openbsd
11 months agoUnhook and remove the now even more useless ssl_algs.c than it was before.
tb [Wed, 22 Nov 2023 15:55:28 +0000 (15:55 +0000)]
Unhook and remove the now even more useless ssl_algs.c than it was before.

ok jsing

11 months agoMake SSL_library_init() a wrapper of OPENSSL_init_ssl()
tb [Wed, 22 Nov 2023 15:53:53 +0000 (15:53 +0000)]
Make SSL_library_init() a wrapper of OPENSSL_init_ssl()

This way it doesn't do nonsensical work for all those who cargo culted an
init sequence. There's no point in having SSL_library_init() as a cheaper
version of OPENSSL_init_ssl(): once you do crypto, you'll init crypto...

Also move the now trivial implementation to ssl_init.c which has a good
license.

ok jsing

11 months agoStop calling SSL_library_init() from OPENSSL_init_ssl_internal()
tb [Wed, 22 Nov 2023 15:49:47 +0000 (15:49 +0000)]
Stop calling SSL_library_init() from OPENSSL_init_ssl_internal()

It's pointless: all the ciphers and digests added by SSL_library_init()
are already added by OPENSSL_init_crypto(), which was already called at
that point.

ok jsing

11 months agoMove SSL_library_init() next to OPENSSL_init_ssl()
tb [Wed, 22 Nov 2023 15:43:42 +0000 (15:43 +0000)]
Move SSL_library_init() next to OPENSSL_init_ssl()

Its current position makes no sense and it will become a wrapper of the
latter in a subsequent commit.

ok jsing

11 months agoSet correct errno field in struct asr_result.
florian [Wed, 22 Nov 2023 13:19:31 +0000 (13:19 +0000)]
Set correct errno field in struct asr_result.

Otherwise gethostbyname(3) returns stack garbage when it is called
with an invalid host name, indicating success.
Problem observed in segfaulting ifconfig(8) by bluhm.

11 months agoPrepare to do the updatedb stuff as an @option, so that the code is less ad-hoc
espie [Wed, 22 Nov 2023 11:18:37 +0000 (11:18 +0000)]
Prepare to do the updatedb stuff as an @option, so that the code is less ad-hoc

11 months agoPiping single file to standard out needs no "proc exec"
kn [Wed, 22 Nov 2023 02:20:54 +0000 (02:20 +0000)]
Piping single file to standard out needs no "proc exec"

'-o -' now means no "ftp> " shell, so no "|some cmd" files, "!some cmd" or
"page" commands.

OK millert

11 months agoDo not drop into "ftp> " shell when piping to stdandard output
kn [Wed, 22 Nov 2023 02:16:20 +0000 (02:16 +0000)]
Do not drop into "ftp> " shell when piping to stdandard output

'-o -' is orthogonal to an interactive prompt, yet some (malformed) URLs
such as ftp://host/ would still end up there;  exit after processing the
first file/URL to prevent this.

sthen deraadt agree
OK millert

11 months agoUpdate awk to the Nov 20, 2023 version.
millert [Wed, 22 Nov 2023 01:01:21 +0000 (01:01 +0000)]
Update awk to the Nov 20, 2023 version.

This includes a rewrite of the fnematch() function as well as a
refactoring of the sub and gsub implementation.

11 months agoec_print.c: Unwrap a line
tb [Tue, 21 Nov 2023 22:17:15 +0000 (22:17 +0000)]
ec_print.c: Unwrap a line

11 months agoInline a better version of print_bin() in only caller
tb [Tue, 21 Nov 2023 22:05:33 +0000 (22:05 +0000)]
Inline a better version of print_bin() in only caller

Instead of printing to a temporary buffer with weird gymnastics, we can
simply write things out to the BIO using proper indent. This still isn't
perfect since we have a CBS version of this in ecx_buf_print(), which is
basically what used to be ASN1_buf_print(). Annotate this with an XXX for
future cleanup.

ok beck

11 months agoMake a few purpose things const
tb [Tue, 21 Nov 2023 17:56:19 +0000 (17:56 +0000)]
Make a few purpose things const

This should allow us to constify a sizable table in libcrypto in an
upcoming bump.

