miod [Fri, 2 Sep 2022 10:12:46 +0000 (10:12 +0000)]
Remove non-_KERNEL code path for division by zero. This will allow the
bootblocks to shrink a little.
florian [Fri, 2 Sep 2022 09:39:55 +0000 (09:39 +0000)]
Write /etc/resolv.conf in a more atomic manner.
There were few reports were /etc/resolv.conf would lose user-managed
lines, possibly caused by a system crash.
While here add a call to fsync(2) which might also help.
input otto
input & OK deraadt, kn
mlarkin [Fri, 2 Sep 2022 09:02:37 +0000 (09:02 +0000)]
Get the retguard region's phys address from pmap, instead of using linker
script symbols. This is needed since we don't have those symbols on all
archs where we want hibernate.
ok kettenis, and input and help from miod.
kn [Fri, 2 Sep 2022 08:13:03 +0000 (08:13 +0000)]
Add softraid(4) RAID 1C boot support
Equivalent of sys/arch/arm64/stand/efiboot/softraid_arm64.c r1.4:
(commitid: Ka484R3swI5xSRWO) "Add softraid(4) RAID 1C boot support".
Tell the boot loader to decrypt 1C like C volumes and check the number of
disks in 1C like in 1C volumes -- no new code rquired.
Tested on T4-2 guest domains
"Looks reasonable" kettenis
OK stsp
NB: While kernel and boot loader support root on softraid on sparc64,
installboot(8) still needs a pending fix for installations on multi-chunk
softraid volumes. Until then, the usual installation process will fail on
1C volumes and requires manual fixup.
krw [Fri, 2 Sep 2022 07:46:03 +0000 (07:46 +0000)]
Adopt a terser specification of an MBR partition table of
64 zeros, suggested by miod@ a while ago.
ok mlarkin@
benno [Fri, 2 Sep 2022 07:38:14 +0000 (07:38 +0000)]
Make newer mime type definitions take precedence over existing ones.
Patch from Ben Fuller <ben -AT- bvnf -DOT- space>,
helped along by florian@
ok florian@ and some mumblings from claudio who does not want okays in httpd.
deraadt [Fri, 2 Sep 2022 07:37:57 +0000 (07:37 +0000)]
openpty() family of functions use /dev/ptm PTMGET to open a master+slave fd
pair, and also provides their names. Internally, 3 NDINIT+namei operations
access /dev/[tp]ty[p-zP-T][0-9a-zA-Z], of these 2 followed unveil restrictions.
I argue if you unveil /dev/ptm, (and not the 372 other nodes), you still want
openpty() to provide you with working fd's, and the names, which the caller
will probably never open manually, because the fd's are given.
So change all NDINIT to use KERNELPATH, bypassing unveil.
ok semarie
martijn [Fri, 2 Sep 2022 07:07:45 +0000 (07:07 +0000)]
The sysORTable doesn't have 10 entries anymore.
Adjust the test for now to -Cr4, which isn't exactly in the spirit of the
test but fixes things for now.
Now that we have agentx I should write a backend with more predictable
output to make regress more stable.
pointed out by anton@
miod [Fri, 2 Sep 2022 06:19:04 +0000 (06:19 +0000)]
Use a shorter system call invocation template for system calls in the range
0-127, where immediate addressing can be used to load the system call number
in r0, rather than performing a memory load using pc-relative addressing.
No functional change, but rm(1) runs a couple cycles faster per file now.
djm [Fri, 2 Sep 2022 04:20:02 +0000 (04:20 +0000)]
sk-usbhid: fix key_lookup() on tokens with built-in UV
explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
job [Thu, 1 Sep 2022 22:24:40 +0000 (22:24 +0000)]
Zap IRR RFC reference for the 'bgpctl irrfilter' command which was deprecated in 6.6
dv [Thu, 1 Sep 2022 22:01:40 +0000 (22:01 +0000)]
vmm(4): send all port io emulation to userland
Simplify things by sending any io exits from IN/OUT instructions
to userland instead of trying to emulate anything in the kernel.
vmm was sending most pertinent exits to vmd anyways, so this
functionally changes little.
