jsing [Tue, 26 Mar 2024 06:23:07 +0000 (06:23 +0000)]
Reorder functions.
No functional change.
jsing [Tue, 26 Mar 2024 06:09:25 +0000 (06:09 +0000)]
Provide an optimised bn_subw() for amd64.
bn_subw() will be used more widely in an upcoming change.
joshua [Tue, 26 Mar 2024 06:08:51 +0000 (06:08 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_SignFinal
ok jsing@
jsing [Tue, 26 Mar 2024 05:55:15 +0000 (05:55 +0000)]
Stop including md32_common.h in md5.c and remove unused defines.
This is now no longer needed.
ok tb@
joshua [Tue, 26 Mar 2024 05:50:49 +0000 (05:50 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_VerifyFinal
ok tb@
jsing [Tue, 26 Mar 2024 05:46:13 +0000 (05:46 +0000)]
Include stdint.h for uintptr_t.
tb [Tue, 26 Mar 2024 05:43:22 +0000 (05:43 +0000)]
Add back x509_local.h for PBKDF2PARAM
tb [Tue, 26 Mar 2024 05:39:47 +0000 (05:39 +0000)]
PKCS5_pbe2_set_iv() can be local to p5_pbev2
quoth the muppet "yes I know this is horrible!"
joshua [Tue, 26 Mar 2024 05:37:28 +0000 (05:37 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS1_MGF1
ok tb@
joshua [Tue, 26 Mar 2024 05:26:27 +0000 (05:26 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in
RSA_verify_PKCS1_PSS_mgf1
ok jsing@ tb@
joshua [Tue, 26 Mar 2024 05:22:50 +0000 (05:22 +0000)]
Clean up use of EVP_CIPHER_CTX_{legacy_clear,cleanup} in EVP_OpenInit
ok tb@
jsing [Tue, 26 Mar 2024 05:21:35 +0000 (05:21 +0000)]
Demacro MD5 and improve data loading.
Use static inline functions instead of macros and improve handling of
aligned data. Also number rounds as per RFC 1321.
ok tb@
jsing [Tue, 26 Mar 2024 04:23:04 +0000 (04:23 +0000)]
Mark internal functions as static.
jsing [Tue, 26 Mar 2024 04:14:45 +0000 (04:14 +0000)]
Move bn_montgomery_reduce() and drop prototype.
No functional change.
jsing [Tue, 26 Mar 2024 04:11:42 +0000 (04:11 +0000)]
Fix function guards.
beck [Tue, 26 Mar 2024 03:44:11 +0000 (03:44 +0000)]
Add an indicator that an extension has been processed.
ok jsing@
beck [Tue, 26 Mar 2024 02:43:56 +0000 (02:43 +0000)]
Fix expected client hello value to allow for supported_groups change.
ok jsing@
tb [Tue, 26 Mar 2024 01:41:06 +0000 (01:41 +0000)]
Garbage collect the unused verifyctx() and verifyctx_init()
ok joshua jsing
jsg [Tue, 26 Mar 2024 01:28:17 +0000 (01:28 +0000)]
adapt ttm fault handler to OpenBSD
used by gem objects on dg2
dtucker [Tue, 26 Mar 2024 01:23:11 +0000 (01:23 +0000)]
Import regenerated moduli.
beck [Tue, 26 Mar 2024 01:21:34 +0000 (01:21 +0000)]
Process supported groups before key share.
This will allow us to know the client preferences for an upcoming
change to key share processing.
ok jsing@
beck [Tue, 26 Mar 2024 01:18:16 +0000 (01:18 +0000)]
Disable client handshake test for now for pending changes.
ok jsing@
joshua [Tue, 26 Mar 2024 01:15:57 +0000 (01:15 +0000)]
Use errno_value instead of num for readability
ok jsing@
dlg [Tue, 26 Mar 2024 00:54:24 +0000 (00:54 +0000)]
print amps and watts
dlg [Tue, 26 Mar 2024 00:53:51 +0000 (00:53 +0000)]
amps and watts types
volts felt lonely
joshua [Tue, 26 Mar 2024 00:50:22 +0000 (00:50 +0000)]
Use errno_value instead of num for readability
ok beck@ jsing@
beck [Tue, 26 Mar 2024 00:39:22 +0000 (00:39 +0000)]
Change ts to only support one second precision.
RFC 3631 allows for sub second ASN1 GENERALIZED times, if you
choose to support sub second time precison. It does not
indicate that an implementation must support them.
