openbsd
9 months agoRemove EVP_MD_meth* again
tb [Sat, 2 Mar 2024 09:59:56 +0000 (09:59 +0000)]
Remove EVP_MD_meth* again

Erlang upstream disabled the otp_test_engine for LibreSSL >= 3.5 without
explanation. It was the only reason we added this garbage API in the first
place. Meanwhile libfido2 started using it for a mock up of OpenSSL 3's
broken fetch design with old API. This is pointless, so all this garbage
goes away again (in particular we can remove the absolutely horrifying
EVP_MD_meth_set_app_datasize() again).

ok jsing

9 months agoFix signature and semantics of EVP_{CIPHER,MD}_CTX_init()
tb [Sat, 2 Mar 2024 09:55:30 +0000 (09:55 +0000)]
Fix signature and semantics of EVP_{CIPHER,MD}_CTX_init()

When the EVP_CIPHER_CTX and the EVP_MD_CTX were still expected to live
on the stack, these initialization APIs were wrappers around memset.
In OpenSSL 1.1, somebody removed them and carelessly made _init() an
alias of _reset() aka _cleanup(). As a consequence, both signature and
semantics changed.

Unsurprisingly, there is now code out there that actually uses the new
semantics, which causes leaks on LibreSSL and older OpenSSL. This aligns
our _init() with OpenSSL 1.1 semantics.

ok jsing

9 months agoRemove unused OBJ_create_and_add_object()
tb [Sat, 2 Mar 2024 09:51:36 +0000 (09:51 +0000)]
Remove unused OBJ_create_and_add_object()

This is an alias for OBJ_create(). I haven't dug into its history.

ok jsing

9 months agoRemove no longer supported OBJ_NAME_TYPEs
tb [Sat, 2 Mar 2024 09:50:47 +0000 (09:50 +0000)]
Remove no longer supported OBJ_NAME_TYPEs

OBJ_NAME_TYPE_PKEY_METH and OBJ_NAME_TYPE_COMP_METH were never used
as far as I can tell. Unfortunately, PHP and Python still use the
weirdly named OBJ_NAME_do_all*() API to list available ciphers and
digests, so the MD and CIPHER variants need to remain public.

ok jsing

9 months agoMake OBJ_add_object() static
tb [Sat, 2 Mar 2024 09:49:45 +0000 (09:49 +0000)]
Make OBJ_add_object() static

This is another implementation detail that should never have leaked out
of the library. Only OBJ_create() ever used this.

ok jsing

9 months agoRemove OBJ_bsearch_()
tb [Sat, 2 Mar 2024 09:47:16 +0000 (09:47 +0000)]
Remove OBJ_bsearch_()

The only reason this has still been part of the public API was that libssl
used it for cipher lookup. This was fixed by replacing the lookup by proper
bsearch() -- why OpenSSL felt the need to reinvent ANSI C API badly will
forever remain a mystery.

The stack code in libcrypto still uses a version of this. This should
be rewritten. It will be a bit easier once sk_find_ex() is removed.

ok jsing

9 months agoSwitch name member of OBJ_NAME to const void *
tb [Sat, 2 Mar 2024 09:43:10 +0000 (09:43 +0000)]
Switch name member of OBJ_NAME to const void *

Because this is the type it should have had from the get go.

ok jsing

9 months agoRemove unused public OBJ_NAME_* API
tb [Sat, 2 Mar 2024 09:41:02 +0000 (09:41 +0000)]
Remove unused public OBJ_NAME_* API

This functionality has been disabled for a few months. Now it is high time
to garbage collect it.

ok jsing

9 months agoRemove EVP_{add,delete}_{cipher,digest}_alias()
tb [Sat, 2 Mar 2024 09:39:02 +0000 (09:39 +0000)]
Remove EVP_{add,delete}_{cipher,digest}_alias()

These are macro wrappers around the neutered OBJ_NAME_{add,remove}() API
(notice the consistency), which will be removed shortly. Only security/xca
used to use this.

