openbsd
3 years agoPrepare to provide a bunch of OCSP_resp_* getters.
tb [Sun, 24 Oct 2021 13:50:14 +0000 (13:50 +0000)]
Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

3 years agoPrepare to provide X509_STORE_CTX_get_num_untrusted()
tb [Sun, 24 Oct 2021 13:48:15 +0000 (13:48 +0000)]
Prepare to provide X509_STORE_CTX_get_num_untrusted()

ok beck jsing

3 years agoPrepare to provide BIO_get_init()
tb [Sun, 24 Oct 2021 13:46:56 +0000 (13:46 +0000)]
Prepare to provide BIO_get_init()

ok beck jsing

3 years agoShuffle variables around and use KASSERT() instead of panic().
mpi [Sun, 24 Oct 2021 13:46:14 +0000 (13:46 +0000)]
Shuffle variables around and use KASSERT() instead of panic().

No functionnal change.

Reduce differences with NetBSD, tested by many as part of a larger diff.

3 years agoImprove variable naming
job [Sun, 24 Oct 2021 13:45:19 +0000 (13:45 +0000)]
Improve variable naming

OK tb@ claudio@

3 years agosync
deraadt [Sun, 24 Oct 2021 13:32:48 +0000 (13:32 +0000)]
sync

3 years agoSince tb@ added DECLARE_STACK_OF(GENERAL_NAMES) to x509v3.h in rev. 1.9
schwarze [Sun, 24 Oct 2021 13:10:46 +0000 (13:10 +0000)]
Since tb@ added DECLARE_STACK_OF(GENERAL_NAMES) to x509v3.h in rev. 1.9
and since CMS_ReceiptRequest_get0_values(3) uses it, add it to the
list of STACK_OF(3) types.

While here, also add the missing CMS_RecipientInfo, CMS_SignerInfo,
OPENSSL_STRING, SRTP_PROTECTION_PROFILE, SSL_CIPHER, SSL_COMP and
X509_NAME to the list of stack types used by the API, drop
STACK_OF(X509_PURPOSE) which is only used internally, and list those
STACK_OF(*) types separately that are obfuscated with typedef.

3 years agoUse ifconfig(8)'s "join" command by default
kn [Sun, 24 Oct 2021 12:32:42 +0000 (12:32 +0000)]
Use ifconfig(8)'s "join" command by default

Its adoption went quite well, so install "join" rather than the old "nwid"
in new hostname.if(5) files and follow this trend in our wifi manuals.

OK deraadt sthen

3 years agonsd 4.3.7 shipped with DNS cookies on and then flipped to a default of
florian [Sun, 24 Oct 2021 12:16:14 +0000 (12:16 +0000)]
nsd 4.3.7 shipped with DNS cookies on and then flipped to a default of
in 4.3.8. Since we shipped 4.3.7 in 7.0 we should not flip-flop
between on and off all the time. Keep the default to on.
Suggested by & OK sthen

3 years agoUpdate to 4.3.8.
florian [Sun, 24 Oct 2021 12:14:18 +0000 (12:14 +0000)]
Update to 4.3.8.
OK sthen

3 years agoRestrict the characterset for filenames on Manifests
job [Sun, 24 Oct 2021 12:06:16 +0000 (12:06 +0000)]
Restrict the characterset for filenames on Manifests

feedback from benno@

OK claudio@

3 years agoImplement poll(2), select(2), ppoll(2) & pselect(2) on top of kqueue.
mpi [Sun, 24 Oct 2021 11:23:22 +0000 (11:23 +0000)]
Implement poll(2), select(2), ppoll(2) & pselect(2) on top of kqueue.

The given set of fds are converted to equivalent kevents using EV_SET(2)
and passed to the scanning internals of kevent(2): kqueue_scan().

ktrace(1) will now output the converted kevents on top of the usuals set
bits to be able to find possible error in the convertion.

This switch implies that poll(2) and select(2) will now query underlying
kqfilters instead of the *_poll() routines.  An increase in latency is
visible, especially with UDP sockets and NET_LOCK()-contended subsystems
and will be addressed in next steps.

