openbsd
23 months agoSplit eContent extration into a small helper
tb [Sat, 26 Nov 2022 12:36:19 +0000 (12:36 +0000)]
Split eContent extration into a small helper

job didn't like jumping over a bunch of code, so handle this via a small
helper. It's not as if cms_parse_validate_internal() could not do with a
bit of splitting in general.

ok job

23 months agoAdd test-geofeed.c (forgotten cvs add in previous).
tb [Sat, 26 Nov 2022 12:34:31 +0000 (12:34 +0000)]
Add test-geofeed.c (forgotten cvs add in previous).

23 months agoAdd regress for geofeed
job [Sat, 26 Nov 2022 12:09:34 +0000 (12:09 +0000)]
Add regress for geofeed

23 months agoAdd support for authenticating geofeed data CSV files in filemode
job [Sat, 26 Nov 2022 12:02:36 +0000 (12:02 +0000)]
Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

23 months agocms_lcl.h should not be part of SRCS
tb [Sat, 26 Nov 2022 11:18:49 +0000 (11:18 +0000)]
cms_lcl.h should not be part of SRCS

23 months agoEnable aplpwm(4) and pwmleds(4).
kettenis [Sat, 26 Nov 2022 09:05:32 +0000 (09:05 +0000)]
Enable aplpwm(4) and pwmleds(4).

23 months ago- in SYNOPSIS, redo the formatting for "address" and "dest address" to avoid
jmc [Sat, 26 Nov 2022 07:26:43 +0000 (07:26 +0000)]
- in SYNOPSIS, redo the formatting for "address" and "dest address" to avoid
an ugly line split on narrower terminals
- in usage(), match the output

23 months agoRemove unused battery fields.
anton [Sat, 26 Nov 2022 06:30:08 +0000 (06:30 +0000)]
Remove unused battery fields.

23 months agoShove more battery feature logic down to hidpp20_battery_get_level_status().
anton [Sat, 26 Nov 2022 06:29:50 +0000 (06:29 +0000)]
Shove more battery feature logic down to hidpp20_battery_get_level_status().
In preparation for supporting the unified battery feature.

23 months agoPave the way for checking presence of more features in
anton [Sat, 26 Nov 2022 06:29:24 +0000 (06:29 +0000)]
Pave the way for checking presence of more features in
uhidpp_device_features().

23 months agoStop checking the link status upon receiving connect notifications as
anton [Sat, 26 Nov 2022 06:29:07 +0000 (06:29 +0000)]
Stop checking the link status upon receiving connect notifications as
the Bolt receiver uses another bit for this which I haven't been able to
identify.

23 months agoGroup function and response defines.
anton [Sat, 26 Nov 2022 06:28:50 +0000 (06:28 +0000)]
Group function and response defines.

23 months agoPass a uhidpp_device to hidpp20_battery_get_capability() and
anton [Sat, 26 Nov 2022 06:28:34 +0000 (06:28 +0000)]
Pass a uhidpp_device to hidpp20_battery_get_capability() and
hidpp20_battery_get_level_status().

23 months agoTake note of the needed feature indices already in
anton [Sat, 26 Nov 2022 06:28:08 +0000 (06:28 +0000)]
Take note of the needed feature indices already in
uhipp_device_features().

23 months agoReduce indentation, no functional change.
anton [Sat, 26 Nov 2022 06:27:48 +0000 (06:27 +0000)]
Reduce indentation, no functional change.

23 months agoStop printing the device serial number during attach, it's not that
anton [Sat, 26 Nov 2022 06:26:51 +0000 (06:26 +0000)]
Stop printing the device serial number during attach, it's not that
useful after all.

23 months agoRename type argument to buf in hidpp10_get_type(), no functional change.
anton [Sat, 26 Nov 2022 06:26:14 +0000 (06:26 +0000)]
Rename type argument to buf in hidpp10_get_type(), no functional change.

23 months agoWhile emulating the bell, wsdisplay could end up sleeping when reaching
anton [Sat, 26 Nov 2022 06:20:18 +0000 (06:20 +0000)]
While emulating the bell, wsdisplay could end up sleeping when reaching
down to wsmux. This does not work since we're in interrupt context, as
pointed out by witness.