11 months agoFix a <= 5-byte buffer overwrite in print_bin()
tb [Tue, 21 Nov 2023 16:31:31 +0000 (16:31 +0000)]
Fix a <= 5-byte buffer overwrite in print_bin()

If the offset is > 124, this function would overwrite between 1 and 5 bytes
of stack space after str[128]. So for a quick fix extend the buffer by 5
bytes. Obviously this is the permanent fix chosen elswehere. The proper fix
will be to rewrite this function from scratch.

Reported in detail by Masaru Masuda, many thanks!
Fixes https://github.com/libressl/openbsd/issues/145

begrudging ok from beck

11 months agoDo not short-circuit localhost resolution when AI_NUMERICHOST is set.
florian [Tue, 21 Nov 2023 15:26:56 +0000 (15:26 +0000)]
Do not short-circuit localhost resolution when AI_NUMERICHOST is set.

localhost is not a valid IP address and so getaddrinfo(3) has to fail.
Found by anton in pfctl & ipsecctl regress.

OK anton

11 months agoFix kernel build without option PTRACE, but with dt(4).
bluhm [Tue, 21 Nov 2023 14:00:13 +0000 (14:00 +0000)]
Fix kernel build without option PTRACE, but with dt(4).

Since revision 1.26 dt_ioctl_get_auxbase() is calling process_domem().
Build the latter function into kernel if pseudo device dt is enabled.

from Matthias Pitzl; OK claudio@

11 months agoSet sc_rtfilter to specific ROUTE_FILTER() values, as was originally
martijn [Tue, 21 Nov 2023 08:49:08 +0000 (08:49 +0000)]
Set sc_rtfilter to specific ROUTE_FILTER() values, as was originally
intended, instead of filtering out everything.

OK sthen@

11 months agoMake RTFILTER/filter-routes a simple boolean assignment, since the
martijn [Tue, 21 Nov 2023 08:47:04 +0000 (08:47 +0000)]
Make RTFILTER/filter-routes a simple boolean assignment, since the
specific value isn't used anymore, and is just used to generate an
argument for snmpd_metrics.

OK tb@

11 months agoAdd '-e' (or -eltorito-boot-efi) option for writing an EFI eltorito boot
jmatthew [Tue, 21 Nov 2023 08:46:06 +0000 (08:46 +0000)]
Add '-e' (or -eltorito-boot-efi) option for writing an EFI eltorito boot
image, in addition to or instead of the x86 boot image, to the output file.
Per the UEFI standard, the EFI boot image should be an image of an EFI
System Partition to be loaded in no-emulation mode, so we always record it
that way rather than checking if it looks like a floppy image.

with, tested by and ok yasuoka@
strong encouragement from deraadt@

11 months agodrm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
jsg [Tue, 21 Nov 2023 02:32:56 +0000 (02:32 +0000)]
drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE

From Erik Kurzinger
3bbf06efb8ed88fbafe7b10b79837b8300372f94 in linux-6.1.y/6.1.63
101c9f637efa1655f55876644d4439e552267527 in mainline linux

11 months agodrm/amd/display: Bail from dm_check_crtc_cursor if no relevant change
jsg [Tue, 21 Nov 2023 02:30:21 +0000 (02:30 +0000)]
drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change

From Michel Daenzer
03e334565d2d67673d7405b5b4a746da0fc20f71 in linux-6.1.y/6.1.63
bc0b79ce2050aa523c38c96b6d26340a96bfbdca in mainline linux

11 months agodrm/amd/display: Refactor dm_get_plane_scale helper
jsg [Tue, 21 Nov 2023 02:28:24 +0000 (02:28 +0000)]
drm/amd/display: Refactor dm_get_plane_scale helper

From Michel Daenzer
a99afba394a9b014eafaca2aa83495d651054bb1 in linux-6.1.y/6.1.63
ec4d770bbb155674c2497f255f4199bdc42287a9 in mainline linux