An added benefit is this solves an issue reported by tb@ where i386
OpenBSD guests would probe for a pc keyboard repeatedly and cause
excessive vm exits. (The emulation in vmm was not properly handling
these port reads.)
While here, make the assignment of the VEI_DIR_{IN,OUT} enum values
not assume the underlying integer the compiler may assign.
ok mlarkin@
mlarkin [Thu, 1 Sep 2022 21:50:19 +0000 (21:50 +0000)]
whitespace
job [Thu, 1 Sep 2022 21:15:54 +0000 (21:15 +0000)]
Add forest (-f) mode
In -f mode group & display parent/child process relationships using ASCII art.
Borrows heavily from Brian Somers' work on FreeBSD ps(1).
With input from deraadt@ and tb@
OK benno@ claudio@
tb [Thu, 1 Sep 2022 20:36:25 +0000 (20:36 +0000)]
ugly whitespace
mvs [Thu, 1 Sep 2022 18:21:22 +0000 (18:21 +0000)]
Move PRU_CONNECT2 request to (*pru_connect2)().
ok bluhm@
sthen [Thu, 1 Sep 2022 18:18:24 +0000 (18:18 +0000)]
sync
jmc [Thu, 1 Sep 2022 18:15:04 +0000 (18:15 +0000)]
change part of entry description for tf from "cat" to "C/A/T";
from josiah frentsos
kn [Thu, 1 Sep 2022 17:23:36 +0000 (17:23 +0000)]
Fill the gaps for armv7, powerpc64 and riscv64
These still fail early on due to the opendev(3)/diskmap(4) race condition,
so only hook them up after the kernel is fixed.
Note to self: some distrib/${MACHINE}/ramdisk/install.md pass explicit
newfs(8) flags -- this might be needed here; test once all the relevant
kernel and installboot(8) bugs are squashed and this regress suite can be
run normally.
mlarkin [Thu, 1 Sep 2022 17:07:09 +0000 (17:07 +0000)]
whitespace
krw [Thu, 1 Sep 2022 15:48:51 +0000 (15:48 +0000)]
d_bbsize and d_sbsize are entirely absent from the tree.
Rename them d_spare2 and d_spare3.
ok otto@ as part of larger diff
benno [Thu, 1 Sep 2022 15:43:07 +0000 (15:43 +0000)]
fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@
millert [Thu, 1 Sep 2022 15:21:28 +0000 (15:21 +0000)]
Update awk to Aug 30, 2022 version.
Various leaks and use-after-free issues plugged/fixed.
tb [Thu, 1 Sep 2022 15:19:16 +0000 (15:19 +0000)]
Check sk_SSL_CIPHER_push() return value
CID 24797
ok jsing
martijn [Thu, 1 Sep 2022 14:34:17 +0000 (14:34 +0000)]
Add privilege separation to snmpd.
This uses the just imported snmpd_metrics as a new (agentx-based) backend.
Snmpd(8) executes all files in /usr/libexec/snmpd and treats regions
registered by these binaries as authorative, so that no other agentx
backends can overwrite them. The snmpe process is now pledged
"stdio recvfd inet unix".
This removes quite a few entries from the sysORTable, but the current
entries are non-compliant anyway and should be completely revisisted at a
later time.
Reduces the time for a full walk by about a factor of 4, bringing us close
to the original speed before application.c was introduced.
General design discussed with claudio@
Tested by and OK sthen
Release build test and OK tb@
benno [Thu, 1 Sep 2022 14:23:25 +0000 (14:23 +0000)]
add checks that unveil() is doing the right thing irt. bind() and connect()
martijn [Thu, 1 Sep 2022 14:22:55 +0000 (14:22 +0000)]
Hook up snmpd_metrics
OK tb@, sthen@
martijn [Thu, 1 Sep 2022 14:20:32 +0000 (14:20 +0000)]
Import snmpd_metrics.