Instead, defer the work to a task which in turn will execute in process
context.

Problem reported by beck@

ok visa@

23 months agoifconfig -M <mac> finds the address on an interface and prints it.
deraadt [Fri, 25 Nov 2022 23:09:20 +0000 (23:09 +0000)]
ifconfig -M <mac> finds the address on an interface and prints it.
cloned (virtual) interfaces are skipped, and if the MAC is on more
than 1 interface, no answer either.  The mac must be in same format
as the ifconfig lladdr output (complete lowercase with :)
idea from florian, ok afresh1

23 months agoDisable screen backlight on Apple silicon laptops when lid is closed.
tobhe [Fri, 25 Nov 2022 20:33:11 +0000 (20:33 +0000)]
Disable screen backlight on Apple silicon laptops when lid is closed.

ok kettenis@

23 months agorevert pf.c r1.1152 again: move pf_purge out from under the kernel lock
bluhm [Fri, 25 Nov 2022 20:27:53 +0000 (20:27 +0000)]
revert pf.c r1.1152 again: move pf_purge out from under the kernel lock

Using systqmp for pf_purge creates a deadlock between pf_purge()
and ixgbe_stop() and possibly other drivers.  On systqmp pf(4) needs
netlock which the interface ioctl(2) is holding.  ix(4) waits in
sched_barrier() which is also scheduled on the systqmp task queue.

Removing the netlock from pf_purge() as a quick fix caused other
problems.

backout suggested by deraadt@

23 months agoRevert previous commit. It was not properly tested and produces splassert
kettenis [Fri, 25 Nov 2022 18:03:53 +0000 (18:03 +0000)]
Revert previous commit.  It was not properly tested and produces splassert
warnings.  Rushing to pile more stuff on top of it isn't the answer.  This
needs a rethink.

ok deraadt@

23 months agoIn bio.h rev. 1.46/1.47 (Oct/Nov 2021), tb@ provided BIO_get_init(3).
schwarze [Fri, 25 Nov 2022 17:44:01 +0000 (17:44 +0000)]
In bio.h rev. 1.46/1.47 (Oct/Nov 2021), tb@ provided BIO_get_init(3).
Document it.

23 months agoDo not crash when a tcp query is larger than the length field
bluhm [Fri, 25 Nov 2022 16:10:07 +0000 (16:10 +0000)]
Do not crash when a tcp query is larger than the length field
indicated.

Found by kn with amap.
Input bluhm.
OK deraadt, tb, otto, kn
from florian@

23 months agoRevert hunk accidentially committed in r1.248 "Clarify/typofix comments"
kn [Fri, 25 Nov 2022 15:03:24 +0000 (15:03 +0000)]
Revert hunk accidentially committed in r1.248 "Clarify/typofix comments"

23 months agoAdd ld.so linker script for mips64
visa [Fri, 25 Nov 2022 14:56:56 +0000 (14:56 +0000)]
Add ld.so linker script for mips64

Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable.  So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there.  This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.

OK deraadt@

23 months agoUnits generally help...
tb [Fri, 25 Nov 2022 09:32:10 +0000 (09:32 +0000)]
Units generally help...

23 months agoget rid of NET_LOCK in the pf purge work
dlg [Fri, 25 Nov 2022 03:45:39 +0000 (03:45 +0000)]
get rid of NET_LOCK in the pf purge work

pf purge was moved to systqmp (to get it away from KERNEL_LOCK)
which is also used as the backend for things like intr_barrier and
sched_barrier. it is common for network cards to call intr_barrier
while holding NET_LOCK, and if pf is trying to get the NET_LOCK in
the purge tasks that are now running in systqmp, it's a deadlock.
bluhm@ hit this exact issue.

sashan@ has been working to get rid of the need for NET_LOCK in pf,
so now we can remove the NET_LOCKs here rather than create a pf
specific taskq to run these tasks in.

ok sashan@ bluhm@

23 months agonvme can do 64bit dma.
dlg [Fri, 25 Nov 2022 03:20:09 +0000 (03:20 +0000)]
nvme can do 64bit dma.

ok jmatthew@

23 months agoMajor overhaul.
schwarze [Thu, 24 Nov 2022 19:06:38 +0000 (19:06 +0000)]
Major overhaul.

