openbsd
23 months agoAdd regress coverage for BN_cmp()/BN_ucmp().
jsing [Wed, 30 Nov 2022 02:51:05 +0000 (02:51 +0000)]
Add regress coverage for BN_cmp()/BN_ucmp().

Some tests current fail due to a bug in BN_ucmp(), which will be fixed
soon.

23 months agoMostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.
jsing [Wed, 30 Nov 2022 01:56:18 +0000 (01:56 +0000)]
Mostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.

For various historical reasons, there are a number of cases where our
BIO_read() and BIO_write() return slightly different values to what
OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which
differs from OpenSSL 3.x). Mostly align these - some further work will be
needed.

Issue raised by tb@ who also wrote some test code.

23 months agoMop up more BN_DEBUG related code.
jsing [Wed, 30 Nov 2022 01:47:19 +0000 (01:47 +0000)]
Mop up more BN_DEBUG related code.

23 months agoAdd void to client_repledge args to fix compiler warning. ok djm@
dtucker [Tue, 29 Nov 2022 22:41:14 +0000 (22:41 +0000)]
Add void to client_repledge args to fix compiler warning.  ok djm@

23 months agoMove the generic variable definitions from the ASM at the top of
guenther [Tue, 29 Nov 2022 21:41:39 +0000 (21:41 +0000)]
Move the generic variable definitions from the ASM at the top of
locore.S to be in C in cpu.c, machdep.c, pmap.c, or bus_space.c for
better typing/debug info.  Delete REALBASEMEM, REALEXTMEM, and
biosextmem as unused/ignored.

ok mpi@ krw@ mlarkin@

23 months agoOnly include stdarg.h, if we call any of va_{start,end}()
job [Tue, 29 Nov 2022 20:41:32 +0000 (20:41 +0000)]
Only include stdarg.h, if we call any of va_{start,end}()

OK tb@

23 months agoOnly include assert.h if we call assert()
job [Tue, 29 Nov 2022 20:26:22 +0000 (20:26 +0000)]
Only include assert.h if we call assert()

OK tb@

23 months agoAdd missing markup to comments and to RFC 3779 error
tb [Tue, 29 Nov 2022 19:52:48 +0000 (19:52 +0000)]
Add missing markup to comments and to RFC 3779 error

23 months agoUse correct size for mips64 .rld_map section.
visa [Tue, 29 Nov 2022 15:38:00 +0000 (15:38 +0000)]
Use correct size for mips64 .rld_map section.

From FreeBSD commit 36afc9ab6c1c7fdb2e40bdcfde169501d962dd84

OK kettenis@

23 months agoFirst pass at updating verifier error docs
tb [Tue, 29 Nov 2022 12:31:43 +0000 (12:31 +0000)]
First pass at updating verifier error docs

X509_verify_cert_error_string() is now thread safe as it no longer returns
a static buffer.  Document X509_V_ERR_UNSPECIFIED.  Stop asserting that the
X509_V_ERR_CERT_CHAIN_TOO_LONG code is unused, the new verifier can set it.
Add commented versions of various missing error codes in the proper spots
and move X509_V_ERR_UNNESTED_RESOURCE where it belongs.

prompted by claudio

23 months agoRemove a few doubled spaces and wrap an overlong line
tb [Tue, 29 Nov 2022 12:23:43 +0000 (12:23 +0000)]
Remove a few doubled spaces and wrap an overlong line

23 months agoIgnore late check results for resolvers we no longer use.
florian [Tue, 29 Nov 2022 11:56:32 +0000 (11:56 +0000)]
Ignore late check results for resolvers we no longer use.

Since we no longer use that specific resolver there is also no need
to re-check it.
tb pointed out that prev_state might be used uninitialized in this
case.
OK tb

23 months agoUpdate valid_x509 comment to reality. crl is no longer optional.
claudio [Tue, 29 Nov 2022 11:45:03 +0000 (11:45 +0000)]
Update valid_x509 comment to reality. crl is no longer optional.
OK tb@

23 months agoReturn an error string instead of surpressing the warning in valid_x509.
claudio [Tue, 29 Nov 2022 10:33:09 +0000 (10:33 +0000)]
Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

23 months agoSort a few outliers by increasing error number to match x509_vfy.h
tb [Tue, 29 Nov 2022 07:23:03 +0000 (07:23 +0000)]
Sort a few outliers by increasing error number to match x509_vfy.h

23 months agoFix includes
tb [Tue, 29 Nov 2022 07:12:17 +0000 (07:12 +0000)]
Fix includes

No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509
for a switch containing string constants. We do need x509_vfy instead.

