openbsd
17 months agoAdjust bgplgd after renaming of the invalid option in bgpctl.
claudio [Tue, 9 May 2023 14:35:45 +0000 (14:35 +0000)]
Adjust bgplgd after renaming of the invalid option in bgpctl.
This does not change the query string argument. We may do this
at a later stage.
OK tb@

17 months agoDon't return EPIPE from pipe kqfilter
visa [Tue, 9 May 2023 14:22:17 +0000 (14:22 +0000)]
Don't return EPIPE from pipe kqfilter

Proceed with the registration of an EVFILT_WRITE filter even if the
pipe's other end has been closed, instead of failing with error EPIPE.
The filter will trigger immediately. This reduces the possible outcomes
when a kevent(2) call and a close(2) call race on the different ends
of a pipe.

This fixes a failure of lang/ghc unit test as reported by gnezdo@.

OK gnezdo@ mpi@

17 months agoupdate port-modules(5) with default font type changes
sthen [Tue, 9 May 2023 13:41:54 +0000 (13:41 +0000)]
update port-modules(5) with default font type changes

17 months agoRename 'invalid' to 'disqualified' in the 'show rib' table.
claudio [Tue, 9 May 2023 13:26:27 +0000 (13:26 +0000)]
Rename 'invalid' to 'disqualified' in the 'show rib' table.

'invalid' conflicts with the 'in' keyword and the parser is not smart
enough to handle this. As a secondary benefit the term 'invalid' is
less overloaded. There are various reasons why prefixes are not eligible
in the route decision process calling them all 'invalid' is a bit harsh.

job@, tb@ and benno@ agree

17 months agoProperly handle references for nexthops and labels in filterset_copy()
claudio [Tue, 9 May 2023 13:11:19 +0000 (13:11 +0000)]
Properly handle references for nexthops and labels in filterset_copy()

Up until recently filterset_copy() was only used in the parent process
where none of those references exist but by using filterset_copy() in
the RDE to populate per-peer output filters the code needs to handle
such references. Without this rules like 'match to any set nexthop X'
will cause internal corruption on config reloads and session resets.
Bug report from Marko Cupac (marko.cupac (at) mimar.rs)
OK tb@

17 months agoInline once-used variable to sync all uvm_map_clean() callers
kn [Tue, 9 May 2023 10:35:20 +0000 (10:35 +0000)]
Inline once-used variable to sync all uvm_map_clean() callers

OK mpi

17 months agorpki-client: use partial chains in certificate validation
tb [Tue, 9 May 2023 10:34:32 +0000 (10:34 +0000)]
rpki-client: use partial chains in certificate validation

The generally rather poor quality RFC 3779 code in libcrypto also performs
abysmally. Flame graphs show that nearly 20% of the parser process is spent
in addr_contains() alone. There is room for improvement in addr_contains()
itself - the containment check for prefixes could be optimized quite a bit.
We can avoid a lot of the most expensive work for certificates with tons of
resources close to the TA by using the verifier's partial chains flag.

More precisely, in the tree of already validated certs look for the first
one that has no inherited RFC 3779 resources and use that as 'trust anchor'
for our chains via the X509_V_FLAG_PARTIAL_CHAIN flag. This way we can be
sure that a leaf's delegated resources are properly covered and at the same
time significantly shorten most paths validated.

Job's and my testing indicates that this avoids 30-50% of overhead and works
equally well with LibreSSL and OpenSSL >= 1.1. The main bottlenecks in the
parser process now appear to be SHA-2 and RSA/BIGNUM, two well-known pain
points in libcrypto.

This is based on a hint by beck and was discussed extensively with beck,
claudio and job during and after m2k23.

ok claudio job

17 months agoApparently there is no need to set the PS2 field.
kettenis [Tue, 9 May 2023 10:13:23 +0000 (10:13 +0000)]
Apparently there is no need to set the PS2 field.

ok patrick@

17 months agoMake failure mode of EVP_AEAD_CTX_new() more explicit
tb [Tue, 9 May 2023 07:19:24 +0000 (07:19 +0000)]
Make failure mode of EVP_AEAD_CTX_new() more explicit

Pointed out and ok by dlg

17 months agoAdd regress coverage for -1 modulus as well.
tb [Tue, 9 May 2023 05:39:24 +0000 (05:39 +0000)]
Add regress coverage for -1 modulus as well.