Remove many statements that are no longer true after tb@, in July,
massively improved the algorithms used by these functions
and also did some cleanup of the interface.  Instead, explain
many aspects that were missing.  Also use more descriptive argument
names, drop some redundancy, and improve ordering in various respects.

Feedback and enthusiastic OK from tb@.

23 months agoMark BN_options() and BN_prime_checks as obsolete;
schwarze [Thu, 24 Nov 2022 18:11:26 +0000 (18:11 +0000)]
Mark BN_options() and BN_prime_checks as obsolete;
it appears that all BN public symbols are now documented,
except those intentionally undocumented.

23 months agosycn
deraadt [Thu, 24 Nov 2022 17:44:35 +0000 (17:44 +0000)]
sycn

23 months agoMerge the second y_bit check into the first one where it belongs
tb [Thu, 24 Nov 2022 16:35:32 +0000 (16:35 +0000)]
Merge the second y_bit check into the first one where it belongs

suggested by jsing

23 months agoSimplify y_bit handling in compressed coordinates
tb [Thu, 24 Nov 2022 16:34:13 +0000 (16:34 +0000)]
Simplify y_bit handling in compressed coordinates

If y_bit is set for a zero y, something is wrong and we can error directly.
No need to run the non-trivial BN_kronecker() to check if BN_mod_sqrt()
lied or not, only to set a more specific error code.

ok jsing

23 months agoClean up EC_METHOD and EC_GROUP definitions
tb [Thu, 24 Nov 2022 16:29:09 +0000 (16:29 +0000)]
Clean up EC_METHOD and EC_GROUP definitions

Remove obvious comments, wrap long lines and general KNF cleanup. Format
and rephrase the more important comments.

Discussed with jsing

23 months agoExpose the complete set of ID registers as defined in the current version
kettenis [Thu, 24 Nov 2022 14:43:16 +0000 (14:43 +0000)]
Expose the complete set of ID registers as defined in the current version
of ARMv8/ARMv9.  Make sure we only expose the features that we know about
and support in our kernel.  This matches what Linux does.  For now, mostly
restrict ourselves to features defined in ARMv8.5 which means that we only
actually implement support for ID_AA64ISAR0_EL1, ID_AA64ISAR1_EL1,
ID_AA64PFR0_EL1 and ID_AA64PFR1_EL1.  For the other registers we simply
always return 0.

ok deraadt@

23 months agoDocument a few more ID register bits. This should add most of the stuff
kettenis [Thu, 24 Nov 2022 14:36:07 +0000 (14:36 +0000)]
Document a few more ID register bits.  This should add most of the stuff
in ARMv8.5 as far as the ISAR and PFR registers are concerned.

ok deraadt@

23 months agoDon't report unknown apic structure types if they're in the OEM reserved
jmatthew [Thu, 24 Nov 2022 04:04:39 +0000 (04:04 +0000)]
Don't report unknown apic structure types if they're in the OEM reserved
range (0x80 to 0xff).  We're not going to understand OEM specific
structures, and some machines such as the Dell R6515 have significant
numbers of them.

ok kettenis@

23 months agoChange bn_expand()/bn_wexpand() to indicate failure/success via 0/1.
jsing [Thu, 24 Nov 2022 01:30:01 +0000 (01:30 +0000)]
Change bn_expand()/bn_wexpand() to indicate failure/success via 0/1.

Currently bn_expand()/bn_wexpand() return a BIGNUM *, however none of the
callers use this (and many already treat it as a true/false value).
Change these functions to return 0 on failure and 1 on success, revising
callers that test against NULL in the process.

ok tb@

23 months agoCall bn_expand() rather than handrolling an equivalent.
jsing [Thu, 24 Nov 2022 01:24:37 +0000 (01:24 +0000)]
Call bn_expand() rather than handrolling an equivalent.