11 months agodrm/amd/display: Check all enabled planes in dm_check_crtc_cursor
jsg [Tue, 21 Nov 2023 02:26:43 +0000 (02:26 +0000)]
drm/amd/display: Check all enabled planes in dm_check_crtc_cursor

From Michel Daenzer
896066202757b5c890ee670840ba985d48da2e0e in linux-6.1.y/6.1.63
003048ddf44b1a6cfa57afa5a0cf40673e13f1ba in mainline linux

11 months agodrm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
jsg [Tue, 21 Nov 2023 02:23:24 +0000 (02:23 +0000)]
drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code

From Xiaogang Chen
9eae81af9243aabb75bdf638fd773cdee0907f92 in linux-6.1.y/6.1.63
7bfaa160caed8192f8262c4638f552cad94bcf5a in mainline linux

11 months agodrm/radeon: possible buffer overflow
jsg [Tue, 21 Nov 2023 02:22:04 +0000 (02:22 +0000)]
drm/radeon: possible buffer overflow

From Konstantin Meskhidze
341e79f8aec6af6b0061b8171d77b085835c6a58 in linux-6.1.y/6.1.63
dd05484f99d16715a88eedfca363828ef9a4c2d4 in mainline linux

11 months agoadd more product names in comments
jsg [Tue, 21 Nov 2023 02:18:47 +0000 (02:18 +0000)]
add more product names in comments

11 months agoHandle rx error.
kettenis [Mon, 20 Nov 2023 20:41:18 +0000 (20:41 +0000)]
Handle rx error.

ok miod@

11 months agoStop erroring out when .gcc_except_table relocs point at discarded sections
jca [Mon, 20 Nov 2023 19:29:18 +0000 (19:29 +0000)]
Stop erroring out when .gcc_except_table relocs point at discarded sections

lang/gcc on riscv64 has a wart, it creates such relocs which upset ld.lld.
The workaround I have used in lang/gcc since Sep 2022 doesn't work any
more, so ask ld.lld to be more lenient.  This will let the fortran ports
and friends build on riscv64.  clang has fixed since some time already,
but our lang/gcc port will likely keep that wart for some time.

Upstream report: https://reviews.llvm.org/D83244

Input and ok kettenis@

11 months agoInclude <dev/efi/efiio.h> to pretty print EFIIOC_* ioctls
kn [Mon, 20 Nov 2023 17:48:27 +0000 (17:48 +0000)]
Include <dev/efi/efiio.h> to pretty print EFIIOC_* ioctls

No base usage yet, only efivar(1) from sysutils/efivar.

OK guenther

11 months agoSort includes, <scsi/scsi_all.h> before <dev/*>
kn [Mon, 20 Nov 2023 17:43:51 +0000 (17:43 +0000)]
Sort includes, <scsi/scsi_all.h> before <dev/*>

For/OK guenther

11 months agoRevert 1.18 and randomly sort kernel object files again now that the issue
miod [Mon, 20 Nov 2023 16:11:45 +0000 (16:11 +0000)]
Revert 1.18 and randomly sort kernel object files again now that the issue
has been addressed.

11 months agoMake sure the low two bits of stvec are always zero (since we don't use
miod [Mon, 20 Nov 2023 16:10:37 +0000 (16:10 +0000)]
Make sure the low two bits of stvec are always zero (since we don't use
vectored exceptions) by adding an alignment constraint to cpu_exception_handler.

11 months agoRename struct imsgbuf *ibuf to *imsgbuf. Same was done in bgpd.
claudio [Mon, 20 Nov 2023 14:41:55 +0000 (14:41 +0000)]
Rename struct imsgbuf *ibuf to *imsgbuf. Same was done in bgpd.
OK tb@

11 months agoKNF, fix long line.
claudio [Mon, 20 Nov 2023 14:40:52 +0000 (14:40 +0000)]
KNF, fix long line.
OK tb@

11 months agoKNF
claudio [Mon, 20 Nov 2023 14:18:21 +0000 (14:18 +0000)]
KNF

11 months agolocalhost is either 127.0.0.1 or ::1, nothing else.
florian [Mon, 20 Nov 2023 12:15:16 +0000 (12:15 +0000)]
localhost is either 127.0.0.1 or ::1, nothing else.