Based on similar work done on MacOS and DragonFlyBSD with inputs from
visa@, millert@, anton@, cheloha@, thanks!

Tested by many, thanks!

ok claudio@, bluhm@

3 years agolet pf_table.c to use standard way to work with lists
sashan [Sun, 24 Oct 2021 10:58:43 +0000 (10:58 +0000)]
let pf_table.c to use standard way to work with lists

OK todd@, mvs@, kn@

3 years agoStop setting etype in the MD crypto code. So far we have set the etype
patrick [Sun, 24 Oct 2021 10:26:22 +0000 (10:26 +0000)]
Stop setting etype in the MD crypto code.  So far we have set the etype
and returned the error, which made the MI crypto code set the etype for
a second time.  We still have to set etype after calling the MD process
function, as the callers of crypto_invoke() still expect error handling
to be shown through the etype.  But at least now all MD crypto code does
not have to worry about that anymore.  Once the callers are changed to
not look at etype anymore, we can get rid of it completely.

ok tobhe@

3 years agoFall back to HTTP for fetching automatically
kn [Sun, 24 Oct 2021 10:11:24 +0000 (10:11 +0000)]
Fall back to HTTP for fetching automatically

Drop the "Unable to connect using https. Use http instead?" question as it
does not provide any security benefit;  SHA256.sig is used to verify sets.

Do provide an informative message iff the fallback happened such that
installations/upgrades that cannot Get/Verify first but Install directly
can be aborted in lack of SHA256.sig, i.e. sets were fetched over HTTP and
verification would be skipped.

Discussed with deraadt tb
OK deraadt

3 years agoansi
jsg [Sun, 24 Oct 2021 10:05:22 +0000 (10:05 +0000)]
ansi
ok mpi@ deraadt@

3 years agoProhibit renames of tmpfs mount-points to fix a panic.
patrick [Sun, 24 Oct 2021 09:59:52 +0000 (09:59 +0000)]
Prohibit renames of tmpfs mount-points to fix a panic.

From gerhard@

3 years agoPrepare to provide X509_OBJECT_{new,free}()
tb [Sun, 24 Oct 2021 09:27:48 +0000 (09:27 +0000)]
Prepare to provide X509_OBJECT_{new,free}()

ok beck inoguchi jsing

3 years agoextra 0 fields in cfdriver are not needed
deraadt [Sun, 24 Oct 2021 09:18:51 +0000 (09:18 +0000)]
extra 0 fields in cfdriver are not needed

3 years agopretty & normalize the cfdriver decl
deraadt [Sun, 24 Oct 2021 09:16:53 +0000 (09:16 +0000)]
pretty & normalize the cfdriver decl

3 years agoDon't leak internal->verfied_chain, clean it up in ssl3_clear and free.
beck [Sun, 24 Oct 2021 09:15:00 +0000 (09:15 +0000)]
Don't leak internal->verfied_chain, clean it up in ssl3_clear and free.

spotted by and ok jsing@

3 years agoAnther day another broken test-http.c report from anton@
claudio [Sun, 24 Oct 2021 09:05:41 +0000 (09:05 +0000)]
Anther day another broken test-http.c report from anton@
Adjust code again.

3 years agoFix mangled license.
mpi [Sun, 24 Oct 2021 08:42:38 +0000 (08:42 +0000)]
Fix mangled license.

From Leon Fischer

3 years agospelling;
jmc [Sun, 24 Oct 2021 07:08:20 +0000 (07:08 +0000)]
spelling;

3 years agoSet klist lock for sockets to make socket event filters MP-safe
visa [Sun, 24 Oct 2021 07:02:47 +0000 (07:02 +0000)]
Set klist lock for sockets to make socket event filters MP-safe

The filterops instances already provide f_modify and f_process
callbacks with proper internal locking. Locking of socket klists
has been the missing detail for MP-safety.

OK mpi@

3 years agoMake pipe event filters MP-safe
visa [Sun, 24 Oct 2021 06:59:54 +0000 (06:59 +0000)]
Make pipe event filters MP-safe

Add the missing f_modify and f_process callbacks so that pipe_lock
serializes pipe knote handling. As pipe klist locking is already in
place, pipe event filters should now be MP-safe.

