openbsd
10 months agoxargs: fix parsing of empty fields when "xargs -0" is used.
millert [Fri, 22 Dec 2023 17:12:13 +0000 (17:12 +0000)]
xargs: fix parsing of empty fields when "xargs -0" is used.
Previously, these fields would be skipped.  From Hiltjo Posthuma.

10 months agoAdd length checks for partial_len
tb [Fri, 22 Dec 2023 14:58:05 +0000 (14:58 +0000)]
Add length checks for partial_len

These remove a few more potential out-of-bounds accesses and ensure in
particular that the padding is between 1 and block_size (inclusive).

ok joshua jsing

10 months agosync
deraadt [Fri, 22 Dec 2023 13:48:04 +0000 (13:48 +0000)]
sync

10 months agoRename check_hosts()
tb [Fri, 22 Dec 2023 13:46:37 +0000 (13:46 +0000)]
Rename check_hosts()

10 months agoReplace check_trust() with its x509_vfy_ prefixed wrapper
tb [Fri, 22 Dec 2023 13:45:28 +0000 (13:45 +0000)]
Replace check_trust() with its x509_vfy_ prefixed wrapper

10 months agoReplace check_chain_extensions() with its x509_vfy_ wrapper
tb [Fri, 22 Dec 2023 13:42:18 +0000 (13:42 +0000)]
Replace check_chain_extensions() with its x509_vfy_ wrapper

10 months agoReplace check_id() with its x509_vfy_check_id() wrapper
tb [Fri, 22 Dec 2023 13:36:20 +0000 (13:36 +0000)]
Replace check_id() with its x509_vfy_check_id() wrapper

10 months agoRemove a bunch of function pointers from X509_STORE_CTX
tb [Fri, 22 Dec 2023 13:31:35 +0000 (13:31 +0000)]
Remove a bunch of function pointers from X509_STORE_CTX

These are only ever set to one particular function which is either local
to this file or part of the public API and we never added the public API
to set them to something else. Prefix the local functions touched in this
commit with x509_vfy_. More cleanup to follow.

ok joshua jsing

10 months agoCall log_setverbosity() directly after getopt() so that debugging
martijn [Fri, 22 Dec 2023 13:04:30 +0000 (13:04 +0000)]
Call log_setverbosity() directly after getopt() so that debugging
information during config-parsing can be displayed.

OK tb@

10 months agoRemove a log_debug from usm_checkuser(). It would only display what is in
martijn [Fri, 22 Dec 2023 13:03:16 +0000 (13:03 +0000)]
Remove a log_debug from usm_checkuser(). It would only display what is in
the config and was never actually displayed because of insufficient
verbosity level during config-parsing and would display the wrong auth
algorithm for SHA2.

OK tb@

10 months agohandle MODPY_PYBUILD=jupyter_packaging
sthen [Fri, 22 Dec 2023 12:51:53 +0000 (12:51 +0000)]
handle MODPY_PYBUILD=jupyter_packaging

10 months agoSimplify some logic in EVP_EncryptInit_ex()
tb [Fri, 22 Dec 2023 12:35:22 +0000 (12:35 +0000)]
Simplify some logic in EVP_EncryptInit_ex()

Pull up the EVP_R_NO_CIPHER_SET check that was hidden somewhere down in the
middle of the function. Handle the reuse case outside of the big non-NULL
cipher case for now. This looks a bit odd but relies on the invariant that
cipher_data is only set if the cipher is set. It will be reworked in a
subsequent commit.

ok jsing

10 months agoClean up includes in cms_smime.c
tb [Fri, 22 Dec 2023 10:23:11 +0000 (10:23 +0000)]
Clean up includes in cms_smime.c

10 months agoevp_enc: make some flag checks explicit
tb [Fri, 22 Dec 2023 10:20:33 +0000 (10:20 +0000)]
evp_enc: make some flag checks explicit

ok joshua jsing

10 months agoRemove cleanup() and get_crl() from X509_STORE_CTX
tb [Fri, 22 Dec 2023 09:40:14 +0000 (09:40 +0000)]
Remove cleanup() and get_crl() from X509_STORE_CTX

ok jsing

10 months agoRemove unused function pointers from X509_STORE
tb [Fri, 22 Dec 2023 07:35:09 +0000 (07:35 +0000)]
Remove unused function pointers from X509_STORE

The struct underlying the X509_STORE type is opaque ars and nothing uses
the accessors that OpenSSL added blindly for these. Therefore we didn't
add them in the first place. So this rips out several dozens of lines of
dead code.

ok beck joshua jsing

10 months agoUpdate microcode, initialization and reset behavior.
kevlo [Fri, 22 Dec 2023 05:28:14 +0000 (05:28 +0000)]
Update microcode, initialization and reset behavior.
Remove two chip versions (identified by MAC_CFG2 and MAC_CFG4) support that
may not be available in the market, and also raise rxring lwm to 32.