Supporting sub second timestamps is just silly and unrealistic,
so set our maximum to one second of precision. We then simplify
this code by removing some nasty eye-bleed that made artisinally
hand crafted strings and jammed them into an ASN1_GENERALIZEDTIME.
ok tb@, jsing@, with one second precision tested by kn@
tb [Tue, 26 Mar 2024 00:24:11 +0000 (00:24 +0000)]
Clean up conf's module_init()
Immediately error out when no name or value is passed instead of hiding
this in a a combination of ternary operator and strdup error check.
Use calloc(). Unindent some stupid, don't pretend this function can return
anything but -1 and 1, turn the whole thing into single exit and call the
now existing imodule_free() instead of handrolling it.
ok jsing
kettenis [Mon, 25 Mar 2024 23:10:03 +0000 (23:10 +0000)]
Add missing SFENCE.VMA instructions after switching page tables during
early kernel bootstrap.
ok jsg@, mlarkin@
mbuhl [Mon, 25 Mar 2024 20:25:13 +0000 (20:25 +0000)]
Add the VLAN_HWTAGGING capability. Big thanks to bket@ for testing,
rebasing, refactoring, and addressing feedback for this diff.
ok bluhm@, jan@
djm [Mon, 25 Mar 2024 19:28:09 +0000 (19:28 +0000)]
optional debugging
op [Mon, 25 Mar 2024 19:11:52 +0000 (19:11 +0000)]
remove possibly bogus length check
len is initially the line length, but then the two go out of sync.
ok millert@
guenther [Mon, 25 Mar 2024 17:57:07 +0000 (17:57 +0000)]
Move the "no (hard) linking directories" and "no cross-mount links"
checks from all the filesystems that support hardlinks at all into
the VFS layer. Simplify, EPERM description in link(2).
ok miod@ mpi@
mvs [Mon, 25 Mar 2024 17:43:10 +0000 (17:43 +0000)]
regen
mvs [Mon, 25 Mar 2024 17:42:34 +0000 (17:42 +0000)]
Unlock shutdown(2).
ok bluhm
patrick [Mon, 25 Mar 2024 17:24:03 +0000 (17:24 +0000)]
Add rpigpio(4), a driver for the RP1 GPIO controller on the Raspberry Pi 5.
With this, GPIOs can be correctly configured and engaged. Complete pinctrl
as well as IRQ functionality is yet to be implemented.
ok kettenis@
millert [Mon, 25 Mar 2024 15:52:39 +0000 (15:52 +0000)]
whois: use getline(3) instead of fgetln(3)
This simplifies the code and fixes a potential out of bounds read.
OK op@ mbuhl@
jsing [Mon, 25 Mar 2024 13:09:13 +0000 (13:09 +0000)]
Rewrite HKDF_expand().
Simplify overflow checking and length tracking, use a CBB to handle output
and use HMAC_CTX_new() rather than having a HMAC_CTX on the stack.
ok tb@
mvs [Mon, 25 Mar 2024 13:01:49 +0000 (13:01 +0000)]
Add 'ws_' prefix to 'wseventvar' structure members. No functional
changes.
ok miod
jsing [Mon, 25 Mar 2024 12:10:57 +0000 (12:10 +0000)]
Revert r1.13 since it currently breaks openssl-ruby regress tests.
ok tb@
joshua [Mon, 25 Mar 2024 11:41:40 +0000 (11:41 +0000)]
Inline sctx in EVP_DigestSignFinal
ok tb@ jsing@
joshua [Mon, 25 Mar 2024 11:38:47 +0000 (11:38 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in PKCS5_PBE_keyivgen
ok tb@
jsg [Mon, 25 Mar 2024 11:37:18 +0000 (11:37 +0000)]
fix xbacklight on amdgpu
Call amdgpu_init_backlight() after drm_dev_register() otherwise
the connector isn't registered yet and dm->backlight_dev is not set.
tb@ mentioned this broke with the 6.6 drm update and confirmed this fixes it.
Debugged with help from dtucker@ on another machine.
job [Mon, 25 Mar 2024 11:27:00 +0000 (11:27 +0000)]
Error on setting an invalid CSR version
Reported by David Benjamin (BoringSSL)
OK tb@
joshua [Mon, 25 Mar 2024 11:10:17 +0000 (11:10 +0000)]
Remove unneeded brackets from if statement in EVP_DigestSignFinal
ok tb@
joshua [Mon, 25 Mar 2024 10:58:06 +0000 (10:58 +0000)]
Clean up use of EVP_MD_CTX_{legacy_clear,cleanup} in EVP_BytesToKey
ok tb@
jsing [Mon, 25 Mar 2024 10:41:36 +0000 (10:41 +0000)]
Codify more insane CRYPTO_EX_DATA API.
