IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
d5aeaaaa 2021-11-29 20:13:25 Crank the number of rounds of Miller-Rabin from 50 to 64 for DSA key generation. From Kurt Roeckx, OpenSSL 74ee3796 ok bcook inoguchi jsing
79207923 2021-11-29 20:02:14 Clean up DH_check_pub_key() and ensure that y^q (mod p) == 1. This aligns our behavior with OpenSSL 1.1.1 which includes a mitigation for small subgroup attacks. This did not affect LibreSSL since we do not support X9.42 style parameter files or RFC 5114. The meat of this commit is from Matt Caswell, OpenSSL b128abc3 ok inoguchi jsing
0cbf20e4 2021-11-29 19:54:07 Increase number of iterations in Miller-Rabin checks for DH. BN_prime_checks is only to be used for random input. Here, the input isn't random, so increase the number of checks. According to https://eprint.iacr.org/2019/032, 64 rounds is suitable. From Jake Massimo, OpenSSL 1.1.1, af6ce3b4 ok inoguchi jsing
2cad8c6e 2021-11-29 19:47:47 Synchronize DH_check() mostly with OpenSSL 1.1.1 with some simplifications and readability tweaks. This ensures in particular that dh->q is suitable if present. Based on work by Stephen Henson and Bernd Edlinger in OpenSSL. Issues with the current implementation found via regression tests in py-cryptography. ok inoguchi jsing
aacfb2c7 2021-11-29 19:41:02 Provide a version of DH_check_params() for internal use. Based on the version in OpenSSL 1.1.1l with minor tweaks. ok inoguchi jsing
c44f9f1f 2021-11-29 19:34:51 Provide a number of flags for DH_check and DH_check_pubkey that will be used in subsequent commits. ok inoguchi jsing
800f9b80 2021-11-29 19:19:00 The network stack currently uses IPL_SOFTNET. Consistently initialize the TDB sadb mutex with that. The old IPL_NET was chosen by accident. OK mpi@
a7430245 2021-11-29 18:50:16 tcpdump: convert print-ipsec to a EVP_CIPHER_CTX on the heap. Fix and add some error checking while there. ok deraadt
f70fe689 2021-11-29 18:48:22 First pass of converting ssl_kex.c to opaque DH. Assign the result of BN_dup() and BN_bn2bin() to local BIGNUMs, then set the factors and pubkey on the dh using DH_set0_{pqg,key}(). A second pass will be done during the upcoming bump. ok jsing
39f1af7a 2021-11-29 18:37:34 Hide BIO_s_file_internal() from internal view. ok jsing
590ebd80 2021-11-29 18:36:27 Stop using BIO_s_file_inernal() in libssl. BIO_s_file_internal() should never have leaked out of libcrypto, but it did. As a first step of getting rid of it, stop using it internally. ok jsing
3552e649 2021-11-29 16:31:43 regen
5846ab5b 2021-11-29 16:30:30 Unlock accept(2) and accept4(2) syscalls. Unlock them both because they follow the same code path. ok bluhm@
2b613d4d 2021-11-29 16:11:46 Register-time event should make poll/select non-blocking.