Tested by Nick Owens.

10 months agoRemove EVP_PKEY_asn1_add{0,_alias}() documentation
tb [Thu, 21 Dec 2023 21:32:01 +0000 (21:32 +0000)]
Remove EVP_PKEY_asn1_add{0,_alias}() documentation

This API was recently neutered and will be removed in the next major bump.
Mark it as intentionally undocumented in EVP_PKEY_asn1_new.3 and remove it
from all other manuals.

10 months agoMark some API-to-be-removed as intentionally undocumented
tb [Thu, 21 Dec 2023 21:23:37 +0000 (21:23 +0000)]
Mark some API-to-be-removed as intentionally undocumented

10 months agoRemove some superfluous parentheses
tb [Thu, 21 Dec 2023 20:50:43 +0000 (20:50 +0000)]
Remove some superfluous parentheses

10 months agoNew TEMPerGold sensor; reported by Mikolaj Kucharski on bugs@
miod [Thu, 21 Dec 2023 19:40:47 +0000 (19:40 +0000)]
New TEMPerGold sensor; reported by Mikolaj Kucharski on bugs@

10 months agoRemove logic and comments related to INDIR now that they aren't supported
miod [Thu, 21 Dec 2023 19:34:07 +0000 (19:34 +0000)]
Remove logic and comments related to INDIR now that they aren't supported
anymore.
ok tb@ deraadt@, no need to regen anything

10 months agomib_init() and MIB() disappeared with mib.c, remove their declarations.
martijn [Thu, 21 Dec 2023 13:54:05 +0000 (13:54 +0000)]
mib_init() and MIB() disappeared with mib.c, remove their declarations.
MIBDECL() and MIBEND are only used inside mib.h, so move their definition
in there.

OK tb@

10 months agoClean up snmpd's header situation.
martijn [Thu, 21 Dec 2023 12:43:30 +0000 (12:43 +0000)]
Clean up snmpd's header situation.

With the help of tb@ and include-what-you-use.

OK tb@

10 months agoTweak comment, the actual format is "ucom<unit#>:<usb id>"
jca [Thu, 21 Dec 2023 11:25:38 +0000 (11:25 +0000)]
Tweak comment, the actual format is "ucom<unit#>:<usb id>"

ok krw@

10 months agoFix a few unchecked allocations; ok millert@ miod@
otto [Thu, 21 Dec 2023 08:01:21 +0000 (08:01 +0000)]
Fix a few unchecked allocations; ok millert@ miod@

10 months agodrm/i915: Fix remapped stride with CCS on ADL+
jsg [Thu, 21 Dec 2023 03:49:28 +0000 (03:49 +0000)]
drm/i915: Fix remapped stride with CCS on ADL+

From Ville Syrjala
7b0faa541f15af170607e565ceca1ae44e6daa35 in linux-6.1.y/6.1.69
0ccd963fe555451b1f84e6d14d2b3ef03dd5c947 in mainline linux

10 months agodrm/amd/display: Disable PSR-SU on Parade 0803 TCON again
jsg [Thu, 21 Dec 2023 03:47:04 +0000 (03:47 +0000)]
drm/amd/display: Disable PSR-SU on Parade 0803 TCON again

From Mario Limonciello
20907717918f0487258424631b704c7248a72da2 in linux-6.1.y/6.1.69
e7ab758741672acb21c5d841a9f0309d30e48a06 in mainline linux

10 months agodrm/amdgpu: fix tear down order in amdgpu_vm_pt_free
jsg [Thu, 21 Dec 2023 03:45:45 +0000 (03:45 +0000)]
drm/amdgpu: fix tear down order in amdgpu_vm_pt_free

