anton [Tue, 3 Sep 2024 04:58:00 +0000 (04:58 +0000)]
Adjust expected output after recent X_OK changes.
jsg [Tue, 3 Sep 2024 00:23:05 +0000 (00:23 +0000)]
move psp functions to psp.c and remove the ifdefs
ok bluhm@ hshoexer@
deraadt [Mon, 2 Sep 2024 16:39:03 +0000 (16:39 +0000)]
sync
deraadt [Mon, 2 Sep 2024 16:37:58 +0000 (16:37 +0000)]
In our fight against the cosmos, in the chaos of the source tree, we
deleted the greek quiz. Some people felt trauma, and called out our
hubris. At my request, Carson Harding performed a metamorphosis of
the quiz -- kudos to him! After playing, I consider it the acme of
quizzes.
ok jmc mglocker
deraadt [Mon, 2 Sep 2024 16:34:44 +0000 (16:34 +0000)]
In our fight against the cosmos, in the chaos of the source tree, we
deleted the greek quiz. Some people felt trauma, and called out our
hubris. At my request, Carson Harding performed a metamorphosis of
the quiz -- kudos to him! After playing, I consider it the acme of
quizzes.
ok jmc mglocker
djm [Mon, 2 Sep 2024 12:18:35 +0000 (12:18 +0000)]
missing ifdef
djm [Mon, 2 Sep 2024 12:13:56 +0000 (12:13 +0000)]
Add experimental support for hybrid post-quantum key exchange
ML-KEM768 with ECDH/X25519 from the Internet-draft:
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This is based on previous patches from markus@ but adapted to use the
final FIPS203 standard ML-KEM using a formally-verified implementation
from libcrux.
Note this key exchange method is still a draft and thus subject to
change. It is therefore disabled by default; set MLKEM=yes to build it.
We're making it available now to make it easy for other SSH
implementations to test against it.
ok markus@ deraadt@
job [Mon, 2 Sep 2024 11:56:22 +0000 (11:56 +0000)]
Increase number of concurrent RRDP session handler slots
OK claudio@
jsg [Mon, 2 Sep 2024 11:08:41 +0000 (11:08 +0000)]
simplify ccp ifdef; ok bluhm@
sf [Mon, 2 Sep 2024 08:26:26 +0000 (08:26 +0000)]
virtio: Move interrupt setup into separate function
Put the MSIX vector into struct virtqueue and create a transport
specific function that feeds the vectors to the device. This will allow
child devices to influence which vectors are used for which virtqueues.
This will be used by multi-queue vio(4) to route corresponding rx/tx
queue interrupts to the same cpu.
The setup_intrs() function also sets the config interrupt MSIX vector
which fixes a bug that virtio_pci_set_msix_config_vector() would not
be called after a device reset.
OK bluhm@
sf [Mon, 2 Sep 2024 08:22:08 +0000 (08:22 +0000)]
virtio_pci: Improve interrupt names
Make interrupt strings according to the child device. This gives names
like vio0:1, vioblk0 instead of virtio0, virtio1. Also allocate array
of interrupt handlers dynamically. The current size will be too small
for vio multi-queue.
OK bluhm@
tb [Mon, 2 Sep 2024 08:05:18 +0000 (08:05 +0000)]
sync
tb [Mon, 2 Sep 2024 08:04:32 +0000 (08:04 +0000)]
Remove X509_check_trust documentation
tb [Mon, 2 Sep 2024 07:58:05 +0000 (07:58 +0000)]
sync
tb [Mon, 2 Sep 2024 07:57:27 +0000 (07:57 +0000)]
The X509at_* manuals are no longer needed
tb [Mon, 2 Sep 2024 07:56:28 +0000 (07:56 +0000)]
Also remove .Xr to X509at_*
tb [Mon, 2 Sep 2024 07:55:26 +0000 (07:55 +0000)]
Excise X509at_* from X509_REQ_* documentation
tb [Mon, 2 Sep 2024 07:54:21 +0000 (07:54 +0000)]
Rename lastpos to start_after to match other, similar manuals
tb [Mon, 2 Sep 2024 07:45:09 +0000 (07:45 +0000)]
More X509at_* removal
tb [Mon, 2 Sep 2024 07:43:07 +0000 (07:43 +0000)]
Remove mention of the no longer public X509at_* functions
tb [Mon, 2 Sep 2024 07:20:21 +0000 (07:20 +0000)]
Adjust function signatures for const X509_LOOKUP_METHOD
yasuoka [Mon, 2 Sep 2024 04:45:22 +0000 (04:45 +0000)]
Coding of the handling of errors for <sequence number> hadn't be completed.