RFC 6761, 6.3 Domain Name Reservation Considerations for "localhost.":
   3.  Name resolution APIs and libraries SHOULD recognize localhost
       names as special and SHOULD always return the IP loopback address
       for address queries and negative responses for all other query
       types.  Name resolution APIs SHOULD NOT send queries for
       localhost names to their configured caching DNS server(s).

This makes sure that the getaddrinfo(3) and gethostbyname(3) family of
functions always return the loopback address and do not send queries
to name servers. This includes "localhost", "localhost." and
everything under ".localhost" and ".localhost.".

For example, a host underneath the .com.ar zone will per default have
a search list of "com.ar.". resolv.conf(5) has a default of "lookup
bind file". Both combined will result in lookups for "localhost" to
not return 127.0.0.1 because localhost.com.ar is registered in DNS.

It has been known for decades that this is a problem, especially for
localhost.

Problem recently spotted by gonzalo@ and debugged by sthen@

Testing sthen, gonzalo
Input & OK phessler, eric, millert
OK sthen, kn, deraadt

11 months agoAdd a couple of tests for handling of tcp connections.
martijn [Mon, 20 Nov 2023 10:34:21 +0000 (10:34 +0000)]
Add a couple of tests for handling of tcp connections.

11 months agoIn snmpe_writecb, don't call snmpe_prepare_read() when there's still
martijn [Mon, 20 Nov 2023 10:32:45 +0000 (10:32 +0000)]
In snmpe_writecb, don't call snmpe_prepare_read() when there's still
data left inside sm_data. If there's an incomplete packet left in the
buffer it will be called from snmpe_tryparse, if there's a complete
packet left we can end up with new events from the tcp socket, which the
tcp subsystem isn't prepared to handle.

OK tb@

11 months agoCode changes between llvm 13 and 16 mean that we have to drop the final dot
kettenis [Mon, 20 Nov 2023 10:11:03 +0000 (10:11 +0000)]
Code changes between llvm 13 and 16 mean that we have to drop the final dot
for the .openbsd.randomdata and .openbsd.mutable section merging code.

ok jca@

11 months agoRestore lost patch: downgrade RISCV ABI mismatch error to a warning
jca [Mon, 20 Nov 2023 04:53:11 +0000 (04:53 +0000)]
Restore lost patch: downgrade RISCV ABI mismatch error to a warning

This lets lld link code with object files created with ld -b binary,
as used by several ports (mupdf, postgresql-pllua, various games).
Upstream report with an unfinished diff: https://reviews.llvm.org/D106378

ok gkoehler@ kettenis@

11 months agoset errno=EAFNOSUPPORT when filtering addresses that don't match
djm [Mon, 20 Nov 2023 02:50:00 +0000 (02:50 +0000)]
set errno=EAFNOSUPPORT when filtering addresses that don't match
AddressFamily; yields slightly better error message if no address
matches. bz#3526

11 months agoonly enable bti and pac by default on arm64
jsg [Mon, 20 Nov 2023 01:35:21 +0000 (01:35 +0000)]
only enable bti and pac by default on arm64

before this change, clang on armv7 defined __ARM_FEATURE_BTI_DEFAULT and
__ARM_FEATURE_PAC_DEFAULT which broke the build of llvm libunwind

ok kettenis@ deraadt@

11 months agoStill need engine.h for ENGINE_free()
tb [Mon, 20 Nov 2023 01:20:19 +0000 (01:20 +0000)]
Still need engine.h for ENGINE_free()

But do away with the OPENSSL_NO_ENGINE dance.