ok jsing

9 months agoRemove EVP_add_{cipher,digest}() from public API
tb [Sat, 2 Mar 2024 09:36:40 +0000 (09:36 +0000)]
Remove EVP_add_{cipher,digest}() from public API

Ciphers and digests are now handled in a static lookup table and no
longer by the associative array that used to underlie the OBJ_NAME API.
Adding ciphers is no longer possible. What uses this API does so for
historic reasons coming from a time where SHA-2 and some AES variants
needed to be enabled explicitly. Ports doing this (PHP and DANE code)
were fixed.

ok jsing

9 months agoRemove DSA_generate_parameters
tb [Sat, 2 Mar 2024 09:33:14 +0000 (09:33 +0000)]
Remove DSA_generate_parameters

This was deprecated in 0.9.8 and used until recently by rust-openssl
and by keynote (keynote has the excuse that it was written before the
deprecation). Fortunately Paul Kehrer fixed this in rust-openssl,
so we can garbage collect this turd. (It was replaced with the less
ergonomic DSA_generate_parameters_ex() to expose a new fancy way of
displaying dots, stars and pluses on key generation).

ok jsing

9 months agoRemove CMAC_resume()
tb [Sat, 2 Mar 2024 09:30:21 +0000 (09:30 +0000)]
Remove CMAC_resume()

While it is a neat design detail of CMAC that you can resume it after
having finalized it, nothing uses this functionality and it adds some
gross things such as retaining intermediate secrets in the CMAC ctx.
Once this is gone, we can simplify the CMAC code a bit.

ok jsing

9 months agoMake BN_mod_exp2_mont() and BN_mod_exp_mont_word() internal
tb [Sat, 2 Mar 2024 09:27:31 +0000 (09:27 +0000)]
Make BN_mod_exp2_mont() and BN_mod_exp_mont_word() internal

The former could be useful but nothing uses it. The latter is a
dangerous implementation detail of Montgomery exponentiation that
should never have been leaked out of the library. Fix this.

ok jsing

9 months agoMake BN_mod_exp_simple() internal
tb [Sat, 2 Mar 2024 09:24:59 +0000 (09:24 +0000)]
Make BN_mod_exp_simple() internal

This function is very slow and useful for testing purposes only. It
should never have been part of the public API. Remove it from there.

ok jsing

9 months agoRemove BIO_set()
tb [Sat, 2 Mar 2024 09:22:41 +0000 (09:22 +0000)]
Remove BIO_set()

This used to be a dangerous implementation detail of BIO_new() that was
never used outside of libcrypto.

ok jsing

9 months agoRemove BIO_dump_*{cb,fp}()
tb [Sat, 2 Mar 2024 09:21:24 +0000 (09:21 +0000)]
Remove BIO_dump_*{cb,fp}()

These were disabled and the internals that need to remain were fixed.
Time for this garbage to go.

ok jsing

9 months agoRemove BIO_{sn,v,vsn}printf(3)
tb [Sat, 2 Mar 2024 09:18:28 +0000 (09:18 +0000)]
Remove BIO_{sn,v,vsn}printf(3)

Unsued printing functionality. If something should need this we can readily
add it back.

ok jsing

9 months agoExpose OPENSSL_{gmtime,posix_to_tm,timegm,tm_to_posix}()
tb [Sat, 2 Mar 2024 09:15:03 +0000 (09:15 +0000)]
Expose OPENSSL_{gmtime,posix_to_tm,timegm,tm_to_posix}()

Apart from OPENSSL_gmtime(), which is OpenSSL API, this is BoringSSL's
interface to deal with the time related portability and code mess.

ok jsing

9 months agoGarbage collect ASN1_TIME_set_tm()
tb [Sat, 2 Mar 2024 09:10:42 +0000 (09:10 +0000)]
Garbage collect ASN1_TIME_set_tm()

This was a public helper that is no longer used internally either.

ok jsing

9 months agoRemove beck's ASN.1 time API from public visibility
tb [Sat, 2 Mar 2024 09:08:41 +0000 (09:08 +0000)]
Remove beck's ASN.1 time API from public visibility

This API was needed since OpenSSL didn't have one. We now have variants
of OpenSSL's API and will also expose BoringSSL's complementary API. The
users of this API were ported to the OpenSSL variants and some may switch
to BoringSSL's in the future. Part of it is still used internally.