yasuoka [Mon, 2 Sep 2024 04:00:51 +0000 (04:00 +0000)]
regen
yasuoka [Mon, 2 Sep 2024 03:59:40 +0000 (03:59 +0000)]
Add Intel X540 X550 virtual function devices. From Yuichiro NAITO.
ok jmatthew
deraadt [Sun, 1 Sep 2024 23:26:10 +0000 (23:26 +0000)]
Regarding previous commit, X_OK on unveil-permitted directories does
not map nicely to UNVEIL_EXEC. But we don't know before calling
namei() if the path is a directory. Oh well, stick to UNVEIL_READ
for that case, it is going to be good enough for the typical case.
Worked out with jeremy after chrome/firefox Downloads directory issue.
tb [Sun, 1 Sep 2024 20:24:42 +0000 (20:24 +0000)]
dhcpleased: fix a sizeof for IMSG_REQUEST_REBOOT.
"fatal in engine: engine_dispatch_frontend: invalid IMSG_REQUEST_REBOOT"
reported by qwer.ty tuta io
ok florian kn
bluhm [Sun, 1 Sep 2024 19:32:48 +0000 (19:32 +0000)]
For AMD SEV mention platform security processor in ccp(4) map page.
from hshoexer@; input jsg@; ok mlarkin@
bluhm [Sun, 1 Sep 2024 19:25:06 +0000 (19:25 +0000)]
For AMD SEV provide ioctl(2) in cpp(4) to shutdown guest.
To shutdown a SEV-enabled guest, first deactivate the guest context
in ccp(4), then decommission the guest context. Combine these two
operations in a single ioctl to simplify guest shutdown for vmd(8).
As this ioctl does not directly map to a single ccp command, use a
high number for the ioctl. More ioctls like this one will come.
from hshoexer@; OK mlarkin@
tb [Sun, 1 Sep 2024 17:20:37 +0000 (17:20 +0000)]
symbols: remove special case for cpuid_setup and cpu_caps
The former is gone and the latter is available in crypto.h.
bluhm [Sun, 1 Sep 2024 17:13:46 +0000 (17:13 +0000)]
Pledge "vmm" for ccp(4) ioctl(2).
Limit ccp ioctls to processes that pledge vmm. Specific psp device
ioctls for AMD SEV will allowed for vmd(8).
from hshoexer@; input deraadt@ jsg@
anton [Sun, 1 Sep 2024 06:05:11 +0000 (06:05 +0000)]
Enable warnings and fix style nits.
anton [Sun, 1 Sep 2024 05:48:20 +0000 (05:48 +0000)]
Make unveil access regress work with objdir.
jsg [Sun, 1 Sep 2024 05:33:29 +0000 (05:33 +0000)]
Apls -> Alps
jsg [Sun, 1 Sep 2024 05:20:25 +0000 (05:20 +0000)]
equivalient -> equivalent
guenther [Sun, 1 Sep 2024 04:27:45 +0000 (04:27 +0000)]
dladdr(3) is in POSIX-2024, though the structure type was renamed
to match Solaris and _not_ match glibc/BSDs and no one caught it
before publication. Provide the new name but keep providing the
existing names under the same conditions as before. Update #include
visibility and dlfcn(3) manpage and add restrict qualifiers.
