CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/23 19:33:32 Modified files: sys/dev/fdt: if_dwqe_fdt.c sys/dev/ic : dwqe.c dwqevar.h Log message: handle fixed-link configuration in the device tree. if fixed-link is present, populate the interface baudrate and link status (full duplex or half duplex), and then call the statch handler to apply that config to the MAC. if fixed-link is specified then do not attach a phy. note that phy lookup and reset still occurs in case the device tree still uses the deprecated snps,reset-gpio properties. the fixed link port on the bpi r2 pro is connected to a switch chip (which is not really a phy) that needs needs a reset provided by the snps,reset-gpio handling. an improved device tree would have the reset properties on the switch node so it could do its own reset, but we can't have nice things can we? tested on a nanopi r5s, which has a phy but no fixed-link config, and a banana pi bpi-r2 pro, which has both (cos it has two dwqes, one with a phy and one without).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/23 18:11:08 Modified files: share/man/man4 : pci.4 Log message: actually xr to iosf this time. with patience from jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: jmatt...@cvs.openbsd.org2023/04/23 16:57:23 Modified files: sys/dev/pci: if_aq_pci.c Log message: Adjust some printfs in the attach code path to make more sense, and include the mac address of the interface on the attach line. ok dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: jmatt...@cvs.openbsd.org2023/04/23 16:48:03 Modified files: sys/dev/pci: if_aq_pci.c Log message: Prepare for adding Atlantic 2 support by renaming functions and defines specific to Atlantic 1, shuffling some of the setup code, and adding get_mac_addr to the firmware ops struct. ok dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/23 15:49:15 Modified files: lib/libcrypto/x509: x509_purp.c Log message: Replace X509v3_get_ext_count() with X509_get_ext_count() Error introduced in 1.24
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/23 15:46:08 Modified files: lib/libcrypto/x509: x509_purp.c Log message: In the case of V1 certs, the extension count should be exactly 0 OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/23 15:39:19 Modified files: lib/libcrypto/x509: x509_purp.c Log message: If extensions are encountered on a X.509 V1 cert, mark as invalid While there, explicitly check for 0 - as X509_get_version() is a wrapper around the less than beloved ASN1_INTEGER_get(). OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/23 15:31:16 Modified files: lib/libcrypto/x509: x509_err.c x509.h lib/libcrypto/asn1: x_x509.c Log message: Add compliance checks for the X.509 version field Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions). X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded. OK tb@ beck@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: kette...@cvs.openbsd.org2023/04/23 15:08:26 Modified files: gnu/llvm/lld/ELF: SyntheticSections.cpp SyntheticSections.h Log message: Don't create IBT .plt if there are no PLT entries. Cherry picked from upstream. Fixes several issues including problems with ld.bfd when it sees such a .plt in an object file that is getting linked into a binary. ok deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/04/23 13:22:08 Modified files: distrib/sets/lists/comp: mi distrib/sets/lists/man: mi Log message: sync
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 12:59:41 Modified files: regress/lib/libssl/client: Makefile clienttest.c regress/lib/libssl/tlsext: tlsexttest.c Log message: Fix the client test and the tlsext test to work with randomized TLS extensions (this involves unrandomizing the extension order for the tests that rely on golden numbers.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 12:51:53 Modified files: lib/libssl : ssl_lib.c ssl_local.h ssl_tlsext.c ssl_tlsext.h Log message: Randomize the order of TLS extensions On creation of an SSL using SSL_new(), randomize the order in which the extensions will be sent. There are several constraints: the PSK extension must always come last. The order cannot be randomized on a per-message basis as the strict interpretation of the standard chosen in the CH hashing doesn't allow changing the order between first and second ClientHello. Another constraint is that the current code calls callbacks directly on parsing an extension, which means that the order callbacks are called depends on the order in which the peer sent the extensions. This results in breaking apache-httpd setups using virtual hosts with full ranomization because virtual hosts don't work if the SNI is unknown at the time the ALPN callback is called. So for the time being, we ensure that SNI always precedes ALPN to avoid issues until this issue is fixed. This is based on an idea by David Benjamin https://boringssl-review.googlesource.com/c/boringssl/+/48045 Input & ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: an...@cvs.openbsd.org 2023/04/23 12:38:55 Modified files: regress/sys/arch/amd64/vmm: vcpu.c Log message: cope with more s/XCR0/XFEATURE renames
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/23 12:24:01 Modified files: lib/libcrypto/man: EVP_DigestInit.3 Log message: Man page update for EVP_sha512_224() and EVP_sha512_256() OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 07:47:35 Modified files: regress/lib/libcrypto: Makefile Log message: Link c2sp test to build