This uses write locking everywhere in the callbacks for simplicity.
There is not much multiple-readers parallelism to utilize.

OK mpi@ anton@

3 years agouse NULL not 0 for pointer values in kern
jsg [Sun, 24 Oct 2021 00:02:24 +0000 (00:02 +0000)]
use NULL not 0 for pointer values in kern
ok semarie@

3 years agoThere is an m_pullup() down in AH input. As it may free or change
bluhm [Sat, 23 Oct 2021 22:19:37 +0000 (22:19 +0000)]
There is an m_pullup() down in AH input.  As it may free or change
the mbuf, the callers must be careful.  Although there is no bug,
use the common pattern to handle this.  Pass down an mbuf pointer
mp and let m_pullup() update the pointer in all callers.
It looks like the tcp signature functions should not be called.
Avoid an mbuf leak and return an error.
OK mvs@

3 years agoFix use-after-free in ipcomp_output() introduced by previous commit.
bluhm [Sat, 23 Oct 2021 22:00:51 +0000 (22:00 +0000)]
Fix use-after-free in ipcomp_output() introduced by previous commit.
Retrieve ilen and olen from crypto descriptors before freeing them.
Found by regress/sys/netinet/ipsec.
OK mpi@

3 years agospread some ipcrm/ipcs Xr; from mikhail
jmc [Sat, 23 Oct 2021 21:17:45 +0000 (21:17 +0000)]
spread some ipcrm/ipcs Xr; from mikhail
ok schwarze

3 years agodo not duplicate "Connection: close" headers and only add it if its
benno [Sat, 23 Oct 2021 20:46:18 +0000 (20:46 +0000)]
do not duplicate "Connection: close" headers and only add it if its
not a websockets response.
Reported by Marcus MERIGHI and Jonathon Fletcher, this fix is by Jonathon, Thanks!
ok claudio@

3 years agosonewconn() returns the pointer to 'socket' struct so check it against
mvs [Sat, 23 Oct 2021 20:44:42 +0000 (20:44 +0000)]
sonewconn() returns the pointer to 'socket' struct so check it against
NULL instead of '0'.

ok deraadt@

3 years agoAdd SSL_get0_verified_chain - needed by some new stuff
beck [Sat, 23 Oct 2021 20:42:50 +0000 (20:42 +0000)]
Add SSL_get0_verified_chain - needed by some new stuff

symbol will be exposed with tb@'s forthcoming bump

ok tb@

3 years agoRename io_buf_new to io_new_buffer and io_buf_close to io_close_buffer.
claudio [Sat, 23 Oct 2021 20:01:16 +0000 (20:01 +0000)]
Rename io_buf_new to io_new_buffer and io_buf_close to io_close_buffer.
With this the write functions are all of the form io_xyz_buffer.
Remove some prototypes of functions I forgot to remove in previous commit.
OK benno@

3 years agobtrace dir
deraadt [Sat, 23 Oct 2021 19:40:29 +0000 (19:40 +0000)]
btrace dir

3 years agoProvide common btrace(8) scripts.
mpi [Sat, 23 Oct 2021 19:37:35 +0000 (19:37 +0000)]
Provide common btrace(8) scripts.

. kprofile.bt - to save kernel stackframces and produce flamegraphs
. runqlat.bt  - to measure the latency of the scheduler runqueues

3 years agosync
deraadt [Sat, 23 Oct 2021 19:13:13 +0000 (19:13 +0000)]
sync

3 years agosync
deraadt [Sat, 23 Oct 2021 19:12:50 +0000 (19:12 +0000)]
sync

3 years agoensure that sensitive data is zeroed out from mem.
mestre [Sat, 23 Oct 2021 19:08:48 +0000 (19:08 +0000)]
ensure that sensitive data is zeroed out from mem.

ok beck@

3 years agoFor testing snmpd, use rc script to stop any running snmpd on machine
bluhm [Sat, 23 Oct 2021 17:56:31 +0000 (17:56 +0000)]
For testing snmpd, use rc script to stop any running snmpd on machine
and restart it afterwards.