11 months agoMark up an occurrence of ENGINE
tb [Sun, 19 Nov 2023 21:13:47 +0000 (21:13 +0000)]
Mark up an occurrence of ENGINE

11 months agoENGINE can no longer have ex_data attached to it
tb [Sun, 19 Nov 2023 21:08:04 +0000 (21:08 +0000)]
ENGINE can no longer have ex_data attached to it

11 months agoRemove musings how ENGINE may or may not screw everything up.
tb [Sun, 19 Nov 2023 21:06:15 +0000 (21:06 +0000)]
Remove musings how ENGINE may or may not screw everything up.

11 months agoRemove ENGINE mention in RSA_new()
tb [Sun, 19 Nov 2023 21:03:22 +0000 (21:03 +0000)]
Remove ENGINE mention in RSA_new()

11 months agoOPENSSL_config() no longer calls ENGINE_load_builtin_engines()
tb [Sun, 19 Nov 2023 21:01:27 +0000 (21:01 +0000)]
OPENSSL_config() no longer calls ENGINE_load_builtin_engines()

11 months agoENGINE_add_conf_module() no longer exists
tb [Sun, 19 Nov 2023 20:59:00 +0000 (20:59 +0000)]
ENGINE_add_conf_module() no longer exists

11 months agoRemove ENGINE Xr that I left behind
tb [Sun, 19 Nov 2023 20:58:07 +0000 (20:58 +0000)]
Remove ENGINE Xr that I left behind

11 months agozap stray comma
tb [Sun, 19 Nov 2023 20:54:14 +0000 (20:54 +0000)]
zap stray comma

11 months agoDisable LOAD_STACK_GUARD on OpenBSD/armv7. It seems the implementation
kettenis [Sun, 19 Nov 2023 16:42:05 +0000 (16:42 +0000)]
Disable LOAD_STACK_GUARD on OpenBSD/armv7.  It seems the implementation
is incomplete resulting in SIGSEGV with the OpenBSD default options.

ok deraadt@, jsg@

11 months agoUnifdef OPENSSL_NO_ENGINE in libssl
tb [Sun, 19 Nov 2023 15:51:49 +0000 (15:51 +0000)]
Unifdef OPENSSL_NO_ENGINE in libssl

As usual, a few manual fixes to avoid duplicate lines.

ok jsing

11 months agoManually unifdef OPENSSL_NO_ENGINE in ssl_clnt.c
tb [Sun, 19 Nov 2023 15:50:29 +0000 (15:50 +0000)]
Manually unifdef OPENSSL_NO_ENGINE in ssl_clnt.c

This allows us to simplify ssl_do_client_cert_cb() a bit.

ok jsing

11 months agoRename an ENGINE from e to engine for consistency
tb [Sun, 19 Nov 2023 15:47:40 +0000 (15:47 +0000)]
Rename an ENGINE from e to engine for consistency

11 months agoUnifdef OPENSSL_NO_ENGINE in libcrypto
tb [Sun, 19 Nov 2023 15:46:09 +0000 (15:46 +0000)]
Unifdef OPENSSL_NO_ENGINE in libcrypto

This is mechanical apart from a few manual edits to avoid doubled empty
lines.

ok jsing

11 months agoUnifdef OPENSSL_NO_ENGINE in pmeth_lib.c
tb [Sun, 19 Nov 2023 15:43:52 +0000 (15:43 +0000)]
Unifdef OPENSSL_NO_ENGINE in pmeth_lib.c

This includes a manual intervention for the call to EVP_PKEY_meth_find()
which ended up in the middle of nowhere.

ok jsing

11 months agoUnifdef OPENSSL_NO_ENGINE in engine.h
tb [Sun, 19 Nov 2023 15:41:46 +0000 (15:41 +0000)]
Unifdef OPENSSL_NO_ENGINE in engine.h

Also rip out all the gross, useless comments. There's still too much
garbage in here...

ok jsing

11 months agoAlso mention ENGINE_{cleanup,{ctrl_cmd{,_string}()
tb [Sun, 19 Nov 2023 15:40:12 +0000 (15:40 +0000)]
Also mention ENGINE_{cleanup,{ctrl_cmd{,_string}()

