openbsd
23 months agoMore cleanup
tb [Sat, 3 Dec 2022 09:44:52 +0000 (09:44 +0000)]
More cleanup

Drop unnecessary loading of error strings, fix error path and consistently
print to stdout.

23 months agoRefactor and fix bn_mod_exp test
tb [Sat, 3 Dec 2022 09:37:02 +0000 (09:37 +0000)]
Refactor and fix bn_mod_exp test

The amount of copy-paste in this test led to a few bugs and it was hard to
spot them since things were done in random order. Use a different approach:
compute the result of a^b (mod m) according to BN_mod_exp_simple(), then
compare the results of all the other *_mod_exp* functions to that.

Reuse the test structure from bn_mod_exp_zero.c to loop over the list of
functions. This way we test more functions and don't forget to check some
crucial bits.

23 months agoAdd missing checks for BN_mod_exp_{non,}ct()
tb [Sat, 3 Dec 2022 08:21:38 +0000 (08:21 +0000)]
Add missing checks for BN_mod_exp_{non,}ct()

Someone added a few more functions to test, but forgot to check their
results, so if they would not do the expected thing that would only be
noticed if one of the already tested functions would break.

23 months agoFix some ancient silliness with a random byte
tb [Sat, 3 Dec 2022 08:05:52 +0000 (08:05 +0000)]
Fix some ancient silliness with a random byte

For nearly 25 years this test has attempted to generate random numbers of
bit length between 192 and 319 bits. Unfortunately, it used an unsigned
char so instead of generating numbers in the interval [-64..63] and add
them to 256, it used numbers in the intervals [0..63] and [192..255]...

23 months agoregen
jsg [Sat, 3 Dec 2022 03:05:13 +0000 (03:05 +0000)]
regen

23 months agoadd AMD family 19h model 61h (Raphael) ids
jsg [Sat, 3 Dec 2022 03:04:36 +0000 (03:04 +0000)]
add AMD family 19h model 61h (Raphael) ids
initial diff from Laurence Tratt; ok mlarkin@

23 months agodrm/i915: fix TLB invalidation for Gen12 video and compute engines
jsg [Sat, 3 Dec 2022 01:18:03 +0000 (01:18 +0000)]
drm/i915: fix TLB invalidation for Gen12 video and compute engines

From Andrzej Hajda
ee2d04f23bbb16208045c3de545c6127aaa1ed0e in linux 5.15.y/5.15.81
04aa64375f48a5d430b5550d9271f8428883e550 in mainline linux

23 months agoDrop 'perhaps a little', plus grammar and spelling nits
tb [Fri, 2 Dec 2022 22:58:56 +0000 (22:58 +0000)]
Drop 'perhaps a little', plus grammar and spelling nits

BIO_push() and BIO_pop() are misnamed. No need to gently and politely
suggest that their 'names [...] are perhaps a little misleading'.

23 months agomidicat(1): use err(3) everywhere
cheloha [Fri, 2 Dec 2022 22:36:34 +0000 (22:36 +0000)]
midicat(1): use err(3) everywhere

This is consistent with style(9) and makes the program shorter, too.

Tweaked by ratchov@.

Link: https://marc.info/?l=openbsd-tech&m=166982129428027&w=2
ok millert@ kn@ ratchov@

23 months agomidicat(1): set ifile/ofile to "stdin"/"stdout" if it is an en-dash ("-")
cheloha [Fri, 2 Dec 2022 22:29:59 +0000 (22:29 +0000)]
midicat(1): set ifile/ofile to "stdin"/"stdout" if it is an en-dash ("-")

This makes error messages a little bit more intuitive.  Instead of, e.g.:

midicat: -: No space left on device

you get:

midicat: stdout: No space left on device

Link: https://marc.info/?l=openbsd-tech&m=166982129428027&w=2
ok millert@ kn@ ratchov@

23 months agomidicat(1): add a usage() function
cheloha [Fri, 2 Dec 2022 22:21:35 +0000 (22:21 +0000)]
midicat(1): add a usage() function

Tweaked by millert@.

Link: https://marc.info/?l=openbsd-tech&m=166982129428027&w=2
ok millert@ kn@ ratchov@

23 months agoRevert bio_prev removal
tb [Fri, 2 Dec 2022 19:44:04 +0000 (19:44 +0000)]
Revert bio_prev removal

As schwarze points out, you can pop any BIO in a chain, not just the first
one (bonus points for a great name for this API).