23 months agoAdd missing X509_V_ERR_UNSPECIFIED case
tb [Tue, 29 Nov 2022 07:08:41 +0000 (07:08 +0000)]
Add missing X509_V_ERR_UNSPECIFIED case

23 months agoFix some KNF issues
tb [Tue, 29 Nov 2022 07:06:12 +0000 (07:06 +0000)]
Fix some KNF issues

Requested by claudio

23 months agoMake X509_verify_cert_error_string() thread safe
tb [Tue, 29 Nov 2022 07:03:40 +0000 (07:03 +0000)]
Make X509_verify_cert_error_string() thread safe

Stop returning a pointer to a static buffer containing the error code on
unknown error. While this might be helpful, it's not going to end well.

ok beck claudio jsing

23 months agoAdd support for the Unified Battery feature found in many more recent Logitech
anton [Tue, 29 Nov 2022 06:30:34 +0000 (06:30 +0000)]
Add support for the Unified Battery feature found in many more recent Logitech
HID++ hardware which should cause battery sensors to be exposed for more
devices. Positive test reports from the following:

* Lift mouse (anton@)
* MX Anywhere 3 mouse (Paul de Weerd)
* MX Ergo trackball (kn@)

23 months agoAdd support for Bolt receivers. They use different registers for the
anton [Tue, 29 Nov 2022 06:29:45 +0000 (06:29 +0000)]
Add support for Bolt receivers. They use different registers for the
device name and type.

23 months agoPut the original image of the MP-startup and ACPI-suspend/hibernate
guenther [Tue, 29 Nov 2022 02:19:29 +0000 (02:19 +0000)]
Put the original image of the MP-startup and ACPI-suspend/hibernate
trampolines into .rodata instead of .text.  While here, give types
and sizes to all the global symbols and delete some superfluous
directives and unrelocated symbols in the ACPI trampoline image.

ok mlarkin@

23 months agopowerpc64: switch to clockintr
cheloha [Tue, 29 Nov 2022 01:04:44 +0000 (01:04 +0000)]
powerpc64: switch to clockintr

- Remove powerpc64-specific clock interrupt scheduling bits from
  cpu_info.
- Remove powerpc64-specific randomized statclock() bits from
  powerpc64/clock.c.
- Remove the 'stat_count' evcount.  All clock interrupts are now counted
  via the 'clock_count' evcount.
- Wire up dec_intrclock.

Bringup help from gkoehler@.  Tested by gkoehler@: this patch has
survived four kernel-release-upgrade cycles on a Raptor Talos II
T2P9S01 sporting a quad-core POWER9 CPU.

Link: https://marc.info/?l=openbsd-tech&m=166776404803622&w=2
ok gkoehler@ mlarkin@

23 months agopowerpc, macppc: switch to clockintr
cheloha [Tue, 29 Nov 2022 00:58:05 +0000 (00:58 +0000)]
powerpc, macppc: switch to clockintr

- Remove powerpc-specific clock interrupt scheduling bits from cpu_info.
- Remove macppc-specific randomized statclock() bits from macppc/clock.c.
- Remove the 'stat_count' evcount.  All clock interrupts are now counted
  via the 'clock_count' evcount.
- Wire up dec_intrclock.

Bringup help from gkoehler@.  The patch has survived five or six
kernel-release-upgrade cycles on my dual-core PowerMac3,6.

Link: https://marc.info/?l=openbsd-tech&m=166776385003520&w=2
ok gkoehler@ mlarkin@

23 months agoSimplify return path of (*pr_ctloutput)() return value in sogetopt().
mvs [Mon, 28 Nov 2022 21:39:28 +0000 (21:39 +0000)]
Simplify return path of (*pr_ctloutput)() return value in sogetopt().

ok guenther@ kn@

23 months agoDocument struct nd_ifinfo protection, remove obsolete .initialized member
kn [Mon, 28 Nov 2022 19:13:36 +0000 (19:13 +0000)]
Document struct nd_ifinfo protection, remove obsolete .initialized member

All access to struct ifnet's member *if_nd is read-only, with the one
write exception being nd6_slowtimo() updating ND information.