3 years agoDeclare STACK_OF(GENERAL_NAMES)
tb [Sat, 23 Oct 2021 17:43:06 +0000 (17:43 +0000)]
Declare STACK_OF(GENERAL_NAMES)

ok jsing

3 years agoCall uvm_vnp_uncache() in tmpfs_write(). We currently only call
patrick [Sat, 23 Oct 2021 17:39:08 +0000 (17:39 +0000)]
Call uvm_vnp_uncache() in tmpfs_write().  We currently only call
uvm_vnp_uncache() in tmpfs_write() when a file grows in size.  This
is not enough.  We need to invalidate UVM's cache of the vnode every
time the contents of the vnode are modified.  Failure to do so might
lead to inconsistencies between read/mmap consumers.

From Pedro Martelletto

3 years agoFix tmpfs_lookup locking for ".." == ".". unveil_find_cover() calls
patrick [Sat, 23 Oct 2021 17:38:00 +0000 (17:38 +0000)]
Fix tmpfs_lookup locking for ".." == ".".  unveil_find_cover() calls
VFS_LOOKUP(dir, &parent) in a loop and looks up the parent directory
".." repeatedly. VFS_LOOKUP is expected to unlock 'dir' and return
'parent' locked.

So tmpfs_lookup() is called for ISDOTDOT and:
- runs with dvp = dir, vpp = &parent
- gets parent from tmpfs_vnode_get() and
- re-locks dir with vn_lock(dvp)
but skips the call to
VOP_UNLOCK(dvp);
on return because *vpp == dvp

The reason for doing so is the lookup for ".".  In this case
tmpfs_lookup() just increases the reference on dvp and copies the
pointer:
*vpp = dvp; vref(dvp);

However, in our case we also have *vpp == dvp, but for a different
lookup (ISDOTDOT), so we must do the unlock.

From markus@

3 years agofix wrong and missing return types and wrong macros in the SYNOPSIS;
schwarze [Sat, 23 Oct 2021 17:20:50 +0000 (17:20 +0000)]
fix wrong and missing return types and wrong macros in the SYNOPSIS;
while here, also apply some minor wording improvements

3 years agoRename a couple of variables overlooked in the conversion from subagentx to
martijn [Sat, 23 Oct 2021 17:13:50 +0000 (17:13 +0000)]
Rename a couple of variables overlooked in the conversion from subagentx to
agentx. Make things more consistent.

No functional change.

OK bluhm@

3 years agoAdd a glossary of variable names.
martijn [Sat, 23 Oct 2021 17:10:34 +0000 (17:10 +0000)]
Add a glossary of variable names.

Requested by and OK bluhm@

3 years agostty(1) can't be pledged for all modes, but it can be unveiled. the only file to
mestre [Sat, 23 Oct 2021 16:45:32 +0000 (16:45 +0000)]
stty(1) can't be pledged for all modes, but it can be unveiled. the only file to
be opened is on stty -f `file', so call unveil(2) afterwards to restrict all fs
access.

OK deraadt@

3 years agotpm(4): add support for tpm2 CRB interface
dv [Sat, 23 Oct 2021 16:39:03 +0000 (16:39 +0000)]
tpm(4): add support for tpm2 CRB interface

Some modern tpm2 devices require or prefer drivers communicate via
the CRB interface and not the TIS/fifo interface. This change adds
basic support for detecting CRB start mode and using CRB to issue
commands required for proper S4 hibernation. As a result, this also
defines a new struct definition for the TPM2 acpi table required
for start mode detection.

This fixes recent S4 regressions on the Surface Go 2 caused by a
change in firmware from Microsoft.

Other CRB start methods may need implementing in the future to
support additional hardware.

tested by deraadt@ and many others, ok kettenis@

3 years agoAdd new OpenSSL API SSL_CTX_set_num_tickets and friends.
beck [Sat, 23 Oct 2021 16:29:15 +0000 (16:29 +0000)]
Add new OpenSSL API SSL_CTX_set_num_tickets and friends.

