openbsd
14 months agobtrace(8): allow empty statements in probes.
dv [Sat, 2 Sep 2023 19:28:46 +0000 (19:28 +0000)]
btrace(8): allow empty statements in probes.

Allows for probes like `BEGIN {}`, in parity with bpftrace.

Also fixes an incorrect syntax error parsing argN builtins in
subsequent probes after an empty BEGIN block.

ok mpi@

14 months agoMake sure cert_type is not 0 to prevent leak of certid->id_buf.
tobhe [Sat, 2 Sep 2023 18:36:30 +0000 (18:36 +0000)]
Make sure cert_type is not 0 to prevent leak of certid->id_buf.

Found by David Linder
ok patrick@

14 months agoRemove unneccessary id == NULL check after dereferencing it. id can never
tobhe [Sat, 2 Sep 2023 18:16:02 +0000 (18:16 +0000)]
Remove unneccessary id == NULL check after dereferencing it. id can never
be NULL here.

Found by tb@

14 months agodocument ALL_DISTFILES and ALL_PATCHFILES
espie [Sat, 2 Sep 2023 17:19:57 +0000 (17:19 +0000)]
document ALL_DISTFILES and ALL_PATCHFILES

14 months agobtrace(8): fix probe builtin in BEGIN/END.
dv [Sat, 2 Sep 2023 15:16:12 +0000 (15:16 +0000)]
btrace(8): fix probe builtin in BEGIN/END.

Resolves segfaults when using probe within BEGIN or END.

ok mpi@

14 months agoFix comment about skipped interfaces
kn [Sat, 2 Sep 2023 10:18:45 +0000 (10:18 +0000)]
Fix comment about skipped interfaces

After r1.44 "Start on DOWN interfaces" this sentence makes no sense
and just repeats the obvious conditions, so zap it.

With/OK stsp

14 months agoSetulc only does RGB colour so add Setulc1 to do non-RGB colours, GitHub
nicm [Sat, 2 Sep 2023 09:17:23 +0000 (09:17 +0000)]
Setulc only does RGB colour so add Setulc1 to do non-RGB colours, GitHub
issue 3627.

14 months agoUse a hardware based number of KDF rounds by default for passphrases
kn [Sat, 2 Sep 2023 09:14:47 +0000 (09:14 +0000)]
Use a hardware based number of KDF rounds by default for passphrases

When creating new crypto volumes with a passphrase or updating one, pick a
number of rounds that aims to take around 1s instead of just 16 (on X230 and
T14 machines, 16 rounds unlock pretty much instantly).

New default [-r auto] never decreases rounds, only explicit '-r N' can.
16 is the absolute minimum.

Motivation is to provide a saner and more modern default, especially for
fresh installations utilizing new disk encryption question.

Prodding for new default from and OK jsing on early "-r auto" installer diff
idea to to pick MAX(auto, old-rounds) from Lucas[AT sexy DOT is]
"seems acceptable to me" deraadt
Feedback kettenis sthen
OK op

14 months agoAvoid trying to remove keys if the station is not active in iwm firmware.
stsp [Sat, 2 Sep 2023 09:02:18 +0000 (09:02 +0000)]
Avoid trying to remove keys if the station is not active in iwm firmware.

Same fix as applied to iwx(4) in March. Since iwm(4) does not use a task
for key installation and removal the same race might not manifest here.
However, trying to delete a key while the station is not in firmware
is wrong in any case. And this code might get moved into a task later.

14 months agoMake iwm(4) not crash when aircrack-ng attempts to inject frames via
stsp [Sat, 2 Sep 2023 08:57:46 +0000 (08:57 +0000)]
Make iwm(4) not crash when aircrack-ng attempts to inject frames via
bpf in monitor mode.

Crash reported by brad and sthen.
I reproduced the issue to verify my fix but I did not check whether
aircrack-ng actually works with this.

14 months agoSet visited flag on last windows when linking session.
nicm [Sat, 2 Sep 2023 08:38:37 +0000 (08:38 +0000)]
Set visited flag on last windows when linking session.

14 months agoZap anon pages mappings in uvm_anon_release() instead of in the fault handler.
mpi [Sat, 2 Sep 2023 08:24:40 +0000 (08:24 +0000)]
Zap anon pages mappings in uvm_anon_release() instead of in the fault handler.

