kettenis [Wed, 24 Jul 2024 21:24:18 +0000 (21:24 +0000)]
If the CPU cores implement FEAT_IDST, emulate access to the CPU ID
registers from userland and set HWCAP_CPUID. This will allow detection
of features to be introduced into the architecture in the future without
allocating new HWCAP_xxx or HWCAP2_xxx bits. We provide the same
sanitized view of the CPU ID registers as is currently available through
sysctl(2).
Note that this introduces an unconditional read of ID_AA64MMFR2_EL1. This
is known to cause problems on older versions of QEMU. If this turns out
to be a problem in cases where updating QEMU is not an option, we'll have
to implement a workaround.
Also note that since we don't emulate the CPU ID registers on older core,
this means that microarchitectural optimizations keyed of reads of MIDR_EL1
are not possible on OpenBSD. I don't think that is a real problem.
ok jca@
dv [Wed, 24 Jul 2024 21:04:12 +0000 (21:04 +0000)]
vmm(4): drop checks for EPT or RVI in some functions.
vmm(4) only supports using nested paging on Intel or AMD and no
longer supports HLAT or shadow paging.
ok mlarkin@
job [Wed, 24 Jul 2024 19:28:37 +0000 (19:28 +0000)]
Add 5f00::/16 segment routing SRv6 SIDs prefix to example bogon list
"In SRv6, SR source nodes initiate packets with a segment identifier in
the Destination Address of the IPv6 header, and SR segment endpoint
nodes process a local segment present in the Destination Address of an
IPv6 header."
https://www.iana.org/assignments/iana-ipv6-special-registry/
https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids
OK phessler@
job [Wed, 24 Jul 2024 18:56:57 +0000 (18:56 +0000)]
3fff::/20 has been set aside as an additional documentation prefix
Per https://www.iana.org/assignments/iana-ipv6-special-registry/
and https://datatracker.ietf.org/doc/html/draft-ietf-v6ops-rfc3849-update
OK phessler@ claudio@
claudio [Wed, 24 Jul 2024 15:31:08 +0000 (15:31 +0000)]
KASSERT that the ps_single proc has P_SUSPSINGLE cleared.
Requested by kettenis@ and guenther@
claudio [Wed, 24 Jul 2024 15:30:17 +0000 (15:30 +0000)]
Remove the (pr->ps_single->p_flag & P_SUSPSINGLE) == 0 check since it
is always true. Also consitently wrap all flag checks into parantheses.
OK kettenis@ guenther@
claudio [Wed, 24 Jul 2024 13:37:05 +0000 (13:37 +0000)]
Use a different mutex to protect the kqueue klist in logsoftc.
knote_locked() will call wakeup() and with it the SCHED_LOCK and by that
makes log_mtx no longer a leaf lock. By using an own lock for the klist
we can keep log_mtx a leaf lock and with that printf(9) can be used in
most contexts again.
OK mvs@
mpi [Wed, 24 Jul 2024 12:18:10 +0000 (12:18 +0000)]
Remove workaround for lock ordering issue in uvm_pseg_get().
Now that uvm_unmap_detach() no longer grab the KERNEL_LOCK() it should be
safe to call it with the `uvm_pseg_lck' mutex held via uvm_km_valloc_try().
ok jca@, claudio@
mpi [Wed, 24 Jul 2024 12:17:31 +0000 (12:17 +0000)]
Move uvm_exit() outside of the KERNEL_LOCK() in the reaper.
Use atomic operations to reference count VM spaces.
Tested by claudio@, bluhm@, sthen@, jca@
ok jca@, claudio@
mpi [Wed, 24 Jul 2024 12:16:21 +0000 (12:16 +0000)]
Grab the kernel lock in preparation for unlocking most of uvm_unmap_detach().
ok jca@, claudio@
mpi [Wed, 24 Jul 2024 12:15:55 +0000 (12:15 +0000)]
Remove assertion in udv_detach(), the function is already mpsafe.
ok jca@, claudio@
tb [Wed, 24 Jul 2024 08:57:58 +0000 (08:57 +0000)]
BUF_MEM_new.3: add a touch of KNF
yasuoka [Wed, 24 Jul 2024 08:27:20 +0000 (08:27 +0000)]
dd "msgauth" option for "test" command to specify whether use
Message-Authentication or not.
