summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-12-13new manual page SMIME_write_ASN1(3);Ingo Schwarze
still vague in various respects, but it's a start
2021-12-13remove a couple hundred sys/param.h includes in userland code, andTheo de Raadt
also whack some sys/cdefs.h early includes which is such a brutally bad pattern ok bluhm mbuhl
2021-12-13acct(4) ac_tty shouldn't need NODEV from sys/param.h (which is kernel API),Theo de Raadt
-1 is sufficient to indicate the process had no controlling tty, removing one more sys/param.h include in our userland ok millert
2021-12-13Only generate a new xid on state change.Florian Obser
When we first request a lease (INIT or REBOOTING state) we run with very short timeouts. If the dhcp server is slow to respond we already have a new xid and ignore the server's response. This goes on until we increase the timeout high enough. If we just stick to an xid this will not happen and we accept "late" responses. RFC 2131 has: Selecting a new 'xid' for each retransmission is an implementation decision. A client may choose to reuse the same 'xid' or select a new 'xid' for each retransmitted message. Problem seen by phessler on german train wifi. OK phessler
2021-12-13Revise EVFILT_EXCEPT filtersVisa Hankala
Restrict the circumstances where EVFILT_EXCEPT filters trigger: * when out-of-band data is present and NOTE_OOB is requested. * when the channel is fully closed and consumer is poll(2). This should clarify the logic and suppress events that kqueue-based poll(2) does not except. OK mpi@
2021-12-13Prevent kevent(2) use of EVFILT_EXCEPT with FIFOs and pipesVisa Hankala
Currently, the only intended direct usage of the EVFILT_EXCEPT filter is with NOTE_OOB to detect out-of-band data in ptys and sockets. NOTE_OOB does not apply to FIFOs or pipes. Prevent the user from registering the filter with these file types. The filter code is for the kernel's internal use. OK mpi@
2021-12-13nd6_dad_ns_input() could trigger a NULL deref in nd6_dad_duplicated().Alexander Bluhm
It checks dp in two of three places. One check got lost in revision 1.83. Do a dp == NULL once at the beginning. OK jsg@ Reported-by: syzbot+88c0ce914a0b10b7e1c8@syzkaller.appspotmail.com
2021-12-13Catch integer overflow rather than silently truncating whileIngo Schwarze
parsing MASK: strings in ASN1_STRING_set_default_mask_asc(3). Issue noticed by tb@, patch by me, two additional #include lines from tb@. OK tb@.
2021-12-13Handle multi-port controllers in uslcom(4)Visa Hankala
A multi-port CP210x device presents each COM port as a separate USB virtual COM port interface. When attaching uslcom(4), take the USB interface from the attach arguments instead of using interface 0. This lets the driver access the different ports of a quad-port CP2108. Tested with a single-port CP2102 by jsg@ OK jsg@ deraadt@
2021-12-13new manual pages i2d_ASN1_bio_stream(3) and SMIME_crlf_copy(3)Ingo Schwarze
2021-12-13Let dnsproc pass multiple addresses to netprocJeremie Courreges-Anglas
The loop was exited prematurely because of a stray break statement. In case of a failure to connect to the first address returned by getaddrinfo(3), acme-client can now try to connect using another address or address family if available. ok florian@
2021-12-13Treat xid as a uint32_t in network byte order on the wire.Florian Obser
Internally this doesn't matter since we only care about equality. This makes logging output comparable to tcpdump(8). Pointed out by joel@ OK claudio
2021-12-13Replace struct member assignment with struct assignment to make theFlorian Obser
code more compact. No binary change. OK claudio
2019-11-19Import NetBSD system call regression tests. They were written withAlexander Bluhm
ATF (Automated Testing Framework), so we use a small wrapper to map it to our bsd.regress.mk framework. Only half of the 80 NetBSD tests have been taken, the others need more work to adapt. Of them 34 syscall tests pass. Moritz Buhl ported the tests to OpenBSD.
2018-08-21Check the FPU environment of user land processes after exec and theAlexander Bluhm
proc0 kernel thread for FPU initialization values.
2021-12-13Make pane-border-format a pane option, GitHub issue 2999.Nicholas Marriott
2021-12-12remove unused variable to fix build with llvm 13Jonathan Gray
ok jca@ naddy@
2021-12-12Annotate the structs that will be moved to hmac_local.h and evp_locl.hTheo Buehler
in an upcoming bump. This omits EVP_AEAD_CTX which will be dealt with separately. EVP_CIPHER_INFO internals are still publicly visible in OpenSSL, so it won't be moved. Move typedefs for HMAC_CTX and EVP_ENCODE_CTX to ossl_typ.h. These typedefs will be visible by files including only hmac.h or evp.h since hmac.h includes evp.h and evp.h includes ossl_typ.h. ok inoguchi
2021-12-12Include evp_locl.h where it will be needed once most structs fromTheo Buehler
evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
2021-12-12Add a mostly empty hmac_local.h. HMAC_CTX and a few other thingsTheo Buehler
from hmac.h will be moved there in an umpcoming bump. Include this file where it will be needed. ok inoguchi
2021-12-12Add -I${LIBCRYPTO_SRC}/hmac to CFLAGS. Needed in an upcoming commit.Theo Buehler
ok inoguchi
2021-12-12Add header guards to evp_locl.h.Theo Buehler
ok inoguchi
2021-12-12Replace deprecated IO::Socket::INET6 with IO::Socket::IP.Alexander Bluhm
2021-12-12Convert req.c to compile with opaque EVP_MD_CTX.Theo Buehler
ok inoguchi
2021-12-12Convert passwd.c to opaque EVP_MD_CTX and add a bit of error checking.Theo Buehler
tweak/ok inoguchi
2021-12-12Make speed.c compile with opaque EVP_CIPHER, EVP_MD and HMAC_CTX.Theo Buehler
ok inoguchi
2021-12-12A few more simplifications using get0_pubkey instead of get_pubkey + free.Theo Buehler
2021-12-12Simplify x509.c slightly by using X509_get0_pubkey() instead ofTheo Buehler
X509_get_pubkey() ok inoguchi
2021-12-12Make x509.c compile with opaque EVP_PKEY.Theo Buehler
ok inoguchi
2021-12-12Use correct spelling of NULLTheo Buehler
ok inoguchi
2021-12-12Make ts.c compile with opaque EVP_MD_CTX.Theo Buehler
ok inoguchi
2021-12-12document the ub_* constantsIngo Schwarze
2021-12-12typoIngo Schwarze
2021-12-12New manual page providing a rudimentary description of BIO_new_NDEF(3).Ingo Schwarze
The API surrounding this is so complicated and streaming is so rarely used in practice that describing this in more detail is not a priority right now. The documentation of the wrapper BIO_new_CMS(3) is also rather vague, and BIO_new_PKCS7() isn't described at all so far.