The internal doubly linked was used to fix up the BIO chain bio was part
of when you BIO_pop() a bio that wasn't in the first position, which is
explicitly allowed in our documentation and implied by OpenSSL's.

23 months agobn_mod_exp.c: printing to stdout needs no BIO
tb [Fri, 2 Dec 2022 18:31:40 +0000 (18:31 +0000)]
bn_mod_exp.c: printing to stdout needs no BIO

23 months agobn_mod_exp: we have a BN_CTX available...
tb [Fri, 2 Dec 2022 18:24:01 +0000 (18:24 +0000)]
bn_mod_exp: we have a BN_CTX available...

Use BN_CTX_get() instead of BN_new()/BN_free().

23 months agoCheck BN_rand() and BN_mod() return values
tb [Fri, 2 Dec 2022 17:42:45 +0000 (17:42 +0000)]
Check BN_rand() and BN_mod() return values

CID 430848
CID 430849

23 months agoLink new bn_mod_exp_zero test to build
tb [Fri, 2 Dec 2022 17:34:26 +0000 (17:34 +0000)]
Link new bn_mod_exp_zero test to build

23 months agoRewrite the tests that various modular exponentiation functions
tb [Fri, 2 Dec 2022 17:33:38 +0000 (17:33 +0000)]
Rewrite the tests that various modular exponentiation functions
compute a^0 = 0 (mod 1) for all a from scratch.

23 months agoRemove constant basereachable and retrans members from struct nd_ifinfo
kn [Fri, 2 Dec 2022 15:35:35 +0000 (15:35 +0000)]
Remove constant basereachable and retrans members from struct nd_ifinfo

Both are initalised with compile-time constants and never written to.

They are part of the Neighbour Discovery machinery and only surface
through the single-user SIOCGIFINFO_IN6:
$ ndp -i lo0
basereachable=30s0ms, reachable=39s, retrans=1s0ms

These values are read-only since 2017
sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
    Remove knob and always do neighbor unreachable detection

Inline the macros (to keep meaningful names), shrink the per-interface
allocated struct nd_ifinfo to what is actually needed and inline
nd6_dad_starttimer()'s constant `msec' argument.

Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.

OK bluhm

23 months agoRemove useless variable, simplify code
kn [Fri, 2 Dec 2022 12:58:37 +0000 (12:58 +0000)]
Remove useless variable, simplify code

Using a local `duplicate' variable to defer the actual checks by a few
lines, interleaved with comments (saying the same thing but negated),
is harder to follow that neccessary.

Fold the logic and merge comments (remove the last obvious one missing
a negation) to save 20 LOC.

OK bluhm

23 months agoUnlock in6_ioctl_get() aka. SIOCGIF{DSTADDR,NETMASK,AFLAG,ALIFETIME}_IN6
kn [Fri, 2 Dec 2022 12:56:51 +0000 (12:56 +0000)]
Unlock in6_ioctl_get() aka. SIOCGIF{DSTADDR,NETMASK,AFLAG,ALIFETIME}_IN6

First the right address is picked from the net lock protected if_addrlist.
Then all ioctls just copy out the address, nothing requires the kernel lock.

SIOCGIFDSTADDR_IN6 checks the net lock protected if_flags,
SIOCGIFALIFETIME_IN6 computes lifetimes which only need the address.

This removes the last kernel lock from IPv6 read ioctls (multicast being
the untouched exception here).

Users of these ioctl(2)s are route6d(8), rad(8), slaacd(8), isakmpd(8) and
of course ifconfig(8).

OK mvs

23 months agosync
sthen [Fri, 2 Dec 2022 12:51:22 +0000 (12:51 +0000)]
sync

23 months agoDrop _C_LABEL() uses in riscv64-specific code
jca [Fri, 2 Dec 2022 12:27:08 +0000 (12:27 +0000)]
Drop _C_LABEL() uses in riscv64-specific code

_C_LABEL() was useful in the a.out->ELF transition days, way before
RISC-V was a thing.

Also drop uses of _ASM_LABEL() while here, suggested by guenther@
ok guenther@

23 months agoWhen checking if we're implied we must also check if we're working on a
martijn [Fri, 2 Dec 2022 10:57:12 +0000 (10:57 +0000)]
When checking if we're implied we must also check if we're working on a
string or an oid, else we can generate invalid OIDs.