17 months agobn_exp: also special case -1 modulus
tb [Tue, 9 May 2023 05:38:11 +0000 (05:38 +0000)]
bn_exp: also special case -1 modulus

Anything taken to the power of 0 is 1, and then reduced mod 1 or mod -1 it
will be 0. If "anything" includes 0 or not is a matter of convention, but
it should not depend on the sign of the modulus...

Reported by Guido Vranken

ok jsing (who had the same diff)

17 months agoRewrite BN_bn2hex() using CBB/CBS.
jsing [Tue, 9 May 2023 05:15:55 +0000 (05:15 +0000)]
Rewrite BN_bn2hex() using CBB/CBS.

ok tb@

17 months agoRewrite BN_bn2dec() using CBB/CBS.
jsing [Tue, 9 May 2023 05:12:49 +0000 (05:12 +0000)]
Rewrite BN_bn2dec() using CBB/CBS.

ok tb@

17 months agoswitch pflogd from using a bpf read timeout to a wait timeout.
dlg [Tue, 9 May 2023 00:01:59 +0000 (00:01 +0000)]
switch pflogd from using a bpf read timeout to a wait timeout.

a bpf read timeout means every read will end after the timeout
expires. because pflogd has a half second read timeout it would sit
in a loop doing reads all the time even if there were no packets
to log.

the wait timeout means that when bpf catches a packet, it will wait
a bit for more packets to arrive before waking up the pending read.

pflogd now sits in the read syscall until packets are actually
available to log.

found by deraadt@ and ktrace
discussed with and ok sashan@

17 months agofix up some formatting in the pf_state_list comment.
dlg [Mon, 8 May 2023 23:52:36 +0000 (23:52 +0000)]
fix up some formatting in the pf_state_list comment.

17 months agoPrevent signed integer overflow
tobias [Mon, 8 May 2023 17:15:43 +0000 (17:15 +0000)]
Prevent signed integer overflow

A signed integer overflow could occur after INT_MAX bad password
attempts. Check for unlimited tries first and then increment the
counter. Also consider INT_MAX to be a valid upper limit.

ok millert@

17 months agoImprove error handling
tobias [Mon, 8 May 2023 16:11:41 +0000 (16:11 +0000)]
Improve error handling

Close pipe file descriptors if fork fails.
Also do not parse exit status of child if waitpid fails.

with input by and ok millert@

17 months agocron: bounds check the high and low bounds for in a random range.
millert [Mon, 8 May 2023 15:18:31 +0000 (15:18 +0000)]
cron: bounds check the high and low bounds for in a random range.
The bounds are checked for normal ranges in set_element() but in
the case of random ranges this is too late.  As a result, a random
range with an invalid high/low bounds would only result in a syntax
error if the randomized value was out of bounds.  This means the
entry would be "randomly" rejected by cron or crontab.  OK kn@

17 months agoRename the other_ctx in X509_STORE_CTX into trusted
tb [Mon, 8 May 2023 14:51:00 +0000 (14:51 +0000)]
Rename the other_ctx in X509_STORE_CTX into trusted

The other_ctx is a strong contender for the worst name of a struct member
in OpenSSL. It's a void * member whose only purpose ever was to be set to a
STACK_OF(X509) * via X509_STORE_CTX_trusted_stack() (yes, this is obviously
a setter, why do you ask?) and then to be used by the get_issuer() callback
(which of course isn't there to find any old issuer, but only to look for
issuers among the 'trusted' certs).