Since we don't support session tickets in LibreSSL at the moment
these functions currently do not have any effect.

Again, symbols will appear with tb@'s reptar sized bump..

ok tb@

3 years agoKNF a particularly ugly comment
tb [Sat, 23 Oct 2021 16:18:20 +0000 (16:18 +0000)]
KNF a particularly ugly comment

3 years agoZap trailing whitespace
tb [Sat, 23 Oct 2021 16:17:44 +0000 (16:17 +0000)]
Zap trailing whitespace

3 years agoArithmetic is hard! Since MBR partition 0 is the only partition in the boot
krw [Sat, 23 Oct 2021 16:16:22 +0000 (16:16 +0000)]
Arithmetic is hard! Since MBR partition 0 is the only partition in the boot
media MBR, just use '*' to take all the available space.

ok visa@ deraadt@

3 years agoFixup test-http.c after big io change before anton@ complains
claudio [Sat, 23 Oct 2021 16:12:30 +0000 (16:12 +0000)]
Fixup test-http.c after big io change before anton@ complains

3 years agoUnhandroll X509_up_ref()
tb [Sat, 23 Oct 2021 16:11:30 +0000 (16:11 +0000)]
Unhandroll X509_up_ref()

ok beck jsing

3 years agoFinnally move away from blocking reads in rpki-client. The code was a
claudio [Sat, 23 Oct 2021 16:06:04 +0000 (16:06 +0000)]
Finnally move away from blocking reads in rpki-client. The code was a
mish mash of poll, non-blocking writes and blocking reads. Using the
introduced ibuf size header in io_buf_new()/io_buf_close() the read
side can be changed to pull in a full ibuf and only start the un-marshal
once all data has been read.
OK benno@

3 years ago* stop sending the content for head requests, even when its supplied by the
benno [Sat, 23 Oct 2021 15:52:44 +0000 (15:52 +0000)]
* stop sending the content for head requests, even when its supplied by the
  fcgi. Required by RFC 7231 and RFC 3875 section 4.3.2.
* If the client sends an empty body without a Content-Lenght:
  do not add the Content-Lenght if it's a HEAD request.
  If it's a HEAD request, the Content-Lenght should show the size of the
  equivalent GET request, but we don't know how much that will be so
  don't lie.

found by and fix suggested by Ross L Richardson, Thanks!

Additionally:

* when the fcgi supplies a Content-Length header, do not remove it and
  set Transfer-Encoding: chunked. Instead, leave the Content-Lenght
  header in place, as obviously the fcgi knows how much data will come.

ok claudio@

3 years agoPreapre x509.c for upcoming libcrypto bump
tb [Sat, 23 Oct 2021 15:44:39 +0000 (15:44 +0000)]
Preapre x509.c for upcoming libcrypto bump

ok beck jsing

3 years agoRetire asynchronous crypto API as it is no longer required by any driver and
tobhe [Sat, 23 Oct 2021 15:42:34 +0000 (15:42 +0000)]
Retire asynchronous crypto API as it is no longer required by any driver and
adds unnecessary complexity.  Dedicated crypto offloading devices are not common
anymore.  Modern CPU crypto acceleration works synchronously, eliminating the need
for callbacks.

Replace all occurrences of crypto_dispatch() with crypto_invoke(), which is
blocking and only returns after the operation has completed or an error occured.
Invoke callback functions directly from the consumer (e.g. IPsec, softraid)
instead of relying on the crypto driver to call crypto_done().

ok bluhm@ mvs@ patrick@

3 years agoImport documentation for X509_get_extension_flags, X509_get_key_usage,
tb [Sat, 23 Oct 2021 15:41:10 +0000 (15:41 +0000)]
Import documentation for X509_get_extension_flags, X509_get_key_usage,
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.

input/lgtm schwarze

3 years agoImport documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
tb [Sat, 23 Oct 2021 15:39:06 +0000 (15:39 +0000)]
Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
to the build after the bump.

tweak & lgtm schwarze

3 years agooops, wrong dir.
tb [Sat, 23 Oct 2021 15:36:59 +0000 (15:36 +0000)]
oops, wrong dir.

pointed out by schwarze

3 years agoAdd new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex
beck [Sat, 23 Oct 2021 15:30:44 +0000 (15:30 +0000)]
Add new OpenSSL api SSL_write_ex, SSL_read_ex and SSL_peek_ex

As these still meet the usual expectations for special, I will leave
it up to ingo to decide to either document separately or in one man
page like OpenSSL did.

