tb [Thu, 4 May 2023 20:15:27 +0000 (20:15 +0000)]
symbols.awk: Remove cfb dance
With e_old.c gone, we no longer need this.
tb [Thu, 4 May 2023 16:08:29 +0000 (16:08 +0000)]
Straightforward conversion form K&R to ANSI function definitions
espie [Thu, 4 May 2023 14:02:44 +0000 (14:02 +0000)]
fix stupid thinko, as noticed while converting to v5.36 (later)
tb [Thu, 4 May 2023 13:51:59 +0000 (13:51 +0000)]
Rewrite ECParameters_dup()
This should leak slightly less than the direct expansion of ASN1_dup_of().
Use freezero() since the DER could contain a private key.
ok jsing
tb [Thu, 4 May 2023 13:50:14 +0000 (13:50 +0000)]
sigh. typo
tb [Thu, 4 May 2023 13:49:29 +0000 (13:49 +0000)]
Let ecdsatest exercise ECParameters_dup() a bit
This currently leaks, which will fixed in a follow-on commit.
tb [Thu, 4 May 2023 13:41:20 +0000 (13:41 +0000)]
Remove x9_62_test_internal()
This test depends on RAND_set_rand_method() allowing stupid things like
making ECDSA signatures deterministic. This was gutted a long time ago
and the function should have followed its wrappers into the attic.
chrisz [Thu, 4 May 2023 12:43:44 +0000 (12:43 +0000)]
Be more economical with returning bodys in bounce messages
according to rfc3461 4.3
OK millert@
mvs [Thu, 4 May 2023 09:41:15 +0000 (09:41 +0000)]
regen
mvs [Thu, 4 May 2023 09:40:36 +0000 (09:40 +0000)]
Push kernel lock deep down to sys_sysctl(). At least network subset of
sysctl(8) MIBs relies on netlock or another locks and doesn't require
kernel lock, so unlock it. The protocols layer *_sysctl()s are left
under kernel lock and will be sequentially unlocked later.
ok bluhm@
bluhm [Thu, 4 May 2023 06:56:56 +0000 (06:56 +0000)]
Introduce a neighbor discovery mutex like ARP uses it. For now it
only protects nd6_list. It does not unlock ND6 from kernel lock
yet.
OK kn@
tb [Thu, 4 May 2023 06:45:51 +0000 (06:45 +0000)]
Use size_t instead of int in EC_POINT_point2oct()
An int would be perfectly sufficient for this, but then again there would
be fewer traps.
ok jsing
tb [Thu, 4 May 2023 05:59:38 +0000 (05:59 +0000)]
Fix line wrapping
tb [Thu, 4 May 2023 05:57:18 +0000 (05:57 +0000)]
Fix function name in doc comment
kevlo [Thu, 4 May 2023 05:38:50 +0000 (05:38 +0000)]
regen
kevlo [Thu, 4 May 2023 05:38:17 +0000 (05:38 +0000)]
Add another Lenovo NVMe device id found in my ThinkPad X1 Extreme Gen 1.
ok miod@
jmc [Wed, 3 May 2023 22:03:17 +0000 (22:03 +0000)]
add virtio(4); ok (in principal) miod
jmc [Wed, 3 May 2023 21:56:13 +0000 (21:56 +0000)]
add onewire(4); ok miod
jsg [Wed, 3 May 2023 15:25:25 +0000 (15:25 +0000)]
avoid use after free
ok miod@ millert@
kn [Wed, 3 May 2023 14:29:57 +0000 (14:29 +0000)]
Improve setenv markup
- braces are not commands, use 'Brq'
- markup variable and value each, leave = (like mdoc(7) 'Ns' example)
bluhm [Wed, 3 May 2023 11:43:31 +0000 (11:43 +0000)]
Some checks in nd6_resolve() do not require kernel lock. The analog
code for ARP has been unlocked a while ago.
OK kn@
kn [Wed, 3 May 2023 10:32:47 +0000 (10:32 +0000)]
Remove net lock from DIOCGETRULESET and DIOCGETRULESETS
Both walk the list of rulesets aka. anchors, to yield a total count and
specific anchor name, respectively. Same access, different copy out.
pf_anchor_global are contained within pf_ioctl.c and pf_ruleset.c and
fully protected by the pf lock, as is pf_main_ruleset and its pf.c usage.
