openbsd
2 years agoEnable all supported hostkey algorithms (but no others). Allows hostbased
dtucker [Sat, 8 Jan 2022 07:01:13 +0000 (07:01 +0000)]
Enable all supported hostkey algorithms (but no others).  Allows hostbased
test to pass when built without OpenSSL.

2 years agoPrep .c files for removing the #includes from */archdep.h
guenther [Sat, 8 Jan 2022 06:49:41 +0000 (06:49 +0000)]
Prep .c files for removing the #includes from */archdep.h
 * replace #include "archdep.h" with #includes of what is used, pulling in
   "syscall.h", "util.h", and "archdep.h" as needed
 * delete #include <sys/syscall.h> from syscall.h
 * only pull in <sys/stat.h> to the three files that use _dl_fstat(),
   forward declare struct stat in syscall.h for the others
 * NBBY is for <sys/select.h> macros; just use '8' in dl_printf.c
 * <machine/vmparam.h> is only needed on i386; conditionalize it
 * stop using __LDPGSZ: use _MAX_PAGE_SHIFT (already used by malloc.c)
   where necessary
 * delete other bogus #includes, order legit per style: <sys/*> then
   <*/*>, then <*>, then "*"

dir.c improvement from jsg@
ok and testing assistance deraadt@

2 years agoIndicate current default cipher
inoguchi [Sat, 8 Jan 2022 06:05:39 +0000 (06:05 +0000)]
Indicate current default cipher

2 years agoRemove verbose PCI and USB device info from BOOT
visa [Sat, 8 Jan 2022 05:40:19 +0000 (05:40 +0000)]
Remove verbose PCI and USB device info from BOOT

BOOT kernels do not print kernel messages, and currently there is no
way to change this at runtime. Remove the verbose device information
to save some space.

2 years agoAdjust debug printfs after pcitag_t type change.
visa [Sat, 8 Jan 2022 05:34:54 +0000 (05:34 +0000)]
Adjust debug printfs after pcitag_t type change.

2 years agoApply mpsafe changes from dwge(4) to dwxe(4):
jmatthew [Sat, 8 Jan 2022 00:20:10 +0000 (00:20 +0000)]
Apply mpsafe changes from dwge(4) to dwxe(4):

Rework the tx path to use the consumer and producer positions to work out
the number of slots available, and to put packets on the ring until fewer
than DWXE_NTXSEGS slots are left, making dwxe_start() and dwxe_txeof()
work independently.  While here, only write to DWXE_TX_CTL1 once
per call to dwxe_start() rather than once per packet.

Adjust the rx interrupt path to check the number of slots in use and
return slots once per interrupt.

Add interrupt and ifq barriers before taking the interface down.
With all of this done, we can mark dwxe(4) mpsafe.

tested on arm64 (a64 sopine) by mlarkin@ and armv7 (h2+) by me
ok dlg@

2 years agoAdd some workarounds to make build_addr_block_test_data const.
tb [Fri, 7 Jan 2022 22:46:05 +0000 (22:46 +0000)]
Add some workarounds to make build_addr_block_test_data const.

2 years agoPrepare to provide EVP_AEAD_CTX_{new,free}()
tb [Fri, 7 Jan 2022 21:58:17 +0000 (21:58 +0000)]
Prepare to provide EVP_AEAD_CTX_{new,free}()

ok jsing

2 years agoAdd code to initialize the PCIe host bridge hardware. We currently rely on
kettenis [Fri, 7 Jan 2022 19:03:57 +0000 (19:03 +0000)]
Add code to initialize the PCIe host bridge hardware.  We currently rely on
U-Boot to initialize the hardware for us,  but it is better if we can cope
with this ourselves.

ok patrick@

2 years agoRevert previous accidental commit
tb [Fri, 7 Jan 2022 17:17:02 +0000 (17:17 +0000)]
Revert previous accidental commit

2 years agoIf no date could be parsed, bail out early and fix an error return that
otto [Fri, 7 Jan 2022 17:14:42 +0000 (17:14 +0000)]
If no date could be parsed, bail out early and fix an error return that
leaked; ok florian@

2 years agoRename dh_tmp to dhe_params.
jsing [Fri, 7 Jan 2022 16:45:06 +0000 (16:45 +0000)]
Rename dh_tmp to dhe_params.