Will also need Symbols.list additions by tb@ when he starts the rapture

ok tb@ jsing@

3 years agoannotate a 413 error with "request body too large" in the error log.
benno [Sat, 23 Oct 2021 15:30:28 +0000 (15:30 +0000)]
annotate a 413 error with "request body too large" in the error log.
ok claudio@

3 years agoImport documentation for X509_get_extension_flags, X509_get_key_usage,
tb [Sat, 23 Oct 2021 15:30:07 +0000 (15:30 +0000)]
Import documentation for X509_get_extension_flags, X509_get_key_usage,
X509_get_extended_key_usage from OpenSSL. Will be linked to the build
after the bump.

input/lgtm schwarze

3 years agoImport documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
tb [Sat, 23 Oct 2021 15:27:46 +0000 (15:27 +0000)]
Import documentation for X509_SIG_get{0,m} from OpenSSL. Will be linked
to the build after the bump.

tweak & lgtm schwarze

3 years agomissed in previous commit
mestre [Sat, 23 Oct 2021 15:08:26 +0000 (15:08 +0000)]
missed in previous commit

this was ok tb@

3 years agoMop up enc_read_ctx and read_hash.
jsing [Sat, 23 Oct 2021 15:02:27 +0000 (15:02 +0000)]
Mop up enc_read_ctx and read_hash.

These are no longer public, so we can mop them up along with the machinery
needed to set/clear them.

ok beck@ tb@

3 years agoFix double free after allocation failure in bpf(4).
visa [Sat, 23 Oct 2021 15:00:11 +0000 (15:00 +0000)]
Fix double free after allocation failure in bpf(4).

Reported by Peter J. Philipp.

OK mpi@

3 years agoBe consistend and add missing spaces around some of the NOTREACHED comments.
claudio [Sat, 23 Oct 2021 14:56:55 +0000 (14:56 +0000)]
Be consistend and add missing spaces around some of the NOTREACHED comments.

3 years agops_sigcode, ps_sigcoderet and ps_sigcookie are immutable after a process
claudio [Sat, 23 Oct 2021 14:53:02 +0000 (14:53 +0000)]
ps_sigcode, ps_sigcoderet and ps_sigcookie are immutable after a process
is created. Annotate them accordingly.
OK mpi@

3 years agoFix some whitespace issues, some pointed out by jsing, some found in
tb [Sat, 23 Oct 2021 14:52:51 +0000 (14:52 +0000)]
Fix some whitespace issues, some pointed out by jsing, some found in
the vicinity.

3 years agoPrepare s_server for opaque structs in libcrypto
tb [Sat, 23 Oct 2021 14:50:10 +0000 (14:50 +0000)]
Prepare s_server for opaque structs in libcrypto

ok beck jsing

3 years agoPrepare crl.c for opaque structs in libcrypto.
tb [Sat, 23 Oct 2021 14:49:39 +0000 (14:49 +0000)]
Prepare crl.c for opaque structs in libcrypto.

ok beck jsing

3 years agodhclient -> dhcp in comment
kn [Sat, 23 Oct 2021 14:49:06 +0000 (14:49 +0000)]
dhclient -> dhcp in comment

3 years agoPrepare pcks12 for opaque structs in libcrypto
tb [Sat, 23 Oct 2021 14:48:33 +0000 (14:48 +0000)]
Prepare pcks12 for opaque structs in libcrypto

get_cert_chain() needs some error checking. return X509_V_ errors
instead of trying to overload the NULL and then whine in a comment that
this won't really work.

Fix a bug that printed only the first attribute by factoring out the
thing that did the actual printing.