ok deraadt@
jsg [Sun, 1 Sep 2024 03:14:48 +0000 (03:14 +0000)]
spelling; checked by jmc@, ok miod@ mglocker@
jsg [Sun, 1 Sep 2024 03:09:34 +0000 (03:09 +0000)]
regen
jsg [Sun, 1 Sep 2024 03:08:56 +0000 (03:08 +0000)]
spelling; checked by jmc@, ok miod@ mglocker@ krw@
aisha [Sun, 1 Sep 2024 00:22:59 +0000 (00:22 +0000)]
add tests for linux kpi for rbtree
lots of cleanup and rewriting by jsg@
jeremy [Sat, 31 Aug 2024 20:03:03 +0000 (20:03 +0000)]
Add regression test for access(2)+unveil(2)
ok deraadt
tb [Sat, 31 Aug 2024 18:39:25 +0000 (18:39 +0000)]
sync x509v3_add_value with x509_utl.c
tb [Sat, 31 Aug 2024 18:38:46 +0000 (18:38 +0000)]
Rewrite X509V3_add_value() to a single exit idiom
ok jsing
jsing [Sat, 31 Aug 2024 16:28:49 +0000 (16:28 +0000)]
Remove redundant COPYRIGHT file.
This is already included at the top of each file in this directory.
Prompted by tb@
deraadt [Sat, 31 Aug 2024 16:23:09 +0000 (16:23 +0000)]
net drivers may have mii children, but mii layer has no _activate
functions. similar operations are done via driver xx_stop/init functions
calling mii_ subfunctions directly at the right moments in time, and
are not anticipated to ever need the activate mechanism. so for now,
delete all the config_activate_children() here
ok kettenis
jsing [Sat, 31 Aug 2024 16:22:18 +0000 (16:22 +0000)]
Make fcrypt_body() static and remove prototype.
jsing [Sat, 31 Aug 2024 16:17:13 +0000 (16:17 +0000)]
Unifdef DES_PTR, DES_RISC1 and DES_RISC2.
These are all go fast knobs that convolute the code and can be dangerous.
Lets presume that we have a modern and somewhat capable C compiler instead.
ok tb@
jsing [Sat, 31 Aug 2024 16:04:22 +0000 (16:04 +0000)]
Unifdef OPENBSD_DES_ASM.
There are no assembly implementations now.
ok tb@
jsing [Sat, 31 Aug 2024 16:01:18 +0000 (16:01 +0000)]
Inline and remove spr.h.
This is only included once in des_enc.c - inline the tables instead.
Prompted by tb@
jsing [Sat, 31 Aug 2024 15:56:09 +0000 (15:56 +0000)]
Combine DES code into a smaller set of files.
Discussed with tb@
deraadt [Sat, 31 Aug 2024 15:53:44 +0000 (15:53 +0000)]
If FADT_POWER_S0_IDLE_CAPABLE feature is found, prefer S0ix style over S3.
Commiting now so that tests can be done by more people before release.
At the last moment, we can pull this change out.
deraadt [Sat, 31 Aug 2024 15:52:09 +0000 (15:52 +0000)]
jeremy observed that access() on unveiled space was returning errors
for valid requests. This is because the nd.ni_unveil to namei() was
always UNVEIL_READ, regardless of the request amode. Building a
correct ni_unveil passes a new regression test, producing expected
results.
ok beck jeremy
jsing [Sat, 31 Aug 2024 15:39:33 +0000 (15:39 +0000)]
Merge fcrypt_b.c into fcrypt.c.
There is no need for these to be separate (presumably done due to assembly
implementations, even though there are #ifdef as well).
Discussed with tb@
jsing [Sat, 31 Aug 2024 14:31:20 +0000 (14:31 +0000)]
Remove now unused ncbc_enc.c.
jsing [Sat, 31 Aug 2024 14:29:15 +0000 (14:29 +0000)]
Expand DES_ncbc_encrypt() in des_enc.c.