Support for non-ephemeral DH was removed a long time ago - as such, the
dh_tmp and dh_tmp_cb are used for DHE parameters. Rename them to reflect
reality.

ok inoguchi@ tb@

2 years agoSIOCSIFXFLAGS drops into the SIOCSIFFLAGS to perform auto-up of the
deraadt [Fri, 7 Jan 2022 16:39:18 +0000 (16:39 +0000)]
SIOCSIFXFLAGS drops into the SIOCSIFFLAGS to perform auto-up of the
interface. If this operation fails (probably due to missing firmware),
we must undo changes to the SIOCSIFXFLAGS xflags.
ok stsp.

2 years agoStop attempting to duplicate the public and private key of dh_tmp.
jsing [Fri, 7 Jan 2022 15:56:33 +0000 (15:56 +0000)]
Stop attempting to duplicate the public and private key of dh_tmp.

Support for non-ephemeral DH was removed a very long time ago - the only
way that dh_tmp is set is via DHparams_dup(), hence the public and private
keys are always going to be NULL.

ok inoguchi@ tb@

2 years agoConvert legacy server to tls_key_share.
jsing [Fri, 7 Jan 2022 15:46:30 +0000 (15:46 +0000)]
Convert legacy server to tls_key_share.

This requires a few more additions to the DHE key share code - we need to
be able to either set the DHE parameters or specify the number of key bits
for use with auto DHE parameters. Additionally, we need to be able to
serialise the DHE parameters to send to the client.

This removes the infamous 'tmp' struct from ssl3_state_internal_st.

ok inoguchi@ tb@

2 years ago.glue_7 is used for arm code calling thumb code, and .glue_7t is used for
kevlo [Fri, 7 Jan 2022 13:56:54 +0000 (13:56 +0000)]
.glue_7 is used for arm code calling thumb code, and .glue_7t is used for
thumb code calling arm code, no need to put these input sections at the text
output section.

ok jsg@ kettenis@

2 years agoA few more files need asn1_locl.h.
tb [Fri, 7 Jan 2022 12:24:17 +0000 (12:24 +0000)]
A few more files need asn1_locl.h.

2 years agoinclude asn1_locl.h where it will be needed for the bump.
tb [Fri, 7 Jan 2022 11:13:54 +0000 (11:13 +0000)]
include asn1_locl.h where it will be needed for the bump.

discussed with jsing

2 years agoAdd missing dependency.
visa [Fri, 7 Jan 2022 10:48:59 +0000 (10:48 +0000)]
Add missing dependency.

2 years agoSomehow I always forget that the more global LC_ALL takes precedence over
martijn [Fri, 7 Jan 2022 10:20:11 +0000 (10:20 +0000)]
Somehow I always forget that the more global LC_ALL takes precedence over
the more specific LC_CTYPE. Things are weird that way.

The problem here was that "eval" and "LC_ALL=" were swapped, not the
priority of variables.

pointed out by naddy@
OK tb@

2 years agoPrepare to make RSA and RSA_METHOD opaque by including rsa_locl.h
tb [Fri, 7 Jan 2022 09:55:31 +0000 (09:55 +0000)]
Prepare to make RSA and RSA_METHOD opaque by including rsa_locl.h
where it will be needed in the upcoming bump.

discussed with jsing

2 years agoAdd an essentially empty ocsp_local.h and include it in the files
tb [Fri, 7 Jan 2022 09:45:52 +0000 (09:45 +0000)]
Add an essentially empty ocsp_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

2 years agogost needs to look into ecs_locl.h
tb [Fri, 7 Jan 2022 09:40:03 +0000 (09:40 +0000)]
gost needs to look into ecs_locl.h

2 years agoPrepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h by
tb [Fri, 7 Jan 2022 09:35:36 +0000 (09:35 +0000)]
Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h by
including the local header where it will be needed.

discussed with jsing

2 years agoAdd an essentially empty dh_local.h and include it in the files where
tb [Fri, 7 Jan 2022 09:27:13 +0000 (09:27 +0000)]
Add an essentially empty dh_local.h and include it in the files where
it will be needed in the upcoming bump.

