openbsd
9 years agoCreate a suspend/resume infrastructure for the RNG. At suspend time,
deraadt [Thu, 18 Dec 2014 16:27:30 +0000 (16:27 +0000)]
Create a suspend/resume infrastructure for the RNG.  At suspend time,
process all queued entropy and create a brand new pool to prevent
backtracking upon resume.  At resume time, process the entropy queue
(since other resume code paths which run earlier can enqueue entropy)
and force all higher to reseed.
ok reyk djm

9 years agoIf support is present, use rdrand() at resume time. Make the rdrand()
deraadt [Thu, 18 Dec 2014 16:23:25 +0000 (16:23 +0000)]
If support is present, use rdrand() at resume time.  Make the rdrand()
function easier to call.
ok reyk djm

9 years agoChange the link state change routing message generation to a taskq.
krw [Thu, 18 Dec 2014 15:29:30 +0000 (15:29 +0000)]
Change the link state change routing message generation to a taskq.
One less workq to worry about.

Tweaks from many. ok mpi@ mikeb@

9 years agoMerge from NetBSD r1.54 from Matthias Drochner:
mpi [Thu, 18 Dec 2014 10:51:35 +0000 (10:51 +0000)]
Merge from NetBSD r1.54 from Matthias Drochner:
--
kick out the error-prone handcrafted single-linked list of cardbus
functions; replace by a simple *array[8]
--

In other words, prevent a use after free when removing a cardbus
function.

ok deraadt@, miod@

9 years agoansi function prototypes. no functional change.
dlg [Thu, 18 Dec 2014 10:50:02 +0000 (10:50 +0000)]
ansi function prototypes. no functional change.

9 years agowhite space tweaks, no functional change.
dlg [Thu, 18 Dec 2014 10:46:45 +0000 (10:46 +0000)]
white space tweaks, no functional change.

9 years agoreplace splhigh and a simplelock with a mutex.
dlg [Thu, 18 Dec 2014 10:45:29 +0000 (10:45 +0000)]
replace splhigh and a simplelock with a mutex.

slight tweak and testing by deraadt@
ok miod@

9 years agoIf a host controller has been detached or reported a halt condition it
mpi [Thu, 18 Dec 2014 10:44:17 +0000 (10:44 +0000)]
If a host controller has been detached or reported a halt condition it
should be considered as dead.  In such condition the stack no longer
submits I/O or schedules any USB task for its bus.

However we need an explore task to detach the root hub since only the
task thread is supposed to discover buses and attach/detach devices in
order to avoid races.

So reset the bus' dying flag when marking it as disconnecting in order
to let the task be scheduled.  This should be safe because a detached
or halted HC should not trigger any new interrupt.

Fix a panic when detaching USB PCMCIA cards reported by Tilo Stritzky.

9 years agoDocument * and :: to listen on all IPv4 or IPv6 addresses.
reyk [Thu, 18 Dec 2014 10:18:25 +0000 (10:18 +0000)]
Document * and :: to listen on all IPv4 or IPv6 addresses.

9 years agoAccept * as an alias for the default ipv4 listen address.
reyk [Thu, 18 Dec 2014 10:10:11 +0000 (10:10 +0000)]
Accept * as an alias for the default ipv4 listen address.

OK jsg@

9 years ago"tcp nodelay" shouldn't be discussing relaying SSH; this was a remnant
reyk [Thu, 18 Dec 2014 09:00:19 +0000 (09:00 +0000)]
"tcp nodelay" shouldn't be discussing relaying SSH; this was a remnant
from relayd.conf.5.

From Ross L Richardson

9 years agoUnmap the MP hatch and ACPI resume trampolines when not in active use.
mlarkin [Thu, 18 Dec 2014 05:33:48 +0000 (05:33 +0000)]
Unmap the MP hatch and ACPI resume trampolines when not in active use.

ok deraadt@

9 years agoThe code is already careful to not add items to lists that were
schwarze [Thu, 18 Dec 2014 03:09:42 +0000 (03:09 +0000)]
The code is already careful to not add items to lists that were
already closed.  In this respect, also consider lists closed
that have broken another block, their closure pending until the
end of the broken block.  This avoids syntax tree corruption
leading to a NULL pointer access found by jsg@ with afl.