IPv6 Neighbour Discovery information is fully protected by the net lock.
---
nd6_ifattach() allocates and unconditionally initialises struct ifnet's
*if_nd member, so early in if_attachsetup() that there is no way to query
unitialised Neighour Unreachable Detection bits.

Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member:
Added/set since 2002 sys/netinet6/nd6.c r1.42
    attach nd_ifinfo structure to if_afdata.
    split IPv6 MTU (advertised by RA) from real link MTU.
    sync with kame

Read      since 2002 usr.sbin/ndp/ndp.c r1.16
    use new SIOCGIFINFO_IN6.  random other cleanups.  sync w/kame.

Obsolete  since 2017 sys/netinet6/nd6.c r1.217
                     usr.sbin/ndp/ndp.c r1.85
    Remove knob and always do neighbor unreachable detection.

Feedback OK bluhm

23 months agoFix indent
tb [Mon, 28 Nov 2022 18:33:56 +0000 (18:33 +0000)]
Fix indent

23 months agovmd(8): zero consdev in bootargs to fix booting ramdisks
dv [Mon, 28 Nov 2022 18:24:52 +0000 (18:24 +0000)]
vmd(8): zero consdev in bootargs to fix booting ramdisks

Mischa Peters reported that booting a bsd.rd from 7.2 or newer
stopped working with vmd(8) in 7.2.

Direct booting kernels requires vmd to build boot args in guest
memory. Recently, the bios_consdev_t struct changed in amd64
machdep.c, adding additional struct members. vmd wasn't zeroing out
the struct, causing the booted kernel to read garbage.

While here, cleanup some of push_bootargs to use descriptive names
for boot args and standardize on explicit usage of uint32_t.

ok claudio, mlarkin

23 months agoReshuffle case a little bit. No functional change.
claudio [Mon, 28 Nov 2022 17:47:01 +0000 (17:47 +0000)]
Reshuffle case a little bit. No functional change.

23 months agoUse ssize_t instead of int as requested on review
tb [Mon, 28 Nov 2022 15:22:13 +0000 (15:22 +0000)]
Use ssize_t instead of int as requested on review

discussed with job

23 months agorc(8): reorder_libs: print names of relinked libraries
cheloha [Mon, 28 Nov 2022 14:56:31 +0000 (14:56 +0000)]
rc(8): reorder_libs: print names of relinked libraries

When booting from slow media, the boot can appear to stall at the
"reordering libs" line for quite some time.  For my example, my G4
PowerMac booting from USB 1.1 takes a full minute to reorder the
libraries.

Let's print the name of each library before it is relinked.  This
gives the operator a better sense of what the machine is doing.  In
particular, it signals to the operator that the machine did not hang.

With input from kn@, deraadt@.  Positive feedback from sthen@.

Link: https://marc.info/?l=openbsd-tech&m=165914104421476&w=2
ok kn@

23 months agoRemove useless nd6_init_done
kn [Mon, 28 Nov 2022 13:10:58 +0000 (13:10 +0000)]
Remove useless nd6_init_done

Only ip6_init() calls nd6_init(), exactly once, just like it calls
frag6_init() which on the other hand does not have some fra6_init_done to
guard against itself.

Like all other domains, ip6_init() is called in domaininit(), early in the
kernel's main().

This variable was probably never useful and stems from nd6.c r1.1:
    bring in KAME IPv6 code, dated 19991208.

OK mvs

23 months agoStatically initialise DAD list, remove obsolete dad_init
kn [Mon, 28 Nov 2022 13:08:53 +0000 (13:08 +0000)]
Statically initialise DAD list, remove obsolete dad_init

The list of IPv6 addresses to perfom Duplicate Address Detection on is
local to nd6_nbr.c;  statically initialise it so `dad_init' can go.

nd6_dad_find() keeps returning NULL on an initialised but empty list,
so nd6_dad_stop() keeps returning early.