ASN1_time_tm_clamp_notafter() is still used by libtls (and only libtls).
This will be fixed in a future bump.

ok jsing

9 months agoRemove ASN1_PCTX nonsense
tb [Sat, 2 Mar 2024 09:04:07 +0000 (09:04 +0000)]
Remove ASN1_PCTX nonsense

This is only used by the fuzzing code. Another bit of poorly thought
out extensibility that makes people pass NULL pointers to a bunch
of APIs.

ok jsing

9 months agoMake ASN1_add_oid_module internal
tb [Sat, 2 Mar 2024 09:02:04 +0000 (09:02 +0000)]
Make ASN1_add_oid_module internal

ok jsing

9 months agoRemove unused M_ASN1_* macros
tb [Sat, 2 Mar 2024 09:00:07 +0000 (09:00 +0000)]
Remove unused M_ASN1_* macros

The last comsumer, telephony/asterisk, was adjusted a few months back.

pointed out by brad
ok jsing

9 months agoRemove unused, incomplete ub_* macros
tb [Sat, 2 Mar 2024 08:57:42 +0000 (08:57 +0000)]
Remove unused, incomplete ub_* macros

The only consumer, a_strnid.c, has its own, slightly more complete, up
to date, and less incorrect, version of these.

ok jsing

9 months agoRemove DECLARE_STACK_OF(ASN1_STRING_TABLE)
tb [Sat, 2 Mar 2024 08:55:38 +0000 (08:55 +0000)]
Remove DECLARE_STACK_OF(ASN1_STRING_TABLE)

Another remnant of the unused ASN1_STRING_TABLE extensibility goes away.

ok jsing

9 months agoRemove ASN1_STRING_TABLE_{add,cleanup}
tb [Sat, 2 Mar 2024 08:54:02 +0000 (08:54 +0000)]
Remove ASN1_STRING_TABLE_{add,cleanup}

This was API for the ASN1_STRING_TABLE extensibility which has been
neutered for months and was completely unused in the ecosystem.

ok jsing

9 months agoconst correct ASN1_STRING_TABLE_get()
tb [Sat, 2 Mar 2024 08:50:47 +0000 (08:50 +0000)]
const correct ASN1_STRING_TABLE_get()

The ability of modifying the ASN1_STRING_TABLE was removed and the table
is now static. Stop casting away const. The only consumer, security/xca,
is already fixed.

ok jsing

9 months agosync
deraadt [Sat, 2 Mar 2024 01:07:23 +0000 (01:07 +0000)]
sync

9 months agoClarify behavior when there is more than one run of Xs.
millert [Fri, 1 Mar 2024 23:37:42 +0000 (23:37 +0000)]
Clarify behavior when there is more than one run of Xs.
With help from miod@

9 months agomktemp(1): add suffix support for compatibility with the GNU version
millert [Fri, 1 Mar 2024 21:50:40 +0000 (21:50 +0000)]
mktemp(1): add suffix support for compatibility with the GNU version
It is now possible to use templates where the Xs are not at the
end, like "foo.XXXXXX.bar".  If there are multiple runs of Xs,
the last one is used.  OK deraadt@

9 months agoAdd mkdtemps(3), like mkdtemp(3) but with a suffix.
millert [Fri, 1 Mar 2024 21:30:40 +0000 (21:30 +0000)]
Add mkdtemps(3), like mkdtemp(3) but with a suffix.
OK deraadt@ tb@

9 months agoAllow fdisk(8) to add GPT partitions of protected types.
krw [Fri, 1 Mar 2024 17:48:03 +0000 (17:48 +0000)]
Allow fdisk(8) to add GPT partitions of protected types.

This makes it possible to provision virtual machine images that
need a "BIOS Boot" partition.