The current code manually calculates words from bits and then calls
bn_wexpand() - call bn_expand() with bits instead.

ok tb@

23 months agoRemove netlock assertion within PF_LOCK(). The netlock should be taken
mvs [Thu, 24 Nov 2022 00:04:32 +0000 (00:04 +0000)]
Remove netlock assertion within PF_LOCK(). The netlock should be taken
first, but only if both locks are taken.

ok dlg@ sashan@

23 months agopwmleds(4)
kettenis [Wed, 23 Nov 2022 23:47:05 +0000 (23:47 +0000)]
pwmleds(4)

23 months agoAdd pwmleds(4), a driver for PWM controlled LEDs.
kettenis [Wed, 23 Nov 2022 23:43:08 +0000 (23:43 +0000)]
Add pwmleds(4), a driver for PWM controlled LEDs.
For now this only implements keyboard backlight support.

ok kn@

23 months agoFix sparc64 build/run
kn [Wed, 23 Nov 2022 23:06:16 +0000 (23:06 +0000)]
Fix sparc64 build/run

constraints.c:269: warning: ISO C90 forbids mixed declarations and code

from tb

23 months agoAdd void casts since gcc 4.2.1 on sparc64 doesn't like the missing return
tb [Wed, 23 Nov 2022 22:52:25 +0000 (22:52 +0000)]
Add void casts since gcc 4.2.1 on sparc64 doesn't like the missing return
checks for BIO_reset().

23 months agoRemove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
kn [Wed, 23 Nov 2022 19:35:42 +0000 (19:35 +0000)]
Remove unused NDPRF_* defines;  dead since 2017 sys/netinet6/nd6.c r1.210

    Remove sending of router solicitations and processing of router
    advertisements from the kernel. It's handled by slaacd(8) these days.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

23 months agoRemove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
kn [Wed, 23 Nov 2022 19:35:18 +0000 (19:35 +0000)]
Remove unused struct in6_ndifreq;  dead since 2013 sys/netinet6/in6_var.h r1.37

    Remove unused code manipulating a default interface and its index
    This is a leftover from the on-link assumption behavior removal,
    which has been deprecated by RFC4861 anyway.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

23 months agoRemove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
kn [Wed, 23 Nov 2022 19:34:59 +0000 (19:34 +0000)]
Remove unused struct prf_ra;  dead since 2017 sys/netinet/icmp6.h r1.45

    Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
    With this we can also get rid of in6_prefix and in6_defrouter. They
    are meaningless, the kernel no longer tracks this information.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

23 months agoSeveral improvements required for <openssl/bn.h>:
schwarze [Wed, 23 Nov 2022 17:20:23 +0000 (17:20 +0000)]
Several improvements required for <openssl/bn.h>:
* List internal constants and types that are intentionally undocumented.
* List unused constants and types that are intentionally undocumented.
* Cope with intentionally undocumented identifiers being declared
more than once (in this case, because of #if and #else).
* Require exact matches for man -k searches (in this case,
such that BN_BITS does not match BN_BITS2).
* Handle the weird BN_ULONG, which is #define'd instead of using typedef.

23 months agoInline useless ND_IFINFO() macro
kn [Wed, 23 Nov 2022 16:59:10 +0000 (16:59 +0000)]
Inline useless ND_IFINFO() macro

A single cast-free struct pointer dereference needs no indirection.
ND_IFINFO() is under _KERNEL.

OK mvs

23 months agoLet nd6_if{at,de}tach() be void and take an ifp argument
kn [Wed, 23 Nov 2022 16:57:37 +0000 (16:57 +0000)]
Let nd6_if{at,de}tach() be void and take an ifp argument

Do it like the rest of at/detach routines which modify a struct ifnet
pointer without returning anything.

OK mvs

23 months agoMake a stupid compiler on a stupid OS happy.
tb [Wed, 23 Nov 2022 15:52:43 +0000 (15:52 +0000)]
Make a stupid compiler on a stupid OS happy.

from bcook

23 months agoMake `so' dereference safe within pflow_output_process().
mvs [Wed, 23 Nov 2022 15:12:27 +0000 (15:12 +0000)]
Make `so' dereference safe within pflow_output_process().

sosend() has sleep points, so the kernel lock serialisation within
pflow_output_process() doesn't work as expected. The pflow(4) interface
associated socket `so' could be overwritten by concurrent pflowioctl()
thread.