Found by bluhm@ on powerpc64
OK bluhm@

23 months agolibcrypto/bn: switch back to manual regress targets
tb [Fri, 2 Dec 2022 08:30:54 +0000 (08:30 +0000)]
libcrypto/bn: switch back to manual regress targets

The previous change had the undesired side effect of running the super
verbose run-regress-bn_test.

23 months agoregen
jsg [Fri, 2 Dec 2022 07:30:53 +0000 (07:30 +0000)]
regen

23 months agoadd Intel Optane SSD DC P5800X
jsg [Fri, 2 Dec 2022 07:29:30 +0000 (07:29 +0000)]
add Intel Optane SSD DC P5800X
from Andreas Bartelt

23 months agomake struct sshbuf private and remove an unused field; ok dtucker
djm [Fri, 2 Dec 2022 04:40:27 +0000 (04:40 +0000)]
make struct sshbuf private and remove an unused field; ok dtucker

23 months agoregres/libssl/unit: simplify Makefile
tb [Fri, 2 Dec 2022 01:15:11 +0000 (01:15 +0000)]
regres/libssl/unit: simplify Makefile

23 months agoUse regress framework rather than handrolling it
tb [Fri, 2 Dec 2022 01:09:04 +0000 (01:09 +0000)]
Use regress framework rather than handrolling it

23 months agoUse the default targets from bsd.regress.mk as far as possible
tb [Fri, 2 Dec 2022 00:55:57 +0000 (00:55 +0000)]
Use the default targets from bsd.regress.mk as far as possible

23 months agoLet bsd.regress.mk take care of running tests
tb [Fri, 2 Dec 2022 00:47:32 +0000 (00:47 +0000)]
Let bsd.regress.mk take care of running tests

23 months agobn_add_sub: no need for a BIO to print to stderr
tb [Fri, 2 Dec 2022 00:01:06 +0000 (00:01 +0000)]
bn_add_sub: no need for a BIO to print to stderr

23 months agoUnhook exp
tb [Thu, 1 Dec 2022 23:03:40 +0000 (23:03 +0000)]
Unhook exp

23 months agoFix typo, move one .PHONY target nearer to the target itself
tb [Thu, 1 Dec 2022 22:55:40 +0000 (22:55 +0000)]
Fix typo, move one .PHONY target nearer to the target itself

23 months agozap extra blank line
tb [Thu, 1 Dec 2022 22:41:46 +0000 (22:41 +0000)]
zap extra blank line

23 months agoCheck that the bn_isqrt -C output isn't changed
tb [Thu, 1 Dec 2022 22:31:59 +0000 (22:31 +0000)]
Check that the bn_isqrt -C output isn't changed

bn_isqrt -C generates code included in lib/libcrypto/lib/bn_isqrt.c. The
regress tests already ensure that the content of the tables don't change.
Ensure further that the code generation doesn't get out of sync.

23 months agoUpdate reference to table generation
tb [Thu, 1 Dec 2022 21:59:54 +0000 (21:59 +0000)]
Update reference to table generation

23 months agoregress/libcrypto: merge exp/ into bn/
tb [Thu, 1 Dec 2022 21:21:51 +0000 (21:21 +0000)]
regress/libcrypto: merge exp/ into bn/

Move exp/exptest.c to bn/bn_mod_exp.c. This is a BN test that mostly tests
a variety of BN_mod_exp*() API behavior and correctness.

Commit stolen from jsing

23 months agoSilence this test and sprinkle some KNF
tb [Thu, 1 Dec 2022 21:13:58 +0000 (21:13 +0000)]
Silence this test and sprinkle some KNF

This test is fast enough even on very slow machines that printing dots
doesn't seem necessary.

23 months agoFlatten structure of libcrypto/bn tests
tb [Thu, 1 Dec 2022 20:50:10 +0000 (20:50 +0000)]
Flatten structure of libcrypto/bn tests

The bn tests were distributed into three subdirectories rather randomly.
It's cleaner and easier to maintain if all this is in a single directory.
Use consistent names for the .c files, unify handling of the tests with
the exception of bn_test, which is special.

Discussed with jsing

23 months agoTest prime constants exposed in public BN API
tb [Thu, 1 Dec 2022 14:32:06 +0000 (14:32 +0000)]
Test prime constants exposed in public BN API

Run the prime constants exposed in BN_get0_nist_prime_*() and
BN_get_rfc3526_prime_*() through Ballie-PSW.