Report, original diff and testing by Christian Ludwig. Thanks!

ok miod@

9 months agoBump version
tb [Fri, 1 Mar 2024 16:27:34 +0000 (16:27 +0000)]
Bump version

9 months agoBump version
claudio [Fri, 1 Mar 2024 16:23:37 +0000 (16:23 +0000)]
Bump version

9 months agoReduce dmesg spam by only printing the CPU feature flags when they differ
kettenis [Fri, 1 Mar 2024 15:57:43 +0000 (15:57 +0000)]
Reduce dmesg spam by only printing the CPU feature flags when they differ
from the previous one.  Since CPU cores are typically grouped in clusters
of identical cores and are typically enumerated this results in flags
being printed for the first core of a cluster.  But only if the clusters
use cores that implement different features which is rare.

ok deraadt@

9 months agoProtect pool_get() with kernel lock in sys_ypconnect().
bluhm [Fri, 1 Mar 2024 14:15:01 +0000 (14:15 +0000)]
Protect pool_get() with kernel lock in sys_ypconnect().

Pool namei_pool is initialized with IPL_NONE as filesystem always
runs with kernel lock.  So pool_get() needs kernel lock also in
sys_ypconnect().

OK kn@ deraadt@

9 months agoLipstick on a pig: avoid comparing signed and unsigned
job [Fri, 1 Mar 2024 09:36:55 +0000 (09:36 +0000)]
Lipstick on a pig: avoid comparing signed and unsigned

OK tb@ claudio@

9 months agoregen
jsg [Fri, 1 Mar 2024 08:35:23 +0000 (08:35 +0000)]
regen

9 months agomore Red Hat and Qumranet devices seen with QEMU and KVM
jsg [Fri, 1 Mar 2024 08:34:42 +0000 (08:34 +0000)]
more Red Hat and Qumranet devices seen with QEMU and KVM

9 months agoAdd -x to opt into experimental file formats
tb [Fri, 1 Mar 2024 08:10:09 +0000 (08:10 +0000)]
Add -x to opt into experimental file formats

Instead of burning one letter for each new file format (sidrops is known
to crank out new things faster than a normal person can read), use -x to
opt into parsing and processing file formats that aren't yet considered
stable. This is currently only the Signed Prefix List.  While a repetition
of the ASPA debacle, this code hasn't yet seen enough stress testing to be
enabled by default.

ok claudio job

9 months agoFactor signed prefix list JSON output into a helper
tb [Fri, 1 Mar 2024 07:59:20 +0000 (07:59 +0000)]
Factor signed prefix list JSON output into a helper

ok claudio job (as part of a larger diff)

9 months agoFix OPENSSL_{gmtime,timegm} in namespace build
tb [Fri, 1 Mar 2024 07:38:33 +0000 (07:38 +0000)]
Fix OPENSSL_{gmtime,timegm} in namespace build

These were incorrectly added to asn1.h. OPENSSL_gmtime is in crypto.h
and OPENSSL_timegm is already in posix_time.h

9 months agoDon't match dg2. The cards use paths unused by integrated graphics.
jsg [Fri, 1 Mar 2024 06:18:00 +0000 (06:18 +0000)]
Don't match dg2.  The cards use paths unused by integrated graphics.
Likely doesn't work.

9 months agoRemove the ciphers_by_values_test()
tb [Fri, 1 Mar 2024 03:47:32 +0000 (03:47 +0000)]
Remove the ciphers_by_values_test()

9 months agoexporter: use the atrocious SSL_CIPHER_find() rather than get_by_id()
tb [Fri, 1 Mar 2024 03:46:54 +0000 (03:46 +0000)]
exporter: use the atrocious SSL_CIPHER_find() rather than get_by_id()

9 months agossltest: drop another use of CRYPTO_mem_leaks()
tb [Fri, 1 Mar 2024 03:45:16 +0000 (03:45 +0000)]
ssltest: drop another use of CRYPTO_mem_leaks()