9 years agothe easier way to put a buffer on the stack is to put it on the stack,
tedu [Wed, 17 Dec 2014 22:23:33 +0000 (22:23 +0000)]
the easier way to put a buffer on the stack is to put it on the stack,
not with alloca(). found by dickman; ok kettenis

9 years agounroll loops. much faster on amd64. ok deraadt millert
tedu [Wed, 17 Dec 2014 19:42:44 +0000 (19:42 +0000)]
unroll loops. much faster on amd64. ok deraadt millert

9 years agoremove lock.h from uvm_extern.h. another holdover from the simpletonlock
tedu [Wed, 17 Dec 2014 19:42:15 +0000 (19:42 +0000)]
remove lock.h from uvm_extern.h. another holdover from the simpletonlock
era. fix uvm including c files to include lock.h or atomic.h as necessary.
ok deraadt

9 years agounroll loops for sha2. quite a bit faster for amd64.
tedu [Wed, 17 Dec 2014 19:40:24 +0000 (19:40 +0000)]
unroll loops for sha2. quite a bit faster for amd64.
ok deraadt millert

9 years agominimal removal of simplelock to eliminate lock.h dependency
tedu [Wed, 17 Dec 2014 19:39:20 +0000 (19:39 +0000)]
minimal removal of simplelock to eliminate lock.h dependency

9 years agofix/reduce header dependencies. clock.c doesn't need any of this uvm.
tedu [Wed, 17 Dec 2014 19:39:01 +0000 (19:39 +0000)]
fix/reduce header dependencies. clock.c doesn't need any of this uvm.
ok deraadt kettenis

9 years agoBe a bit more lenient in what to accept for section names given
schwarze [Wed, 17 Dec 2014 18:45:00 +0000 (18:45 +0000)]
Be a bit more lenient in what to accept for section names given
as the first man(1) command line argument without -s:
Accept digits like "1", "2"; digit+letter like "3p", "1X"; and "n".
Issue reported by Svyatoslav Mishyn <juef at openmailbox dot org> (Crux Linux).

9 years agoAdd size_t to int checks for SSL functions.
doug [Wed, 17 Dec 2014 17:51:33 +0000 (17:51 +0000)]
Add size_t to int checks for SSL functions.

libtls accepts size_t for lengths but libssl accepts int.  This verifies
that the input does not exceed INT_MAX.  It also avoids truncating size_t
when comparing with int and adds printf-style attributes for
tls_set_error().

with input from deraadt@ and tedu@
ok tedu@

9 years agoUse log_warnx() not log_warn() for mail loop warning since errno
millert [Wed, 17 Dec 2014 15:49:23 +0000 (15:49 +0000)]
Use log_warnx() not log_warn() for mail loop warning since errno
is not set.  OK gilles@

9 years agoAvoid premature masking in the interrupt handler code that checks for removed
kettenis [Wed, 17 Dec 2014 15:27:49 +0000 (15:27 +0000)]
Avoid premature masking in the interrupt handler code that checks for removed
hardware.

ok mpi@, deraadt@

9 years agoremove simplelocks (trivial)
deraadt [Wed, 17 Dec 2014 15:27:17 +0000 (15:27 +0000)]
remove simplelocks (trivial)

9 years agodelete simplelocks
deraadt [Wed, 17 Dec 2014 15:26:21 +0000 (15:26 +0000)]
delete simplelocks

9 years agoremove simplelocks
deraadt [Wed, 17 Dec 2014 15:23:40 +0000 (15:23 +0000)]
remove simplelocks
ok tedu

9 years agopretty easy removal of simplelocks
deraadt [Wed, 17 Dec 2014 15:05:52 +0000 (15:05 +0000)]
pretty easy removal of simplelocks
ok miod (a while back)

9 years agoremove simplelocks
deraadt [Wed, 17 Dec 2014 15:01:45 +0000 (15:01 +0000)]
remove simplelocks
ok kettenis

9 years agoremove simplelocks use
deraadt [Wed, 17 Dec 2014 14:40:03 +0000 (14:40 +0000)]
remove simplelocks use
ok kettenis mpi

9 years agoAdd missing flag in the description field.
reyk [Wed, 17 Dec 2014 13:54:27 +0000 (13:54 +0000)]
Add missing flag in the description field.