yasuoka [Wed, 24 Jul 2024 08:22:26 +0000 (08:22 +0000)]
Add Symbols.list and enable version script to hide some local functions.
yasuoka [Wed, 24 Jul 2024 08:19:16 +0000 (08:19 +0000)]
Place Message-Authenticator at the beginning of the attributes
as draft-ietf-radext-deprecating-radius-02 suggests.
tobhe [Tue, 23 Jul 2024 20:04:51 +0000 (20:04 +0000)]
Accept and ignore SADB_X_EXT_REPLAY and SADB_X_EXT_COUNTER payloads for
incoming SADB_ADD and SADB_UPDATE message. Since we send them as part of
the SADB_GET reply we must also accept them on SADB_ADD/UPDATE as sasyncd
will forward payloads previously received in SADB_GET. Fixes a bug where
sasync can't restore SAs because pfkey returns EINVAL.
From Rafa\xc5\x82 Ramocki
ok bluhm@
sf [Tue, 23 Jul 2024 19:14:05 +0000 (19:14 +0000)]
virtio: fix comment
jsing [Tue, 23 Jul 2024 14:42:03 +0000 (14:42 +0000)]
Revise regress for ssl3_get_cipher() changes.
jsing [Tue, 23 Jul 2024 14:40:53 +0000 (14:40 +0000)]
Remove get_cipher from SSL_METHOD.
Inline the get_cipher implementation (including the special handling
for DTLS) in ssl_cipher_collect_ciphers() (the only consumer), remove
the get_cipher member of SSL_METHOD and mop up dtls1_get_cipher().
ssl3_get_cipher() has always had a strange property of being a reverse
index, which is relied on by the cipher list ordering code, since it
currently assumes that high cipher suite values are preferable. Rather
than complicating ssl3_get_cipher() (and regress), change the iteration
order in ssl_cipher_collect_ciphers() to match what it requires. Lastly,
rename ssl3_get_cipher() to be more descriptive.
ok tb@
ratchov [Tue, 23 Jul 2024 08:59:21 +0000 (08:59 +0000)]
uaudio: Fix confusion between interface numbers and interface indexes
There is rare hardware for which the interface numbers and indexes are
not equal. Such devices couldn't attach because the driver claimed the
wrong interface.
claudio [Tue, 23 Jul 2024 08:38:02 +0000 (08:38 +0000)]
Pass curproc pointer down from sleep_finish() instead of pulling it in
again in sleep_signal_check().
OK dlg@
ratchov [Tue, 23 Jul 2024 08:36:51 +0000 (08:36 +0000)]
libsndio: Don't use poll(2) for output on the control device.
The AUDIO_MIXER_WRITE ioctl always succeeds without blocking, so no
need to use poll(2) for output. The audio(4) control device driver
doesn't implement the corresponding struct filterops anyway.
Fixes delayed level settings.
ratchov [Tue, 23 Jul 2024 06:34:03 +0000 (06:34 +0000)]
sndiod: Properly update the poll(2) event masks after i/o.
If there are no descriptors to poll for an event source, we call
the i/o handlers immediately (before poll(2) is called). As this
may generate output for other descriptors, their the poll(2) event
masks need to be updated.
kettenis [Mon, 22 Jul 2024 22:06:27 +0000 (22:06 +0000)]
Specify a priority for _libc_preinit() to make sure it runs before other
constructors (such as the constructor for libcompiler_rt).
ok guenther@
dv [Mon, 22 Jul 2024 17:55:18 +0000 (17:55 +0000)]
rpcgen(1): default to "STDIN" as input file when compiling to headers.
FreeBSD, NetBSD, and GNU all use a variation of "STDIN" as the
default input filename when compiling to header files (-h) to prevent
a NULL-pointer deference. Adopt a similar approach.
ok millert@
nicm [Mon, 22 Jul 2024 15:27:42 +0000 (15:27 +0000)]
Expand full array option values if no index is provided, GitHub issue
4051.
jsing [Mon, 22 Jul 2024 14:50:45 +0000 (14:50 +0000)]
Revise regress to match cipher suite values change.
jsing [Mon, 22 Jul 2024 14:47:15 +0000 (14:47 +0000)]
Use cipher suite values instead of IDs.