Anyway, we may want to rename untrusted into intermediates and trusted into
roots later on, but for now let's match the lovely public API. While there
rename get_issuer_sk() into get_trusted_issuer() which is a more accurate
and slightly less silly name.

ok jsing

18 months agoAdd RCS tag
tb [Mon, 8 May 2023 13:53:26 +0000 (13:53 +0000)]
Add RCS tag

18 months agoThe call to in_proto_cksum_out() is only needed before the packet
bluhm [Mon, 8 May 2023 13:22:13 +0000 (13:22 +0000)]
The call to in_proto_cksum_out() is only needed before the packet
is passed to ifp->if_output().  The fragment code has its own
checksum calculation and the other paths end in goto bad.
OK claudio@

18 months agoTo make ND6 mp-safe, the life time of struct llinfo_nd6 *ln =
bluhm [Mon, 8 May 2023 13:14:21 +0000 (13:14 +0000)]
To make ND6 mp-safe, the life time of struct llinfo_nd6 *ln =
rt->rt_llinfo has to be guaranteed.  Replace the complicated logic
in nd6_rtrequest() case RTM_ADD with what we have in ARP.  This
avoids accessing ln here.
Digging through histroy shows a lot of refactoring that makes
rt_expire handling in RTM_ADD obsolete.  Just initialize it to 0.
Cloning and local routes should never expire.  If RTF_LLINFO is
set, ln should not be NULL.  So nd6_llinfo_settimer() was not reached
in this case.
While there, remove obsolete comments and #if 0 code that never
worked.
OK kn@ claudio@

18 months agoFix a potential mem-leak in usm_decrypt().
gerhard [Mon, 8 May 2023 12:25:23 +0000 (12:25 +0000)]
Fix a potential mem-leak in usm_decrypt().

Spotted by hshoexer@
ok martijn@

18 months agoAs the nd6 mutex protects the lifetime of struct llinfo_nd6 ln,
bluhm [Mon, 8 May 2023 11:47:52 +0000 (11:47 +0000)]
As the nd6 mutex protects the lifetime of struct llinfo_nd6 ln,
nd6_mtx must be held longer in nd6_rtrequest() case RTM_RESOLVE.
OK kn@

18 months agoEnable malloc_errs test
otto [Mon, 8 May 2023 11:13:30 +0000 (11:13 +0000)]
Enable malloc_errs test

18 months agoAdd a regress test to test various malloc API and heap mismanagement
otto [Mon, 8 May 2023 11:12:44 +0000 (11:12 +0000)]
Add a regress test to test various malloc API and heap mismanagement
errors which should cause abort. A few are not enabled yet, they
will be once the corresponding diffs in malloc are committed.

18 months agoReorder struct grid_cell_entry
tb [Mon, 8 May 2023 10:03:39 +0000 (10:03 +0000)]
Reorder struct grid_cell_entry

On aarch64 with llvm 15, the new -Wunaligned-access emits noise on every
one of tmux's source files. This avoids this warning by moving a u_char
to the end of the struct. This does not change the size of the struct on
any architecture.

ok nicm

18 months agoX509_verify_cert(): Garbage collect the unused roots variable
tb [Mon, 8 May 2023 05:37:36 +0000 (05:37 +0000)]
X509_verify_cert(): Garbage collect the unused roots variable

roots was used to store the trusted stack or pull the roots out of the
X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then
this variable is effectively unused. It seems the STACK_OF(3) madness
is too complicated for -Wunused-but-set-variable to notice.

ok miod

18 months agoAvoid trailing whitespace in extension printing
tb [Mon, 8 May 2023 05:30:38 +0000 (05:30 +0000)]
Avoid trailing whitespace in extension printing

If an extension is non-critical, X509V3_extensions_print() would leave
trailing whitespace. This can be trivially avoided.

ok miod

18 months agoI preparation for TSO in software, cleanup the fragment code. Use
bluhm [Sun, 7 May 2023 16:23:23 +0000 (16:23 +0000)]
I preparation for TSO in software, cleanup the fragment code.  Use
if_output_ml() to send mbuf lists to interfaces.  This can be used
for TSO, fragments, ARP and ND6.  Rename variable fml to ml.  In
pf_route6() split the if else block.  Put the safety check (hlen +
firstlen < tlen) into ip_fragment().  It makes the code correct in
case the packet is too short to be fragmented.  This should not
happen, but other functions also have this logic.
No functional change.  OK sashan@

18 months agoRecommit -Wshadow now that the warning on BIG_ENDIAN is fixed
tb [Sun, 7 May 2023 14:39:55 +0000 (14:39 +0000)]
Recommit -Wshadow now that the warning on BIG_ENDIAN is fixed

18 months agoxts128 mode: avoid two -Wshadow warnings in the BIG_ENDIAN code path.
tb [Sun, 7 May 2023 14:38:04 +0000 (14:38 +0000)]
xts128 mode: avoid two -Wshadow warnings in the BIG_ENDIAN code path.