ff0f83bf 2021-11-29 16:03:56 Convert server serialisation of DHE parameters/public key to new functions. ok inoguchi@ tb@
76bb7203 2021-11-29 16:00:32 Factor out/rewrite DHE key exchange. This follows what was done previously for ECDHE EC point key exchange and will allow for deduplication and further code improvement. Convert the TLSv1.2 client to use the new DHE key exchange functions. ok inoguchi@ tb@
6d91411b 2021-11-29 15:56:33 Avoid including sys/param.h. Make a local copy of MINIMUM() in test_helper.h instead, like we did elsewhere. ok bluhm@
eebe838b 2021-11-29 15:55:36 vmm(4): bump remote vmclear spinout ticks Older/slower hosts could easily hit the cap under load. Set it to the same value we use in mplock_debug. ok mlarkin@
13ce2699 2021-11-29 15:54:04 kqueue: Revise badfd knote handling When closing a file descriptor and converting the poll/select knotes into badfd knotes, keep the knotes attached to the by-fd table. This should prevent kqueue_purge() from returning before the kqueue has become quiescent. This in turn should fix a KASSERT(TAILQ_EMPTY(&kq->kq_head)) panic in KQRELE() that bluhm@ has reported. The badfd conversion is only needed when a poll/select scan is ongoing. The system can skip the conversion if the knote is not part of the active event set. The code of this commit skips the conversion when the fd is closed by the same thread that has done the fd polling. This can be improved but should already cover typical fd usage patterns. As badfd knotes now hold slots in the by-fd table, kqueue_register() clears them. poll/select use kqueue_register() to set up a new scan; any found fd close notification is a leftover from the previous scan. The new badfd handling should be free of accidental knote accumulation. This obsoletes kqpoll_dequeue() and lowers kqpoll_init() overhead. Re-enable lazy removal of poll/select knotes because the panic should no longer happen. OK mpi@
08d984e5 2021-11-29 15:39:59 Using a void pointer for temporary allocated TDB in pfkeyv2 does not make sense. Do not use the freeme pointer for TDB in pfkeyv2_send(). The pattern is tdb_alloc() and tdb_unref() in case of error. Replace tdb_free() in reserve_spi() with tdb_unref() to keep this consistent. Only tdb_unref() should call tdb_free(). OK mvs@
112e2fea 2021-11-29 14:06:03 points people to more current ways to find package information. with inputs from danj@ and kn@, thx guys
b49e1847 2021-11-29 13:20:24 add -V to usage(), and list it before -v in both SYNOPSIS and the options list;
bbd06b5d 2021-11-29 13:05:04 Add and enable 'unconacc' test which provides multithreaded connect(2) and accept(2) calls on single unix(4) socket. ok bluhm@
c183a39c 2021-11-29 12:27:18 Add command line option to show the version ok patrick@
b51e7616 2021-11-29 11:05:28 Bump response timer to three seconds, GitHub issue 2984.
95143b6e 2021-11-29 11:01:51 Fix user option lookup ordering.
d8ea035b 2021-11-29 06:43:42 sys/param.h was included for MAX(), MIN() and roundup(). make local copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
13c7cd53 2021-11-29 06:42:13 the code in this file has reason to include any sys/*.h header files, let alone sys/param.h, which it uses to get roundup(). make a local copy of the macro, and call it a day.
b3fb853a 2021-11-29 06:39:23 local copy of roundup() means no more sys/param.h
24fb43d0 2021-11-29 05:17:35 mostly avoid sys/param.h with a local nitems() ok mlarkin
ac61b455 2021-11-29 03:20:37 A few sys/param.h annotations lacked ALIGNBYTES
832bedbc 2021-11-29 01:04:45 Niels agreed to remove the advertising clause; switching these to 3-term BSD license.
1a0afcde 2021-11-28 19:28:41 Stop using MAXBSIZE to eliminate sys/param.h including (which injects a ton of namespace intrusion). Create local sizes, and refactor some code along the way. ok millert
1e13aedb 2021-11-28 19:26:03 remove sys/param.h includes by stopping use of NODEV, ALIGNED and ALIGN(). The latter two exposed a large block allocator on top of malloc() which doesn't really make sense in this decade (the objects are never freed, so not quite like the famous openssl allocator) ok millert jsg
db2f1604 2021-11-28 17:40:14 document ASN1_tag2bit(3)
3da41355 2021-11-28 15:48:12 Document ASN1_object_size(3). While here, * call the function arguments "content_length" rather than just "length" to make it less likely that the reader confuses them with the total length returned by ASN1_object_size(3); * state that only the short form is supported for content_length <= 127; * add the missing STANDARDS section.