OpenSSL has had the concept of cipher IDs, which were a way of working
around overlapping cipher suite values between SSLv2 and SSLv3. Given
that we no longer have to deal with this issue, replace the use of IDs
with cipher suite values. In particular, this means that we can stop
mapping back and forth between the two, simplifying things considerably.
While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[]
table is no longer mutable, meaning that ciphers cannot be disabled at
runtime (and we have `#if 0' if we want to do it at compile time).
Clean up the comments and add/update RFC references for cipher suites.
ok tb@
jsg [Mon, 22 Jul 2024 14:03:22 +0000 (14:03 +0000)]
remove unneeded prototypes for functions in other files
jsg [Mon, 22 Jul 2024 12:05:38 +0000 (12:05 +0000)]
remove prototype with no matching function
yasuoka [Mon, 22 Jul 2024 10:00:16 +0000 (10:00 +0000)]
Fix ipcp module to use (the maximum sequence number from the db) + 1
properly.
claudio [Mon, 22 Jul 2024 09:44:37 +0000 (09:44 +0000)]
Sync with proc.h: s/PS_STOPPED/PS_STOPPING/
OK kettenis@
claudio [Mon, 22 Jul 2024 09:43:47 +0000 (09:43 +0000)]
Rename PS_STOPPED to PS_STOPPING. I want to use PS_STOPPED to indicate
that a process has been stopped so make room for that.
OK kettenis@
yasuoka [Mon, 22 Jul 2024 09:39:23 +0000 (09:39 +0000)]
Modify ipcp module to return a result for
IMSG_RADIUSD_MODULE_IPCP_DISCONNECT and radiusctl to handle the
result.
yasuoka [Mon, 22 Jul 2024 09:27:16 +0000 (09:27 +0000)]
Make some functions "static".
claudio [Mon, 22 Jul 2024 08:18:53 +0000 (08:18 +0000)]
Switch proc_finish_wait() to use the process as argument instead of its
ps_mainproc. dowait6() needs to stop using ps_mainproc and this is the
first step.
OK guenther@
bluhm [Sun, 21 Jul 2024 19:41:31 +0000 (19:41 +0000)]
For AMD SEV determine C-bit position and guest mode in locore0.
Actually determine the C-bit position if we are running as a guest
with SEV enabled. Configure pg_crypt, pg_frame and pg_lgframe
accordingly, using the physical address bit reduction provided by
cpuid.
from hshoexer@; OK mlarkin@
kettenis [Sun, 21 Jul 2024 18:57:31 +0000 (18:57 +0000)]
Populate hwcap and hwcap2 based on the sanitized values of the ID register
values and the feature bits that we recognize.
ok naddy@, jca@
jca [Sun, 21 Jul 2024 16:49:26 +0000 (16:49 +0000)]
Export basic HWCAP bits to let applications detect Altivec & VSX on powerpc64
Input from miod@ and gkoehler@, tests & ok gkoehler@
jca [Sun, 21 Jul 2024 16:46:56 +0000 (16:46 +0000)]
Export basic HWCAP bits to let applications detect Altivec on powerpc
Input from miod@ and gkoehler@, tests & ok gkoehler@
deraadt [Sun, 21 Jul 2024 16:19:25 +0000 (16:19 +0000)]
A few manual ret-cleans. Seeing as these pertain to interrupt servicing,
the stack utilization ends up near the the deep end of the stack where,
retcleans are useful. tested for a while in snaps
ok bluhm
tb [Sun, 21 Jul 2024 13:25:11 +0000 (13:25 +0000)]
asn1time: indicate which comparison function failed
extracted from a diff by Kenjiro Nakayama
fcambus [Sun, 21 Jul 2024 13:18:15 +0000 (13:18 +0000)]
Add optimized character rendering case for 6 pixels wide fonts in
rasops32_putchar().