Found by, compile tested & ok bluhm.

18 months agocron: check for garbage after the '~' in a random range.
millert [Sun, 7 May 2023 13:43:13 +0000 (13:43 +0000)]
cron: check for garbage after the '~' in a random range.
A bug in the parsing of the optional number after the '~' in a
random range prevented proper syntax checking.  OK kn@

18 months agoGPT partitions with the 'Required' attribute are not deleted by -A.
krw [Sun, 7 May 2023 13:03:03 +0000 (13:03 +0000)]
GPT partitions with the 'Required' attribute are not deleted by -A.

18 months agoBackout -Wshadow, it breaks build on powerpc64.
bluhm [Sun, 7 May 2023 12:47:48 +0000 (12:47 +0000)]
Backout -Wshadow, it breaks build on powerpc64.

18 months agoRemove net lock from DIOCOSFP{FLUSH,ADD,GET} aka. OS fingerprinting
kn [Sun, 7 May 2023 12:45:21 +0000 (12:45 +0000)]
Remove net lock from DIOCOSFP{FLUSH,ADD,GET} aka. OS fingerprinting

pf_osfp.c contains all the locking for these three ioctls, everything is
protected by the pf lock;  assert/document it and inline acess to the global
list to eliminate useless function variables.

OK bluhm sashan

18 months agoRemove a misplaced empty line
tb [Sun, 7 May 2023 07:11:50 +0000 (07:11 +0000)]
Remove a misplaced empty line

18 months agoSupport random offsets when using ranges with a step value in cron.
millert [Sat, 6 May 2023 23:06:27 +0000 (23:06 +0000)]
Support random offsets when using ranges with a step value in cron.
This extends the random range syntax to support step values.  Instead
of choosing a random number between the high and low values, the
field is treated as a range with a random offset less than the step
value.  This can be used to avoid thundering herd problems where
multiple machines contact a server all at the same time via cron jobs.

The syntax is similar to the existing range/step syntax but uses a
random range.  For example, instead of "0-59/10" in the minutes
field, "0~59/10" can be used to run a command every 10 minutes where
the first command starts at a random offset in the range [0,9].
The high and low numbers are optional, "~/10" can be used instead.

Requested by job@, OK phessler@

18 months agoRegen cert.pem
tb [Sat, 6 May 2023 17:55:38 +0000 (17:55 +0000)]
Regen cert.pem

This drops a few certs per the CA's request and TrustCor because of drama.
Certainly, a new CA, is added as well as new certs for DigiCert, SECOM and
E-Tugra. Unizeto still haven't fixed one of their certs and we still don't
want the alternative Firmaprofesional with sha1WithRSAEncryption.

ok sthen

18 months agoReplace pointless %d formatting of 0 values with
krw [Sat, 6 May 2023 15:07:02 +0000 (15:07 +0000)]
Replace pointless %d formatting of 0 values with
literal '0's.

No functional change.

18 months agoMention RTL8153D.
kevlo [Sat, 6 May 2023 08:14:26 +0000 (08:14 +0000)]
Mention RTL8153D.

18 months agoAdd support for RTL8153D.
kevlo [Sat, 6 May 2023 08:07:10 +0000 (08:07 +0000)]
Add support for RTL8153D.

The RTL8153D chipset shares many similarities with the already supported
RTL8156B chip but additionally requires a few semi-unique configurations.