Copy ncbc_enc.c where it was previously #included, then clean up with
`unifdef -m -UCBC_ENC_C__DONT_UPDATE_IV`.
Discussed with tb@
jsing [Sat, 31 Aug 2024 14:25:04 +0000 (14:25 +0000)]
Expand DES_cbc_encrypt() in cbc_enc.c.
Copy ncbc_enc.c where it was previously #included, then clean up with
`unifdef -m -DCBC_ENC_C__DONT_UPDATE_IV`.
Discussed with tb@
jmc [Sat, 31 Aug 2024 13:41:13 +0000 (13:41 +0000)]
update the header; ok and error corrected by jsg
jmc [Sat, 31 Aug 2024 13:39:36 +0000 (13:39 +0000)]
grammar tweaks; counter tweaked by dlg
jsing [Sat, 31 Aug 2024 12:47:24 +0000 (12:47 +0000)]
Update for OPENSSL_cpu_caps() now being machine independent.
jsing [Sat, 31 Aug 2024 12:46:55 +0000 (12:46 +0000)]
Update for OPENSSL_cpu_caps() now being machine independent.
ok tb@
jsing [Sat, 31 Aug 2024 12:43:58 +0000 (12:43 +0000)]
Make OPENSSL_cpu_caps() machine independent.
OPENSSL_cpu_caps() is currently machine dependent and exposes CPUID data
on amd64 and i386. However, what it is really used for is to indicate
whether specific algorithms are accelerated on the given hardware. Change
OPENSSL_cpu_caps() so that it returns a machine indepent value, which
decouples it from amd64/i386 and will allow it to be used appropriately
on other platforms in the future.
ok tb@
tb [Sat, 31 Aug 2024 11:14:58 +0000 (11:14 +0000)]
Undo workaround for EVP_PKEY_*check() removal
tb [Sat, 31 Aug 2024 10:55:42 +0000 (10:55 +0000)]
sync libressl bump
tb [Sat, 31 Aug 2024 10:54:12 +0000 (10:54 +0000)]
major bump for libcrypto libssl and libtls
tb [Sat, 31 Aug 2024 10:52:43 +0000 (10:52 +0000)]
Bump LIBRESSL_VERSION_NUMBER
tb [Sat, 31 Aug 2024 10:51:48 +0000 (10:51 +0000)]
Remove SSL_add_compression_method
tb [Sat, 31 Aug 2024 10:49:35 +0000 (10:49 +0000)]
Expose X509_get_signature_info
To compensate for all the removals, a single, small, constructive piece
of this bump: expose X509_get_signature_info() so that libssl's security
level API can handle RSA-PSS certificates correctly.
ok beck jsing
tb [Sat, 31 Aug 2024 10:46:40 +0000 (10:46 +0000)]
Make X509at_* API internal
The only consumer, yara, has been adjusted. It will be some more work
to remove this idiocy internally, but at least we will no longer have
to care about external consumers.
ok beck jsing
tb [Sat, 31 Aug 2024 10:45:37 +0000 (10:45 +0000)]
sync
tb [Sat, 31 Aug 2024 10:44:39 +0000 (10:44 +0000)]
Unexport OPENSSL_cpuid_setup and OPENSSL_ia32cap_P
This allows us in particular to get rid of the MD Symbols.list which
were needed on amd64 and i386 for llvm 16 a while back. OPENSSL_ia32cap_P
was never properly exported since the symbols were marked .hidden in the
asm.
ok beck jsing
tb [Sat, 31 Aug 2024 10:42:21 +0000 (10:42 +0000)]
Zap HMAC_Init
Long deprecated, last users have been fixed.
ok beck jsing
tb [Sat, 31 Aug 2024 10:38:49 +0000 (10:38 +0000)]
Nuke the whrlpool (named after the galaxy) from orbit
It's just gross. Only used by a popular disk encryption utility on an
all-too-popular OS one or two decades back.
ok beck jsing
tb [Sat, 31 Aug 2024 10:30:16 +0000 (10:30 +0000)]
Remove DES_enc_{read,write} and DES_rw_mode
Unfortunately we'll probably never be able to get rid of DES entirely.