This makes all code paths deactivating or freeing anons consistent.

No objection from the usual suspects.

14 months agowhitespace
tb [Sat, 2 Sep 2023 04:55:18 +0000 (04:55 +0000)]
whitespace

14 months agoAlign EVP_PKEY_get1_RSA() with EVP_PKEY_get0_RSA()
tb [Sat, 2 Sep 2023 04:15:39 +0000 (04:15 +0000)]
Align EVP_PKEY_get1_RSA() with EVP_PKEY_get0_RSA()

14 months agoImplement drive strength tweaking for the YT8531. Needed on the v1.3b
kettenis [Fri, 1 Sep 2023 20:35:31 +0000 (20:35 +0000)]
Implement drive strength tweaking for the YT8531.  Needed on the v1.3b
variant of the visionfive2 board.

ok jsing@

14 months agoCall rtm_send() with netlock held to protect dereference of sockaddr
mvs [Fri, 1 Sep 2023 20:24:29 +0000 (20:24 +0000)]
Call rtm_send() with netlock held to protect dereference of sockaddr
structure data returned by rtable_getsource(). Netlock can't be pushed
within rtm_send() because we have paths where caller already holds it.

tested by jca

ok bluhm jca

14 months agovmd(8): ignore masks on asserts, use synchronous deasserts.
dv [Fri, 1 Sep 2023 19:42:26 +0000 (19:42 +0000)]
vmd(8): ignore masks on asserts, use synchronous deasserts.

The i8259 was considering the state of the mask register when a
device requested raising the bit in the interrupt request register.
This caused a race condition where if the virtio device asserted
the irq while it was masked in the i8259 by the vm, we'd miss the
interrupt request. The device and the pic would become out of sync
and users reported virtio block device stalls as the vioblk(4)
driver would starve, waiting for an interrupt that will never arrive.

The mask is now considered only at ack time, when finding possible
interrupts to inject. This bug was never a problem previously as
virtio devices were emulated synchronously.

Deasserts related to the vcpu reading the virtio isr register are
also made now in response to the read request instead of issued
asynchronously. This removes a subsequent race condition.

Testing from mbuhl@, stsp@, and Florian Riehm.

ok mlarkin@

14 months agoOnly compare the actual size of the UTF-8 character, not all of it.
nicm [Fri, 1 Sep 2023 18:43:54 +0000 (18:43 +0000)]
Only compare the actual size of the UTF-8 character, not all of it.

14 months agoMany improvements, almost amounting to a partial rewrite:
schwarze [Fri, 1 Sep 2023 17:28:21 +0000 (17:28 +0000)]
Many improvements, almost amounting to a partial rewrite:
* more precision what the CIPHER_CTX functions do
* more precision what an NID is
* avoid talking about RC2, use AES-256 for an example instead
* clarify that block sizes are measured in bytes
* mention additional restrictions regarding valid block sizes
* add the missing description of the *_flags(3) functions
* mention the public mask constant EVP_CIPH_MODE
* add three missing modes that can occur as return values
* add the missing entries for *_flags(3) and *_mode(3) below RETURN VALUES
* tweak various wordings for precision and conciseness

14 months agoFix EVP_PKEY_get0_RSA() for RSA-PSS
tb [Fri, 1 Sep 2023 17:12:19 +0000 (17:12 +0000)]
Fix EVP_PKEY_get0_RSA() for RSA-PSS

It currently returns NULL. This is OpenSSL 4088b926 + De Morgan.

ok jsing

14 months agoAdd missing -T to getopt string.
nicm [Fri, 1 Sep 2023 16:40:38 +0000 (16:40 +0000)]
Add missing -T to getopt string.

14 months agoUpdate with pin definitions from Linux 6.4.
kettenis [Fri, 1 Sep 2023 16:13:56 +0000 (16:13 +0000)]
Update with pin definitions from Linux 6.4.

ok patrick@

14 months agoClear combine flag when a non-UTF-8 set of characters is encountered.
nicm [Fri, 1 Sep 2023 16:01:54 +0000 (16:01 +0000)]
Clear combine flag when a non-UTF-8 set of characters is encountered.