Feedback OK mvs

23 months agoGarbage collect the unused asn1_add_error()
tb [Mon, 28 Nov 2022 07:50:47 +0000 (07:50 +0000)]
Garbage collect the unused asn1_add_error()

ok jsing

23 months agoRetire prev_bio
tb [Mon, 28 Nov 2022 07:50:00 +0000 (07:50 +0000)]
Retire prev_bio

While BIO chains are doubly linked lists, nothing has ever made use of this
fact internally. Even libssl has failed to maintain prev_bio properly in
two places for a long time. When BIO was made opaque, the opportunity to
fix that was missed. Instead, BIO_set_next() now allows breaking the lists
from outside the library, which freerdp has long done.

Problem found by schwarze while trying to document BIO_set_next().

schwarze likes the idea
ok jsing

23 months agosync
matthieu [Mon, 28 Nov 2022 07:38:40 +0000 (07:38 +0000)]
sync

23 months agoRemove rex.x, obsolete remote execution protocol
matthieu [Mon, 28 Nov 2022 07:37:48 +0000 (07:37 +0000)]
Remove rex.x, obsolete remote execution protocol
that still used sgttyb struct. ok gnezdo@ miod@

23 months agoTweak x509_constraints_uri_host() regress to test for NULL deref in
tb [Mon, 28 Nov 2022 07:24:03 +0000 (07:24 +0000)]
Tweak x509_constraints_uri_host() regress to test for NULL deref in
fixed in x509_constraints.c r1.29.

23 months agoFix NULL dereference in x509_constraints_uri_host()
tb [Mon, 28 Nov 2022 07:22:15 +0000 (07:22 +0000)]
Fix NULL dereference in x509_constraints_uri_host()

When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so
add a NULL check before storing the strdup result in it.

From Anton Borowka

ok jsing miod

23 months agotighten pledge(2) after session establishment
djm [Mon, 28 Nov 2022 01:38:22 +0000 (01:38 +0000)]
tighten pledge(2) after session establishment

feedback, ok & testing in snaps deraadt@

23 months agoNew EnableEscapeCommandline ssh_config(5) option
djm [Mon, 28 Nov 2022 01:37:36 +0000 (01:37 +0000)]
New EnableEscapeCommandline ssh_config(5) option

This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.

feedback deraadt@ dtucker@; tested in snaps for a while

23 months agoMove UVM "swpgonly" from Daemon Counters to Swap Counters
kn [Sun, 27 Nov 2022 23:18:54 +0000 (23:18 +0000)]
Move UVM "swpgonly" from Daemon Counters to Swap Counters

Put it below "swpginuse" as systat(1) and uvm_init(9) already have it.

(uvm.c struct uvmline uvmline[] makes it easy to misplace counters without
double-checking against actual systat output.)

23 months agoRemove last queue(3) *_END() usage from tree
kn [Sun, 27 Nov 2022 22:55:31 +0000 (22:55 +0000)]
Remove last queue(3) *_END() usage from tree

queue(3) NOTES says they're deprecated and expand to NULL;  indeed.

No object change.
OK kettenis mvs

23 months agoZap nonexistent "vnodepages" and "vtextpages" UVM Page Counters
kn [Sun, 27 Nov 2022 22:52:21 +0000 (22:52 +0000)]
Zap nonexistent "vnodepages" and "vtextpages" UVM Page Counters

Those members exists with an XXX comment in struct uvmexp/uvm_init(9),
but the kernel does not use them at all and systat(1) does not print them.

23 months agoImplement support for the (optional) MSI controller of Synopsys Designware
kettenis [Sun, 27 Nov 2022 22:04:59 +0000 (22:04 +0000)]
Implement support for the (optional) MSI controller of Synopsys Designware
PCIe host bridge.  This MSI controller is quite retarded since it maps all
MSIs to a single hardware interrupt.  So it doesn't really offer any
benefit over using classic INTx interrupts.  Unfortunately we need to use
it on Amlogic SoCs since the PCIe device interrupt doesn't seem to work
correctly when configured as a level triggered interrupt and the workaround
of configuring it as an edge triggered interrupt causes problems when using
multiple disks connected to ahci(4) on the ODROID-HC4.

ok patrick@

23 months agoBIO_puts return values can be ambiguous, improve the check
job [Sun, 27 Nov 2022 20:50:09 +0000 (20:50 +0000)]
BIO_puts return values can be ambiguous, improve the check

OK tb@

23 months agoIn bio.h rev. 1.50 and rev. 1.51, tb@ provided BIO_set_retry_reason(3).
schwarze [Sun, 27 Nov 2022 19:11:11 +0000 (19:11 +0000)]
In bio.h rev. 1.50 and rev. 1.51, tb@ provided BIO_set_retry_reason(3).
Merge the documentation from the OpenSSL 1.1.1 branch, which is still
under a free license, tweaked by me.