9 months agoAn empty file /var/account/acct in etc.tgz simplifies accounting.
bluhm [Thu, 29 Feb 2024 22:21:21 +0000 (22:21 +0000)]
An empty file /var/account/acct in etc.tgz simplifies accounting.
OK deraadt@

9 months agoAdd missing include of vlan.h in vmx(4).
jan [Thu, 29 Feb 2024 22:09:33 +0000 (22:09 +0000)]
Add missing include of vlan.h in vmx(4).

ok bluhm@

9 months agoMake nanosleep regress actually test something.
bluhm [Thu, 29 Feb 2024 21:47:02 +0000 (21:47 +0000)]
Make nanosleep regress actually test something.

Do not call exit 0 in parent and child process.  This skiped the
testing in multiple subtests.  Use meaningful variable names to
figure out what is going wrong after the tests have been enabled.
Fix the test logic.  Add missing break in switch statement, so that
success is reported.

9 months agoDetect OPENSSL_NO_GOST correctly
tb [Thu, 29 Feb 2024 20:06:24 +0000 (20:06 +0000)]
Detect OPENSSL_NO_GOST correctly

9 months agoCRYPTO_mem_leaks* will go away. Remove calls in legacy tests
tb [Thu, 29 Feb 2024 20:04:43 +0000 (20:04 +0000)]
CRYPTO_mem_leaks* will go away. Remove calls in legacy tests

9 months agoLink x509_algor test statically and switch to the internal
tb [Thu, 29 Feb 2024 20:03:47 +0000 (20:03 +0000)]
Link x509_algor test statically and switch to the internal
X509_ALGOR_set0_evp_md()

9 months agoOBJ_NAME_TYPE_PKEY_METH is no longer supported
tb [Thu, 29 Feb 2024 20:02:40 +0000 (20:02 +0000)]
OBJ_NAME_TYPE_PKEY_METH is no longer supported

9 months agoStop testing EVP_PKEY_GOST{IMIT,R01}
tb [Thu, 29 Feb 2024 20:02:00 +0000 (20:02 +0000)]
Stop testing EVP_PKEY_GOST{IMIT,R01}

9 months agoPrepare freenull test for GOST removal
tb [Thu, 29 Feb 2024 20:00:53 +0000 (20:00 +0000)]
Prepare freenull test for GOST removal

9 months agoUse monotonic clock to measure elapsed time.
bluhm [Thu, 29 Feb 2024 18:17:41 +0000 (18:17 +0000)]
Use monotonic clock to measure elapsed time.

The nanosleep regression test used gettimeofday(2).  Switch it to
a monotonic clock to avoid accidential fails from a call to
settimeofday(2) somewhere in the system.

from Christian Ludwig

9 months agomove from 7.5-beta to 7.5
deraadt [Thu, 29 Feb 2024 17:05:10 +0000 (17:05 +0000)]
move from 7.5-beta to 7.5

9 months agoIntel vmm restores just the base of the GDTR and IDTR ith fixed,
guenther [Thu, 29 Feb 2024 16:10:52 +0000 (16:10 +0000)]
Intel vmm restores just the base of the GDTR and IDTR ith fixed,
high limits, beyond what we actually expect.  We already restored
the IDTR from scratch, but the restore of the GDTR (limit) was
removed in r1.10.  Put that back in a simpler way, simplify the
IDTR restore and delete the save/restore of the LDTR because that
one really is handled as we want by vmm.

ok dv@ mlarkin@

9 months agorevert "Combine route_cache() and rtalloc_mpath() in new route_mpath()"
naddy [Thu, 29 Feb 2024 12:01:59 +0000 (12:01 +0000)]
revert "Combine route_cache() and rtalloc_mpath() in new route_mpath()"

It breaks NFS.

ok claudio@

9 months agoalign qwx_ce_rx error code checking with linux ath11k driver
stsp [Thu, 29 Feb 2024 11:45:47 +0000 (11:45 +0000)]
align qwx_ce_rx error code checking with linux ath11k driver

This silences warnings about a full Rx ring which the Linux driver is
likewise suppressing. They appeared because I used the wrong error code,
ENOBUF vs. ENOSPC.