discussed with jsing

2 years agozap trailing whitespace
tb [Fri, 7 Jan 2022 09:21:21 +0000 (09:21 +0000)]
zap trailing whitespace

2 years agofix aac build after -Wno-uninitialized was removed
jsg [Fri, 7 Jan 2022 09:08:15 +0000 (09:08 +0000)]
fix aac build after -Wno-uninitialized was removed

2 years agoLet dtlstest peek into bio_local.h
tb [Fri, 7 Jan 2022 09:07:00 +0000 (09:07 +0000)]
Let dtlstest peek into bio_local.h

2 years agoAdd a new, mostly empty, bio_local.h and include it in the files
tb [Fri, 7 Jan 2022 09:02:17 +0000 (09:02 +0000)]
Add a new, mostly empty, bio_local.h and include it in the files
that will need it in the upcoming bump.

discussed with jsing

2 years agoSync EVP_MD_CTX to heap switch from npppd.
tb [Fri, 7 Jan 2022 07:34:34 +0000 (07:34 +0000)]
Sync EVP_MD_CTX to heap switch from npppd.

ok millert

2 years agonpppd: convert to EVP_MD_CTX on heap
tb [Fri, 7 Jan 2022 07:33:35 +0000 (07:33 +0000)]
npppd: convert to EVP_MD_CTX on heap

In the upcoming libcrypto bump, EVP_MD_CTX will become opaque, so
all EVP_MD_CTX variables will need to be moved from the stack to
the heap. This is a mechanical conversion which also switches
from EVP_Digest{Init,Final}() to their _ex() versions as suggested
by millert.

We cannot do error checking since this code is structured in
several layers of void functions. This will have to be fixed
by someone else.

ok millert

2 years agohibernate_clear_signature() is only used by hibernate_resume(), so
guenther [Fri, 7 Jan 2022 02:47:06 +0000 (02:47 +0000)]
hibernate_clear_signature() is only used by hibernate_resume(), so
pass in the already read hibernate_info instead of reading it again.

ok deraadt@

2 years agoExtract the slice from the zeroth swap device instead of assuming
guenther [Fri, 7 Jan 2022 02:26:53 +0000 (02:26 +0000)]
Extract the slice from the zeroth swap device instead of assuming
it's the 'b' slice and (sanity) check against the partition count.
Also, make the "is union hibernate_info too large?" a compile time
check.

ok deraadt@

2 years agowhitespace
afresh1 [Fri, 7 Jan 2022 02:25:40 +0000 (02:25 +0000)]
whitespace

2 years agoregen
jsg [Fri, 7 Jan 2022 01:16:26 +0000 (01:16 +0000)]
regen

2 years agostop creating old drm device nodes
jsg [Fri, 7 Jan 2022 01:13:15 +0000 (01:13 +0000)]
stop creating old drm device nodes

2 years agomention radeondrm on riscv64
jsg [Fri, 7 Jan 2022 00:44:17 +0000 (00:44 +0000)]
mention radeondrm on riscv64

2 years agostop chowning old drm device nodes
jsg [Thu, 6 Jan 2022 23:44:21 +0000 (23:44 +0000)]
stop chowning old drm device nodes

2 years agoDon't explicitly set HostbasedAuthentication in sshd_config.
dtucker [Thu, 6 Jan 2022 22:14:25 +0000 (22:14 +0000)]
Don't explicitly set HostbasedAuthentication in sshd_config.
It defaults to "no", and not explicitly setting it allows us to enable
it for the (optional) hostbased test.