14 months agoRewrite combined character handling to be more consistent and to support
nicm [Fri, 1 Sep 2023 14:29:11 +0000 (14:29 +0000)]
Rewrite combined character handling to be more consistent and to support
newer Unicode combined characters (which we have to "know" are combined
since they are not width zero). GitHub issue 3600.

14 months agoExpand name before looking for window with -S, GitHub issue 3670.
nicm [Fri, 1 Sep 2023 14:24:46 +0000 (14:24 +0000)]
Expand name before looking for window with -S, GitHub issue 3670.

14 months agoAdd detach-on-destroy previous and next, mostly from Alexis Hildebrandt.
nicm [Fri, 1 Sep 2023 13:48:54 +0000 (13:48 +0000)]
Add detach-on-destroy previous and next, mostly from Alexis Hildebrandt.

14 months agofix an obvious typo in the OBJ_NAME_add(3) prototype
schwarze [Fri, 1 Sep 2023 12:13:13 +0000 (12:13 +0000)]
fix an obvious typo in the OBJ_NAME_add(3) prototype

14 months agoAdd spaces for failure status
afresh1 [Thu, 31 Aug 2023 21:29:53 +0000 (21:29 +0000)]
Add spaces for failure status

14 months agosched_cpu_init: remove unnecessary NULL-checks for clockintr pointers
cheloha [Thu, 31 Aug 2023 19:29:51 +0000 (19:29 +0000)]
sched_cpu_init: remove unnecessary NULL-checks for clockintr pointers

sched_cpu_init() is only run once per cpu_info struct, so we don't
need these NULL-checks.

The NULL-checks are a vestige of clockintr_cpu_init(), which runs more
than once per CPU and uses the checks to avoid leaking clockintr handles.

Thread: https://marc.info/?l=openbsd-tech&m=169349579804340&w=2

ok claudio@

14 months agoExit fw_update(8) lock_db subprocess when parent exits
afresh1 [Thu, 31 Aug 2023 19:00:00 +0000 (19:00 +0000)]
Exit fw_update(8) lock_db subprocess when parent exits

If fw_update exits unexpectedly the package database would never unlock.

select solution from millert@

14 months agoImprove feedback from fw_update(8)
afresh1 [Thu, 31 Aug 2023 18:19:21 +0000 (18:19 +0000)]
Improve feedback from fw_update(8)

Show status as we go with spinner rather than printing only at the end.

Suggestions from deraadt@

Most of this has been in snapshots for a while

14 months agosync
tb [Thu, 31 Aug 2023 17:46:31 +0000 (17:46 +0000)]
sync

14 months agoSplit three new manual pages EVP_CIPHER_nid(3), EVP_CIPHER_CTX_ctrl(3),
schwarze [Thu, 31 Aug 2023 17:27:41 +0000 (17:27 +0000)]
Split three new manual pages EVP_CIPHER_nid(3), EVP_CIPHER_CTX_ctrl(3),
and EVP_CIPHER_CTX_set_flags(3) out of the excessively large and
unwieldy EVP_EncryptInit(3).  This causes a number of inaccuracies
and gaps to stand out, but i'm not mixing text changes or content
additions into this split.

Using very useful feedback from tb@ regarding what belongs together
and how important the various functions are.  I refrained from bothering
him with the complete patch, but he likes the general direction.

14 months agoreuse the code to exec command for VAR != cmd *and* normal target processing
espie [Thu, 31 Aug 2023 06:53:28 +0000 (06:53 +0000)]
reuse the code to exec command for VAR != cmd *and* normal target processing

okay tb@

14 months agodrm/display/dp: Fix the DP DSC Receiver cap size
jsg [Thu, 31 Aug 2023 04:43:23 +0000 (04:43 +0000)]
drm/display/dp: Fix the DP DSC Receiver cap size

From Ankit Nautiyal
3bc9b0364a8c64d1bb1757b620ea3b9104e8054b in linux-6.1.y/6.1.50
5ad1ab30ac0809d2963ddcf39ac34317a24a2f17 in mainline linux

14 months agodrm/i915/dgfx: Enable d3cold at s2idle
jsg [Thu, 31 Aug 2023 04:40:08 +0000 (04:40 +0000)]
drm/i915/dgfx: Enable d3cold at s2idle