Tested by weerd@
ok jmatthew@

18 months agoUse -Wshadow with clang
tb [Fri, 5 May 2023 21:23:02 +0000 (21:23 +0000)]
Use -Wshadow with clang

ok jsing (a very long time ago)

18 months agoReinstate X9.31 padding mode support in rsautl
tb [Fri, 5 May 2023 18:01:27 +0000 (18:01 +0000)]
Reinstate X9.31 padding mode support in rsautl

18 months agoFix error handling in tls_check_common_name()
tb [Fri, 5 May 2023 14:05:33 +0000 (14:05 +0000)]
Fix error handling in tls_check_common_name()

A calloc failure should be a fatal error, so make it return -1.
Also switch the default rv to -1 and distinguish error cases with
acceptable situations with goto err/goto done.

ok jsing

18 months agocrontab: move spool temp file creation to spool_mkstemp()
millert [Fri, 5 May 2023 13:50:40 +0000 (13:50 +0000)]
crontab: move spool temp file creation to spool_mkstemp()
This fixes a bug introduced in rev 1.86 where if the second seteuid()
call failed, a temporary file would be left in the spool directory.

18 months agoSalt shares the blame of the continued existence of the X9.31 padding mode
tb [Fri, 5 May 2023 12:30:40 +0000 (12:30 +0000)]
Salt shares the blame of the continued existence of the X9.31 padding mode

18 months agoReinstate documentation of RSA_X931_PADDING
tb [Fri, 5 May 2023 12:22:21 +0000 (12:22 +0000)]
Reinstate documentation of RSA_X931_PADDING

18 months agoAdd back support for RSA_X931_PADDING
tb [Fri, 5 May 2023 12:21:44 +0000 (12:21 +0000)]
Add back support for RSA_X931_PADDING

This makes the custom stalt stack work again.

Tested by robert as part of a larger diff
ok jsing

18 months agoLink rsa_x931.c to build
tb [Fri, 5 May 2023 12:20:03 +0000 (12:20 +0000)]
Link rsa_x931.c to build

18 months agoBring back the X9.31 padding helpers
tb [Fri, 5 May 2023 12:19:37 +0000 (12:19 +0000)]
Bring back the X9.31 padding helpers

Nothing should be using this anymore, except that salt decided to use
it in its home-cooked protocol, which already had its share of issues.
Hopefully the efforts to switch salt to something more reasonable and
standardized like mTLS will succeed sooner rather than later.

tested as part of a larger patch by robert
ok jsing

18 months agoPass ASPA objects in reverse since this is what aspa_add_set() expects.
claudio [Fri, 5 May 2023 10:48:16 +0000 (10:48 +0000)]
Pass ASPA objects in reverse since this is what aspa_add_set() expects.
OK tb@

18 months agoConvert K&R function definition to ansi to make clang 15 happier
tb [Fri, 5 May 2023 10:26:50 +0000 (10:26 +0000)]
Convert K&R function definition to ansi to make clang 15 happier

18 months agoSync json.c with the one from rpki-client. This adds json_do_string().
claudio [Fri, 5 May 2023 07:42:40 +0000 (07:42 +0000)]
Sync json.c with the one from rpki-client. This adds json_do_string().
Convert json_do_printf() calls using static strings or "%s" fmt over
to json_do_string() in the json output.
OK tb@

18 months agoLimit the socket buffer size to 64k for all sessions. Long time ago
claudio [Fri, 5 May 2023 07:28:08 +0000 (07:28 +0000)]
Limit the socket buffer size to 64k for all sessions. Long time ago
setting the size to 64k was increasing the size but now auto-scaling
could grow the buffer size much more. The origianl idea was that sessions
without protection had a small window size to make window attacks
harder. This problem was fixed long time ago and is no longer relevant.
Limiting the buffer size to a reasonable size ensures that not too many
updates end up queued in the TCP stack.
OK benno@ (some time ago)

18 months agoThe mbuf_queue API allows read access to integer variables which
bluhm [Fri, 5 May 2023 01:19:51 +0000 (01:19 +0000)]
The mbuf_queue API allows read access to integer variables which
another CPU may change simultaneously.  To prevent miss optimisation
by the compiler, they need the READ_ONCE() macro.  Otherwise there
could be two read operations with inconsistent values.  Writing to
integer in mq_set_maxlen() needs mutex protection.  Otherwise the
value could change within critical sections.  Again the compiler
could optimize to multiple read operations within the critical
section.  With inconsistent values, the behavior is undefined.
OK dlg@

18 months agosymbols.awk: Remove cfb dance
tb [Thu, 4 May 2023 20:15:27 +0000 (20:15 +0000)]
symbols.awk: Remove cfb dance

With e_old.c gone, we no longer need this.