edff0b5c 2021-11-28 14:32:34 mark ASN1_check_infinite_end() and ASN1_const_check_infinite_end() as intentionally undocumented
c00e5c15 2021-11-28 14:10:32 Spacing
dcbbabc2 2021-11-28 13:57:37 utvfu(4) only has one frame size, either for PAL or NTSC. Therefore return EINVAL after the first frame size has been returned in the VIDIOC_ENUM_FRAMESIZES ioctl. ok mpi@
7f8b5cc9 2021-11-28 12:51:52 Make sure the interface still exists before updating it. When we get a route message, for example an address being added (RTM_NEWADDR, but the problem exists with most of the route messages) and the interface gets unplugged at just the right moment if_nametoindex(3) will return NULL. We will pass NULL through update_iface() to get_xflags() which will then crash because we dereference the NULL pointer there. OK kn
d0c2b6e3 2021-11-28 12:49:55 Make sure if_index is set in all case statements and use it consistently. This makes the next diff easier, also consistency is good. OK kn
6303db42 2021-11-28 09:25:02 Align with the recent memory allocation changes we did for the other USB HC drivers; M_DEVBUF -> M_USBHC. ok kettenis@
6529c7d1 2021-11-28 07:21:26 sshsig: return "key not found" when searching empty files rather than "internal error"
51ec5361 2021-11-28 07:15:10 ssh-keygen -Y match-principals doesn't accept any -O options at present, so don't say otherwise in SYNOPSIS; spotted jmc@
06f6518b 2021-11-28 07:14:29 fix indenting in last commit
11dd54c7 2021-11-28 07:10:18 missing initialisation for oerrno
9ce164ed 2021-11-27 21:50:05 Rename msg_id to msg_peerid now that we also have msg_localid. ok patrick@
0370c6f8 2021-11-27 17:45:49 sync
378d0f97 2021-11-27 16:25:40 previous commit causes gcc to perform an unaligned access to the tcphdr (at least on sparc64) since it accesses the bitfield using an "int sized" instructions, rather than the minimally sized byte instruction. This is permitted by the language laywers who probably prefer we change the tcphdr in every packet. It is not clear how to convince gcc to avoid this behaviour, and a week of futzing hasn't found fast path solutions yet. In the meantime the tree may not be broken.
aa287722 2021-11-27 16:18:03 new manual page BIO_f_asn1(3)
1be08e70 2021-11-27 15:13:09 Remove an unneeded variable to fix compiler warning with clang 13. OK jsg@
c99cc49e 2021-11-27 15:12:19 Make brk() and sbrk() weak again to fix build with clang 13. OK jsg@
dfd898f6 2021-11-27 15:07:26 Adjust wait channel name and re-enable test.
7ad332b8 2021-11-27 15:06:10 Fix timeouts in poll/select regress tests Disable poll/select timeout so that the wchan wait would work as intended. The timeout is not essential to the test flow. In addition, the top-level alarm timer prevents the tests from getting stuck should something go wrong.
a925b4f7 2021-11-27 13:10:33 Fix incomplete initialization bug: BIO_new(BIO_f_asn1()) neglected initializing five of the fields in BIO_ASN1_BUF_CTX (prefix, prefix_free, suffix, suffix_free, ex_arg), inviting a segfault in a subsequent call from the application program to BIO_write(3) because subroutines of that function assume that the function pointers are either NULL or valid. Fix this by using the less error-prone calloc(3) idiom. While here, inline asn1_bio_init() at the only call site in asn1_bio_new() to simplify the code and make it easier to read. Bug found and initial patch by me, this version (with inlining) by and OK tb@.
f2e52126 2021-11-27 11:22:26 Let iwm(4) use per-Tx-queue interface timers to ensure that the interface watchdog will trigger a device timeout if a particular Tx queue gets stuck while other Tx queues keep working. The Linux driver is using a similar workaround for "stuck queues". I have only observed this problem on iwx(4) hardware but it won't hurt to add this workaround to iwm(4) as well.