One part of it that is old enough to be a grandparent can go, though.
ok beck jsing
tb [Sat, 31 Aug 2024 10:28:03 +0000 (10:28 +0000)]
Garbage collec UI_UTIL remnants
ok beck jsing
tb [Sat, 31 Aug 2024 10:25:38 +0000 (10:25 +0000)]
Remove EVP_PKEY.*attr* API
I ranted enough about this recently. PKCS#12. Microsoft. 'nuff said.
ok beck jsing
tb [Sat, 31 Aug 2024 10:23:13 +0000 (10:23 +0000)]
Move BIT_STRING_BITNAME tables to const
Another bunch of const correctness fixes for global tables. These are
used to map ns cert types, key usage types and CRL reasons to strings
and vice versa. By the looks of it, nobody ever figured out how to use
this (need I mention that it's convoluted?).
ok beck jsing
tb [Sat, 31 Aug 2024 10:19:17 +0000 (10:19 +0000)]
const correct X509_LOOKUP_METHOD
With this another family of global tables becomes const as it should
always have been.
ok beck jsing
tb [Sat, 31 Aug 2024 10:16:52 +0000 (10:16 +0000)]
Remove X509_REQ_{set,get}_extension_nids()
LibreSSL no longer supports non-standard OIDs for use in the extensions
attribute of CSRs. The API that enabled that (and nobody used of course)
can now go.
ok beck jsing
tb [Sat, 31 Aug 2024 10:14:17 +0000 (10:14 +0000)]
Make X509_VAL opaque
Nothing needs to reach into this structure, which is part of
certificates. So hide its innards.
ok beck jsing
tb [Sat, 31 Aug 2024 10:12:23 +0000 (10:12 +0000)]
Remove X509_check_trust() and some related defines
Someone thought it would be a good idea to append non-standard trust
information to the certs in the trust store. This API is used to
inspect that depending on the intended purpose of the cert. Only
M2Crypto thought it necessary to expose this. It was adjusted.
ok beck jsing
tb [Sat, 31 Aug 2024 10:09:15 +0000 (10:09 +0000)]
Remove ERR_add_{,v}data()
Another unused bit of legacy API...
ok beck jsing
tb [Sat, 31 Aug 2024 10:06:39 +0000 (10:06 +0000)]
The X509V3_CONF_METHOD goes away
No longer used, never really needed.
ok beck jsing
tb [Sat, 31 Aug 2024 10:04:50 +0000 (10:04 +0000)]
Remove X509V3_get_string/X509V3_string_free
These have always been unused, but the db_meth abstraction hid that
very well. Bye.
ok beck jsing
tb [Sat, 31 Aug 2024 10:03:03 +0000 (10:03 +0000)]
Make some more x509 conf stuff internal
This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...
ok beck jsing
tb [Sat, 31 Aug 2024 09:59:12 +0000 (09:59 +0000)]
Retire X509V3_set_conf_lhash()
Thankfully sthen removed the out-of-support PHP versions 7.4 and 8.0,
which were the last users of this API, which in turn permitted much of
this conf rampage. Now the stub can join its guts in the attic.
ok beck jsing
tb [Sat, 31 Aug 2024 09:56:50 +0000 (09:56 +0000)]
Retire X509V3_EXT_{,CRL_,REQ_}add_conf()
Fortunately all projects who want to configure their extensions using
a dangerous string DSL/API figured out the fact that one was supposed to
be using the nconf version of these (the hint is the 'n', as in new).
ok beck jsing
tb [Sat, 31 Aug 2024 09:54:31 +0000 (09:54 +0000)]
Remove OPENSSL_load_builtin_modules
This became obsolete with the automatic library initialization. Now it
is time for it to become an internal API.
