openbsd
16 months agoSimplify handling of ret
tb [Sat, 1 Jul 2023 14:50:39 +0000 (14:50 +0000)]
Simplify handling of ret

ok jsing

16 months agoUse BN_bn2binpad() instead of handrolling it
tb [Sat, 1 Jul 2023 14:48:01 +0000 (14:48 +0000)]
Use BN_bn2binpad() instead of handrolling it

As ugly as the BN_bn2binpad() internals are, what it does is quite handy
with all sorts of EC stuff. So use it here too and eliminate some ugly
manual pointer zeroing and offsets. Also switch len and buflen from size_t
to int to remove an iffy cast: both are set by functions that return a
non-negative int.

ok jsing

16 months agoRemove unused y from ECDH key computation
tb [Sat, 1 Jul 2023 14:39:34 +0000 (14:39 +0000)]
Remove unused y from ECDH key computation

ok jsing

16 months agocrypto.h: move the error stuff to the end
tb [Sat, 1 Jul 2023 09:04:19 +0000 (09:04 +0000)]
crypto.h: move the error stuff to the end

The other public headers have function and reason codes at the end because
the error header was inlined. This was also the case here, too, until the
automatic library initialization was appended.

16 months agoWarn and fail to attach dwmmc(4) if no clock base is found.
jsing [Sat, 1 Jul 2023 08:27:26 +0000 (08:27 +0000)]
Warn and fail to attach dwmmc(4) if no clock base is found.

This makes it easier to track down clock related issues.

ok kettenis@

16 months agoAdd support for JH7110 to dwmmc(4).
jsing [Sat, 1 Jul 2023 08:22:41 +0000 (08:22 +0000)]
Add support for JH7110 to dwmmc(4).

This makes the eMMC and microSD mostly work on the Starfive VisionFive 2.

ok kettenis@

16 months agoAdd support for JH7110 to stftemp(4).
jsing [Sat, 1 Jul 2023 08:20:38 +0000 (08:20 +0000)]
Add support for JH7110 to stftemp(4).

This adds temperature sensor support for the Starfive VisionFive 2.

ok kettenis@

16 months agoSimplify ASN1_bn_print() usage in ec/
tb [Sat, 1 Jul 2023 08:15:31 +0000 (08:15 +0000)]
Simplify ASN1_bn_print() usage in ec/

ASN1_bn_print() doesn't print anything if the BIGNUM passed in is NULL.
Also simplify the handling of the point conversion form of the generator.

ok jsing

16 months agoChange a few types to fix warnings, from Thomas Klausner.
nicm [Fri, 30 Jun 2023 21:55:08 +0000 (21:55 +0000)]
Change a few types to fix warnings, from Thomas Klausner.

16 months agowhitespace
tb [Fri, 30 Jun 2023 18:19:35 +0000 (18:19 +0000)]
whitespace

16 months agosepcific -> specific
jsg [Fri, 30 Jun 2023 13:31:37 +0000 (13:31 +0000)]
sepcific -> specific
ok claudio@

16 months agoGet rid of some warnings with GCC 10, from Thomas Klausner.
nicm [Fri, 30 Jun 2023 13:19:32 +0000 (13:19 +0000)]
Get rid of some warnings with GCC 10, from Thomas Klausner.

16 months agolet check_table() also print table@anchor when it exits
sashan [Fri, 30 Jun 2023 12:16:00 +0000 (12:16 +0000)]
let check_table() also print table@anchor when it exits
unexpectedly via call to fatal()

OK claudio@

16 months agoUse "newcon" instead of "netlck" as identifier of the sleep reason while
mvs [Fri, 30 Jun 2023 11:52:11 +0000 (11:52 +0000)]
Use "newcon" instead of "netlck" as identifier of the sleep reason while
awaiting concurrent sonewconn() threads termination.

ok bluhm

16 months agoIntroduce M_PF type for pf(4) related memory allocations. Currently used
mvs [Fri, 30 Jun 2023 09:58:30 +0000 (09:58 +0000)]
Introduce M_PF type for pf(4) related memory allocations. Currently used
M_TEMP and M_IFADDR types are unreasonable for that purpose. This
dedicated statistics simplify the future pf(4) unlocking work by
decreasing search area of possible memory leaks.

ok bluhm sashan

16 months agoRecommit "Allow to ask for deeper callers for leak reports using
otto [Fri, 30 Jun 2023 06:24:58 +0000 (06:24 +0000)]
Recommit "Allow to ask for deeper callers for leak reports using
malloc options"

Now only enabled for platforms where it's know to work and written
as a inline functions instead of a macro.