9 years agoadd umcs(4)
jsg [Wed, 17 Dec 2014 11:53:43 +0000 (11:53 +0000)]
add umcs(4)

9 years agoRemove the "multicast_" prefix from the fields a multicast-only struct.
mpi [Wed, 17 Dec 2014 09:57:13 +0000 (09:57 +0000)]
Remove the "multicast_" prefix from the fields a multicast-only struct.

Prodded by claudio@ and mikeb@

9 years agoUse an interface index instead of a pointer for multicast options.
mpi [Wed, 17 Dec 2014 09:45:59 +0000 (09:45 +0000)]
Use an interface index instead of a pointer for multicast options.

Output interface (port) selection for multicast traffic is not done via
route lookups.  Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option.  But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.

Prevent a fault upon resume reported by frantisek holop, thanks!

ok mikeb@, claudio@

9 years agoPrefer MADV_* over POSIX_MADV_* in kernel for consistency: the latter
guenther [Wed, 17 Dec 2014 06:58:10 +0000 (06:58 +0000)]
Prefer MADV_* over POSIX_MADV_* in kernel for consistency: the latter
doesn't have all the values and therefore can't be used everywhere.

ok deraadt@ kettenis@

9 years agodelete archaic simplelock use.
deraadt [Wed, 17 Dec 2014 06:05:51 +0000 (06:05 +0000)]
delete archaic simplelock use.
ok miod

9 years agoDo as the datasheet recommends and disable the RX filter before adjusting
brad [Wed, 17 Dec 2014 03:50:53 +0000 (03:50 +0000)]
Do as the datasheet recommends and disable the RX filter before adjusting
the RX filter.

From FreeBSD

9 years agoincrease to 2048 to prevent failure. ok deraadt@
daniel [Wed, 17 Dec 2014 00:10:22 +0000 (00:10 +0000)]
increase to 2048 to prevent failure. ok deraadt@

9 years agoinstall both ld.so with mode 444
deraadt [Tue, 16 Dec 2014 23:59:47 +0000 (23:59 +0000)]
install both ld.so with mode 444

9 years agoIgnore mdoc(7) and man(7) macros inside tbl(7) code because they
schwarze [Tue, 16 Dec 2014 23:44:16 +0000 (23:44 +0000)]
Ignore mdoc(7) and man(7) macros inside tbl(7) code because they
would abort the table in an unclean way, causing assertion failures
found by jsg@.

9 years agoTemporarily expand the pci memory range to suit Dell 13G servers.
jmatthew [Tue, 16 Dec 2014 23:13:20 +0000 (23:13 +0000)]
Temporarily expand the pci memory range to suit Dell 13G servers.
They have devices outside the 36 bit range that their firmware needs to talk
to, and they get constant acpi interrupts if it can't.  We should get the
necessary ranges via ACPI, but for now just make the allowed range bigger.

ok kettenis@ deraadt@

9 years agosync
deraadt [Tue, 16 Dec 2014 22:18:12 +0000 (22:18 +0000)]
sync

9 years agodon't include lock.h by default. poisons namespace. ok deraadt
tedu [Tue, 16 Dec 2014 21:40:05 +0000 (21:40 +0000)]
don't include lock.h by default. poisons namespace. ok deraadt

9 years agosync
miod [Tue, 16 Dec 2014 21:29:54 +0000 (21:29 +0000)]
sync

9 years agoDo not grab the kernel lock for clock interrupts, hardclock() will behave
miod [Tue, 16 Dec 2014 21:29:05 +0000 (21:29 +0000)]
Do not grab the kernel lock for clock interrupts, hardclock() will behave
correctly without. Modeled after sparc64 logic.