From Christian Koenig
a9e2de19433fe0b63c080e910cce9954745cd903 in linux-6.1.y/6.1.69
ceb9a321e7639700844aa3bf234a4e0884f13b77 in mainline linux

10 months agodrm/amdgpu/sdma5.2: add begin/end_use ring callbacks
jsg [Thu, 21 Dec 2023 03:43:28 +0000 (03:43 +0000)]
drm/amdgpu/sdma5.2: add begin/end_use ring callbacks

From Alex Deucher
78b2ba39beef21c8baebb1868569c2026ad76de0 in linux-6.1.y/6.1.69
ab4750332dbe535243def5dcebc24ca00c1f98ac in mainline linux

10 months agouse strnstr paths in amdgpu
jsg [Thu, 21 Dec 2023 03:09:08 +0000 (03:09 +0000)]
use strnstr paths in amdgpu

10 months agoadd strnstr(9) string search within character limit
jsg [Thu, 21 Dec 2023 02:57:14 +0000 (02:57 +0000)]
add strnstr(9) string search within character limit

From Mike Barcroft in FreeBSD.  Added to FreeBSD in 2001, Linux in 2010.
Used in amdgpu.

ok deraadt@

10 months agoPrint the proper file name in case we fail to allocate a "path" extended header
jca [Thu, 21 Dec 2023 01:20:54 +0000 (01:20 +0000)]
Print the proper file name in case we fail to allocate a "path" extended header

Use name, not ln_name.  Pasto introduced in previous.

10 months agoClean up includes in cms_pwri.c
tb [Wed, 20 Dec 2023 18:38:19 +0000 (18:38 +0000)]
Clean up includes in cms_pwri.c

10 months agoupdate to nsd 4.8.0
florian [Wed, 20 Dec 2023 17:29:01 +0000 (17:29 +0000)]
update to nsd 4.8.0
OK sthen

10 months agointroduce log_ntp_addr() and use it where applicable, avoids a null
otto [Wed, 20 Dec 2023 15:36:36 +0000 (15:36 +0000)]
introduce log_ntp_addr() and use it where applicable, avoids a null
pointer deref in constraint.c reported by bluhm@; ok millert@

10 months agocreate a stub for pinsyscalls(2)
deraadt [Wed, 20 Dec 2023 14:54:29 +0000 (14:54 +0000)]
create a stub for pinsyscalls(2)

10 months agothere is a super-alignment between btext and text, this creates a hole.
deraadt [Wed, 20 Dec 2023 14:52:07 +0000 (14:52 +0000)]
there is a super-alignment between btext and text, this creates a hole.
Twice, I have seen the sigtramp mapping land inside that hole.  This
causes grief for the upcoming pinsyscalls() work which operates on
address space ranges.  But the micro-optimization is silly.
ok kettenis

10 months agoFor strange reasons which made sense at the time, the text segment was
deraadt [Wed, 20 Dec 2023 14:50:08 +0000 (14:50 +0000)]
For strange reasons which made sense at the time, the text segment was
placed head of the btext (boot.text) segment.  (the boot.text segment is
"unmapped" after initization, as a self-protection mechanism).  this meant
the LOAD's virtual addresses were not in sequence, which clearly isn't
what we intended.

10 months agoUse BIO_indent() for indentation in tasn_prn.c
tb [Wed, 20 Dec 2023 14:26:47 +0000 (14:26 +0000)]
Use BIO_indent() for indentation in tasn_prn.c

Using a loop to print pieces of a static buffer containing 20 spaces to
indent things is just silly. Even sillier is making this buffer const
without looking what it's actually used for... There is BIO_indent() or
BIO_printf() that can handle "%*s".

Add a length check to preserve behavior since BIO_indent() succeeds for
negattive indent.