16 months agoacpi(4)/acpibtn(4): use opt-in approach for wakeup GPEs
dv [Thu, 29 Jun 2023 20:58:08 +0000 (20:58 +0000)]
acpi(4)/acpibtn(4): use opt-in approach for wakeup GPEs

Previously, any discovered GPE that could be enabled for wake was
being enabled prior to entering ACPI-based S3 or S4. On some newer
machines, this caused S3-based suspend to break as some devices we
don't fully control (e.g. lack of driver) might be capable of waking
the system and will do so almost instantly if the GPE is enabled for
wake up (i.e. the so called "instant wake" issue).

This changes to a model of having device drivers explicitly opt
into using their GPE for wake up.

The first driver to explicitly toggle a GPE for wake is acpibtn(4).

Variations of the above have been in snapshots for 2 weeks, so
tested by many.

ok deraadt@

16 months agoFix handling of 'N-* 100' template entries.
krw [Thu, 29 Jun 2023 20:10:11 +0000 (20:10 +0000)]
Fix handling of 'N-* 100' template entries.

'N-* 100' means a max of all 'extra' disk space not all disk
space.

Fixes templates with partitions after a 'N-* 100' entry.

Reported by anton@

16 months agoUpdate to nsd 4.7.0
florian [Thu, 29 Jun 2023 19:38:49 +0000 (19:38 +0000)]
Update to nsd 4.7.0

OK tb

16 months agoSpaces vs tabs
claudio [Thu, 29 Jun 2023 16:24:53 +0000 (16:24 +0000)]
Spaces vs tabs
from florian@

16 months agoRewrite pfe_route() to actually work on 64bit archs since IPv6 had to be
claudio [Thu, 29 Jun 2023 16:11:02 +0000 (16:11 +0000)]
Rewrite pfe_route() to actually work on 64bit archs since IPv6 had to be
special. One can not define a struct for the route message since there is
different padding between 32 and 64 bit systems for struct sockaddr_in6.
Instead do what all other daemons do and use struct sockaddr_storage,
iovec and writev.
Problem reported by Joerg Streckfuss (streckfuss at dfn-cert.de)
OK tb@

16 months agorpki-client: fix vap_pas stats
tb [Thu, 29 Jun 2023 14:33:35 +0000 (14:33 +0000)]
rpki-client: fix vap_pas stats

A small mistake in a diff broke the counters. Make them AFI agnostic and
adjust ometric output.

guidance & ok claudio

16 months agoIn rrdp_session_save() stop the loop over deltas once MAX_RRDP_DELTAS
claudio [Thu, 29 Jun 2023 14:09:42 +0000 (14:09 +0000)]
In rrdp_session_save() stop the loop over deltas once MAX_RRDP_DELTAS
have been processed.
With and OK tb@

16 months agoupdate rpki-regress. log.c is no more.
tb [Thu, 29 Jun 2023 10:29:18 +0000 (10:29 +0000)]
update rpki-regress. log.c is no more.

16 months agoRetire log.c
tb [Thu, 29 Jun 2023 10:28:25 +0000 (10:28 +0000)]
Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

16 months agoThere no longer is a need to wrap the (now AFI-agnostic) ASPA providers in objects...
job [Thu, 29 Jun 2023 10:22:37 +0000 (10:22 +0000)]
There no longer is a need to wrap the (now AFI-agnostic) ASPA providers in objects in filemode