Sprinkle a few changes to accessors here and there.
This is loosely based on what OpenSSL did with some simplifications by
jsing.

ok beck jsing

3 years agoSprinkle uvm_obj_destroy() over UVM object recycling code.
mpi [Sat, 23 Oct 2021 14:42:07 +0000 (14:42 +0000)]
Sprinkle uvm_obj_destroy() over UVM object recycling code.

For now, only assert that the tree of pages is empty in uvm_obj_destroy().
This will soon be used to free the per-UVM object lock.

While here call uvm_obj_init() when new vnodes are allocated instead of
in uvn_attach().  Because vnodes and there associated UVM object are
currently never freed, it isn't easy to know where/when to garbage
collect the associated lock.  So simply check that the reference of a
given object is 0 when uvn_attach().

Tested by many as part of a bigger diff.

ok kettenis@

3 years agoProvide a way to determine our maximum legacy version.
jsing [Sat, 23 Oct 2021 14:40:54 +0000 (14:40 +0000)]
Provide a way to determine our maximum legacy version.

With the introduction of TLSv1.3, we need the ability to determine our
maximum legacy version and to track our peer's maximum legacy version.
This is needed for both the TLS record layer when using TLSv1.3, plus
it is needed for RSA key exhange in TLS prior to TLSv1.3, where the
maximum legacy version is incorporated in the pre-master secret to
avoid downgrade attacks.

This unbreaks RSA KEX for the TLS client when the non-version specific
method is used with TLSv1.0 or TLSv1.1 (clearly no one does this).

ok tb@

3 years agoMove libagentx to a new freeing strategy, where we check all objects when
martijn [Sat, 23 Oct 2021 14:39:35 +0000 (14:39 +0000)]
Move libagentx to a new freeing strategy, where we check all objects when
a close packet has been received.

This should have little to no performance impact in practice, since under
normal operations we shouldn't free any objects.

OK bluhm@

3 years agoAdd a regress test for TLS client/server.
jsing [Sat, 23 Oct 2021 14:34:10 +0000 (14:34 +0000)]
Add a regress test for TLS client/server.

This currently exercises various combinations of TLS versions and their
associated key exchange mechanisms. Note that this currently fails for
TLSv1.0/TLSv1.1 with RSA KEX (to be fixed shortly).

Over time all of the ssl regress should be moved into the dtls and tls
regress tests.

3 years agoUnbreak test-http after the last io.c changes
claudio [Sat, 23 Oct 2021 14:29:59 +0000 (14:29 +0000)]
Unbreak test-http after the last io.c changes
Report from anton@

3 years agoAssert that the KERNEL_LOCK() is held in vref(9).
mpi [Sat, 23 Oct 2021 14:08:46 +0000 (14:08 +0000)]
Assert that the KERNEL_LOCK() is held in vref(9).

This is a guard against pushing the lock too far in UVM's vnode land.

ok beck@

3 years agotweak previous: add missing OpenBSD CVS tag
schwarze [Sat, 23 Oct 2021 13:57:00 +0000 (13:57 +0000)]
tweak previous: add missing OpenBSD CVS tag
and fix some weird typos in comments (duplicate '@' signs)

3 years agoRemove unused fields from struct dtls1_retransmit_state.
jsing [Sat, 23 Oct 2021 13:45:44 +0000 (13:45 +0000)]
Remove unused fields from struct dtls1_retransmit_state.

3 years agoFold DTLS1_STATE_INTERNAL into DTLS1_STATE.
jsing [Sat, 23 Oct 2021 13:36:03 +0000 (13:36 +0000)]
Fold DTLS1_STATE_INTERNAL into DTLS1_STATE.