However, peak silliness must be how BIO_dump_indent_cb() indents things.
That's for another day.

ok jsing

10 months agoRename impl into engine
tb [Wed, 20 Dec 2023 14:15:19 +0000 (14:15 +0000)]
Rename impl into engine

10 months agoRename inl to in_len throughout the file
tb [Wed, 20 Dec 2023 14:14:39 +0000 (14:14 +0000)]
Rename inl to in_len throughout the file

10 months agoRename outl into out_len throughout the file
tb [Wed, 20 Dec 2023 14:13:07 +0000 (14:13 +0000)]
Rename outl into out_len throughout the file

10 months agoTweak a comment a bit
tb [Wed, 20 Dec 2023 14:11:41 +0000 (14:11 +0000)]
Tweak a comment a bit

10 months agoRemove block_mask from EVP_CIPHER_CTX
tb [Wed, 20 Dec 2023 14:10:03 +0000 (14:10 +0000)]
Remove block_mask from EVP_CIPHER_CTX

The block mask is only used in EVP_{De,En}cryptUpdate(). There's no need to
hang it off the EVP_CIPHER_CTX since it is easy to compute and validate.

ok joshua jsing

10 months agoAdd some sanity checks for EVP_CIPHER_meth_new()
tb [Wed, 20 Dec 2023 14:05:58 +0000 (14:05 +0000)]
Add some sanity checks for EVP_CIPHER_meth_new()

Ensure that the nid and key length are non-negative and that the block
size is one of the three sizes 1, 8, or 16 supported by the EVP subsystem.

ok joshua jsing

10 months agobtrace: add support for hex and octal values.
dv [Wed, 20 Dec 2023 14:00:17 +0000 (14:00 +0000)]
btrace: add support for hex and octal values.

Changes number tokenizing and parsing to support hex & octal values.
Does not address other lexer issues (e.g. $0x1) to close gaps with
bpftrace.

OK claudio@

10 months agoMerge p_open and p_seal into p_legacy
tb [Wed, 20 Dec 2023 13:52:17 +0000 (13:52 +0000)]
Merge p_open and p_seal into p_legacy

discussed with jsing

10 months agoFold p_dec.c and p_enc.c into a new p_legacy.c
tb [Wed, 20 Dec 2023 13:46:05 +0000 (13:46 +0000)]
Fold p_dec.c and p_enc.c into a new p_legacy.c

discussed with jsing

10 months agoDon't create an sd(4) larger than what the namespace will allow.
krw [Wed, 20 Dec 2023 13:37:25 +0000 (13:37 +0000)]
Don't create an sd(4) larger than what the namespace will allow.

A namespace must satisfy

size (nsze) >= capacity (ncap) >= utilization (nuse)

Use ncap for the sd(4) size when THINP is set and ncap < nsze.

Tweak some variable names in passing to make code clearer.

ok dlg@

10 months agoLess confusing variable names in EVP_PKEY_{de,en}crypt_old()
tb [Wed, 20 Dec 2023 13:34:47 +0000 (13:34 +0000)]
Less confusing variable names in EVP_PKEY_{de,en}crypt_old()

ok jsing

10 months agoMODPY_PYBUILD: use "bootstrap" instead of "Yes"
sthen [Wed, 20 Dec 2023 13:30:51 +0000 (13:30 +0000)]
MODPY_PYBUILD: use "bootstrap" instead of "Yes"

10 months agoImprove local variable names
tb [Wed, 20 Dec 2023 11:33:52 +0000 (11:33 +0000)]
Improve local variable names

Rename the slightly awkward buf_offset into partial_len and rename
buf_avail into partial_needed to match.

suggested by jsing

10 months agoRename buf_len into partial_len in EVP_CIPHER_CTX
tb [Wed, 20 Dec 2023 11:31:17 +0000 (11:31 +0000)]
Rename buf_len into partial_len in EVP_CIPHER_CTX

suggested by jsing

10 months agoClean up EVP_DecryptFinal_ex()
tb [Wed, 20 Dec 2023 11:01:34 +0000 (11:01 +0000)]
Clean up EVP_DecryptFinal_ex()

Rework the code to use the usual variable names, return early if we
have block size 1 and unindent the remainder of the code for block
sizes 8 and 16. Rework the padding check to be less acrobatic and
copy the remainder of the plain text into out using memcpy() rather
than a for loop.

input/ok jsing

10 months agoClean up EVP_EncryptFinal_ex()
tb [Wed, 20 Dec 2023 10:42:43 +0000 (10:42 +0000)]
Clean up EVP_EncryptFinal_ex()

This switches to the variable names used in other functions, adds a
reminder to add a missing length check and uses memset for the padding.

ok jsing

10 months agoSimplify EVP_DecryptUpdate() a bit
tb [Wed, 20 Dec 2023 10:35:25 +0000 (10:35 +0000)]
Simplify EVP_DecryptUpdate() a bit

This time the block size is called b and there's some awful length
fiddling with fix_len, which until recently also served as store
for the return value for do_cipher()...