9 years agomust include lock.h to play with locks
tedu [Tue, 16 Dec 2014 21:25:28 +0000 (21:25 +0000)]
must include lock.h to play with locks

9 years agothese headers do not need to (and should not) include lock.h poisoning
tedu [Tue, 16 Dec 2014 21:20:23 +0000 (21:20 +0000)]
these headers do not need to (and should not) include lock.h poisoning
the namespace. ok deraadt

9 years agoinclude atomic.h to get atomic operations (virtio_membar). ok sf
tedu [Tue, 16 Dec 2014 21:19:29 +0000 (21:19 +0000)]
include atomic.h to get atomic operations (virtio_membar). ok sf

9 years agoDefine and print HV cpuid flag.
sf [Tue, 16 Dec 2014 21:02:58 +0000 (21:02 +0000)]
Define and print HV cpuid flag.

This is set by many hypervisors, including kvm, vmware, hyper-v.

9 years agoInstall a copy of ld.so into /sbin. Soon to be used in order to make "static"
pascal [Tue, 16 Dec 2014 20:53:12 +0000 (20:53 +0000)]
Install a copy of ld.so into /sbin.  Soon to be used in order to make "static"
PIE possible.

ok deraadt@ tedu@

9 years agotypo; ok deraadt
sthen [Tue, 16 Dec 2014 20:51:32 +0000 (20:51 +0000)]
typo; ok deraadt

9 years agowarn for correct symbol
deraadt [Tue, 16 Dec 2014 20:42:36 +0000 (20:42 +0000)]
warn for correct symbol

9 years agomust include lock.h if you want to play with locks
tedu [Tue, 16 Dec 2014 19:56:33 +0000 (19:56 +0000)]
must include lock.h if you want to play with locks

9 years agoonly need lock.h here, not all of uvm_extern.h
tedu [Tue, 16 Dec 2014 19:51:33 +0000 (19:51 +0000)]
only need lock.h here, not all of uvm_extern.h

9 years agocorrect -Tutf8 and -Thtml rendering of \(~=
schwarze [Tue, 16 Dec 2014 19:48:49 +0000 (19:48 +0000)]
correct -Tutf8 and -Thtml rendering of \(~=
and change the name of \(-~ to \(|= to agree with groff;
difference found by Carsten dot Kunze at arcor dot de

9 years agoDon't pass options after the to address to sendmail. The only
millert [Tue, 16 Dec 2014 18:37:17 +0000 (18:37 +0000)]
Don't pass options after the to address to sendmail.  The only
legitiate use of this is to set the sender name which should be
handled specifically by a different option.

9 years agoAdd new "expandaddr" flag (disabled by default) to enable recipient
millert [Tue, 16 Dec 2014 18:36:46 +0000 (18:36 +0000)]
Add new "expandaddr" flag (disabled by default) to enable recipient
address expansion and document it.  Previously, this behavior was
always enabled.  Also document how address expansion is performed,
which used to only be described in the (no longer installed) Mail
Reference Manual.  CVE-2014-7844

9 years agoUse glob() to expand filenames instead of passing it to the shell's
millert [Tue, 16 Dec 2014 18:31:06 +0000 (18:31 +0000)]
Use glob() to expand filenames instead of passing it to the shell's
echo command for expansion which could result in arbitrary command
execution.  CVE-2004-2771

9 years agoprimary change: move uvm_vnode out of vnode, keeping only a pointer.
tedu [Tue, 16 Dec 2014 18:30:03 +0000 (18:30 +0000)]
primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

9 years agoProtect memory allocation and disposal with splvm(); gets rid of splassert
miod [Tue, 16 Dec 2014 18:03:17 +0000 (18:03 +0000)]
Protect memory allocation and disposal with splvm(); gets rid of splassert
complaints during boot on i386.
ok stsp@

9 years agoExplicit block closure macros clobber next-line block head scope,
schwarze [Tue, 16 Dec 2014 17:24:58 +0000 (17:24 +0000)]
Explicit block closure macros clobber next-line block head scope,
just like explicit block macros themselves.
Fixing an assertion failure jsg@ found with afl.