From Anshuman Gupta
3abffee6091c5a2716963c229e192a36a9590a88 in linux-6.1.y/6.1.50
2872144aec04baa7e43ecd2a60f7f0be3aa843fd in mainline linux

14 months agodrm/i915/gt: Support aux invalidation on all engines
jsg [Thu, 31 Aug 2023 04:38:15 +0000 (04:38 +0000)]
drm/i915/gt: Support aux invalidation on all engines

From Andi Shyti
7e862cce34916458bf6af954d198cce103c1e13f in linux-6.1.y/6.1.50
6a35f22d222528e1b157c6978c9424d2f8cbe0a1 in mainline linux

14 months agodrm/i915/gt: Poll aux invalidation register bit on invalidation
jsg [Thu, 31 Aug 2023 04:36:37 +0000 (04:36 +0000)]
drm/i915/gt: Poll aux invalidation register bit on invalidation

From Jonathan Cavitt
8e3f138b96f64fde58d74f886acbfd4baca907fc in linux-6.1.y/6.1.50
0fde2f23516a00fd90dfb980b66b4665fcbfa659 in mainline linux

14 months agodrm/i915/gt: Ensure memory quiesced before invalidation
jsg [Thu, 31 Aug 2023 04:33:59 +0000 (04:33 +0000)]
drm/i915/gt: Ensure memory quiesced before invalidation

From Jonathan Cavitt
017d4404312ab94a61be218c0221cd0048a37896 in linux-6.1.y/6.1.50
78a6ccd65fa3a7cc697810db079cc4b84dff03d5 in mainline linux

14 months agodrm/i915: Add the gen12_needs_ccs_aux_inv helper
jsg [Thu, 31 Aug 2023 04:32:12 +0000 (04:32 +0000)]
drm/i915: Add the gen12_needs_ccs_aux_inv helper

From Andi Shyti
c23126f2c76a17b97520d306542cee32bb26fad8 in linux-6.1.y/6.1.50
b2f59e9026038a5bbcbc0019fa58f963138211ee in mainline linux

14 months agodrm/aperture: Remove primary argument
jsg [Thu, 31 Aug 2023 04:28:38 +0000 (04:28 +0000)]
drm/aperture: Remove primary argument

From Daniel Vetter
437e99f2a1e933348c4cedb2c7ce6f0ad81b935e in linux-6.1.y/6.1.50
62aeaeaa1b267c5149abee6b45967a5df3feed58 in mainline linux

14 months agoOn JH7110, configure the tx clock according to the selected speed if
kettenis [Wed, 30 Aug 2023 19:08:48 +0000 (19:08 +0000)]
On JH7110, configure the tx clock according to the selected speed if
necessary.

ok jsing@

14 months agoImplement a few more clocks related to the GMAC.
kettenis [Wed, 30 Aug 2023 19:07:23 +0000 (19:07 +0000)]
Implement a few more clocks related to the GMAC.

ok jsing@

14 months agocover failure on insecure passfiles
kn [Wed, 30 Aug 2023 17:40:08 +0000 (17:40 +0000)]
cover failure on insecure passfiles

14 months agoexercise [-p passfile] (this is not a keydisk)
kn [Wed, 30 Aug 2023 17:21:40 +0000 (17:21 +0000)]
exercise [-p passfile]  (this is not a keydisk)

14 months agoverify that the number of rounds does not decrease
kn [Wed, 30 Aug 2023 16:45:57 +0000 (16:45 +0000)]
verify that the number of rounds does not decrease

14 months agofix signal reporting
espie [Wed, 30 Aug 2023 12:04:09 +0000 (12:04 +0000)]
fix signal reporting

14 months agoEnsure no memory is leaked after passing NULL to ASN1_TIME_normalize()
job [Wed, 30 Aug 2023 10:13:12 +0000 (10:13 +0000)]
Ensure no memory is leaked after passing NULL to ASN1_TIME_normalize()

OK tb@

14 months agoConstify argument to entity_write_repo()
job [Wed, 30 Aug 2023 10:02:28 +0000 (10:02 +0000)]
Constify argument to entity_write_repo()

OK tb@

14 months agoFix comments
job [Wed, 30 Aug 2023 10:01:52 +0000 (10:01 +0000)]
Fix comments