OK claudio@

16 months agoregen
jsg [Thu, 29 Jun 2023 07:58:54 +0000 (07:58 +0000)]
regen

16 months agoadd Intel Raptor Lake / 700 Series LP ids
jsg [Thu, 29 Jun 2023 07:58:15 +0000 (07:58 +0000)]
add Intel Raptor Lake / 700 Series LP ids

from:
13th Generation Intel Core Processors
Datasheet, Volume 1 of 2, Doc. No.: 743844, Rev.: 005

Intel 700 Series Chipset Family On-Package Platform Controller Hub (PCH)
Datasheet, Volume 1 of 2, Doc. No.: 763122, Rev.: 001

0xa75d (IPU) 0xa72f 0xa76e (TBT PCIE) not in tables
inferred from a dmesg and pci dev:func descriptions in
13th Generation Intel Core Processors
Datasheet, Volume 2 of 2, Doc. No.: 764981, Rev.: 1.2

16 months agoDrop the no longer necessary -DLIBRESSL_CRYPTO_INTERNAL
tb [Thu, 29 Jun 2023 06:12:04 +0000 (06:12 +0000)]
Drop the no longer necessary -DLIBRESSL_CRYPTO_INTERNAL

ok miod

16 months agoMove check_defer() and obj_cleanup_defer to evp/names.c
tb [Thu, 29 Jun 2023 06:11:33 +0000 (06:11 +0000)]
Move check_defer() and obj_cleanup_defer to evp/names.c

These formerly public symbols are the last things hidden by
LIBRESSL_CRYPTO_INTERNAL. Most of their use is in evp/names.c
Unfortunately, check_defer() needs to know about NUM_NIDS, so
its implementation needs to remain in obj_dat.c, the only file
that can include obj_dat.h due to NID tables.

ok miod

16 months agopfioctl() must make sure pfioctl_rw() gets unlocked before function returns.
sashan [Wed, 28 Jun 2023 21:33:35 +0000 (21:33 +0000)]
pfioctl() must make sure pfioctl_rw() gets unlocked before function returns.

OK bluhm@

16 months agoAdjust EC_GROUP_get_basis_type() documentation
tb [Wed, 28 Jun 2023 18:07:07 +0000 (18:07 +0000)]
Adjust EC_GROUP_get_basis_type() documentation

After the GF2m removal, this function always returns 0, so adjust the
documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis()
that were left behind. Also add a tiny grammar tweak in the HISTORY
section.

16 months agorevert makefile change included by mistake in previous
op [Wed, 28 Jun 2023 17:36:51 +0000 (17:36 +0000)]
revert makefile change included by mistake in previous

16 months agodrop needless strcspn in the header parsing
op [Wed, 28 Jun 2023 17:36:09 +0000 (17:36 +0000)]
drop needless strcspn in the header parsing

like done in ftp' fetch.c revision 1.216.

ok tb

16 months agodrop needless strcspn in the header parsing
op [Wed, 28 Jun 2023 17:35:06 +0000 (17:35 +0000)]
drop needless strcspn in the header parsing

since fetch.c revision 1.211, ftp removes trailingwhitespaces early so
there's no need to re-do that when parsing a header.

while here, remove an unused variable too.

ok tb, millert

16 months agoThe warning noise due to the ASPA transition is just that: noise.
tb [Wed, 28 Jun 2023 17:24:20 +0000 (17:24 +0000)]
The warning noise due to the ASPA transition is just that: noise.
Switch to warnx() instead of cryptowarnx() for now.

ok job

16 months agoRevert r1.406 "Close all pf transactions before opening a new one in DIOCGETRULES."
kn [Wed, 28 Jun 2023 15:36:08 +0000 (15:36 +0000)]
Revert r1.406 "Close all pf transactions before opening a new one in DIOCGETRULES."

regress/sbin/pfctl panics with "rw_enter: pfioctl_rw locking against myself"
as reported by bluhm on bugs@.

16 months agoAdd support to verify X509 chain from CERT payloads.
tobhe [Wed, 28 Jun 2023 14:10:24 +0000 (14:10 +0000)]
Add support to verify X509 chain from CERT payloads.
Encode cert and intermediate CAs in new cert bundle object,
so the information can be passed to the ca process in one step.
Pass untrusted intermediates to X509_verify_cert().