23 months agoMake tests silent on success.
tb [Thu, 1 Dec 2022 13:55:22 +0000 (13:55 +0000)]
Make tests silent on success.

Also, run all x25519 tests, don't stop on first failure.

23 months agoRefrain from printing SUCCESS in some of my tests
tb [Thu, 1 Dec 2022 13:49:12 +0000 (13:49 +0000)]
Refrain from printing SUCCESS in some of my tests

Silence is good. On failure, the regress framework will make it clear.

23 months agoAlign uppercase / lowercase pattern
job [Thu, 1 Dec 2022 12:41:34 +0000 (12:41 +0000)]
Align uppercase / lowercase pattern

23 months agoRun test in current directory. Copy test files to regress obj dir
bluhm [Thu, 1 Dec 2022 12:13:59 +0000 (12:13 +0000)]
Run test in current directory.  Copy test files to regress obj dir
dynamically.  Check error code of keynote.
OK tb@

23 months agoAdjust comment for rtype_from_mftfile(). It is important that RTYPE_INVALID
claudio [Thu, 1 Dec 2022 10:24:28 +0000 (10:24 +0000)]
Adjust comment for rtype_from_mftfile(). It is important that RTYPE_INVALID
is not an error. It marks file as not handled by rpki-client and they will
be ignored after checking that the provided hash matches.
New file types should only be added once the needed code in parse_entity() is
available.
OK tb@ job@

23 months agoFix typo in variable peer_message_receive
claudio [Thu, 1 Dec 2022 09:16:43 +0000 (09:16 +0000)]
Fix typo in variable peer_message_receive
Noticed by tb@

23 months agoExtend and rename ometric_set_int_with_label to ometric_set_int_with_labels
claudio [Thu, 1 Dec 2022 09:14:40 +0000 (09:14 +0000)]
Extend and rename ometric_set_int_with_label to ometric_set_int_with_labels

Instead of passing a single key value pair allow for multiple keys and values.
This is needed for rpki-client where 2 extra key value pairs are needed for
some values. To simplify passing simple values introduce a OKV() macro
which creates a compound literal array with the NULL terminal.
OK tb@

23 months agoOops, the tweak was not correct, go with my original version.
florian [Thu, 1 Dec 2022 07:34:06 +0000 (07:34 +0000)]
Oops, the tweak was not correct, go with my original version.
Pointed out by tb.

23 months agoMake sure the length of an unknown IP option is sensible.
florian [Thu, 1 Dec 2022 07:11:17 +0000 (07:11 +0000)]
Make sure the length of an unknown IP option is sensible.

For example, an unknown option with length 0 would result in an
infinite loop.
bluhm points out that the network stack in the kernel would not let
such packets through to userland.
tweak & OK miod
OK bluhm

23 months agoMark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated
tb [Thu, 1 Dec 2022 05:33:55 +0000 (05:33 +0000)]
Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated

23 months agoAnnotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unused
tb [Thu, 1 Dec 2022 05:27:04 +0000 (05:27 +0000)]
Annotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unused

23 months agoRetire X509_V_FLAG_CB_ISSUER_CHECK
tb [Thu, 1 Dec 2022 05:20:30 +0000 (05:20 +0000)]
Retire X509_V_FLAG_CB_ISSUER_CHECK

This flag has been deprecated in OpenSSL 1.1 and has not had an effect
since. This way we can simplify the default check_issued() callback,
which helpfully has its arguments reversed compared to the public API
X509_check_issued().

ok jsing

23 months agoGetters and setters for the check_issued() callback
tb [Thu, 1 Dec 2022 05:16:08 +0000 (05:16 +0000)]
Getters and setters for the check_issued() callback

Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along
with X509_STORE_{get,set}_check_issued(). As you would expect, they all
return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const
in OpenSSL 1.1, but they now are in OpenSSL 3...

These will be made available in the next minor bump and will ship in the
stable release of LibreSSL 3.7

Part of OpenSSL commit 1060a50b
See also https://github.com/libressl-portable/portable/issues/748

ok beck jsing

23 months agoBN_one() can fail, check its return value.
jsing [Thu, 1 Dec 2022 02:58:40 +0000 (02:58 +0000)]
BN_one() can fail, check its return value.