2 years agoallow hostbased auth to select RSA keys when only RSA/SHA2 are
djm [Thu, 6 Jan 2022 22:06:51 +0000 (22:06 +0000)]
allow hostbased auth to select RSA keys when only RSA/SHA2 are
configured (this is the default case); ok markus@

2 years agoadd a helper function to match a key type to a list of signature
djm [Thu, 6 Jan 2022 22:05:42 +0000 (22:05 +0000)]
add a helper function to match a key type to a list of signature
algorithms. RSA keys can make signatures with multiple algorithms,
so some special handling is required.
ok markus@

2 years agolog some details on hostkeys that ssh loads for hostbased authn
djm [Thu, 6 Jan 2022 22:04:20 +0000 (22:04 +0000)]
log some details on hostkeys that ssh loads for hostbased authn
ok markus@

2 years agolog signature algorithm during verification by monitor; ok markus
djm [Thu, 6 Jan 2022 22:03:59 +0000 (22:03 +0000)]
log signature algorithm during verification by monitor; ok markus

2 years agopiece of UpdateHostkeys client strictification: when updating known_hosts
djm [Thu, 6 Jan 2022 22:02:52 +0000 (22:02 +0000)]
piece of UpdateHostkeys client strictification: when updating known_hosts
with new keys, ignore NULL keys (forgot to include in prior commit)

2 years agoinclude rejected signature algorithm in error message and not the
djm [Thu, 6 Jan 2022 22:01:14 +0000 (22:01 +0000)]
include rejected signature algorithm in error message and not the
(useless) key type; ok markus

2 years agomake ssh-keysign use the requested signature algorithm and not the
djm [Thu, 6 Jan 2022 22:00:18 +0000 (22:00 +0000)]
make ssh-keysign use the requested signature algorithm and not the
default for the keytype. Part of unbreaking hostbased auth for RSA/SHA2
keys. ok markus@

2 years agostricter UpdateHostkey signature verification logic on the client-
djm [Thu, 6 Jan 2022 21:57:28 +0000 (21:57 +0000)]
stricter UpdateHostkey signature verification logic on the client-
side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX; bz3375

ok markus@

2 years agoFix signature algorithm selection logic for UpdateHostkeys on the
djm [Thu, 6 Jan 2022 21:55:23 +0000 (21:55 +0000)]
Fix signature algorithm selection logic for UpdateHostkeys on the
server side. The previous code tried to prefer RSA/SHA2 for hostkey
proofs of RSA keys, but missed some cases. This will use RSA/SHA2
signatures for RSA keys if the client proposed these algorithms in
initial KEX. bz3375

Mostly by Dmitry Belyavskiy with some tweaks by me.

ok markus@

2 years agoconvert ssh, sshd mainloops from select() to poll();
djm [Thu, 6 Jan 2022 21:48:38 +0000 (21:48 +0000)]
convert ssh, sshd mainloops from select() to poll();
feedback & ok deraadt@ and markus@
has been in snaps for a few months

2 years agoAdd test for hostbased auth. It requires some external setup (see
dtucker [Thu, 6 Jan 2022 21:46:56 +0000 (21:46 +0000)]
Add test for hostbased auth.  It requires some external setup (see
comments at the top) and thus is disabled unless TEST_SSH_HOSTBASED_AUTH
and SUDO are set.

2 years agoprepare for conversion of ssh, sshd mainloop from select() to poll()
djm [Thu, 6 Jan 2022 21:46:23 +0000 (21:46 +0000)]
prepare for conversion of ssh, sshd mainloop from select() to poll()
by moving FD_SET construction out of channel handlers into separate
functions. ok markus

2 years agorepair usage
deraadt [Thu, 6 Jan 2022 20:15:54 +0000 (20:15 +0000)]
repair usage

2 years agoSwitch fw_update -D to instead -F
afresh1 [Thu, 6 Jan 2022 19:27:01 +0000 (19:27 +0000)]
Switch fw_update -D to instead -F

The perl version of fw_update used -D for something else and although
the mneumonic isn't as good, the conflict was worse.

Requested by deraadt@

2 years agorefer to longindex as an argument, not a field;
jmc [Thu, 6 Jan 2022 18:58:24 +0000 (18:58 +0000)]
refer to longindex as an argument, not a field;
from uwe@netbsd -r1.22

ok millert

2 years agoRevise for change to tls_key_share_peer_public()
jsing [Thu, 6 Jan 2022 18:27:31 +0000 (18:27 +0000)]
Revise for change to tls_key_share_peer_public()

2 years agoConvert legacy TLS client to tls_key_share.
jsing [Thu, 6 Jan 2022 18:23:56 +0000 (18:23 +0000)]
Convert legacy TLS client to tls_key_share.