18 months agoStraightforward conversion form K&R to ANSI function definitions
tb [Thu, 4 May 2023 16:08:29 +0000 (16:08 +0000)]
Straightforward conversion form K&R to ANSI function definitions

18 months agofix stupid thinko, as noticed while converting to v5.36 (later)
espie [Thu, 4 May 2023 14:02:44 +0000 (14:02 +0000)]
fix stupid thinko, as noticed while converting to v5.36 (later)

18 months agoRewrite ECParameters_dup()
tb [Thu, 4 May 2023 13:51:59 +0000 (13:51 +0000)]
Rewrite ECParameters_dup()

This should leak slightly less than the direct expansion of ASN1_dup_of().
Use freezero() since the DER could contain a private key.

ok jsing

18 months agosigh. typo
tb [Thu, 4 May 2023 13:50:14 +0000 (13:50 +0000)]
sigh. typo

18 months agoLet ecdsatest exercise ECParameters_dup() a bit
tb [Thu, 4 May 2023 13:49:29 +0000 (13:49 +0000)]
Let ecdsatest exercise ECParameters_dup() a bit

This currently leaks, which will fixed in a follow-on commit.

18 months agoRemove x9_62_test_internal()
tb [Thu, 4 May 2023 13:41:20 +0000 (13:41 +0000)]
Remove x9_62_test_internal()

This test depends on RAND_set_rand_method() allowing stupid things like
making ECDSA signatures deterministic. This was gutted a long time ago
and the function should have followed its wrappers into the attic.

18 months agoBe more economical with returning bodys in bounce messages
chrisz [Thu, 4 May 2023 12:43:44 +0000 (12:43 +0000)]
Be more economical with returning bodys in bounce messages
according to rfc3461 4.3

OK millert@

18 months agoregen
mvs [Thu, 4 May 2023 09:41:15 +0000 (09:41 +0000)]
regen

18 months agoPush kernel lock deep down to sys_sysctl(). At least network subset of
mvs [Thu, 4 May 2023 09:40:36 +0000 (09:40 +0000)]
Push kernel lock deep down to sys_sysctl(). At least network subset of
sysctl(8) MIBs relies on netlock or another locks and doesn't require
kernel lock, so unlock it. The protocols layer *_sysctl()s are left
under kernel lock and will be sequentially unlocked later.

ok bluhm@

18 months agoIntroduce a neighbor discovery mutex like ARP uses it. For now it
bluhm [Thu, 4 May 2023 06:56:56 +0000 (06:56 +0000)]
Introduce a neighbor discovery mutex like ARP uses it.  For now it
only protects nd6_list.  It does not unlock ND6 from kernel lock
yet.
OK kn@

18 months agoUse size_t instead of int in EC_POINT_point2oct()
tb [Thu, 4 May 2023 06:45:51 +0000 (06:45 +0000)]
Use size_t instead of int in EC_POINT_point2oct()

An int would be perfectly sufficient for this, but then again there would
be fewer traps.

ok jsing

18 months agoFix line wrapping
tb [Thu, 4 May 2023 05:59:38 +0000 (05:59 +0000)]
Fix line wrapping

18 months agoFix function name in doc comment
tb [Thu, 4 May 2023 05:57:18 +0000 (05:57 +0000)]
Fix function name in doc comment

18 months agoregen
kevlo [Thu, 4 May 2023 05:38:50 +0000 (05:38 +0000)]
regen

18 months agoAdd another Lenovo NVMe device id found in my ThinkPad X1 Extreme Gen 1.
kevlo [Thu, 4 May 2023 05:38:17 +0000 (05:38 +0000)]
Add another Lenovo NVMe device id found in my ThinkPad X1 Extreme Gen 1.