The current CRYPTO_EX_DATA implementation allows for data to be set without
calling new, indexes can be used without allocation, new can be called without
getting an index and dup can be called after new or without calling new.
jsing [Mon, 25 Mar 2024 10:19:14 +0000 (10:19 +0000)]
Revise for TLS extension parsing/processing changes.
jsing [Mon, 25 Mar 2024 10:18:13 +0000 (10:18 +0000)]
Simplify TLS extension parsing and processing.
Rather than having a separate parse and process step for each TLS
extension, do a first pass that parses all of the TLS outer extensions and
retains the extension data, before running a second pass that calls the TLS
extension processing code.
ok beck@ tb@
tb [Mon, 25 Mar 2024 10:16:02 +0000 (10:16 +0000)]
Clean up create_digest()
The ts code is its own kind of special. I only sent this diff out to hear
beck squeal. This diff doesn't actually fix anything, apart from (maybe)
appeasing some obscure static analyzer. It is decidedly less bad than a
similar change in openssl's issue tracker.
ok beck
beck [Mon, 25 Mar 2024 07:02:22 +0000 (07:02 +0000)]
Fix time conversion that broke regress.
ok tb@
joshua [Mon, 25 Mar 2024 06:20:16 +0000 (06:20 +0000)]
Move custom sigctx handling out of EVP_DigestSignFinal
ok tb@
dtucker [Mon, 25 Mar 2024 06:05:42 +0000 (06:05 +0000)]
Verify string returned from local shell command.
tb [Mon, 25 Mar 2024 05:48:39 +0000 (05:48 +0000)]
Fix typo msg_types -> msg_type
from jsing
jsing [Mon, 25 Mar 2024 04:06:41 +0000 (04:06 +0000)]
Revise TLS extension regress for parse/process changes.
joshua [Mon, 25 Mar 2024 04:05:22 +0000 (04:05 +0000)]
Clean up EVP_CIPHER_CTX_{legacy_clear,cleanup} usage in evp/bio_enc.c
Additionally, this tidies up some surrounding code and replaces usage of
free with freezero and malloc with calloc.
ok tb@
tb [Mon, 25 Mar 2024 04:03:26 +0000 (04:03 +0000)]
Final tweaks in x509_trs.c for now
looked over by jsing
jsing [Mon, 25 Mar 2024 04:02:29 +0000 (04:02 +0000)]
Split TLS extension parsing from processing.
The TLS extension parsing and processing order is currently dependent on
the order of the extensions in the handshake message. This means that the
processing order (and callback order) is not under our control. Split the
parsing from the processing such that the processing (and callbacks) are
run in a defined order.
Convert ALPN to the new model - other extensions will be split into
separate parse/process in following diffs.
ok beck@ tb@
tb [Mon, 25 Mar 2024 03:57:13 +0000 (03:57 +0000)]
Kill X509_TRUST
After peeling off enough layers, the entire wacky abstraction turns out
to be nothing but dispatching from a trust_id to a trust handler and
passing the appropriate nid and the cert.
ok beck jsing
joshua [Mon, 25 Mar 2024 03:41:16 +0000 (03:41 +0000)]
Clean up EVP_MD_CTX_{legacy_clear,cleanup}() usage in x509/x509_cmp.c
ok tb@
dtucker [Mon, 25 Mar 2024 03:30:31 +0000 (03:30 +0000)]
Improve shell portability: grep -q is not portable so redirect stdout,
and use printf instead of relying on echo to do \n substitution. Reduces
diff vs Portable.
jsing [Mon, 25 Mar 2024 03:23:59 +0000 (03:23 +0000)]
Decouple TLS extension table order from tlsext_randomize_build_order()
The PSK extension must be the last extension in the client hello. This is
currently implemented by relying on the fact that it is the last extension
in the TLS extension table. Remove this dependency so that we can reorder
the table as needed.
ok tb@
tb [Mon, 25 Mar 2024 02:18:35 +0000 (02:18 +0000)]
Add back trust member of X509_TRUST that I accidentally deleted
dtucker [Mon, 25 Mar 2024 02:07:08 +0000 (02:07 +0000)]
Save error code from SSH for use inside case statement, from portable.
