summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Put comment where it belongs also remove an assert() that checks for anclaudio2021-03-221-5/+2
| | | | | | impossible condition. The map argument is from a pread() call and can never be MAP_FAILED. From kristaps@
* Compare explicitly against NULL.claudio2021-03-221-2/+2
| | | | From kristaps@
* Make fmt argument const. Format local vars a bit.claudio2021-03-222-8/+8
| | | | From kristaps@
* Let iwn(4) simply clear frames before the firmware's BA window, insteadstsp2021-03-221-29/+17
| | | | | | | | | | | | | | | | of trying to be smart and clearing already acknowledged frames which are still within the firmware's BA window. This matches what the Linux driver does and makes our driver code simpler. Also, Tx rate control code relies on sequence numbers falling into the BA window so let's skip Tx rate control for frames before this window. Tested by: myself on 6205 and 6300 afresh1, bluhm, and paco on 6300 jmatthew on 5100 Balder Oddson on 6205
* Start the move to TAILQ for expressions instead of an SLIST.lum2021-03-221-10/+33
|
* document NEVER_CLEANespie2021-03-221-2/+6
|
* The tag comes after iface in iked.conf(5).tobhe2021-03-211-4/+4
|
* Fully initialize rrec in tls12_record_layer_open_record_protectedtb2021-03-211-1/+2
| | | | | | | | | | The CBC code path initializes rrec.padding_length in an indirect fashion and later makes use of it for copying the MAC. This is confusing some static analyzers as well as people investigating the whining. Avoid this confusion and add a bit of robustness by clearing the stack variable up front. ok jsing
* Revise regress to match handshake struct changes.jsing2021-03-211-18/+18
|
* Move the TLSv1.3 handshake struct inside the shared handshake struct.jsing2021-03-219-226/+227
| | | | | | | | | | | | | | | | There are currently three different handshake structs that are in use - the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct (as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous 'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)). This is the first step towards cleaning up the handshake structs so that shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2 and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code to access the shared handshake data without needing the SSL struct. ok inoguchi@ tb@
* Use new terminology of RFC 8981 and (mechanically) replace "privacy"florian2021-03-216-47/+49
| | | | with "temporary".
* wg(4): fix race between tx/rx handshakes, from Matt Dunwoodie, ok mpi@sthen2021-03-211-5/+4
| | | | | | | | | | | | | | | | "There is a race between sending/receiving handshake packets. This occurs if we consume an initiation, then send an initiation prior to replying to the consumed initiation. In particular, when consuming an initiation, we don't generate the index until creating the response (which is incorrect). If we attempt to create an initiation between these processes, we drop any outstanding handshake which in this case has index 0 as set when consuming the initiation. The fix attached is to generate the index when consuming the initiation so that any spurious initiation creation can drop a valid index. The patch also consolidates setting fields on the handshake."
* Split TLSv1.3 record protection from record layer.jsing2021-03-211-46/+72
| | | | | | | | This makes the TLSv1.2 and TLSv1.3 record layers more consistent and while it is not currently necessary from a functionality perspective, it makes for more readable and simpler code. ok inoguchi@ tb@
* Build options regress with -DLIBRESSL_INTERNAL.jsing2021-03-211-2/+2
| | | | | This is currently needed for DTLS1_2_VERSION, however it should be used here regardless.
* Avoid a use-after-scope in tls13_cert_add().jsing2021-03-211-4/+3
| | | | | | | | | | A parent CBB retains a reference to a child CBB until CBB_flush() or CBB_cleanup() is called. As such, the cert_exts CBB must be at function scope. Reported by Ilya Shipitsin. ok tb@
* Include wstpad allocations when cleaning up wsmouse resources.bru2021-03-213-3/+20
| | | | ok gnezdo@
* Disambiguate expressions.visa2021-03-211-3/+3
|
* Plug memory leak reported by Ilya Shipitsintb2021-03-211-3/+2
| | | | | Since r1.7, input in base64_decoding_test() is allocated unconditionally, so free it unconditionally.
* Don't warn that we can't form a temporary address when a routerflorian2021-03-211-5/+6
| | | | | | | deprecates a prefix by sending a pltime of 0, this is normal. Continue warning when the pltime is smaller than 5 as this is almost certainly a configuration error. Found the hard way by & OK otto.
* Add quoted strings capability in list values, no special charslum2021-03-213-46/+95
| | | | | | | detection in between them though. Add limitation to characters allowed in symbol names, equivalent to mg function names (A-Za-z-), quite restrictive but can grow of course. If value is not quoted and is not a variable, give an error.
* makes `struct execsw' to:semarie2021-03-212-6/+12
| | | | | | | - use C99-style initialization (grep works better with that) - use const as execsw is not modified during runtime ok mpi@
* Use uppercases for defines.mpi2021-03-211-6/+6
| | | | | | No functional change. ok semarie@
* add -n to SYNOPSIS;jmc2021-03-211-2/+2
|
* Add -n (no action) mode, which just parses the program and exits.jmatthew2021-03-212-6/+15
| | | | ok mpi@ kn@
* s/struft/struct/; thanks James Hastingssthen2021-03-202-6/+6
|
* Sync with apm(4/macppc) to document which ioctls are not supportedkn2021-03-201-2/+13
| | | | Suspend/resume and other power events are NOT YET SUPPORTED.
* Looking at loading all expressions initially, working towards multilum2021-03-201-202/+271
| | | | | | line. Next to look at "values" (quotes around values). Current regress tests pass.