This requires adding DHE support to tls_key_share. In doing so,
tls_key_share_peer_public() has to lose the group argument and gains
an invalid_key argument. The one place that actually needs the group
check is tlsext_keyshare_client_parse(), so add code to do this.

ok inoguchi@ tb@

2 years agoAllocate and free the EVP_AEAD_CTX struct in tls13_record_protection.
jsing [Thu, 6 Jan 2022 18:18:13 +0000 (18:18 +0000)]
Allocate and free the EVP_AEAD_CTX struct in tls13_record_protection.

This brings the code more in line with the tls12_record_layer and reduces
the effort needed to make EVP_AEAD_CTX opaque.

Prompted by and ok tb@

2 years agoCleanup mft file handling, especially the stale mft bits.
claudio [Thu, 6 Jan 2022 16:06:30 +0000 (16:06 +0000)]
Cleanup mft file handling, especially the stale mft bits.
Move staleness check up into mft_parse_econtent() to simplify code.
Remove the big FIXME bits since they are no longer needed. The parent
process will only process MFTs that are not stale.
Cleanup a few other bits mainly unneccessary else if cascades and
use valid_filename() to check if the filename embedded in the mft
fileandhash is sensible.
OK tb@

2 years agoUse a 64-bit integer for pcitag_t and define PCITAG_NODE and PCITAG_OFFSET
deraadt [Thu, 6 Jan 2022 15:41:53 +0000 (15:41 +0000)]
Use a 64-bit integer for pcitag_t and define PCITAG_NODE and PCITAG_OFFSET
macros to make kernel build again, same diff as armv7.
ok kettenis visa

2 years agoAdd regress tests for ASN1_BIT_STRING.
jsing [Thu, 6 Jan 2022 15:21:33 +0000 (15:21 +0000)]
Add regress tests for ASN1_BIT_STRING.

2 years agoAdd a comment that explains why build_addr_block_tests isn't const
tb [Thu, 6 Jan 2022 14:55:52 +0000 (14:55 +0000)]
Add a comment that explains why build_addr_block_tests isn't const

2 years agoConvert SCT verification to CBB.
jsing [Thu, 6 Jan 2022 14:34:40 +0000 (14:34 +0000)]
Convert SCT verification to CBB.

ok inoguchi@ tb@

2 years agoSync from libssl.
jsing [Thu, 6 Jan 2022 14:32:55 +0000 (14:32 +0000)]
Sync from libssl.

2 years agoTest CBB_add_u64()
jsing [Thu, 6 Jan 2022 14:31:03 +0000 (14:31 +0000)]
Test CBB_add_u64()

2 years agoProvide CBB_add_u64()
jsing [Thu, 6 Jan 2022 14:30:30 +0000 (14:30 +0000)]
Provide CBB_add_u64()

Prompted by and ok tb@

2 years agominor tweaks, no code change
tb [Thu, 6 Jan 2022 14:08:15 +0000 (14:08 +0000)]
minor tweaks, no code change

Adjust a comment to reality, zap a stray empty line and fix whitespace
before comment after #endif

2 years agoWith openssl-ruby-tests 20220105, test_post_connection_check_wildcard_san
tb [Thu, 6 Jan 2022 13:36:56 +0000 (13:36 +0000)]
With openssl-ruby-tests 20220105, test_post_connection_check_wildcard_san
is now an unexpected pass, so remove it from the expected failures.

2 years agoMake it possible to compile the patterns utility with the source tree
anton [Thu, 6 Jan 2022 13:18:36 +0000 (13:18 +0000)]
Make it possible to compile the patterns utility with the source tree
checked out anywhere.

While here, tidy up the Makefile a bit.

ok deraadt@

2 years agoFree memory before assign to avoid leak
inoguchi [Thu, 6 Jan 2022 12:54:51 +0000 (12:54 +0000)]
Free memory before assign to avoid leak

CID 313263 313301 313322

2 years agoFree memory if error occurred
inoguchi [Thu, 6 Jan 2022 11:46:05 +0000 (11:46 +0000)]
Free memory if error occurred

2 years agoRemove NULL check before free
inoguchi [Thu, 6 Jan 2022 11:37:29 +0000 (11:37 +0000)]
Remove NULL check before free

2 years agoFix a copy-paste error that led to an out-of-bounds access.
tb [Thu, 6 Jan 2022 09:46:05 +0000 (09:46 +0000)]
Fix a copy-paste error that led to an out-of-bounds access.