2021-12-12Rewrite X509_ALGOR_set_md() without reaching into EVP_MD.Theo Buehler
ok inoguchi schwarze
2021-12-12Replace deprecated IO::Socket::INET6 with IO::Socket::IP.Alexander Bluhm
2021-12-12Use vnode parameter instead of vfinddev() in mfs_strategy()Visa Hankala
Getting the mfs device vnode through vfinddev() is more complex than necessary. Also, the indirection is not robust. OK mpi@
2021-12-12Add vnode parameter to VOP_STRATEGY()Visa Hankala
Pass the device vnode as a parameter to VOP_STRATEGY() to allow calling the correct vop_strategy callback. Now the vnode is also available in the callback. OK mpi@
2021-12-11Merge two bugfixes in ASN1_STRING_TABLE_add(3) and ASN1_STRING_TABLE_get(3)Ingo Schwarze
from the OpenSSL 1.1.1 branch, which is still under a free license, mostly this commit: commit d35c0ff30b31be9fd5dcf3d552a16feb8de464bc Author: Dr. Stephen Henson <steve@openssl.org> Date: Fri Oct 19 15:06:31 2012 +0000 fix ASN1_STRING_TABLE_add so it can override existing string table values This fixes a segfault in ASN1_STRING_TABLE_add(3), which tried to change a static const entry when called with an nid already in the default table, and it switches the precedence of the two tables in ASN1_STRING_TABLE_get(3). In addition, it changes behaviour in the following minor ways: * Ignore negative minsize and maxsize arguments, not just -1. * Ignore a zero mask and zero flags. It's unclear whether these additional changes make the API absolutely better, but we want compatibility with OpenSSL in these functions. Tweaks & OK tb@.
2013-01-03Reengineer the socket splicing regression tests:Alexander Bluhm
- Move the tests from splice to new sosplice directory for consistent naming. - Split the API tests and the TCP splicing tests into separate directories. - Create some tests for the upcoming UDP splicing. - Tests can be run in obj directories now. - The API tests can run both on a local and on a remote machine now. - Fix the forking TCP tests which splice and read or write simultaneously. - Bunch of little fixes for races in the tests. - Deduplicate code, move checks into common functions.
2021-12-11Merge the deletion of <ctype.h>, which isn't used here,Ingo Schwarze
and some style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. No functional change. OK and additional tweaks tb@.
2021-12-11Change compatible string to something that makes more sense.Mark Kettenis
2021-12-11remove unused variable to fix build with llvm 13; ok jca@Christian Weisgerber
2021-12-11Start the default OpenBSD partition either immediately followingKenneth R Westerback
any boot partition specified via '-b' or /usr/mdec/mbr; at the power of 2 block after the first track; or immediately following the MBR if there is only one track. Mark any non-EFISYS boot partition created by -b as DOSACTIVE. Suggested by kettenis@, better than a separate new option. Brings -b behaviour into line with many uses of -e to create boot partitions, allowing for the eventual elimination of said -e uses in the creation of the various boot media and in the install scripts.
2021-12-11Add support for interrupts represented by ACPI PCI Interrupt Link Devices.Mark Kettenis
This makes PCI interrupts work on QEMU's SBSA target. ok patrick@
2021-12-11Thanks to the reverse engineering efforts by Hector Martin, we now knowMark Kettenis
that we can controll the CS# pin directly from the SPI controller itself. Add support for this as future device trees will probably use this mode instead of explicitly specifying a "cs-gpios" property. ok patrick@
2021-12-11Attach apldart(4) early.Mark Kettenis
2021-12-11document STABLE_NO_MASK and STABLE_FLAGS_MALLOC,Ingo Schwarze
mention which argument values can be used to not change the respective fields, and tweak a few additional wordings
2021-12-11two more "the the" fixes;Jason McIntyre
2021-12-11Protect the write access to the TDB flags field with a mutex perAlexander Bluhm
TDB. Clearing the timeout flags just before pool put in tdb_free() does not make sense. Move this to tdb_delete(). While there make the parentheses in the flag check consistent. tested by Hrvoje Popovski; OK tobhe@