025b6df4 2021-11-27 07:23:35 whitespac e
edc07fef 2021-11-27 07:20:58 regression test for match-principals. Mostly by Fabian Stelzer
8c0edb7e 2021-11-27 07:14:46 Add ssh-keygen -Y match-principals operation to perform matching of principals names against an allowed signers file. Requested by and mostly written by Fabian Stelzer, towards a TOFU model for SSH signatures in git. Some tweaks by me. "doesn't bother me" deraadt@
fee0938b 2021-11-27 06:14:10 free() with nullptr is OK, but not if the size is unitialized, and the fail label is reachable before the sizes are known.
9d3ff0b4 2021-11-27 04:32:32 drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors From hongao 04c586a601dc0acb8e739205db350ab660dffc4f in linux 5.10.y/5.10.82 bf552083916a7f8800477b5986940d1c9a31b953 in mainline linux
90d1a473 2021-11-27 04:29:00 drm/i915/dp: Ensure sink rate values are always valid From Imre Deak 47901b77bf7dc801a084a0b377aee5974d9bc4ce in linux 5.10.y/5.10.82 6c34bd4532a3f39952952ddc102737595729afc4 in mainline linux
d121ed5e 2021-11-27 04:26:18 drm/amd/display: Update swizzle mode enums From Alvin Lee 3d68d6ee83144044f610d67304cc194c2af7d0c5 in linux 5.10.y/5.10.82 58065a1e524de30df9a2d8214661d5d7eed0a2d9 in mainline linux
2b7c1a53 2021-11-27 00:49:21 stop building kernels with -Wno-uninitialized on clang archs this hides real problems that could be found at build time ok kettenis@ visa@, ok sashan@ on amd64/i386
164527d7 2021-11-26 19:24:41 Put a mutex assert locked into puttdb_locked(). OK tobhe@
371a004f 2021-11-26 16:52:07 make the bn/mont test compile with opaque DH.
5c273ab3 2021-11-26 16:41:42 Stop reaching into EVP_PKEY in the rest of libssl. ok inoguchi jsing
f1ba087a 2021-11-26 16:40:02 Simplify two weirdly formatted pieces of code in ssl_rsa.c and stop reaching into the EVP_PKEY struct. ok inoguchi jsing
b1044e52 2021-11-26 16:23:27 openssl(1): drop support for netscape certificates and server gated keys. ok inoguchi jsing
e3f5cf2e 2021-11-26 16:22:44 A peer sends both his local id and remote id he expects us to be. So far we have only looked at the peer's local id, so that we can find a policy with the matching dstid set. Hence dstid is involved in the decision making. While we do send out our local id, which the peer will use to verify his policies, we do not yet make a decision based on the id the peer expects us to have. If you have two policies configured with only srcid set, we will always pick the same. To be able to choose a policy that matches the peer's expectations, save the local id the peer expects us to have and use it during policy lookup. ok tobhe@
acf1bec5 2021-11-26 16:16:35 Replace TDBF_DELETED flag with check if tdb was already unlinked. Protect tdb_unlink() and puttdb() for SADB_UPDATE with tdb_sadb_mutex. Tested by Hrvoje Popovski ok bluhm@ mvs@
b9702ae5 2021-11-26 15:21:26 The IORT table usually only contains single mappings. While on the LX2K there is a non-single mapping for the networking subsystem, we don't yet have support for it and apparently Linux has trouble with it as well. So for now we can remove the code, because it uses an uninitialized variable and there's no easy way to fix it without re-thinking the concept. The code got there in the first place because it's a copy of the same pattern in our other IOMMU code. ok jsg@
7a1c7215 2021-11-26 14:59:42 avoid clang -Wsometimes-uninitialized warning when DDB is not defined ok kettenis@ visa@
bc1aed81 2021-11-26 14:45:13 avoid clang -Wsometimes-uninitialized warning when MULTIPROCESSOR is not defined feedback from millert@, ok kettenis@, mips64 diff from and ok visa@
7c586ff4 2021-11-26 14:05:01 Fix ikev2_child_sa_rekey() warnings. The SPI can't be printed without a parent SA.
