| Age | Commit message (Collapse) | Author |
|---|
|
and 'L' for libc.so. This flag printing may be deleted once we are entirely
confident this is working correctly.
ok kettenis
|
|
pinsyscalls(2).
ok kettenis
|
|
the main program or ld.so, and accept a submission of that information
for libc.so from ld.so via pinsyscalls(2). At system call invocation,
the syscall number is matched to the specific address it must come from.
ok kettenis, gnezdo, testing of variations by many people
|
|
the error handling of strange variable names can be better controlled.
With and OK dv@
|
|
OK martijn@
|
|
extra data. With this IMSG_UPDATE_ERR can use the new imsg API.
Introduce session_notification_data() for the few cases where there
is no ibuf readily available.
OK tb@
|
|
The change in proc.c can be further simplified once imsg_free() takes
care of unclaimed file descriptors.
OK nicm@
|
|
OK nicm@
|
|
ok stsp@
|
|
|
|
In this case iked would just silently drop incomming connections.
Thus, the user has a chance to figure out whats going on.
ok tobhe@
|
|
When we made sure that getaddrinfo(3) always resolves "localhost" to
the loopback address we forgot to set ai_canonname if AI_CANONNAME or
AI_FQDN is set. On a successful call ai_canonname has to be a NUL-terminated
string if either of those flags are set.
Problem observed by a@alexis-fouilhe.fr in smtpd(8) with a hostname of
"localhost".
OK millert
|
|
ok tobhe@
|
|
list walkthroughs have context switch within, so make exit1() wait
until the last reference released.
Reported-by: syzbot+0e9dda76c42c82c626d7@syzkaller.appspotmail.com
ok bluhm claudio
|
|
OK tb@
|
|
message.
from markus@
|
|
|
|
|
|
for the original 13" M1 MacBook.
ok mlarkin@
|
|
uses an rwlock and curproc isn't initialized yet for these CPUs at this
point. As a result we hit a "locking against myself" panic if there is
any lock contention.
Fix this by adding a new ci_midr member to struct cpu_info which gets
initialized when we identify the CPUs and use that to attach the kstat
stuff.
ok tobhe@, dlg@
|
|
so handle this case as well. This error triggers an RTR_EVNT_NO_DATA
event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation).
When there is no data available the session_id remains unset until data
becomes available. So handle this case not only in rtr_parse_cache_response()
but also in rtr_parse_notify().
RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a
reset or serial query depending on the cache session state.
OK tb@
|
|
indicated by writing 0 to the 5 bit 'BD count' field in the first slot.
Accordingly, mask the value we're writing there.
Each packet uses one slot for offload information and then one per DMA
segment, which means the maximum number of DMA segments must be 31 rather
than 32. Trying to send a packet using 33 slots makes the nic firmware
very upset.
ok dlg@
|
|
rules found in every anchor. This commit introduces the same behavior
for tables. Command 'pfctl -a "*" -sT' prints all tables attached to
every anchor loaded to pf(4).
Inconsistency has been noticed by Klemens (kn@).
OK @bluhm, OK @kn
|
|
endbr{64,32}
"sure" dv@ deraadt@
|
|
stable.
|
|
The virtio spec says a driver "should" wait for a device to report
a clear device status after performing a reset. In some hypervisors,
this doesn't matter as the vcpu's io instruction emulation and
virtio network device emulation happen serially in the same thread.
In hypervisors like vmd(8), device reset happens asynchronously and
the driver can't assume the device is ready.
This race condition results in mbuf pool corruption, causing panics.
Bug reported and reproduced by bluhm@. Root cause found and diff
from sf@. ok dv@ and committed on sf@'s behalf with his permission.
|
|
In the near future, we will add support for destroying clockintr
objects. When this happens, it will no longer be safe to dereference
the pointer to the expired clockintr during the dispatch loop in
clockintr_dispatch() after reentering cq_mtx. This means we will not
be able to safely check for the CLST_IGNORE_REQUESTS flag.
So replace the CLST_IGNORE_REQUESTS flag in cl_flags with the
CQ_IGNORE_REQUESTS flag in cq_flags. The semantics are the same.
Both cl_flags and cq_flags are protected by cq_mtx.
Note that we cannot move the CLST_IGNORE_REQUESTS flag to cr_flags in
struct clockrequest: that member is owned by the dispatching CPU and
is not mutated with atomic operations.
|
|
|
|
Nothing outside of the _KERNEL guard in <sys/sched.h> needs
<sys/queue.h>, so move its inclusion under _KERNEL.
Requested by claudio@.
Link: https://marc.info/?l=openbsd-tech&m=169937494818685&w=2
ok claudio@
|
|
struct schedstate_perpcu contains struct clockintr pointers. struct
clockintr is not defined in userspace, so move schedstate_percpu into
the _KERNEL guard to hide it from userspace. Nothing in base userspace
uses schedstate_percpu.