Now that DTLS1_STATE is opaque, fold DTLS1_STATE_INTERNAL back into
DTLS1_STATE and remove D1I() usage.

ok tb@

3 years agotweak previous: properly mark up function pointer typedef
schwarze [Sat, 23 Oct 2021 13:17:03 +0000 (13:17 +0000)]
tweak previous: properly mark up function pointer typedef
plus .Dv NULL, SEE ALSO, HISTORY

3 years agoPrepare to make many of the structs in x509.h opaque.
tb [Sat, 23 Oct 2021 13:16:52 +0000 (13:16 +0000)]
Prepare to make many of the structs in x509.h opaque.

ok beck jsing

3 years agoChange ssl_verify_cert_chain() for compatibility with opaque
tb [Sat, 23 Oct 2021 13:14:38 +0000 (13:14 +0000)]
Change ssl_verify_cert_chain() for compatibility with opaque
X509_STORE_CTX and use accessors instead of reaching directly
into the struct.

ok jsing

3 years agoUse X509_STORE_CTX_get0_chain() instead of grabbing the chain directly
tb [Sat, 23 Oct 2021 13:12:55 +0000 (13:12 +0000)]
Use X509_STORE_CTX_get0_chain() instead of grabbing the chain directly
out of the X509_STORE_CTX.

ok jsing

3 years agoRevise regress test for tls13_buffer rename.
jsing [Sat, 23 Oct 2021 13:12:45 +0000 (13:12 +0000)]
Revise regress test for tls13_buffer rename.

3 years agoRename tls13_buffer to tls_buffer.
jsing [Sat, 23 Oct 2021 13:12:14 +0000 (13:12 +0000)]
Rename tls13_buffer to tls_buffer.

This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.

ok beck@ tb@

3 years agoMake sure we have enough space to add padding and final token to the nvram
kettenis [Sat, 23 Oct 2021 12:48:17 +0000 (12:48 +0000)]
Make sure we have enough space to add padding and final token to the nvram
data.  Also add the MAC address to the nvram data when there is a
"local-mac-address" property in the device tree.  This makes bwfm(4) work
with the firmware/nvram/clm_blob files provided with MacOS on the Apple
M1 Macs.

ok patrick@

3 years agoStop reaching into structs that will become opaque in ca.c
tb [Sat, 23 Oct 2021 12:00:18 +0000 (12:00 +0000)]
Stop reaching into structs that will become opaque in ca.c

"just commit it" beck

3 years agoPrepare to provide X509_re_X509*_tbs()
tb [Sat, 23 Oct 2021 11:56:10 +0000 (11:56 +0000)]
Prepare to provide X509_re_X509*_tbs()

ok beck jsing

3 years agoPrepare to provide X509_get_extension_flags()
tb [Sat, 23 Oct 2021 11:53:24 +0000 (11:53 +0000)]
Prepare to provide X509_get_extension_flags()

ok beck jsing

3 years agoAdd SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback
beck [Sat, 23 Oct 2021 11:41:51 +0000 (11:41 +0000)]
Add SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback

Some things in ports care about calling these functions. Since we will
not provide private key logging functionality they are documented
as being for compatibility and that they don't do anything.

ok tb@

3 years agoPrepare to provide X509_SIG_get{0,m}.
tb [Sat, 23 Oct 2021 11:41:50 +0000 (11:41 +0000)]
Prepare to provide X509_SIG_get{0,m}.

ok beck jsing

3 years agoNuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10
tb [Sat, 23 Oct 2021 11:36:44 +0000 (11:36 +0000)]
Nuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10
encoders many moons ago. OpenSSL removed it in 2015.

ok beck jsing

3 years agoif both stdout and stderr are redirected to a non-tty, pledge(2) will kill
mestre [Sat, 23 Oct 2021 11:22:48 +0000 (11:22 +0000)]
if both stdout and stderr are redirected to a non-tty, pledge(2) will kill
ncurses applications, e.g.:

/usr/games/worms 2>&1 | cat

solve this by only calling pledge(2) after initscr(3) is set and done, or
whatever function that calls it. since pledge(2) is called later now the
promises might be reduced, but this a diff for another day.

found by naddy@ almost a year ago, discussed with him deraadt@ and tb@
ok tb@

3 years agoCorrectly print varbind not found contexts.
martijn [Sat, 23 Oct 2021 10:47:50 +0000 (10:47 +0000)]
Correctly print varbind not found contexts.

OK benno@

3 years agoAlways print the community.
martijn [Sat, 23 Oct 2021 10:45:20 +0000 (10:45 +0000)]
Always print the community.

There's no such thing as a default community.

OK benno@