This contains snmpd's mib.c (and friends) adjusted for libagentx.
This standalone binary is to be used by snmpd to achieve privilege
separation.
If people need net-snmpd, but want some of the base snmpd metrics they can
start this binary as a normal daemon and connect to net-snmpd's agentx
socket.
Tested, Feedback, and OK sthen@
Release build test, and OK tb@
tb [Thu, 1 Sep 2022 14:03:29 +0000 (14:03 +0000)]
Link sha test to regress
tb [Thu, 1 Sep 2022 14:02:41 +0000 (14:02 +0000)]
Add a nicely licensed, table-driven test for SHA
This tests covers the NIST vectors for SHA-{1,224,256,384,256} and will
soon be able to replace the old SHA tests entirely.
From Joshua Sing <joshua () hypera ! dev>
krw [Thu, 1 Sep 2022 13:56:21 +0000 (13:56 +0000)]
Drop support for unused attributes 'bs' (d_bbsize) and 'sb'
(d_sbsize).
ok otto@ as part of larger diff
krw [Thu, 1 Sep 2022 13:45:26 +0000 (13:45 +0000)]
Stop setting d_bbsize and d_sbsize. Nobody has paid
any attention for some time.
ok otto@ as part of larger diff
krw [Thu, 1 Sep 2022 13:37:57 +0000 (13:37 +0000)]
Nuke comment about not using d_sbsize.
ok otto@ as part of larger diff
krw [Thu, 1 Sep 2022 13:35:02 +0000 (13:35 +0000)]
d_bbsize and d_sbsize have become write-only fields.
No need to set them or check that they are set.
ok otto@ as part of larger diff
martijn [Thu, 1 Sep 2022 13:24:28 +0000 (13:24 +0000)]
At the moment unveil(2) doesn't check the path for bind(2) or connect(2).
This is about to change and connect(2) will require "w", not "r".
OK deraadt@ florian@ mestre@
claudio [Thu, 1 Sep 2022 13:23:24 +0000 (13:23 +0000)]
Switch the rde_peer hashtable and peer list to a single RB tree.
Only the RDE used a hashtable for lookups while the session engine
switched from a list to RB tree some time ago.
Use peer_foreach() in the mrt code instead of passing the peer list
as an argument.
OK benno@ tb@
claudio [Thu, 1 Sep 2022 13:19:11 +0000 (13:19 +0000)]
This code no longer needs siphash.h and also cleanup some leftover
prototypes and members that were not removed in the previous RB tree
conversions.
OK benno@ tb@
deraadt [Thu, 1 Sep 2022 12:28:53 +0000 (12:28 +0000)]
the VNDIOCSET ioctl path handling bypassed the unveil, so root (or .operator)
could read a file outside the space.
ok semarie benno tb
kn [Thu, 1 Sep 2022 08:52:30 +0000 (08:52 +0000)]
Fix logic bug
USE_SOFTRAID=Yes means the softraid volume itself *does* need to be
formatted.
krw [Thu, 1 Sep 2022 08:18:20 +0000 (08:18 +0000)]
Delete force CHS remnants here too.
Makes file identical to amd64 version again.
ok mlarkin@
jsg [Thu, 1 Sep 2022 07:26:56 +0000 (07:26 +0000)]
remove exec_makecmds() and exec_runcmds() prototypes
removed from kern_exec.c between NetBSD 0.9 and NetBSD 1.0
ajacoutot [Thu, 1 Sep 2022 07:25:32 +0000 (07:25 +0000)]
Add a new action: "configtest", to check configuration syntax of the daemon.
A few adjustments will be done in the next days (like disabling this action if
there's no specific rc_configtest function defined).
e.g.