In some shells, "case" will reset the value of $?, so save it first.
tb [Mon, 25 Mar 2024 01:48:50 +0000 (01:48 +0000)]
Const correct the trust handlers
The certificates no longer need to be modified since we cache the
extensions up front.
ok beck
dtucker [Mon, 25 Mar 2024 01:40:47 +0000 (01:40 +0000)]
Increase timeout. Resyncs with portable where some of the test
VMs are slow enough for this to matter.
dtucker [Mon, 25 Mar 2024 01:28:29 +0000 (01:28 +0000)]
In PuTTY interop test, don't assume the PuTTY major version is 0.
Patch from cjwatson at debian.org via bz#3671.
tb [Mon, 25 Mar 2024 01:00:02 +0000 (01:00 +0000)]
Pass the nid instead of the entire trust structure
This code is so ridiculously overengineered that it is an achievement even
by early OpenSSL standards.
ok beck
tb [Mon, 25 Mar 2024 00:46:57 +0000 (00:46 +0000)]
Pull extension caching into X509_check_trust()
This way the trust handlers can stop modifying the certificates.
ok beck
beck [Mon, 25 Mar 2024 00:05:49 +0000 (00:05 +0000)]
Remove unnecessary stat() calls from by_dir
When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a deliberate TOCTOU introduced
to avoid setting an error on the error stack, when what you
really want to say is "we couldn't find a CA" and continue
merrily on your way.
As it so happens you really do not care why the load_file failed
in any of these cases, it all boils down to "I can't find the CA
or CRL". Instead we just omit the stat call, and clear the error
stack if the load_file fails. The fact that you don't have a CA or
CRL is caught later in the callers and is what you want, mimicing
the non by_dir behaviour instead of possibly some bizzaro file
system error.
Based on a similar change in Boring.
ok tb@
patrick [Sun, 24 Mar 2024 22:34:48 +0000 (22:34 +0000)]
Enable cad(4).
ok kettenis@
patrick [Sun, 24 Mar 2024 22:34:06 +0000 (22:34 +0000)]
Implement resetting the PHY via a GPIO pin, like in fec(4). This helps
enable the PHY on the Raspberry Pi 5.
ok kettenis@
millert [Sun, 24 Mar 2024 19:51:47 +0000 (19:51 +0000)]
whois: remove obsolete handle support
Contact handles have been obsolete for some time now. The "!handle"
InterNic syntax no longer works and core COCO handle queries seems
to only return empty records. OK sthen@ job@
jca [Sun, 24 Mar 2024 14:00:11 +0000 (14:00 +0000)]
Add tests for EVP_get_cipherbyname(NULL) and EVP_get_digestbyname(NULL)
Requested by and ok tb@
jca [Sun, 24 Mar 2024 13:56:35 +0000 (13:56 +0000)]
Restore EVP_get_cipherbyname(NULL)/EVP_get_digestbyname(NULL) handling
The previous implementation used the now defunct OBJ_NAME_get() which
bailed out when passed a NULL argument. Difference spotted by the
regress tests in ports/net/openvpn (regular openvpn use is fine but
openvpn --show-ciphers/--show-digests crashes).
ok tb@
beck [Sun, 24 Mar 2024 11:30:12 +0000 (11:30 +0000)]
Convert libressl to use the BoringSSL style time conversions
This gets rid of our last uses of timegm and gmtime in the
library and things that ship with it. It includes a bit
of refactoring in ocsp_cl.c to remove some obvious ugly.
ok tb@
job [Sun, 24 Mar 2024 10:53:27 +0000 (10:53 +0000)]
Sync with IANA Status Code Registry
From https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
OK sthen@ miod@
mpi [Sun, 24 Mar 2024 10:29:35 +0000 (10:29 +0000)]
Cleanup uvmpd_tune() & document global variable ownership.
- Stop calling uvmpd_tune() inside uvm_pageout(). OpenBSD currently doesn't
support adding RAM. `uvmexp.npages' is immutable after boot.
- Document that `uvmexp.freemin' and `uvmexp.freetarg' are immutable.