* End sentence and add .Pp after (all) "NOT SUPPORTED" lineskn2021-03-201-7/+13
|
* RFC 8981 allows the configuration of only temporary IPv6 addresses.florian2021-03-201-3/+6
| | | | | | | | Keep "temporary" the default when setting inet6 autoconf but make it possible to disable the "autoconf" flag but keep "temporary" enabled. The normal usecase to only have temporary autoconf addresses would be "inet6 temporary" in hostname.if OK kn
* RFC 8981 allows the configuration of only temporary IPv6 addresses.florian2021-03-201-4/+8
| | | | | Make the interface come up when the IFXF_AUTOCONF6TEMP is set. OK kn
* RFC 8981 allows the configuration of only temporary IPv6 addresses.florian2021-03-203-8/+21
| | | | | | Track autoconf and temporary flag individually to be able to support this. OK kn
* Fix SMALL build when done from sbin/slaacdkn2021-03-204-7/+15
| | | | | | | distrib/special/slaccd is the actual SMALL user but having it build from here is useful, too; in fact, it showed some more unused variables under SMALL. OK florian
* SKIP_PROPOSAL has been ripped out in 2019kn2021-03-201-3/+1
|
* typotb2021-03-201-2/+2
|
* namei: reorganize a bit the error path for simples casessemarie2021-03-201-23/+17
| | | | | | | | | | - move 'fail' label to end of function (instead of using the first if-condition) - merge the most simples error code paths idioms from 'cleanup+return' to 'goto-fail' ok mpi@
* Sync some comments in order to reduce the difference with NetBSD.mpi2021-03-209-292/+463
| | | | | | No functionnal change. ok kettenis@
* Add a 'batch' mode to mg via the '-b' command line option which willlum2021-03-205-11/+74
| | | | | | | initialise a pty, run the specified file of mg commands and then exit. This is to facilitate mg fitting into the OpenBSD regress test framework and be able to run via a cron job.
* Add new test-tls13-multiple-ccs-messages.pytb2021-03-201-1/+8
| | | | | | | | | | | This is a test that checks for NSS's CCS flood DoS CVE-2020-25648. The test script currently fails on LibreSSL and OpenSSL 1.1.1j because it sends invalid records with version 0x0300 instead of 0x0303. We have the ccs_seen logic corresponding to NSS's fix: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 but we do allow up to two CCS due to an interop issue with Fizz, so at least one of the tests will likey be broken once the record version is fixed.
* use m_dup_pkthdr in ip_fragment to copy pkthdr info to fragments.dlg2021-03-201-5/+3
| | | | | | | | this ensures more stuff is copied, in particular the flowid information. this is also how v6 does it, which makes things more consistent. ok bluhm@
* Remove libLLVM.so.2.0 on upgradekn2021-03-191-2/+2
| | | | | | | It is over a year old and corresponds to LLVM 8.0.0 after the "-msvr4-struct-return" ABI change; saves 47M (on amd64). OK deraadt
* Prepare documenting SSL_use_certificate_chain_filetb2021-03-191-2/+19
|
* Undo previous. As pointed out by jsing I clearly wasn't fully awake...tb2021-03-191-2/+2
|
* Prepare to provide SSL_use_certificate_chain_file()tb2021-03-192-15/+40
| | | | | | | | | This is the same as SSL_CTX_use_certificate_chain_file() but for an SSL object instead of an SSL_CTX object. remi found this in a recent librelp update, so we need to provide it. The function will be exposed in an upcoming library bump. ok inoguchi on an earlier version, input/ok jsing
* Edit wireguard for concision. Remove some background covered by wg(4).procter2021-03-191-85/+74
| | | | | | Swap -wgpeerall and wgpeer in synopsis to ease parsing. "I'm good" - Matt Dunwoodie. "just commit" - jmc suggestions and ok sthen@
* Fix copy-paste error in previoustb2021-03-191-2/+2
| | | | | | | Found the hard way by lists y42 org via an OCSP validation failure that in turn caused pkg_add over TLS to fail. Detailed report by sthen. ok sthen
* Add an -V option to show the version of rpki-client. For the base versionclaudio2021-03-193-7/+12
| | | | | it will show just OpenBSD while -portable will show the portable version. OK sthen@, tb@, kn@
* Delay chdir to the cache directory to after parsing the tal files.claudio2021-03-191-5/+13
| | | | | | Using the -t option relative locations can be passed as tal locations and so the process can not chdir until these files were read. OK job@
* Remove booting from kernels in raw/qcow2 imageskn2021-03-1910-1435/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Diff and (slightly tweaked) text below from Dave Voutila < dave at sisu dot io >, thanks! -- Since 6.7 switched to FFS2 as the default filesystem for new installs, the ability for vmd(8) to load a kernel and boot.conf from a disk image directly (without SeaBIOS) has been broken. A diff from tb to add FFS2 support never mdae it into the tree. On 5th Jan 2021, new ramdisks for amd64 have started shipping gzipped, breaking the ability to load the bsd.rd directly as a kernel image for a vmd guest without first uncompressing the image. Using BIOS works, the FFS2 change happend ten months ago and few if any have complained about the breakage. vmctl(8) is still vague about supporting it per its man page and one still has to pass the disk image twice as a "-b" and "-d" argument to boot an OpenBSD guest *without* BIOS. Josh Rickmar reported the gzip issue on bugs@ and provided patches to add support for compressed ramdisks and kernel images. The easiest way to do so is to drop support for FFS images since they require a call to fmemopen(3) while all the other logic uses fopen(3)/fdopen(3) calls and a file descriptor. It is much easier to get thsoe patches merged if they don't have to account for extracting files from disk images. -- No objections anyone "Removing it makes sense" reyk (who wrote the FFS module) OK mlarkin
* Fix function name in warningkn2021-03-191-2/+2
|
* RTM_IFINFO is providing the mac address now, no need to go throughflorian2021-03-191-44/+16
| | | | | | getifaddrs on every route message. This also allows us to drop the route pledge since we only need to fetch the interface state with getifaddrs on startup.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.