/etc/rc.d/sshd configtest
rcctl configtest sshd
idea from naddy@
miod [Thu, 1 Sep 2022 05:49:04 +0000 (05:49 +0000)]
Do not embed ident(1) strings in object code.
ok daniel@ deraadt@ jca@
jsg [Thu, 1 Sep 2022 05:40:46 +0000 (05:40 +0000)]
remove ppath_destroy() prototype; function was never committed
jsg [Thu, 1 Sep 2022 05:31:49 +0000 (05:31 +0000)]
remove sb_lock() prototype; removed in uipc_socket2.c 1.64
jsg [Thu, 1 Sep 2022 05:24:51 +0000 (05:24 +0000)]
remove unused prototypes from buf.h
bufcache_getanycleanbuf() removed in vfs_bio.c 1.181
buf_acquire_unmapped() removed in vfs_biomem.c 1.22
buf_print() removed in vfs_bio.c 1.47
cluster_write() removed along with vfs_cluster.c in 2016
kn [Thu, 1 Sep 2022 01:52:08 +0000 (01:52 +0000)]
Don't print device name on failure
Noticed by mistake (wanted `-l'):
# vnconfig l
vnd0
vnconfig: VNDIOCSET: No such file or directory
Same happens if you try to load a bogus file:
# vnconfig ./empty
vnd0
vnconfig: VNDIOCSET: Input/output error
In both cases, the info on stdout is useless as vnd0 is not used.
Defer printing the device until after the file is set up:
# ./obj/vnconfig l
vnconfig: VNDIOCSET: No such file or directory
# ./obj/vnconfig ./empty
vnconfig: VNDIOCSET: Input/output error
OK deraadt
kn [Thu, 1 Sep 2022 01:09:19 +0000 (01:09 +0000)]
Minor internal target names and spacing tweaks, add dry-toofew test
kn [Thu, 1 Sep 2022 00:43:14 +0000 (00:43 +0000)]
Add macppc bits, hook up installboot(8) tests on macppc
Default tests (USE_SOFTRAID=No, NDISKS=1) pass except for 'vnd0 ./ofwboot'
as reported on tech@ (fix pending).
cheloha [Thu, 1 Sep 2022 00:14:36 +0000 (00:14 +0000)]
ts(1): parse user format string only once
Currently, ts(1) reparses the user format string every time it prints
a timestamp. This is wasteful.
If we isolate the parsing loop in fmtfmt() and move the rest of the
work into a new function, fmtprint(), we can cut some overhead out
of the hot loop.
We still need to update any microsecond substrings in the parsed
format string every time we print a timestamp. So during parsing in
fmtfmt() we build a list of pointers to locations in the parsed buffer
where the microsecond substring needs to be copied during fmtprint().
With input from deraadt@.
Link1: https://marc.info/?l=openbsd-tech&m=
165769139318084&w=2
Link2: https://marc.info/?l=openbsd-tech&m=
165910022501353&w=2
OK job@
kn [Thu, 1 Sep 2022 00:13:35 +0000 (00:13 +0000)]
Hook up installboot(8) tests on sparc64
Default tests (USE_SOFTRAID=Yes, NDISKS='1 2') pass except for '-r mnt',
as mentioned (fix pending).
USE_SOFTRAID=no and/or NDISKS=1 make '-r mnt' work.
kn [Wed, 31 Aug 2022 23:53:22 +0000 (23:53 +0000)]
Introduce USE_SOFTRAID to allow testing on vnd(4) directly
This is mostly for architectures which don't have softraid(4) support
in installboot(8), but should also be useful in general to test different
setups and thus increase coverage.