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 07:43:46 Log message: Import C2SP/CCTV test This currently only covers Ed25519 using the c2sp-testvectors package and checks that our Ed25519 implementation behaves as expected from a "ref10" implementation. This test has Go and c2sp-testvectors as a hard dependency. It will optionally pick up any OpenSSL package installed on the system and test that as well. https://github.com/C2SP/CCTV https://github.com/C2SP/CCTV/tree/main/ed25519 Status: Vendor Tag: tb Release Tags: tb_20230422 N src/regress/lib/libcrypto/c2sp/Makefile N src/regress/lib/libcrypto/c2sp/cctv.go No conflicts created by this import
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: j...@cvs.openbsd.org2023/04/23 07:19:34 Modified files: usr.sbin/rpki-client: print.c Log message: In filemode, if an ASPA contains information for only 1 AFI, supplement the other OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/23 06:11:37 Modified files: usr.sbin/vmd : vm.c vmd.c vmd.h vmm.c Log message: vmd(8): teach vmm process how to exec. Use execvp(2) to launch vm children with new address spaces. Consequently, introduces use of unveil(2) into the vmm and vm processes. This imposes the requirement of launching vmd with absolute paths, similar to sshd(8). ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 05:52:14 Modified files: lib/libcrypto/x509: x509_utl.c Log message: Drop some extra parentheses
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/04/23 05:42:45 Modified files: usr.sbin/bgpctl: bgpctl.8 Log message: Flowspec show support an address family argument. Copy the description from the very similar 'network show'.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 05:39:56 Modified files: lib/libcrypto/x509: x509_utl.c Log message: Drop a superfluous isneg check.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/04/23 05:39:52 Modified files: usr.sbin/bgpctl: bgpctl.c Log message: For FLOWSPEC_SHOW conver the AID form regular inet/inet6 to flowspec versions. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/04/23 05:39:10 Modified files: usr.sbin/bgpd : rde_rib.c Log message: Add the same AID filter to prefix_flowspec_dump() like in the other prefix/rib dump functions. OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 05:34:57 Modified files: lib/libcrypto/x509: x509_utl.c Log message: Add missing NULL check for BN_new()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: clau...@cvs.openbsd.org 2023/04/23 05:29:57 Modified files: usr.sbin/bgpctl: bgpctl.8 Log message: Document flowspec commands OK tb@ jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 05:25:21 Modified files: lib/libcrypto/x509: x509_utl.c Log message: Initialize ishex and isneg at the top and drop some elses
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: dera...@cvs.openbsd.org 2023/04/23 05:20:43 Modified files: . : hackathons.html Log message: m2k23 begins
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: patr...@cvs.openbsd.org 2023/04/23 04:29:35 Modified files: sys/dev/pv : viogpu.c Log message: Stop setting ri->ri_bs to prevent a panic caused by rasops accessing its uninitialized content. When we rasops_init() with RI_VCONS, a new screen is allocated. If ri->ri_bs is set, this will be copied. Otherwise a new one will be allocated and filled with ASCII spaces. Copying the ri->ri_bs is useful in case we have an early console which contents we want to keep. As we do not have an early console here, there's no point in setting it at the moment. With this my Hetzner arm64 VM doesn't panic anymore. ok jcs@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 04:19:52 Modified files: lib/libcrypto/x509: x509_utl.c Log message: Align hex_to_string with OpenSSL 1.1 behavior This is a bit of a strange one. When this function was moved and renamed, somehow checks for NULL pointers and 0 length were lost. Whether that was due to great review missing it or great review suggesting it, is unclear. Now the function can actually legitimately be called with a length of 0 (as ASN.1 OCTET STRINGS can have length 0) and "" is the appropriate representation for that, so the fix is to allocate a 0 octet. That much was correct. What was completely missed is that a long can be negative which will then still lead to an out-of-bounds access. So fix that as well. Finally, don't malloc 3 * len + 1 without overflow checking. Rather use calloc's internal checks. The + 1 isn't really needed anyway. All this is still really gross and can be done much more cleanly and safely with CBB/CBS. This will done later once we have better regress coverage. ok jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/04/23 03:58:38 Modified files: lib/libcrypto/x509: x509_utl.c Log message: x509_utl.c: Use correct spelling of NULL
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/23 02:04:59 Modified files: share/man/man4 : pci.4 acpi.4 Log message: Xr to iosf(4). pci(4) needed an Xr to dwiic(4) too. pointed out by jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2023/04/23 00:22:15 Modified files: sys/dev/ic : dwqe.c dwqevar.h Log message: rename sc_tick to sc_phy_tick. no functional change.