src - OpenBSD base system

Age	Commit message (Collapse)	Author
2023-05-13	vmm(4)/vmd(8): switch to anonymous shared mappings.	Dave Voutila
	While splitting out emulated virtio network and block devices into separate processes, I originally used named mappings via shm_mkstemp(3). While this functionally achieved the desired result, it had two unintended consequences: 1) tearing down a vm process and its child processes required excessive locking as the guest memory was tied into the VFS layer. 2) it was observed by mlarkin@ that actions in other parts of the VFS layer could cause some of the guest memory to flush to storage, possibly filling /tmp. This commit adds a new vmm(4) ioctl dedicated to allowing a process request the kernel share a mapping of guest memory into its own vm space. This requires an open fd to /dev/vmm (requiring root) and both the "vmm" and "proc" pledge(2) promises. In addition, the caller must know enough about the original memory ranges to reconstruct them to make the vm's ranges. Tested with help from Mischa Peters. ok mlarkin@
2023-05-13	Assert that test->want != NULL at this point	Theo Buehler
	Should make coverity happier
2023-05-12	asn1oct: add a couple more tests	Theo Buehler

2023-05-12	asn1oct: minor tweak in error message	Theo Buehler

2023-05-12	Add regress coverage for {s2i,i2s}_ASN1_OCTET_STRING	Theo Buehler

2023-05-12	test ChrootDirectory in Match block	Damien Miller

2023-05-12	better error messages	Damien Miller

2023-05-11	Teach dump_tables about PKs and display non-readable pages as such	Philip Guenther

2023-05-09	Make malloc tests that set flags more robust against the user also	Otto Moerbeek
	having flags set.
2023-05-09	Add regress coverage for -1 modulus as well.	Theo Buehler

2023-05-08	Enable malloc_errs test	Otto Moerbeek

2023-05-08	Add a regress test to test various malloc API and heap mismanagement	Otto Moerbeek
	errors which should cause abort. A few are not enabled yet, they will be once the corresponding diffs in malloc are committed.
2023-05-04	symbols.awk: Remove cfb dance	Theo Buehler
	With e_old.c gone, we no longer need this.
2023-05-04	sigh. typo	Theo Buehler

2023-05-04	Let ecdsatest exercise ECParameters_dup() a bit	Theo Buehler
	This currently leaks, which will fixed in a follow-on commit.
2023-05-04	Remove x9_62_test_internal()	Theo Buehler
	This test depends on RAND_set_rand_method() allowing stupid things like making ECDSA signatures deterministic. This was gutted a long time ago and the function should have followed its wrappers into the attic.
2023-05-03	Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls	Bob Beck
	regress for the moment. this will come back after we rethink the failure versus not there case. ok tb@ jsing@
2023-05-02	Change X509_NAME_get_index_by[NID\|OBJ] to be safer.	Bob Beck
	Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way. Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string. Instead, encode the resulting bytes as UTF-8 so it is something like "text", Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte. based on boringssl. nits by dlg@ ok tb@
2023-05-02	Mark the BIO_F_* function codes as intentionally undocumented	Ingo Schwarze
	and for now, skip the the BIO_R_* reason codes. It looks like all public symbols in the BIO library are now documented or marked as intentionally undocumented.
2023-05-02	Simplify slightly and use i2d_PKCS7_bio_stream()	Theo Buehler
	This is a wrapper of i2d_ASN1_bio_stream() that doesn't require us to pass in PKCS7_it.
2023-05-01	Make warnings more precise	Job Snijders

2023-04-30	x509_asn1: make this test pass again after reinstating DER preservation	Theo Buehler

2023-04-30	check_complete.pl: update for recent changes in bn	Theo Buehler

2023-04-30	Sort alphabetically	Theo Buehler

2023-04-30	Remove unnecessary target	Theo Buehler

2023-04-30	policy test: simplify Makefile	Theo Buehler

2023-04-29	Run open rsync and ports rsync programs against each other using	Alexander Bluhm
	the --rsync-path option. So we can see whether the tests pass in all interoperability combinations. Suggested by claudio@
2023-04-28	adjust after man_validate.c rev. 1.128 improved the error messages	Ingo Schwarze

2023-04-28	Execute each test as make target. Remove the shell wrapper. Mark	Alexander Bluhm
	failing test so that claudio@ can fix them.
2023-04-28	Free all libcrypto global state memory before returning	Job Snijders
	Found with the help of Otto's malloc memory leak detector!
2023-04-28	Return a non-zero error exit code on any DER cache discrepancies	Job Snijders

2023-04-28	Fix leaks reported by ASAN	Theo Buehler
	debugged with job
2023-04-28	Mark the obsolete PROXY_PARAM and SOCKS BIO_ctrl(3) command constants	Ingo Schwarze
	as intentionally undocumented. Do that here because no related manual pages exist.
2023-04-28	Enable policy checking by default now that we are DAG implementation based.	Bob Beck
	This ensures that we will no longer silently ignore a certificate with a critical policy extention by default. ok tb@
2023-04-28	Import rsync regress provided by Martin Cracauer so that bluhm@ can work	Claudio Jeker
	improve it in tree.
2023-04-28	The policy test is no longer expected to fail	Theo Buehler

2023-04-28	Rearrange freeing of memory in the regress test	Job Snijders

2023-04-28	make the policy test compile on sparc64	Theo Buehler

2023-04-28	Add X509_REQ_add_extensions and to X509_REQ_add1_attr to DER cache test	Job Snijders
	These new tests won't bubble up a non-zero error exit code because other libcrypto bits still need to land first.
2023-04-28	Hook up the the x509 policy regression tests to x509 regress.	Bob Beck
	These were adapted from BoringSSL's regress tests for x509 policy. They are currently marked as expected to fail as we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and the old tree based policy code from OpenSSL is special. These tests pass when we build with LIBRESSL_HAS_POLICY_DAG.
2023-04-28	Fix copyright, convert boringssl comments to C style	Bob Beck

2023-04-28	KNF	Bob Beck
	ok knfmt
2023-04-28	remove unused code.	Bob Beck

2023-04-28	remove debugging printf	Bob Beck

2023-04-28	This test should not have V_EXPLICIT_POLICY set. with this	Bob Beck
	corrected we pass
2023-04-28	Add the rest of the boringssl policy unit tests.	Bob Beck
	We currently still fail two of these, looks like one more bug in extracting the depth for require policy from the certificate..
2023-04-27	correct test cases to add expected errors.	Bob Beck

2023-04-27	Start of an x509 policy regress test. test cases from BoringSSL.	Bob Beck
	Still a work in progress adapting tests from boringssl x509_test.cc but dropping in here for tb to be able to look at and run as well since the new stuff still has bugs.
2023-04-27	tlsexttest: check additional logic in tlsext randomization	Theo Buehler
	This verifies that we put PSK always last and that the Apache 2 special does what it is supposed to do. There is also some weak validation of the Fisher-Yates shuffle that will likely catch errors introduced in tlsext_randomize_build_order()
2023-04-27	Make rpki-client choose the verification time of the time it is invoked	Bob Beck
	rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. ok tb@ claudio@