Default to root on softraid on vnd on all architectures that support it:
amd64, arm64, i386 and sparc64; use root on vnd on others (yet to come).
patrick [Wed, 31 Aug 2022 23:31:35 +0000 (23:31 +0000)]
Compare equality of looked up node using pointers instead of
strings, as the component name provided in the IORT might be
specified in a different way than our ACPI stack would do.
ok kettenis@
kn [Wed, 31 Aug 2022 23:10:01 +0000 (23:10 +0000)]
Silence cleanup, rename internal setup targets for clarity
kn [Wed, 31 Aug 2022 22:54:41 +0000 (22:54 +0000)]
Always run prepare
Not all architectures require/implement -p, but installboot(8) provides stubs,
so leave it to the program to (not) do something.
jmc [Wed, 31 Aug 2022 22:27:14 +0000 (22:27 +0000)]
use the posix phrasing to improve the description of "shift";
nudge from luka krmpotic
tb [Wed, 31 Aug 2022 21:34:14 +0000 (21:34 +0000)]
Add an empty line for consistency.
mvs [Wed, 31 Aug 2022 21:23:02 +0000 (21:23 +0000)]
Move PRU_SENDOOB request to (*pru_sendoob)().
PRU_SENDOOB request always consumes passed `top' and `control' mbufs. To
avoid dummy m_freem(9) handlers for all protocols release passed mbufs
in the pru_sendoob() EOPNOTSUPP error path.
Also fix `control' mbuf(9) leak in the tcp(4) PRU_SENDOOB error path.
ok bluhm@
krw [Wed, 31 Aug 2022 20:52:15 +0000 (20:52 +0000)]
Replace "newfs_msdos" and "fsck_msdos" with "newfs -t msdos" and "fsck -t
msdos".
Add some missing spaces after "=".
Constify the static strings.
Prodded a while ago by deraadt@, tweaks from kn@, ok kn@
tb [Wed, 31 Aug 2022 20:49:37 +0000 (20:49 +0000)]
Recommit -r1.45 but without error checking EVP_PKEY_copy_parameters()
EVP_PKEY_copy_parameters() will unconditionally fail if the pkey's ameth
has no copy_params(). Obviously this is indistinguishable from actual
failure...
ok jsing
patrick [Wed, 31 Aug 2022 20:49:12 +0000 (20:49 +0000)]
Support SMMUv3 IORT nodes as well in the midlayers. This allows IOMMU
mappings to reach a future SMMUv3 implementation.
ok kettenis@, mlarkin@
kn [Wed, 31 Aug 2022 20:48:55 +0000 (20:48 +0000)]
Rename helper vars/files under obj/
Up-front cleanup for a future diff to run directly on vnd(4) without softraid(4).
No functional change.
kn [Wed, 31 Aug 2022 20:23:57 +0000 (20:23 +0000)]
Put MD fdisk usage into new FORMAT_DISK, also softraid volume after chunks
tb [Wed, 31 Aug 2022 20:20:53 +0000 (20:20 +0000)]
Revert r1.46. Causes fireworks in regress.
kettenis [Wed, 31 Aug 2022 20:16:02 +0000 (20:16 +0000)]
MSIs on the x13s are routed through both a "normal" SMMU and a "v3" SMMU.
So handle this case in acpipci(4) and kill the hack to disable MSIs.
ok patrick@, mlarkin@, deraadt@
kn [Wed, 31 Aug 2022 19:40:37 +0000 (19:40 +0000)]
Log copy of /ofwboot
Another step towards more consistent behaviour across platforms.
This leaves only hppa and landisk **not** logging such copies,
but I can't test on those.
OK miod
kn [Wed, 31 Aug 2022 19:38:42 +0000 (19:38 +0000)]
Denote possible answers in the usual manner
OK miod
miod [Wed, 31 Aug 2022 18:46:06 +0000 (18:46 +0000)]
Make installboot on landisk aware of a possible MBR on the disk, and in this
case install the first level bootstrap at the beginning of the of the wd0a
filesystem, rather than at the beginning of the disk.