From markus@

16 months agoDon't call daemon() after proc_init(), otherwise the child processes
gerhard [Wed, 28 Jun 2023 12:31:19 +0000 (12:31 +0000)]
Don't call daemon() after proc_init(), otherwise the child processes
would lose their parent.

ok tobhe@

16 months agoRefactor editor_allocspace() into easier to follow pieces.
krw [Wed, 28 Jun 2023 12:12:48 +0000 (12:12 +0000)]
Refactor editor_allocspace() into easier to follow pieces.

editor_allocspace() interates over alloc_tables calling
allocate_space().  allocate_space() iterates over
space_allocations calling allocate_partition().
allocate_partition() calls allocate_diskchunk() which finds disk
space for the partition.

No intentional functional change.

ok otto@

16 months agouse refcnt API for multicast addresses, add tracepoint:refcnt:ifmaddr probe
kn [Wed, 28 Jun 2023 11:49:49 +0000 (11:49 +0000)]
use refcnt API for multicast addresses, add tracepoint:refcnt:ifmaddr probe

Replace hand-rolled reference counting with refcnt_init(9) and hook it up
with a new dt(4) probe.

OK bluhm mvs

16 months agofix parsing of the Last-Modified header
op [Wed, 28 Jun 2023 11:07:28 +0000 (11:07 +0000)]
fix parsing of the Last-Modified header

Was overlooked in r1.209.

diff from 'a dog' (OpenBSD [at] anthropomorphic [dot] dog)
ok tb, sthen

16 months agoadd `notab' to the list of modes that can be set with set-default-mode
op [Wed, 28 Jun 2023 08:37:52 +0000 (08:37 +0000)]
add `notab' to the list of modes that can be set with set-default-mode

specify also that it can be set globally with set-default-mode, as done
in the description of the other built-in modes.

Diff from Simon Branch (that I got via jmc@), thanks!

16 months agoFirst step at removing struct sleep_state.
claudio [Wed, 28 Jun 2023 08:23:25 +0000 (08:23 +0000)]
First step at removing struct sleep_state.

Pass the timeout and sleep priority not only to sleep_setup() but also
to sleep_finish(). With that sls_timeout and sls_catch can be removed
from struct sleep_state.

The timeout is now setup first thing in sleep_finish() and no longer as
last thing in sleep_setup(). This should not cause a noticeable difference
since the code run between sleep_setup() and sleep_finish() is minimal.

OK kettenis@

16 months agoAdd qctsens(4), a driver for the Temperature Sensor found on Qualcomm SoCs.
patrick [Tue, 27 Jun 2023 22:38:46 +0000 (22:38 +0000)]
Add qctsens(4), a driver for the Temperature Sensor found on Qualcomm SoCs.

The driver not only provides the temperature readings for the cores, cluster
and memory in hw.sensors, but also allows the thermal zone code to act on
temperature changes.

ok drahn@

16 months agoInform fw_update(8) about qcpas(4) pattern.
patrick [Tue, 27 Jun 2023 22:31:27 +0000 (22:31 +0000)]
Inform fw_update(8) about qcpas(4) pattern.

ok kettenis@

16 months agoIntroduce M_IFGROUP type of memory allocation. M_TEMP is unreasonable
mvs [Tue, 27 Jun 2023 21:02:13 +0000 (21:02 +0000)]
Introduce M_IFGROUP type of memory allocation. M_TEMP is unreasonable
for interface groups data allocations.

ok kn claudio bluhm

16 months agoZap stray space
tb [Tue, 27 Jun 2023 18:19:59 +0000 (18:19 +0000)]
Zap stray space

16 months agoUse shared net lock for DIOCGETIFACES
kn [Tue, 27 Jun 2023 17:36:56 +0000 (17:36 +0000)]
Use shared net lock for DIOCGETIFACES

snmpd(8) and 'pfctl -s Interfaces' dump pf's internal list of interfaces.

pf's internal interface list is completely protected by the pf lock,
pf lock assertions since pf_if.c r1.110 from over a week ago support this.

pfi_*() iterate over net lock protected if_groups lists, but only to read,
so downgrade from exclusive write net lock to a shared read-only one.