23 months agoRemove useless casts
kn [Sun, 27 Nov 2022 15:31:36 +0000 (15:31 +0000)]
Remove useless casts

All *dp variables are of type 'struct dadq *';  no object change.

OK mvs

23 months agoZap qt3/4 remnants, MODQMAKE_RECURSIVE always defaults to yes
kn [Sun, 27 Nov 2022 15:27:17 +0000 (15:27 +0000)]
Zap qt3/4 remnants, MODQMAKE_RECURSIVE always defaults to yes

Like that since ports devel/qmake/qmake.port.mk r1.11
    Zap qt3 remnants

23 months agoProvide more accurate lock error message
kn [Sun, 27 Nov 2022 15:19:38 +0000 (15:19 +0000)]
Provide more accurate lock error message

When started manuall from single-user mode (/ still read-only), the current
error is misleading:
# slaacd -dv
slaacd: already running

The lock was specifically added to prevent multiple instances in the
installer, which discards the error message entirely anyway.

Retain the useful EAGAIN/"already running" message, but otherwise print the
real error reason:
# slaacd -dv
slaacd: /dev/slaacd.lock: Read-only file system

Feedback OK deraadt millert

23 months agoreformat REGRESS_TARGETS
anton [Sun, 27 Nov 2022 15:13:15 +0000 (15:13 +0000)]
reformat REGRESS_TARGETS

23 months agoApplying mimmutable(2) to bss, data and text made the sys/kern/noexec tests fail
anton [Sun, 27 Nov 2022 15:12:57 +0000 (15:12 +0000)]
Applying mimmutable(2) to bss, data and text made the sys/kern/noexec tests fail
since they try to mutate the permissions of the aforementioned sections which is
no longer possible. Instead, "mimic" the sections by allocating and operating on
memory with the same initial permissions.

With help from deraadt@

23 months agox11/qt3 and qt4 are no more, say x11/qt* like the module's error message
kn [Sun, 27 Nov 2022 15:08:16 +0000 (15:08 +0000)]
x11/qt3 and qt4 are no more, say x11/qt* like the module's error message

23 months agodelete duplicate OpenBSD CVS keyword line
schwarze [Sun, 27 Nov 2022 14:35:27 +0000 (14:35 +0000)]
delete duplicate OpenBSD CVS keyword line

23 months agoPlug leak of tmp in case allocation of pq->abuf fails
tb [Sun, 27 Nov 2022 14:31:22 +0000 (14:31 +0000)]
Plug leak of tmp in case allocation of pq->abuf fails

ok florian

23 months agoKNF nit: place brace correctly
tb [Sun, 27 Nov 2022 14:29:06 +0000 (14:29 +0000)]
KNF nit: place brace correctly

ok florian

23 months agoOnce we are synced, we can validate the certificate in the standard way.
otto [Sun, 27 Nov 2022 13:19:00 +0000 (13:19 +0000)]
Once we are synced, we can validate the certificate in the standard way.
ok tb@

23 months agoMissing return value check for BIO_new()
tb [Sat, 26 Nov 2022 23:05:22 +0000 (23:05 +0000)]
Missing return value check for BIO_new()

23 months agoAdjust for changes in the device tree bindings. Since it is relatively
kettenis [Sat, 26 Nov 2022 21:35:22 +0000 (21:35 +0000)]
Adjust for changes in the device tree bindings.  Since it is relatively
easy to support both the "official" and "preliminary" bindings, we support
both.  Support for the "preliminary" bindings will be removed at some point
in the future.

ok tobhe@

23 months agoTurn sowriteable(), sballoc() and sbfree() macro to inline functions.
mvs [Sat, 26 Nov 2022 17:52:35 +0000 (17:52 +0000)]
Turn sowriteable(), sballoc() and sbfree() macro to inline functions.

soreadable() is already presented as inline function, but corresponding
sowriteable() is still macro. Also it's no reason to keep sballoc() and
sbfree() as macro.