23 months agoBN_one() can fail, check its return value.
jsing [Thu, 1 Dec 2022 02:58:31 +0000 (02:58 +0000)]
BN_one() can fail, check its return value.

ok tb@

23 months agoClean up ssh-add and ssh-agent logs.
dtucker [Thu, 1 Dec 2022 02:22:13 +0000 (02:22 +0000)]
Clean up ssh-add and ssh-agent logs.

23 months agoLog output of ssh-agent and ssh-add to make debugging easier.
dtucker [Thu, 1 Dec 2022 02:19:29 +0000 (02:19 +0000)]
Log output of ssh-agent and ssh-add to make debugging easier.

23 months ago_C_LABEL() is no longer useful in the "everything is ELF" world.
guenther [Thu, 1 Dec 2022 00:26:15 +0000 (00:26 +0000)]
_C_LABEL() is no longer useful in the "everything is ELF" world.
Start eliminating it.

ok mpi@ mlarkin@ krw@

23 months agoUpdate to 2022ggtz from https://github.com/JodaOrg/global-tz
millert [Wed, 30 Nov 2022 17:59:46 +0000 (17:59 +0000)]
Update to 2022ggtz from https://github.com/JodaOrg/global-tz
Major changes:
 * The northern edge of Chihuahua changes to US timekeeping.
 * Much of Greenland stops changing clocks after March 2023.
 * Fix some pre-1996 timestamps in northern Canada.

23 months agomidicat.c: add missing CVS tag; ok millert@
cheloha [Wed, 30 Nov 2022 14:56:45 +0000 (14:56 +0000)]
midicat.c: add missing CVS tag; ok millert@

23 months agoUnlock nd6_ioctl(), push kernel lock into in6_ioctl_{get,change_ifaddr}()
kn [Wed, 30 Nov 2022 14:01:02 +0000 (14:01 +0000)]
Unlock nd6_ioctl(), push kernel lock into in6_ioctl_{get,change_ifaddr}()

Neighbour Discovery information is protected by the net lock, as
documented in nd6.h struct nd_ifinfo.

ndp(8) is the only SIOCGIFINFO_IN6 and SIOCGNBRINFO_IN6 user in base.

nd6_lookup(), also used in ICMP6 input and IPv6 forwarding, only needs
the net lock.

OK mvs

23 months agoUse shared socket/net lock for IP sockets
kn [Wed, 30 Nov 2022 13:58:39 +0000 (13:58 +0000)]
Use shared socket/net lock for IP sockets

so{,un}lock_shared() take the shared net lock for PF_INET and PF_INET6
while sticking to the exclusive rwlock elsewhere.

getsockopt(2), getsockname(2) and getpeername(2) (all UNLOCK) do not
write, so the exclusive net lock is overkill here.

OK mvs

23 months agoSwitch idiom of d2i_ECDSA_SIG() invocation
tb [Wed, 30 Nov 2022 12:42:24 +0000 (12:42 +0000)]
Switch idiom of d2i_ECDSA_SIG() invocation

Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the
recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference
here, it's better practice.

suggested by & ok markus

23 months agoLink libkeynote to regress.
tb [Wed, 30 Nov 2022 10:47:30 +0000 (10:47 +0000)]
Link libkeynote to regress.

23 months agoResurrect the libkeynote testsuite
tb [Wed, 30 Nov 2022 10:47:05 +0000 (10:47 +0000)]
Resurrect the libkeynote testsuite

This was part of the lib/libkeynote/Makefile.in r1.12 removed in 2004 by
msf. It would have caught the bug fixed by markus and bluhm in
lib/libkeynote/signature.c r1.30.

23 months agoPassing preallocated keys to d2i_RSAPublicKey() does not work anymore
bluhm [Wed, 30 Nov 2022 10:40:23 +0000 (10:40 +0000)]
Passing preallocated keys to d2i_RSAPublicKey() does not work anymore
with LibreSSL.  This caused a crash in isakmpd with libkeynote.
Better pass NULL and let libcrypto do the allocation.
from markus@; OK tb@

23 months agoregen
mvs [Wed, 30 Nov 2022 10:21:29 +0000 (10:21 +0000)]
regen

23 months agoUnlock getsockopt(2) and setsockopt(2). Unlock them both because at
mvs [Wed, 30 Nov 2022 10:20:37 +0000 (10:20 +0000)]
Unlock getsockopt(2) and setsockopt(2). Unlock them both because at
protocol layer they follow the same (*pr_ctloutput)() handlers.