From jon (at) elytron (dot) openbsd (dot) amsterdam.
tb [Sun, 21 Jul 2024 09:24:07 +0000 (09:24 +0000)]
Add back a .
tb [Sun, 21 Jul 2024 08:36:43 +0000 (08:36 +0000)]
Unify description of the obsolete ENGINE parameter
This uses the same language in most manuals mentioning the obsolete
ENGINE parameters. Make it clear that it is always ignored and that
NULL should be passed. Always call it engine instead of a mix of e
pe, impl, eng.
tb [Sun, 21 Jul 2024 08:25:33 +0000 (08:25 +0000)]
Drop ENGINE from EVP_PKEY_derive example
tb [Sun, 21 Jul 2024 08:10:17 +0000 (08:10 +0000)]
Garbage collect ENGINE "use" from EVP_PKEY_decrypt() example
tb [Sun, 21 Jul 2024 08:02:17 +0000 (08:02 +0000)]
Make example slightly less terrible by dropping the ENGINE "handling"
tb [Sat, 20 Jul 2024 18:37:38 +0000 (18:37 +0000)]
Fix golden numbers after beck broke it months ago
(why is it always me who gets to clean up this shit?)
mvs [Sat, 20 Jul 2024 17:26:19 +0000 (17:26 +0000)]
Unlock udp(4) somove().
Socket splicing belongs to sockets buffers. udp(4) sockets are fully
switched to fine-grained buffers locks, so use them instead of exclusive
solock().
Always schedule somove() thread to run as we do for tcp(4) case. This
brings delay to packet processing, but it is comparable wit non splicing
case where soreceive() threads are always scheduled.
So, now spliced udp(4) sockets rely on sb_lock() of `so_rcv' buffer
together with `sb_mtx' mutexes of both buffers. Shared solock() only
required around pru_send() call, so the most of somove() thread runs
simultaneously with network stack.
Also document 'sosplice' structure locking.
Feedback, tests and OK from bluhm.
jsg [Sat, 20 Jul 2024 12:34:52 +0000 (12:34 +0000)]
UVIDEO_DEBUG needs fcntl.h
reported by Peter J. Philipp
anton [Sat, 20 Jul 2024 06:54:15 +0000 (06:54 +0000)]
Fix regression introduced in previous causing HEAD requests to be
erroneously rejected as malformed.
ok chrisz@
jsing [Sat, 20 Jul 2024 04:04:23 +0000 (04:04 +0000)]
Remove cipher from SSL_SESSION.
For a long time SSL_SESSION has had both a cipher ID and a pointer to
an SSL_CIPHER (and not both are guaranteed to be populated). There is also
a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher
being used for this connection. Some code has been using the cipher from
SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE.
Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE
everywhere. If resuming from a session then we need to use the SSL_SESSION
cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that
we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE
cipher changes (this only occurs in a few places).
ok tb@
bluhm [Fri, 19 Jul 2024 16:58:31 +0000 (16:58 +0000)]
Unlock sysctl net.inet.ip.redirect and net.inet6.ip6.redirect.
Variable ip and ip6 sendredirects is only read once during packet
processing. Use atomic_load_int() to access the value in exactly
one read instruction. No memory barriers needed as there is no
correlation with other values.
Sort the ip and ip6 checks, so the difference is easier to see.
Move access to global variable to the end.
OK mvs@
bluhm [Fri, 19 Jul 2024 15:41:58 +0000 (15:41 +0000)]
Relax socket lock assertion in UDP input and send.
OK mvs@
bluhm [Fri, 19 Jul 2024 15:28:51 +0000 (15:28 +0000)]
unveil(2) /etc/gettytab.db in getty(8) to avoid possible violation.
OK deraadt@
deraadt [Fri, 19 Jul 2024 14:32:56 +0000 (14:32 +0000)]
sync
jsing [Fri, 19 Jul 2024 08:56:17 +0000 (08:56 +0000)]
Annotate issues with tls_session_secret_cb() related code.
jsing [Fri, 19 Jul 2024 08:54:31 +0000 (08:54 +0000)]
Move client ciphers from SSL_SESSION to SSL_HANDSHAKE.
