRF

ok jsing

5 months agoSkip prefixes with vltime 0.
florian [Tue, 9 Jul 2024 16:15:42 +0000 (16:15 +0000)]
Skip prefixes with vltime 0.

Servers indicate unusable prefixes with vltime 0 when we are in
state reboot and probably hand us new, valid prefixes.
In IPv4 dhcp we would receive a NACK instead...

5 months agoAdd EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf
tb [Tue, 9 Jul 2024 16:15:37 +0000 (16:15 +0000)]
Add EVP_PKEY_TLS1_PRF as alias for NID_tls1_prf

ok jsing

5 months agoChoose fixed NID for TLS1-PRF
tb [Tue, 9 Jul 2024 16:12:33 +0000 (16:12 +0000)]
Choose fixed NID for TLS1-PRF

5 months agoAdd NID for TLS1-PRF
tb [Tue, 9 Jul 2024 16:12:08 +0000 (16:12 +0000)]
Add NID for TLS1-PRF

ok jsing

5 months agoRead the whole buffer, not its size minus one.
mpi [Tue, 9 Jul 2024 16:08:30 +0000 (16:08 +0000)]
Read the whole buffer, not its size minus one.

From Christian Ludwig cludwig at genua.de.

5 months agonetlock is no longer held for SIOCSIFMEDIA and SIOCGIFMEDIA, so rely on
jmatthew [Tue, 9 Jul 2024 16:04:15 +0000 (16:04 +0000)]
netlock is no longer held for SIOCSIFMEDIA and SIOCGIFMEDIA, so rely on
the kernel lock instead, as done in if_ixl.c r1.84.

from Yuichiro NAITO

5 months agovmctl(8): set exit code for vmctl stat -r
mlarkin [Tue, 9 Jul 2024 15:51:11 +0000 (15:51 +0000)]
vmctl(8): set exit code for vmctl stat -r

set exit code to 1 if no running VMs are detected with vmctl stat -r.

ok dv

5 months agoRemove splassert() for now since IPL_STATCLOCK is MD and not all archs have it.
claudio [Tue, 9 Jul 2024 15:20:15 +0000 (15:20 +0000)]
Remove splassert() for now since IPL_STATCLOCK is MD and not all archs have it.
Noticed by bluhm@ on octeon

5 months agodocument C-u handling on shell-command{,-on-region}, forgot in previous
op [Tue, 9 Jul 2024 14:51:37 +0000 (14:51 +0000)]
document C-u handling on shell-command{,-on-region}, forgot in previous

5 months agoRemoving 'softdep' options from fstab entries during upgrade is no longer
krw [Tue, 9 Jul 2024 14:47:21 +0000 (14:47 +0000)]
Removing 'softdep' options from fstab entries during upgrade is no longer
necessary as 'softdep' is now a no-op.

ok beck@ sthen@

5 months agomg: handle C-u in M-! and M-|
op [Tue, 9 Jul 2024 14:46:17 +0000 (14:46 +0000)]
mg: handle C-u in M-! and M-|

With the C-u modifier, these commands (respectively shell-command
and shell-command-on-region) will operate in-place instead of opening
a special buffer with the result.

ok and lots of feedback from florian@

(signature for iomux and preadin changed after the ok -- the buffer
pointer was no longer needed)

5 months agoDon't push the error stack in ssl_sigalg_select()
beck [Tue, 9 Jul 2024 13:43:57 +0000 (13:43 +0000)]
Don't push the error stack in ssl_sigalg_select()

Doing so breaks certificate selection if a TLS 1.3 client does not support
EC certs, and needs to fall back to RSA.

ok tb@

5 months agoremove unnused prototype
florian [Tue, 9 Jul 2024 13:27:18 +0000 (13:27 +0000)]
remove unnused prototype

5 months agoDocument MODFONT_DOCDIR and MODFONT_DOCFILES.
bentley [Tue, 9 Jul 2024 13:05:15 +0000 (13:05 +0000)]
Document MODFONT_DOCDIR and MODFONT_DOCFILES.

5 months agoFix TLS key share check to not fire when using < TLS 1.3
beck [Tue, 9 Jul 2024 12:27:27 +0000 (12:27 +0000)]
Fix TLS key share check to not fire when using < TLS 1.3

The check was being too aggressive and was catching us when the
extension was being sent by a client which supports tls 1.3 but
the server was capped at TLS 1.2. This moves the check after the
max version check, so we won't error out if we do not support
TLS 1.3

Reported by obsd@bartula.de

ok tb@

5 months agodo not need to force bss values to 0
deraadt [Tue, 9 Jul 2024 11:21:44 +0000 (11:21 +0000)]
do not need to force bss values to 0