At sockets layer we touch only per-socket data, which is solock()
protected.

At protocol layer, udp(4), unix(4) and key management sockets have no
(*pr_ctloutput)() handlers. route_ctloutput() touches only per socket
data, which is solock() protected. inet{,6} globals are protected by
netlock, which is solock() backend for corresponding sockets.

ok bluhm@

23 months agoPass a FILE pointer to ometric_output_all() and use fprintf() instead of
claudio [Wed, 30 Nov 2022 10:15:01 +0000 (10:15 +0000)]
Pass a FILE pointer to ometric_output_all() and use fprintf() instead of
printing to stdout by default. Additionally check if fprintf() fails and
return -1 in that case. With this ometric code can be used in rpki-client.
OK tb@

23 months agoProvide default address for qcpwm(4), as Linux upstream removed it from
patrick [Wed, 30 Nov 2022 09:52:13 +0000 (09:52 +0000)]
Provide default address for qcpwm(4), as Linux upstream removed it from
the device tree.

23 months agoRemove unused includes
job [Wed, 30 Nov 2022 09:12:50 +0000 (09:12 +0000)]
Remove unused includes

OK claudio@

23 months agoRemove unused includes
job [Wed, 30 Nov 2022 09:12:34 +0000 (09:12 +0000)]
Remove unused includes

OK claudio@

23 months agoRemove unused includes
job [Wed, 30 Nov 2022 09:03:44 +0000 (09:03 +0000)]
Remove unused includes

OK claudio@

23 months agoRemove unused include
job [Wed, 30 Nov 2022 09:02:58 +0000 (09:02 +0000)]
Remove unused include

OK claudio@

23 months agoRemove unused sys/socket.h include
job [Wed, 30 Nov 2022 08:17:21 +0000 (08:17 +0000)]
Remove unused sys/socket.h include

OK claudio@

23 months agoRemove unused ctype.h include
job [Wed, 30 Nov 2022 08:16:10 +0000 (08:16 +0000)]
Remove unused ctype.h include

OK tb@

23 months agoRewrite bn_correct_top().
jsing [Wed, 30 Nov 2022 03:08:39 +0000 (03:08 +0000)]
Rewrite bn_correct_top().

bn_correct_top() is currently a macro and far more complex than it needs
to be - rewrite it as a function.

ok tb@

23 months agoadd configtest; OK martijn
kn [Wed, 30 Nov 2022 02:54:15 +0000 (02:54 +0000)]
add configtest; OK martijn

23 months agoFix return values bug in BN_ucmp().
jsing [Wed, 30 Nov 2022 02:52:25 +0000 (02:52 +0000)]
Fix return values bug in BN_ucmp().

BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however
it currently returns other negative and positive values when the top of
a and b differ. Correct this.

ok tb@

23 months agoAdd regress coverage for BN_cmp()/BN_ucmp().
jsing [Wed, 30 Nov 2022 02:51:05 +0000 (02:51 +0000)]
Add regress coverage for BN_cmp()/BN_ucmp().

Some tests current fail due to a bug in BN_ucmp(), which will be fixed
soon.

23 months agoMostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.
jsing [Wed, 30 Nov 2022 01:56:18 +0000 (01:56 +0000)]
Mostly align BIO_read()/BIO_write() return values with OpenSSL 3.x.

For various historical reasons, there are a number of cases where our
BIO_read() and BIO_write() return slightly different values to what
OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which
differs from OpenSSL 3.x). Mostly align these - some further work will be
needed.

Issue raised by tb@ who also wrote some test code.

23 months agoMop up more BN_DEBUG related code.
jsing [Wed, 30 Nov 2022 01:47:19 +0000 (01:47 +0000)]
Mop up more BN_DEBUG related code.