If we land on a block boundary, we keep the last block decrypted and
don't count it as part of the output. So in the next call we need to
feed it back in. Feeding it back in counts as output written this time
around, so instead of remembering that we need to adjust outl, keep a
tally of the bytes written. This way we can also do some overflow and
underflow checking.

ok jsing

10 months agoRemove commented out version of EVP_SealUpdate()
tb [Wed, 20 Dec 2023 10:15:30 +0000 (10:15 +0000)]
Remove commented out version of EVP_SealUpdate()

10 months agoRemove preprocessor mess in EVP_PKEY_{de,en}crypt_old()
tb [Wed, 20 Dec 2023 10:14:14 +0000 (10:14 +0000)]
Remove preprocessor mess in EVP_PKEY_{de,en}crypt_old()

This was done the worst possible way. It would be much simpler to invert
the logic and use a single #ifdef. jsing prefers keeping the current
logic and suggested we ditch the preprocessor mess altogether.

ok jsing, claudio agreed with the initial diff

10 months agovio(4): checksum offloading for TCP/UDP in IPv6 Packets
jan [Wed, 20 Dec 2023 09:51:06 +0000 (09:51 +0000)]
vio(4): checksum offloading for TCP/UDP in IPv6 Packets

ok sf@

10 months agoRemove iwx_wait_tx_queues_empty(); unused with current firmware versions
stsp [Wed, 20 Dec 2023 07:33:32 +0000 (07:33 +0000)]
Remove iwx_wait_tx_queues_empty(); unused with current firmware versions

Current firmware supplies a flush-command response which makes it
unnecessary to poll for empty queues after sending the flush command.

Based on a patch by Mikhail Pchelin

10 months agoEnsure that iwm/iwx devices announce VHT capabilities in probe requests.
stsp [Wed, 20 Dec 2023 07:32:05 +0000 (07:32 +0000)]
Ensure that iwm/iwx devices announce VHT capabilities in probe requests.

The previous code did not update the per-band-data length field,
resulting in firmware skipping the VHT information element in the
probe-request frame template.

Patch by Mikhail Pchelin

10 months agoRemove a changelog from 1991
tb [Wed, 20 Dec 2023 06:30:04 +0000 (06:30 +0000)]
Remove a changelog from 1991

10 months agoDES_random_key() sets the key
tb [Wed, 20 Dec 2023 06:28:04 +0000 (06:28 +0000)]
DES_random_key() sets the key

There's no need to have 60 lines of license for 4 lines of actual code.
Move DES_random_key() to set_key.c.

10 months agoRemove commented-out code
tb [Wed, 20 Dec 2023 06:22:27 +0000 (06:22 +0000)]
Remove commented-out code

10 months agobtrace: "too long line" -> "line too long"
dv [Wed, 20 Dec 2023 01:38:46 +0000 (01:38 +0000)]
btrace: "too long line" -> "line too long"

ok claudio@

10 months agoDon't unset the SA tag set by ipsec_sa_tag in ipsec_sa_iface.
tobhe [Wed, 20 Dec 2023 00:34:13 +0000 (00:34 +0000)]
Don't unset the SA tag set by ipsec_sa_tag in ipsec_sa_iface.
Fixes SA tagging and a possible leak.

from markus@

10 months agospelling; ok markus@
jsg [Wed, 20 Dec 2023 00:06:25 +0000 (00:06 +0000)]
spelling; ok markus@

10 months agoRelease inpcb mutex while calling sbwait().
bluhm [Tue, 19 Dec 2023 21:34:22 +0000 (21:34 +0000)]
Release inpcb mutex while calling sbwait().

As sbwait() may sleep, holding any mutex is not allowed.  Call
pru_unlock() before sbwait() in soreceive().