ok beck jsing
tb [Sat, 31 Aug 2024 09:53:02 +0000 (09:53 +0000)]
Unexport CONF_set_nconf()
This translation device from old to new conf guts will need to stay
for a while. However, it's only needed internally.
ok beck jsing
tb [Sat, 31 Aug 2024 09:50:52 +0000 (09:50 +0000)]
Remove more CONF_* functions that are no longer needed
This is the next layer of unused cruft that can now go. The code lovingly
called it 'the "CONF classic" functions'. No tear was shed. Don't worry,
we still have the "New CONF" functions!
ok beck jsing
tb [Sat, 31 Aug 2024 09:46:17 +0000 (09:46 +0000)]
Inline last use of CONF_free()
This permits another single-use-no-longer-public API to join the party
in the bit bucket.
ok beck jsing
tb [Sat, 31 Aug 2024 09:44:00 +0000 (09:44 +0000)]
Unexport NCONF_default
The only project I'm aware of that ever used this was rust-openssl
and they did so for no good reason. So remove this API, the crate's
code is already adjusted accordingly.
ok beck jsing
tb [Sat, 31 Aug 2024 09:41:53 +0000 (09:41 +0000)]
Inline NCONF_free_data in its only user
ok beck jsing
tb [Sat, 31 Aug 2024 09:39:31 +0000 (09:39 +0000)]
const correct uses of CONF_METHOD
While not all of this is strictly needed, it was simply incorrect. This
way another global which was modifiable for no good reason becomes const.
ok beck jsing
tb [Sat, 31 Aug 2024 09:36:38 +0000 (09:36 +0000)]
Stop using conf->meth_data and make CONF_type_default const
Now that we no longer need to hang a poor man's ctype substitute off
the conf structure, we can get rid of the otherwise unused meth_data
member. This allows us to const correct CONF_type_default. Hopefully
we can remove it soon.
ok beck jsing
tb [Sat, 31 Aug 2024 09:34:05 +0000 (09:34 +0000)]
Remove NCONF_WIN32
Undocumented and entirely unused. Gets rid of a big, modifiable, global
table.
ok beck jsing
tb [Sat, 31 Aug 2024 09:29:32 +0000 (09:29 +0000)]
sync
tb [Sat, 31 Aug 2024 09:29:03 +0000 (09:29 +0000)]
Retire conf_api.h and the API therein
This makes the _CONF_* layer of the conf module internal and gets rid
of the entirely unused conf_api.h.
ok beck jsing
tb [Sat, 31 Aug 2024 09:26:18 +0000 (09:26 +0000)]
Unexport some conf layers unused outside of libcrypto
imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.
Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.
ok beck jsing
tb [Sat, 31 Aug 2024 09:21:44 +0000 (09:21 +0000)]
Make CONF_METHOD opaque
Much of conf is designed in such a way that you really have to reach into
its structs. This one piece can be hidden. It might even be removed soon.
ok beck jsing
tb [Sat, 31 Aug 2024 09:18:00 +0000 (09:18 +0000)]
Remove unused {,N}CONF_dump_{bio,fp}()
It's time to start removing some horrors from the conf/ garbage. If the
current top layer wasn't terrible enough, you could always slap another
one on top of it and it would then be truly marvellous.
ok beck jsing
tb [Sat, 31 Aug 2024 09:14:21 +0000 (09:14 +0000)]
Remove EVP_PKEY_*check again
This API turned out to be a really bad idea. OpenSSL 3 extended it, with
the result that basically every key type had its own DoS issues fixed in
a recent security release. We eschewed these by having some upper bounds
that kick in when keys get insanely large.
Initially added on tobhe's request who fortunately never used it in iked,
this was picked up only by ruby/openssl (one of the rare projects doing
proper configure checks rather than branching on VERSION defines) and of
course xca, since it uses everything it can. So it was easy to get rid of
this again.
ok beck jsing