9 years agoNow that we have Camellia support in libcrypto, bring in the SHA256 flavour of
miod [Tue, 16 Dec 2014 05:47:28 +0000 (05:47 +0000)]
Now that we have Camellia support in libcrypto, bring in the SHA256 flavour of
the Camellia ciphersuites for TLS 1.2 introduced in RFC 5932. From OpenSSL HEAD.

9 years agoWhen a string comparison condition contains no mismatching character
schwarze [Tue, 16 Dec 2014 03:52:31 +0000 (03:52 +0000)]
When a string comparison condition contains no mismatching character
but ends without the final delimiter, the parse point was advanced
one character too far and the invalid pointer returned to the
caller of roff_parseln().  Later use could potentially advance
the pointer even further and maybe even write to it.
Fixing a buffer overrun found by jsg@ with afl (the most severe so far).

9 years agoReplace setpgrp(0, getpid()) with setpgid(0, 0). OK deraadt@ tedu@
millert [Tue, 16 Dec 2014 03:35:49 +0000 (03:35 +0000)]
Replace setpgrp(0, getpid()) with setpgid(0, 0).  OK deraadt@ tedu@

9 years agoRemove some useless casts and includes. OK deraadt@ tedu@
millert [Tue, 16 Dec 2014 03:32:21 +0000 (03:32 +0000)]
Remove some useless casts and includes.  OK deraadt@ tedu@

9 years agoinclude lock.h, needed for later headers but currently included by magic
tedu [Tue, 16 Dec 2014 03:21:10 +0000 (03:21 +0000)]
include lock.h, needed for later headers but currently included by magic
ok millert

9 years agoDon't display formatted time if localtime() fails.
jsg [Tue, 16 Dec 2014 03:19:23 +0000 (03:19 +0000)]
Don't display formatted time if localtime() fails.
Avoids a crash in strftime() found with the afl fuzzer.
ok guenther@

9 years agoWhen a numerical condition errors out after consuming at least one
schwarze [Tue, 16 Dec 2014 01:21:37 +0000 (01:21 +0000)]
When a numerical condition errors out after consuming at least one
character of input, treat it as false, do not retry it as a string
comparison condition.  This also fixes a read buffer overrun that
happened when the numerical condition advanced to the end of the
input line before erroring out, found by jsg@ with afl.

9 years agouse .In and delete .Tn; from Kaspars at Bankovskis dot net
schwarze [Tue, 16 Dec 2014 00:06:49 +0000 (00:06 +0000)]
use .In and delete .Tn; from Kaspars at Bankovskis dot net

9 years agoEmpty conditions count as false.
schwarze [Mon, 15 Dec 2014 23:42:31 +0000 (23:42 +0000)]
Empty conditions count as false.
When negated, they still count as false.
Found when investigating crashes jsg@ found with afl.
Not completely fixing the crashes yet.

9 years agomerge improvements from NetBSD; ok jmc@ nicm@
schwarze [Mon, 15 Dec 2014 22:35:41 +0000 (22:35 +0000)]
merge improvements from NetBSD; ok jmc@ nicm@

9 years agodon't drop the kernel lock everytime. on a busy system, this results in
tedu [Mon, 15 Dec 2014 20:38:22 +0000 (20:38 +0000)]
don't drop the kernel lock everytime. on a busy system, this results in
the reaper spending more than half its time in uvm_pause. we want the
system to be interactive, but we want throughput too. this seems like a
decent balance.

9 years ago.Xr cut which may be what you're really looking for.
tedu [Mon, 15 Dec 2014 20:31:40 +0000 (20:31 +0000)]
.Xr cut which may be what you're really looking for.

9 years agoConsistency with the pci_intr_map bits.
brad [Mon, 15 Dec 2014 20:15:48 +0000 (20:15 +0000)]
Consistency with the pci_intr_map bits.

ok sf@

9 years agocorrect some character names to match groff;
schwarze [Mon, 15 Dec 2014 19:41:24 +0000 (19:41 +0000)]
correct some character names to match groff;
reported by Carsten dot Kunze at arcor dot de

9 years agoLet "man n open" do the same as "man -s n open" again, that is,
schwarze [Mon, 15 Dec 2014 18:04:32 +0000 (18:04 +0000)]
Let "man n open" do the same as "man -s n open" again, that is,
show the open(n) Tcl manual, as documented in man(1).  Issue reported
by Svyatoslav Mishyn <juef at openmailbox dot org> (Crux Linux).