9 months agoplug a node reference leak in qwx_mgmt_rx_event()
stsp [Thu, 29 Feb 2024 11:42:31 +0000 (11:42 +0000)]
plug a node reference leak in qwx_mgmt_rx_event()

This leak is of little consequence in station mode, but would be
problematic in hostap mode.

9 months agoregen
jsg [Thu, 29 Feb 2024 10:10:29 +0000 (10:10 +0000)]
regen

9 months agodrm/i915: Update ADL-N PCI IDs
jsg [Thu, 29 Feb 2024 10:09:54 +0000 (10:09 +0000)]
drm/i915: Update ADL-N PCI IDs

From Gustavo Sousa
in drm-intel-next

9 months agoStop assuming arbitrary rdomains are available and use the first given
anton [Thu, 29 Feb 2024 06:54:29 +0000 (06:54 +0000)]
Stop assuming arbitrary rdomains are available and use the first given
rdomain as the vnetid.

9 months agodt(4): interval, profile: schedule clockintr relative to start of recording
cheloha [Thu, 29 Feb 2024 00:18:48 +0000 (00:18 +0000)]
dt(4): interval, profile: schedule clockintr relative to start of recording

For the interval and profile providers, schedule the first clock
interrupt to occur dp_nsecs nanoseconds after the start of recording.
This makes the interval between the start of recording and the first
event consistent across runs.

With input from claudio@.  Simplified by claudio@.

Thread: https://marc.info/?l=openbsd-tech&m=170879058205043&w=2

ok mpi@ claudio@

9 months agoExpand only ever user of PBEPARAM_free() outside of libcrypto
tb [Wed, 28 Feb 2024 17:04:38 +0000 (17:04 +0000)]
Expand only ever user of PBEPARAM_free() outside of libcrypto

9 months agoSmall tweak for X509_check_purpose()
tb [Wed, 28 Feb 2024 16:26:08 +0000 (16:26 +0000)]
Small tweak for X509_check_purpose()

ok jsing

9 months agoEnable IPv6 AF for ppp(4)
denis [Wed, 28 Feb 2024 16:08:34 +0000 (16:08 +0000)]
Enable IPv6 AF for ppp(4)

OK claudio@

9 months agoNo need to kick a CPU twice when putting a thread on its runqueue.
mpi [Wed, 28 Feb 2024 13:43:44 +0000 (13:43 +0000)]
No need to kick a CPU twice when putting a thread on its runqueue.

From Christian Ludwig, ok claudio@

9 months agoFix rx_bufs accounting buglet; reported on bugs@ by dns at strangeloop dot cc;
miod [Wed, 28 Feb 2024 12:53:31 +0000 (12:53 +0000)]
Fix rx_bufs accounting buglet; reported on bugs@ by dns at strangeloop dot cc;
ok claudio@ deraadt@

9 months agoUse an accessor instead of reaching into X509_PURPOSE
tb [Wed, 28 Feb 2024 12:21:16 +0000 (12:21 +0000)]
Use an accessor instead of reaching into X509_PURPOSE

ok jsing

9 months agoCleanup IP input, forward, output.
bluhm [Wed, 28 Feb 2024 10:57:20 +0000 (10:57 +0000)]
Cleanup IP input, forward, output.

Before changing the routing code, get IPv4 and IPv6 input, forward,
and output in a similar shape.  Remove inconsistencies.

OK claudio@

9 months agoRefactor blk_match(). Fold the remaining data and empty file or no blocks
claudio [Wed, 28 Feb 2024 09:36:11 +0000 (09:36 +0000)]
Refactor blk_match(). Fold the remaining data and empty file or no blocks
cases together since they are kind of the same.

OK tb@

9 months agoInfer all rdomains from the environment with sane defaults.
anton [Wed, 28 Feb 2024 06:33:39 +0000 (06:33 +0000)]
Infer all rdomains from the environment with sane defaults.