Introduce pflow(4) interface's `sc_lock' rwlock(9) to make `so'
dereference safe. Since the solock() of udp(4) sockets uses netlock as
backend, the `sc_lock' should be taken first. This expands a little
netlock relocking within pflowioctl().

pflow_sendout_mbuf() called by pflow_output_process(), now called
without kernel lock held, so the mp safe counters_pkt(9) used instead
of manual `if_opackets' increment.

Since if_detach() does partial ifnet destruction, now it can't be called
before we finish pflow_output_process() task, otherwise we introduce use
after free for interface counters. In other hand, we need to deny
pflowioctl() to reschedule pflow_output_process() task. The `sc_dyind'
flag introduced for that.

Tested by Hrvoje Popovski.

ok bluhm@

23 months agoRemove unused struct ifnet's *if_afdata[] and struct domain's dom_if{at,de}tach()
kn [Wed, 23 Nov 2022 14:50:59 +0000 (14:50 +0000)]
Remove unused struct ifnet's *if_afdata[] and struct domain's dom_if{at,de}tach()

Both made obsolete through struct ifnet's previous *if_nd addition.

IPv6 Neighbour Discovery handles per-interface data directly, nothing
else uses this generic domain API anymore.

Outside of _KERNEL, but nothing in base uses them, either.

OK bluhm mvs claudio

23 months agoAdd *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
kn [Wed, 23 Nov 2022 14:48:27 +0000 (14:48 +0000)]
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly

*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and
free single struct nd_ifinfo.

Set up a new ND-specific *if_nd member directly to avoid yet another
layer of indirection and thus make the generic domain API obsolete.

The per-interface data is only accessed in nd6.c and nd6_nbr.c through
the ND_IFINFO() macro;  it is allocated and freed exactly once during
interface at/detach, so document it as [I]mmutable.

OK bluhm mvs claudio

23 months agoiked(8) is proposing as well
kn [Wed, 23 Nov 2022 14:22:17 +0000 (14:22 +0000)]
iked(8) is proposing as well

Since sbin/iked/vroute.c r1.13 (sep 2021):
    Add client side support for DNS configuration. Use RTM_PROPOSAL_STATIC
    route messages to propose the name server to resolvd(8).

23 months agocache ps_auxinfo inside the kernel, to avoid codedump() reading the
mbuhl [Wed, 23 Nov 2022 11:00:27 +0000 (11:00 +0000)]
cache ps_auxinfo inside the kernel, to avoid codedump() reading the
copy on userland stack which points at an illicit region.
ok kettenis, deraadt

23 months agobn_unit: appease coverity
tb [Wed, 23 Nov 2022 08:58:34 +0000 (08:58 +0000)]
bn_unit: appease coverity

Apparently, the '0' in memset(a, '0', size - 1); could be a typo for '\0'.
Randomize the decimal digit to make the intent clear.

CID 377009

23 months agoasn1_string_to_utf8 test: appease coverity
tb [Wed, 23 Nov 2022 08:51:05 +0000 (08:51 +0000)]
asn1_string_to_utf8 test: appease coverity

Check for ASN_STRING_to_UTF8() failure before checking it matches our
expectations. This should convey clearly that test->want_len is never
negative.

CID 377011

Diagnosed by jsing

23 months agoND_IFINFO() cannot be NULL, use inline read-only idiom for clarity
kn [Wed, 23 Nov 2022 08:05:49 +0000 (08:05 +0000)]
ND_IFINFO() cannot be NULL, use inline read-only idiom for clarity

ND_IFINFO() always points at a valid struct nd_ifinfo;  ND6_LLINFO_DELAY
checks for NULL, while other cases in nd6_llinfo_timer() dereference it
unconditionally.

Inline all three per-case read-only usages rather than having one hoisted
*ndi pointer which could be used to write.

nd6_nbr.c already uses this `ND_IFINFO(ifp)->retrans' idiom which makes it
immediately clear that data is only read.