OK tb@

14 months agoPreempt a running proc even if there is no other process/thread queued
claudio [Wed, 30 Aug 2023 09:02:38 +0000 (09:02 +0000)]
Preempt a running proc even if there is no other process/thread queued
on that CPU's runqueue. This way mi_switch() is invoked which is necessary
to a) signal srm that the cpu changed context b) runtime stats are updated
c) requests to stop the CPU are checked.
This should fix the issue reported by Eric Wong (e at 80x24 org) that
RLIMIT_CPU is unreliable on idle systems.
OK kettenis@ cheloha@

14 months agoAdd support for the upstream Linux device tree bindings. Support for the
kettenis [Wed, 30 Aug 2023 09:01:51 +0000 (09:01 +0000)]
Add support for the upstream Linux device tree bindings.  Support for the
preliminary bindings will be removed in a couple of weeks.

ok kevlo@, jsing@, jmatthew@

14 months agoIntroduce CTL_RES_OPNOTSUPP as possible error response for bgpctl which
claudio [Wed, 30 Aug 2023 08:16:28 +0000 (08:16 +0000)]
Introduce CTL_RES_OPNOTSUPP as possible error response for bgpctl which
can be used in -portable for features that are not available in the build.
OK tb@

14 months agoregen
kevlo [Wed, 30 Aug 2023 07:12:25 +0000 (07:12 +0000)]
regen

14 months agoAdd Phison PS5021 device id
kevlo [Wed, 30 Aug 2023 07:11:48 +0000 (07:11 +0000)]
Add Phison PS5021 device id

ok miod@, jsg@

14 months agosync
tb [Wed, 30 Aug 2023 01:00:28 +0000 (01:00 +0000)]
sync

14 months agoDocument EVP_{CIPHER,MD}_do_all{,_sorted}(3)
tb [Wed, 30 Aug 2023 00:58:57 +0000 (00:58 +0000)]
Document EVP_{CIPHER,MD}_do_all{,_sorted}(3)

The function prototypes in the SYNOPSIS don't look great, but schwarze
assures me that this is how it is supposed to be. It is rather strange
that OpenSSL chose to sprinkle OPENSSL_init_crypto() calls into these
four functions rather than two inside OBJ_NAME_do_all{,_sorted}(3).
Surely there was a good reason for that.

With input and fixes from schwarze

14 months agoFix leaks in copy_issuer()
tb [Wed, 30 Aug 2023 00:49:32 +0000 (00:49 +0000)]
Fix leaks in copy_issuer()

The stack of subject alternative names from the issuer is parsed using
X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free().
It's not worth doing complicated ownership handling when the individual
alternative names can be copied with GENERAL_NAME_dup().

Previously, ialt and its remaining members would be leaked when the call
to sk_GENERAL_NAME_push() failed halfway through.

This is only reachable via the issuer:copy x509v3.cnf(5) directive.

ok jsing

14 months agofix handling of unknown error rate in mbim signal state info
dlg [Tue, 29 Aug 2023 23:28:38 +0000 (23:28 +0000)]
fix handling of unknown error rate in mbim signal state info

from gerhard@:

> According to MBIM spec, table 10-58 (MBIM_SIGNAL_STATE_INFO) a value
> of 99 means the error rate is "Unknown or undetectable".

the code was using -99 before, but properly reports unknown/null now.

14 months agoexport mbim signal stats
dlg [Tue, 29 Aug 2023 23:26:40 +0000 (23:26 +0000)]
export mbim signal stats

tested by mbuhl@ gerhard@

14 months agoRemove p_rtime from struct proc and replace it by passing the timespec
claudio [Tue, 29 Aug 2023 16:19:34 +0000 (16:19 +0000)]
Remove p_rtime from struct proc and replace it by passing the timespec
as argument to the tuagg_locked function.

- Remove incorrect use of p_rtime in other parts of the tree. p_rtime was
almost always 0 so including it in any sum did not alter the result.
- In main() the update of time can be further simplified since at that time
only the primary cpu is running.
- Add missing nanouptime() call in cpu_hatch() for hppa
- Rename tuagg_unlocked to tuagg_locked like it is done in the rest of
  the tree.