9 years agoMerge from bsd.lv: text about HTML written by kristaps@.
schwarze [Mon, 15 Dec 2014 17:36:47 +0000 (17:36 +0000)]
Merge from bsd.lv: text about HTML written by kristaps@.

9 years agoCatch localtime() failure for additional safety;
schwarze [Mon, 15 Dec 2014 17:29:58 +0000 (17:29 +0000)]
Catch localtime() failure for additional safety;
patch from Jan Stary <hans at stare dot cz> some time ago.

9 years agoStop using usb_{alloc,free}mem() for the rings and internal structures.
mpi [Mon, 15 Dec 2014 17:10:44 +0000 (17:10 +0000)]
Stop using usb_{alloc,free}mem() for the rings and internal structures.

Since xhci(4) does not allocate memory for its rings in interrupt
context, it has no use for the free lists offered by the USB memory
allocator.

Using bus_dmamem_alloc(9) and friends also allows us to respect the
boundary requirement for the various structures specified in Table 54.

While here make use of defines for every alignment and boundary
requirements which are different than a page size.

9 years agoThe PCI device ID 0x4c6e is a secondary device ID for the Radeon Mobility
kettenis [Mon, 15 Dec 2014 13:43:17 +0000 (13:43 +0000)]
The PCI device ID 0x4c6e is a secondary device ID for the Radeon Mobility
9000/M9 that appears on the FireMV 2400 card.  It certainly isn't an RV280
chip and we don't want to attach to it, so remove it.  Same change has been
made upstream (based on a report by yours truly).

9 years agoNotify on zoom/unzoom, from George Nachmann.
nicm [Mon, 15 Dec 2014 10:04:18 +0000 (10:04 +0000)]
Notify on zoom/unzoom, from George Nachmann.

9 years agoOnly redraw affected lines when selection changes with mouse. From
nicm [Mon, 15 Dec 2014 10:02:55 +0000 (10:02 +0000)]
Only redraw affected lines when selection changes with mouse. From
Michael Graczyk.

9 years agoremove -r from usage();
jmc [Mon, 15 Dec 2014 07:01:12 +0000 (07:01 +0000)]
remove -r from usage();

9 years agoMove 40MB of .rodata and 40MB of stack to .bss; allows this test to run on
miod [Mon, 15 Dec 2014 06:03:15 +0000 (06:03 +0000)]
Move 40MB of .rodata and 40MB of stack to .bss; allows this test to run on
platforms with small MAXTSIZ or MAXSSIZ.

9 years agofully parenthesize the PMAP_DIRECT_* macros
guenther [Mon, 15 Dec 2014 05:05:24 +0000 (05:05 +0000)]
fully parenthesize the PMAP_DIRECT_* macros

ok tedu@

9 years agomove needed macros to pmap.c and delete stale ones. ok guenther
tedu [Mon, 15 Dec 2014 04:54:44 +0000 (04:54 +0000)]
move needed macros to pmap.c and delete stale ones. ok guenther

9 years agoUse MAP_INHERIT_* for the 'inh' argument to the UMV_MAPFLAG() macro,
guenther [Mon, 15 Dec 2014 02:24:22 +0000 (02:24 +0000)]
Use MAP_INHERIT_* for the 'inh' argument to the UMV_MAPFLAG() macro,
eliminating the must-be-kept-in-sync UVM_INH_* macros

ok deraadt@ tedu@

9 years agoconvert bcopy to memcpy. ok dlg krw
tedu [Mon, 15 Dec 2014 02:11:57 +0000 (02:11 +0000)]
convert bcopy to memcpy. ok dlg krw