9 months agoidentify MTE; ok kettenis@
jsg [Wed, 28 Feb 2024 00:53:16 +0000 (00:53 +0000)]
identify MTE; ok kettenis@

9 months agoSkip btcfi tests on amd64 CPUs not supporting CET IBT.
anton [Tue, 27 Feb 2024 19:34:13 +0000 (19:34 +0000)]
Skip btcfi tests on amd64 CPUs not supporting CET IBT.

ok kettenis@

10 months agoLinux still doesn't actually implement IBT for userland. And by the pace
kettenis [Tue, 27 Feb 2024 15:34:28 +0000 (15:34 +0000)]
Linux still doesn't actually implement IBT for userland.  And by the pace
things are going, it will take another decade before it does.  But OpenBSD
has it enabled *by default* already.

Drop the #ifdef __linux__.  This should hurt other OSes when they finally
catch up with us.

ok robert@, tb@

10 months agoalign read-only sections on masm/windows to 64 bytes
bcook [Tue, 27 Feb 2024 13:12:33 +0000 (13:12 +0000)]
align read-only sections on masm/windows to 64 bytes

Avoid conflicts where alignment is specified later in the underlying
assembly.

ok tb@

10 months agoPrinting large tuples require more than 64 chars, bump the string limit.
mpi [Tue, 27 Feb 2024 12:50:33 +0000 (12:50 +0000)]
Printing large tuples require more than 64 chars, bump the string limit.

10 months agoMake it possible to check for existing string in maps.
mpi [Tue, 27 Feb 2024 12:38:12 +0000 (12:38 +0000)]
Make it possible to check for existing string in maps.

10 months agoCombine route_cache() and rtalloc_mpath() in new route_mpath().
bluhm [Tue, 27 Feb 2024 12:37:49 +0000 (12:37 +0000)]
Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together.  Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr.  All the conversions are
done inside the functions.  ro->ro_rt is either valid or NULL.  Note
that some places have a stricter rtisvalid() now compared to the
previous NULL check.

OK claudio@

10 months agoSplit hash_file into three steps, setup, add buf and final.
claudio [Tue, 27 Feb 2024 11:28:30 +0000 (11:28 +0000)]
Split hash_file into three steps, setup, add buf and final.

Setup inits the context and adds the seed. The buf function simply adds
a block from the file to the hash. The final function calls MD4_Final()
to close the context and generate the hash.

This will help to remove the mmap in the sender and should result in a
more atomic view of the file since hash_file() is now called together
with the other hash_functions.

OK deraadt@ tb@

10 months agoPass flags to configure internal PHY delays down to the PHY. Also pass
kettenis [Tue, 27 Feb 2024 10:47:20 +0000 (10:47 +0000)]
Pass flags to configure internal PHY delays down to the PHY.  Also pass
down the device tree node.  This is necessary form boards that use ytphy(4)
such as the OrangePi Zero 3.  Note that this means the PHY mode has to be
correctly specified in the device tree.  This hasn't always been the case
and it is still wrong in some of the device trees provided by the U-Boot
version in packages that we use for 32-bit Allwinner SoCs.  However those
boards typically use a Realtek RTL8211E PHY (rev. 5) and rgephy(4) does
not pay attention to the flags yet.  So this commit shouldn't break any
boards that aren't already broken.  I'm working on an U-Boot update that
will fix these device trees.

ok jsg@

10 months agoFavor usage of REGRESS_SKIP_TARGETS instead of this custom logic.
anton [Tue, 27 Feb 2024 07:21:07 +0000 (07:21 +0000)]
Favor usage of REGRESS_SKIP_TARGETS instead of this custom logic.

10 months agoCope with recent ctfdump output changes.
anton [Tue, 27 Feb 2024 06:58:48 +0000 (06:58 +0000)]
Cope with recent ctfdump output changes.

10 months agoRecent ctfconv refactoring broke support for long double types, as
anton [Tue, 27 Feb 2024 06:58:19 +0000 (06:58 +0000)]
Recent ctfconv refactoring broke support for long double types, as
discovered by the regress tests.