Feedback mvs
OK sashan

16 months agoRemove net lock from DIOC{SET,CLR}IFFLAG
kn [Tue, 27 Jun 2023 17:29:38 +0000 (17:29 +0000)]
Remove net lock from DIOC{SET,CLR}IFFLAG

pf.conf's 'set skip on ifN' and 'pfctl -F all|Reset' set and clear flags,
PFI_IFLAG_SKIP being the only flag.  Nothing else in base uses these ioctls
and internal state is protected by the pf lock already.

OK sashan

16 months agoAttach 0x51f1 devices to iwx(4) and fix params used for 0x7a70 devices.
stsp [Tue, 27 Jun 2023 15:31:27 +0000 (15:31 +0000)]
Attach 0x51f1 devices to iwx(4) and fix params used for 0x7a70 devices.

from reyk@

16 months agoregen
stsp [Tue, 27 Jun 2023 15:30:55 +0000 (15:30 +0000)]
regen

16 months agoadd 0x51f1 iwx(4) PCI device ID; from reyk@
stsp [Tue, 27 Jun 2023 15:30:25 +0000 (15:30 +0000)]
add 0x51f1 iwx(4) PCI device ID; from reyk@

16 months agoMake it possible to store the kstack or ustack in a map (as value, not key).
claudio [Tue, 27 Jun 2023 14:17:00 +0000 (14:17 +0000)]
Make it possible to store the kstack or ustack in a map (as value, not key).
Additionally fix the bacmp() function to work on integers and strings.
bacmp() is used when maps are printed out since the output is sorted by value.
Also adjust the rule parser to look into correctly into if branches to figure
out which values to request from the kernel.
OK kn@

16 months agoDocument the map specific functions (count, max, min, sum) in their own
claudio [Tue, 27 Jun 2023 14:13:33 +0000 (14:13 +0000)]
Document the map specific functions (count, max, min, sum) in their own
part of the bt.5 man page.
Input and OK kn@

16 months agoremove allupdates marker, it was only used by the short-lived
espie [Tue, 27 Jun 2023 11:11:46 +0000 (11:11 +0000)]
remove allupdates marker, it was only used by the short-lived
"@option explicit-update" flavor of firmware circa 2013.

pkg_add hasn't needed to know about this since basically forever

16 months agoSwitch from get_rfc*() to BN_get_rfc*()
tb [Tue, 27 Jun 2023 11:03:41 +0000 (11:03 +0000)]
Switch from get_rfc*() to BN_get_rfc*()

The existence of the public get_rfc*() API is a historic curiosity that may
soon be corrected. We inherited its use and it survived in libssl until now.
Switch to the better named BN_get_rfc*() wrappers.

ok jsing

16 months agoamd64: MCOUNT_EXIT: restore interrupts, don't unconditionally reenable them
cheloha [Tue, 27 Jun 2023 10:11:15 +0000 (10:11 +0000)]
amd64: MCOUNT_EXIT: restore interrupts, don't unconditionally reenable them

This bug can cause all sorts of problems, but in particular it was
most easily reproduced as a double fault in the syscall return path on
this CPU model:

Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz

Tons of help from guenther@ in narrowing down the root cause.  Fix
tweaked by guenther@.  Additional input from deraadt@ and kettenis@.

ok guenther@

16 months agoReturn error if the USB request to get the sample rate fails.
ratchov [Tue, 27 Jun 2023 09:28:08 +0000 (09:28 +0000)]
Return error if the USB request to get the sample rate fails.

found by mlarkin

16 months agoRemove some dead code from ECPKParameters_print()
tb [Tue, 27 Jun 2023 07:32:29 +0000 (07:32 +0000)]
Remove some dead code from ECPKParameters_print()

This code is unreachable since binary curve support was removed.
There is a lot more to clean up in here...

ok jsing

16 months agoRemove the now unused poly[] from EC_GROUP
tb [Tue, 27 Jun 2023 07:31:18 +0000 (07:31 +0000)]
Remove the now unused poly[] from EC_GROUP

This was needed for defining the multiplication over binary fields. Since
that code is gone, this is no longer needed.