Bug spotted by sashan@; OK sashan@ mvs@

10 months agoInitialize `sc_outputtask' before interface attachment. if_alloc_sadl()
mvs [Tue, 19 Dec 2023 20:34:10 +0000 (20:34 +0000)]
Initialize `sc_outputtask' before interface attachment. if_alloc_sadl()
has sleep point, so the uninitialized `sc_outputtask` could be accessed
through ioctl(2) interface.

ok sashan bluhm

10 months agostatic binary setting a table, or dynamic binary trying to do what
deraadt [Tue, 19 Dec 2023 19:39:52 +0000 (19:39 +0000)]
static binary setting a table, or dynamic binary trying to do what
ld.so already did, will both be EPERM

10 months agoinclude KTRFAC_PINSYSCALL in the ktrace options
deraadt [Tue, 19 Dec 2023 16:31:50 +0000 (16:31 +0000)]
include KTRFAC_PINSYSCALL in the ktrace options

10 months agowhitespaces
deraadt [Tue, 19 Dec 2023 16:13:22 +0000 (16:13 +0000)]
whitespaces

10 months agoadd a malloc type for pinsyscall arrays
deraadt [Tue, 19 Dec 2023 14:40:04 +0000 (14:40 +0000)]
add a malloc type for pinsyscall arrays

10 months agoMove constraints files to the etc set
tb [Tue, 19 Dec 2023 13:50:19 +0000 (13:50 +0000)]
Move constraints files to the etc set

These are config files and once modified they should not be overwritten
if they have local changes.

ok deraadt job

10 months agoShow the RTR protocol version in the `bgpctl show rtr` output.
claudio [Tue, 19 Dec 2023 10:32:20 +0000 (10:32 +0000)]
Show the RTR protocol version in the `bgpctl show rtr` output.

Knowing the version is essential to understand if ASPA PDUs are included
or not.
OK tb@

10 months agoAdd markers
job [Tue, 19 Dec 2023 08:10:19 +0000 (08:10 +0000)]
Add markers

OK tb@

10 months ago- new sentence, new line
jmc [Tue, 19 Dec 2023 07:24:42 +0000 (07:24 +0000)]
- new sentence, new line
- zap an unused Pp

10 months agoA small cleanup of malloc_bytes(), getting rid of a goto and a tiny
otto [Tue, 19 Dec 2023 06:59:28 +0000 (06:59 +0000)]
A small cleanup of malloc_bytes(), getting rid of a goto and a tiny
bit of optimization; ok tb@ asou@

10 months agosync
deraadt [Tue, 19 Dec 2023 06:59:17 +0000 (06:59 +0000)]
sync

10 months agothe 4th argument of pinsyscalls() is now "number of pin elements",
deraadt [Tue, 19 Dec 2023 06:58:36 +0000 (06:58 +0000)]
the 4th argument of pinsyscalls() is now "number of pin elements",
not "size of the storage of the pin elements"

10 months agosort -C, and add to usage(); ok djm
jmc [Tue, 19 Dec 2023 06:57:34 +0000 (06:57 +0000)]
sort -C, and add to usage(); ok djm

10 months agopinsyscalls(2) has changed a little bit, and I can provide more advice
deraadt [Tue, 19 Dec 2023 06:57:12 +0000 (06:57 +0000)]
pinsyscalls(2) has changed a little bit, and I can provide more advice
for how it is used (in ld.so, it's not like anyone else can call it).
Also document the errors..

10 months agocorrect section numbers; from Ed Maste
djm [Tue, 19 Dec 2023 06:41:14 +0000 (06:41 +0000)]
correct section numbers; from Ed Maste

10 months agocorrect alignment placement
deraadt [Tue, 19 Dec 2023 06:27:45 +0000 (06:27 +0000)]
correct alignment placement

10 months agosoreceive() must not hold mutex when calling sblock().
bluhm [Tue, 19 Dec 2023 01:11:21 +0000 (01:11 +0000)]
soreceive() must not hold mutex when calling sblock().

In my recent commit I missed that sblock() may sleep while soreceive()
holds the incpb mutex.  Call pru_lock() after sblock().

Reported-by: syzbot+f79c896ec019553655a0@syzkaller.appspotmail.com
Reported-by: syzbot+08b6f1102e429b2d4f84@syzkaller.appspotmail.com
OK mvs@

10 months agoRephrase some warnings related to Manifests
job [Mon, 18 Dec 2023 23:42:20 +0000 (23:42 +0000)]
Rephrase some warnings related to Manifests

Feedback from Tom Harrison (APNIC)

with and OK tb@

10 months agocmac: use block_size rather than bl
tb [Mon, 18 Dec 2023 21:15:00 +0000 (21:15 +0000)]
cmac: use block_size rather than bl

This is purely mechanical apart from a single line wrap.