Rely on and assert for pf lock alone. 'pfctl -sr' on 60k unique rules gets
noticably faster, around 2.1s instead of 3.5s.
OK sashan
tb [Wed, 3 May 2023 10:22:30 +0000 (10:22 +0000)]
Fix a use-after-free in filemode
In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.
Found by, initial fix and ok job
claudio [Wed, 3 May 2023 09:54:25 +0000 (09:54 +0000)]
Convert json_do_printf() with "%s" a fmt string to json_do_string().
OK tb@
beck [Wed, 3 May 2023 08:10:23 +0000 (08:10 +0000)]
Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls
regress for the moment. this will come back after we rethink
the failure versus not there case.
ok tb@ jsing@
claudio [Wed, 3 May 2023 07:56:05 +0000 (07:56 +0000)]
Introduce json_do_string() a function that JSON escapes a string.
Implement json_do_printf() using json_do_string() and vasprintf().
json_do_string() only escapes the basic control chars (\b, \f, \n, \r and \t)
other control chars are considered an error. Also the forward slash is
not escaped since the JSON data is not embedded into HTML or XML.
With feedback from tb@ & millert@
OK tb@
claudio [Wed, 3 May 2023 07:51:08 +0000 (07:51 +0000)]
On read failure just abort the rrdp request.
Before a read error would not be removed from the poll fds and trigger
constantly. RRDP_STATE_PARSE_ERROR should only be used for errors from
xml parser since then the remaining data from the socket still needs to
be consumed.
OK tb@
beck [Wed, 3 May 2023 07:13:18 +0000 (07:13 +0000)]
Bring back length check tb ok'ed and I managed to remove while
changing tests.
ok tb@
tb [Wed, 3 May 2023 06:30:11 +0000 (06:30 +0000)]
Fix a few KNF/whitespace issues
kettenis [Tue, 2 May 2023 19:39:10 +0000 (19:39 +0000)]
Sometimes the touchpad doesn't attach. Try to solve this issue be
reloading the firmware.
ok tobhe@
deraadt [Tue, 2 May 2023 15:55:58 +0000 (15:55 +0000)]
Absolutely astounding that custom code was written for the softraid case
to require "no", instead of "n" or "no" which works at every other damn prompt
in the installer. This seems to be an artifact of relentlessly pushing people
towards softraid by default, and I think that is a bit nasty and pushy.
beck [Tue, 2 May 2023 14:13:05 +0000 (14:13 +0000)]
Change X509_NAME_get_index_by[NID|OBJ] to be safer.
Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.
Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.
Instead, encode the resulting bytes as UTF-8 so it is
something like "text",
Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.
based on boringssl.
nits by dlg@
ok tb@
schwarze [Tue, 2 May 2023 13:15:05 +0000 (13:15 +0000)]
Mark the BIO_F_* function codes as intentionally undocumented
and for now, skip the the BIO_R_* reason codes.
It looks like all public symbols in the BIO library
are now documented or marked as intentionally undocumented.
jsg [Tue, 2 May 2023 13:02:51 +0000 (13:02 +0000)]
free the correct pointer. Missed in rev 1.16.
ok dv@
tb [Tue, 2 May 2023 13:01:57 +0000 (13:01 +0000)]
Rename P into generator
ok jsing
kettenis [Tue, 2 May 2023 12:32:22 +0000 (12:32 +0000)]
Remove bogus newline in printf.
ok jmatthew@
tb [Tue, 2 May 2023 10:44:20 +0000 (10:44 +0000)]
Simplify EC_GROUP_new_by_curve_name()
Pull the setting of the name a.k.a. nid into ec_group_new_from_data().
This way, we can return early on finding the nid in the curve_list[].
This also avoids a silly bug where a bogus ERR_R_UNKNOWN_BUG is pushed
onto the error stack when ec_group_new_from_data() failed.
While there rework the exit path of ec_group_new_from_data() a bit.
Instead of an ok variable we can use an additional pointer to keep
track of the return value and free the EC_GROUP unconditionally.
ok jsing
tb [Tue, 2 May 2023 09:56:12 +0000 (09:56 +0000)]
Style tweaks for SMIME_write_PKCS7()
Initialize the mdalgs stack at the top and test and assign for ctype_nid.