ok jsing

16 months agoSimplify EC_GROUP_get_basis_type()
tb [Tue, 27 Jun 2023 07:28:57 +0000 (07:28 +0000)]
Simplify EC_GROUP_get_basis_type()

The remaining EC_METHODs in libcrypto all have a field type of
NID_X9_62_prime_field, so this function always returns 0. Make
that more obvious.

ok jsing

16 months agoOn amd64, test whether PKU has been enabled and set our expectation
guenther [Mon, 26 Jun 2023 19:03:03 +0000 (19:03 +0000)]
On amd64, test whether PKU has been enabled and set our expectation
of the results based on that.  Also, the system now enforces
unreadability in copyin() of ld.so, libc, and application text,
even when PKU isn't enabled, so adjust those results to match.

ok deraadt@ anton@

16 months agoUpdate regress files to aspa-profile-15 format
job [Mon, 26 Jun 2023 18:55:52 +0000 (18:55 +0000)]
Update regress files to aspa-profile-15 format

16 months agoDecode and validate ASPA objects following the v1 syntax
job [Mon, 26 Jun 2023 18:39:53 +0000 (18:39 +0000)]
Decode and validate ASPA objects following the v1 syntax

Through draft-ietf-sidrops-aspa-profile-15, the ASPA profile was
made AFI-agnostic. This represents a simplification for both operators
and implementers in both the RPKI and BGP layers of the stack.

This update changes the JSON structure.

No effort was made to simultaneously support ASPA v0 and v1 objects.

OK tb@ claudio@

16 months agopax: truncate times to MAX_TIME_T, not INT_MAX
millert [Mon, 26 Jun 2023 18:00:59 +0000 (18:00 +0000)]
pax: truncate times to MAX_TIME_T, not INT_MAX
If the mtime in the file header is larger than MAX_TIME_T, trucate
it to MAX_TIME_T, not INT_MAX.  OK otto@

16 months agopax: use safe_print() to display messages which may include file names.
millert [Mon, 26 Jun 2023 16:58:50 +0000 (16:58 +0000)]
pax: use safe_print() to display messages which may include file names.
Reported by David Leadbeater.  OK op@

16 months agotimeout_hardclock_update: provide initial value for automatic variables
cheloha [Mon, 26 Jun 2023 16:26:20 +0000 (16:26 +0000)]
timeout_hardclock_update: provide initial value for automatic variables

16 months agoFix Ed Schouten's name
tb [Mon, 26 Jun 2023 15:28:52 +0000 (15:28 +0000)]
Fix Ed Schouten's name

from weerd

16 months agoStart using the new ibuf API in eigrpd. One ibuf_seek() still left since
claudio [Mon, 26 Jun 2023 14:07:19 +0000 (14:07 +0000)]
Start using the new ibuf API in eigrpd. One ibuf_seek() still left since
the change is not trivial and I don't have a eigrp testbed.
OK tb@

16 months agoImprove the conn_err() bufferevent error callback. To better report errors.
claudio [Mon, 26 Jun 2023 10:28:12 +0000 (10:28 +0000)]
Improve the conn_err() bufferevent error callback. To better report errors.
OK kn@

16 months agoUpdate and refactor dvrmpd to use the new ibu API.
claudio [Mon, 26 Jun 2023 10:08:56 +0000 (10:08 +0000)]
Update and refactor dvrmpd to use the new ibu API.

Do the checksum calculation in send_packet() instead of doing it all over
the place. This way the fixup only happens in one place.
OK tb@

16 months agoAdjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics
tb [Mon, 26 Jun 2023 08:57:17 +0000 (08:57 +0000)]
Adjust EVP_PKEY_CTRL_HKDF_KEY to OpenSSL's semantics

For some reason there is no NULL check on setting the HKDF key for p2 like
in the other cases in the switch, instead OpenSSL fail in memdup, nulling
out the key but leaving he key_len at the old value. This looks accidental
but our behavior makes some haproxy regress tests segfault. So mimic weird
OpenSSL semantics but in addition set the key_len to 0.