10 months agoEnable MSIs on RK3588. We have a U-Boot package with device trees that
kettenis [Mon, 26 Feb 2024 21:41:24 +0000 (21:41 +0000)]
Enable MSIs on RK3588.  We have a U-Boot package with device trees that
work now.

ok patrick@

10 months agoAlso download SPLs via rsync
job [Mon, 26 Feb 2024 20:37:27 +0000 (20:37 +0000)]
Also download SPLs via rsync

OK tb@

10 months agoAdd RK3588 support. Rework the RK3568 support to take advantage of the
kettenis [Mon, 26 Feb 2024 18:57:50 +0000 (18:57 +0000)]
Add RK3588 support.  Rework the RK3568 support to take advantage of the
PHY mode enum like the new RK3588 code.

ok jmatthew@

10 months agoAdd GMAC related RK3588 clocks.
kettenis [Mon, 26 Feb 2024 18:54:25 +0000 (18:54 +0000)]
Add GMAC related RK3588 clocks.

ok jmatthew@

10 months agofix Tx rate selection for management frames in iwx(4)
stsp [Mon, 26 Feb 2024 18:00:09 +0000 (18:00 +0000)]
fix Tx rate selection for management frames in iwx(4)

The Tx rate index stored in ni->ni_txrate is not intended for use
with management frames, yet iwx_tx_fill_cmd() was using it anyway.
Use the minimum basic rate selected within iwx_tx_fill_cmd() instead.

10 months agoTrack the number of new files moving from 'staging' to 'validated cache'
job [Mon, 26 Feb 2024 15:40:33 +0000 (15:40 +0000)]
Track the number of new files moving from 'staging' to 'validated cache'

The OpenMetrics output shows per-repository counters for new files
added, the main process and JSON output emit the sum of all new files.

OK claudio@

10 months agoNeuter OBJ_bsearch{_,ex_}()
tb [Mon, 26 Feb 2024 15:00:30 +0000 (15:00 +0000)]
Neuter OBJ_bsearch{_,ex_}()

Make these functions always fail. A copy of OBJ_bsearch_ex_() is kept
in stack.c, where it is still used by internal_find() for sk_find{,_ex}().
sk_find_ex() will be removed in the upcoming bump, and then we can
simplify or rewrite what's still needed.

ok jsing

10 months agoAdd NAS-Identifier "npppd" for RADIUS requests. Also send Accouting-On
yasuoka [Mon, 26 Feb 2024 10:42:05 +0000 (10:42 +0000)]
Add NAS-Identifier "npppd" for RADIUS requests.  Also send Accouting-On
when RADIUS accounting is configured.

10 months agoProperly close JSON array before continuing in TAK
job [Mon, 26 Feb 2024 10:02:37 +0000 (10:02 +0000)]
Properly close JSON array before continuing in TAK

OK claudio@

10 months agouse TAILQ_FOREACH_SAFE() to avoid use after free
jsg [Mon, 26 Feb 2024 09:50:42 +0000 (09:50 +0000)]
use TAILQ_FOREACH_SAFE() to avoid use after free
found by smatch, ok claudio@

10 months agoPut the RADIUS message authenticator in the Access-Request and check
yasuoka [Mon, 26 Feb 2024 08:47:28 +0000 (08:47 +0000)]
Put the RADIUS message authenticator in the Access-Request and check
the message authenticators of any received messages from servers only
if they include a message authenticator.

10 months agoUse unsigned integers for bit fields. Also fix white spaces.
yasuoka [Mon, 26 Feb 2024 08:29:37 +0000 (08:29 +0000)]
Use unsigned integers for bit fields.  Also fix white spaces.

10 months agoConvert K&R style function declarations to ANSI.
yasuoka [Mon, 26 Feb 2024 08:25:51 +0000 (08:25 +0000)]
Convert K&R style function declarations to ANSI.

10 months agotype mgtv -> mgt; from todd carson
jmc [Mon, 26 Feb 2024 06:49:38 +0000 (06:49 +0000)]
type mgtv -> mgt; from todd carson