729b1800 2021-11-26 13:48:21 spelling ok schwarze@
d3c5691d 2021-11-26 13:35:10 after the bugfix in x509_vfy.c rev. 1.100, replace the BUGS section with a shorter CAVEATS section
02c71f02 2021-11-26 13:17:09 Bugfix in X509_get_pubkey_parameters(3): If EVP_PKEY_copy_parameters(3) fails - among other reasons, this may happen when out of memory - the pkey argument and/or the chain argument will not contain all the desired parameters after returning. Consequently, report the failure to the caller rather than silently ignoring it. OK tb@
9c40052c 2021-11-26 13:05:03 Simplify the code in X509_get_pubkey_parameters(3) by using X509_get0_pubkey(3) instead of X509_get_pubkey(3); no functional change. OK tb@ This is similar to the relevant part of the follwoing commit from the OpenSSL 1.1.1 branch, which is still under a free licence, but without the bug that commit introduced into this function in OpenSSL: commit c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Dec 14 13:13:32 2015 +0000
8fc59ba6 2021-11-26 12:14:33 use the keywords instead of vague english so that it's indexed better by mandocdb
4a75a5de 2021-11-26 12:08:35 document annotation interactions with pkg_mklocatedb
f702326e 2021-11-26 11:44:01 Add interfaces to enable all power domains for a node. ok patrick@, visa@
e8161590 2021-11-26 04:42:13 Mark exit1() and sigexit() as non-returning The late 1990s reasons for avoiding __dead with exit1() should not apply with the current compilers. This fixes compiler warnings about uninitialized variables in trap.c on mips64. Discussed with guenther@ and miod@
ab0e7209 2021-11-26 03:42:33 followng -> following
f6c6a9b9 2021-11-26 03:41:39 definiton -> definition
29063ad6 2021-11-26 03:37:39 Transmiter -> Transmitter
ab698aa1 2021-11-26 03:34:14 addresss -> address
2836673b 2021-11-26 03:31:38 remaing -> remaining
26e84031 2021-11-25 23:03:05 move label to fix RAMDISK
e7a11b25 2021-11-25 23:02:24 debug("func: ...") -> debug_f("...")
d74a1282 2021-11-25 21:09:48 LibreSSL error message has changed again, make test more tolerant.
cf8183f3 2021-11-25 20:31:24 revert recent change, breakage reported by dv@
9e93d211 2021-11-25 19:41:03 Remove unused variable fd.
6acea849 2021-11-25 18:28:51 Silence unitialized variable warnings.
b1986bc3 2021-11-25 18:23:53 forgot the case about find... oops fixes GraphicsMagick updates
129f13dc 2021-11-25 16:53:58 We know how to print a size_t now. Drop a comment and a cast. ok bluhm inoguchi
da9108f7 2021-11-25 16:51:31 Rework this test to compile with opaque RSA
d8f1450d 2021-11-25 15:40:26 Honour /usr/mdec/mbr or -f partition 0 information even outside of _powerpc__ and __mips__, preventing the possible creation of MBRs with overlapping partitions 0 and 3. Don't set bootprt DOSACTIVE flag if no partition 0 information was provided via /usr/mdec/mbr or -f. Lets octeon fdisk(8) set DOSACTIVE on the OpenBSD partition in the default MBR like every other fdisk(8) does.
4aefc495 2021-11-25 15:03:04 Initialize the repo_timeout to timeout / 4 at start of main(). OK job@
1fb03427 2021-11-25 14:51:26 Prepare iwx(4) for using new firmware (API version -67) in the future. Bump command versions array size as required for -67 firmware. Ignore new TLVs found in -67 images. Add room for another ucode section needed for -67 on AX201 devices.