10 months agocorrect section the SYS_kbind syscall pin record goes into
deraadt [Mon, 18 Dec 2023 17:19:07 +0000 (17:19 +0000)]
correct section the SYS_kbind syscall pin record goes into
noticed by gnezdo

10 months agoAdd a family argument to host(). This allows us to force a specific address
martijn [Mon, 18 Dec 2023 16:58:26 +0000 (16:58 +0000)]
Add a family argument to host(). This allows us to force a specific address
family for source-address, which must be in line with the destination
address.

OK jca@

10 months agoFix copy-paste error for setting source-address in trap receiver.
martijn [Mon, 18 Dec 2023 16:56:01 +0000 (16:56 +0000)]
Fix copy-paste error for setting source-address in trap receiver.

OK jca@

10 months agomatch flag type (s/int/u_int)
djm [Mon, 18 Dec 2023 15:58:56 +0000 (15:58 +0000)]
match flag type (s/int/u_int)

10 months agoregress test for agent PKCS#11-backed certificates
djm [Mon, 18 Dec 2023 14:50:08 +0000 (14:50 +0000)]
regress test for agent PKCS#11-backed certificates

10 months agoregress test for constrained PKCS#11 keys
djm [Mon, 18 Dec 2023 14:49:39 +0000 (14:49 +0000)]
regress test for constrained PKCS#11 keys

10 months agoopenssh-9.6
djm [Mon, 18 Dec 2023 14:48:44 +0000 (14:48 +0000)]
openssh-9.6

10 months agossh-agent: record failed session-bind attempts
djm [Mon, 18 Dec 2023 14:48:08 +0000 (14:48 +0000)]
ssh-agent: record failed session-bind attempts

Record failed attempts to session-bind a connection and refuse signing
operations on that connection henceforth.

Prevents a future situation where we add a new hostkey type that is not
recognised by an older ssh-agent, that consequently causes session-bind
to fail (this situation is only likely to arise when people mix ssh(1)
and ssh-agent(1) of different versions on the same host). Previously,
after such a failure the agent socket would be considered unbound and
not subject to restriction.

Spotted by Jann Horn

10 months agoban user/hostnames with most shell metacharacters
djm [Mon, 18 Dec 2023 14:47:44 +0000 (14:47 +0000)]
ban user/hostnames with most shell metacharacters

This makes ssh(1) refuse user or host names provided on the
commandline that contain most shell metacharacters.

Some programs that invoke ssh(1) using untrusted data do not filter
metacharacters in arguments they supply. This could create
interactions with user-specified ProxyCommand and other directives
that allow shell injection attacks to occur.

It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
but getting this stuff right can be tricky, so this should prevent
most obvious ways of creating risky situations. It however is not
and cannot be perfect: ssh(1) has no practical way of interpreting
what shell quoting rules are in use and how they interact with the
user's specified ProxyCommand.

To allow configurations that use strange user or hostnames to
continue to work, this strictness is applied only to names coming
from the commandline. Names specified using User or Hostname
directives in ssh_config(5) are not affected.

feedback/ok millert@ markus@ dtucker@ deraadt@

10 months agostricter handling of channel window limits
djm [Mon, 18 Dec 2023 14:47:20 +0000 (14:47 +0000)]
stricter handling of channel window limits

This makes ssh/sshd more strict in handling non-compliant peers that
send more data than the advertised channel window allows. Previously
the additional data would be silently discarded. This change will
cause ssh/sshd to terminate the connection if the channel window is
exceeded by more than a small grace allowance.

ok markus@

10 months agoMake it possible to load certs from PKCS#11 tokens
djm [Mon, 18 Dec 2023 14:46:56 +0000 (14:46 +0000)]
Make it possible to load certs from PKCS#11 tokens

Adds a protocol extension to allow grafting certificates supplied by
ssh-add to keys loaded from PKCS#11 tokens in the agent.

feedback/ok markus@

10 months agoapply destination constraints to all p11 keys
djm [Mon, 18 Dec 2023 14:46:12 +0000 (14:46 +0000)]
apply destination constraints to all p11 keys

Previously applied only to the first key returned from each token.

ok markus@