Use an empty line to separate variable declarations from the actual code
and zap an extra empty line.
ok jsing
tb [Tue, 2 May 2023 09:51:22 +0000 (09:51 +0000)]
Switch K&R function definition to ANSI to make clang 15 happier
tb [Tue, 2 May 2023 09:38:33 +0000 (09:38 +0000)]
Unwrap a line
tb [Tue, 2 May 2023 09:30:37 +0000 (09:30 +0000)]
Simplify slightly and use i2d_PKCS7_bio_stream()
This is a wrapper of i2d_ASN1_bio_stream() that doesn't require us to
pass in PKCS7_it.
stsp [Tue, 2 May 2023 08:48:06 +0000 (08:48 +0000)]
add Brussels South Charleroi airport
tb [Tue, 2 May 2023 08:05:18 +0000 (08:05 +0000)]
sync with userland
tb [Tue, 2 May 2023 08:03:54 +0000 (08:03 +0000)]
Sync with upstream
Update some links in the README, remove a duplicate word in a zlib.h doc
comment. The only code change is guarded by #if defined(_WIN32).
bluhm [Tue, 2 May 2023 06:06:13 +0000 (06:06 +0000)]
Call nd6_ns_output() without kernel lock from nd6_resolve().
OK kn@
tb [Mon, 1 May 2023 21:15:26 +0000 (21:15 +0000)]
stray whitespace
claudio [Mon, 1 May 2023 19:44:42 +0000 (19:44 +0000)]
Bump to 8.0
tb [Mon, 1 May 2023 17:53:01 +0000 (17:53 +0000)]
Add a missing pair of braces.
tb [Mon, 1 May 2023 17:49:33 +0000 (17:49 +0000)]
Use uppercase for the CURVE_LIST_LENGTH macro
tb [Mon, 1 May 2023 17:31:15 +0000 (17:31 +0000)]
Consistently use lowercase hex digits for curve parameters
tb [Mon, 1 May 2023 17:29:36 +0000 (17:29 +0000)]
Now that we have C99 initializers, garbage collect some comments
tb [Mon, 1 May 2023 17:28:03 +0000 (17:28 +0000)]
Rework the curve list to use actual structs instead of a custom
serialized format.
ok jsing
tb [Mon, 1 May 2023 13:49:26 +0000 (13:49 +0000)]
Drop the now unnecessary and unused field_type from the curve data
ok jsing
tb [Mon, 1 May 2023 13:14:00 +0000 (13:14 +0000)]
Convert EC_CURVE_DATA to C99 initializers
Also clean up the definition of EC_CURVE_DATA a bit.
ok jsing
tb [Mon, 1 May 2023 12:39:38 +0000 (12:39 +0000)]
Simplify ec_group_new_from_data() further
We have a BN_CTX available, so we may as well use it. This simplifies
the cleanup path at the cost of a bit more code in the setup. Also use
an extra BIGNUM for the cofactor. Reusing x for this is just silly. If
you were really going to avoid extra allocations, this entire function
could easily have been written with three BIGNUMs.
ok jsing
job [Mon, 1 May 2023 11:02:23 +0000 (11:02 +0000)]
Make warnings more precise
dtucker [Mon, 1 May 2023 08:57:29 +0000 (08:57 +0000)]
Import regenerated moduli.
kettenis [Mon, 1 May 2023 08:25:55 +0000 (08:25 +0000)]
The built-in 10G Ethernet on Apple arm64 hardware does not have a MAC
address programmed into the hardware. Get it from the device tree instead.
ok dlg@, jmatthew@
tb [Mon, 1 May 2023 08:16:17 +0000 (08:16 +0000)]
Drop some dead code
No member of the curve_list[] table has a method set. Thus, curve.meth
is always NULL and we never take the EC_GROUP_new(meth) code path.
ok jsing
tb [Mon, 1 May 2023 07:58:34 +0000 (07:58 +0000)]
Remove pointless/wrong .meth = 0 entries from curves_list[]
tb [Mon, 1 May 2023 07:56:05 +0000 (07:56 +0000)]
Mechanically convert curve_list[] to C99 initializers
ok jsing
tb [Mon, 1 May 2023 07:54:08 +0000 (07:54 +0000)]
Clean up handling of nist_curves[]
There's no point in introducing a typedef only for two sizeof() calls.