- Reduce the scope of the `uvm_pageq_lock' lock. It serializes accesses
to `uvmexp.active' and `uvmexp.inactive'.
ok kettenis@
tb [Sun, 24 Mar 2024 08:27:35 +0000 (08:27 +0000)]
Rename ax into aux
tb [Sun, 24 Mar 2024 08:03:29 +0000 (08:03 +0000)]
Drop redundant NULL checks around two for loops
ok beck
tb [Sun, 24 Mar 2024 06:48:03 +0000 (06:48 +0000)]
Fix namespace build
noticed/ok beck
jsg [Sun, 24 Mar 2024 06:22:18 +0000 (06:22 +0000)]
permament -> permanent
tb [Sun, 24 Mar 2024 06:15:59 +0000 (06:15 +0000)]
Remove OPENSSL_NO_* #ifdefs from evp_names.c
discussed with jsing
tb [Sun, 24 Mar 2024 06:05:41 +0000 (06:05 +0000)]
Bye bye gost, bye, bye turdiness
ok beck
jsg [Sun, 24 Mar 2024 05:50:20 +0000 (05:50 +0000)]
use LIST_FOREACH_SAFE() to avoid use after free
this can't happen in a libsa environment
found by smatch, ok jsing@
tb [Sun, 24 Mar 2024 01:24:26 +0000 (01:24 +0000)]
Rename arg1 to nid because that's what it is
"Yeah, arg1 is always such an imaginative name" ian
ok beck
tb [Sun, 24 Mar 2024 00:38:58 +0000 (00:38 +0000)]
Clamp the manifestNumber to 20 octets value
The standards contain somewhat ambiguous language as to what the largest
acceptable value for a crlNumber or manifestNumber could be, due to a
limitation to 20 octets. The question is what 20 octets specifically are
meant...
Consensus seems to have emerged that the largest value is 2^159-1 since
2^160-1 would encode to 21 octets due to a padding octet to disambiguate
ff .. ff from -7f ff .. ff (iow the top bit of the first octet is a sign
bit).
Thus, switch from 2^160 - 1 to 2^159 - 1 as an upper bound by checking
the length of the value portion of the DER encoded ASN.1 integer to be
at most 20 octets.
Thanks to Martin Hoffmann, Tom Harrison, and Ben Maddison for raising and
discussing the issue. Thanks also to the spec authors for making me waste
a few hours of my life on a single bit.
ok job
tb [Sun, 24 Mar 2024 00:35:45 +0000 (00:35 +0000)]
Drop the unused 'name' member from X509_TRUST
This used to be exposed via an accessor, but this accessor is no longer
part of the library, so nuke it.
ok beck
sthen [Sun, 24 Mar 2024 00:33:41 +0000 (00:33 +0000)]
update project-cymru url, from Robert Keizer, slightly tweaked
yasuoka [Sun, 24 Mar 2024 00:14:19 +0000 (00:14 +0000)]
Remove radius.c which is added mistakenly and under review.
yasuoka [Sun, 24 Mar 2024 00:05:01 +0000 (00:05 +0000)]
Allow zero-length identity response
ok tobhe
yasuoka [Sat, 23 Mar 2024 22:51:49 +0000 (22:51 +0000)]
In kq_del(), delete matching EV_ADD entries to prevent libevent from
passing both EV_ADD and EV_DELETE for the same fd to kevent().
ok visa
guenther [Sat, 23 Mar 2024 16:30:01 +0000 (16:30 +0000)]
readdir_r(3) was never necessary and has been deprecated by POSIX.
Document that in the manpage and stop using it internally.
ok deraadt@ millert@ jmc@
sthen [Sat, 23 Mar 2024 10:38:02 +0000 (10:38 +0000)]
Recognise Meinberg PCI510, from Maurice Janssen
sthen [Sat, 23 Mar 2024 10:36:37 +0000 (10:36 +0000)]
sync
sthen [Sat, 23 Mar 2024 10:35:50 +0000 (10:35 +0000)]
Add Meinberg PCI510, from Maurice Janssen
tb [Sat, 23 Mar 2024 06:38:01 +0000 (06:38 +0000)]
Remove unused flags and arg2 members from X509_TRUST
ok jsing
tb [Sat, 23 Mar 2024 06:37:15 +0000 (06:37 +0000)]
Remove unused flags argument from the trust handlers
The public X509_check_trust() takes a flag parameter which we must leave
in place. However, we can stop passing the flag parameter around without
ever looking at it.
ok jsing
job [Sat, 23 Mar 2024 04:18:56 +0000 (04:18 +0000)]
Expand ASN range for LACNIC
LACNIC received a new block of ASNs from IANA
https://mail.lacnic.net/pipermail/lacnog/2024-March/009690.html
OK tb@
mvs [Sat, 23 Mar 2024 01:35:57 +0000 (01:35 +0000)]
Fix main() definition.