OK cheloha@ dlg@

14 months agoEnable dwiic(4) and axppmic(4).
kettenis [Tue, 29 Aug 2023 16:04:21 +0000 (16:04 +0000)]
Enable dwiic(4) and axppmic(4).

14 months agoacme-client: drop ecdsa.h, fix spacing and a typo in error message
op [Tue, 29 Aug 2023 14:44:53 +0000 (14:44 +0000)]
acme-client: drop ecdsa.h, fix spacing and a typo in error message

While here drop EC_KEY_set_asn1_flag(OPENSSL_EC_NAMED_CURVE).
EC_KEY_new_by_curve_name() ends up calling EC_GROUP_new() which already
sets the OPENSSL_EC_NAMED_CURVE flag on the group.  (suggested by tb@)

ok tb@

14 months agoAlso support FDT now.
kettenis [Tue, 29 Aug 2023 12:11:08 +0000 (12:11 +0000)]
Also support FDT now.

14 months agoAdd FDT support for dwiic(4)
kettenis [Tue, 29 Aug 2023 12:09:40 +0000 (12:09 +0000)]
Add FDT support for dwiic(4)

14 months agoReplace last ecdh.h and ecdsa.h occurrences with ec.h
tb [Tue, 29 Aug 2023 10:07:42 +0000 (10:07 +0000)]
Replace last ecdh.h and ecdsa.h occurrences with ec.h

Except if backward compatibility with older LibreSSL and OpenSSL versions
is explicitly needed, ecdsa.h and ecdh.h should no longer be used. They
are now trivial wrappers of ec.h.

14 months agoHave #include <cstdio> when using fprintf(). This is needed if
yasuoka [Tue, 29 Aug 2023 07:54:01 +0000 (07:54 +0000)]
Have #include <cstdio> when using fprintf().  This is needed if
wchar.h stops including stdio.h.  from asou

ok tb

14 months agomake PerSourceMaxStartups first-match-wins; ok dtucker@
djm [Tue, 29 Aug 2023 02:50:10 +0000 (02:50 +0000)]
make PerSourceMaxStartups first-match-wins; ok dtucker@

14 months agobtrace(8): prohibit use of argN builtins in BEGIN/END.
dv [Mon, 28 Aug 2023 21:23:46 +0000 (21:23 +0000)]
btrace(8): prohibit use of argN builtins in BEGIN/END.

The argN builtins are undefined for BEGIN and END special probes.
Similar to bpftrace, produce an error from the parser.

Adds a regress test, as well.

ok mpi@

14 months agoIntroduce reference counting for TCP syn cache entries.
bluhm [Mon, 28 Aug 2023 14:50:01 +0000 (14:50 +0000)]
Introduce reference counting for TCP syn cache entries.

The syn_cache_reaper() is a hack to serialize timeouts.  Unfortunately
it has a race and panics sometimes with pool_do_get: syncache free
list modified.  Add a reference counter for timeout and list of syn
cache entries.  Currently list refcout is not strictly necessary
due to exclusive netlock, but will be needed when we continue
unlocking.

Checking timeout_initialized() is not MP friendly, better do proper
initialization during object allocation.  Refcount in btrace helps
to find leaks.

bug reported and fix tested by Peter J. Philipp
OK claudio@

14 months agodescriptive text shouldn't be under .Cm
djm [Mon, 28 Aug 2023 09:52:09 +0000 (09:52 +0000)]
descriptive text shouldn't be under .Cm

14 months agolimit artificial login delay to a reasonable maximum (5s) and don't
djm [Mon, 28 Aug 2023 09:48:11 +0000 (09:48 +0000)]
limit artificial login delay to a reasonable maximum (5s) and don't
delay at all for the "none" authentication mechanism. Patch by
Dmitry Belyavskiy in bz3602 with polish/ok dtucker@

14 months agosync
tb [Mon, 28 Aug 2023 06:07:10 +0000 (06:07 +0000)]
sync

14 months agoadd spacing for punctuation when macro args;
jmc [Mon, 28 Aug 2023 05:32:28 +0000 (05:32 +0000)]
add spacing for punctuation when macro args;

14 months agosync
deraadt [Mon, 28 Aug 2023 04:09:16 +0000 (04:09 +0000)]
sync

14 months agoexplicit long long type in timing calculations (doesn't matter, since
djm [Mon, 28 Aug 2023 04:06:52 +0000 (04:06 +0000)]
explicit long long type in timing calculations (doesn't matter, since
the range is pre-clamped)

14 months agoAdd keystroke timing obfuscation to the client.
djm [Mon, 28 Aug 2023 03:31:16 +0000 (03:31 +0000)]
Add keystroke timing obfuscation to the client.