Reported by Ilya Shipitsin

ok jsing

16 months agoWhen exiting alternate screen, there is no need to reflow when going
nicm [Mon, 26 Jun 2023 08:14:19 +0000 (08:14 +0000)]
When exiting alternate screen, there is no need to reflow when going
back to old size since the contents will be overwritten. GitHub issue
3510.

16 months agoRevert unrelated change that sneaked into the pf_ioctl.c commit.
claudio [Mon, 26 Jun 2023 07:52:18 +0000 (07:52 +0000)]
Revert unrelated change that sneaked into the pf_ioctl.c commit.

16 months agoClose all pf transactions before opening a new one in DIOCGETRULES.
claudio [Mon, 26 Jun 2023 07:49:48 +0000 (07:49 +0000)]
Close all pf transactions before opening a new one in DIOCGETRULES.

Processes like snmpd or systat open pf(4) once and then issue many
DIOCGETRULES calls over their runtime. This accumulates many pf_trans
structs over their lifetime. At some point the kernel runs out of
memory because of that. By closing all transactions before creating
a new one, long living processes do no longer leak transactions.

This probably needs further refinement once more transactions types are
added but for now this solves the problem.

Problem found by florian@
OK sashan@ kn@

16 months agoAdd "us" to styles for underscore colour, GitHub issue 3589.
nicm [Mon, 26 Jun 2023 07:17:40 +0000 (07:17 +0000)]
Add "us" to styles for underscore colour, GitHub issue 3589.

16 months agofix grammar of the comment describing pat_chk(); ok millert@
op [Mon, 26 Jun 2023 07:10:17 +0000 (07:10 +0000)]
fix grammar of the comment describing pat_chk(); ok millert@

16 months agodocument handling of NULL envp as an extension;
jmc [Mon, 26 Jun 2023 06:58:18 +0000 (06:58 +0000)]
document handling of NULL envp as an extension;
from lucas de sena
ok espie

16 months agoProvide kstats based on the byte and packet counters available in some
jmatthew [Sun, 25 Jun 2023 22:36:09 +0000 (22:36 +0000)]
Provide kstats based on the byte and packet counters available in some
dwge(4) implementations.  The counters are all 32 bit, so enable reset-on-read
and accumulate them into 64 bit software counters, and enable the MMC
interrupts that indicate one or more counters is halfway to overflowing.
Tested on an RK3399, which has the counters, and an Allwinner A20, which
doesn't.

ok dlg@

16 months agoAdd missing RCS marker
tb [Sun, 25 Jun 2023 19:43:28 +0000 (19:43 +0000)]
Add missing RCS marker

16 months agoRemove unneeded bn_local.h and drop a NULL check
tb [Sun, 25 Jun 2023 19:35:56 +0000 (19:35 +0000)]
Remove unneeded bn_local.h and drop a NULL check

16 months agoMove ECDSA_size() to ecs_ossl.c to match what was done in ecdh
tb [Sun, 25 Jun 2023 19:33:39 +0000 (19:33 +0000)]
Move ECDSA_size() to ecs_ossl.c to match what was done in ecdh

16 months agoWith ech_local.h gone, we no longer need to -I ecdh
tb [Sun, 25 Jun 2023 19:29:30 +0000 (19:29 +0000)]
With ech_local.h gone, we no longer need to -I ecdh

16 months agoRemove ech_local.h
tb [Sun, 25 Jun 2023 19:28:47 +0000 (19:28 +0000)]
Remove ech_local.h

16 months agoStop including ech_local.h
tb [Sun, 25 Jun 2023 19:26:04 +0000 (19:26 +0000)]
Stop including ech_local.h

16 months agoRemove prototypes for EC_KEY_{get,insert}_key_method_data()
tb [Sun, 25 Jun 2023 19:22:21 +0000 (19:22 +0000)]
Remove prototypes for EC_KEY_{get,insert}_key_method_data()

These were accidentally left behind in a previous commit.

16 months agoMove ecdh_KDF_X9_63() to ec_local.h
tb [Sun, 25 Jun 2023 19:20:57 +0000 (19:20 +0000)]
Move ecdh_KDF_X9_63() to ec_local.h

In anticipation of merging ecdh/ and ecdsa/ into ec/, move the last
remaining thing in ech_local.h where it will soon belong.