SSL_SESSION has a 'ciphers' member which contains a list of ciphers
that were advertised by the client. Move this from SSL_SESSION to
SSL_HANDSHAKE and rename it to match reality.
ok tb@
djm [Fri, 19 Jul 2024 04:33:36 +0000 (04:33 +0000)]
test transfers in mux proxy mode too
chrisz [Fri, 19 Jul 2024 04:26:23 +0000 (04:26 +0000)]
Keep Content-length header in HEAD responses.
ok millert@
yasuoka [Thu, 18 Jul 2024 22:40:09 +0000 (22:40 +0000)]
Send Access-Reject when the authentication is not handled or the user
is not found.
yasuoka [Thu, 18 Jul 2024 22:18:00 +0000 (22:18 +0000)]
unveil .db is needed. Also move pledge() earlier.
kettenis [Thu, 18 Jul 2024 17:18:01 +0000 (17:18 +0000)]
Fix typos in previous commit spotted by naddy@
millert [Thu, 18 Jul 2024 15:38:57 +0000 (15:38 +0000)]
The source of a link (name1) may not be a directory.
POSIX says this is implementation-dependent; OpenBSD does not allow
it. OK guenther@
bluhm [Thu, 18 Jul 2024 14:46:28 +0000 (14:46 +0000)]
In pfattach() pass malloc type instead of flags to cpumem_malloc().
from markus@
deraadt [Thu, 18 Jul 2024 11:21:10 +0000 (11:21 +0000)]
sync
yasuoka [Thu, 18 Jul 2024 08:58:59 +0000 (08:58 +0000)]
Fix memory leaks and improve id handling of iked_radserver_req.
original diff from markus
ok tobhe
jmc [Thu, 18 Jul 2024 05:44:46 +0000 (05:44 +0000)]
remove extra punctuation; from alexander arch
yasuoka [Thu, 18 Jul 2024 02:45:31 +0000 (02:45 +0000)]
Since libcrypto is used to calc message authenticator, use libcrypto
md5 also in other places instead libc md5.
ok millert
djm [Thu, 18 Jul 2024 01:47:27 +0000 (01:47 +0000)]
mention mux proxy mode
yasuoka [Thu, 18 Jul 2024 00:28:53 +0000 (00:28 +0000)]
Add a link to radiud_file(8)
millert [Wed, 17 Jul 2024 20:57:15 +0000 (20:57 +0000)]
sed: use warn()/err() where appropriate
Use warn()/err() instead of sed's homegrown warning()/error() for
things other than parser problems. The warning()/error() functions
display the file and line number in addition to the error message.
This also removes of the COMPILE/FATAL argument to error() since
now all calls to error() are for compilation/parsing issues.
OK op@ espie@
yasuoka [Wed, 17 Jul 2024 20:50:28 +0000 (20:50 +0000)]
Add Message-Authenticator attriubte when sending Access-Request.
ok millert
tb [Wed, 17 Jul 2024 15:22:56 +0000 (15:22 +0000)]
Add RCS id
kettenis [Wed, 17 Jul 2024 15:21:59 +0000 (15:21 +0000)]
Clean up the cpi_id_aa64xxx variables at the end of autoconf such that
sysclt(2) and ID register access emulation can share the variables.
ok jca@
jsing [Wed, 17 Jul 2024 15:01:22 +0000 (15:01 +0000)]
Enable regress for SSL_CIPHER_get_handshake_digest()
Turns out this is already linked statically.
deraadt [Wed, 17 Jul 2024 14:57:59 +0000 (14:57 +0000)]
sync
jsing [Wed, 17 Jul 2024 14:51:54 +0000 (14:51 +0000)]
Rework cipher find test to also provide coverage for SSL_CIPHER_*()
claudio [Wed, 17 Jul 2024 13:29:05 +0000 (13:29 +0000)]
Be clear that RUSAGE_CHILDREN only works for terminated children that have
been waited for. If you SIG_IGN SIGCHLD or don't call any of the wait
functions then RUSAGE_CHILDREN wont report anything.