11 months agoRemove last OPENSSL_NO_ENGINE from libssl regress
tb [Sun, 19 Nov 2023 13:12:06 +0000 (13:12 +0000)]
Remove last OPENSSL_NO_ENGINE from libssl regress

11 months agoUnifdef OPENSSL_NO_ENGINE in libcrypto regress
tb [Sun, 19 Nov 2023 13:11:05 +0000 (13:11 +0000)]
Unifdef OPENSSL_NO_ENGINE in libcrypto regress

11 months agoMissing period
tb [Sun, 19 Nov 2023 11:50:02 +0000 (11:50 +0000)]
Missing period

11 months agofix grammar
tb [Sun, 19 Nov 2023 11:47:25 +0000 (11:47 +0000)]
fix grammar

11 months agoutil.c requires stdint.h for UINT32_MAX and friends.
claudio [Sun, 19 Nov 2023 10:41:25 +0000 (10:41 +0000)]
util.c requires stdint.h for UINT32_MAX and friends.
OK tb@

11 months agosync
tb [Sun, 19 Nov 2023 10:37:35 +0000 (10:37 +0000)]
sync

11 months agoRemove remaining ENGINE manuals
tb [Sun, 19 Nov 2023 10:36:14 +0000 (10:36 +0000)]
Remove remaining ENGINE manuals

They document functionality that no longer exists.

11 months agoStrip mention of ENGINE out of *_set_method.3
tb [Sun, 19 Nov 2023 10:34:26 +0000 (10:34 +0000)]
Strip mention of ENGINE out of *_set_method.3

11 months agoStrip out mentions of ENGINE_load_builtin_engines()
tb [Sun, 19 Nov 2023 10:27:49 +0000 (10:27 +0000)]
Strip out mentions of ENGINE_load_builtin_engines()

There's probably more that needs to be updated here, but that can be done
another day.

11 months agoex data for ENGINEs is no longer a thing
tb [Sun, 19 Nov 2023 10:26:36 +0000 (10:26 +0000)]
ex data for ENGINEs is no longer a thing

11 months agoRemove section explaining how great and flexible ENGINE is and
tb [Sun, 19 Nov 2023 10:25:28 +0000 (10:25 +0000)]
Remove section explaining how great and flexible ENGINE is and
remove two Xr to ENGINE manuals.

11 months agoRemove obsolete engine configuration section
tb [Sun, 19 Nov 2023 10:23:53 +0000 (10:23 +0000)]
Remove obsolete engine configuration section

11 months agoDocument the remaining ENGINE stubs in a single manual
tb [Sun, 19 Nov 2023 10:19:54 +0000 (10:19 +0000)]
Document the remaining ENGINE stubs in a single manual

11 months agoEVP_PKEY_encrypt() simplify example
tb [Sun, 19 Nov 2023 10:09:27 +0000 (10:09 +0000)]
EVP_PKEY_encrypt() simplify example

In particular, do not use an uninitialized engine, simply pass NULL.

11 months agoopenssl pkcs12: rewrite without reaching into X509_ALGOR
tb [Sun, 19 Nov 2023 09:29:11 +0000 (09:29 +0000)]
openssl pkcs12: rewrite without reaching into X509_ALGOR

We can call ASN1_item_unpack() which will end up stuffing the same
arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates
the last struct access into X509_ALGOR outside libcrypto in the base
tree.

ok jsing

11 months agoopenssl ts: convert to X509_ALGOR_set0()
tb [Sun, 19 Nov 2023 09:19:54 +0000 (09:19 +0000)]
openssl ts: convert to X509_ALGOR_set0()

ok jsing

11 months agoFix cc -ftrapping-math on macppc
gkoehler [Sun, 19 Nov 2023 01:14:07 +0000 (01:14 +0000)]
Fix cc -ftrapping-math on macppc

Handle CALL_RM like CALL for 32-bit ELF.  If a function call has the
strictfp attribute, its opcode changes from CALL to CALL_RM.  If a
call uses the secure PLT, then it must getGlobalBaseReg() to set r30.