OK bluhm

23 months agoNeuter getrlimit dance, it's not portable enough. Stupid Windows.
tb [Wed, 23 Nov 2022 08:01:05 +0000 (08:01 +0000)]
Neuter getrlimit dance, it's not portable enough. Stupid Windows.

23 months agoRecommit previous "Remove useless struct in6_ifextra"
kn [Wed, 23 Nov 2022 07:57:39 +0000 (07:57 +0000)]
Recommit previous "Remove useless struct in6_ifextra"

This was the right diff after all, I just confused myself between trees.

OK bluhm
---
  Remove useless struct in6_ifextra

  in6_var.h r1.75 removed all other struct members.

  Now It only contains a single struct nd_ifinfo pointer, so address family
  specific data might as well be just that.

  ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
  no other usage of if_afdata[].

  One allocation and unhelpful indirection less per interface.

  All under _KERNEL.

  OK claudio

23 months agoFix leaks in ecx_set_{priv,pub}_key()
tb [Wed, 23 Nov 2022 07:37:06 +0000 (07:37 +0000)]
Fix leaks in ecx_set_{priv,pub}_key()

When ecx_key_set_{priv,pub}() fails, ecx_key is leaked.

CID 377014

From jsing

23 months agoReverse arguments in CBS_dup()
tb [Wed, 23 Nov 2022 07:31:12 +0000 (07:31 +0000)]
Reverse arguments in CBS_dup()

We want to copy the tls_content_cbs() into the cbs, not the other way around

CID 377013

ok jsing

23 months agoFix inconsequential copy-paste error
tb [Wed, 23 Nov 2022 07:25:01 +0000 (07:25 +0000)]
Fix inconsequential copy-paste error

CID 377010

23 months agosync
deraadt [Wed, 23 Nov 2022 05:18:27 +0000 (05:18 +0000)]
sync

23 months agoUse bn_wexpand() rather than bn_expand() with sizeof(BN_ULONG).
jsing [Wed, 23 Nov 2022 03:10:10 +0000 (03:10 +0000)]
Use bn_wexpand() rather than bn_expand() with sizeof(BN_ULONG).

This also fixes a bug in BN_MONT_CTX_set(), where the sizeof(BN_ULONG) in
the call to bn_expand() was not multiplied by eight (to get bits).

ok tb@

23 months agoEnsure that bn_expand()/bn_wexpand() fail on negative sizes.
jsing [Wed, 23 Nov 2022 03:04:52 +0000 (03:04 +0000)]
Ensure that bn_expand()/bn_wexpand() fail on negative sizes.

ok tb@

23 months agoTurn bn_wexpand() into a function.
jsing [Wed, 23 Nov 2022 03:00:12 +0000 (03:00 +0000)]
Turn bn_wexpand() into a function.

Any sensible compiler will likely inline this anyway (and even if it does
not, one extra function call/return is the least of the performance
overhead for this code).

ok tb@

23 months agoMove bn_expand() under bn_expand2().
jsing [Wed, 23 Nov 2022 02:46:09 +0000 (02:46 +0000)]
Move bn_expand() under bn_expand2().

No functional change.

ok tb@

23 months agoRemove unused bn_dup_expand().
jsing [Wed, 23 Nov 2022 02:44:01 +0000 (02:44 +0000)]
Remove unused bn_dup_expand().

ok tb@

23 months agoMove #ifndef OPENSSL_NO_DEPRECATED.
jsing [Wed, 23 Nov 2022 02:20:27 +0000 (02:20 +0000)]
Move #ifndef OPENSSL_NO_DEPRECATED.

The BN_set_params()/BN_get_params() and associated unused variables are
meant to be in this block, not things like BN_new() and BN_free().

ok tb@

23 months agoRemove bn_* defines/prototypes.
jsing [Wed, 23 Nov 2022 02:13:24 +0000 (02:13 +0000)]
Remove bn_* defines/prototypes.

These now come directly via bn_lcl.h.

ok tb@

23 months agoInterface tables (a.k.a. kif) in pf(4) are currently protected
sashan [Tue, 22 Nov 2022 22:28:40 +0000 (22:28 +0000)]
Interface tables (a.k.a. kif) in pf(4) are currently protected
by NET_LOCK() only. This change makes them protected by PF_LOCK().
Having this change in tree will allow us to remove NET_LOCK()
protection from ioctl(2) code path in pf(4).