We might as well use an anonymous struct for this list. Make it const
while there, drop some braces and compare strcmp() return value to 0.
ok jsing
tb [Mon, 1 May 2023 07:37:45 +0000 (07:37 +0000)]
Remove ASN1_item_ndef_i2d(3) documentation
This was the last public API explicitly named ndef/NDEF for indefinite
length encoding, so remove that explanation as well.
tb [Mon, 1 May 2023 07:29:12 +0000 (07:29 +0000)]
sync
tb [Mon, 1 May 2023 07:28:11 +0000 (07:28 +0000)]
First pass of removing low-level ASN.1 streaming docs
dlg [Mon, 1 May 2023 07:24:20 +0000 (07:24 +0000)]
regen
dlg [Mon, 1 May 2023 07:24:04 +0000 (07:24 +0000)]
Intel Braswell SDIO
jsg [Mon, 1 May 2023 07:04:38 +0000 (07:04 +0000)]
spelling
jmc [Mon, 1 May 2023 06:04:46 +0000 (06:04 +0000)]
add acpi(4) listing; ok miod
jsg [Mon, 1 May 2023 01:24:02 +0000 (01:24 +0000)]
drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
From Daniel Vetter
d27acf15c8fac00a251e2a24da09fcc1bb3337dd in linux-6.1.y/6.1.27
1935f0deb6116dd785ea64d8035eab0ff441255b in mainline linux
jsg [Sun, 30 Apr 2023 23:49:14 +0000 (23:49 +0000)]
avoid use after free
ok jmatthew@
jsg [Sun, 30 Apr 2023 23:46:52 +0000 (23:46 +0000)]
avoid use after free
ok florian@
jsg [Sun, 30 Apr 2023 23:40:12 +0000 (23:40 +0000)]
regen
jsg [Sun, 30 Apr 2023 23:38:52 +0000 (23:38 +0000)]
add Ryzen 7040 "Phoenix" APU device id
spotted in notebookcheck review of
Asus ROG Zephyrus G14 (2023) GA402XY, Ryzen 9 7940HS (Radeon 780M)
djm [Sun, 30 Apr 2023 22:54:22 +0000 (22:54 +0000)]
adjust ftruncate() logic to handle servers that reorder requests.
sftp/scp will ftruncate the destination file after a transfer completes,
to deal with the case where a longer destination file already existed.
We tracked the highest contiguous block transferred to deal with this
case, but our naive tracking doesn't deal with servers that reorder
requests - a misfeature strictly permitted by the protocol but seldom
implemented.
Adjust the logic to ftruncate() at the highest absolute block received
when the transfer is successful. feedback deraadt@ ok markus@
prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-
110679778
krw [Sun, 30 Apr 2023 22:44:18 +0000 (22:44 +0000)]
FSSIZE was not updated when 'fakeramdisk' was enlarged from 5760
blocks to 6080 blocks with etc.alpha/disktab r1.24.
Noticed by deraadt@
krw [Sun, 30 Apr 2023 22:28:27 +0000 (22:28 +0000)]
Fix typo in MRDISKTYPE.
'rdroot' (size 10,240 blocks) is not the same as 'rdboot' (size
2,048 blocks).
Noticed by deraadt@
tb [Sun, 30 Apr 2023 21:31:16 +0000 (21:31 +0000)]
x509_asn1: make this test pass again after reinstating DER preservation
tb [Sun, 30 Apr 2023 20:33:31 +0000 (20:33 +0000)]
check_complete.pl: update for recent changes in bn
tb [Sun, 30 Apr 2023 20:17:59 +0000 (20:17 +0000)]
mandoc -Tlint tells me I forgot to zap a comma
benno [Sun, 30 Apr 2023 20:10:38 +0000 (20:10 +0000)]
document that - with recent changes - the -A option now also excludes
the ASPA data from the JSON output.
ok claudio@
tb [Sun, 30 Apr 2023 19:41:01 +0000 (19:41 +0000)]
sync
tb [Sun, 30 Apr 2023 19:40:23 +0000 (19:40 +0000)]
Remove most documentation pertaining to proxy certificates.
Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since
we need to keep them for the time being.
tb [Sun, 30 Apr 2023 19:31:05 +0000 (19:31 +0000)]
Remove proxy cert api remmnants
tb [Sun, 30 Apr 2023 19:24:42 +0000 (19:24 +0000)]
Remove documentation of BN_generate_prime(), BN_is_prime{,_fasttest}()
tb [Sun, 30 Apr 2023 19:23:54 +0000 (19:23 +0000)]
Remove documentation of BN_zero_ex() and update BN_one() and BN_zero()
which are no longer macros (and the latter is no longer deprecated and
no longer attempts to allocate memory).
tb [Sun, 30 Apr 2023 19:15:48 +0000 (19:15 +0000)]
Garbage collect BN_zero_ex()
kettenis [Sun, 30 Apr 2023 17:24:24 +0000 (17:24 +0000)]
Remove the EFI RTC implementation on amd64. Since all amd64 systems we
know have a MC146818A compatible RTC this code isn't actually used. But
there are systems that have a buggy EFI implementation that blows up when
we call the GetTime runtime service to check whether the RTC functionality
is implemented.
ok mlarkin@, dlg@
sf [Sun, 30 Apr 2023 17:16:36 +0000 (17:16 +0000)]
msdosfs: Never allocate clusters outside the volume
- Assert that usemap_alloc() and usemap_free() cluster number argument
is valid.
- In chainlength(), return 0 if cluster start is after the max cluster.
- In chainlength(), cut the calculated cluster chain length at the max
cluster.
Adapted from FreeBSD commit
097a1d5fbb7990980f8f806c6878537c964adf32
ok miod@
tb [Sun, 30 Apr 2023 17:07:46 +0000 (17:07 +0000)]
Remove __dead again. Apparently this causes issues for some upstreams.
Thanks to orbea for the report
job [Sun, 30 Apr 2023 16:46:49 +0000 (16:46 +0000)]
Revert disablement of the encoding cache
Without the cache, we verify CRL signatures on bytes that have been
pulled through d2i_ -> i2d_, this can cause reordering, which in turn
invalidates the signature. for example if in the original CRL revocation
entries were sorted by date instead of ascending serial number order.
There are probably multiple things we can do here, but they will need
careful consideration and planning.
OK jsing@
tb [Sun, 30 Apr 2023 14:59:52 +0000 (14:59 +0000)]
Send x509_subject_cmp() to the attic
This helper has been inside #if 0 for nearly 25 years. Let it go. If we
should ever need it, I'm quite confident that we will be able to come up
with its one line body on our own.
tb [Sun, 30 Apr 2023 14:50:28 +0000 (14:50 +0000)]
sync
tb [Sun, 30 Apr 2023 14:49:47 +0000 (14:49 +0000)]
The policy tree is no more
Mop up documentation mentioning it or any of its numerous accessors that
almost nothing ever used.
tb [Sun, 30 Apr 2023 14:43:04 +0000 (14:43 +0000)]
Zap extra blank line
schwarze [Sun, 30 Apr 2023 14:03:47 +0000 (14:03 +0000)]
Make the descriptions of BIO_get_retry_BIO(3) and BIO_get_retry_reason(3)
more precise. Among other improvements, describe the three BIO_RR_*
constants serving as reason codes.
schwarze [Sun, 30 Apr 2023 13:57:29 +0000 (13:57 +0000)]
Slightly improve the documentation of the "oper" parameter by
explicitly listing the valid arguments, i.e. the BIO_CB_* constants.
schwarze [Sun, 30 Apr 2023 13:53:54 +0000 (13:53 +0000)]
Document the eight BIO_CONN_S_* constants that are passed to BIO_info_cb(3)
as the "state" argument. Document them here because connect BIOs are
the only built-in BIO type using these constants.
schwarze [Sun, 30 Apr 2023 13:38:48 +0000 (13:38 +0000)]
Mark the five BIO_GHBN_* constants as intentionally undocumented.
They are intended to be used by BIO_gethostbyname(), which is deprecated
in OpenSSL and already marked as intentionally undocumented in LibreSSL.
Besides, these constants are completely unused by anything.
phessler [Sun, 30 Apr 2023 13:08:40 +0000 (13:08 +0000)]
Remove artifical limit of 2 hours on a PIO lifetime, as recommended by
draft-ietf-6man-slaac-renum-05 and implemented by Linux in 2020.
OK florian@