ok miod@

18 months agoadd virtio(4); ok (in principal) miod
jmc [Wed, 3 May 2023 22:03:17 +0000 (22:03 +0000)]
add virtio(4); ok (in principal) miod

18 months agoadd onewire(4); ok miod
jmc [Wed, 3 May 2023 21:56:13 +0000 (21:56 +0000)]
add onewire(4); ok miod

18 months agoavoid use after free
jsg [Wed, 3 May 2023 15:25:25 +0000 (15:25 +0000)]
avoid use after free
ok miod@ millert@

18 months agoImprove setenv markup
kn [Wed, 3 May 2023 14:29:57 +0000 (14:29 +0000)]
Improve setenv markup

- braces are not commands, use 'Brq'
- markup variable and value each, leave = (like mdoc(7) 'Ns' example)

18 months agoSome checks in nd6_resolve() do not require kernel lock. The analog
bluhm [Wed, 3 May 2023 11:43:31 +0000 (11:43 +0000)]
Some checks in nd6_resolve() do not require kernel lock.  The analog
code for ARP has been unlocked a while ago.
OK kn@

18 months agoRemove net lock from DIOCGETRULESET and DIOCGETRULESETS
kn [Wed, 3 May 2023 10:32:47 +0000 (10:32 +0000)]
Remove net lock from DIOCGETRULESET and DIOCGETRULESETS

Both walk the list of rulesets aka. anchors, to yield a total count and
specific anchor name, respectively.  Same access, different copy out.

pf_anchor_global are contained within pf_ioctl.c and pf_ruleset.c and
fully protected by the pf lock, as is pf_main_ruleset and its pf.c usage.

Rely on and assert for pf lock alone.  'pfctl -sr' on 60k unique rules gets
noticably faster, around 2.1s instead of 3.5s.

OK sashan

18 months agoFix a use-after-free in filemode
tb [Wed, 3 May 2023 10:22:30 +0000 (10:22 +0000)]
Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

18 months agoConvert json_do_printf() with "%s" a fmt string to json_do_string().
claudio [Wed, 3 May 2023 09:54:25 +0000 (09:54 +0000)]
Convert json_do_printf() with "%s" a fmt string to json_do_string().
OK tb@

18 months agoRevert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls
beck [Wed, 3 May 2023 08:10:23 +0000 (08:10 +0000)]
Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls
regress for the moment.  this will come back after we rethink
the failure versus not there case.

ok tb@ jsing@

18 months agoIntroduce json_do_string() a function that JSON escapes a string.
claudio [Wed, 3 May 2023 07:56:05 +0000 (07:56 +0000)]
Introduce json_do_string() a function that JSON escapes a string.

Implement json_do_printf() using json_do_string() and vasprintf().
json_do_string() only escapes the basic control chars (\b, \f, \n, \r and \t)
other control chars are considered an error. Also the forward slash is
not escaped since the JSON data is not embedded into HTML or XML.
With feedback from tb@ & millert@
OK tb@

18 months agoOn read failure just abort the rrdp request.
claudio [Wed, 3 May 2023 07:51:08 +0000 (07:51 +0000)]
On read failure just abort the rrdp request.

Before a read error would not be removed from the poll fds and trigger
constantly. RRDP_STATE_PARSE_ERROR should only be used for errors from
xml parser since then the remaining data from the socket still needs to
be consumed.
OK tb@

18 months agoBring back length check tb ok'ed and I managed to remove while
beck [Wed, 3 May 2023 07:13:18 +0000 (07:13 +0000)]
Bring back length check tb ok'ed and I managed to remove while
changing tests.

ok tb@

18 months agoFix a few KNF/whitespace issues
tb [Wed, 3 May 2023 06:30:11 +0000 (06:30 +0000)]
Fix a few KNF/whitespace issues

18 months agoSometimes the touchpad doesn't attach. Try to solve this issue be
kettenis [Tue, 2 May 2023 19:39:10 +0000 (19:39 +0000)]
Sometimes the touchpad doesn't attach.  Try to solve this issue be
reloading the firmware.

ok tobhe@

18 months agoAbsolutely astounding that custom code was written for the softraid case
deraadt [Tue, 2 May 2023 15:55:58 +0000 (15:55 +0000)]
Absolutely astounding that custom code was written for the softraid case
to require "no", instead of "n" or "no" which works at every other damn prompt
in the installer.  This seems to be an artifact of relentlessly pushing people
towards softraid by default, and I think that is a bit nasty and pushy.