OK dlg@, kn@

23 months agoFix some whitespace and comment formatting
tb [Tue, 22 Nov 2022 21:54:01 +0000 (21:54 +0000)]
Fix some whitespace and comment formatting

23 months agoRename last OPENSSL_gmtime() to asn1_time_time_t_to_tm()
tb [Tue, 22 Nov 2022 21:23:16 +0000 (21:23 +0000)]
Rename last OPENSSL_gmtime() to asn1_time_time_t_to_tm()

This rename was done before commit, but one instance was missed since it
was hidden behind #ifdef SMALL_TIME_T.

Spotted by Android CI.

23 months agoRemove incorrect "r must not be a" comment
tb [Tue, 22 Nov 2022 20:43:43 +0000 (20:43 +0000)]
Remove incorrect "r must not be a" comment

This was fixed by Eric A. Young in "a C2Net version of SSLeay" and
committed to OpenSSL by Mark J. Cox in January 1999 (OpenSSL a0a54079).

23 months agoPlug leaks spotted by ASAN CI
tb [Tue, 22 Nov 2022 20:04:51 +0000 (20:04 +0000)]
Plug leaks spotted by ASAN CI

23 months agoBackout "Remove useless struct in6_ifextra" commit
kn [Tue, 22 Nov 2022 19:28:29 +0000 (19:28 +0000)]
Backout "Remove useless struct in6_ifextra" commit

I committed the wrong iteration of this diff, sorry for the noise.

23 months agomention what BN_ULONG is
schwarze [Tue, 22 Nov 2022 19:02:07 +0000 (19:02 +0000)]
mention what BN_ULONG is

23 months agoRemove the lie that BN_ULONG might be 16 bits wide.
schwarze [Tue, 22 Nov 2022 19:00:15 +0000 (19:00 +0000)]
Remove the lie that BN_ULONG might be 16 bits wide.

We don't install this page, but it might possibly still help developers
working on internals of the BN library, so i'm not in a hurry to cvs rm
this file.

23 months agoBetter document BN_ULONG (in the DESCRIPTION near BN_num_bits_word(3))
schwarze [Tue, 22 Nov 2022 18:55:04 +0000 (18:55 +0000)]
Better document BN_ULONG (in the DESCRIPTION near BN_num_bits_word(3))
and BN_BITS2 (below RETURN VALUES).

While here, perform major reordering and rewriting
for precision and readability, in particular:
- Avoid misleading wordings like "size of a BIGNUM".
- Drop the trivial example.
- Move the pointers to RSA_size(3) and friends to CAVEATS.
- Stop recommending 8*BN_num_bytes() in this context because it is wrong, too.

23 months agoRemove comment obsoleted by API change (and r1.3)
tb [Tue, 22 Nov 2022 17:59:31 +0000 (17:59 +0000)]
Remove comment obsoleted by API change (and r1.3)

23 months agoed25519 test: make the testvectors table const
tb [Tue, 22 Nov 2022 17:58:15 +0000 (17:58 +0000)]
ed25519 test: make the testvectors table const

23 months agoUse local variable consistently
kn [Tue, 22 Nov 2022 15:49:06 +0000 (15:49 +0000)]
Use local variable consistently

All prior lines in this function already use it, do so on the last one.

OK claudio

23 months agoRemove useless struct in6_ifextra
kn [Tue, 22 Nov 2022 14:51:01 +0000 (14:51 +0000)]
Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

23 months agoAdd missing parantheses around if block
kn [Tue, 22 Nov 2022 14:37:58 +0000 (14:37 +0000)]
Add missing parantheses around if block

Stated during review but missed in the previous commit.

23 months agosimplify makefile
anton [Tue, 22 Nov 2022 10:40:33 +0000 (10:40 +0000)]
simplify makefile

23 months agoBe more helpful and provide details on what the time conversion tests
anton [Tue, 22 Nov 2022 10:40:10 +0000 (10:40 +0000)]
Be more helpful and provide details on what the time conversion tests
need in order to run.

Also, output the expected SKIPPED string as dictated by bsd.regress.mk.