16 months agoMove ECDH_size() to ech_key.c
tb [Sun, 25 Jun 2023 19:17:43 +0000 (19:17 +0000)]
Move ECDH_size() to ech_key.c

This way the public ECDH API that will remain in libcrypto is in one file
and the public ECDH API that will go is in the other one.

16 months agoMove the ecdh_method struct declaration to ech_lib.c
tb [Sun, 25 Jun 2023 19:14:14 +0000 (19:14 +0000)]
Move the ecdh_method struct declaration to ech_lib.c

No other file uses this anymore

16 months agoMove ECDH_OpenSSL() ECDSA_OpenSSL() to *_lib.c
tb [Sun, 25 Jun 2023 19:04:35 +0000 (19:04 +0000)]
Move ECDH_OpenSSL() ECDSA_OpenSSL() to *_lib.c

Now that they no longer use static methods, they can move where they
belong. Also make the static method const, as it should have been all
along.

16 months agoRemove EC_EXTRA_DATA
tb [Sun, 25 Jun 2023 18:52:27 +0000 (18:52 +0000)]
Remove EC_EXTRA_DATA

With the ecdh_check() and ecdsa_check() abominations gone, we can finally
get rid of EC_EXTRA_DATA and EC_KEY_{get,insert}_key_method_data(). The
EC_EX_DATA_*() handlers, (which fortunately have always had "'package'
level visibility") join the ride to the great bit bucket in the sky.

Thanks to op for making this possible.

ok jsing

16 months agoRemove {ecdh,ecdsa}_check() and {ECDH,ECDSA}_DATA
tb [Sun, 25 Jun 2023 18:45:56 +0000 (18:45 +0000)]
Remove {ecdh,ecdsa}_check() and {ECDH,ECDSA}_DATA

This is now unused code. Removing it will free us up to remove some
other ugliness in the ec directory.

ok jsing

16 months agoRemove method wrappers that use {ecdh,ecdsa}_check()
tb [Sun, 25 Jun 2023 18:41:36 +0000 (18:41 +0000)]
Remove method wrappers that use {ecdh,ecdsa}_check()

Now that it is no longer possible to set a custom {ECDH,ECDSA}_METHOD,
EC_KEY_METHOD can just call the relevant method directly without the
need for this extra contortion.

ok jsing

16 months agoecdsa_do_sign(): remove useless ecdsa_check() call
tb [Sun, 25 Jun 2023 18:35:28 +0000 (18:35 +0000)]
ecdsa_do_sign(): remove useless ecdsa_check() call

ok jsing

16 months agoMake ECDH and ECDSA ex_data handlers always fail
tb [Sun, 25 Jun 2023 18:27:38 +0000 (18:27 +0000)]
Make ECDH and ECDSA ex_data handlers always fail

They will be removed in the next major bump. No port uses them. They use
code that is in the way of upcoming surgery. Only libtls and smtpd used
to use the ECDSA version.

ok jsing

16 months agoMake {ECDH,ECDSA}_set_method() always fail
tb [Sun, 25 Jun 2023 18:24:33 +0000 (18:24 +0000)]
Make {ECDH,ECDSA}_set_method() always fail

They will be removed in the next major bump. No port uses them. They use
code that is in the way of upcoming surgery. Only libtls used the ECDSA
version, but thankfully op cleaned that up.

ok jsing

16 months agox509v3.h: unwrap a line
tb [Sun, 25 Jun 2023 18:15:21 +0000 (18:15 +0000)]
x509v3.h: unwrap a line

16 months agoSGR 0 should not end hyperlink, reported by Lucas Trzesniewski.
nicm [Sun, 25 Jun 2023 15:53:07 +0000 (15:53 +0000)]
SGR 0 should not end hyperlink, reported by Lucas Trzesniewski.

16 months agoAdjust/fix X509_check_purpose(3) documentation
tb [Sun, 25 Jun 2023 13:54:58 +0000 (13:54 +0000)]
Adjust/fix X509_check_purpose(3) documentation