Both locations work but the previous behaviour overwriting an existing MBR
is a violation of POLA.
tweaks & ok krw@
dv [Wed, 31 Aug 2022 16:17:18 +0000 (16:17 +0000)]
relayd(8): change agentx_getsock to return void
Only has one return value and it's never checked.
ok martijn@, tb@
kettenis [Wed, 31 Aug 2022 16:10:59 +0000 (16:10 +0000)]
Add qcgpio(4) and qciic(4), drivers for the Qualcomm GPIO and I2C controllers
found on the SC8280XP SoC. Together these drivers make the keyboard,
trackpoint and touchpad work on the x13s.
ok deraadt@
claudio [Wed, 31 Aug 2022 15:51:44 +0000 (15:51 +0000)]
Remove IMSG_CTL_SHOW_RIB_HASH and struct rde_hashstats which are no
longer used. Also cleanup some hash sizes which are also no longer used.
OK tb@
kettenis [Wed, 31 Aug 2022 15:14:01 +0000 (15:14 +0000)]
Introduce iic_intr_disestablish() and use it in ihidev(4).
ok jcs@
claudio [Wed, 31 Aug 2022 15:00:53 +0000 (15:00 +0000)]
Remove the hash statistics print code. The RDE no longer sends these
imsgs.
OK tb@
kettenis [Wed, 31 Aug 2022 14:47:22 +0000 (14:47 +0000)]
Add apldc(4), apldchidev(4), apldckdb(4) and aplrtkit(4). Together these
drivers implement support for the Dockchannel-base keyboard found on
Apple M2 laptops.
ok mlarkin@, patrick@
claudio [Wed, 31 Aug 2022 14:29:36 +0000 (14:29 +0000)]
Switch the generic attribute cache to an RB tree.
OK benno@ tb@
tb [Wed, 31 Aug 2022 14:27:34 +0000 (14:27 +0000)]
Remove most mentions of contexts on the stack.
tb [Wed, 31 Aug 2022 13:28:39 +0000 (13:28 +0000)]
nasty whitespace
tb [Wed, 31 Aug 2022 13:01:01 +0000 (13:01 +0000)]
Rework DSA_size() and ECDSA_size()
DSA_size() and ECDSA_size() have a very special hack. They fudge up an
ASN1_INTEGER with a size which is typically > 100 bytes, backed by a
buffer of size 4. This was "fine", however, since they set buf[0] = 0xff,
where the craziness that was i2c_ASN1_INTEGER() only looks at the first
octet (one may then ask why a buffer of size 4 was necessary...).
This changed with the rewrite of i2c_ASN1_INTEGER(), which doesn't
respect this particular hack and rightly assumes that it is fed an
actual ASN1_INTEGER...
Instead, create an appropriate signature and use i2d to determine its
size.
Fixes an out-of-bounds read flagged by ASAN and oss-fuzz.
ok jsing
tb [Wed, 31 Aug 2022 12:29:08 +0000 (12:29 +0000)]
Avoid division by zero if no connection was made.
CID 184043
claudio [Wed, 31 Aug 2022 12:13:59 +0000 (12:13 +0000)]
Add missing OpenBSD id comment
benno [Wed, 31 Aug 2022 11:29:12 +0000 (11:29 +0000)]
make kernel build without INET6 again
ok sashan@
claudio [Wed, 31 Aug 2022 11:25:36 +0000 (11:25 +0000)]
Make sure that only one roa softreconfig runner is run at any time.
If a run takes to long drop the current update and wait for the next update.