The first argument of sballoc() and sbfree() is not used, but keep it for
a while.

ok kn@ bluhm@

23 months agoMerge uipc_bind() with unp_bind(). Unlike other unp_*() functions,
mvs [Sat, 26 Nov 2022 17:51:18 +0000 (17:51 +0000)]
Merge uipc_bind() with unp_bind(). Unlike other unp_*() functions,
unp_bind() has the only uipc_bind() caller. In the uipc_usrreq() times,
it made sense to have dedicated unp_bind() for prevent tne code mess
within giant switch(), but now it doesn't.

ok bluhm@

23 months agoNext step of netlock pressure decreasing in pppx(4).
mvs [Sat, 26 Nov 2022 17:50:26 +0000 (17:50 +0000)]
Next step of netlock pressure decreasing in pppx(4).

The kernel lock is still taken when we access pppx(4) layer through
device node. Since pipex(4) layer doesn't rely on netlock anymore, and we
don't acquire it when we access pipex(4) from pppx(4) layer, kernel lock
is enough to protect pppx(4) data. Such data doesn't accessed from packet
processing path, so there is no reason to block it by netlock acquiring.

Assume kernel lock as protection for `pxd_pxis' lists and `pppx_ifs' tree.
The search in `pppx_ifs' tree has no context switch. There is no context
switch between the `pxi' free unit search and tree insertion.

Use reference counters to make `pxi' dereference safe, instead of holding
netlock. Now pppx_if_find() returns `pxi' with reference counter bumped,
and newly introduced pppx_if_rele() used for release this `pxi'.

Introduce pppx_if_find_locked() which returns `pxi' but doesn't bump
reference counter. pppx_if_find_locked() and pppx_if_find() both called
with kernel lock held, but keep existing notation where _locked()
function returned data with non bumped counter.

Mark dying `pxi' by setting `pxi_ready' to null, so concurrent thread
can't receive it by pppx_if_find().

The netlock is left around modification of associated ifnet's
`if_description'. This is unwanted because `if_description' never accessed
within packet processing path, but this require ifnet locking
modification, so keep this to the following diffs.

ok bluhm@

23 months agoMake header guards of internal headers consistent
tb [Sat, 26 Nov 2022 17:23:17 +0000 (17:23 +0000)]
Make header guards of internal headers consistent

Not all of them, only those that didn't leak into a public header...
Yes.

23 months agoAdd arm64 lid_action sysctl for Apple Silicon laptops.
tobhe [Sat, 26 Nov 2022 17:23:15 +0000 (17:23 +0000)]
Add arm64 lid_action sysctl for Apple Silicon laptops.

ok kettenis@

23 months agoRemove RFC 9092 example file because it contains inherit elements
job [Sat, 26 Nov 2022 17:15:44 +0000 (17:15 +0000)]
Remove RFC 9092 example file because it contains inherit elements

23 months agoMake error messages about 'inherit' elements in End-Entity certs consistent
job [Sat, 26 Nov 2022 17:14:40 +0000 (17:14 +0000)]
Make error messages about 'inherit' elements in End-Entity certs consistent

OK tb@

23 months agoBump to 7.2
tobhe [Sat, 26 Nov 2022 17:12:11 +0000 (17:12 +0000)]
Bump to 7.2

23 months agoDisallow 'inherit' elements in geofeed authenticators
job [Sat, 26 Nov 2022 17:06:43 +0000 (17:06 +0000)]
Disallow 'inherit' elements in geofeed authenticators

RFC 9092 is underspecified in this regard, but other signed
objects relating to Internet number resources (ROA, BGPsec,
ASPA, RSC) all disallow inherit.

See https://mailarchive.ietf.org/arch/msg/opsawg/JXjxCA14BkW4DWyVoUMwqDvB17I/

OK tb@

23 months agoFix warning message
job [Sat, 26 Nov 2022 16:42:04 +0000 (16:42 +0000)]
Fix warning message

(Geofeed authenticators don't have a SIA)

23 months agobn_lcl.h wanted special treatment.
tb [Sat, 26 Nov 2022 16:11:36 +0000 (16:11 +0000)]
bn_lcl.h wanted special treatment.