23 months agoCopy apple-boot firmware to EFI system partition. This enables automatic
tobhe [Tue, 22 Nov 2022 09:53:46 +0000 (09:53 +0000)]
Copy apple-boot firmware to EFI system partition.  This enables automatic
bootloader updates on Apple Silicon computers.  We rely on fw_update(8)
to place apple-boot.bin in /etc/firmware.  installboot(8) will pick it
up from there and copy it to $ESP/m1n1/boot.bin, if this directory
exists.  The m1n1 directory and original boot.bin are created by the
Asahi Linux installer as part of the initial UEFI environment.

The firmware package was manually tested by many.
Regress, installation and upgrade with and without apple-boot.bin tested by me.

Feedback and ok kettenis@ kn@

23 months agoTweak a printf.
tb [Tue, 22 Nov 2022 09:09:43 +0000 (09:09 +0000)]
Tweak a printf.

23 months agoAdd a unit test that crashes without bn_print.c r1.34.
tb [Tue, 22 Nov 2022 08:56:33 +0000 (08:56 +0000)]
Add a unit test that crashes without bn_print.c r1.34.

23 months agoFix segfaults in BN_dec2bn() and BN_hex2bn()
tb [Tue, 22 Nov 2022 08:46:27 +0000 (08:46 +0000)]
Fix segfaults in BN_dec2bn() and BN_hex2bn()

bn_print.c r1.29 added length checks to avoid overflowing the BIGNUM.
If these checks are hit in length-only mode, i.e., bn is NULL, the
error path dereferences bn. Change goto err to an early return to
avoid this.

ok jsing

23 months agoAllocate additional command queue slots and use command completion events
jmatthew [Tue, 22 Nov 2022 06:48:32 +0000 (06:48 +0000)]
Allocate additional command queue slots and use command completion events
to run commands where we can sleep while waiting.  Rather than actually
using it as a queue, just allocate the slots to particular uses.
The first slot is used for polled commands (anything run while cold),
then there's one for general ioctls, one for kstat reads, and one for
link operations.  Since we can sleep while waiting now, we need to serialize
access to the command slots.  This is done with rwlocks for the ioctl and
kstat slots, and link slot is only used from a single instance task.
This also means we don't need to hold the kernel lock while doing kstat
reads.

Using interrupt based command completion drops the time taken to read all
the kstats off mcx interfaces from tens of milliseconds to almost nothing,
which is a pretty big win when you're reading them every few seconds on
busy firewalls.

ok dlg@

23 months agosync
deraadt [Tue, 22 Nov 2022 04:04:17 +0000 (04:04 +0000)]
sync

23 months agocount how many times ifiqs enqueue and dequeue packets.
dlg [Tue, 22 Nov 2022 03:40:53 +0000 (03:40 +0000)]
count how many times ifiqs enqueue and dequeue packets.

network cards try to enqueue a list of packets on an ifiq once per
interrupt and ifiqs already count how many packets they're handling.
this let's us see how well interrupt mitigation is working on a
ring or interface. ifiqs are supposed to provide backpressure
signalling to a driver if it enqueues a lot more work than it's
able to process in softnet, so recording dequeues let's us see this
ratio.

23 months agosync
deraadt [Tue, 22 Nov 2022 03:28:32 +0000 (03:28 +0000)]
sync

23 months agoReplace manual loop and duplicate RB_NEXT with RB_FOREACH
kn [Mon, 21 Nov 2022 22:50:07 +0000 (22:50 +0000)]
Replace manual loop and duplicate RB_NEXT with RB_FOREACH

The loop begins with saving a pointer to the next interface, does work and
then gets the same next interface again, for nothing.

Switch to the elsewhere consistently used RB_FOREACH helper.

OK sashan

23 months agodocument BN_nist_mod_521(3) and their four siblings
schwarze [Mon, 21 Nov 2022 22:04:04 +0000 (22:04 +0000)]
document BN_nist_mod_521(3) and their four siblings

23 months agoaplpwm(4)
kettenis [Mon, 21 Nov 2022 22:01:51 +0000 (22:01 +0000)]
aplpwm(4)