After I rebuilt xenocara/lib/pixman with this change, Xorg stopped
crashing on my macppc.  pixman uses cc -ftrapping-math which puts
strictfp on each function call.

https://github.com/llvm/llvm-project/pull/72758

ok jca@ tobhe@ deraadt@

11 months agoneed to use a slightly different asm syntax..
deraadt [Sun, 19 Nov 2023 00:46:54 +0000 (00:46 +0000)]
need to use a slightly different asm syntax..

11 months agosync zlib with userland
tb [Sat, 18 Nov 2023 22:43:56 +0000 (22:43 +0000)]
sync zlib with userland

11 months agolibz sync with develop branch, discussed with deraadt
tb [Sat, 18 Nov 2023 22:43:25 +0000 (22:43 +0000)]
libz sync with develop branch, discussed with deraadt

Apart from cosmetics, this includes the following commits:

Add LIT_MEM define to use more memory for a small deflate speedup.

A bug fix in zlib 1.2.12 resulted in a slight slowdown (1-2%) of
deflate. This commit provides the option to #define LIT_MEM, which
uses more memory to reverse most of that slowdown. The memory for
the pending buffer and symbol buffers is increased by 25%, which
increases the total memory usage with the default parameters by
about 6%.

https://github.com/madler/zlib/commit/ac8f12c97d1afd9bafa9c710f827d40a407d3266

Fix bug in inflateSync() for data held in bit buffer.

https://github.com/madler/zlib/commit/5af7cef45eeef86ddf6ab00b4e363c1eecaf47b6

11 months agoSync example.c and minigzip.c with upstream.
tb [Sat, 18 Nov 2023 22:40:14 +0000 (22:40 +0000)]
Sync example.c and minigzip.c with upstream.

This silences lots of K&R warning noise.

11 months agooops another copy of the prototype
deraadt [Sat, 18 Nov 2023 18:02:47 +0000 (18:02 +0000)]
oops another copy of the prototype

11 months agocrt0 uses a helper function in a MD src/libexec/ld.so .h file (rather than
deraadt [Sat, 18 Nov 2023 16:26:15 +0000 (16:26 +0000)]
crt0 uses a helper function in a MD src/libexec/ld.so .h file (rather than
reproducing the relevant defines and code in a different place) to perform
minor relocations.  If things go very wrong, it would call _dl_exit() --
a locally defined crt0 function which is syscall exit(2).  We don't need
to call exit(2) for this obscure case which doesn't happen and provides no
debugging information. An 'abort' is going to provide better information.
So let's change the function name to _dso_abort() and make it a single
illegal instruction.
ok guenther

11 months agoScan past whitespace before checking if flag string starts
krw [Sat, 18 Nov 2023 15:42:09 +0000 (15:42 +0000)]
Scan past whitespace before checking if flag string starts
with "0x".

Pointed out by Philippe Meunier.

11 months agoCheck for negative EVP_CIPHER_CTX_iv_length() return in libssl
tb [Sat, 18 Nov 2023 10:51:09 +0000 (10:51 +0000)]
Check for negative EVP_CIPHER_CTX_iv_length() return in libssl

ok beck

11 months agoForgot to fix one unsigned int vs int confusion
tb [Sat, 18 Nov 2023 10:46:58 +0000 (10:46 +0000)]
Forgot to fix one unsigned int vs int confusion

CID 468015

11 months agoCheck for negative IV length
tb [Sat, 18 Nov 2023 09:37:15 +0000 (09:37 +0000)]
Check for negative IV length

A recent change in EVP_CIPHER_CTX_iv_length() made it possible in principle
that this function returns -1. This can only happen for an incorrectly set
up EVP_CIPHER. Still it is better form to check for negative lengths before
stuffing it into a memcpy().

It would probably be desirable to cap the iv_length to something large
enough. This can be done another time.

ok beck

11 months agosync
sthen [Sat, 18 Nov 2023 09:15:05 +0000 (09:15 +0000)]
sync

11 months agoFix make other_two target by coping with leapseconds being placed in
anton [Sat, 18 Nov 2023 07:18:07 +0000 (07:18 +0000)]
Fix make other_two target by coping with leapseconds being placed in
objdir by now.