23 months agoMake internal header file names consistent
tb [Sat, 26 Nov 2022 16:08:50 +0000 (16:08 +0000)]
Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

23 months agoTwo small tweaks to the geofeed code
tb [Sat, 26 Nov 2022 15:45:47 +0000 (15:45 +0000)]
Two small tweaks to the geofeed code

Only allocate b64 when it is needed. This way we can avoid allocating extra
memory for the signed data itself. Also, only check for the end signature
marker when it is actually expected. It's not forbidden - if stupid - to
have a comment '# End Signature:' in the signed data.

ok job

23 months agoRemove BIGNUM consistency macros.
jsing [Sat, 26 Nov 2022 13:56:33 +0000 (13:56 +0000)]
Remove BIGNUM consistency macros.

Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND)
supposedly adds consistency checks to the BN code. These are rarely if ever
used and introduce a bunch of clutter in the code. Furthermore, there are
hacks in place to undo things that the debugging code does.

Remove all of this mess and instead rely on always enabled checks, more
readable code and proper regress coverage to ensure correct behaviour.

"Good riddance." tb@

23 months agoSplit eContent extration into a small helper
tb [Sat, 26 Nov 2022 12:36:19 +0000 (12:36 +0000)]
Split eContent extration into a small helper

job didn't like jumping over a bunch of code, so handle this via a small
helper. It's not as if cms_parse_validate_internal() could not do with a
bit of splitting in general.

ok job

23 months agoAdd test-geofeed.c (forgotten cvs add in previous).
tb [Sat, 26 Nov 2022 12:34:31 +0000 (12:34 +0000)]
Add test-geofeed.c (forgotten cvs add in previous).

23 months agoAdd regress for geofeed
job [Sat, 26 Nov 2022 12:09:34 +0000 (12:09 +0000)]
Add regress for geofeed

23 months agoAdd support for authenticating geofeed data CSV files in filemode
job [Sat, 26 Nov 2022 12:02:36 +0000 (12:02 +0000)]
Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

23 months agocms_lcl.h should not be part of SRCS
tb [Sat, 26 Nov 2022 11:18:49 +0000 (11:18 +0000)]
cms_lcl.h should not be part of SRCS

23 months agoEnable aplpwm(4) and pwmleds(4).
kettenis [Sat, 26 Nov 2022 09:05:32 +0000 (09:05 +0000)]
Enable aplpwm(4) and pwmleds(4).

23 months ago- in SYNOPSIS, redo the formatting for "address" and "dest address" to avoid
jmc [Sat, 26 Nov 2022 07:26:43 +0000 (07:26 +0000)]
- in SYNOPSIS, redo the formatting for "address" and "dest address" to avoid
an ugly line split on narrower terminals
- in usage(), match the output

23 months agoRemove unused battery fields.
anton [Sat, 26 Nov 2022 06:30:08 +0000 (06:30 +0000)]
Remove unused battery fields.

23 months agoShove more battery feature logic down to hidpp20_battery_get_level_status().
anton [Sat, 26 Nov 2022 06:29:50 +0000 (06:29 +0000)]
Shove more battery feature logic down to hidpp20_battery_get_level_status().
In preparation for supporting the unified battery feature.

23 months agoPave the way for checking presence of more features in
anton [Sat, 26 Nov 2022 06:29:24 +0000 (06:29 +0000)]
Pave the way for checking presence of more features in
uhidpp_device_features().

23 months agoStop checking the link status upon receiving connect notifications as
anton [Sat, 26 Nov 2022 06:29:07 +0000 (06:29 +0000)]
Stop checking the link status upon receiving connect notifications as
the Bolt receiver uses another bit for this which I haven't been able to
identify.

23 months agoGroup function and response defines.
anton [Sat, 26 Nov 2022 06:28:50 +0000 (06:28 +0000)]
Group function and response defines.

23 months agoPass a uhidpp_device to hidpp20_battery_get_capability() and
anton [Sat, 26 Nov 2022 06:28:34 +0000 (06:28 +0000)]
Pass a uhidpp_device to hidpp20_battery_get_capability() and
hidpp20_battery_get_level_status().