This attempts to hide inter-keystroke timings by sending interactive
traffic at fixed intervals (default: every 20ms) when there is only a
small amount of data being sent. It also sends fake "chaff" keystrokes
for a random interval after the last real keystroke. These are
controlled by a new ssh_config ObscureKeystrokeTiming keyword/

feedback/ok markus@

14 months agoIntroduce a transport-level ping facility
djm [Mon, 28 Aug 2023 03:28:43 +0000 (03:28 +0000)]
Introduce a transport-level ping facility

This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG
to implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "ping@openssh.com"
ext-info message with a string version number of "0".

ok markus@

14 months agosync
tb [Sun, 27 Aug 2023 16:09:41 +0000 (16:09 +0000)]
sync

14 months agoMove the weak SHA-1 and MD5 hashes out of EVP_DigestInit(3)
schwarze [Sun, 27 Aug 2023 15:33:08 +0000 (15:33 +0000)]
Move the weak SHA-1 and MD5 hashes out of EVP_DigestInit(3)
into a new EVP_sha1(3) manual page, and also mention EVP_md4(3) there.
Using input from tb@ and jsing@, who like the general direction.

14 months agodocument the return value of EVP_PKEY_asn1_find(3) and
schwarze [Sun, 27 Aug 2023 13:23:12 +0000 (13:23 +0000)]
document the return value of EVP_PKEY_asn1_find(3) and
the "len" argument and the return value of EVP_PKEY_asn1_find_str(3)

14 months agoEVP_PKEY_set_type_str(3) is now documented, so switch from .Fn to .Xr
schwarze [Sun, 27 Aug 2023 13:15:29 +0000 (13:15 +0000)]
EVP_PKEY_set_type_str(3) is now documented, so switch from .Fn to .Xr

14 months agodocument EVP_PKEY_set_type_str(3)
schwarze [Sun, 27 Aug 2023 13:08:15 +0000 (13:08 +0000)]
document EVP_PKEY_set_type_str(3)

14 months agoclockintr: add clockqueue_intrclock_install()
cheloha [Sat, 26 Aug 2023 22:21:00 +0000 (22:21 +0000)]
clockintr: add clockqueue_intrclock_install()

At some point, clockintr_cpu_init() is going to go away.  However,
there will still need to be a way to add an intrclock to a struct
clockintr_queue.

Add a new internal interface, clockqueue_intrclock_install().  If the
given clockintr_queue does not yet have an intrclock installed, it
copies the contents of the given intrclock to the clockintr_queue's
private intrclock (cq_intrclock) and sets CQ_INTRCLOCK in cq_flags.

I'm using the verb "install" here instead of "attach" because an
intrclock is really just a vtable that we copy into the
clockintr_queue.  The original intrclock is in no way "bound" or
"affixed" to a particular clockintr_queue: it's more akin to a stamp
that can be reused to initialize any number of individual
clockintr_queue structs.

14 months agoadd the missing information that and how flags can be combined,
schwarze [Sat, 26 Aug 2023 15:14:28 +0000 (15:14 +0000)]
add the missing information that and how flags can be combined,
and add the missing link to evp(3)

14 months agoWrite documentation for EVP_CIPHER_CTX_buf_noconst(3) from scratch.
schwarze [Sat, 26 Aug 2023 15:12:04 +0000 (15:12 +0000)]
Write documentation for EVP_CIPHER_CTX_buf_noconst(3) from scratch.
Put it here rather than into EVP_EncryptInit(3) because similar to
EVP_CIPHER_CTX_get_cipher_data(3), application software should not
use it.  These functions will likely not be needed except by people
implementing custom encryption algorithms.