OK benno@
krw [Wed, 31 Aug 2022 11:04:41 +0000 (11:04 +0000)]
Remove now unused and unreferenced disktab.h.
krw [Wed, 31 Aug 2022 10:46:33 +0000 (10:46 +0000)]
Whitespace fixes.
tb [Wed, 31 Aug 2022 09:39:59 +0000 (09:39 +0000)]
Some missing return checks
tb [Wed, 31 Aug 2022 09:38:00 +0000 (09:38 +0000)]
Avoid some buffer overflows in ecdsatest
The ASN.1 encoding of the modified ECDSA signature can grow in size due to
padding of the ASN.1 integers. Instead of reusing the same signature buffer
freshly allocate it. Avoids some buffer overflows caught by ASAN.
tb [Wed, 31 Aug 2022 09:36:46 +0000 (09:36 +0000)]
Revert previous. Committed the wrong version of the diff.
tb [Wed, 31 Aug 2022 09:33:39 +0000 (09:33 +0000)]
Avoid some buffer overflows in ecdsatest
The ASN.1 encoding of the modified ECDSA signature can grow in size due to
padding of the ASN.1 integers. Instead of reusing the same signature buffer
freshly allocate it. Avoids some buffer overflows caught by ASAN.
mpi [Wed, 31 Aug 2022 09:26:04 +0000 (09:26 +0000)]
Introduce a function to trylock a page instead of duplicating the logic.
Stolen from NetBSD.
ok jsg@
krw [Wed, 31 Aug 2022 09:20:57 +0000 (09:20 +0000)]
Remove "force CHS" remnants. LBA uber alles.
Mildly sad noises from Nick.
ok miod@ mlarkin@
martijn [Wed, 31 Aug 2022 09:19:22 +0000 (09:19 +0000)]
Rewrite the searchrange end calculation routine.
The old one had a bug which allowed it to move backwards on overlapping
regions and also didn't always returned the optimal end position.
OK tb@
gnezdo [Wed, 31 Aug 2022 09:07:35 +0000 (09:07 +0000)]
Lock vmobjlock then check u_flags & UVM_VNODE_VALID in uvn_attach
This is a continuation of this commit:
"Always acquire the `vmobjlock' before incrementing an object's reference."
Unfortuantely this created a race found by syzkaller manifesting as:
panic: kernel diagnostic assertion "uvn->u_obj.uo_refs == 0" failed:
file "sys/uvm/uvm_vnode.c", line 234
ok mpi@
Reported-by: syzbot+dd2d2684ad2818c927da@syzkaller.appspotmail.com
krw [Wed, 31 Aug 2022 08:35:07 +0000 (08:35 +0000)]
If a partition both starts and ends beyond the end of the unit
only warn about the start.
ok millert@
nicm [Wed, 31 Aug 2022 08:07:05 +0000 (08:07 +0000)]
Fix window size report, from Vincent Bernat.
fcambus [Wed, 31 Aug 2022 07:25:45 +0000 (07:25 +0000)]
Sync the supported hardware list with armv7.html.
OK jsg@
tb [Wed, 31 Aug 2022 07:15:31 +0000 (07:15 +0000)]
Switch loop bounds from size_t to int in check_hosts()
sk_num() can return a negative value, in which case the upper bound is
SIZE_MAX, which results in a very long for loop.
CID 153997
ok jsing
tb [Wed, 31 Aug 2022 07:12:30 +0000 (07:12 +0000)]
Check return values in ssl_print_tmp_key()
Use EVP_PKEY_get0_EC_KEY() instead of the get1 version to avoid an
EVP_PKEY_free(). Check return values: if either EVP_PKEY_get0_EC_KEY()
or EC_KEY_get0_group() fail, a NULL dereference occurs.
CID 43289
ok jsing
tb [Wed, 31 Aug 2022 06:51:36 +0000 (06:51 +0000)]
Avoid potential NULL dereference in ssl_set_pkey()
Switch from X509_get_pubkey() to X509_get0_pubkey() to avoid an unnecessary
EVP_PKEY_free(). Check the return values of X509_get0_pubkey() and
EVP_PKEY_copy_parameters(). If the former returns NULL, the latter will
dereference NULL.
CID 25020
ok jsing
jsg [Wed, 31 Aug 2022 06:23:06 +0000 (06:23 +0000)]
backport Xr fix
ok djm@
djm [Wed, 31 Aug 2022 02:56:40 +0000 (02:56 +0000)]
whitespace