23 months agoTake note of the needed feature indices already in
anton [Sat, 26 Nov 2022 06:28:08 +0000 (06:28 +0000)]
Take note of the needed feature indices already in
uhipp_device_features().

23 months agoReduce indentation, no functional change.
anton [Sat, 26 Nov 2022 06:27:48 +0000 (06:27 +0000)]
Reduce indentation, no functional change.

23 months agoStop printing the device serial number during attach, it's not that
anton [Sat, 26 Nov 2022 06:26:51 +0000 (06:26 +0000)]
Stop printing the device serial number during attach, it's not that
useful after all.

23 months agoRename type argument to buf in hidpp10_get_type(), no functional change.
anton [Sat, 26 Nov 2022 06:26:14 +0000 (06:26 +0000)]
Rename type argument to buf in hidpp10_get_type(), no functional change.

23 months agoWhile emulating the bell, wsdisplay could end up sleeping when reaching
anton [Sat, 26 Nov 2022 06:20:18 +0000 (06:20 +0000)]
While emulating the bell, wsdisplay could end up sleeping when reaching
down to wsmux. This does not work since we're in interrupt context, as
pointed out by witness.

Instead, defer the work to a task which in turn will execute in process
context.

Problem reported by beck@

ok visa@

23 months agoifconfig -M <mac> finds the address on an interface and prints it.
deraadt [Fri, 25 Nov 2022 23:09:20 +0000 (23:09 +0000)]
ifconfig -M <mac> finds the address on an interface and prints it.
cloned (virtual) interfaces are skipped, and if the MAC is on more
than 1 interface, no answer either.  The mac must be in same format
as the ifconfig lladdr output (complete lowercase with :)
idea from florian, ok afresh1

23 months agoDisable screen backlight on Apple silicon laptops when lid is closed.
tobhe [Fri, 25 Nov 2022 20:33:11 +0000 (20:33 +0000)]
Disable screen backlight on Apple silicon laptops when lid is closed.

ok kettenis@

23 months agorevert pf.c r1.1152 again: move pf_purge out from under the kernel lock
bluhm [Fri, 25 Nov 2022 20:27:53 +0000 (20:27 +0000)]
revert pf.c r1.1152 again: move pf_purge out from under the kernel lock

Using systqmp for pf_purge creates a deadlock between pf_purge()
and ixgbe_stop() and possibly other drivers.  On systqmp pf(4) needs
netlock which the interface ioctl(2) is holding.  ix(4) waits in
sched_barrier() which is also scheduled on the systqmp task queue.

Removing the netlock from pf_purge() as a quick fix caused other
problems.

backout suggested by deraadt@

23 months agoRevert previous commit. It was not properly tested and produces splassert
kettenis [Fri, 25 Nov 2022 18:03:53 +0000 (18:03 +0000)]
Revert previous commit.  It was not properly tested and produces splassert
warnings.  Rushing to pile more stuff on top of it isn't the answer.  This
needs a rethink.

ok deraadt@

23 months agoIn bio.h rev. 1.46/1.47 (Oct/Nov 2021), tb@ provided BIO_get_init(3).
schwarze [Fri, 25 Nov 2022 17:44:01 +0000 (17:44 +0000)]
In bio.h rev. 1.46/1.47 (Oct/Nov 2021), tb@ provided BIO_get_init(3).
Document it.

23 months agoDo not crash when a tcp query is larger than the length field
bluhm [Fri, 25 Nov 2022 16:10:07 +0000 (16:10 +0000)]
Do not crash when a tcp query is larger than the length field
indicated.

Found by kn with amap.
Input bluhm.
OK deraadt, tb, otto, kn
from florian@

23 months agoRevert hunk accidentially committed in r1.248 "Clarify/typofix comments"
kn [Fri, 25 Nov 2022 15:03:24 +0000 (15:03 +0000)]
Revert hunk accidentially committed in r1.248 "Clarify/typofix comments"

23 months agoAdd ld.so linker script for mips64
visa [Fri, 25 Nov 2022 14:56:56 +0000 (14:56 +0000)]
Add ld.so linker script for mips64

Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable.  So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there.  This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.

OK deraadt@

23 months agoUnits generally help...
tb [Fri, 25 Nov 2022 09:32:10 +0000 (09:32 +0000)]
Units generally help...