18 months agoChange X509_NAME_get_index_by[NID|OBJ] to be safer.
beck [Tue, 2 May 2023 14:13:05 +0000 (14:13 +0000)]
Change X509_NAME_get_index_by[NID|OBJ] to be safer.

Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.

Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.

Instead, encode the resulting bytes as UTF-8 so it is
something like "text",

Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.

based on boringssl.

nits by dlg@
ok tb@

18 months agoMark the BIO_F_* function codes as intentionally undocumented
schwarze [Tue, 2 May 2023 13:15:05 +0000 (13:15 +0000)]
Mark the BIO_F_* function codes as intentionally undocumented
and for now, skip the the BIO_R_* reason codes.
It looks like all public symbols in the BIO library
are now documented or marked as intentionally undocumented.

18 months agofree the correct pointer. Missed in rev 1.16.
jsg [Tue, 2 May 2023 13:02:51 +0000 (13:02 +0000)]
free the correct pointer.  Missed in rev 1.16.
ok dv@

18 months agoRename P into generator
tb [Tue, 2 May 2023 13:01:57 +0000 (13:01 +0000)]
Rename P into generator

ok jsing

18 months agoRemove bogus newline in printf.
kettenis [Tue, 2 May 2023 12:32:22 +0000 (12:32 +0000)]
Remove bogus newline in printf.

ok jmatthew@

18 months agoSimplify EC_GROUP_new_by_curve_name()
tb [Tue, 2 May 2023 10:44:20 +0000 (10:44 +0000)]
Simplify EC_GROUP_new_by_curve_name()

Pull the setting of the name a.k.a. nid into ec_group_new_from_data().
This way, we can return early on finding the nid in the curve_list[].
This also avoids a silly bug where a bogus ERR_R_UNKNOWN_BUG is pushed
onto the error stack when ec_group_new_from_data() failed.

While there rework the exit path of ec_group_new_from_data() a bit.
Instead of an ok variable we can use an additional pointer to keep
track of the return value and free the EC_GROUP unconditionally.

ok jsing

18 months agoStyle tweaks for SMIME_write_PKCS7()
tb [Tue, 2 May 2023 09:56:12 +0000 (09:56 +0000)]
Style tweaks for SMIME_write_PKCS7()

Initialize the mdalgs stack at the top and test and assign for ctype_nid.
Use an empty line to separate variable declarations from the actual code
and zap an extra empty line.

ok jsing

18 months agoSwitch K&R function definition to ANSI to make clang 15 happier
tb [Tue, 2 May 2023 09:51:22 +0000 (09:51 +0000)]
Switch K&R function definition to ANSI to make clang 15 happier

18 months agoUnwrap a line
tb [Tue, 2 May 2023 09:38:33 +0000 (09:38 +0000)]
Unwrap a line

18 months agoSimplify slightly and use i2d_PKCS7_bio_stream()
tb [Tue, 2 May 2023 09:30:37 +0000 (09:30 +0000)]
Simplify slightly and use i2d_PKCS7_bio_stream()

This is a wrapper of i2d_ASN1_bio_stream() that doesn't require us to
pass in PKCS7_it.

18 months agoadd Brussels South Charleroi airport
stsp [Tue, 2 May 2023 08:48:06 +0000 (08:48 +0000)]
add Brussels South Charleroi airport

18 months agosync with userland
tb [Tue, 2 May 2023 08:05:18 +0000 (08:05 +0000)]
sync with userland

18 months agoSync with upstream
tb [Tue, 2 May 2023 08:03:54 +0000 (08:03 +0000)]
Sync with upstream

Update some links in the README, remove a duplicate word in a zlib.h doc
comment. The only code change is guarded by #if defined(_WIN32).