Found via a crash on bluhm's i386 regress test box

2 years agoUse a 64-bit integer for pcitag_t and define PCITAG_NODE and PCITAG_OFFSET
kettenis [Thu, 6 Jan 2022 08:46:50 +0000 (08:46 +0000)]
Use a 64-bit integer for pcitag_t and define PCITAG_NODE and PCITAG_OFFSET
macros to make armv7 build again.

ok deraadt@

2 years agoIgnore windows without a size set (may be used for pane only), from
nicm [Thu, 6 Jan 2022 08:20:00 +0000 (08:20 +0000)]
Ignore windows without a size set (may be used for pane only), from
Anindya Mukherjee.

2 years agoregen
jsg [Thu, 6 Jan 2022 06:19:41 +0000 (06:19 +0000)]
regen

2 years agoati 0x15e7 confirmed to be barcelo, 2022 ryzen 5000 apus
jsg [Thu, 6 Jan 2022 06:19:11 +0000 (06:19 +0000)]
ati 0x15e7 confirmed to be barcelo, 2022 ryzen 5000 apus
uses the same green sardine firmware as cezanne

2 years agoAdd test coverage for SCT validation.
jsing [Thu, 6 Jan 2022 04:42:00 +0000 (04:42 +0000)]
Add test coverage for SCT validation.

Of note, the public APIs for this mean that the only way you can add a
CTLOG is by reading a configuration file from disk - there is no
programmatic way to do this.

2 years agot_syscall was a test for the gcc 1.x off_t syscall padding,
guenther [Thu, 6 Jan 2022 03:30:15 +0000 (03:30 +0000)]
t_syscall was a test for the gcc 1.x off_t syscall padding,
which was an implementation detail and has been deleted, so
delete the test

2 years agodrm/amdgpu: add support for IP discovery gc_info table v2
jsg [Thu, 6 Jan 2022 01:40:19 +0000 (01:40 +0000)]
drm/amdgpu: add support for IP discovery gc_info table v2

From Alex Deucher
b8553330a07749e488d143b5704adf1042fd7c0a in linux 5.10.y/5.10.90
5e713c6afa34c0fd6f113bf7bb1c2847172d7b20 in mainline linux

2 years agodrm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled
jsg [Thu, 6 Jan 2022 01:37:46 +0000 (01:37 +0000)]
drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled

From chen gong
28863ffe21ff711d5109e3c208676258bdec3a1f in linux 5.10.y/5.10.90
b7865173cf6ae59942e2c69326a06e1c1df5ecf6 in mainline linux

2 years agounstub amdgpu_gem_force_release()
jsg [Thu, 6 Jan 2022 01:14:15 +0000 (01:14 +0000)]
unstub amdgpu_gem_force_release()

2 years agoadd a comment so I don't make this mistake again
djm [Wed, 5 Jan 2022 21:54:37 +0000 (21:54 +0000)]
add a comment so I don't make this mistake again

2 years agofix cut-and-pasto in error message
djm [Wed, 5 Jan 2022 21:50:00 +0000 (21:50 +0000)]
fix cut-and-pasto in error message

2 years agono longer needed
deraadt [Wed, 5 Jan 2022 21:45:27 +0000 (21:45 +0000)]
no longer needed

2 years agofunopen(): change seekfn argument to use off_t, not fpos_t
millert [Wed, 5 Jan 2022 20:57:27 +0000 (20:57 +0000)]
funopen(): change seekfn argument to use off_t, not fpos_t
On BSD, fpos_t is typedef'd to off_t but some systems use a struct.
This means fpos_t is not a portable function argument or return value.
Both FreeBSD and the Linux libbsd funopen() have switched to off_t
for this--we should too.  From Joe Nelson.  OK deraadt@