5 months agodo a manual ret-clean operation inside the vmm_dispatch_intr asm code
deraadt [Tue, 9 Jul 2024 11:15:58 +0000 (11:15 +0000)]
do a manual ret-clean operation inside the vmm_dispatch_intr asm code
ok mlarkin

5 months agosync with userland: let z_off_t fall back to long long instead of long
tb [Tue, 9 Jul 2024 10:51:14 +0000 (10:51 +0000)]
sync with userland: let z_off_t fall back to long long instead of long

In the boot blocks, this would result in various 64-bit instruction being
used, which might result in undesirable bloat in legacy boot loaders, so
add a workaround for the _STANDALONE case to still fall back to long
instead of long long.

with/ok deraadt, ok millert

5 months agoLet z_off_t fall back to long long instead of only long
tb [Tue, 9 Jul 2024 10:48:31 +0000 (10:48 +0000)]
Let z_off_t fall back to long long instead of only long

This is a noop on OpenBSD in userland

ok deraadt millert

5 months agoActually enable namespaced builds in both libcrypto and libssl
beck [Tue, 9 Jul 2024 09:39:14 +0000 (09:39 +0000)]
Actually enable namespaced builds in both libcrypto and libssl

(instead of commiting only one part)

5 months agoIPv6 forward copies small packet content on the stack.
bluhm [Tue, 9 Jul 2024 09:33:13 +0000 (09:33 +0000)]
IPv6 forward copies small packet content on the stack.

Unfortunately RFC 4443 demands that the ICMP6 error packet containing
the orignal packet is up to 1280 bytes long.  That means for every
forwarded packet forward() creates a mbuf copy, just in case delivery
fails.

For small packets we can copy the content on the stack like IPv4
forward does.  This saves us some mbuf allocations if the content
is shorter than the mbuf data size.

OK mvs@

5 months agovmd/vmm: move vm_run_params into mi header.
dv [Tue, 9 Jul 2024 09:31:37 +0000 (09:31 +0000)]
vmd/vmm: move vm_run_params into mi header.

To prepare for mi/md splitting vmd, need to fixup the dev/vmm/vmm.h
mi header. Move the vm_run_params struct and clean up the includes
in vmd.

"sure", mlarkin@

5 months agoReshuffle the switch cases in ptsignal and single_thread_set to be
claudio [Tue, 9 Jul 2024 09:22:50 +0000 (09:22 +0000)]
Reshuffle the switch cases in ptsignal and single_thread_set to be
in the order needed for future changes. No functional change.
OK mpi@

5 months agoImplement MSI multiple-vector support.
kettenis [Tue, 9 Jul 2024 08:47:10 +0000 (08:47 +0000)]
Implement MSI multiple-vector support.

ok patrick@

5 months agoIn sched_toidle() only call the TRACEPOINT if curproc is set.
claudio [Tue, 9 Jul 2024 08:44:36 +0000 (08:44 +0000)]
In sched_toidle() only call the TRACEPOINT if curproc is set.
sched_toidle() is called by cpu_hatch() to start APs and then curproc
may be NULL.
OK mpi@

5 months agoAdd bounded attributes to hmac.h
tb [Tue, 9 Jul 2024 07:57:57 +0000 (07:57 +0000)]
Add bounded attributes to hmac.h

ok beck

5 months agoKNF a pile of else if blocks; ok tb
deraadt [Tue, 9 Jul 2024 07:51:09 +0000 (07:51 +0000)]
KNF a pile of else if blocks; ok tb

5 months agoEnable namespaced builds by default for libssl and libcrypto.
beck [Tue, 9 Jul 2024 07:39:21 +0000 (07:39 +0000)]
Enable namespaced builds by default for libssl and libcrypto.

Some further refinements will happen to the build process to
automatically generate the Symbols.namespace file, and to remove
our last public unhidden symbol (which was a mistake, but waits for
a major bump to get removed)

But for now everything should be using this.

ok tb@

5 months agoRemove trailing whitespace. No code change.
mlarkin [Tue, 9 Jul 2024 07:28:12 +0000 (07:28 +0000)]
Remove trailing whitespace. No code change.

5 months agoHide remaining unused ERR functions in err.h
beck [Tue, 9 Jul 2024 07:17:13 +0000 (07:17 +0000)]
Hide remaining unused ERR functions in err.h

ok tb@

5 months agoHide CRYPTO_get_dynlock_create_callback
beck [Tue, 9 Jul 2024 07:16:44 +0000 (07:16 +0000)]
Hide CRYPTO_get_dynlock_create_callback

ok tb@

5 months agoHide DES global variables
beck [Tue, 9 Jul 2024 07:16:13 +0000 (07:16 +0000)]
Hide DES global variables

ok tb@

5 months agoAdd missing symbols to Symbols.namespace
beck [Tue, 9 Jul 2024 07:15:39 +0000 (07:15 +0000)]
Add missing symbols to Symbols.namespace