23 months agoAdd void to client_repledge args to fix compiler warning. ok djm@
dtucker [Tue, 29 Nov 2022 22:41:14 +0000 (22:41 +0000)]
Add void to client_repledge args to fix compiler warning.  ok djm@

23 months agoMove the generic variable definitions from the ASM at the top of
guenther [Tue, 29 Nov 2022 21:41:39 +0000 (21:41 +0000)]
Move the generic variable definitions from the ASM at the top of
locore.S to be in C in cpu.c, machdep.c, pmap.c, or bus_space.c for
better typing/debug info.  Delete REALBASEMEM, REALEXTMEM, and
biosextmem as unused/ignored.

ok mpi@ krw@ mlarkin@

23 months agoOnly include stdarg.h, if we call any of va_{start,end}()
job [Tue, 29 Nov 2022 20:41:32 +0000 (20:41 +0000)]
Only include stdarg.h, if we call any of va_{start,end}()

OK tb@

23 months agoOnly include assert.h if we call assert()
job [Tue, 29 Nov 2022 20:26:22 +0000 (20:26 +0000)]
Only include assert.h if we call assert()

OK tb@

23 months agoAdd missing markup to comments and to RFC 3779 error
tb [Tue, 29 Nov 2022 19:52:48 +0000 (19:52 +0000)]
Add missing markup to comments and to RFC 3779 error

23 months agoUse correct size for mips64 .rld_map section.
visa [Tue, 29 Nov 2022 15:38:00 +0000 (15:38 +0000)]
Use correct size for mips64 .rld_map section.

From FreeBSD commit 36afc9ab6c1c7fdb2e40bdcfde169501d962dd84

OK kettenis@

23 months agoFirst pass at updating verifier error docs
tb [Tue, 29 Nov 2022 12:31:43 +0000 (12:31 +0000)]
First pass at updating verifier error docs

X509_verify_cert_error_string() is now thread safe as it no longer returns
a static buffer.  Document X509_V_ERR_UNSPECIFIED.  Stop asserting that the
X509_V_ERR_CERT_CHAIN_TOO_LONG code is unused, the new verifier can set it.
Add commented versions of various missing error codes in the proper spots
and move X509_V_ERR_UNNESTED_RESOURCE where it belongs.

prompted by claudio

23 months agoRemove a few doubled spaces and wrap an overlong line
tb [Tue, 29 Nov 2022 12:23:43 +0000 (12:23 +0000)]
Remove a few doubled spaces and wrap an overlong line

23 months agoIgnore late check results for resolvers we no longer use.
florian [Tue, 29 Nov 2022 11:56:32 +0000 (11:56 +0000)]
Ignore late check results for resolvers we no longer use.

Since we no longer use that specific resolver there is also no need
to re-check it.
tb pointed out that prev_state might be used uninitialized in this
case.
OK tb

23 months agoUpdate valid_x509 comment to reality. crl is no longer optional.
claudio [Tue, 29 Nov 2022 11:45:03 +0000 (11:45 +0000)]
Update valid_x509 comment to reality. crl is no longer optional.
OK tb@

23 months agoReturn an error string instead of surpressing the warning in valid_x509.
claudio [Tue, 29 Nov 2022 10:33:09 +0000 (10:33 +0000)]
Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

23 months agoSort a few outliers by increasing error number to match x509_vfy.h
tb [Tue, 29 Nov 2022 07:23:03 +0000 (07:23 +0000)]
Sort a few outliers by increasing error number to match x509_vfy.h

23 months agoFix includes
tb [Tue, 29 Nov 2022 07:12:17 +0000 (07:12 +0000)]
Fix includes

No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509
for a switch containing string constants. We do need x509_vfy instead.

23 months agoAdd missing X509_V_ERR_UNSPECIFIED case
tb [Tue, 29 Nov 2022 07:08:41 +0000 (07:08 +0000)]
Add missing X509_V_ERR_UNSPECIFIED case

23 months agoFix some KNF issues
tb [Tue, 29 Nov 2022 07:06:12 +0000 (07:06 +0000)]
Fix some KNF issues

Requested by claudio

23 months agoMake X509_verify_cert_error_string() thread safe
tb [Tue, 29 Nov 2022 07:03:40 +0000 (07:03 +0000)]
Make X509_verify_cert_error_string() thread safe

Stop returning a pointer to a static buffer containing the error code on
unknown error. While this might be helpful, it's not going to end well.

ok beck claudio jsing

23 months agoAdd support for the Unified Battery feature found in many more recent Logitech
anton [Tue, 29 Nov 2022 06:30:34 +0000 (06:30 +0000)]
Add support for the Unified Battery feature found in many more recent Logitech
HID++ hardware which should cause battery sensors to be exposed for more
devices. Positive test reports from the following:

* Lift mouse (anton@)
* MX Anywhere 3 mouse (Paul de Weerd)
* MX Ergo trackball (kn@)