14 months agowrite documentation for EVP_CIPHER_CTX_copy(3)
schwarze [Sat, 26 Aug 2023 15:01:56 +0000 (15:01 +0000)]
write documentation for EVP_CIPHER_CTX_copy(3)
and EVP_CIPHER_CTX_encrypting(3) from scratch

14 months agoword fix in comment; from crystal kolipe
jmc [Sat, 26 Aug 2023 15:01:00 +0000 (15:01 +0000)]
word fix in comment; from crystal kolipe

14 months agoumb can use p2p_input as an if_input handler.
dlg [Sat, 26 Aug 2023 11:33:46 +0000 (11:33 +0000)]
umb can use p2p_input as an if_input handler.

umb(4) is a hardware p2p driver, it just has ip coming in, so we can do
the same thing we do for the address family and input processing as
other p2p interfaces.

the short packet check that umb_input does is already done by the ip
stacks, so we're not losing anything.

tested by gerhard@ mbuhl@
ok gerhard@

14 months agoUpdate to reflect current functionality.
visa [Sat, 26 Aug 2023 11:10:05 +0000 (11:10 +0000)]
Update to reflect current functionality.

14 months agosync
tb [Sat, 26 Aug 2023 10:32:35 +0000 (10:32 +0000)]
sync

14 months agoAdapt glxclk(4) for clockintr
visa [Sat, 26 Aug 2023 09:37:43 +0000 (09:37 +0000)]
Adapt glxclk(4) for clockintr

Make glxclk(4) functional again. The MFGPT provides the CPU core
an external clock interrupt. This interrupt enables a later change
that reduces energy usage when the system is idle. Also, the use
of the external clock fixes timekeeping when the core clock
frequency is adjusted.

14 months agofix iwx scan command such that the driver selects an SSID during bgscan
stsp [Sat, 26 Aug 2023 09:05:34 +0000 (09:05 +0000)]
fix iwx scan command such that the driver selects an SSID during bgscan

The driver was asking firmware to send probe requests during background
scans without having any SSID selected, which doesn't make sense.
With that fixed I see faster background scans that no longer display
every AP in range in debug logs, while relevant APs always show up.

This is a possible fix for fatal firmware error 0x20002806 which is
known to be related to bad scan commands and appeared with our upgrade
to the -77 firmware API. Not yet confirmed because it is difficult to
trigger this error on purpose.

Apparently this change also repairs stability issues on AX210.
I have never seen such issues first-hand and have no clue how they
might relate to this change. One plausible theory is that our bogus
bgscan command would trigger bad side-effects in firmware.

Tested:
ax200: jmc@, stsp@
ax210: Laurence Tratt, sf@

14 months agotransfering -> transferring
jsg [Sat, 26 Aug 2023 06:19:09 +0000 (06:19 +0000)]
transfering -> transferring

14 months agoRemove two unnecessary local variables
tb [Sat, 26 Aug 2023 02:59:13 +0000 (02:59 +0000)]
Remove two unnecessary local variables

14 months agoprovide some strong warnings about dlopen
deraadt [Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)]
provide some strong warnings about dlopen
ok guenther millert jmc

14 months agomake the one-line description read better
schwarze [Fri, 25 Aug 2023 18:39:04 +0000 (18:39 +0000)]
make the one-line description read better
and be more specific below RETURN VALUES;
OK tb@

14 months agoIn evp.h rev.s 1.90 and 1.97, tb@ provided EVP_CIPHER_CTX_get_cipher_data(3)
schwarze [Fri, 25 Aug 2023 18:22:41 +0000 (18:22 +0000)]
In evp.h rev.s 1.90 and 1.97, tb@ provided EVP_CIPHER_CTX_get_cipher_data(3)
and EVP_CIPHER_CTX_set_cipher_data(3).
Import the manual page from the OpenSSL 1.1 branch, which is still
under a free licence, with several improvements by me.

14 months agofix eight more instances of copy & paste glitches
schwarze [Fri, 25 Aug 2023 13:26:27 +0000 (13:26 +0000)]
fix eight more instances of copy & paste glitches

14 months agonew manual page MB_CUR_MAX(3) written from scratch;
schwarze [Fri, 25 Aug 2023 12:45:45 +0000 (12:45 +0000)]
new manual page MB_CUR_MAX(3) written from scratch;
OK guenther@ stsp@ jmc@