Thread: https://marc.info/?l=openbsd-tech&m=169861224916185&w=2
ok claudio@ millert@
|
|
libraries will request a different (major) libc version from the one
requested by the binary itself. For various reasons loading multiple libc
versions is not a good idea, and since the introduction of msyscall(2)
support, system calls will only work when called from one of the two loaded
libcs. This really means that when we have a libc major bump, users must
update all dynamic executables and shared libraries in the system.
However, to ease this transition, change ld.so to only load the first libc
version that we encounter (in a breadth first sense) and substitute that
libc version for all further loads of libc, even if different versions are
requested. This is done silently since I can't come up with a good warning
message. In practice this means the libc version requested by the
executable itself will be loaded. This means that shared libraries may
fail to load if they use a symbol that has been removed. But given the
constraints, this is the best that we can do. Even when we bump the
libc major, the set of changes is typically small and most binaries and
shared libraries will continue to run and allow the user to run pkg_add -u
without any fallout.
ok deraadt@, gkoehler@
|
|
X509_check_trust() is of course used by the verifier. Unfortunately
M2Crypto exposes it. The only other part of the X509_TRUST API that
are still needed are the X509_TRUST_* macros in x509.h, as they are
used via *_set_trust and indirectly via the purpose stuff. The rest
will be removed.
X509_TRUST_add() was defanged recently, in particular it no longer
hangs strdup()'ed strings off the global struct. Nothing ever cleaned
these up. TRUST_cleanup() attempted to do so, but since it checked
the dynamic/dynamic strings flags in the wrong order, that cleanup
call ended up doing nothing, so that code was removed at some point.
As a consequence, the struct can now be made const. Use a CTASSERT()
to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and
X509_TRUST_MIN hold true.
Remove the global variable underlying X509_TRUST_set_default()'s
functionality and move its accessor down to all the other functions
that will be deleted.
Inline a few things in X509_check_trust(), so we can excise the
internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the
default trust function can no longer be changed, call obj_trust()
directly.
ok jsing
|
|
Both check_defer() and the global variable obj_cleanup_defer were removed
from the public API two years ago. Now they were removed from the internals
as well, simplifying the cleanup process greatly. We no longer need them
to have a chance to understand the cleanup process. Also remove references
to EVP_cleanup() since this has long been deprecated and now it doesn't
clean up things anymore.
|
|
Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course
unsurprising that you may accidentally increment the refcount if your idiom
for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).
|
|
|
|
|
|
|
|
ok tb@
|
|
After removing the last caller of EVP_PKEY_meth_find() from libssl, none
of these is used. And with EVP_PKEY_meth_new() gone, there will no longer
be a way to get your hands onto an EVP_PKEY_METHOD that is writable, so
none of the silent failures (because they're void functions) should matter
in the few weeks until we bump.
ok jsing
|
|
... and another file without license disappears.
|
|
They will await their removal in the next major bump.
|
|
First to move is EVP_cleanup(), which should probably be moved to an
evp_lib.c if such a file is reinstated.
|
|
With check_defer() gone, this is never set to anything but 0, so the two
conditional branches it is still involved in are dead code.
|
|
This was a mechanism to ensure that OBJ_cleanup() doesn't remove the
ASN1_OBJECT associated with a custom cipher or digest (that was added
with EVP_add_{cipher,digest}(), while the latter is still referenced
in the OBJ_NAME table.
It had the effect that OBJ_cleanup() wasn't actually called ever from
OPENSSL_cleanup() (it is only called if you load the OID conf module).
Oh, and of course it was once part of the public API. I fixed that two
years ago, almost exactly to the day. Still mentioned in OBJ_create.3.
|
|
This makes them noops. They are used in the wild for adding ciphers
that are always added by the library init code. This is a historic
leftover.
This removes the last (and only ever) calls to check_defer().
ok jsing
|
|
OBJ_NAME_add() is a noop now, so remove all calls and simplify the
remainder of these two functions a bit.
Intermediate step to a larger diff that was ok jsing
|
|
This is a noop now, so no need to call it.
|
|
With one exception, none of this is used anymore. All of it will be removed
in the next major bump.
The exception is OBJ_NAME_add(). scurity/xca ran into issues with their
cert renewal logic because RSA certs had a way of mapping the signature
algorithms to a hash, but a similar mechanism wasn't available for ECDSA
certs. So xca uses EVP_add_digest_alias() to have corresponding aliases
for ECDSA. This is a macro wrapping OBJ_NAME_add().
xca now has better logic using the more appropriate OBJ_find_sigid_algs()
(which wasn't available back then). We will still add the alias entries
that xca still adds ourselves to make sure there are no unexpected side
effects. They make sense anyway.
The diff will hopefully land in a few days. If your life depends on ECDSA
cert renewal in xca please hold off on updating to a new snap.
ok jsing
|
|
These serve no purpose anymore (and really haven't for many years) but
will have to be kept since there's a number of software that still uses
them because many years ago they had to.
Relocate the stubs to crypto_init.c since library initialization's what
they were there for.
ok jsing
|
|
Instead of a hashtable lookup do a bsearch() over the static table.
This needs about the same number of strcmp and is a lot simpler.
ok jsing
|