9 years agochange bcopy to memcpy. ok deraadt
tedu [Mon, 15 Dec 2014 01:53:45 +0000 (01:53 +0000)]
change bcopy to memcpy. ok deraadt

9 years agoEliminate the -r option and always do sysctl OID, username, groupname,
guenther [Mon, 15 Dec 2014 01:48:54 +0000 (01:48 +0000)]
Eliminate the -r option and always do sysctl OID, username, groupname,
and ctime presentation, but combined with the numeric form ala 0<"root">.
Do username and groupname presentation on syscall arguments and retvals.

ok millert@ otto@

9 years agoAdd error handling for EVP_DigestInit_ex().
doug [Mon, 15 Dec 2014 00:46:53 +0000 (00:46 +0000)]
Add error handling for EVP_DigestInit_ex().

A few EVP_DigestInit_ex() calls were left alone since reporting an
error would change the public API.

Changed internal ssl3_cbc_digest_record() to return a value due to the above
change.  It will also now set md_out_size=0 on failure.

This is based on part of BoringSSL's commit to fix malloc crashes:
https://boringssl.googlesource.com/boringssl/+/69a01608f33ab6fe2c3485d94aef1fe9eacf5364

ok miod@

9 years agounconditionally align SSL payloads
bcook [Sun, 14 Dec 2014 21:49:29 +0000 (21:49 +0000)]
unconditionally align SSL payloads

Remove support for conditional payload alignment, since we would never
want to turn it off. Also, consistently use size_t for calculating the
alignment.

ok miod@

9 years agoBy now relayd expects tls in its config file and writes tls into
bluhm [Sun, 14 Dec 2014 20:30:51 +0000 (20:30 +0000)]
By now relayd expects tls in its config file and writes tls into
its log file.  Change regression tests form ssl to tls.

9 years agoRevert r1.10: properly built shared libraries will never have any DISP26
miod [Sun, 14 Dec 2014 19:55:12 +0000 (19:55 +0000)]
Revert r1.10: properly built shared libraries will never have any DISP26
relocations, but will always call public symbols through the library's PLT.

9 years agoSwitch man(1) to the mandoc implementation.
schwarze [Sun, 14 Dec 2014 17:55:36 +0000 (17:55 +0000)]
Switch man(1) to the mandoc implementation.
OK krw@ naddy@ sthen@  "commit it now" deraadt@

I won't remove the files in src/usr.bin/man, such that we can quickly
switch back in case a problem is found.

9 years agominimally document -IOKTW; requested by naddy@
schwarze [Sun, 14 Dec 2014 17:48:48 +0000 (17:48 +0000)]
minimally document -IOKTW; requested by naddy@

9 years agoRemove unused <stdlib.h>
bcallah [Sun, 14 Dec 2014 16:55:59 +0000 (16:55 +0000)]
Remove unused <stdlib.h>
ok lteo@ krw@ deraadt@

9 years agoConvert all of the straight forward client handshake handling code to use
jsing [Sun, 14 Dec 2014 16:19:38 +0000 (16:19 +0000)]
Convert all of the straight forward client handshake handling code to use
the new handshake functions.

ok miod@

9 years agoProvide functions for starting, finishing and writing SSL handshake
jsing [Sun, 14 Dec 2014 16:07:26 +0000 (16:07 +0000)]
Provide functions for starting, finishing and writing SSL handshake
messages. This will allow for removal of repeated/duplicated code.

Additionally, DTLS was written by wholesale copying of the SSL/TLS code,
with some DTLS specifics being added to the duplicated code. Since these
SSL handshake message functions know how to handle both SSL/TLS and DTLS,
upon conversion the duplicate versions will become identical (or close to),
at which point the DTLS versions can be removed and the SSL/TLS versions
used for both protocols.

Partially based on similar changes in OpenSSL.

ok miod@

9 years agoRemove trailing whitespace.
jsing [Sun, 14 Dec 2014 15:30:50 +0000 (15:30 +0000)]
Remove trailing whitespace.

9 years agothese are no longer used, remove
gilles [Sun, 14 Dec 2014 15:26:56 +0000 (15:26 +0000)]
these are no longer used, remove