11 months agoRename internal function imsg_get_fd() to imsg_dequeue_fd().
claudio [Sat, 18 Nov 2023 07:14:13 +0000 (07:14 +0000)]
Rename internal function imsg_get_fd() to imsg_dequeue_fd().
OK tb@

11 months agoports specified on tunnel destination addresses are invalid.
dlg [Sat, 18 Nov 2023 00:23:38 +0000 (00:23 +0000)]
ports specified on tunnel destination addresses are invalid.

11 months agoUse "mv -f" when moving the output file into place in the obj dir.
millert [Fri, 17 Nov 2023 21:54:20 +0000 (21:54 +0000)]
Use "mv -f" when moving the output file into place in the obj dir.

11 months agozoneinfo: install tzdata.zi and leap-seconds.list
millert [Fri, 17 Nov 2023 21:51:37 +0000 (21:51 +0000)]
zoneinfo: install tzdata.zi and leap-seconds.list

Build and install the tzdata.zi file and build the leapseconds file
from leap-seconds.list (installing both versions).  Third-party
software now expects these files to be installed.  OK sthen@ deraadt@

11 months agoUse -mxgot to avoid GOT overflow during build on mips64.
visa [Fri, 17 Nov 2023 15:46:58 +0000 (15:46 +0000)]
Use -mxgot to avoid GOT overflow during build on mips64.

Tested by deraadt@

11 months agoThe term peerid originated from bgpd. It is time to generalize this and
claudio [Fri, 17 Nov 2023 15:35:15 +0000 (15:35 +0000)]
The term peerid originated from bgpd. It is time to generalize this and
just call it id. This only targets the function arguments but not the
struct imsg_hdr field since that is a major API break.
OK tb@

11 months agoSet "unique_subject = no" to allow renewing expired certificates.
tobhe [Fri, 17 Nov 2023 14:43:36 +0000 (14:43 +0000)]
Set "unique_subject = no" to allow renewing expired certificates.
Without this, openssl throws an error when creating a second req for
the same subject which leads to ikectl deleting the old cert without
creating a new one.

Reported by Ryan Kavanagh in openiked-portable here:
https://github.com/openiked/openiked-portable/issues/125

discussed with tb@
ok patrick@

11 months agorename struct imsgbuf *ibuf to *imsgbuf since ibuf is too close to
claudio [Fri, 17 Nov 2023 13:43:32 +0000 (13:43 +0000)]
rename struct imsgbuf *ibuf to *imsgbuf since ibuf is too close to
struct ibuf and just causes confusion for little gain.

OK tb@ stsp@

11 months agoDo not log errors form pcap_dispatch() caused by signals.
claudio [Fri, 17 Nov 2023 12:10:23 +0000 (12:10 +0000)]
Do not log errors form pcap_dispatch() caused by signals.

pcap_dispatch() returns -1 (PCAP_ERROR) or -2 (PCAP_ERROR_BREAK) the
latter is used when a signal is received and is not an error. So limit
the code to log errors to np == -1.
OK semarie@ sashan@

11 months agoMention which functions are implemented as macros in the few cases
schwarze [Thu, 16 Nov 2023 20:27:43 +0000 (20:27 +0000)]
Mention which functions are implemented as macros in the few cases
where that information was missing.

11 months agodrop some duplicate statements about macros
schwarze [Thu, 16 Nov 2023 20:19:23 +0000 (20:19 +0000)]
drop some duplicate statements about macros

11 months agofix wrong macro
schwarze [Thu, 16 Nov 2023 20:17:04 +0000 (20:17 +0000)]
fix wrong macro

11 months agodowngrade -Wint-conversion to a warning
robert [Thu, 16 Nov 2023 19:38:44 +0000 (19:38 +0000)]
downgrade -Wint-conversion to a warning

autoconf might misinterpet this so we need to do a full sweep
before it can be upgraded to an error again