2 years agoPrepare to provide DSA_bits()
tb [Wed, 5 Jan 2022 20:52:14 +0000 (20:52 +0000)]
Prepare to provide DSA_bits()

Used by Qt5 and Qt6 and slightly reduces the patching in there.

ok inoguchi jsing

2 years agoPrepare to provide BIO_set_retry_reason()
tb [Wed, 5 Jan 2022 20:48:44 +0000 (20:48 +0000)]
Prepare to provide BIO_set_retry_reason()

Needed by freerdp.

ok inoguchi jsing

2 years agoPrepare to provide a number of RSA accessors
tb [Wed, 5 Jan 2022 20:44:12 +0000 (20:44 +0000)]
Prepare to provide a number of RSA accessors

This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.

ok inoguchi jsing

2 years agoPrepare to provide ECDSA_SIG_get0_{r,s}()
tb [Wed, 5 Jan 2022 20:39:04 +0000 (20:39 +0000)]
Prepare to provide ECDSA_SIG_get0_{r,s}()

ok inoguchi jsing

2 years agoPrepare to provide DH_get_length()
tb [Wed, 5 Jan 2022 20:36:29 +0000 (20:36 +0000)]
Prepare to provide DH_get_length()

Will be needed by openssl(1) dhparam.

ok inoguchi jsing

2 years agoPrepare to provide DSA_get0_{p,q,g,{priv,pub}_key}()
tb [Wed, 5 Jan 2022 20:33:49 +0000 (20:33 +0000)]
Prepare to provide DSA_get0_{p,q,g,{priv,pub}_key}()

ok inoguchi jsing

2 years agoPrepare to provide DH_get0_{p,q,g,{priv,pub}_key}()
tb [Wed, 5 Jan 2022 20:30:16 +0000 (20:30 +0000)]
Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()

These are accessors that allow getting one specific DH member. They are
less error prone than the current getters DH_get0_{pqg,key}(). They
are used by many ports and will also be used in base for this reason.

Who can remember whether the pub_key or the priv_key goes first in
DH_get0_key()?

ok inoguchi jsing

2 years agoPrepare to provide BIO_set_next().
tb [Wed, 5 Jan 2022 20:22:26 +0000 (20:22 +0000)]
Prepare to provide BIO_set_next().

This will be needed in libssl and freerdp after the next bump.

ok inoguchi jsing

2 years agoPrepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()
tb [Wed, 5 Jan 2022 20:18:19 +0000 (20:18 +0000)]
Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()
as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types

This will fix the X509_STORE_set_verify_func macro which is currently
broken, as pointed out by schwarze.

ok inoguchi jsing

2 years agoUse "bus-range" property to initialize the bus number configuration of
kettenis [Wed, 5 Jan 2022 18:54:20 +0000 (18:54 +0000)]
Use "bus-range" property to initialize the bus number configuration of
the bridge when present on FDT platforms.  Needed on platforms like the
Apple M1 to make sure the PCI bus numbers match the IOMMU setup required
by the device tree.

ok patrick@

2 years agoincrease lifetime of wtmp, since it is annoyingly short
deraadt [Wed, 5 Jan 2022 18:34:23 +0000 (18:34 +0000)]
increase lifetime of wtmp, since it is annoyingly short
discussed with millert

2 years agoUnindent a few lines of code and avoid shadowed variables.
tb [Wed, 5 Jan 2022 18:01:27 +0000 (18:01 +0000)]
Unindent a few lines of code and avoid shadowed variables.

2 years agoRename {c,p}_{min,max} into {child,parent}_{min,max}
tb [Wed, 5 Jan 2022 17:55:33 +0000 (17:55 +0000)]
Rename {c,p}_{min,max} into {child,parent}_{min,max}

2 years agoRemove kbind(2)'s restriction that a target buffer not cross page
guenther [Wed, 5 Jan 2022 17:53:44 +0000 (17:53 +0000)]
Remove kbind(2)'s restriction that a target buffer not cross page
boundaries: hppa has 8-byte PLT entries that sometimes do that.

ok kettenis@

2 years agoTwo minor KNF tweaks
tb [Wed, 5 Jan 2022 17:53:42 +0000 (17:53 +0000)]
Two minor KNF tweaks