CVS: cvs.openbsd.org: src

2024-06-24 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2024/06/24 23:46:48

Modified files:
lib/libssl : ssl_tlsext.c 

Log message:
Fix TLS extension shuffling

The diff decoupling the shuffle from the table order still relied on PSK
being last because it failed to adjust the upper bound in the for loop.

ok jsing

CVS: cvs.openbsd.org: src

2024-06-24 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2024/06/24 15:22:14

Modified files:
sys/arch/amd64/amd64: identcpu.c 
sys/arch/amd64/include: cpu.h specialreg.h 

Log message:
Show AMD SEV bits during identify CPU in dmesg.

Enable identifycpu() to discover and show AMD SEV related information
provided by cpuid.
The "crypt bit" for page table entries is stored in amd64_pos_cbit,
although it is not used yet.
Registers ecx and edx provide the number of guest and minimum ASID
for SEV-only guests.  At least the latter value can be configured
in the BIOS, so it is useful to have this information in dmesg.
Therefore define emtpy bit masks for printf("%b") to get the raw
numbers.

from hshoexer@; OK mlarkin@

CVS: cvs.openbsd.org: src

2024-06-24 Thread Marcus Glocker 
CVSROOT:/cvs
Module name:src
Changes by: mgloc...@cvs.openbsd.org2024/06/24 09:56:07

Modified files:
sys/dev/acpi   : acpibat.c 

Log message:
Some machines send AC change notifications to acpibat(4).  Forward this
notification to acpiac(4), so that the AC status can be reflected correctly
to programs like apm(8).

This for example fixes the AC status on the Microsoft Surface Go 4.

Help from kettenis@

ok deraadt@, kettenis@

CVS: cvs.openbsd.org: src

2024-06-24 Thread Theo de Raadt 
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2024/06/24 08:39:28

Modified files:
lib/libc/sys   : swapctl.2 

Log message:
changing EINVAL from "has no associated size" to "has insufficient size"
does a better job of covering the case of partition not configured
(size = 0) or other too-small decision the kernel may make

CVS: cvs.openbsd.org: src

2024-06-24 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2024/06/24 06:19:19

Modified files:
sys/netinet: ip_input.c 

Log message:
Explicitly allocate stack memory for ICMP payload in IPv4 forward.

Old ip_forward() allocated a fake mbuf copy on the stack to send
an ICMP packet after ip_output() has failed.  It seems easier to
just copy the data onto the stack that icmp_error() may use.  Only
if the ICMP error packet is acutally sent, create the mbuf.

m_dup_pkthdr() uses atomic operation to link the incpb to mbuf.
pf_pkt_addr_changed() was immediately called afterwards to remove
the linkage again.  Also m_tag_delete_chain() was overhead.  New
code uses less CPU locking in the hot path.

OK deraadt@ claudio@

CVS: cvs.openbsd.org: src

2024-06-24 Thread Nicholas Marriott 
CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2024/06/24 02:30:50

Modified files:
usr.bin/tmux   : cmd-refresh-client.c input.c tmux.1 tmux.h 
 tty-keys.c window.c 

Log message:
Add a way (refresh-client -r) for control mode clients to provide OSC 10
and 11 responses to tmux so they can set the default foreground and
background colours, from George Nachman in GitHub issue 4014.

CVS: cvs.openbsd.org: src

2024-06-24 Thread Nicholas Marriott 
CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2024/06/24 02:11:46

Modified files:
usr.bin/tmux   : grid.c 

Log message:
Check the underline style colour against the correct default value again
(it was changed from 0 to 8), from Romain Francoise.

CVS: cvs.openbsd.org: src

2024-06-24 Thread Jason McIntyre 
CVSROOT:/cvs
Module name:src
Changes by: j...@cvs.openbsd.org2024/06/24 00:59:39

Modified files:
usr.bin/ssh: sshd_config.5 

Log message:
- uppercase start of sentence
- correct sentence grammar

ok djm

CVS: cvs.openbsd.org: src

2024-06-24 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2024/06/24 00:50:07

Modified files:
lib/libssl : ssl_err.c 

Log message:
ssl_err: KNF tweak

CVS: cvs.openbsd.org: src

2024-06-24 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2024/06/24 00:49:45

Modified files:
lib/libssl : ssl_err.c 

Log message:
ssl_err: fix whitespace

CVS: cvs.openbsd.org: src

2024-06-24 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2024/06/24 00:43:23

Modified files:
lib/libcrypto  : Makefile cpt_err.c 
lib/libcrypto/asn1: asn1_err.c 
lib/libcrypto/bio: bio_err.c 
lib/libcrypto/bn: bn_err.c 
lib/libcrypto/buffer: buf_err.c 
lib/libcrypto/cms: cms_err.c 
lib/libcrypto/conf: conf_err.c 
lib/libcrypto/ct: ct_err.c 
lib/libcrypto/dh: dh_err.c 
lib/libcrypto/dsa: dsa_err.c 
lib/libcrypto/ec: ec_err.c 
lib/libcrypto/err: err.c 
lib/libcrypto/evp: evp_err.c 
lib/libcrypto/kdf: kdf_err.c 
lib/libcrypto/objects: obj_err.c 
lib/libcrypto/ocsp: ocsp_err.c 
lib/libcrypto/pem: pem_err.c 
lib/libcrypto/pkcs12: pk12err.c 
lib/libcrypto/pkcs7: pkcs7err.c 
lib/libcrypto/rand: rand_err.c 
lib/libcrypto/rsa: rsa_err.c 
lib/libcrypto/ts: ts_err.c 
lib/libcrypto/ui: ui_err.c 
lib/libcrypto/x509: x509_err.c 
Added files:
lib/libcrypto/err: err_local.h 

Log message:
libcrypto: constify most error string tables

These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.

The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.

In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.

Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.

ok jsing

CVS: cvs.openbsd.org: src

2024-06-24 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2024/06/24 00:32:04

Modified files:
lib/libcrypto/x509: x509_conf.c 

Log message:
x509_conf: rename the merr label into err