OK deraadt@ millert@
yasuoka [Wed, 17 Jul 2024 11:31:46 +0000 (11:31 +0000)]
Fix some gcc warnings
deraadt [Wed, 17 Jul 2024 11:20:24 +0000 (11:20 +0000)]
minor repairs
yasuoka [Wed, 17 Jul 2024 11:19:27 +0000 (11:19 +0000)]
Error if config parameter is unknown. This also fixes a gcc warning.
spotted by deraadt
yasuoka [Wed, 17 Jul 2024 11:13:22 +0000 (11:13 +0000)]
Document "authentication-filter".
yasuoka [Wed, 17 Jul 2024 11:05:11 +0000 (11:05 +0000)]
Decrypt "Password" attribute always before passing the packet to
modules. Also, don't assume the authenticator of the packet from the
module that has no secret is valid.
yasuoka [Wed, 17 Jul 2024 10:15:39 +0000 (10:15 +0000)]
Delete log_info() line for debug.
claudio [Wed, 17 Jul 2024 09:54:14 +0000 (09:54 +0000)]
Sync struct proc P_BITS with reality.
Remove "\027XX" (old systrace flag) and "\035SOFTDEP".
OK jsg@
yasuoka [Wed, 17 Jul 2024 08:26:19 +0000 (08:26 +0000)]
Fix indent
millert [Wed, 17 Jul 2024 03:05:19 +0000 (03:05 +0000)]
Display an error message for "sed -i" if the file is unwritable
Previously, sed would fail silently if it was unable to move the
temporary file into place. Also allow "sed -i" on symbolic link--the
link will be broken but this matches GNU sed behavior. From espie@
OK op@
jsing [Tue, 16 Jul 2024 14:38:59 +0000 (14:38 +0000)]
Update regress for removal of SSL_HANDSHAKE_MAC_DEFAULT.
jsing [Tue, 16 Jul 2024 14:38:04 +0000 (14:38 +0000)]
Clean up SSL_HANDSHAKE_MAC_DEFAULT.
The handshake MAC needs to be upgraded when TLSv1.0 and TLSv1.1
ciphersuites are used with TLSv1.2. Since we no longer support TLSv1.0
and TLSv1.1, we can simply upgrade the handshake MAC in the ciphersuite
table and remove the various defines/macros/code that existed to handle
the upgrade.
ok tb@
tb [Tue, 16 Jul 2024 10:19:38 +0000 (10:19 +0000)]
Fix .Ox for SSL_CIPHER_get_handshake_digest()
deraadt [Tue, 16 Jul 2024 08:25:47 +0000 (08:25 +0000)]
sync
miod [Tue, 16 Jul 2024 06:18:20 +0000 (06:18 +0000)]
Only perform the static_assert checks in C>=11 environment; unbreaks build
on platforms using gcc.
deraadt [Tue, 16 Jul 2024 05:01:10 +0000 (05:01 +0000)]
Fix the SIGHUP signal race. ed's "event loop" operates a getchar(); check
the hup flag before and after that call, when the buffer structures are stable
for write_file() to work. Remove the hup handling from the SPL0() macro,
because this is run in at least one place during structure instability.
The SIGINT handler, which uses siglongjmp(), is also trusting the SPL1/SPL0
dance more than it should.
ok millert
jsg [Tue, 16 Jul 2024 01:14:23 +0000 (01:14 +0000)]
match on Atom C3000
from and tested by Brendan Shanks
tb [Mon, 15 Jul 2024 18:50:42 +0000 (18:50 +0000)]
Switch the EVP_PKEY_*attr* API to LCRYPTO_UNUSED()
This would have prevented the PKCS12 oopsie.
tb [Mon, 15 Jul 2024 15:43:25 +0000 (15:43 +0000)]
Fix PKCS12_create()
This tries to copy some microsoft attributes which are not usually present
and chokes on the now disabled EVP_PKEY_*attr* API. Instead of reviving
about four layers of traps and indirection, just inline the two functions
in a way that should be more obvious.
found by anton via the ruby-openssl tests
ok jsing
mglocker [Mon, 15 Jul 2024 15:33:54 +0000 (15:33 +0000)]
Make the touchpad on the Samsung Galaxy Book4 Edge work.
ok patrick@
jsing [Mon, 15 Jul 2024 14:45:15 +0000 (14:45 +0000)]
Mop up TLS1_PRF* defines.
These have not been used for a long time, however SSL_CIPHER was not opaque
at the time, hence they had to stick around. Now that SSL_CIPHER is opaque
we can simply mop them up.
ok tb@