ok tb@

5 months agoRemove duplicates from Symbols.namespace
beck [Tue, 9 Jul 2024 07:14:26 +0000 (07:14 +0000)]
Remove duplicates from Symbols.namespace

ok tb@

5 months agoHide symbols for two missed public functions in bio.h
beck [Tue, 9 Jul 2024 06:14:59 +0000 (06:14 +0000)]
Hide symbols for two missed public functions in bio.h

ok tb@

5 months agoHide global _it symbols in pkcs12.h
beck [Tue, 9 Jul 2024 06:13:22 +0000 (06:13 +0000)]
Hide global _it symbols in pkcs12.h

ok tb@

5 months agoHide global _it symbola in cms.h
beck [Tue, 9 Jul 2024 06:12:45 +0000 (06:12 +0000)]
Hide global _it symbola in cms.h

ok tb@

5 months agopoint mount -> mount point;
jmc [Tue, 9 Jul 2024 05:19:41 +0000 (05:19 +0000)]
point mount -> mount point;
from netbsd -r1.46/pgoyette

5 months agochange format strings to fix SEM_DEBUG build
jsg [Tue, 9 Jul 2024 04:42:48 +0000 (04:42 +0000)]
change format strings to fix SEM_DEBUG build

5 months agospelling
jsg [Tue, 9 Jul 2024 03:21:47 +0000 (03:21 +0000)]
spelling

5 months agofix disasm of fucompp
jsg [Tue, 9 Jul 2024 01:21:19 +0000 (01:21 +0000)]
fix disasm of fucompp

when merging changes from FreeBSD in i386 rev 1.10
db_Esca5 was added but not used

ok mlarkin@

5 months agoQuiet vmd in debug logging mode. We don't need to hear about handled
dv [Mon, 8 Jul 2024 17:33:45 +0000 (17:33 +0000)]
Quiet vmd in debug logging mode. We don't need to hear about handled
page faults.

sure, @mlarkin.

5 months agoHide global _it symbols in dsa.h
beck [Mon, 8 Jul 2024 17:11:05 +0000 (17:11 +0000)]
Hide global _it symbols in dsa.h

ok tb@

5 months agoHide global _it symbols in rsa.h
beck [Mon, 8 Jul 2024 17:10:18 +0000 (17:10 +0000)]
Hide global _it symbols in rsa.h

ok tb@

5 months agoGuard variable declarations to unbreak non-namespaced builds.
beck [Mon, 8 Jul 2024 17:01:54 +0000 (17:01 +0000)]
Guard variable declarations to unbreak non-namespaced builds.

ok tb@

5 months agoHide global _it symbols in asn1t.h
beck [Mon, 8 Jul 2024 16:24:22 +0000 (16:24 +0000)]
Hide global _it symbols in asn1t.h

ok tb@

5 months agoHide global _it symbols in pkcs7.h
beck [Mon, 8 Jul 2024 16:23:27 +0000 (16:23 +0000)]
Hide global _it symbols in pkcs7.h

ok tb@

5 months agoRemove the KASSERT() in sched_unpeg_curproc().
mpi [Mon, 8 Jul 2024 16:15:42 +0000 (16:15 +0000)]
Remove the KASSERT() in sched_unpeg_curproc().

This fix rebooting a GENERIC.MP kernel on SP machines because unpeg is out
of the loop in smr_thread().

5 months agox509_pubkey_get_ski() should support non-rsa keys
tb [Mon, 8 Jul 2024 16:11:47 +0000 (16:11 +0000)]
x509_pubkey_get_ski() should support non-rsa keys

for now add an XXX reminder.

Pointed out by job a while back

5 months agoaucat: check for failled allocation
ratchov [Mon, 8 Jul 2024 16:10:34 +0000 (16:10 +0000)]
aucat: check for failled allocation

From Nihal Jere <nihal@nihaljere.xyz>, thanks!

5 months agoDon't check op_q_alloc for non-NULL before invoking op_q_free.
krw [Mon, 8 Jul 2024 16:07:36 +0000 (16:07 +0000)]
Don't check op_q_alloc for non-NULL before invoking op_q_free.
Check op_q_free for non-NULL instead.

Neither are currently set to non-NULL anywhere.

ok jmatthew@

5 months agoEnsure that the rpkiManifest is a file in the caRepository
tb [Mon, 8 Jul 2024 15:31:58 +0000 (15:31 +0000)]
Ensure that the rpkiManifest is a file in the caRepository

discussed with jca and job
ok claudio

5 months agoNormalize the rsync caRepository to contain a trailing slash
tb [Mon, 8 Jul 2024 15:31:11 +0000 (15:31 +0000)]
Normalize the rsync caRepository to contain a trailing slash

discussed with jca
ok claudio